diff mbox series

[nft] src: fix netdev family device name parsing

Message ID 20190109222605.10941-1-fw@strlen.de
State Accepted
Delegated to: Pablo Neira
Headers show
Series [nft] src: fix netdev family device name parsing | expand

Commit Message

Florian Westphal Jan. 9, 2019, 10:26 p.m. UTC 
Should use accept/use quotes, else you can't use this with a device name
that is shared with a key word, e.g. 'device vm'.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/parser_bison.y                                |  2 +-
 src/rule.c                                        |  2 +-
 tests/shell/testcases/chains/dumps/0021prio_0.nft | 10 +++++-----
 3 files changed, 7 insertions(+), 7 deletions(-)

Comments

Pablo Neira Ayuso Jan. 9, 2019, 10:30 p.m. UTC | #1 
On Wed, Jan 09, 2019 at 11:26:05PM +0100, Florian Westphal wrote:
> Should use accept/use quotes, else you can't use this with a device name
> that is shared with a key word, e.g. 'device vm'.
> 
> Signed-off-by: Florian Westphal <fw@strlen.de>

Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff mbox series

Patch

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 01f5be9563eb..f43d695688cd 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1966,7 +1966,7 @@  int_num		:	NUM			{ $$ = $1; }
 			|	DASH	NUM		{ $$ = -$2; }
 			;
 
-dev_spec		:	DEVICE	STRING		{ $$ = $2; }
+dev_spec		:	DEVICE	string		{ $$ = $2; }
 			|	/* empty */		{ $$ = NULL; }
 			;
 
diff --git a/src/rule.c b/src/rule.c
index e15a20b30bbd..73b78c75a267 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1070,7 +1070,7 @@  static void chain_print_declaration(const struct chain *chain,
 		nft_print(octx, "\t\ttype %s hook %s", chain->type,
 			  hooknum2str(chain->handle.family, chain->hooknum));
 		if (chain->dev != NULL)
-			nft_print(octx, " device %s", chain->dev);
+			nft_print(octx, " device \"%s\"", chain->dev);
 		nft_print(octx, " priority %s; policy %s;\n",
 			  prio2str(octx, priobuf, sizeof(priobuf),
 				   chain->handle.family, chain->hooknum,
diff --git a/tests/shell/testcases/chains/dumps/0021prio_0.nft b/tests/shell/testcases/chains/dumps/0021prio_0.nft
index 20125ba01186..ca94d4417bae 100644
--- a/tests/shell/testcases/chains/dumps/0021prio_0.nft
+++ b/tests/shell/testcases/chains/dumps/0021prio_0.nft
@@ -1364,23 +1364,23 @@  table arp x {
 }
 table netdev x {
 	chain ingressfilterm11 {
-		type filter hook ingress device lo priority -11; policy accept;
+		type filter hook ingress device "lo" priority -11; policy accept;
 	}
 
 	chain ingressfilterm10 {
-		type filter hook ingress device lo priority filter - 10; policy accept;
+		type filter hook ingress device "lo" priority filter - 10; policy accept;
 	}
 
 	chain ingressfilter {
-		type filter hook ingress device lo priority filter; policy accept;
+		type filter hook ingress device "lo" priority filter; policy accept;
 	}
 
 	chain ingressfilterp10 {
-		type filter hook ingress device lo priority filter + 10; policy accept;
+		type filter hook ingress device "lo" priority filter + 10; policy accept;
 	}
 
 	chain ingressfilterp11 {
-		type filter hook ingress device lo priority 11; policy accept;
+		type filter hook ingress device "lo" priority 11; policy accept;
 	}
 }
 table bridge x {