Bug#933621: BUG: invalid expression type concat on invalid input "iifname . oifname p . q"

Trent W. Buck Wed, 31 Jul 2019 20:28:00 -0700

Package: nftables
Version: 0.9.1-2
Severity: minor

I found a parser bug when experimenting with concatenations:


    # nft 'flush ruleset; table a; chain a b; a b iifname . oifname p . q; list 
ruleset'
    BUG: invalid expression type concat
    nft: evaluate.c:1726: expr_evaluate_relational: Assertion `0' failed.
    Aborted (core dumped)

    # nft 'flush ruleset; table a; chain a b; a b iifname . oifname != p . q; 
list ruleset'
    BUG: invalid expression type concat
    nft: evaluate.c:1726: expr_evaluate_relational: Assertion `0' failed.
    Aborted (core dumped)

nft should print an error message, not crash.
Here is an example of the behaviour I expect:

    # nft 'flush ruleset; table a; chain a b; a b iifname . oifname = p . q; 
list ruleset'
    Error: syntax error, unexpected '='
    flush ruleset; table a; chain a b; a b iifname . oifname = p . q; list 
ruleset


FYI, the correct input is this:

    # nft 'flush ruleset; table a; chain a b; a b iifname . oifname { p . q }; 
list ruleset'
    table ip a {
            chain b {
                    iifname . oifname { "a" . "b" }
            }
    }

Bug#933621: BUG: invalid expression type concat on invalid input "iifname . oifname p . q"

Reply via email to