This last patch does not work. The first one works fine with a string as
chain name.
# nft add table ip foo
# nft add chain ip foo bar {type filter hook input priority 0\;}
# nft add chain ip foo ber
# nft add rule ip foo ber counter
# nft add rule ip foo bar jump ber
# nft list ruleset
table ip foo {
chain bar {
type filter hook input priority filter; policy accept;
jump ber
}
chain ber {
counter packets 69 bytes 6138
}
}
But when trying to execute "# nft -f file.nft", being file.nft:
> define dest = ber
> add rule ip foo bar jump $dest
I am getting the following error:
file.nft:3:26-30: Error: Can't parse symbolic netfilter verdict expressions
add rule ip foo bar jump $dest
^^^^^
This error comes from symbol_parse() at expr_evaluate_symbol() after the
expr_evaluate() call added in the first patch.
On 5/14/19 5:25 PM, Fernando Fernandez Mancera wrote:
> This patch introduces the use of nft input files variables in 'jump'
> statements, e.g.
>
> define dest = chainame
>
> add rule ip filter input jump $dest
>
> Signed-off-by: Fernando Fernandez Mancera <[email protected]>
> ---
> src/parser_bison.y | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/src/parser_bison.y b/src/parser_bison.y
> index 69b5773..42fd71f 100644
> --- a/src/parser_bison.y
> +++ b/src/parser_bison.y
> @@ -3841,7 +3841,13 @@ verdict_expr : ACCEPT
> }
> ;
>
> -chain_expr : identifier
> +chain_expr : variable_expr
> + {
> + $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE,
> + current_scope(state),
> + $1->sym->identifier);
> + }
> + | identifier
> {
> $$ = constant_expr_alloc(&@$, &string_type,
> BYTEORDER_HOST_ENDIAN,
>
