On Tue, Jul 16, 2019 at 01:51:20PM +0200, Pablo Neira Ayuso wrote:
> add rule ip testNEW test6 jump test8
> ^^^^^
> Error: invalid verdict chain expression value
Note that I can't reproduce this issue locally.
[...]
> - if ((stmt->expr->chain->etype != EXPR_SYMBOL &&
> - stmt->expr->chain->etype != EXPR_VALUE) ||
> - stmt->expr->chain->symtype != SYMBOL_VALUE) {
> - return stmt_error(ctx, stmt,
> - "invalid verdict chain
> expression %s\n",
> - expr_name(stmt->expr->chain));
> - }
So I guess the problem is that for an etype of EXPR_VALUE, symtype is
still checked. The latter is used by EXPR_SYMBOL only, but since
SYMBOL_VALUE is 0 (implicitly, it's the first item in enum
symbol_types) this probably works by accident.
I still don't understand why it doesn't work for you, but I guess the
bug is found. So probably
| if ((stmt->expr->chain->etype != EXPR_SYMBOL ||
| stmt->expr->chain->symtype != SYMBOL_VALUE) &&
| stmt->expr->chain->etype != EXPR_VALUE)) {
is right.
Cheers, Phil
