[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Concatenation + Interval => Broken Parser or Broken Concept
From:       Robert White <rwhite () pobox ! com>
Date:       2018-04-09 21:41:30
Message-ID: 62fd8839-a6df-72ff-e637-1e038c83a1ec () pobox ! com
[Download RAW message or body]

It seems to be completely legal to declare a set or map with both a
concatenated type and an interval flag, but then it's apparently
impossible to actually install interval values in that set or map.

Example:
(Given)

table inet test {

        set addresses {
                type ipv4_addr
                flags interval
                elements = { 10.0.0.0/8, 172.16.0.0/12,
                             192.168.0.0/16 }
        }

        set tuple {
                type inet_service . ipv4_addr
                flags interval
        }
}

nft> add element inet test tuple { 80 . 10.0.0.0/8 }
Error: syntax error, unexpected /, expecting comma or '}'
add element inet test tuple { 80 . 10.0.0.0/8 }


One Would Expect that the set would be a concatenation of intervals, so
that every component in the add element command would be a legal
interval with at least one member.

That is all of the below _should_ be legal if expectations match "the
rule of least astonishment".

add element inet test tuple {
79 . 192,168.10.1,
80-88 . 192.168.11.3,
100 . 172.16.0.0/12,
1000-2000 . 10.0.0.0/8
}

But only the non-ranged (first) tuple will make it through the parser.

If concatenation and interval are not legal together then declaring such
a set/map/etc should produce a suitable error and diagnostic.

If concatenation and interval are legal then the parser (et. al.) needs
to accept the relevant data elements.

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]