npf icon indicating copy to clipboard operation
npf copied to clipboard

Published 20 hours ago verified publisher icon rmind

Incorrect parsing near keyword "apply"

Open Biogen opened this issue 5 years ago • 1 comments

Hello,

When I create a new rule for ruleset with apply "log" via npfctl I get an error: syntax error near 'log' Example:

# npfctl rule "test" add pass all apply "log"
stdin:1:18: syntax error near 'log'

npf.conf:

procedure "log" {
    log: npflog0
}

group default {
    ruleset "test"
    pass all apply "log"
}

Also, I face to this problem when try to create the same rule by npfctl API. How can I solve this problem? Thank you!

Biogen avatar Feb 01 '20 21:02 Biogen

Currently, npfctl parser requires strings to be in double quotes, meaning that apply "log" is valid, while apply log is not. Since the rule is passed from shell, its interpreter consumes the quotes. You need to escape the quotes or pass the expression as a literal, e.g.:

npfctl rule "test" add 'pass all apply "log"'

This is not an NPF bug. The npfctl parser could be relaxed to not require the quotes for strings, but I tend to think it is not worth doing that.

rmind avatar Jun 06 '20 14:06 rmind