src: add variable expression and use it to allow redefinitions

Add new variable expression that we can use to attach symbols in runtime, this allows us to redefine variables via new keyword, eg. table ip x { chain y { define address = { 1.1.1.1, 2.2.2.2 } ip saddr $address redefine address = { 3.3.3.3 } ip saddr $address } } # nft list ruleset table ip x { chain y { ip saddr { 1.1.1.1, 2.2.2.2 } ip saddr { 3.3.3.3 } } } Note that redefinition just places a new symbol version before the existing one, so symbol lookups always find the latest version. The undefine keyword decrements the reference counter and removes the symbol from the list, so it cannot be used anymore. Still, previous references to this symbol via variable expression are still valid. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2018-03-03 22:52:35 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-03-04 00:22:50 +0100
commit: 3b20f47277c0cb4ea07ad30f94496c9f383035e7 (patch)
tree: c5b0b1fc569dd64cd3fdcedaecfacf22b0abe6dd /src/evaluate.c
parent: 8162d2b96718041dadc52ab127db9d91a2c223cc (diff)
1 files changed, 12 insertions, 9 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 40a9292f..cc8eac83 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -168,7 +168,6 @@ static struct table *table_lookup_global(struct eval_ctx *ctx)
 static int expr_evaluate_symbol(struct eval_ctx *ctx, struct expr **expr)
 {
 	struct error_record *erec;
-	struct symbol *sym;
 	struct table *table;
 	struct set *set;
 	struct expr *new;
@@ -183,14 +182,6 @@ static int expr_evaluate_symbol(struct eval_ctx *ctx, struct expr **expr)
 			return -1;
 		}
 		break;
-	case SYMBOL_DEFINE:
-		sym = symbol_lookup((*expr)->scope, (*expr)->identifier);
-		if (sym == NULL)
-			return expr_error(ctx->msgs, *expr,
-					  "undefined identifier '%s'",
-					  (*expr)->identifier);
-		new = expr_clone(sym->expr);
-		break;
 	case SYMBOL_SET:
 		ret = cache_update(ctx->nf_sock, ctx->cache, ctx->cmd->op,
 				   ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
@@ -1776,6 +1767,16 @@ static int expr_evaluate_meta(struct eval_ctx *ctx, struct expr **exprp)
 	return expr_evaluate_primary(ctx, exprp);
 }
 
+static int expr_evaluate_variable(struct eval_ctx *ctx, struct expr **exprp)
+{
+	struct expr *new = expr_clone((*exprp)->sym->expr);
+
+	expr_free(*exprp);
+	*exprp = new;
+
+	return expr_evaluate(ctx, exprp);
+}
+
 static int expr_evaluate(struct eval_ctx *ctx, struct expr **expr)
 {
 	if (ctx->debug_mask & NFT_DEBUG_EVALUATION) {
@@ -1791,6 +1792,8 @@ static int expr_evaluate(struct eval_ctx *ctx, struct expr **expr)
 	switch ((*expr)->ops->type) {
 	case EXPR_SYMBOL:
 		return expr_evaluate_symbol(ctx, expr);
+	case EXPR_VARIABLE:
+		return expr_evaluate_variable(ctx, expr);
 	case EXPR_SET_REF:
 		return 0;
 	case EXPR_VALUE:
author	Pablo Neira Ayuso <pablo@netfilter.org>	2018-03-03 22:52:35 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-03-04 00:22:50 +0100
commit	3b20f47277c0cb4ea07ad30f94496c9f383035e7 (patch)
tree	c5b0b1fc569dd64cd3fdcedaecfacf22b0abe6dd /src/evaluate.c
parent	8162d2b96718041dadc52ab127db9d91a2c223cc (diff)