diff options
author | Florian Westphal <fw@strlen.de> | 2017-09-29 13:55:54 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2017-09-29 13:55:54 +0200 |
commit | 54a0c5dc0f4db879ad2f44fc77bcd2568719be42 (patch) | |
tree | 5d5e17e0fca1c3cdd9fd582f17273705f8d6555f /src/parser_bison.y | |
parent | 28180991740e6942adfb12650ff2472d73e89387 (diff) | |
parent | 26589362c1a3a7c3f0fdb5e70e831bcb4077b0d1 (diff) |
Merge branch 'ct_rt_syntax_06'
inet family (and others, e.g. bridge) lack context to figure out the
layer 3 address type.
examples:
ct original saddr $addr
rt nexthop $addr
We can't use $addr, because it might be a set reference, e.g.
ct original saddr @whitelist
currently implemented workaround is to use 'meta nfproto' to provide the
l3 context, e.g.
meta nfproto ip rt nexthop 10.2.3.4
i.e. users need to fill dependency manually.
Pablo suggested to instead specify ip saddr, ip6 saddr:
ct original ip saddr $address
and then let nft handle the dependency injection, these changes do this.
Old syntax is preserved.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser_bison.y')
-rw-r--r-- | src/parser_bison.y | 42 |
1 files changed, 38 insertions, 4 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 75a77358..f996d9d9 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -665,11 +665,11 @@ static void location_update(struct location *loc, struct location *rhs, int n) %type <expr> rt_expr %destructor { expr_free($$); } rt_expr -%type <val> rt_key +%type <val> rt_key_proto rt_key %type <expr> ct_expr %destructor { expr_free($$); } ct_expr -%type <val> ct_key ct_dir ct_key_dir_optional ct_key_dir +%type <val> ct_key ct_dir ct_key_dir_optional ct_key_dir ct_key_proto ct_key_proto_field %type <expr> fib_expr %destructor { expr_free($$); } fib_expr @@ -3246,10 +3246,32 @@ hash_expr : JHASH expr MOD NUM SEED NUM offset_opt } ; +rt_key_proto : IP { $$ = NFPROTO_IPV4; } + | IP6 { $$ = NFPROTO_IPV6; } + ; + rt_expr : RT rt_key { $$ = rt_expr_alloc(&@$, $2, true); } + | RT rt_key_proto rt_key + { + enum nft_rt_keys rtk = $3; + + switch ($2) { + case NFPROTO_IPV4: + break; + case NFPROTO_IPV6: + if ($3 == NFT_RT_NEXTHOP4) + rtk = NFT_RT_NEXTHOP6; + break; + default: + YYERROR; + break; + } + + $$ = rt_expr_alloc(&@$, rtk, false); + } ; rt_key : CLASSID { $$ = NFT_RT_CLASSID; } @@ -3259,11 +3281,15 @@ rt_key : CLASSID { $$ = NFT_RT_CLASSID; } ct_expr : CT ct_key { - $$ = ct_expr_alloc(&@$, $2, -1); + $$ = ct_expr_alloc(&@$, $2, -1, NFPROTO_UNSPEC); } | CT ct_dir ct_key_dir { - $$ = ct_expr_alloc(&@$, $3, $2); + $$ = ct_expr_alloc(&@$, $3, $2, NFPROTO_UNSPEC); + } + | CT ct_dir ct_key_proto ct_key_proto_field + { + $$ = ct_expr_alloc(&@$, $4, $2, $3); } ; @@ -3297,6 +3323,14 @@ ct_key_dir : SADDR { $$ = NFT_CT_SRC; } | ct_key_dir_optional ; +ct_key_proto : IP { $$ = NFPROTO_IPV4; } + | IP6 { $$ = NFPROTO_IPV6; } + ; + +ct_key_proto_field : SADDR { $$ = NFT_CT_SRC; } + | DADDR { $$ = NFT_CT_DST; } + ; + ct_key_dir_optional : BYTES { $$ = NFT_CT_BYTES; } | PACKETS { $$ = NFT_CT_PKTS; } | AVGPKT { $$ = NFT_CT_AVGPKT; } |