diff options
author | Stéphane Veyret <sveyret@gmail.com> | 2019-07-09 15:02:09 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-07-16 21:26:52 +0200 |
commit | 1dd08fcfa07a4e5bacc14b4e4a27ed64581f2e41 (patch) | |
tree | 71cd776ee6b257d9a0cbefec922165d8c93cbe9b /src/parser_bison.y | |
parent | 543e7f405e3dc502ef0a69f0b85a745bdbc998ee (diff) |
src: add ct expectations support
This modification allow to directly add/list/delete expectations.
Signed-off-by: Stéphane Veyret <sveyret@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser_bison.y')
-rw-r--r-- | src/parser_bison.y | 62 |
1 files changed, 61 insertions, 1 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 0a387f61..c7591bc2 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -435,6 +435,7 @@ int nft_lex(void *, void *, void *); %token ZONE "zone" %token DIRECTION "direction" %token EVENT "event" +%token EXPECTATION "expectation" %token EXPIRATION "expiration" %token HELPER "helper" %token LABEL "label" @@ -582,7 +583,7 @@ int nft_lex(void *, void *, void *); %type <flowtable> flowtable_block_alloc flowtable_block %destructor { flowtable_free($$); } flowtable_block_alloc -%type <obj> obj_block_alloc counter_block quota_block ct_helper_block ct_timeout_block limit_block secmark_block +%type <obj> obj_block_alloc counter_block quota_block ct_helper_block ct_timeout_block ct_expect_block limit_block secmark_block %destructor { obj_free($$); } obj_block_alloc %type <list> stmt_list @@ -987,6 +988,10 @@ add_cmd : TABLE table_spec { $$ = cmd_alloc_obj_ct(CMD_ADD, NFT_OBJECT_CT_TIMEOUT, &$3, &@$, $4); } + | CT EXPECTATION obj_spec ct_obj_alloc '{' ct_expect_block '}' + { + $$ = cmd_alloc_obj_ct(CMD_ADD, NFT_OBJECT_CT_EXPECT, &$3, &@$, $4); + } | LIMIT obj_spec limit_obj { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_LIMIT, &$2, &@$, $3); @@ -1076,6 +1081,10 @@ create_cmd : TABLE table_spec { $$ = cmd_alloc_obj_ct(CMD_CREATE, NFT_OBJECT_CT_TIMEOUT, &$3, &@$, $4); } + | CT EXPECTATION obj_spec ct_obj_alloc '{' ct_expect_block '}' + { + $$ = cmd_alloc_obj_ct(CMD_CREATE, NFT_OBJECT_CT_EXPECT, &$3, &@$, $4); + } | LIMIT obj_spec limit_obj { $$ = cmd_alloc(CMD_CREATE, CMD_OBJ_LIMIT, &$2, &@$, $3); @@ -1296,6 +1305,10 @@ list_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_LIST, CMD_OBJ_CT_TIMEOUT, &$4, &@$, NULL); } + | CT EXPECTATION TABLE table_spec + { + $$ = cmd_alloc(CMD_LIST, CMD_OBJ_CT_EXPECT, &$4, &@$, NULL); + } ; reset_cmd : COUNTERS ruleset_spec @@ -1536,6 +1549,15 @@ table_block : /* empty */ { $$ = $<table>-1; } list_add_tail(&$5->list, &$1->objs); $$ = $1; } + | table_block CT EXPECTATION obj_identifier obj_block_alloc '{' ct_expect_block '}' stmt_separator + { + $5->location = @4; + $5->type = NFT_OBJECT_CT_EXPECT; + handle_merge(&$5->handle, &$4); + handle_free(&$4); + list_add_tail(&$5->list, &$1->objs); + $$ = $1; + } | table_block LIMIT obj_identifier obj_block_alloc '{' limit_block '}' stmt_separator @@ -1860,6 +1882,15 @@ ct_timeout_block : /*empty */ { $$ = $<obj>-1; } } ; +ct_expect_block : /*empty */ { $$ = $<obj>-1; } + | ct_expect_block common_block + | ct_expect_block stmt_separator + | ct_expect_block ct_expect_config + { + $$ = $1; + } + ; + limit_block : /* empty */ { $$ = $<obj>-1; } | limit_block common_block | limit_block stmt_separator @@ -3474,6 +3505,7 @@ secmark_obj : secmark_config ct_obj_type : HELPER { $$ = NFT_OBJECT_CT_HELPER; } | TIMEOUT { $$ = NFT_OBJECT_CT_TIMEOUT; } + | EXPECTATION { $$ = NFT_OBJECT_CT_EXPECT; } ; ct_l4protoname : TCP { $$ = IPPROTO_TCP; } @@ -3550,6 +3582,28 @@ ct_timeout_config : PROTOCOL ct_l4protoname stmt_separator } ; +ct_expect_config : PROTOCOL ct_l4protoname stmt_separator + { + $<obj>0->ct_expect.l4proto = $2; + } + | DPORT NUM stmt_separator + { + $<obj>0->ct_expect.dport = $2; + } + | TIMEOUT time_spec stmt_separator + { + $<obj>0->ct_expect.timeout = $2; + } + | SIZE NUM stmt_separator + { + $<obj>0->ct_expect.size = $2; + } + | L3PROTOCOL family_spec_explicit stmt_separator + { + $<obj>0->ct_expect.l3proto = $2; + } + ; + ct_obj_alloc : { $$ = obj_alloc(&@$); @@ -4169,6 +4223,12 @@ ct_stmt : CT ct_key SET stmt_expr $$->objref.expr = $4; } + | CT EXPECTATION SET stmt_expr + { + $$ = objref_stmt_alloc(&@$); + $$->objref.type = NFT_OBJECT_CT_EXPECT; + $$->objref.expr = $4; + } | CT ct_dir ct_key_dir_optional SET stmt_expr { $$ = ct_stmt_alloc(&@$, $3, $2, $5); |