diff options
| author | Phil Sutter <phil@nwl.cc> | 2019-10-30 21:45:39 +0100 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2019-11-07 12:46:16 +0100 |
| commit | 332325e3c3fab4c25bb5f387f9663205f63748dc (patch) | |
| tree | b9e616a69a3b87829c4f6531a6677119d9af6275 /src | |
| parent | 856c78d4fdc73ac746ef1473f08d78cf2ebcbc4c (diff) | |
libnftables: Store top_scope in struct nft_ctx
Allow for interactive sessions to make use of defines. Since parser is
initialized for each line, top scope defines didn't persist although
they are actually useful for stuff like:
| # nft -i
| define goodports = { 22, 23, 80, 443 }
| add rule inet t c tcp dport $goodports accept
| add rule inet t c tcp sport $goodports accept
While being at it, introduce scope_alloc() and scope_free().
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/libnftables.c | 6 | ||||
| -rw-r--r-- | src/parser_bison.y | 6 | ||||
| -rw-r--r-- | src/rule.c | 15 |
3 files changed, 22 insertions, 5 deletions
diff --git a/src/libnftables.c b/src/libnftables.c index e2037243..cd2fcf2f 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -155,6 +155,7 @@ struct nft_ctx *nft_ctx_new(uint32_t flags) nft_ctx_add_include_path(ctx, DEFAULT_INCLUDE_PATH); ctx->parser_max_errors = 10; init_list_head(&ctx->cache.list); + ctx->top_scope = scope_alloc(); ctx->flags = flags; ctx->output.output_fp = stdout; ctx->output.error_fp = stderr; @@ -292,6 +293,7 @@ void nft_ctx_free(struct nft_ctx *ctx) iface_cache_release(); cache_release(&ctx->cache); nft_ctx_clear_include_paths(ctx); + scope_free(ctx->top_scope); xfree(ctx->state); nft_exit(ctx); xfree(ctx); @@ -368,7 +370,7 @@ static int nft_parse_bison_buffer(struct nft_ctx *nft, const char *buf, { int ret; - parser_init(nft, nft->state, msgs, cmds); + parser_init(nft, nft->state, msgs, cmds, nft->top_scope); nft->scanner = scanner_init(nft->state); scanner_push_buffer(nft->scanner, &indesc_cmdline, buf); @@ -384,7 +386,7 @@ static int nft_parse_bison_filename(struct nft_ctx *nft, const char *filename, { int ret; - parser_init(nft, nft->state, msgs, cmds); + parser_init(nft, nft->state, msgs, cmds, nft->top_scope); nft->scanner = scanner_init(nft->state); if (scanner_read_file(nft, filename, &internal_location) < 0) return -1; diff --git a/src/parser_bison.y b/src/parser_bison.y index 6f525d5b..3f283256 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -42,13 +42,13 @@ #include "parser_bison.h" void parser_init(struct nft_ctx *nft, struct parser_state *state, - struct list_head *msgs, struct list_head *cmds) + struct list_head *msgs, struct list_head *cmds, + struct scope *top_scope) { memset(state, 0, sizeof(*state)); - init_list_head(&state->top_scope.symbols); state->msgs = msgs; state->cmds = cmds; - state->scopes[0] = scope_init(&state->top_scope, NULL); + state->scopes[0] = scope_init(top_scope, NULL); init_list_head(&state->indesc_list); } @@ -645,6 +645,15 @@ struct rule *rule_lookup_by_index(const struct chain *chain, uint64_t index) return NULL; } +struct scope *scope_alloc(void) +{ + struct scope *scope = xzalloc(sizeof(struct scope)); + + init_list_head(&scope->symbols); + + return scope; +} + struct scope *scope_init(struct scope *scope, const struct scope *parent) { scope->parent = parent; @@ -664,6 +673,12 @@ void scope_release(const struct scope *scope) } } +void scope_free(struct scope *scope) +{ + scope_release(scope); + xfree(scope); +} + void symbol_bind(struct scope *scope, const char *identifier, struct expr *expr) { struct symbol *sym; |