summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2016-07-27 14:34:53 +0200
committerFlorian Westphal <fw@strlen.de>2016-10-27 22:34:31 +0200
commitc992153402c78d91e8beba791171bced21c62d3f (patch)
tree75ce083cdc31b7ce03cc354561ff255a126d6acf /src
parent2c6a3b7c4f662b7a94a8ba6870565a45df0cbe2c (diff)
ct: allow resolving ct keys at run time
... and remove those keywords we no longer need. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/ct.c35
-rw-r--r--src/parser_bison.y36
-rw-r--r--src/scanner.l6
3 files changed, 62 insertions, 15 deletions
diff --git a/src/ct.c b/src/ct.c
index a6829389..81918764 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -306,6 +306,41 @@ struct error_record *ct_dir_parse(const struct location *loc, const char *str,
return error(loc, "Could not parse direction %s", str);
}
+struct error_record *ct_key_parse(const struct location *loc, const char *str,
+ unsigned int *key)
+{
+ int ret, len, offset = 0;
+ const char *sep = "";
+ unsigned int i;
+ char buf[1024];
+ size_t size;
+
+ for (i = 0; i < array_size(ct_templates); i++) {
+ if (!ct_templates[i].token || strcmp(ct_templates[i].token, str))
+ continue;
+
+ *key = i;
+ return NULL;
+ }
+
+ len = (int)sizeof(buf);
+ size = sizeof(buf);
+
+ for (i = 0; i < array_size(ct_templates); i++) {
+ if (!ct_templates[i].token)
+ continue;
+
+ if (offset)
+ sep = ", ";
+
+ ret = snprintf(buf+offset, len, "%s%s", sep, ct_templates[i].token);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ assert(offset < (int)sizeof(buf));
+ }
+
+ return error(loc, "syntax error, unexpected %s, known keys are %s", str, buf);
+}
+
struct expr *ct_expr_alloc(const struct location *loc, enum nft_ct_keys key,
int8_t direction)
{
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 35504de1..1730b8d3 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2512,6 +2512,19 @@ ct_expr : CT ct_key
{
$$ = ct_expr_alloc(&@$, $2, -1);
}
+ | CT STRING
+ {
+ struct error_record *erec;
+ unsigned int key;
+
+ erec = ct_key_parse(&@$, $2, &key);
+ if (erec != NULL) {
+ erec_queue(erec, state->msgs);
+ YYERROR;
+ }
+
+ $$ = ct_expr_alloc(&@$, key, -1);
+ }
| CT STRING ct_key_dir
{
struct error_record *erec;
@@ -2527,15 +2540,7 @@ ct_expr : CT ct_key
}
;
-ct_key : STATE { $$ = NFT_CT_STATE; }
- | DIRECTION { $$ = NFT_CT_DIRECTION; }
- | STATUS { $$ = NFT_CT_STATUS; }
- | MARK { $$ = NFT_CT_MARK; }
- | EXPIRATION { $$ = NFT_CT_EXPIRATION; }
- | HELPER { $$ = NFT_CT_HELPER; }
- | LABEL { $$ = NFT_CT_LABELS; }
- | L3PROTOCOL { $$ = NFT_CT_L3PROTOCOL; }
- | PROTOCOL { $$ = NFT_CT_PROTOCOL; }
+ct_key : MARK { $$ = NFT_CT_MARK; }
| ct_key_counters
;
ct_key_dir : SADDR { $$ = NFT_CT_SRC; }
@@ -2555,6 +2560,19 @@ ct_stmt : CT ct_key SET expr
{
$$ = ct_stmt_alloc(&@$, $2, $4);
}
+ | CT STRING SET expr
+ {
+ struct error_record *erec;
+ unsigned int key;
+
+ erec = ct_key_parse(&@$, $2, &key);
+ if (erec != NULL) {
+ erec_queue(erec, state->msgs);
+ YYERROR;
+ }
+
+ $$ = ct_stmt_alloc(&@$, key, $4);
+ }
;
payload_stmt : payload_expr SET expr
diff --git a/src/scanner.l b/src/scanner.l
index 157b561b..2ddcad94 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -449,15 +449,9 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"cgroup" { return CGROUP; }
"ct" { return CT; }
-"direction" { return DIRECTION; }
-"state" { return STATE; }
-"status" { return STATUS; }
-"expiration" { return EXPIRATION; }
-"helper" { return HELPER; }
"l3proto" { return L3PROTOCOL; }
"proto-src" { return PROTO_SRC; }
"proto-dst" { return PROTO_DST; }
-"label" { return LABEL; }
"numgen" { return NUMGEN; }
"inc" { return INC; }