diff options
| -rw-r--r-- | include/datatype.h | 14 | ||||
| -rw-r--r-- | include/nftables.h | 8 | ||||
| -rw-r--r-- | src/ct.c | 3 | ||||
| -rw-r--r-- | src/datatype.c | 46 | ||||
| -rw-r--r-- | src/evaluate.c | 6 | ||||
| -rw-r--r-- | src/meta.c | 17 | ||||
| -rw-r--r-- | src/rt.c | 5 |
7 files changed, 68 insertions, 31 deletions
diff --git a/include/datatype.h b/include/datatype.h index 63617ebd..018f013a 100644 --- a/include/datatype.h +++ b/include/datatype.h @@ -123,6 +123,7 @@ enum datatype_flags { DTYPE_F_PREFIX = (1 << 1), }; +struct parse_ctx; /** * struct datatype * @@ -154,7 +155,8 @@ struct datatype { struct output_ctx *octx); json_t *(*json)(const struct expr *expr, struct output_ctx *octx); - struct error_record *(*parse)(const struct expr *sym, + struct error_record *(*parse)(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res); const struct symbol_table *sym_tbl; unsigned int refcnt; @@ -166,7 +168,12 @@ extern struct datatype *datatype_get(const struct datatype *dtype); extern void datatype_set(struct expr *expr, const struct datatype *dtype); extern void datatype_free(const struct datatype *dtype); -extern struct error_record *symbol_parse(const struct expr *sym, +struct parse_ctx { + struct symbol_tables *tbl; +}; + +extern struct error_record *symbol_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res); extern void datatype_print(const struct expr *expr, struct output_ctx *octx); @@ -218,7 +225,8 @@ struct symbol_table { struct symbolic_constant symbols[]; }; -extern struct error_record *symbolic_constant_parse(const struct expr *sym, +extern struct error_record *symbolic_constant_parse(struct parse_ctx *ctx, + const struct expr *sym, const struct symbol_table *tbl, struct expr **res); extern void symbolic_constant_print(const struct symbol_table *tbl, diff --git a/include/nftables.h b/include/nftables.h index ed446e2d..407d7613 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -15,6 +15,13 @@ struct cookie { size_t pos; }; +struct symbol_tables { + const struct symbol_table *mark; + const struct symbol_table *devgroup; + const struct symbol_table *ct_label; + const struct symbol_table *realm; +}; + struct output_ctx { unsigned int flags; union { @@ -25,6 +32,7 @@ struct output_ctx { FILE *error_fp; struct cookie error_cookie; }; + struct symbol_tables tbl; }; static inline bool nft_output_reversedns(const struct output_ctx *octx) @@ -171,7 +171,8 @@ static void ct_label_type_print(const struct expr *expr, nft_print(octx, "%lu", bit); } -static struct error_record *ct_label_type_parse(const struct expr *sym, +static struct error_record *ct_label_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { const struct symbolic_constant *s; diff --git a/src/datatype.c b/src/datatype.c index 6d6826e9..039b4e52 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -113,7 +113,7 @@ void datatype_print(const struct expr *expr, struct output_ctx *octx) expr->dtype->name); } -struct error_record *symbol_parse(const struct expr *sym, +struct error_record *symbol_parse(struct parse_ctx *ctx, const struct expr *sym, struct expr **res) { const struct datatype *dtype = sym->dtype; @@ -124,9 +124,9 @@ struct error_record *symbol_parse(const struct expr *sym, return error(&sym->location, "No symbol type information"); do { if (dtype->parse != NULL) - return dtype->parse(sym, res); + return dtype->parse(ctx, sym, res); if (dtype->sym_tbl != NULL) - return symbolic_constant_parse(sym, dtype->sym_tbl, + return symbolic_constant_parse(ctx, sym, dtype->sym_tbl, res); } while ((dtype = dtype->basetype)); @@ -135,7 +135,8 @@ struct error_record *symbol_parse(const struct expr *sym, sym->dtype->desc); } -struct error_record *symbolic_constant_parse(const struct expr *sym, +struct error_record *symbolic_constant_parse(struct parse_ctx *ctx, + const struct expr *sym, const struct symbol_table *tbl, struct expr **res) { @@ -155,7 +156,7 @@ struct error_record *symbolic_constant_parse(const struct expr *sym, *res = NULL; do { if (dtype->basetype->parse) { - erec = dtype->basetype->parse(sym, res); + erec = dtype->basetype->parse(ctx, sym, res); if (erec != NULL) return erec; if (*res) @@ -300,7 +301,8 @@ static void verdict_type_print(const struct expr *expr, struct output_ctx *octx) } } -static struct error_record *verdict_type_parse(const struct expr *sym, +static struct error_record *verdict_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { *res = constant_expr_alloc(&sym->location, &string_type, @@ -359,7 +361,8 @@ static void integer_type_print(const struct expr *expr, struct output_ctx *octx) nft_gmp_print(octx, fmt, expr->value); } -static struct error_record *integer_type_parse(const struct expr *sym, +static struct error_record *integer_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { mpz_t v; @@ -397,7 +400,8 @@ static void string_type_print(const struct expr *expr, struct output_ctx *octx) nft_print(octx, "\"%s\"", data); } -static struct error_record *string_type_parse(const struct expr *sym, +static struct error_record *string_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { *res = constant_expr_alloc(&sym->location, &string_type, @@ -432,7 +436,8 @@ static void lladdr_type_print(const struct expr *expr, struct output_ctx *octx) } } -static struct error_record *lladdr_type_parse(const struct expr *sym, +static struct error_record *lladdr_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { char buf[strlen(sym->identifier) + 1], *p; @@ -483,7 +488,8 @@ static void ipaddr_type_print(const struct expr *expr, struct output_ctx *octx) nft_print(octx, "%s", buf); } -static struct error_record *ipaddr_type_parse(const struct expr *sym, +static struct error_record *ipaddr_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { struct addrinfo *ai, hints = { .ai_family = AF_INET, @@ -541,7 +547,8 @@ static void ip6addr_type_print(const struct expr *expr, struct output_ctx *octx) nft_print(octx, "%s", buf); } -static struct error_record *ip6addr_type_parse(const struct expr *sym, +static struct error_record *ip6addr_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { struct addrinfo *ai, hints = { .ai_family = AF_INET6, @@ -595,7 +602,8 @@ static void inet_protocol_type_print(const struct expr *expr, integer_type_print(expr, octx); } -static struct error_record *inet_protocol_type_parse(const struct expr *sym, +static struct error_record *inet_protocol_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { struct protoent *p; @@ -676,7 +684,8 @@ void inet_service_type_print(const struct expr *expr, struct output_ctx *octx) integer_type_print(expr, octx); } -static struct error_record *inet_service_type_parse(const struct expr *sym, +static struct error_record *inet_service_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { struct addrinfo *ai; @@ -796,10 +805,11 @@ static void mark_type_print(const struct expr *expr, struct output_ctx *octx) return symbolic_constant_print(mark_tbl, expr, true, octx); } -static struct error_record *mark_type_parse(const struct expr *sym, +static struct error_record *mark_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { - return symbolic_constant_parse(sym, mark_tbl, res); + return symbolic_constant_parse(ctx, sym, mark_tbl, res); } const struct datatype mark_type = { @@ -1019,7 +1029,8 @@ static void time_type_print(const struct expr *expr, struct output_ctx *octx) time_print(mpz_get_uint64(expr->value), octx); } -static struct error_record *time_type_parse(const struct expr *sym, +static struct error_record *time_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { struct error_record *erec; @@ -1050,7 +1061,8 @@ const struct datatype time_type = { .parse = time_type_parse, }; -static struct error_record *concat_type_parse(const struct expr *sym, +static struct error_record *concat_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { return error(&sym->location, "invalid data type, expected %s", diff --git a/src/evaluate.c b/src/evaluate.c index 48c65cd2..df8e808f 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -223,6 +223,7 @@ static int set_not_found(struct eval_ctx *ctx, const struct location *loc, */ static int expr_evaluate_symbol(struct eval_ctx *ctx, struct expr **expr) { + struct parse_ctx parse_ctx = { .tbl = &ctx->nft->output.tbl, }; struct error_record *erec; struct table *table; struct set *set; @@ -231,7 +232,7 @@ static int expr_evaluate_symbol(struct eval_ctx *ctx, struct expr **expr) switch ((*expr)->symtype) { case SYMBOL_VALUE: datatype_set(*expr, ctx->ectx.dtype); - erec = symbol_parse(*expr, &new); + erec = symbol_parse(&parse_ctx, *expr, &new); if (erec != NULL) { erec_queue(erec, ctx->msgs); return -1; @@ -2541,10 +2542,11 @@ static int stmt_evaluate_reject_default(struct eval_ctx *ctx, static int stmt_evaluate_reject_icmp(struct eval_ctx *ctx, struct stmt *stmt) { + struct parse_ctx parse_ctx = { .tbl = &ctx->nft->output.tbl, }; struct error_record *erec; struct expr *code; - erec = symbol_parse(stmt->reject.expr, &code); + erec = symbol_parse(&parse_ctx, stmt->reject.expr, &code); if (erec != NULL) { erec_queue(erec, ctx->msgs); return -1; @@ -68,7 +68,8 @@ static void tchandle_type_print(const struct expr *expr, } } -static struct error_record *tchandle_type_parse(const struct expr *sym, +static struct error_record *tchandle_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { uint32_t handle; @@ -142,7 +143,8 @@ static void ifindex_type_print(const struct expr *expr, struct output_ctx *octx) nft_print(octx, "%d", ifindex); } -static struct error_record *ifindex_type_parse(const struct expr *sym, +static struct error_record *ifindex_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { int ifindex; @@ -220,7 +222,8 @@ static void uid_type_print(const struct expr *expr, struct output_ctx *octx) expr_basetype(expr)->print(expr, octx); } -static struct error_record *uid_type_parse(const struct expr *sym, +static struct error_record *uid_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { struct passwd *pw; @@ -273,7 +276,8 @@ static void gid_type_print(const struct expr *expr, struct output_ctx *octx) expr_basetype(expr)->print(expr, octx); } -static struct error_record *gid_type_parse(const struct expr *sym, +static struct error_record *gid_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { struct group *gr; @@ -355,10 +359,11 @@ static void devgroup_type_print(const struct expr *expr, return symbolic_constant_print(devgroup_tbl, expr, true, octx); } -static struct error_record *devgroup_type_parse(const struct expr *sym, +static struct error_record *devgroup_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { - return symbolic_constant_parse(sym, devgroup_tbl, res); + return symbolic_constant_parse(ctx, sym, devgroup_tbl, res); } const struct datatype devgroup_type = { @@ -40,10 +40,11 @@ static void realm_type_print(const struct expr *expr, struct output_ctx *octx) return symbolic_constant_print(realm_tbl, expr, true, octx); } -static struct error_record *realm_type_parse(const struct expr *sym, +static struct error_record *realm_type_parse(struct parse_ctx *ctx, + const struct expr *sym, struct expr **res) { - return symbolic_constant_parse(sym, realm_tbl, res); + return symbolic_constant_parse(ctx, sym, realm_tbl, res); } const struct datatype realm_type = { |