summaryrefslogtreecommitdiffstats
path: root/src/parser.y
diff options
context:
space:
mode:
Diffstat (limited to 'src/parser.y')
-rw-r--r--src/parser.y188
1 files changed, 147 insertions, 41 deletions
diff --git a/src/parser.y b/src/parser.y
index 345d8d06..24f022a5 100644
--- a/src/parser.y
+++ b/src/parser.y
@@ -18,6 +18,7 @@
#include <linux/netfilter.h>
#include <linux/netfilter/nf_tables.h>
#include <linux/netfilter/nf_conntrack_tuple_common.h>
+#include <libnftnl/common.h>
#include <rule.h>
#include <statement.h>
@@ -166,13 +167,17 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%token MAP "map"
%token HANDLE "handle"
+%token INET "inet"
+
%token ADD "add"
+%token CREATE "create"
%token INSERT "insert"
%token DELETE "delete"
%token LIST "list"
%token FLUSH "flush"
%token RENAME "rename"
%token DESCRIBE "describe"
+%token EXPORT "export"
%token ACCEPT "accept"
%token DROP "drop"
@@ -180,7 +185,6 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%token JUMP "jump"
%token GOTO "goto"
%token RETURN "return"
-%token QUEUE "queue"
%token CONSTANT "constant"
%token INTERVAL "interval"
@@ -284,6 +288,8 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%token MH "mh"
%token META "meta"
+%token NFPROTO "nfproto"
+%token L4PROTO "l4proto"
%token MARK "mark"
%token IIF "iif"
%token IIFNAME "iifname"
@@ -333,16 +339,26 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%token SNAT "snat"
%token DNAT "dnat"
+%token QUEUE "queue"
+%token QUEUENUM "num"
+%token QUEUETOTAL "total"
+%token QUEUEBYPASS "bypass"
+%token QUEUECPUFANOUT "fanout"
+%token OPTIONS "options"
+
%token POSITION "position"
+%token XML "xml"
+%token JSON "json"
+
%type <string> identifier string
%destructor { xfree($$); } identifier string
%type <cmd> line
%destructor { cmd_free($$); } line
-%type <cmd> base_cmd add_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd
-%destructor { cmd_free($$); } base_cmd add_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd
+%type <cmd> base_cmd add_cmd create_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd export_cmd
+%destructor { cmd_free($$); } base_cmd add_cmd create_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd export_cmd
%type <handle> table_spec tables_spec chain_spec chain_identifier ruleid_spec
%destructor { handle_free(&$$); } table_spec tables_spec chain_spec chain_identifier ruleid_spec
@@ -382,6 +398,9 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%destructor { stmt_free($$); } reject_stmt
%type <stmt> nat_stmt nat_stmt_alloc
%destructor { stmt_free($$); } nat_stmt nat_stmt_alloc
+%type <stmt> queue_stmt queue_stmt_alloc
+%destructor { stmt_free($$); } queue_stmt queue_stmt_alloc
+%type <val> queue_flags queue_flag
%type <expr> symbol_expr verdict_expr integer_expr
%destructor { expr_free($$); } symbol_expr verdict_expr integer_expr
@@ -462,6 +481,8 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%destructor { expr_free($$); } ct_expr
%type <val> ct_key
+%type <val> export_format
+
%%
input : /* empty */
@@ -524,11 +545,13 @@ line : common_block { $$ = NULL; }
base_cmd : /* empty */ add_cmd { $$ = $1; }
| ADD add_cmd { $$ = $2; }
+ | CREATE create_cmd { $$ = $2; }
| INSERT insert_cmd { $$ = $2; }
| DELETE delete_cmd { $$ = $2; }
| LIST list_cmd { $$ = $2; }
| FLUSH flush_cmd { $$ = $2; }
| RENAME rename_cmd { $$ = $2; }
+ | EXPORT export_cmd { $$ = $2; }
| DESCRIBE primary_expr
{
expr_describe($2);
@@ -588,6 +611,31 @@ add_cmd : TABLE table_spec
}
;
+create_cmd : TABLE table_spec
+ {
+ $$ = cmd_alloc(CMD_CREATE, CMD_OBJ_TABLE, &$2, &@$, NULL);
+ }
+ | TABLE table_spec table_block_alloc
+ '{' table_block '}'
+ {
+ handle_merge(&$3->handle, &$2);
+ close_scope(state);
+ $$ = cmd_alloc(CMD_CREATE, CMD_OBJ_TABLE, &$2, &@$, $5);
+ }
+ | CHAIN chain_spec
+ {
+ $$ = cmd_alloc(CMD_CREATE, CMD_OBJ_CHAIN, &$2, &@$, NULL);
+ }
+ | CHAIN chain_spec chain_block_alloc
+ '{' chain_block '}'
+ {
+ $5->location = @5;
+ handle_merge(&$3->handle, &$2);
+ close_scope(state);
+ $$ = cmd_alloc(CMD_CREATE, CMD_OBJ_CHAIN, &$2, &@$, $5);
+ }
+ ;
+
insert_cmd : RULE ruleid_spec rule
{
$$ = cmd_alloc(CMD_INSERT, CMD_OBJ_RULE, &$2, &@$, $3);
@@ -663,6 +711,14 @@ rename_cmd : CHAIN chain_spec identifier
}
;
+export_cmd : export_format
+ {
+ struct handle h = { .family = NFPROTO_UNSPEC };
+ $$ = cmd_alloc(CMD_EXPORT, CMD_OBJ_RULESET, &h, &@$, NULL);
+ $$->format = $1;
+ }
+ ;
+
table_block_alloc : /* empty */
{
$$ = table_alloc();
@@ -854,6 +910,7 @@ string : STRING
family_spec : /* empty */ { $$ = NFPROTO_IPV4; }
| IP { $$ = NFPROTO_IPV4; }
| IP6 { $$ = NFPROTO_IPV6; }
+ | INET { $$ = NFPROTO_INET; }
| ARP { $$ = NFPROTO_ARP; }
| BRIDGE { $$ = NFPROTO_BRIDGE; }
;
@@ -963,6 +1020,7 @@ stmt : verdict_stmt
| limit_stmt
| reject_stmt
| nat_stmt
+ | queue_stmt
;
verdict_stmt : verdict_expr
@@ -1087,6 +1145,57 @@ nat_stmt_args : expr
}
;
+queue_stmt : queue_stmt_alloc
+ | queue_stmt_alloc queue_args
+ ;
+
+queue_stmt_alloc : QUEUE
+ {
+ $$ = queue_stmt_alloc(&@$);
+ }
+ ;
+
+queue_args : queue_arg
+ {
+ $<stmt>$ = $<stmt>0;
+ }
+ | queue_args queue_arg
+ ;
+
+queue_arg : QUEUENUM NUM
+ {
+ $<stmt>0->queue.queuenum = $2;
+ }
+ | QUEUETOTAL NUM
+ {
+ $<stmt>0->queue.queues_total = $2;
+ }
+ | OPTIONS queue_flags
+ {
+ $<stmt>0->queue.flags = $2;
+ }
+ ;
+
+queue_flags : queue_flag
+ {
+ $$ = $1;
+ }
+ | queue_flags COMMA queue_flag
+ {
+ $$ |= $1 | $3;
+ }
+ ;
+
+queue_flag : QUEUEBYPASS
+ {
+ $$ = NFT_QUEUE_FLAG_BYPASS;
+ }
+ | QUEUECPUFANOUT
+ {
+ $$ = NFT_QUEUE_FLAG_CPU_FANOUT;
+ }
+ ;
+
match_stmt : relational_expr
{
$$ = expr_stmt_alloc(&@$, $1);
@@ -1323,10 +1432,6 @@ verdict_expr : ACCEPT
{
$$ = verdict_expr_alloc(&@$, NF_DROP, NULL);
}
- | QUEUE
- {
- $$ = verdict_expr_alloc(&@$, NF_QUEUE, NULL);
- }
| CONTINUE
{
$$ = verdict_expr_alloc(&@$, NFT_CONTINUE, NULL);
@@ -1360,6 +1465,8 @@ meta_key : meta_key_qualified
;
meta_key_qualified : LENGTH { $$ = NFT_META_LEN; }
+ | NFPROTO { $$ = NFT_META_NFPROTO; }
+ | L4PROTO { $$ = NFT_META_L4PROTO; }
| PROTOCOL { $$ = NFT_META_PROTOCOL; }
| PRIORITY { $$ = NFT_META_PRIORITY; }
;
@@ -1435,14 +1542,14 @@ payload_raw_expr : AT payload_base_spec COMMA NUM COMMA NUM
}
;
-payload_base_spec : LL_HDR { $$ = PAYLOAD_BASE_LL_HDR; }
- | NETWORK_HDR { $$ = PAYLOAD_BASE_NETWORK_HDR; }
- | TRANSPORT_HDR { $$ = PAYLOAD_BASE_TRANSPORT_HDR; }
+payload_base_spec : LL_HDR { $$ = PROTO_BASE_LL_HDR; }
+ | NETWORK_HDR { $$ = PROTO_BASE_NETWORK_HDR; }
+ | TRANSPORT_HDR { $$ = PROTO_BASE_TRANSPORT_HDR; }
;
eth_hdr_expr : ETHER eth_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_eth, $2);
+ $$ = payload_expr_alloc(&@$, &proto_eth, $2);
}
;
@@ -1453,14 +1560,13 @@ eth_hdr_field : SADDR { $$ = ETHHDR_SADDR; }
vlan_hdr_expr : VLAN vlan_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_vlan, $2);
+ $$ = payload_expr_alloc(&@$, &proto_vlan, $2);
}
| VLAN
{
- uint16_t data = ETH_P_8021Q;
- $$ = constant_expr_alloc(&@$, &ethertype_type,
- BYTEORDER_HOST_ENDIAN,
- sizeof(data) * BITS_PER_BYTE, &data);
+ $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE,
+ current_scope(state),
+ "vlan");
}
;
@@ -1472,14 +1578,13 @@ vlan_hdr_field : ID { $$ = VLANHDR_VID; }
arp_hdr_expr : ARP arp_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_arp, $2);
+ $$ = payload_expr_alloc(&@$, &proto_arp, $2);
}
| ARP
{
- uint16_t data = ETH_P_ARP;
- $$ = constant_expr_alloc(&@$, &ethertype_type,
- BYTEORDER_HOST_ENDIAN,
- sizeof(data) * BITS_PER_BYTE, &data);
+ $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE,
+ current_scope(state),
+ "arp");
}
;
@@ -1492,14 +1597,13 @@ arp_hdr_field : HTYPE { $$ = ARPHDR_HRD; }
ip_hdr_expr : IP ip_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_ip, $2);
+ $$ = payload_expr_alloc(&@$, &proto_ip, $2);
}
| IP
{
- uint16_t data = ETH_P_IP;
- $$ = constant_expr_alloc(&@$, &ethertype_type,
- BYTEORDER_HOST_ENDIAN,
- sizeof(data) * BITS_PER_BYTE, &data);
+ $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE,
+ current_scope(state),
+ "ip");
}
;
@@ -1518,7 +1622,7 @@ ip_hdr_field : VERSION { $$ = IPHDR_VERSION; }
icmp_hdr_expr : ICMP icmp_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_icmp, $2);
+ $$ = payload_expr_alloc(&@$, &proto_icmp, $2);
}
| ICMP
{
@@ -1540,14 +1644,13 @@ icmp_hdr_field : TYPE { $$ = ICMPHDR_TYPE; }
ip6_hdr_expr : IP6 ip6_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_ip6, $2);
+ $$ = payload_expr_alloc(&@$, &proto_ip6, $2);
}
| IP6
{
- uint16_t data = ETH_P_IPV6;
- $$ = constant_expr_alloc(&@$, &ethertype_type,
- BYTEORDER_HOST_ENDIAN,
- sizeof(data) * BITS_PER_BYTE, &data);
+ $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE,
+ current_scope(state),
+ "ip6");
}
;
@@ -1562,7 +1665,7 @@ ip6_hdr_field : VERSION { $$ = IP6HDR_VERSION; }
;
icmp6_hdr_expr : ICMP6 icmp6_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_icmp6, $2);
+ $$ = payload_expr_alloc(&@$, &proto_icmp6, $2);
}
| ICMP6
{
@@ -1585,7 +1688,7 @@ icmp6_hdr_field : TYPE { $$ = ICMP6HDR_TYPE; }
auth_hdr_expr : AH auth_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_ah, $2);
+ $$ = payload_expr_alloc(&@$, &proto_ah, $2);
}
| AH
{
@@ -1605,7 +1708,7 @@ auth_hdr_field : NEXTHDR { $$ = AHHDR_NEXTHDR; }
esp_hdr_expr : ESP esp_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_esp, $2);
+ $$ = payload_expr_alloc(&@$, &proto_esp, $2);
}
| ESP
{
@@ -1622,7 +1725,7 @@ esp_hdr_field : SPI { $$ = ESPHDR_SPI; }
comp_hdr_expr : COMP comp_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_comp, $2);
+ $$ = payload_expr_alloc(&@$, &proto_comp, $2);
}
| COMP
{
@@ -1640,7 +1743,7 @@ comp_hdr_field : NEXTHDR { $$ = COMPHDR_NEXTHDR; }
udp_hdr_expr : UDP udp_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_udp, $2);
+ $$ = payload_expr_alloc(&@$, &proto_udp, $2);
}
| UDP
{
@@ -1659,7 +1762,7 @@ udp_hdr_field : SPORT { $$ = UDPHDR_SPORT; }
udplite_hdr_expr : UDPLITE udplite_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_udplite, $2);
+ $$ = payload_expr_alloc(&@$, &proto_udplite, $2);
}
| UDPLITE
{
@@ -1678,7 +1781,7 @@ udplite_hdr_field : SPORT { $$ = UDPHDR_SPORT; }
tcp_hdr_expr : TCP tcp_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_tcp, $2);
+ $$ = payload_expr_alloc(&@$, &proto_tcp, $2);
}
| TCP
{
@@ -1703,7 +1806,7 @@ tcp_hdr_field : SPORT { $$ = TCPHDR_SPORT; }
dccp_hdr_expr : DCCP dccp_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_dccp, $2);
+ $$ = payload_expr_alloc(&@$, &proto_dccp, $2);
}
| DCCP
{
@@ -1721,7 +1824,7 @@ dccp_hdr_field : SPORT { $$ = DCCPHDR_SPORT; }
sctp_hdr_expr : SCTP sctp_hdr_field
{
- $$ = payload_expr_alloc(&@$, &payload_sctp, $2);
+ $$ = payload_expr_alloc(&@$, &proto_sctp, $2);
}
| SCTP
{
@@ -1827,4 +1930,7 @@ mh_hdr_field : NEXTHDR { $$ = MHHDR_NEXTHDR; }
| CHECKSUM { $$ = MHHDR_CHECKSUM; }
;
+export_format : XML { $$ = NFT_OUTPUT_XML; }
+ | JSON { $$ = NFT_OUTPUT_JSON; }
+ ;
%%