From 24a912eea21f9d18909c53a865cf623839616281 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 24 Nov 2017 13:58:57 +0100 Subject: parser_bison: dismiss anonymous meters The former 'flow table' syntax allows flow tables with no name: # nft add rule x y flow { ip saddr counter } However, when listing, it leaks the name that it is autoallocating. # nft list ruleset table ip x { chain y { flow table __mt0 { ip saddr counter} } } Which is odd since then restoring will use such a name. Remove anonymous flow table/meters, so everyone needs to specify a name. There is no way to fix this, given anonymous flag tells us that the set behind this meter is bound to a rule, hence, released once the rule is going - the term "anonymous" was not good choice as a flag in first place. Only possibility is to strcmp for __ft to identify this is a nameless meter, which is a hack. Moreover, having no name means you cannot flush the set behind this meter, which criples this feature for no reason. On top of it, the wiki only documents named meters, and we have a record of users complaining on this behaviour. Signed-off-by: Pablo Neira Ayuso Acked-by: Florian Westphal --- src/parser_bison.y | 7 ------- 1 file changed, 7 deletions(-) (limited to 'src/parser_bison.y') diff --git a/src/parser_bison.y b/src/parser_bison.y index 6610b9dc..d2673173 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2489,13 +2489,6 @@ meter_stmt : meter_stmt_alloc meter_stmt_opts '{' meter_key_expr stmt '}' $$->location = @$; $$ = $1; } - | meter_stmt_alloc '{' meter_key_expr stmt '}' - { - $1->meter.key = $3; - $1->meter.stmt = $4; - $$->location = @$; - $$ = $1; - } ; meter_stmt_alloc : FLOW -- cgit v1.2.3