From 48587aa855a5173b4b1e94290af885000dbd679e Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sat, 11 Apr 2015 15:41:32 +0100 Subject: parser: add a time_spec rule Signed-off-by: Patrick McHardy --- src/parser_bison.y | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'src/parser_bison.y') diff --git a/src/parser_bison.y b/src/parser_bison.y index b86381d9..cd4e096a 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -396,6 +396,8 @@ static void location_update(struct location *loc, struct location *rhs, int n) %type identifier string comment_spec %destructor { xfree($$); } identifier string comment_spec +%type time_spec + %type type_identifier %type data_type @@ -1093,6 +1095,20 @@ string : STRING | QUOTED_STRING ; +time_spec : STRING + { + struct error_record *erec; + uint64_t res; + + erec = time_parse(&@1, $1, &res); + if (erec != NULL) { + erec_queue(erec, state->msgs); + YYERROR; + } + $$ = res; + } + ; + family_spec : /* empty */ { $$ = NFPROTO_IPV4; } | family_spec_explicit ; -- cgit v1.2.3 From 6aa18b5216a34a2cd29ad4a1997c37f705f76247 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sun, 12 Apr 2015 10:41:56 +0100 Subject: parser: fix inconsistencies in set expression rules Set keys are currently defined as a regular expr for pure sets and map_lhs_expr for maps. map_lhs_expr is what can actually be used for a single member, namely a concat_expr or a multiton_expr. The reason why pure sets use expr for the key is to allow recursive set specifications, which doesn't make sense for maps since every element needs a mapping. However, the rule is too wide and also allows map expressions as a key, which obviously doesn't make sense. Rearrange the rules so we have: set_lhs_expr: concat or multiton set_rhs_expr: concat or verdict and special case the recursive set specifications, as they deserve. Besides making it a lot easier to understand what is actually supported, this will be used by the following patch to support timeouts and comments for keys in a uniform way. Signed-off-by: Patrick McHardy --- src/parser_bison.y | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) (limited to 'src/parser_bison.y') diff --git a/src/parser_bison.y b/src/parser_bison.y index cd4e096a..c934533d 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -470,8 +470,8 @@ static void location_update(struct location *loc, struct location *rhs, int n) %destructor { expr_free($$); } prefix_expr range_expr wildcard_expr %type list_expr %destructor { expr_free($$); } list_expr -%type concat_expr map_lhs_expr -%destructor { expr_free($$); } concat_expr map_lhs_expr +%type concat_expr +%destructor { expr_free($$); } concat_expr %type map_expr %destructor { expr_free($$); } map_expr @@ -484,6 +484,8 @@ static void location_update(struct location *loc, struct location *rhs, int n) %type set_expr set_list_expr set_list_member_expr %destructor { expr_free($$); } set_expr set_list_expr set_list_member_expr +%type set_lhs_expr set_rhs_expr +%destructor { expr_free($$); } set_lhs_expr set_rhs_expr %type expr initializer_expr %destructor { expr_free($$); } expr initializer_expr @@ -1297,13 +1299,12 @@ verdict_map_list_expr : verdict_map_list_member_expr | verdict_map_list_expr COMMA opt_newline ; -verdict_map_list_member_expr: opt_newline map_lhs_expr COLON verdict_expr opt_newline +verdict_map_list_member_expr: opt_newline set_lhs_expr COLON verdict_expr opt_newline { $$ = mapping_expr_alloc(&@$, $2, $4); } ; - counter_stmt : counter_stmt_alloc | counter_stmt_alloc counter_args @@ -1718,10 +1719,6 @@ multiton_expr : prefix_expr | wildcard_expr ; -map_lhs_expr : multiton_expr - | concat_expr - ; - map_expr : concat_expr MAP expr { $$ = map_expr_alloc(&@$, $1, $3); @@ -1729,9 +1726,9 @@ map_expr : concat_expr MAP expr ; expr : concat_expr + | multiton_expr | set_expr | map_expr - | multiton_expr ; set_expr : '{' set_list_expr '}' @@ -1754,20 +1751,28 @@ set_list_expr : set_list_member_expr | set_list_expr COMMA opt_newline ; -set_list_member_expr : opt_newline expr opt_newline +set_list_member_expr : opt_newline set_expr opt_newline { $$ = $2; } - | opt_newline map_lhs_expr COLON concat_expr opt_newline + | opt_newline set_lhs_expr opt_newline { - $$ = mapping_expr_alloc(&@$, $2, $4); + $$ = $2; } - | opt_newline map_lhs_expr COLON verdict_expr opt_newline + | opt_newline set_lhs_expr COLON set_rhs_expr opt_newline { $$ = mapping_expr_alloc(&@$, $2, $4); } ; +set_lhs_expr : concat_expr + | multiton_expr + ; + +set_rhs_expr : concat_expr + | verdict_expr + ; + initializer_expr : expr | list_expr ; -- cgit v1.2.3 From 52532335290457cc449564b7e011f73bef3a83e2 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sat, 11 Apr 2015 17:02:13 +0100 Subject: expr: add set_elem_expr as container for set element attributes Add a new expression type "set_elem_expr" that is used as container for the key in order to attach different attributes, such as timeout values, to the key. The expression hierarchy is as follows: Sets: elem | key Maps: mapping / \ elem data | key Signed-off-by: Patrick McHardy --- src/parser_bison.y | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'src/parser_bison.y') diff --git a/src/parser_bison.y b/src/parser_bison.y index c934533d..9fbc590c 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -484,8 +484,8 @@ static void location_update(struct location *loc, struct location *rhs, int n) %type set_expr set_list_expr set_list_member_expr %destructor { expr_free($$); } set_expr set_list_expr set_list_member_expr -%type set_lhs_expr set_rhs_expr -%destructor { expr_free($$); } set_lhs_expr set_rhs_expr +%type set_elem_expr set_elem_expr_alloc set_lhs_expr set_rhs_expr +%destructor { expr_free($$); } set_elem_expr set_elem_expr_alloc set_lhs_expr set_rhs_expr %type expr initializer_expr %destructor { expr_free($$); } expr initializer_expr @@ -1299,7 +1299,7 @@ verdict_map_list_expr : verdict_map_list_member_expr | verdict_map_list_expr COMMA opt_newline ; -verdict_map_list_member_expr: opt_newline set_lhs_expr COLON verdict_expr opt_newline +verdict_map_list_member_expr: opt_newline set_elem_expr COLON verdict_expr opt_newline { $$ = mapping_expr_alloc(&@$, $2, $4); } @@ -1755,16 +1755,25 @@ set_list_member_expr : opt_newline set_expr opt_newline { $$ = $2; } - | opt_newline set_lhs_expr opt_newline + | opt_newline set_elem_expr opt_newline { $$ = $2; } - | opt_newline set_lhs_expr COLON set_rhs_expr opt_newline + | opt_newline set_elem_expr COLON set_rhs_expr opt_newline { $$ = mapping_expr_alloc(&@$, $2, $4); } ; +set_elem_expr : set_elem_expr_alloc + ; + +set_elem_expr_alloc : set_lhs_expr + { + $$ = set_elem_expr_alloc(&@1, $1); + } + ; + set_lhs_expr : concat_expr | multiton_expr ; -- cgit v1.2.3 From 38a077f7af8a2151b565e3cb324901b48afd299e Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 23 Mar 2015 21:34:57 +0000 Subject: set: add timeout support for sets Timeout support can be enabled in one of two ways: 1. Using a default timeout value: set test { type ipv4_addr; timeout 1h; } 2. Using the timeout flag without a default: set test { type ipv4_addr; flags timeout; } Optionally a garbage collection interval can be specified using gc-interval ; Signed-off-by: Patrick McHardy --- src/parser_bison.y | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'src/parser_bison.y') diff --git a/src/parser_bison.y b/src/parser_bison.y index 9fbc590c..80831878 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -201,6 +201,8 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token CONSTANT "constant" %token INTERVAL "interval" +%token TIMEOUT "timeout" +%token GC_INTERVAL "gc-interval" %token ELEMENTS "elements" %token POLICY "policy" @@ -944,6 +946,16 @@ set_block : /* empty */ { $$ = $-1; } $1->flags = $3; $$ = $1; } + | set_block TIMEOUT time_spec stmt_seperator + { + $1->timeout = $3 * 1000; + $$ = $1; + } + | set_block GC_INTERVAL time_spec stmt_seperator + { + $1->gc_int = $3 * 1000; + $$ = $1; + } | set_block ELEMENTS '=' set_expr { $1->init = $4; @@ -961,6 +973,7 @@ set_flag_list : set_flag_list COMMA set_flag set_flag : CONSTANT { $$ = SET_F_CONSTANT; } | INTERVAL { $$ = SET_F_INTERVAL; } + | TIMEOUT { $$ = SET_F_TIMEOUT; } ; map_block_alloc : /* empty */ -- cgit v1.2.3 From 7b5248972d9f2122c7b3683ca205d3165e7a9255 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 19 Mar 2015 13:34:18 +0000 Subject: setelem: add timeout support for set elements Support specifying per element timeout values and displaying the expiration time. If an element should not use the default timeout value of the set, an element specific value can be specified as follows: # nft add element filter test { 192.168.0.1, 192.168.0.2 timeout 10m} For listing of elements that use the default timeout value, just the expiration time is shown, otherwise the element specific timeout value is also displayed: set test { type ipv4_addr timeout 1h elements = { 192.168.0.2 timeout 10m expires 9m59s, 192.168.0.1 expires 59m59s} } Signed-off-by: Patrick McHardy --- src/parser_bison.y | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'src/parser_bison.y') diff --git a/src/parser_bison.y b/src/parser_bison.y index 80831878..736704a5 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1779,6 +1779,7 @@ set_list_member_expr : opt_newline set_expr opt_newline ; set_elem_expr : set_elem_expr_alloc + | set_elem_expr_alloc set_elem_options ; set_elem_expr_alloc : set_lhs_expr @@ -1787,6 +1788,19 @@ set_elem_expr_alloc : set_lhs_expr } ; +set_elem_options : set_elem_option + { + $$ = $0; + } + | set_elem_options set_elem_option + ; + +set_elem_option : TIMEOUT time_spec + { + $0->timeout = $2 * 1000; + } + ; + set_lhs_expr : concat_expr | multiton_expr ; -- cgit v1.2.3 From 35960e1e19bfe9135e33f13615d7d403d129192b Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Fri, 20 Mar 2015 06:30:29 +0000 Subject: setelem: add support for attaching comments to set elements Syntax: # nft add element filter test { 192.168.0.1 comment "some host" } Signed-off-by: Patrick McHardy --- src/parser_bison.y | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/parser_bison.y') diff --git a/src/parser_bison.y b/src/parser_bison.y index 736704a5..0f2d71a3 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1799,6 +1799,10 @@ set_elem_option : TIMEOUT time_spec { $0->timeout = $2 * 1000; } + | COMMENT string + { + $0->comment = $2; + } ; set_lhs_expr : concat_expr -- cgit v1.2.3 From a9467e55973b10c2e8fe37525514c961580f8506 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 19 Mar 2015 13:34:18 +0000 Subject: nftables: add set statemet The set statement is used to dynamically add or update elements in a set. Syntax: # nft filter input set add tcp dport @myset # nft filter input set add ip saddr timeout 10s @myset # nft filter input set update ip saddr timeout 10s @myset Signed-off-by: Patrick McHardy --- src/parser_bison.y | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'src/parser_bison.y') diff --git a/src/parser_bison.y b/src/parser_bison.y index 0f2d71a3..eac3fcbe 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -181,6 +181,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token INET "inet" %token ADD "add" +%token UPDATE "update" %token CREATE "create" %token INSERT "insert" %token DELETE "delete" @@ -456,6 +457,9 @@ static void location_update(struct location *loc, struct location *rhs, int n) %type queue_stmt queue_stmt_alloc %destructor { stmt_free($$); } queue_stmt queue_stmt_alloc %type queue_stmt_flags queue_stmt_flag +%type set_stmt +%destructor { stmt_free($$); } set_stmt +%type set_stmt_op %type symbol_expr verdict_expr integer_expr %destructor { expr_free($$); } symbol_expr verdict_expr integer_expr @@ -1267,6 +1271,7 @@ stmt : verdict_stmt | ct_stmt | masq_stmt | redir_stmt + | set_stmt ; verdict_stmt : verdict_expr @@ -1579,6 +1584,19 @@ queue_stmt_flag : BYPASS { $$ = NFT_QUEUE_FLAG_BYPASS; } | FANOUT { $$ = NFT_QUEUE_FLAG_CPU_FANOUT; } ; +set_stmt : SET set_stmt_op set_elem_expr symbol_expr + { + $$ = set_stmt_alloc(&@$); + $$->set.op = $2; + $$->set.key = $3; + $$->set.set = $4; + } + ; + +set_stmt_op : ADD { $$ = NFT_DYNSET_OP_ADD; } + | UPDATE { $$ = NFT_DYNSET_OP_UPDATE; } + ; + match_stmt : relational_expr { $$ = expr_stmt_alloc(&@$, $1); -- cgit v1.2.3