From 7ed4f4072372c65462b20b69b659a3790bf57f54 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 12 Jul 2016 16:41:59 +0200 Subject: parser_bison: restore parsing of dynamic set element updates Add a new set_elem_expr_stmt production to handle dynamic set element updates from rules. Quickly tested this here through: # nft add table filter # nft add chain filter input { type filter hook input priority 0\; } # nft add set filter myset { type inet_service\; flags timeout\; } # nft add rule filter input set add tcp sport timeout 60s @myset # nft list ruleset table ip filter { set myset { type inet_service flags timeout elements = { http expires 9s} } chain input { type filter hook input priority 0; policy accept; set add tcp dport timeout 1m @myset } } Fixes: a3e60492a684 ("parser: restrict relational rhs expression recursion") Reported-by: Anders K. Pedersen Signed-off-by: Pablo Neira Ayuso --- src/parser_bison.y | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/parser_bison.y b/src/parser_bison.y index d7cba238..d946e0e0 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -523,6 +523,8 @@ static void location_update(struct location *loc, struct location *rhs, int n) %destructor { expr_free($$); } set_expr set_list_expr set_list_member_expr %type set_elem_expr set_elem_expr_alloc set_lhs_expr set_rhs_expr %destructor { expr_free($$); } set_elem_expr set_elem_expr_alloc set_lhs_expr set_rhs_expr +%type set_elem_expr_stmt set_elem_expr_stmt_alloc +%destructor { expr_free($$); } set_elem_expr_stmt set_elem_expr_stmt_alloc %type flow_key_expr flow_key_expr_alloc %destructor { expr_free($$); } flow_key_expr flow_key_expr_alloc @@ -1781,7 +1783,17 @@ queue_stmt_flag : BYPASS { $$ = NFT_QUEUE_FLAG_BYPASS; } | FANOUT { $$ = NFT_QUEUE_FLAG_CPU_FANOUT; } ; -set_stmt : SET set_stmt_op set_elem_expr symbol_expr +set_elem_expr_stmt : set_elem_expr_stmt_alloc + | set_elem_expr_stmt_alloc set_elem_options + ; + +set_elem_expr_stmt_alloc: concat_expr + { + $$ = set_elem_expr_alloc(&@1, $1); + } + ; + +set_stmt : SET set_stmt_op set_elem_expr_stmt symbol_expr { $$ = set_stmt_alloc(&@$); $$->set.op = $2; -- cgit v1.2.3