parser_bison: allow to use quota in sets

src: support for restoring element quota This patch allows you to restore quota in dynamic sets. table ip x { set y { type ipv4_addr size 65535 flags dynamic,timeout counter quota 500 bytes timeout 1h elements = { 8.8.8.8 counter packets 9 bytes 756 quota 500 bytes used 500 bytes timeout 1h expires 56m57s47ms } } chain z { type filter hook output priority filter; policy accept; update @y { ip daddr } counter packets 6 bytes 507 } } Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2023-03-01 11:12:20 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2023-03-01 11:32:24 +0100
commit: 9cb501168a623b54668672bb1355dde4050a6093 (patch)
tree: b04a67eac72191dd9f4f3f3bbeb6f5c4d96ca786
parent: 2b41e3c411f5367ee4da5153147c2586e71dfa9d (diff)
3 files changed, 69 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y
index b950afce..b1b67623 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -4552,6 +4552,22 @@ set_elem_stmt		:	COUNTER	close_scope_counter
 				$$->connlimit.count = $4;
 				$$->connlimit.flags = NFT_CONNLIMIT_F_INV;
 			}
+			|	QUOTA	quota_mode NUM quota_unit quota_used	close_scope_quota
+			{
+				struct error_record *erec;
+				uint64_t rate;
+
+				erec = data_unit_parse(&@$, $4, &rate);
+				xfree($4);
+				if (erec != NULL) {
+					erec_queue(erec, state->msgs);
+					YYERROR;
+				}
+				$$ = quota_stmt_alloc(&@$);
+				$$->quota.bytes	= $3 * rate;
+				$$->quota.used = $5;
+				$$->quota.flags	= $2;
+			}
 			|	LAST USED	NEVER	close_scope_last
 			{
 				$$ = last_stmt_alloc(&@$);
diff --git a/tests/shell/testcases/sets/0060set_multistmt_1 b/tests/shell/testcases/sets/0060set_multistmt_1
new file mode 100755
index 00000000..1652668a
--- /dev/null
+++ b/tests/shell/testcases/sets/0060set_multistmt_1
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+RULESET="table x {
+	set y {
+		type ipv4_addr
+		size 65535
+		flags dynamic
+		counter quota 500 bytes
+		elements = { 1.2.3.4 counter packets 9 bytes 756 quota 500 bytes used 500 bytes }
+	}
+	chain y {
+		type filter hook output priority filter; policy accept;
+		update @y { ip daddr }
+	}
+}"
+
+$NFT -f - <<< $RULESET
+# should work
+if [ $? -ne 0 ]
+then
+	exit 1
+fi
+
+# should work
+$NFT add element x y { 1.1.1.1 }
+if [ $? -ne 0 ]
+then
+	exit 1
+fi
+
+# should work
+$NFT add element x y { 2.2.2.2 counter quota 1000 bytes }
+if [ $? -ne 0 ]
+then
+	exit 1
+fi
+
+exit 0
diff --git a/tests/shell/testcases/sets/dumps/0060set_multistmt_1.nft b/tests/shell/testcases/sets/dumps/0060set_multistmt_1.nft
new file mode 100644
index 00000000..ac1bd26b
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0060set_multistmt_1.nft
@@ -0,0 +1,15 @@
+table ip x {
+	set y {
+		type ipv4_addr
+		size 65535
+		flags dynamic
+		counter quota 500 bytes
+		elements = { 1.1.1.1 counter packets 0 bytes 0 quota 500 bytes, 1.2.3.4 counter packets 9 bytes 756 quota 500 bytes used 500 bytes,
+			     2.2.2.2 counter packets 0 bytes 0 quota 1000 bytes }
+	}
+
+	chain y {
+		type filter hook output priority filter; policy accept;
+		update @y { ip daddr }
+	}
+}
author	Pablo Neira Ayuso <pablo@netfilter.org>	2023-03-01 11:12:20 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2023-03-01 11:32:24 +0100
commit	9cb501168a623b54668672bb1355dde4050a6093 (patch)
tree	b04a67eac72191dd9f4f3f3bbeb6f5c4d96ca786
parent	2b41e3c411f5367ee4da5153147c2586e71dfa9d (diff)