diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-03 22:52:35 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-04 00:22:50 +0100 |
| commit | 3b20f47277c0cb4ea07ad30f94496c9f383035e7 (patch) | |
| tree | c5b0b1fc569dd64cd3fdcedaecfacf22b0abe6dd /include | |
| parent | 8162d2b96718041dadc52ab127db9d91a2c223cc (diff) | |
src: add variable expression and use it to allow redefinitions
Add new variable expression that we can use to attach symbols in
runtime, this allows us to redefine variables via new keyword, eg.
table ip x {
chain y {
define address = { 1.1.1.1, 2.2.2.2 }
ip saddr $address
redefine address = { 3.3.3.3 }
ip saddr $address
}
}
# nft list ruleset
table ip x {
chain y {
ip saddr { 1.1.1.1, 2.2.2.2 }
ip saddr { 3.3.3.3 }
}
}
Note that redefinition just places a new symbol version before the
existing one, so symbol lookups always find the latest version. The
undefine keyword decrements the reference counter and removes the symbol
from the list, so it cannot be used anymore. Still, previous references
to this symbol via variable expression are still valid.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/expression.h | 10 | ||||
| -rw-r--r-- | include/rule.h | 5 |
2 files changed, 13 insertions, 2 deletions
diff --git a/include/expression.h b/include/expression.h index 26182120..7b9b6229 100644 --- a/include/expression.h +++ b/include/expression.h @@ -16,6 +16,7 @@ * @EXPR_INVALID: uninitialized type, should not happen * @EXPR_VERDICT: nftables verdict expression * @EXPR_SYMBOL: unparsed symbol + * @EXPR_VARIABLE: variable * @EXPR_VALUE: literal numeric or string expression * @EXPR_PREFIX: prefixed expression * @EXPR_RANGE: literal range @@ -41,6 +42,7 @@ enum expr_types { EXPR_INVALID, EXPR_VERDICT, EXPR_SYMBOL, + EXPR_VARIABLE, EXPR_VALUE, EXPR_PREFIX, EXPR_RANGE, @@ -97,7 +99,6 @@ extern const char *expr_op_symbols[]; enum symbol_types { SYMBOL_VALUE, - SYMBOL_DEFINE, SYMBOL_SET, }; @@ -226,6 +227,10 @@ struct expr { enum symbol_types symtype; }; struct { + /* EXPR_VARIABLE */ + struct symbol *sym; + }; + struct { /* EXPR_VERDICT */ int verdict; const char *chain; @@ -387,6 +392,9 @@ static inline void symbol_expr_set_type(struct expr *expr, expr->dtype = dtype; } +struct expr *variable_expr_alloc(const struct location *loc, + struct scope *scope, struct symbol *sym); + extern struct expr *constant_expr_alloc(const struct location *loc, const struct datatype *dtype, enum byteorder byteorder, diff --git a/include/rule.h b/include/rule.h index 531222ce..58c4aeef 100644 --- a/include/rule.h +++ b/include/rule.h @@ -73,18 +73,21 @@ extern void scope_release(const struct scope *scope); * @list: scope symbol list node * @identifier: identifier * @expr: initializer + * @refcnt: reference counter */ struct symbol { struct list_head list; const char *identifier; struct expr *expr; + int refcnt; }; extern void symbol_bind(struct scope *scope, const char *identifier, struct expr *expr); -extern int symbol_unbind(struct scope *scope, const char *identifier); +extern int symbol_unbind(const struct scope *scope, const char *identifier); extern struct symbol *symbol_lookup(const struct scope *scope, const char *identifier); +struct symbol *symbol_get(const struct scope *scope, const char *identifier); enum table_flags { TABLE_F_DORMANT = (1 << 0), |