diff options
| author | Phil Sutter <phil@nwl.cc> | 2019-10-30 21:45:39 +0100 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2019-11-07 12:46:16 +0100 |
| commit | 332325e3c3fab4c25bb5f387f9663205f63748dc (patch) | |
| tree | b9e616a69a3b87829c4f6531a6677119d9af6275 /include | |
| parent | 856c78d4fdc73ac746ef1473f08d78cf2ebcbc4c (diff) | |
libnftables: Store top_scope in struct nft_ctx
Allow for interactive sessions to make use of defines. Since parser is
initialized for each line, top scope defines didn't persist although
they are actually useful for stuff like:
| # nft -i
| define goodports = { 22, 23, 80, 443 }
| add rule inet t c tcp dport $goodports accept
| add rule inet t c tcp sport $goodports accept
While being at it, introduce scope_alloc() and scope_free().
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/nftables.h | 2 | ||||
| -rw-r--r-- | include/parser.h | 4 | ||||
| -rw-r--r-- | include/rule.h | 2 |
3 files changed, 6 insertions, 2 deletions
diff --git a/include/nftables.h b/include/nftables.h index 21553c6b..90d33196 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -104,6 +104,7 @@ struct nft_cache { struct mnl_socket; struct parser_state; +struct scope; #define MAX_INCLUDE_DEPTH 16 @@ -119,6 +120,7 @@ struct nft_ctx { uint32_t flags; struct parser_state *state; void *scanner; + struct scope *top_scope; void *json_root; FILE *f[MAX_INCLUDE_DEPTH]; }; diff --git a/include/parser.h b/include/parser.h index 39a75212..949284d9 100644 --- a/include/parser.h +++ b/include/parser.h @@ -22,7 +22,6 @@ struct parser_state { struct list_head *msgs; unsigned int nerrs; - struct scope top_scope; struct scope *scopes[SCOPE_NEST_MAX]; unsigned int scope; @@ -32,7 +31,8 @@ struct parser_state { struct mnl_socket; extern void parser_init(struct nft_ctx *nft, struct parser_state *state, - struct list_head *msgs, struct list_head *cmds); + struct list_head *msgs, struct list_head *cmds, + struct scope *top_scope); extern int nft_parse(struct nft_ctx *ctx, void *, struct parser_state *state); extern void *scanner_init(struct parser_state *state); diff --git a/include/rule.h b/include/rule.h index 48b5ba50..0b2eba37 100644 --- a/include/rule.h +++ b/include/rule.h @@ -97,8 +97,10 @@ struct scope { struct list_head symbols; }; +extern struct scope *scope_alloc(void); extern struct scope *scope_init(struct scope *scope, const struct scope *parent); extern void scope_release(const struct scope *scope); +extern void scope_free(struct scope *scope); /** * struct symbol |