diff options
author | Shyam Saini <mayhs11saini@gmail.com> | 2017-12-05 19:37:34 +0530 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-01-17 13:46:30 +0100 |
commit | 2fa54d8a49352bda44d3e25d1d7ba3531faf3303 (patch) | |
tree | 55182570ad839f401ed4e4e3c39a28884652cd80 /src/parser_bison.y | |
parent | 9afd72a883e391e366a1d75bb4e1705357e078e9 (diff) |
src: Add import command for low level json
This new operation allows to import low level virtual machine ruleset in
json to make incremental changes using the parse functions of libnftnl.
A basic way to test this new functionality is:
$ cat file.json | nft import vm json
where the file.json is a ruleset exported in low level json format.
To export json rules in low level virtual machine format
we need to specify "vm" token before json. See below
$ nft export vm json
and
$ nft export/import json
will do no operations.
Same goes with "$nft monitor"
Highly based on work from Alvaro Neira <alvaroneay@gmail.com>
and Arturo Borrero <arturo@netfilter.org>
Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Shyam Saini <mayhs11saini@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser_bison.y')
-rw-r--r-- | src/parser_bison.y | 44 |
1 files changed, 32 insertions, 12 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 6e85a628..009b801f 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -218,6 +218,7 @@ int nft_lex(void *, void *, void *); %token FLUSH "flush" %token RENAME "rename" %token DESCRIBE "describe" +%token IMPORT "import" %token EXPORT "export" %token MONITOR "monitor" @@ -473,6 +474,7 @@ int nft_lex(void *, void *, void *); %token XML "xml" %token JSON "json" +%token VM "vm" %token NOTRACK "notrack" @@ -492,8 +494,8 @@ int nft_lex(void *, void *, void *); %type <cmd> line %destructor { cmd_free($$); } line -%type <cmd> base_cmd add_cmd replace_cmd create_cmd insert_cmd delete_cmd list_cmd reset_cmd flush_cmd rename_cmd export_cmd monitor_cmd describe_cmd -%destructor { cmd_free($$); } base_cmd add_cmd replace_cmd create_cmd insert_cmd delete_cmd list_cmd reset_cmd flush_cmd rename_cmd export_cmd monitor_cmd describe_cmd +%type <cmd> base_cmd add_cmd replace_cmd create_cmd insert_cmd delete_cmd list_cmd reset_cmd flush_cmd rename_cmd export_cmd monitor_cmd describe_cmd import_cmd +%destructor { cmd_free($$); } base_cmd add_cmd replace_cmd create_cmd insert_cmd delete_cmd list_cmd reset_cmd flush_cmd rename_cmd export_cmd monitor_cmd describe_cmd import_cmd %type <handle> table_spec chain_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec %destructor { handle_free(&$$); } table_spec chain_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec @@ -681,7 +683,7 @@ int nft_lex(void *, void *, void *); %destructor { expr_free($$); } fib_expr %type <val> fib_tuple fib_result fib_flag -%type <val> export_format +%type <val> markup_format %type <string> monitor_event %destructor { xfree($$); } monitor_event %type <val> monitor_object monitor_format @@ -812,6 +814,7 @@ base_cmd : /* empty */ add_cmd { $$ = $1; } | RESET reset_cmd { $$ = $2; } | FLUSH flush_cmd { $$ = $2; } | RENAME rename_cmd { $$ = $2; } + | IMPORT import_cmd { $$ = $2; } | EXPORT export_cmd { $$ = $2; } | MONITOR monitor_cmd { $$ = $2; } | DESCRIBE describe_cmd { $$ = $2; } @@ -1181,18 +1184,34 @@ rename_cmd : CHAIN chain_spec identifier } ; -export_cmd : RULESET export_format +import_cmd : RULESET markup_format { struct handle h = { .family = NFPROTO_UNSPEC }; - struct export *export = export_alloc($2); - $$ = cmd_alloc(CMD_EXPORT, CMD_OBJ_EXPORT, &h, &@$, export); + struct markup *markup = markup_alloc($2); + $$ = cmd_alloc(CMD_IMPORT, CMD_OBJ_MARKUP, &h, &@$, markup); } - | export_format + | markup_format { struct handle h = { .family = NFPROTO_UNSPEC }; - struct export *export = export_alloc($1); - $$ = cmd_alloc(CMD_EXPORT, CMD_OBJ_EXPORT, &h, &@$, export); + struct markup *markup = markup_alloc($1); + $$ = cmd_alloc(CMD_IMPORT, CMD_OBJ_MARKUP, &h, &@$, markup); } + | JSON { $$ = NULL; } + ; + +export_cmd : RULESET markup_format + { + struct handle h = { .family = NFPROTO_UNSPEC }; + struct markup *markup = markup_alloc($2); + $$ = cmd_alloc(CMD_EXPORT, CMD_OBJ_MARKUP, &h, &@$, markup); + } + | markup_format + { + struct handle h = { .family = NFPROTO_UNSPEC }; + struct markup *markup = markup_alloc($1); + $$ = cmd_alloc(CMD_EXPORT, CMD_OBJ_MARKUP, &h, &@$, markup); + } + | JSON { $$ = NULL; } ; monitor_cmd : monitor_event monitor_object monitor_format @@ -1219,11 +1238,12 @@ monitor_object : /* empty */ { $$ = CMD_MONITOR_OBJ_ANY; } ; monitor_format : /* empty */ { $$ = NFTNL_OUTPUT_DEFAULT; } - | export_format + | markup_format + | JSON { $$ = NFTNL_OUTPUT_JSON; } ; -export_format : XML { $$ = NFTNL_OUTPUT_XML; } - | JSON { $$ = NFTNL_OUTPUT_JSON; } +markup_format : XML { $$ = NFTNL_OUTPUT_XML; } + | VM JSON { $$ = NFTNL_OUTPUT_JSON; } ; describe_cmd : primary_expr |