diff options
| author | Florian Westphal <fw@strlen.de> | 2017-02-21 18:11:31 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2017-03-16 10:09:42 +0100 |
| commit | 5ca4eb30d62e0ab2768d64de5c70931292213338 (patch) | |
| tree | a54d95ecbb4de9deeeee83f1353421ef690f135e /src/parser_bison.y | |
| parent | f2af2b2ad1c4dd68bd5bbf3c763f0f1513281c0c (diff) | |
src: add initial ct helper support
This adds initial support for defining conntrack helper objects
which can then be assigned to connections using the objref infrastructure:
table ip filter {
ct helper ftp-standard {
type "ftp" protocol tcp
}
chain y {
tcp dport 21 ct helper set "ftp-standard"
}
}
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser_bison.y')
| -rw-r--r-- | src/parser_bison.y | 74 |
1 files changed, 72 insertions, 2 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 12a6e646..2cf732ce 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -136,6 +136,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) struct obj *obj; struct counter *counter; struct quota *quota; + struct ct *ct; const struct datatype *datatype; struct handle_spec handle_spec; struct position_spec position_spec; @@ -494,7 +495,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %type <set> map_block_alloc map_block %destructor { set_free($$); } map_block_alloc -%type <obj> obj_block_alloc counter_block quota_block +%type <obj> obj_block_alloc counter_block quota_block ct_block %destructor { obj_free($$); } obj_block_alloc %type <list> stmt_list @@ -665,6 +666,10 @@ static void location_update(struct location *loc, struct location *rhs, int n) %destructor { expr_free($$); } exthdr_exists_expr %type <val> exthdr_key +%type <val> ct_l4protoname +%type <string> ct_obj_kind +%destructor { xfree($$); } ct_obj_kind + %% input : /* empty */ @@ -1191,6 +1196,24 @@ table_block : /* empty */ { $$ = $<table>-1; } list_add_tail(&$4->list, &$1->objs); $$ = $1; } + | table_block CT ct_obj_kind obj_identifier obj_block_alloc '{' ct_block '}' stmt_seperator + { + struct error_record *erec; + int type; + + erec = ct_objtype_parse(&@$, $3, &type); + if (erec != NULL) { + erec_queue(erec, state->msgs); + YYERROR; + } + + $5->location = @4; + $5->type = type; + handle_merge(&$5->handle, &$4); + handle_free(&$4); + list_add_tail(&$5->list, &$1->objs); + $$ = $1; + } ; chain_block_alloc : /* empty */ @@ -1385,6 +1408,16 @@ quota_block : /* empty */ { $$ = $<obj>-1; } } ; +ct_block : /* empty */ { $$ = $<obj>-1; } + | ct_block common_block + | ct_block stmt_seperator + | ct_block ct_config + { + $$ = $1; + } + ; + + type_identifier : STRING { $$ = $1; } | MARK { $$ = xstrdup("mark"); } | DSCP { $$ = xstrdup("dscp"); } @@ -2578,6 +2611,34 @@ quota_obj : quota_config } ; +ct_obj_kind : STRING { $$ = $1; } + ; + +ct_l4protoname : TCP { $$ = IPPROTO_TCP; } + | UDP { $$ = IPPROTO_UDP; } + ; + +ct_config : TYPE QUOTED_STRING PROTOCOL ct_l4protoname stmt_seperator + { + struct ct *ct; + int ret; + + ct = &$<obj>0->ct; + + ret = snprintf(ct->helper_name, sizeof(ct->helper_name), "%s", $2); + if (ret <= 0 || ret >= (int)sizeof(ct->helper_name)) { + erec_queue(error(&@2, "invalid name '%s', max length is %u\n", $2, (int)sizeof(ct->helper_name)), state->msgs); + YYERROR; + } + + ct->l4proto = $4; + } + | L3PROTOCOL family_spec_explicit stmt_seperator + { + $<obj>0->ct.l3proto = $2; + } + ; + relational_expr : expr /* implicit */ rhs_expr { $$ = relational_expr_alloc(&@$, OP_IMPLICIT, $1, $2); @@ -3037,7 +3098,16 @@ ct_stmt : CT ct_key SET expr YYERROR; } - $$ = ct_stmt_alloc(&@$, key, -1, $4); + switch (key) { + case NFT_CT_HELPER: + $$ = objref_stmt_alloc(&@$); + $$->objref.type = NFT_OBJECT_CT_HELPER; + $$->objref.expr = $4; + break; + default: + $$ = ct_stmt_alloc(&@$, key, -1, $4); + break; + } } | CT STRING ct_key_dir_optional SET expr { |