diff options
| author | Jose M. Guisado Gomez <guigom@riseup.net> | 2020-09-03 11:16:06 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-09-08 16:41:56 +0200 |
| commit | 293c9b114faef074dbbda06df73f86317d28ef9b (patch) | |
| tree | 2082a7c111a55174649d4b51b6d3c33471b1b4a2 /src/parser_bison.y | |
| parent | 741a06ac15d2bd903b33e5032f5f6fcd54bebc4e (diff) | |
src: add comment support for objects
Enables specifying an optional comment when declaring named objects. The
comment is to be specified inside the object's block ({} block)
Relies on libnftnl exporting nftnl_obj_get_data and kernel space support
to store the comments.
For consistency, this patch makes the comment be printed first when
listing objects.
Adds a testcase importing all commented named objects except for secmark,
although it's supported.
Example: Adding a quota with a comment
> add table inet filter
> nft add quota inet filter q { over 1200 bytes \; comment "test_comment"\; }
> list ruleset
table inet filter {
quota q {
comment "test_comment"
over 1200 bytes
}
}
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser_bison.y')
| -rw-r--r-- | src/parser_bison.y | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index d938f566..7242c4c3 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1006,10 +1006,18 @@ add_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_COUNTER, &$2, &@$, $3); } + | COUNTER obj_spec counter_obj '{' counter_block '}' + { + $$ = cmd_alloc(CMD_ADD, CMD_OBJ_COUNTER, &$2, &@$, $3); + } | QUOTA obj_spec quota_obj quota_config { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_QUOTA, &$2, &@$, $3); } + | QUOTA obj_spec quota_obj '{' quota_block '}' + { + $$ = cmd_alloc(CMD_ADD, CMD_OBJ_QUOTA, &$2, &@$, $3); + } | CT HELPER obj_spec ct_obj_alloc '{' ct_helper_block '}' { $$ = cmd_alloc_obj_ct(CMD_ADD, NFT_OBJECT_CT_HELPER, &$3, &@$, $4); @@ -1026,14 +1034,26 @@ add_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_LIMIT, &$2, &@$, $3); } + | LIMIT obj_spec limit_obj '{' limit_block '}' + { + $$ = cmd_alloc(CMD_ADD, CMD_OBJ_LIMIT, &$2, &@$, $3); + } | SECMARK obj_spec secmark_obj secmark_config { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_SECMARK, &$2, &@$, $3); } + | SECMARK obj_spec secmark_obj '{' secmark_block '}' + { + $$ = cmd_alloc(CMD_ADD, CMD_OBJ_SECMARK, &$2, &@$, $3); + } | SYNPROXY obj_spec synproxy_obj synproxy_config { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_SYNPROXY, &$2, &@$, $3); } + | SYNPROXY obj_spec synproxy_obj '{' synproxy_block '}' + { + $$ = cmd_alloc(CMD_ADD, CMD_OBJ_SYNPROXY, &$2, &@$, $3); + } ; replace_cmd : RULE ruleid_spec rule @@ -2039,6 +2059,10 @@ counter_block : /* empty */ { $$ = $<obj>-1; } { $$ = $1; } + | counter_block comment_spec + { + $<obj>1->comment = $2; + } ; quota_block : /* empty */ { $$ = $<obj>-1; } @@ -2048,6 +2072,10 @@ quota_block : /* empty */ { $$ = $<obj>-1; } { $$ = $1; } + | quota_block comment_spec + { + $<obj>1->comment = $2; + } ; ct_helper_block : /* empty */ { $$ = $<obj>-1; } @@ -2057,6 +2085,10 @@ ct_helper_block : /* empty */ { $$ = $<obj>-1; } { $$ = $1; } + | ct_helper_block comment_spec + { + $<obj>1->comment = $2; + } ; ct_timeout_block : /*empty */ @@ -2070,6 +2102,10 @@ ct_timeout_block : /*empty */ { $$ = $1; } + | ct_timeout_block comment_spec + { + $<obj>1->comment = $2; + } ; ct_expect_block : /*empty */ { $$ = $<obj>-1; } @@ -2079,6 +2115,10 @@ ct_expect_block : /*empty */ { $$ = $<obj>-1; } { $$ = $1; } + | ct_expect_block comment_spec + { + $<obj>1->comment = $2; + } ; limit_block : /* empty */ { $$ = $<obj>-1; } @@ -2088,6 +2128,10 @@ limit_block : /* empty */ { $$ = $<obj>-1; } { $$ = $1; } + | limit_block comment_spec + { + $<obj>1->comment = $2; + } ; secmark_block : /* empty */ { $$ = $<obj>-1; } @@ -2097,6 +2141,10 @@ secmark_block : /* empty */ { $$ = $<obj>-1; } { $$ = $1; } + | secmark_block comment_spec + { + $<obj>1->comment = $2; + } ; synproxy_block : /* empty */ { $$ = $<obj>-1; } @@ -2106,6 +2154,10 @@ synproxy_block : /* empty */ { $$ = $<obj>-1; } { $$ = $1; } + | synproxy_block comment_spec + { + $<obj>1->comment = $2; + } ; type_identifier : STRING { $$ = $1; } |