diff options
| author | Florian Westphal <fw@strlen.de> | 2021-01-27 14:29:50 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2021-06-09 23:19:11 +0200 |
| commit | 4694f7230195bfcff179ed418ddcdd5ff7d5a8e1 (patch) | |
| tree | 3fecd1b0484773b98de9b5344b89855c9fc6f580 /src/parser_bison.y | |
| parent | 6a24ffb04642e8bee982cbb0c6686e834e3eea9f (diff) | |
src: add support for base hook dumping
Example output:
$ nft list hook ip input
family ip hook input {
+0000000000 nft_do_chain_inet [nf_tables] # nft table ip filter chain input
+0000000010 nft_do_chain_inet [nf_tables] # nft table ip firewalld chain filter_INPUT
+0000000100 nf_nat_ipv4_local_in [nf_nat]
+2147483647 ipv4_confirm [nf_conntrack]
}
$ nft list hooks netdev type ingress device lo
family netdev hook ingress device lo {
+0000000000 nft_do_chain_netdev [nf_tables]
}
$ nft list hooks inet
family ip hook prerouting {
-0000000400 ipv4_conntrack_defrag [nf_defrag_ipv4]
-0000000300 iptable_raw_hook [iptable_raw]
-0000000290 nft_do_chain_inet [nf_tables] # nft table ip firewalld chain raw_PREROUTING
-0000000200 ipv4_conntrack_in [nf_conntrack]
-0000000140 nft_do_chain_inet [nf_tables] # nft table ip firewalld chain mangle_PREROUTING
-0000000100 nf_nat_ipv4_pre_routing [nf_nat]
}
...
'nft list hooks' will display everyting except the netdev family
via successive dump request for all family:hook combinations.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src/parser_bison.y')
| -rw-r--r-- | src/parser_bison.y | 48 |
1 files changed, 46 insertions, 2 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index f6c92feb..136ae105 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -238,6 +238,7 @@ int nft_lex(void *, void *, void *); %token TYPEOF "typeof" %token HOOK "hook" +%token HOOKS "hooks" %token DEVICE "device" %token DEVICES "devices" %token TABLE "table" @@ -632,11 +633,15 @@ int nft_lex(void *, void *, void *); %type <handle> set_identifier flowtableid_spec flowtable_identifier obj_identifier %destructor { handle_free(&$$); } set_identifier flowtableid_spec obj_identifier + +%type <handle> basehook_spec +%destructor { handle_free(&$$); } basehook_spec + %type <val> family_spec family_spec_explicit %type <val32> int_num chain_policy %type <prio_spec> extended_prio_spec prio_spec -%type <string> extended_prio_name quota_unit -%destructor { xfree($$); } extended_prio_name quota_unit +%type <string> extended_prio_name quota_unit basehook_device_name +%destructor { xfree($$); } extended_prio_name quota_unit basehook_device_name %type <expr> dev_spec %destructor { xfree($$); } dev_spec @@ -1456,6 +1461,45 @@ list_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_LIST, $2, &$4, &@$, NULL); } + | HOOKS basehook_spec + { + $$ = cmd_alloc(CMD_LIST, CMD_OBJ_HOOKS, &$2, &@$, NULL); + } + ; + +basehook_device_name : /* NULL */ + { + $$ = NULL; + } + | DEVICE STRING + { + $$ = $2; + } + ; + +basehook_spec : ruleset_spec + { + $$ = $1; + } + | ruleset_spec STRING basehook_device_name + { + const char *name = chain_hookname_lookup($2); + + if (name == NULL) { + erec_queue(error(&@2, "unknown chain hook"), + state->msgs); + xfree($3); + YYERROR; + } + + $1.chain.name = $2; + $1.chain.location = @2; + if ($3) { + $1.obj.name = $3; + $1.obj.location = @3; + } + $$ = $1; + } ; reset_cmd : COUNTERS ruleset_spec |