diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/evaluate.c | 44 | ||||
| -rw-r--r-- | src/expression.c | 2 | ||||
| -rw-r--r-- | src/netlink_delinearize.c | 12 | ||||
| -rw-r--r-- | src/netlink_linearize.c | 26 | ||||
| -rw-r--r-- | src/parser_bison.y | 68 | ||||
| -rw-r--r-- | src/rule.c | 10 | ||||
| -rw-r--r-- | src/scanner.l | 2 | ||||
| -rw-r--r-- | src/statement.c | 34 |
8 files changed, 111 insertions, 87 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index fd61e753..f30543f8 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2021,37 +2021,37 @@ static int stmt_evaluate_payload(struct eval_ctx *ctx, struct stmt *stmt) return expr_evaluate(ctx, &stmt->payload.val); } -static int stmt_evaluate_flow(struct eval_ctx *ctx, struct stmt *stmt) +static int stmt_evaluate_meter(struct eval_ctx *ctx, struct stmt *stmt) { struct expr *key, *set, *setref; expr_set_context(&ctx->ectx, NULL, 0); - if (expr_evaluate(ctx, &stmt->flow.key) < 0) + if (expr_evaluate(ctx, &stmt->meter.key) < 0) return -1; - if (expr_is_constant(stmt->flow.key)) - return expr_error(ctx->msgs, stmt->flow.key, - "Flow key expression can not be constant"); - if (stmt->flow.key->comment) - return expr_error(ctx->msgs, stmt->flow.key, - "Flow key expression can not contain comments"); + if (expr_is_constant(stmt->meter.key)) + return expr_error(ctx->msgs, stmt->meter.key, + "Meter key expression can not be constant"); + if (stmt->meter.key->comment) + return expr_error(ctx->msgs, stmt->meter.key, + "Meter key expression can not contain comments"); /* Declare an empty set */ - key = stmt->flow.key; + key = stmt->meter.key; set = set_expr_alloc(&key->location, NULL); set->set_flags |= NFT_SET_EVAL; if (key->timeout) set->set_flags |= NFT_SET_TIMEOUT; - setref = implicit_set_declaration(ctx, stmt->flow.table ?: "__ft%d", + setref = implicit_set_declaration(ctx, stmt->meter.name ?: "__mt%d", key, set); - stmt->flow.set = setref; + stmt->meter.set = setref; - if (stmt_evaluate(ctx, stmt->flow.stmt) < 0) + if (stmt_evaluate(ctx, stmt->meter.stmt) < 0) return -1; - if (!(stmt->flow.stmt->flags & STMT_F_STATEFUL)) - return stmt_binary_error(ctx, stmt->flow.stmt, stmt, - "Per-flow statement must be stateful"); + if (!(stmt->meter.stmt->flags & STMT_F_STATEFUL)) + return stmt_binary_error(ctx, stmt->meter.stmt, stmt, + "meter statement must be stateful"); return 0; } @@ -2782,8 +2782,8 @@ int stmt_evaluate(struct eval_ctx *ctx, struct stmt *stmt) return stmt_evaluate_payload(ctx, stmt); case STMT_EXTHDR: return stmt_evaluate_exthdr(ctx, stmt); - case STMT_FLOW: - return stmt_evaluate_flow(ctx, stmt); + case STMT_METER: + return stmt_evaluate_meter(ctx, stmt); case STMT_META: return stmt_evaluate_meta(ctx, stmt); case STMT_CT: @@ -3151,14 +3151,14 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd) return cmd_error(ctx, "Could not process rule: Set '%s' does not exist", cmd->handle.set); return 0; - case CMD_OBJ_FLOWTABLE: + case CMD_OBJ_METER: table = table_lookup(&cmd->handle, ctx->cache); if (table == NULL) return cmd_error(ctx, "Could not process rule: Table '%s' does not exist", cmd->handle.table); set = set_lookup(table, cmd->handle.set); if (set == NULL || !(set->flags & NFT_SET_EVAL)) - return cmd_error(ctx, "Could not process rule: Flow table '%s' does not exist", + return cmd_error(ctx, "Could not process rule: Meter '%s' does not exist", cmd->handle.set); return 0; case CMD_OBJ_MAP: @@ -3201,7 +3201,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd) return 0; case CMD_OBJ_CHAINS: case CMD_OBJ_RULESET: - case CMD_OBJ_FLOWTABLES: + case CMD_OBJ_METERS: case CMD_OBJ_MAPS: return 0; default: @@ -3276,14 +3276,14 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) return cmd_error(ctx, "Could not process rule: Map '%s' does not exist", cmd->handle.set); return 0; - case CMD_OBJ_FLOWTABLE: + case CMD_OBJ_METER: table = table_lookup(&cmd->handle, ctx->cache); if (table == NULL) return cmd_error(ctx, "Could not process rule: Table '%s' does not exist", cmd->handle.table); set = set_lookup(table, cmd->handle.set); if (set == NULL || !(set->flags & NFT_SET_EVAL)) - return cmd_error(ctx, "Could not process rule: Flow table '%s' does not exist", + return cmd_error(ctx, "Could not process rule: Meter '%s' does not exist", cmd->handle.set); return 0; default: diff --git a/src/expression.c b/src/expression.c index 64ac724a..273038e6 100644 --- a/src/expression.c +++ b/src/expression.c @@ -932,7 +932,7 @@ static void set_ref_expr_print(const struct expr *expr, struct output_ctx *octx) { if (expr->set->flags & NFT_SET_ANONYMOUS) { if (expr->set->flags & NFT_SET_EVAL) - nft_print(octx, "table %s", expr->set->handle.set); + nft_print(octx, "%s", expr->set->handle.set); else expr_print(expr->set->init, octx); } else { diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 44328879..67dbd27d 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -1143,10 +1143,10 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx, } if (dstmt != NULL) { - stmt = flow_stmt_alloc(loc); - stmt->flow.set = set_ref_expr_alloc(loc, set); - stmt->flow.key = expr; - stmt->flow.stmt = dstmt; + stmt = meter_stmt_alloc(loc); + stmt->meter.set = set_ref_expr_alloc(loc, set); + stmt->meter.key = expr; + stmt->meter.stmt = dstmt; } else { stmt = set_stmt_alloc(loc); stmt->set.set = set_ref_expr_alloc(loc, set); @@ -2209,8 +2209,8 @@ static void rule_parse_postprocess(struct netlink_parse_ctx *ctx, struct rule *r case STMT_PAYLOAD: stmt_payload_postprocess(&rctx); break; - case STMT_FLOW: - expr_postprocess(&rctx, &stmt->flow.key); + case STMT_METER: + expr_postprocess(&rctx, &stmt->meter.key); break; case STMT_META: if (stmt->meta.expr != NULL) diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index fb2d2501..cf6ffdb0 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -1204,7 +1204,7 @@ static void netlink_gen_notrack_stmt(struct netlink_linearize_ctx *ctx, static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { - struct set *set = stmt->flow.set->set; + struct set *set = stmt->meter.set->set; struct nftnl_expr *nle; enum nft_registers sreg_key; @@ -1223,34 +1223,34 @@ static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx, nftnl_rule_add_expr(ctx->nlr, nle); } -static void netlink_gen_flow_stmt(struct netlink_linearize_ctx *ctx, - const struct stmt *stmt) +static void netlink_gen_meter_stmt(struct netlink_linearize_ctx *ctx, + const struct stmt *stmt) { struct nftnl_expr *nle; enum nft_registers sreg_key; enum nft_dynset_ops op; struct set *set; - sreg_key = get_register(ctx, stmt->flow.key->key); - netlink_gen_expr(ctx, stmt->flow.key->key, sreg_key); - release_register(ctx, stmt->flow.key->key); + sreg_key = get_register(ctx, stmt->meter.key->key); + netlink_gen_expr(ctx, stmt->meter.key->key, sreg_key); + release_register(ctx, stmt->meter.key->key); - set = stmt->flow.set->set; - if (stmt->flow.key->timeout) + set = stmt->meter.set->set; + if (stmt->meter.key->timeout) op = NFT_DYNSET_OP_UPDATE; else op = NFT_DYNSET_OP_ADD; nle = alloc_nft_expr("dynset"); netlink_put_register(nle, NFTNL_EXPR_DYNSET_SREG_KEY, sreg_key); - if (stmt->flow.key->timeout) + if (stmt->meter.key->timeout) nftnl_expr_set_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT, - stmt->flow.key->timeout); + stmt->meter.key->timeout); nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_OP, op); nftnl_expr_set_str(nle, NFTNL_EXPR_DYNSET_SET_NAME, set->handle.set); nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_SET_ID, set->handle.set_id); nftnl_expr_set(nle, NFTNL_EXPR_DYNSET_EXPR, - netlink_gen_stmt_stateful(ctx, stmt->flow.stmt), 0); + netlink_gen_stmt_stateful(ctx, stmt->meter.stmt), 0); nftnl_rule_add_expr(ctx->nlr, nle); } @@ -1264,8 +1264,8 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx, return netlink_gen_expr(ctx, stmt->expr, NFT_REG_VERDICT); case STMT_VERDICT: return netlink_gen_verdict_stmt(ctx, stmt); - case STMT_FLOW: - return netlink_gen_flow_stmt(ctx, stmt); + case STMT_METER: + return netlink_gen_meter_stmt(ctx, stmt); case STMT_EXTHDR: return netlink_gen_exthdr_stmt(ctx, stmt); case STMT_PAYLOAD: diff --git a/src/parser_bison.y b/src/parser_bison.y index c64c3979..6610b9dc 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -243,6 +243,8 @@ int nft_lex(void *, void *, void *); %token SIZE "size" %token FLOW "flow" +%token METER "meter" +%token METERS "meters" %token <val> NUM "number" %token <string> STRING "string" @@ -555,8 +557,8 @@ int nft_lex(void *, void *, void *); %type <stmt> set_stmt %destructor { stmt_free($$); } set_stmt %type <val> set_stmt_op -%type <stmt> flow_stmt flow_stmt_alloc -%destructor { stmt_free($$); } flow_stmt flow_stmt_alloc +%type <stmt> meter_stmt meter_stmt_alloc +%destructor { stmt_free($$); } meter_stmt meter_stmt_alloc %type <expr> symbol_expr verdict_expr integer_expr variable_expr %destructor { expr_free($$); } symbol_expr verdict_expr integer_expr variable_expr @@ -606,8 +608,8 @@ int nft_lex(void *, void *, void *); %type <expr> set_elem_expr_stmt set_elem_expr_stmt_alloc %destructor { expr_free($$); } set_elem_expr_stmt set_elem_expr_stmt_alloc -%type <expr> flow_key_expr flow_key_expr_alloc -%destructor { expr_free($$); } flow_key_expr flow_key_expr_alloc +%type <expr> meter_key_expr meter_key_expr_alloc +%destructor { expr_free($$); } meter_key_expr meter_key_expr_alloc %type <expr> expr initializer_expr keyword_expr %destructor { expr_free($$); } expr initializer_expr keyword_expr @@ -1084,11 +1086,19 @@ list_cmd : TABLE table_spec } | FLOW TABLES ruleset_spec { - $$ = cmd_alloc(CMD_LIST, CMD_OBJ_FLOWTABLES, &$3, &@$, NULL); + $$ = cmd_alloc(CMD_LIST, CMD_OBJ_METERS, &$3, &@$, NULL); } | FLOW TABLE set_spec { - $$ = cmd_alloc(CMD_LIST, CMD_OBJ_FLOWTABLE, &$3, &@$, NULL); + $$ = cmd_alloc(CMD_LIST, CMD_OBJ_METER, &$3, &@$, NULL); + } + | METERS ruleset_spec + { + $$ = cmd_alloc(CMD_LIST, CMD_OBJ_METERS, &$2, &@$, NULL); + } + | METER set_spec + { + $$ = cmd_alloc(CMD_LIST, CMD_OBJ_METER, &$2, &@$, NULL); } | MAPS ruleset_spec { @@ -1152,7 +1162,11 @@ flush_cmd : TABLE table_spec } | FLOW TABLE set_spec { - $$ = cmd_alloc(CMD_FLUSH, CMD_OBJ_FLOWTABLE, &$3, &@$, NULL); + $$ = cmd_alloc(CMD_FLUSH, CMD_OBJ_METER, &$3, &@$, NULL); + } + | METER set_spec + { + $$ = cmd_alloc(CMD_FLUSH, CMD_OBJ_METER, &$2, &@$, NULL); } | RULESET ruleset_spec { @@ -1782,7 +1796,7 @@ stmt_list : stmt stmt : verdict_stmt | match_stmt - | flow_stmt + | meter_stmt | counter_stmt | payload_stmt | meta_stmt @@ -2468,38 +2482,46 @@ set_stmt_op : ADD { $$ = NFT_DYNSET_OP_ADD; } | UPDATE { $$ = NFT_DYNSET_OP_UPDATE; } ; -flow_stmt : flow_stmt_alloc flow_stmt_opts '{' flow_key_expr stmt '}' +meter_stmt : meter_stmt_alloc meter_stmt_opts '{' meter_key_expr stmt '}' { - $1->flow.key = $4; - $1->flow.stmt = $5; + $1->meter.key = $4; + $1->meter.stmt = $5; $$->location = @$; $$ = $1; } - | flow_stmt_alloc '{' flow_key_expr stmt '}' + | meter_stmt_alloc '{' meter_key_expr stmt '}' { - $1->flow.key = $3; - $1->flow.stmt = $4; + $1->meter.key = $3; + $1->meter.stmt = $4; $$->location = @$; $$ = $1; } ; -flow_stmt_alloc : FLOW +meter_stmt_alloc : FLOW + { + $$ = meter_stmt_alloc(&@$); + } + | METER { - $$ = flow_stmt_alloc(&@$); + $$ = meter_stmt_alloc(&@$); } ; -flow_stmt_opts : flow_stmt_opt +meter_stmt_opts : meter_stmt_opt { $<stmt>$ = $<stmt>0; } - | flow_stmt_opts flow_stmt_opt + | meter_stmt_opts meter_stmt_opt ; -flow_stmt_opt : TABLE identifier +meter_stmt_opt : TABLE identifier + { + $<stmt>0->meter.name = $2; + } + | NAME identifier { - $<stmt>0->flow.table = $2; + $<stmt>0->meter.name = $2; } ; @@ -2738,15 +2760,15 @@ set_list_member_expr : opt_newline set_expr opt_newline } ; -flow_key_expr : flow_key_expr_alloc - | flow_key_expr_alloc set_elem_options +meter_key_expr : meter_key_expr_alloc + | meter_key_expr_alloc set_elem_options { $$->location = @$; $$ = $1; } ; -flow_key_expr_alloc : concat_expr +meter_key_expr_alloc : concat_expr { $$ = set_elem_expr_alloc(&@1, $1); } @@ -284,7 +284,7 @@ static void set_print_declaration(const struct set *set, if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT)) type = "map"; else if (set->flags & NFT_SET_EVAL) - type = "flow table"; + type = "meter"; else type = "set"; @@ -1197,7 +1197,7 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd) (set->flags & NFT_SET_ANONYMOUS || set->flags & NFT_SET_MAP)) continue; - if (cmd->obj == CMD_OBJ_FLOWTABLES && + if (cmd->obj == CMD_OBJ_METERS && !(set->flags & NFT_SET_EVAL)) continue; if (cmd->obj == CMD_OBJ_MAPS && @@ -1580,9 +1580,9 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd) return do_list_set(ctx, cmd, table); case CMD_OBJ_RULESET: return do_list_ruleset(ctx, cmd); - case CMD_OBJ_FLOWTABLES: + case CMD_OBJ_METERS: return do_list_sets(ctx, cmd); - case CMD_OBJ_FLOWTABLE: + case CMD_OBJ_METER: return do_list_set(ctx, cmd, table); case CMD_OBJ_MAPS: return do_list_sets(ctx, cmd); @@ -1650,7 +1650,7 @@ static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd) return netlink_flush_chain(ctx, &cmd->handle, &cmd->location); case CMD_OBJ_SET: case CMD_OBJ_MAP: - case CMD_OBJ_FLOWTABLE: + case CMD_OBJ_METER: return netlink_flush_setelems(ctx, &cmd->handle, &cmd->location); case CMD_OBJ_RULESET: diff --git a/src/scanner.l b/src/scanner.l index ee09775e..6f19eec9 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -292,6 +292,8 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "memory" { return MEMORY; } "flow" { return FLOW; } +"meter" { return METER; } +"meters" { return METERS; } "counter" { return COUNTER; } "name" { return NAME; } diff --git a/src/statement.c b/src/statement.c index 11d067f8..1f93260b 100644 --- a/src/statement.c +++ b/src/statement.c @@ -107,42 +107,42 @@ struct stmt *verdict_stmt_alloc(const struct location *loc, struct expr *expr) return stmt; } -static void flow_stmt_print(const struct stmt *stmt, struct output_ctx *octx) +static void meter_stmt_print(const struct stmt *stmt, struct output_ctx *octx) { - nft_print(octx, "flow "); - if (stmt->flow.set) { - expr_print(stmt->flow.set, octx); + nft_print(octx, "meter "); + if (stmt->meter.set) { + expr_print(stmt->meter.set, octx); nft_print(octx, " "); } nft_print(octx, "{ "); - expr_print(stmt->flow.key, octx); + expr_print(stmt->meter.key, octx); nft_print(octx, " "); octx->stateless++; - stmt_print(stmt->flow.stmt, octx); + stmt_print(stmt->meter.stmt, octx); octx->stateless--; nft_print(octx, "} "); } -static void flow_stmt_destroy(struct stmt *stmt) +static void meter_stmt_destroy(struct stmt *stmt) { - expr_free(stmt->flow.key); - expr_free(stmt->flow.set); - stmt_free(stmt->flow.stmt); + expr_free(stmt->meter.key); + expr_free(stmt->meter.set); + stmt_free(stmt->meter.stmt); } -static const struct stmt_ops flow_stmt_ops = { - .type = STMT_FLOW, - .name = "flow", - .print = flow_stmt_print, - .destroy = flow_stmt_destroy, +static const struct stmt_ops meter_stmt_ops = { + .type = STMT_METER, + .name = "meter", + .print = meter_stmt_print, + .destroy = meter_stmt_destroy, }; -struct stmt *flow_stmt_alloc(const struct location *loc) +struct stmt *meter_stmt_alloc(const struct location *loc) { - return stmt_alloc(loc, &flow_stmt_ops); + return stmt_alloc(loc, &meter_stmt_ops); } static void counter_stmt_print(const struct stmt *stmt, struct output_ctx *octx) |