From 293c9b114faef074dbbda06df73f86317d28ef9b Mon Sep 17 00:00:00 2001 From: "Jose M. Guisado Gomez" Date: Thu, 3 Sep 2020 11:16:06 +0200 Subject: src: add comment support for objects Enables specifying an optional comment when declaring named objects. The comment is to be specified inside the object's block ({} block) Relies on libnftnl exporting nftnl_obj_get_data and kernel space support to store the comments. For consistency, this patch makes the comment be printed first when listing objects. Adds a testcase importing all commented named objects except for secmark, although it's supported. Example: Adding a quota with a comment > add table inet filter > nft add quota inet filter q { over 1200 bytes \; comment "test_comment"\; } > list ruleset table inet filter { quota q { comment "test_comment" over 1200 bytes } } Signed-off-by: Jose M. Guisado Gomez Signed-off-by: Pablo Neira Ayuso --- src/parser_bison.y | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) (limited to 'src/parser_bison.y') diff --git a/src/parser_bison.y b/src/parser_bison.y index d938f566..7242c4c3 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1006,10 +1006,18 @@ add_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_COUNTER, &$2, &@$, $3); } + | COUNTER obj_spec counter_obj '{' counter_block '}' + { + $$ = cmd_alloc(CMD_ADD, CMD_OBJ_COUNTER, &$2, &@$, $3); + } | QUOTA obj_spec quota_obj quota_config { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_QUOTA, &$2, &@$, $3); } + | QUOTA obj_spec quota_obj '{' quota_block '}' + { + $$ = cmd_alloc(CMD_ADD, CMD_OBJ_QUOTA, &$2, &@$, $3); + } | CT HELPER obj_spec ct_obj_alloc '{' ct_helper_block '}' { $$ = cmd_alloc_obj_ct(CMD_ADD, NFT_OBJECT_CT_HELPER, &$3, &@$, $4); @@ -1026,14 +1034,26 @@ add_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_LIMIT, &$2, &@$, $3); } + | LIMIT obj_spec limit_obj '{' limit_block '}' + { + $$ = cmd_alloc(CMD_ADD, CMD_OBJ_LIMIT, &$2, &@$, $3); + } | SECMARK obj_spec secmark_obj secmark_config { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_SECMARK, &$2, &@$, $3); } + | SECMARK obj_spec secmark_obj '{' secmark_block '}' + { + $$ = cmd_alloc(CMD_ADD, CMD_OBJ_SECMARK, &$2, &@$, $3); + } | SYNPROXY obj_spec synproxy_obj synproxy_config { $$ = cmd_alloc(CMD_ADD, CMD_OBJ_SYNPROXY, &$2, &@$, $3); } + | SYNPROXY obj_spec synproxy_obj '{' synproxy_block '}' + { + $$ = cmd_alloc(CMD_ADD, CMD_OBJ_SYNPROXY, &$2, &@$, $3); + } ; replace_cmd : RULE ruleid_spec rule @@ -2039,6 +2059,10 @@ counter_block : /* empty */ { $$ = $-1; } { $$ = $1; } + | counter_block comment_spec + { + $1->comment = $2; + } ; quota_block : /* empty */ { $$ = $-1; } @@ -2048,6 +2072,10 @@ quota_block : /* empty */ { $$ = $-1; } { $$ = $1; } + | quota_block comment_spec + { + $1->comment = $2; + } ; ct_helper_block : /* empty */ { $$ = $-1; } @@ -2057,6 +2085,10 @@ ct_helper_block : /* empty */ { $$ = $-1; } { $$ = $1; } + | ct_helper_block comment_spec + { + $1->comment = $2; + } ; ct_timeout_block : /*empty */ @@ -2070,6 +2102,10 @@ ct_timeout_block : /*empty */ { $$ = $1; } + | ct_timeout_block comment_spec + { + $1->comment = $2; + } ; ct_expect_block : /*empty */ { $$ = $-1; } @@ -2079,6 +2115,10 @@ ct_expect_block : /*empty */ { $$ = $-1; } { $$ = $1; } + | ct_expect_block comment_spec + { + $1->comment = $2; + } ; limit_block : /* empty */ { $$ = $-1; } @@ -2088,6 +2128,10 @@ limit_block : /* empty */ { $$ = $-1; } { $$ = $1; } + | limit_block comment_spec + { + $1->comment = $2; + } ; secmark_block : /* empty */ { $$ = $-1; } @@ -2097,6 +2141,10 @@ secmark_block : /* empty */ { $$ = $-1; } { $$ = $1; } + | secmark_block comment_spec + { + $1->comment = $2; + } ; synproxy_block : /* empty */ { $$ = $-1; } @@ -2106,6 +2154,10 @@ synproxy_block : /* empty */ { $$ = $-1; } { $$ = $1; } + | synproxy_block comment_spec + { + $1->comment = $2; + } ; type_identifier : STRING { $$ = $1; } -- cgit v1.2.3