From 3ed5e31f4a323d7f054b6120d05134195dc681f0 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Wed, 27 Apr 2016 12:29:50 +0100 Subject: src: add flow statement The flow statement allows to instantiate per flow statements for user defined flows. This can so far be used for per flow accounting or limiting, similar to what the iptables hashlimit provides. Flows can be aged using the timeout option. Examples: # nft filter input flow ip saddr . tcp dport limit rate 10/second # nft filter input flow table acct iif . ip saddr timeout 60s counter Signed-off-by: Patrick McHardy Signed-off-by: Pablo Neira Ayuso --- src/parser_bison.y | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) (limited to 'src/parser_bison.y') diff --git a/src/parser_bison.y b/src/parser_bison.y index b8d33861..8a7785b3 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -216,6 +216,8 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token PERFORMANCE "performance" %token SIZE "size" +%token FLOW "flow" + %token NUM "number" %token STRING "string" %token QUOTED_STRING @@ -484,6 +486,8 @@ static void location_update(struct location *loc, struct location *rhs, int n) %type set_stmt %destructor { stmt_free($$); } set_stmt %type set_stmt_op +%type flow_stmt flow_stmt_alloc +%destructor { stmt_free($$); } flow_stmt flow_stmt_alloc %type symbol_expr verdict_expr integer_expr %destructor { expr_free($$); } symbol_expr verdict_expr integer_expr @@ -519,6 +523,9 @@ static void location_update(struct location *loc, struct location *rhs, int n) %type set_elem_expr set_elem_expr_alloc set_lhs_expr set_rhs_expr %destructor { expr_free($$); } set_elem_expr set_elem_expr_alloc set_lhs_expr set_rhs_expr +%type flow_key_expr flow_key_expr_alloc +%destructor { expr_free($$); } flow_key_expr flow_key_expr_alloc + %type expr initializer_expr %destructor { expr_free($$); } expr initializer_expr @@ -1306,6 +1313,7 @@ stmt_list : stmt stmt : verdict_stmt | match_stmt + | flow_stmt | counter_stmt | payload_stmt | meta_stmt @@ -1757,6 +1765,41 @@ set_stmt_op : ADD { $$ = NFT_DYNSET_OP_ADD; } | UPDATE { $$ = NFT_DYNSET_OP_UPDATE; } ; +flow_stmt : flow_stmt_alloc flow_stmt_opts flow_key_expr stmt + { + $1->flow.key = $3; + $1->flow.stmt = $4; + $$->location = @$; + $$ = $1; + } + | flow_stmt_alloc flow_key_expr stmt + { + $1->flow.key = $2; + $1->flow.stmt = $3; + $$->location = @$; + $$ = $1; + } + ; + +flow_stmt_alloc : FLOW + { + $$ = flow_stmt_alloc(&@$); + } + ; + +flow_stmt_opts : flow_stmt_opt + { + $$ = $0; + } + | flow_stmt_opts flow_stmt_opt + ; + +flow_stmt_opt : TABLE identifier + { + $0->flow.table = $2; + } + ; + match_stmt : relational_expr { $$ = expr_stmt_alloc(&@$, $1); @@ -1941,6 +1984,20 @@ set_list_member_expr : opt_newline set_expr opt_newline } ; +flow_key_expr : flow_key_expr_alloc + | flow_key_expr_alloc set_elem_options + { + $$->location = @$; + $$ = $1; + } + ; + +flow_key_expr_alloc : concat_expr + { + $$ = set_elem_expr_alloc(&@1, $1); + } + ; + set_elem_expr : set_elem_expr_alloc | set_elem_expr_alloc set_elem_options ; -- cgit v1.2.3