From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: jake.owen@superloop.com, Florian Westphal <fw@strlen.de>
Subject: [PATCH nft 2/8] parser: restrict queue num expressiveness
Date: Wed, 16 Jun 2021 23:16:46 +0200 [thread overview]
Message-ID: <20210616211652.11765-3-fw@strlen.de> (raw)
In-Reply-To: <20210616211652.11765-1-fw@strlen.de>
Else we run into trouble once we allow
queue num symhash mod 4 and 1
and so on. Example problem:
queue num jhash ip saddr mod 4 and 1 bypass
This will fail to parse because the scanner is in the wrong state
(ip, not queue), so 'bypass' is parsed as a string.
Currently, while nft will eat the above just fine (minus 'bypass'),
nft rejects this from the evaluation phase with
Error: queue number is not constant
So seems we are lucky and can restrict the supported expressions
to integer and range.
Furthermore, the line looks wrong because this statement:
queue num jhash ip saddr mod 4 and 1 bypass
doesn't specifiy a number, "queue num 4" does, or "queue num 1-2" do.
For arbitrary expr support it seems sensible to enforce stricter
ordering to avoid any problems with the flags, for example:
queue bypass,futurekeyword to jhash ip saddr mod 42
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/parser_bison.y | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index bd2232a3de27..2ab47ed55166 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -705,6 +705,8 @@ int nft_lex(void *, void *, void *);
%type <stmt> queue_stmt queue_stmt_alloc
%destructor { stmt_free($$); } queue_stmt queue_stmt_alloc
+%type <expr> queue_stmt_expr
+%destructor { expr_free($$); } queue_stmt_expr
%type <val> queue_stmt_flags queue_stmt_flag
%type <stmt> dup_stmt
%destructor { stmt_free($$); } dup_stmt
@@ -3753,7 +3755,7 @@ queue_stmt_args : queue_stmt_arg
| queue_stmt_args queue_stmt_arg
;
-queue_stmt_arg : QUEUENUM stmt_expr
+queue_stmt_arg : QUEUENUM queue_stmt_expr
{
$<stmt>0->queue.queue = $2;
$<stmt>0->queue.queue->location = @$;
@@ -3764,6 +3766,10 @@ queue_stmt_arg : QUEUENUM stmt_expr
}
;
+queue_stmt_expr : integer_expr
+ | range_rhs_expr
+ ;
+
queue_stmt_flags : queue_stmt_flag
| queue_stmt_flags COMMA queue_stmt_flag
{
--
2.31.1
next prev parent reply other threads:[~2021-06-16 21:17 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-16 21:16 [PATCH nft 0/8] Enableruntime queue selection via jhash, numgen and map statement Florian Westphal
2021-06-16 21:16 ` [PATCH nft 1/8] evaluate: fix hash expression maxval Florian Westphal
2021-06-16 21:16 ` Florian Westphal [this message]
2021-06-16 21:16 ` [PATCH nft 3/8] src: add queue expr and flags to queue_stmt_alloc Florian Westphal
2021-06-16 21:16 ` [PATCH nft 4/8] parser: add queue_stmt_compat Florian Westphal
2021-06-16 21:16 ` [PATCH nft 5/8] parser: new queue flag input format Florian Westphal
2021-06-16 21:16 ` [PATCH nft 6/8] src: queue: allow use of arbitrary queue expressions Florian Westphal
2021-06-16 21:16 ` [PATCH nft 7/8] tests: extend queue testcases for new sreg support Florian Westphal
2021-06-16 21:16 ` [PATCH nft 8/8] src: queue: allow use of MAP statement for queue number retrieval Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210616211652.11765-3-fw@strlen.de \
--to=fw@strlen.de \
--cc=jake.owen@superloop.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.