From: Fernando Fernandez Mancera <ffmancera@riseup.net>
To: netfilter-devel@vger.kernel.org
Cc: Fernando Fernandez Mancera <ffmancera@riseup.net>
Subject: [PATCH 2/2 nft] jump: Allow goto and jump to a variable using nft input files
Date: Tue, 14 May 2019 23:13:40 +0200 [thread overview]
Message-ID: <20190514211340.913-2-ffmancera@riseup.net> (raw)
In-Reply-To: <20190514211340.913-1-ffmancera@riseup.net>
This patch introduces the use of nft input files variables in 'jump' and 'goto'
statements, e.g.
define dest = ber
add table ip foo
add chain ip foo bar {type filter hook input priority 0;}
add chain ip foo ber
add rule ip foo ber counter
add rule ip foo bar jump $dest
table ip foo {
chain bar {
type filter hook input priority filter; policy accept;
jump ber
}
chain ber {
counter packets 71 bytes 6664
}
}
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
src/datatype.c | 11 +++++++++++
src/parser_bison.y | 6 +++++-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/datatype.c b/src/datatype.c
index 6aaf9ea..7e9ec5e 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -297,11 +297,22 @@ static void verdict_type_print(const struct expr *expr, struct output_ctx *octx)
}
}
+static struct error_record *verdict_type_parse(const struct expr *sym,
+ struct expr **res)
+{
+ *res = constant_expr_alloc(&sym->location, &string_type,
+ BYTEORDER_HOST_ENDIAN,
+ (strlen(sym->identifier) + 1) * BITS_PER_BYTE,
+ sym->identifier);
+ return NULL;
+}
+
const struct datatype verdict_type = {
.type = TYPE_VERDICT,
.name = "verdict",
.desc = "netfilter verdict",
.print = verdict_type_print,
+ .parse = verdict_type_parse,
};
static const struct symbol_table nfproto_tbl = {
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 69b5773..a955cb5 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3841,7 +3841,11 @@ verdict_expr : ACCEPT
}
;
-chain_expr : identifier
+chain_expr : variable_expr
+ {
+ $$ = $1;
+ }
+ | identifier
{
$$ = constant_expr_alloc(&@$, &string_type,
BYTEORDER_HOST_ENDIAN,
--
2.20.1
next prev parent reply other threads:[~2019-05-14 21:13 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-14 21:13 [PATCH 1/2 nft] jump: Introduce chain_expr in jump and goto statements Fernando Fernandez Mancera
2019-05-14 21:13 ` Fernando Fernandez Mancera [this message]
2019-05-14 22:55 ` [PATCH 2/2 nft] jump: Allow goto and jump to a variable using nft input files Pablo Neira Ayuso
2019-05-15 10:46 ` Phil Sutter
2019-05-15 10:49 ` Fernando Fernandez Mancera
2019-05-15 10:58 ` Phil Sutter
2019-05-15 11:02 ` Fernando Fernandez Mancera
2019-05-15 11:12 ` Pablo Neira Ayuso
2019-05-15 11:46 ` Phil Sutter
2019-05-15 15:21 ` Pablo Neira Ayuso
2019-05-15 19:26 ` Phil Sutter
2019-05-15 19:56 ` Fernando Fernandez Mancera
2019-05-15 20:31 ` Phil Sutter
2019-05-16 11:58 ` Fernando Fernandez Mancera
2019-05-16 14:39 ` Pablo Neira Ayuso
2019-05-16 14:42 ` Fernando Fernandez Mancera
2019-05-14 22:54 ` [PATCH 1/2 nft] jump: Introduce chain_expr in jump and goto statements Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190514211340.913-2-ffmancera@riseup.net \
--to=ffmancera@riseup.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.