From: Florian Westphal <fw@strlen.de>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case
Date: Thu, 18 Mar 2021 14:20:26 +0100 [thread overview]
Message-ID: <20210318132026.GD22603@breakpoint.cc> (raw)
In-Reply-To: <20210316234039.15677-7-fw@strlen.de>
Florian Westphal <fw@strlen.de> wrote:
> Allow switch of the flex state from bison parser.
> Note that this switch will happen too late to cover all cases:
>
> nft add ip dup fwd ip saddr ... # adds a rule to chain fwd in table dup
> nft add dup fwd ... # syntax error (flex parses dup as expression keyword)
>
> to solve this, bison must carry a list of keywords that are allowed to
> be used as table names.
>
> This adds FWD as an example. When new keywords are added, this can
> then be extended as needed.
>
> Another alternative is to deprecate implicit rule add altogether
> so users would have to move to 'nft add rule ...'.
... and another alternative is to not allow arbitrary table/chain/set
names after all.
We could just say that all future tokens that could break existing
table/chain/set name need to be added to the 'identifier' in
parser_bison.y.
Provided new expressions with args use start conditionals the list
of tokens would probably stay short.
Given the 'set' complication Phil mentioned that might be the best
way forward.
next prev parent reply other threads:[~2021-03-18 13:21 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-16 23:40 [PATCH nft 0/6] arbirary table/chain names Florian Westphal
2021-03-16 23:40 ` [PATCH nft 1/6] scanner: add support for scope nesting Florian Westphal
2021-03-16 23:40 ` [PATCH nft 2/6] scanner: counter: move to own scope Florian Westphal
2021-03-16 23:40 ` [PATCH nft 3/6] scanner: log: " Florian Westphal
2021-03-16 23:40 ` [PATCH nft 4/6] scanner: support arbitary table names Florian Westphal
2021-03-16 23:40 ` [PATCH nft 5/6] scanner: support arbitrary chain names Florian Westphal
2021-03-16 23:40 ` [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case Florian Westphal
2021-03-18 12:00 ` Phil Sutter
2021-03-18 12:37 ` Florian Westphal
2021-03-18 13:51 ` Phil Sutter
2021-03-18 13:20 ` Florian Westphal [this message]
2021-03-24 10:58 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210318132026.GD22603@breakpoint.cc \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.