Re: nftables: Add anonymous set to named set

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Leon Merten Lohse <leon@green-side.de>
Cc: netfilter@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: nftables: Add anonymous set to named set
Date: Thu, 20 Oct 2016 17:11:44 +0200	[thread overview]
Message-ID: <20161020151144.GA1556@salvia> (raw)
In-Reply-To: <20161018225231.5db3dac1@doomgiver>

[-- Attachment #1: Type: text/plain, Size: 411 bytes --]

On Tue, Oct 18, 2016 at 10:52:31PM +0200, Leon Merten Lohse wrote:
> Hi,
> 
> I am trying to add an anonymous set that is defined as a variable to a
> named set as follows:
> 
> define whitelist_v4 = { 1.1.1.1}
> 
> table inet filter {
>   set whitelist_v4 { type ipv4_addr; }
>  
>   [ ... ]
> }
> 
> add element inet filter whitelist_v4 $whitelist_v4

Attaching a patch to resolve this. Thanks for reporting.

[-- Attachment #2: 0001-parser_bison-allow-to-use-variable-to-add-create-del.patch --]
[-- Type: text/x-diff, Size: 1944 bytes --]

From 86ea36cfcb18bf4f1d3128e6b848c4d4ffc5f964 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 20 Oct 2016 17:06:05 +0200
Subject: [PATCH nft] parser_bison: allow to use variable to add/create/delete
 elements

Using variable definitions from element command doesn't work, eg.

-test.nft-
 define whitelist_v4 = { 1.1.1.1 }
 table inet filter {
	set whitelist_v4 { type ipv4_addr; }
 }
 add element inet filter whitelist_v4 $whitelist_v4
-EOF-

 # nft -f test.nft
 test.nft:7:38-38: Error: syntax error, unexpected '$', expecting '{'
 add element inet filter whitelist_v4 $whitelist_v4
                                      ^

Fix this by using set_block_expr rule for every element command.

Reported-by: Leon Merten Lohse <leon@green-side.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_bison.y | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 14ad67f61b6b..4108dff7e228 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -750,7 +750,7 @@ add_cmd			:	TABLE		table_spec
 				handle_merge(&$3->handle, &$2);
 				$$ = cmd_alloc(CMD_ADD, CMD_OBJ_SET, &$2, &@$, $5);
 			}
-			|	ELEMENT		set_spec	set_expr
+			|	ELEMENT		set_spec	set_block_expr
 			{
 				$$ = cmd_alloc(CMD_ADD, CMD_OBJ_SETELEM, &$2, &@$, $3);
 			}
@@ -799,7 +799,7 @@ create_cmd		:	TABLE		table_spec
 				handle_merge(&$3->handle, &$2);
 				$$ = cmd_alloc(CMD_CREATE, CMD_OBJ_SET, &$2, &@$, $5);
 			}
-			|	ELEMENT		set_spec	set_expr
+			|	ELEMENT		set_spec	set_block_expr
 			{
 				$$ = cmd_alloc(CMD_CREATE, CMD_OBJ_SETELEM, &$2, &@$, $3);
 			}
@@ -831,7 +831,7 @@ delete_cmd		:	TABLE		table_spec
 			{
 				$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SET, &$2, &@$, NULL);
 			}
-			|	ELEMENT		set_spec	set_expr
+			|	ELEMENT		set_spec	set_block_expr
 			{
 				$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SETELEM, &$2, &@$, $3);
 			}
-- 
2.1.4

WARNING: multiple messages have this Message-ID (diff)

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Leon Merten Lohse <leon@green-side.de>
Cc: netfilter@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: nftables: Add anonymous set to named set
Date: Thu, 20 Oct 2016 17:11:44 +0200	[thread overview]
Message-ID: <20161020151144.GA1556@salvia> (raw)
In-Reply-To: <20161018225231.5db3dac1@doomgiver>

[-- Attachment #1: Type: text/plain, Size: 411 bytes --]

On Tue, Oct 18, 2016 at 10:52:31PM +0200, Leon Merten Lohse wrote:
> Hi,
> 
> I am trying to add an anonymous set that is defined as a variable to a
> named set as follows:
> 
> define whitelist_v4 = { 1.1.1.1}
> 
> table inet filter {
>   set whitelist_v4 { type ipv4_addr; }
>  
>   [ ... ]
> }
> 
> add element inet filter whitelist_v4 $whitelist_v4

Attaching a patch to resolve this. Thanks for reporting.

[-- Attachment #2: 0001-parser_bison-allow-to-use-variable-to-add-create-del.patch --]
[-- Type: text/x-diff, Size: 1945 bytes --]

>From 86ea36cfcb18bf4f1d3128e6b848c4d4ffc5f964 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 20 Oct 2016 17:06:05 +0200
Subject: [PATCH nft] parser_bison: allow to use variable to add/create/delete
 elements

Using variable definitions from element command doesn't work, eg.

-test.nft-
 define whitelist_v4 = { 1.1.1.1 }
 table inet filter {
	set whitelist_v4 { type ipv4_addr; }
 }
 add element inet filter whitelist_v4 $whitelist_v4
-EOF-

 # nft -f test.nft
 test.nft:7:38-38: Error: syntax error, unexpected '$', expecting '{'
 add element inet filter whitelist_v4 $whitelist_v4
                                      ^

Fix this by using set_block_expr rule for every element command.

Reported-by: Leon Merten Lohse <leon@green-side.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_bison.y | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 14ad67f61b6b..4108dff7e228 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -750,7 +750,7 @@ add_cmd			:	TABLE		table_spec
 				handle_merge(&$3->handle, &$2);
 				$$ = cmd_alloc(CMD_ADD, CMD_OBJ_SET, &$2, &@$, $5);
 			}
-			|	ELEMENT		set_spec	set_expr
+			|	ELEMENT		set_spec	set_block_expr
 			{
 				$$ = cmd_alloc(CMD_ADD, CMD_OBJ_SETELEM, &$2, &@$, $3);
 			}
@@ -799,7 +799,7 @@ create_cmd		:	TABLE		table_spec
 				handle_merge(&$3->handle, &$2);
 				$$ = cmd_alloc(CMD_CREATE, CMD_OBJ_SET, &$2, &@$, $5);
 			}
-			|	ELEMENT		set_spec	set_expr
+			|	ELEMENT		set_spec	set_block_expr
 			{
 				$$ = cmd_alloc(CMD_CREATE, CMD_OBJ_SETELEM, &$2, &@$, $3);
 			}
@@ -831,7 +831,7 @@ delete_cmd		:	TABLE		table_spec
 			{
 				$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SET, &$2, &@$, NULL);
 			}
-			|	ELEMENT		set_spec	set_expr
+			|	ELEMENT		set_spec	set_block_expr
 			{
 				$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SETELEM, &$2, &@$, $3);
 			}
-- 
2.1.4

next prev parent reply	other threads:[~2016-10-20 15:11 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-10-18 20:52 nftables: Add anonymous set to named set Leon Merten Lohse
2016-10-20 15:11 ` Pablo Neira Ayuso [this message]
2016-10-20 15:11   ` Pablo Neira Ayuso

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:14ad67f61b6 dfblob:4108dff7e22 dfblob:14ad67f61b6
dfblob:4108dff7e22 )
 OR (
bs:"parser_bison: allow to use variable to add/create/delete" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20161020151144.GA1556@salvia \
    --to=pablo@netfilter.org \
    --cc=leon@green-side.de \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.