* [PATCH 1/2] expr: remove secmark from ct and meta expression
2014-01-15 11:16 [PATCH 0/2] nftables: removal of secmark and shortened meta expressions Patrick McHardy
@ 2014-01-15 11:16 ` Patrick McHardy
2014-01-15 11:16 ` [PATCH 2/2] meta: don't require "meta" keyword for a subset of meta expressions Patrick McHardy
1 sibling, 0 replies; 3+ messages in thread
From: Patrick McHardy @ 2014-01-15 11:16 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel
The secctx should be used instead of the secmark. Remove for now.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
src/ct.c | 3 ---
src/meta.c | 2 --
src/parser.y | 3 ---
src/scanner.l | 1 -
4 files changed, 9 deletions(-)
diff --git a/src/ct.c b/src/ct.c
index b8f7632..f893df9 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -104,9 +104,6 @@ static const struct ct_template ct_templates[] = {
[NFT_CT_MARK] = CT_TEMPLATE("mark", &mark_type,
BYTEORDER_HOST_ENDIAN,
4 * BITS_PER_BYTE),
- [NFT_CT_SECMARK] = CT_TEMPLATE("secmark", &integer_type,
- BYTEORDER_HOST_ENDIAN,
- 4 * BITS_PER_BYTE),
[NFT_CT_EXPIRATION] = CT_TEMPLATE("expiration", &time_type,
BYTEORDER_HOST_ENDIAN,
4 * BITS_PER_BYTE),
diff --git a/src/meta.c b/src/meta.c
index d7b024b..6d42525 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -331,8 +331,6 @@ static const struct meta_template meta_templates[] = {
1 , BYTEORDER_HOST_ENDIAN),
[NFT_META_RTCLASSID] = META_TEMPLATE("rtclassid", &realm_type,
4 * 8, BYTEORDER_HOST_ENDIAN),
- [NFT_META_SECMARK] = META_TEMPLATE("secmark", &integer_type,
- 4 * 8, BYTEORDER_HOST_ENDIAN),
};
static void meta_expr_print(const struct expr *expr)
diff --git a/src/parser.y b/src/parser.y
index 7c18875..2e5f6c1 100644
--- a/src/parser.y
+++ b/src/parser.y
@@ -294,7 +294,6 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%token SKGID "skgid"
%token NFTRACE "nftrace"
%token RTCLASSID "rtclassid"
-%token SECMARK "secmark"
%token CT "ct"
%token DIRECTION "direction"
@@ -1393,7 +1392,6 @@ meta_key : LENGTH { $$ = NFT_META_LEN; }
| SKGID { $$ = NFT_META_SKGID; }
| NFTRACE { $$ = NFT_META_NFTRACE; }
| RTCLASSID { $$ = NFT_META_RTCLASSID; }
- | SECMARK { $$ = NFT_META_SECMARK; }
;
meta_stmt : META meta_key SET expr
@@ -1412,7 +1410,6 @@ ct_key : STATE { $$ = NFT_CT_STATE; }
| DIRECTION { $$ = NFT_CT_DIRECTION; }
| STATUS { $$ = NFT_CT_STATUS; }
| MARK { $$ = NFT_CT_MARK; }
- | SECMARK { $$ = NFT_CT_SECMARK; }
| EXPIRATION { $$ = NFT_CT_EXPIRATION; }
| HELPER { $$ = NFT_CT_HELPER; }
| L3PROTOCOL { $$ = NFT_CT_L3PROTOCOL; }
diff --git a/src/scanner.l b/src/scanner.l
index 0b8abac..e813140 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -384,7 +384,6 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"skgid" { return SKGID; }
"nftrace" { return NFTRACE; }
"rtclassid" { return RTCLASSID; }
-"secmark" { return SECMARK; }
"ct" { return CT; }
"direction" { return DIRECTION; }
--
1.8.4.2
^ permalink raw reply related [flat|nested] 3+ messages in thread* [PATCH 2/2] meta: don't require "meta" keyword for a subset of meta expressions
2014-01-15 11:16 [PATCH 0/2] nftables: removal of secmark and shortened meta expressions Patrick McHardy
2014-01-15 11:16 ` [PATCH 1/2] expr: remove secmark from ct and meta expression Patrick McHardy
@ 2014-01-15 11:16 ` Patrick McHardy
1 sibling, 0 replies; 3+ messages in thread
From: Patrick McHardy @ 2014-01-15 11:16 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel
Don't require the meta keyword for mark, iif, oif, iifname, oifname,
skuid, skgid, nftrace, rtclassid and secmark.
The protocol and length types still need the meta keyword to avoid
grammar conflicts.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
src/meta.c | 13 ++++++++++++-
src/parser.y | 20 +++++++++++++++++---
2 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/src/meta.c b/src/meta.c
index 6d42525..098728b 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -335,7 +335,18 @@ static const struct meta_template meta_templates[] = {
static void meta_expr_print(const struct expr *expr)
{
- printf("meta %s", meta_templates[expr->meta.key].token);
+ switch (expr->meta.key) {
+ case NFT_META_LEN:
+ case NFT_META_NFPROTO:
+ case NFT_META_L4PROTO:
+ case NFT_META_PROTOCOL:
+ case NFT_META_PRIORITY:
+ printf("meta %s", meta_templates[expr->meta.key].token);
+ break;
+ default:
+ printf("%s", meta_templates[expr->meta.key].token);
+ break;
+ }
}
static void meta_expr_clone(struct expr *new, const struct expr *expr)
diff --git a/src/parser.y b/src/parser.y
index 2e5f6c1..632970b 100644
--- a/src/parser.y
+++ b/src/parser.y
@@ -463,7 +463,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%type <expr> meta_expr
%destructor { expr_free($$); } meta_expr
-%type <val> meta_key
+%type <val> meta_key meta_key_qualified meta_key_unqualified
%type <expr> ct_expr
%destructor { expr_free($$); } ct_expr
@@ -1374,14 +1374,24 @@ meta_expr : META meta_key
{
$$ = meta_expr_alloc(&@$, $2);
}
+ | meta_key_unqualified
+ {
+ $$ = meta_expr_alloc(&@$, $1);
+ }
+ ;
+
+meta_key : meta_key_qualified
+ | meta_key_unqualified
;
-meta_key : LENGTH { $$ = NFT_META_LEN; }
+meta_key_qualified : LENGTH { $$ = NFT_META_LEN; }
| NFPROTO { $$ = NFT_META_NFPROTO; }
| L4PROTO { $$ = NFT_META_L4PROTO; }
| PROTOCOL { $$ = NFT_META_PROTOCOL; }
| PRIORITY { $$ = NFT_META_PRIORITY; }
- | MARK { $$ = NFT_META_MARK; }
+ ;
+
+meta_key_unqualified : MARK { $$ = NFT_META_MARK; }
| IIF { $$ = NFT_META_IIF; }
| IIFNAME { $$ = NFT_META_IIFNAME; }
| IIFTYPE { $$ = NFT_META_IIFTYPE; }
@@ -1398,6 +1408,10 @@ meta_stmt : META meta_key SET expr
{
$$ = meta_stmt_alloc(&@$, $2, $4);
}
+ | meta_key_unqualified SET expr
+ {
+ $$ = meta_stmt_alloc(&@$, $1, $3);
+ }
;
ct_expr : CT ct_key
--
1.8.4.2
^ permalink raw reply related [flat|nested] 3+ messages in thread