* [PATCH 1/2 nft] parser: Centralize commentary rule
@ 2016-05-30 16:35 Carlos Falgueras García
2016-05-30 16:35 ` [PATCH 2/2 nft] parser: Check commentaries length Carlos Falgueras García
2016-05-30 17:39 ` [PATCH 1/2 nft] parser: Centralize commentary rule Pablo Neira Ayuso
0 siblings, 2 replies; 4+ messages in thread
From: Carlos Falgueras García @ 2016-05-30 16:35 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
It make more sense if this rule can not be empty, so it can be used both as
mandatory as optional. The higher rule should choice use it in a way or another.
Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
---
src/parser_bison.y | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index ef10dee..6f51a49 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -440,7 +440,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%destructor { close_scope(state); table_free($$); } table_block_alloc
%type <chain> chain_block_alloc chain_block
%destructor { close_scope(state); chain_free($$); } chain_block_alloc
-%type <rule> rule
+%type <rule> rule rule_alloc
%destructor { rule_free($$); } rule
%type <val> set_flag_list set_flag
@@ -1273,11 +1273,7 @@ ruleid_spec : chain_spec handle_spec position_spec
}
;
-comment_spec : /* empty */
- {
- $$ = NULL;
- }
- | COMMENT string
+comment_spec : COMMENT string
{
$$ = $2;
}
@@ -1295,12 +1291,21 @@ ruleset_spec : /* empty */
}
;
-rule : stmt_list comment_spec
+rule : rule_alloc
+ {
+ $$->comment = NULL;
+ }
+ | rule_alloc comment_spec
+ {
+ $$->comment = $2;
+ }
+ ;
+
+rule_alloc : stmt_list
{
struct stmt *i;
$$ = rule_alloc(&@$, NULL);
- $$->comment = $2;
list_for_each_entry(i, $1, list)
$$->num_stmts++;
list_splice_tail($1, &$$->stmts);
@@ -2029,9 +2034,9 @@ set_elem_option : TIMEOUT time_spec
{
$<expr>0->timeout = $2 * 1000;
}
- | COMMENT string
+ | comment_spec
{
- $<expr>0->comment = $2;
+ $<expr>0->comment = $1;
}
;
--
2.8.2
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 4+ messages in thread* [PATCH 2/2 nft] parser: Check commentaries length
2016-05-30 16:35 [PATCH 1/2 nft] parser: Centralize commentary rule Carlos Falgueras García
@ 2016-05-30 16:35 ` Carlos Falgueras García
2016-05-30 17:40 ` Pablo Neira Ayuso
2016-05-30 17:39 ` [PATCH 1/2 nft] parser: Centralize commentary rule Pablo Neira Ayuso
1 sibling, 1 reply; 4+ messages in thread
From: Carlos Falgueras García @ 2016-05-30 16:35 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
Checks the commentary maximum length and reports to user in case of error.
Example:
> nft add table t
> nft add chain t c
> nft add rule t c ip saddr 1.1.1.1 counter comment "abc...xyz" # len > 128
<cmdline>:1:47-N: Error: Comment too long. 128 characters maximum allowed
add rule t c ip saddr 1.1.1.1 counter comment abc...xyz
^^^^^^^^^
Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
---
include/rule.h | 2 ++
src/parser_bison.y | 5 +++++
2 files changed, 7 insertions(+)
diff --git a/include/rule.h b/include/rule.h
index bd24648..7e8daac 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -428,4 +428,6 @@ enum udata_type {
};
#define UDATA_TYPE_MAX (__UDATA_TYPE_MAX - 1)
+#define UDATA_COMMENT_MAXLEN 128
+
#endif /* NFTABLES_RULE_H */
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 6f51a49..0bf0e27 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1275,6 +1275,11 @@ ruleid_spec : chain_spec handle_spec position_spec
comment_spec : COMMENT string
{
+ if (strlen($2) > UDATA_COMMENT_MAXLEN ) {
+ erec_queue(error(&@2, "Comment too long. %d characters maximum allowed", UDATA_COMMENT_MAXLEN),
+ state->msgs);
+ YYERROR;
+ }
$$ = $2;
}
;
--
2.8.2
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH 1/2 nft] parser: Centralize commentary rule
2016-05-30 16:35 [PATCH 1/2 nft] parser: Centralize commentary rule Carlos Falgueras García
2016-05-30 16:35 ` [PATCH 2/2 nft] parser: Check commentaries length Carlos Falgueras García
@ 2016-05-30 17:39 ` Pablo Neira Ayuso
1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2016-05-30 17:39 UTC (permalink / raw)
To: Carlos Falgueras García; +Cc: netfilter-devel
Applied, thanks.
I have rewritten the email subject, the typical jargon word for this
is "consolidation" instead of centralize.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-05-30 17:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-30 16:35 [PATCH 1/2 nft] parser: Centralize commentary rule Carlos Falgueras García
2016-05-30 16:35 ` [PATCH 2/2 nft] parser: Check commentaries length Carlos Falgueras García
2016-05-30 17:40 ` Pablo Neira Ayuso
2016-05-30 17:39 ` [PATCH 1/2 nft] parser: Centralize commentary rule Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).