* [PATCH nft 1/3] parser_bison: do not enforce semicolon from ct helper block
@ 2019-07-01 17:58 Pablo Neira Ayuso
2019-07-01 17:58 ` [PATCH nft 2/3] rule: do not print semicolon in ct timeout Pablo Neira Ayuso
2019-07-01 17:58 ` [PATCH nft 3/3] rule: print space between policy and timeout Pablo Neira Ayuso
0 siblings, 2 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2019-07-01 17:58 UTC (permalink / raw)
To: netfilter-devel
Use the statement separator rule, since newline is also valid.
Fixes: c7c94802679c ("src: add ct timeout support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/parser_bison.y | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 4f2e34752fa9..153ef326ffe7 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3516,7 +3516,7 @@ timeout_state : STRING COLON NUM
}
;
-ct_timeout_config : PROTOCOL ct_l4protoname SEMICOLON
+ct_timeout_config : PROTOCOL ct_l4protoname stmt_separator
{
struct ct_timeout *ct;
int l4proto = $2;
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH nft 2/3] rule: do not print semicolon in ct timeout
2019-07-01 17:58 [PATCH nft 1/3] parser_bison: do not enforce semicolon from ct helper block Pablo Neira Ayuso
@ 2019-07-01 17:58 ` Pablo Neira Ayuso
2019-07-01 17:58 ` [PATCH nft 3/3] rule: print space between policy and timeout Pablo Neira Ayuso
1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2019-07-01 17:58 UTC (permalink / raw)
To: netfilter-devel
table ip filter {
ct timeout agressive-tcp {
protocol tcp;
^--- remove this semicolon
Not needed, remove it.
Fixes: c7c94802679c ("src: add ct timeout support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/rule.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/rule.c b/src/rule.c
index 048a7fb4c92c..6dbc553e6c33 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1834,7 +1834,7 @@ static void obj_print_data(const struct obj *obj,
nft_print(octx, "%s", opts->nl);
nft_print(octx, "%s%sprotocol ", opts->tab, opts->tab);
print_proto_name_proto(obj->ct_timeout.l4proto, octx);
- nft_print(octx, ";%s", opts->nl);
+ nft_print(octx, "%s", opts->nl);
nft_print(octx, "%s%sl3proto %s%s",
opts->tab, opts->tab,
family2str(obj->ct_timeout.l3proto),
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH nft 3/3] rule: print space between policy and timeout
2019-07-01 17:58 [PATCH nft 1/3] parser_bison: do not enforce semicolon from ct helper block Pablo Neira Ayuso
2019-07-01 17:58 ` [PATCH nft 2/3] rule: do not print semicolon in ct timeout Pablo Neira Ayuso
@ 2019-07-01 17:58 ` Pablo Neira Ayuso
1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2019-07-01 17:58 UTC (permalink / raw)
To: netfilter-devel
table ip filter {
ct timeout agressive-tcp {
...
policy = { established : 100, close_wait : 4, close : 4 }
}
}
for consistency with map syntax.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/rule.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/rule.c b/src/rule.c
index 6dbc553e6c33..0a91917f7568 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1760,7 +1760,7 @@ static void print_proto_timeout_policy(uint8_t l4, const uint32_t *timeout,
if (timeout[i] != timeout_protocol[l4].dflt_timeout[i]) {
if (comma)
nft_print(octx, ", ");
- nft_print(octx, "%s: %u",
+ nft_print(octx, "%s : %u",
timeout_protocol[l4].state_to_name[i],
timeout[i]);
comma = true;
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-07-01 17:58 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-07-01 17:58 [PATCH nft 1/3] parser_bison: do not enforce semicolon from ct helper block Pablo Neira Ayuso
2019-07-01 17:58 ` [PATCH nft 2/3] rule: do not print semicolon in ct timeout Pablo Neira Ayuso
2019-07-01 17:58 ` [PATCH nft 3/3] rule: print space between policy and timeout Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).