From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nft 0/6] arbirary table/chain names
Date: Wed, 17 Mar 2021 00:40:33 +0100 [thread overview]
Message-ID: <20210316234039.15677-1-fw@strlen.de> (raw)
This series allows (almost) arbitrary chain names.
Unsolved problem:
nft has implict 'rule add' behaviour, e.g.
'nft add rule ip filter input foo ip saddr 1.2.3.4 drop' can be written like
'nft ip filter input foo ip saddr 1.2.3.4 drop' or even
'nft filter input foo ip saddr 1.2.3.4 drop'.
IOW, the scanner cannot switch to the exclusive rule scope
added in patch 5 to allow for arbitrary names.
Patch 6 resolves this by switching state from bison, but this
requires to add future tokens to a special whitelist.
It might be better to omit patch 6 and/or deprecate the
implicit rule add behaviour. See patch 6 for details.
Florian Westphal (6):
scanner: add support for scope nesting
scanner: counter: move to own scope
scanner: log: move to own scope
scanner: support arbitary table names
scanner: support arbitrary chain names
src: allow arbitary chain name in implicit rule add case
include/parser.h | 12 ++++
src/parser_bison.y | 97 ++++++++++++++++++-------
src/scanner.l | 173 +++++++++++++++++++++++++++++++++++++++++----
3 files changed, 241 insertions(+), 41 deletions(-)
--
2.26.2
next reply other threads:[~2021-03-16 23:41 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-16 23:40 Florian Westphal [this message]
2021-03-16 23:40 ` [PATCH nft 1/6] scanner: add support for scope nesting Florian Westphal
2021-03-16 23:40 ` [PATCH nft 2/6] scanner: counter: move to own scope Florian Westphal
2021-03-16 23:40 ` [PATCH nft 3/6] scanner: log: " Florian Westphal
2021-03-16 23:40 ` [PATCH nft 4/6] scanner: support arbitary table names Florian Westphal
2021-03-16 23:40 ` [PATCH nft 5/6] scanner: support arbitrary chain names Florian Westphal
2021-03-16 23:40 ` [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case Florian Westphal
2021-03-18 12:00 ` Phil Sutter
2021-03-18 12:37 ` Florian Westphal
2021-03-18 13:51 ` Phil Sutter
2021-03-18 13:20 ` Florian Westphal
2021-03-24 10:58 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210316234039.15677-1-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).