From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nft 4/6] scanner: support arbitary table names
Date: Wed, 17 Mar 2021 00:40:37 +0100 [thread overview]
Message-ID: <20210316234039.15677-5-fw@strlen.de> (raw)
In-Reply-To: <20210316234039.15677-1-fw@strlen.de>
Add exclusive start condition that only recognizes strings, then
switch to it from table keyword.
This prevents
table foo {
... from breaking when a foo expression keyword would be added to nft
in the future.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
include/parser.h | 3 ++
src/scanner.l | 72 +++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 74 insertions(+), 1 deletion(-)
diff --git a/include/parser.h b/include/parser.h
index d890ab223c52..0843aa1adb6a 100644
--- a/include/parser.h
+++ b/include/parser.h
@@ -25,6 +25,7 @@ struct parser_state {
unsigned int flex_state_pop;
unsigned int startcond_type;
+ unsigned int saw_family:1;
struct list_head *cmds;
};
@@ -49,6 +50,8 @@ enum startcond_type {
PARSER_SC_EXPR_SOCKET,
PARSER_SC_STMT_LOG,
+
+ PARSER_SC_STRING_TABLE,
};
struct mnl_socket;
diff --git a/src/scanner.l b/src/scanner.l
index 0082b3eeca29..bf6f290db3db 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -98,6 +98,8 @@ static void reset_pos(struct parser_state *state, struct location *loc)
state->indesc->column = 1;
}
+static int scanner_handle_tablename(void *scanner, const char *token);
+
static void scanner_push_start_cond(void *scanner, enum startcond_type type);
#define YY_USER_ACTION { \
@@ -216,6 +218,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
%s SCANSTATE_STMT_LOG
+%x SCANSTATE_STRING_TABLE
%%
"==" { return EQ; }
@@ -272,7 +275,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"hook" { return HOOK; }
"device" { return DEVICE; }
"devices" { return DEVICES; }
-"table" { return TABLE; }
+"table" { scanner_push_start_cond(yyscanner, SCANSTATE_STRING_TABLE); return TABLE; }
"tables" { return TABLES; }
"chain" { return CHAIN; }
"chains" { return CHAINS; }
@@ -712,6 +715,34 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
. { return JUNK; }
+<SCANSTATE_STRING_TABLE>{string} {
+ int token = scanner_handle_tablename(yyscanner, yytext);
+
+ if (token != STRING)
+ return token;
+
+ yylval->string = xstrdup(yytext);
+ return STRING;
+ }
+
+<SCANSTATE_STRING_TABLE>{
+\\{newline} {
+ reset_pos(yyget_extra(yyscanner), yylloc);
+ }
+
+{newline} {
+ reset_pos(yyget_extra(yyscanner), yylloc);
+ return NEWLINE;
+ }
+
+{tab}+
+{space}+
+{comment}
+"$" { return '$'; }
+
+. { return JUNK; }
+}
+
%%
static void scanner_push_indesc(struct parser_state *state,
@@ -1033,6 +1064,9 @@ void scanner_pop_start_cond(void *scanner, enum startcond_type t)
struct parser_state *state = yyget_extra(scanner);
if (state->startcond_type != t) {
+ if (state->startcond_type == SCANSTATE_STRING_TABLE)
+ return;
+
state->flex_state_pop++;
return; /* Can't pop just yet! */
}
@@ -1047,3 +1081,39 @@ void scanner_pop_start_cond(void *scanner, enum startcond_type t)
yy_pop_state(scanner);
(void)yy_top_state(scanner); /* suppress gcc warning wrt. unused function */
}
+
+static int scanner_handle_tablename(void *scanner, const char *token)
+{
+ struct parser_state *state = yyget_extra(scanner);
+ int ret = STRING;
+
+ if (state->startcond_type != SCANSTATE_STRING_TABLE)
+ return STRING;
+
+ if (state->saw_family) {
+ state->saw_family = 0;
+ scanner_pop_start_cond(scanner, SCANSTATE_STRING_TABLE);
+ return STRING;
+ }
+
+ if (strcmp(token, "ip") == 0) {
+ ret = IP;
+ } else if (strcmp(token, "ip6") == 0) {
+ ret = IP6;
+ } else if (strcmp(token, "inet") == 0) {
+ ret = INET;
+ } else if (strcmp(token, "bridge") == 0) {
+ ret = BRIDGE;
+ } else if (strcmp(token, "arp") == 0) {
+ ret = ARP;
+ } else if (strcmp(token, "netdev") == 0) {
+ ret = NETDEV;
+ }
+
+ if (ret != STRING)
+ state->saw_family = 1;
+ else
+ scanner_pop_start_cond(scanner, SCANSTATE_STRING_TABLE);
+
+ return ret;
+}
--
2.26.2
next prev parent reply other threads:[~2021-03-16 23:41 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-16 23:40 [PATCH nft 0/6] arbirary table/chain names Florian Westphal
2021-03-16 23:40 ` [PATCH nft 1/6] scanner: add support for scope nesting Florian Westphal
2021-03-16 23:40 ` [PATCH nft 2/6] scanner: counter: move to own scope Florian Westphal
2021-03-16 23:40 ` [PATCH nft 3/6] scanner: log: " Florian Westphal
2021-03-16 23:40 ` Florian Westphal [this message]
2021-03-16 23:40 ` [PATCH nft 5/6] scanner: support arbitrary chain names Florian Westphal
2021-03-16 23:40 ` [PATCH nft 6/6] src: allow arbitary chain name in implicit rule add case Florian Westphal
2021-03-18 12:00 ` Phil Sutter
2021-03-18 12:37 ` Florian Westphal
2021-03-18 13:51 ` Phil Sutter
2021-03-18 13:20 ` Florian Westphal
2021-03-24 10:58 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210316234039.15677-5-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).