From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nft 1/3] parser: allow to define maps that contain timeouts and expectations
Date: Fri, 1 Mar 2024 13:59:36 +0100 [thread overview]
Message-ID: <20240301125942.20170-2-fw@strlen.de> (raw)
In-Reply-To: <20240301125942.20170-1-fw@strlen.de>
Its currently not possible to use ct timeouts/expectations/helpers
in objref maps, bison parser lacks the relevant keywords.
This change adds support for timeouts and expectations.
Ct helpers are more problematic, this will come in a different change.
Support is only added for the "typeof" keyword, otherwise we'd
need to add pseudo-datatypes as well, but making "ct expectation"
available as "type" as well might be confusing.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/parser_bison.y | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index cd1dc658882d..05861c3e2f75 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -751,7 +751,7 @@ int nft_lex(void *, void *, void *);
%type <set> map_block_alloc map_block
%destructor { set_free($$); } map_block_alloc
-%type <val> map_block_obj_type map_block_data_interval
+%type <val> map_block_obj_type map_block_obj_typeof map_block_data_interval
%type <flowtable> flowtable_block_alloc flowtable_block
%destructor { flowtable_free($$); } flowtable_block_alloc
@@ -988,7 +988,7 @@ int nft_lex(void *, void *, void *);
%destructor { expr_free($$); } exthdr_exists_expr
%type <val> exthdr_key
-%type <val> ct_l4protoname ct_obj_type ct_cmd_type
+%type <val> ct_l4protoname ct_obj_type ct_cmd_type ct_obj_type_map
%type <timeout_state> timeout_state
%destructor { timeout_state_free($$); } timeout_state
@@ -2269,6 +2269,10 @@ map_block_alloc : /* empty */
}
;
+ct_obj_type_map : TIMEOUT { $$ = NFT_OBJECT_CT_TIMEOUT; }
+ | EXPECTATION { $$ = NFT_OBJECT_CT_EXPECT; }
+ ;
+
map_block_obj_type : COUNTER close_scope_counter { $$ = NFT_OBJECT_COUNTER; }
| QUOTA close_scope_quota { $$ = NFT_OBJECT_QUOTA; }
| LIMIT close_scope_limit { $$ = NFT_OBJECT_LIMIT; }
@@ -2276,6 +2280,10 @@ map_block_obj_type : COUNTER close_scope_counter { $$ = NFT_OBJECT_COUNTER; }
| SYNPROXY close_scope_synproxy { $$ = NFT_OBJECT_SYNPROXY; }
;
+map_block_obj_typeof : map_block_obj_type
+ | CT ct_obj_type_map close_scope_ct { $$ = $2; }
+ ;
+
map_block_data_interval : INTERVAL { $$ = EXPR_F_INTERVAL; }
| { $$ = 0; }
;
@@ -2341,7 +2349,7 @@ map_block : /* empty */ { $$ = $<set>-1; }
$$ = $1;
}
| map_block TYPEOF
- typeof_expr COLON map_block_obj_type
+ typeof_expr COLON map_block_obj_typeof
stmt_separator
{
$1->key = $3;
--
2.43.0
next prev parent reply other threads:[~2024-03-01 13:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-01 12:59 [PATCH nft 0/3] parser: allow to define maps that contain ct objects Florian Westphal
2024-03-01 12:59 ` Florian Westphal [this message]
2024-03-01 12:59 ` [PATCH nft 2/3] parser: allow to define maps that contain ct helpers Florian Westphal
2024-03-01 12:59 ` [PATCH nft 3/3] tests: add test case for named ct objects Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240301125942.20170-2-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).