* [PATCH nft 2/5] parser_bison: consolidate limit grammar rule for set elements
2025-03-20 12:10 [PATCH nft 1/5] parser_bison: consolidate counter grammar rule for set elements Pablo Neira Ayuso
@ 2025-03-20 12:10 ` Pablo Neira Ayuso
2025-03-20 12:10 ` [PATCH nft 3/5] parser_bison: consolidate quota " Pablo Neira Ayuso
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2025-03-20 12:10 UTC (permalink / raw)
To: netfilter-devel
Define limit_stmt_alloc and limit_args to follow similar idiom that is
used for counters.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/parser_bison.y | 77 ++++++++++++++++++++++------------------------
1 file changed, 37 insertions(+), 40 deletions(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 0d37c920f00c..1605c26df843 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -769,6 +769,8 @@ int nft_lex(void *, void *, void *);
%destructor { stmt_free($$); } stmt match_stmt verdict_stmt set_elem_stmt
%type <stmt> counter_stmt counter_stmt_alloc stateful_stmt last_stmt
%destructor { stmt_free($$); } counter_stmt counter_stmt_alloc stateful_stmt last_stmt
+%type <stmt> limit_stmt_alloc
+%destructor { stmt_free($$); } limit_stmt_alloc
%type <stmt> objref_stmt objref_stmt_counter objref_stmt_limit objref_stmt_quota objref_stmt_ct objref_stmt_synproxy
%destructor { stmt_free($$); } objref_stmt objref_stmt_counter objref_stmt_limit objref_stmt_quota objref_stmt_ct objref_stmt_synproxy
@@ -3177,7 +3179,7 @@ objref_stmt : objref_stmt_counter
;
stateful_stmt : counter_stmt close_scope_counter
- | limit_stmt
+ | limit_stmt close_scope_limit
| quota_stmt
| connlimit_stmt
| last_stmt close_scope_last
@@ -3461,28 +3463,45 @@ log_flag_tcp : SEQUENCE
}
;
-limit_stmt : LIMIT RATE limit_mode limit_rate_pkts limit_burst_pkts close_scope_limit
+limit_stmt_alloc : LIMIT RATE
+ {
+ $$ = limit_stmt_alloc(&@$);
+ }
+ ;
+
+limit_stmt : limit_stmt_alloc limit_args
+ ;
+
+limit_args : limit_mode limit_rate_pkts limit_burst_pkts
{
- if ($5 == 0) {
- erec_queue(error(&@5, "packet limit burst must be > 0"),
+ struct limit_stmt *limit;
+
+ assert($<stmt>0->type == STMT_LIMIT);
+
+ if ($3 == 0) {
+ erec_queue(error(&@3, "packet limit burst must be > 0"),
state->msgs);
YYERROR;
}
- $$ = limit_stmt_alloc(&@$);
- $$->limit.rate = $4.rate;
- $$->limit.unit = $4.unit;
- $$->limit.burst = $5;
- $$->limit.type = NFT_LIMIT_PKTS;
- $$->limit.flags = $3;
+ limit = &$<stmt>0->limit;
+ limit->rate = $2.rate;
+ limit->unit = $2.unit;
+ limit->burst = $3;
+ limit->type = NFT_LIMIT_PKTS;
+ limit->flags = $1;
}
- | LIMIT RATE limit_mode limit_rate_bytes limit_burst_bytes close_scope_limit
+ | limit_mode limit_rate_bytes limit_burst_bytes
{
- $$ = limit_stmt_alloc(&@$);
- $$->limit.rate = $4.rate;
- $$->limit.unit = $4.unit;
- $$->limit.burst = $5;
- $$->limit.type = NFT_LIMIT_PKT_BYTES;
- $$->limit.flags = $3;
+ struct limit_stmt *limit;
+
+ assert($<stmt>0->type == STMT_LIMIT);
+
+ limit = &$<stmt>0->limit;
+ limit->rate = $2.rate;
+ limit->unit = $2.unit;
+ limit->burst = $3;
+ limit->type = NFT_LIMIT_PKT_BYTES;
+ limit->flags = $1;
}
;
@@ -4591,29 +4610,7 @@ set_elem_stmt_list : set_elem_stmt
;
set_elem_stmt : counter_stmt close_scope_counter
- | LIMIT RATE limit_mode limit_rate_pkts limit_burst_pkts close_scope_limit
- {
- if ($5 == 0) {
- erec_queue(error(&@5, "limit burst must be > 0"),
- state->msgs);
- YYERROR;
- }
- $$ = limit_stmt_alloc(&@$);
- $$->limit.rate = $4.rate;
- $$->limit.unit = $4.unit;
- $$->limit.burst = $5;
- $$->limit.type = NFT_LIMIT_PKTS;
- $$->limit.flags = $3;
- }
- | LIMIT RATE limit_mode limit_rate_bytes limit_burst_bytes close_scope_limit
- {
- $$ = limit_stmt_alloc(&@$);
- $$->limit.rate = $4.rate;
- $$->limit.unit = $4.unit;
- $$->limit.burst = $5;
- $$->limit.type = NFT_LIMIT_PKT_BYTES;
- $$->limit.flags = $3;
- }
+ | limit_stmt close_scope_limit
| CT COUNT NUM close_scope_ct
{
$$ = connlimit_stmt_alloc(&@$);
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH nft 3/5] parser_bison: consolidate quota grammar rule for set elements
2025-03-20 12:10 [PATCH nft 1/5] parser_bison: consolidate counter grammar rule for set elements Pablo Neira Ayuso
2025-03-20 12:10 ` [PATCH nft 2/5] parser_bison: consolidate limit " Pablo Neira Ayuso
@ 2025-03-20 12:10 ` Pablo Neira Ayuso
2025-03-20 12:10 ` [PATCH nft 4/5] parser_bison: consolidate last " Pablo Neira Ayuso
2025-03-20 12:10 ` [PATCH nft 5/5] parser_bison: consolidate connlimit " Pablo Neira Ayuso
3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2025-03-20 12:10 UTC (permalink / raw)
To: netfilter-devel
Define quota_stmt_alloc and quota_args to follow similar idiom that is
used for counters.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/parser_bison.y | 49 ++++++++++++++++++++++------------------------
1 file changed, 23 insertions(+), 26 deletions(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 1605c26df843..97b4ead58dbc 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -769,8 +769,8 @@ int nft_lex(void *, void *, void *);
%destructor { stmt_free($$); } stmt match_stmt verdict_stmt set_elem_stmt
%type <stmt> counter_stmt counter_stmt_alloc stateful_stmt last_stmt
%destructor { stmt_free($$); } counter_stmt counter_stmt_alloc stateful_stmt last_stmt
-%type <stmt> limit_stmt_alloc
-%destructor { stmt_free($$); } limit_stmt_alloc
+%type <stmt> limit_stmt_alloc quota_stmt_alloc
+%destructor { stmt_free($$); } limit_stmt_alloc quota_stmt_alloc
%type <stmt> objref_stmt objref_stmt_counter objref_stmt_limit objref_stmt_quota objref_stmt_ct objref_stmt_synproxy
%destructor { stmt_free($$); } objref_stmt objref_stmt_counter objref_stmt_limit objref_stmt_quota objref_stmt_ct objref_stmt_synproxy
@@ -3180,7 +3180,7 @@ objref_stmt : objref_stmt_counter
stateful_stmt : counter_stmt close_scope_counter
| limit_stmt close_scope_limit
- | quota_stmt
+ | quota_stmt close_scope_quota
| connlimit_stmt
| last_stmt close_scope_last
;
@@ -3530,21 +3530,33 @@ quota_used : /* empty */ { $$ = 0; }
}
;
-quota_stmt : QUOTA quota_mode NUM quota_unit quota_used close_scope_quota
+quota_stmt_alloc : QUOTA
+ {
+ $$ = quota_stmt_alloc(&@$);
+ }
+ ;
+
+quota_stmt : quota_stmt_alloc quota_args
+ ;
+
+quota_args : quota_mode NUM quota_unit quota_used
{
struct error_record *erec;
+ struct quota_stmt *quota;
uint64_t rate;
- erec = data_unit_parse(&@$, $4, &rate);
- free_const($4);
+ assert($<stmt>0->type == STMT_QUOTA);
+
+ erec = data_unit_parse(&@$, $3, &rate);
+ free_const($3);
if (erec != NULL) {
erec_queue(erec, state->msgs);
YYERROR;
}
- $$ = quota_stmt_alloc(&@$);
- $$->quota.bytes = $3 * rate;
- $$->quota.used = $5;
- $$->quota.flags = $2;
+ quota = &$<stmt>0->quota;
+ quota->bytes = $2 * rate;
+ quota->used = $4;
+ quota->flags = $1;
}
;
@@ -4622,22 +4634,7 @@ set_elem_stmt : counter_stmt close_scope_counter
$$->connlimit.count = $4;
$$->connlimit.flags = NFT_CONNLIMIT_F_INV;
}
- | QUOTA quota_mode NUM quota_unit quota_used close_scope_quota
- {
- struct error_record *erec;
- uint64_t rate;
-
- erec = data_unit_parse(&@$, $4, &rate);
- free_const($4);
- if (erec != NULL) {
- erec_queue(erec, state->msgs);
- YYERROR;
- }
- $$ = quota_stmt_alloc(&@$);
- $$->quota.bytes = $3 * rate;
- $$->quota.used = $5;
- $$->quota.flags = $2;
- }
+ | quota_stmt close_scope_quota
| LAST USED NEVER close_scope_last
{
$$ = last_stmt_alloc(&@$);
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH nft 4/5] parser_bison: consolidate last grammar rule for set elements
2025-03-20 12:10 [PATCH nft 1/5] parser_bison: consolidate counter grammar rule for set elements Pablo Neira Ayuso
2025-03-20 12:10 ` [PATCH nft 2/5] parser_bison: consolidate limit " Pablo Neira Ayuso
2025-03-20 12:10 ` [PATCH nft 3/5] parser_bison: consolidate quota " Pablo Neira Ayuso
@ 2025-03-20 12:10 ` Pablo Neira Ayuso
2025-03-20 12:10 ` [PATCH nft 5/5] parser_bison: consolidate connlimit " Pablo Neira Ayuso
3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2025-03-20 12:10 UTC (permalink / raw)
To: netfilter-devel
Define last_stmt_alloc and last_args to follow similar idiom that is
used for counters.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/parser_bison.y | 39 ++++++++++++++++++---------------------
1 file changed, 18 insertions(+), 21 deletions(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 97b4ead58dbc..c26c99b05830 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -769,8 +769,8 @@ int nft_lex(void *, void *, void *);
%destructor { stmt_free($$); } stmt match_stmt verdict_stmt set_elem_stmt
%type <stmt> counter_stmt counter_stmt_alloc stateful_stmt last_stmt
%destructor { stmt_free($$); } counter_stmt counter_stmt_alloc stateful_stmt last_stmt
-%type <stmt> limit_stmt_alloc quota_stmt_alloc
-%destructor { stmt_free($$); } limit_stmt_alloc quota_stmt_alloc
+%type <stmt> limit_stmt_alloc quota_stmt_alloc last_stmt_alloc
+%destructor { stmt_free($$); } limit_stmt_alloc quota_stmt_alloc last_stmt_alloc
%type <stmt> objref_stmt objref_stmt_counter objref_stmt_limit objref_stmt_quota objref_stmt_ct objref_stmt_synproxy
%destructor { stmt_free($$); } objref_stmt objref_stmt_counter objref_stmt_limit objref_stmt_quota objref_stmt_ct objref_stmt_synproxy
@@ -3318,19 +3318,25 @@ counter_arg : PACKETS NUM
}
;
-last_stmt : LAST
+last_stmt_alloc : LAST
{
$$ = last_stmt_alloc(&@$);
}
- | LAST USED NEVER
- {
- $$ = last_stmt_alloc(&@$);
- }
- | LAST USED time_spec
+ ;
+
+last_stmt : last_stmt_alloc
+ | last_stmt_alloc last_args
+ ;
+
+last_args : USED NEVER
+ | USED time_spec
{
- $$ = last_stmt_alloc(&@$);
- $$->last.used = $3;
- $$->last.set = true;
+ struct last_stmt *last;
+
+ assert($<stmt>0->type == STMT_LAST);
+ last = &$<stmt>0->last;
+ last->used = $2;
+ last->set = true;
}
;
@@ -4635,16 +4641,7 @@ set_elem_stmt : counter_stmt close_scope_counter
$$->connlimit.flags = NFT_CONNLIMIT_F_INV;
}
| quota_stmt close_scope_quota
- | LAST USED NEVER close_scope_last
- {
- $$ = last_stmt_alloc(&@$);
- }
- | LAST USED time_spec close_scope_last
- {
- $$ = last_stmt_alloc(&@$);
- $$->last.used = $3;
- $$->last.set = true;
- }
+ | last_stmt close_scope_last
;
set_elem_expr_option : TIMEOUT set_elem_time_spec
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH nft 5/5] parser_bison: consolidate connlimit grammar rule for set elements
2025-03-20 12:10 [PATCH nft 1/5] parser_bison: consolidate counter grammar rule for set elements Pablo Neira Ayuso
` (2 preceding siblings ...)
2025-03-20 12:10 ` [PATCH nft 4/5] parser_bison: consolidate last " Pablo Neira Ayuso
@ 2025-03-20 12:10 ` Pablo Neira Ayuso
3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2025-03-20 12:10 UTC (permalink / raw)
To: netfilter-devel
Define ct_limit_stmt_alloc and ct_limit_args to follow similar idiom
that is used for counters.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/parser_bison.y | 41 +++++++++++++++++++++--------------------
1 file changed, 21 insertions(+), 20 deletions(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index c26c99b05830..25fa69fb6f86 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -769,8 +769,8 @@ int nft_lex(void *, void *, void *);
%destructor { stmt_free($$); } stmt match_stmt verdict_stmt set_elem_stmt
%type <stmt> counter_stmt counter_stmt_alloc stateful_stmt last_stmt
%destructor { stmt_free($$); } counter_stmt counter_stmt_alloc stateful_stmt last_stmt
-%type <stmt> limit_stmt_alloc quota_stmt_alloc last_stmt_alloc
-%destructor { stmt_free($$); } limit_stmt_alloc quota_stmt_alloc last_stmt_alloc
+%type <stmt> limit_stmt_alloc quota_stmt_alloc last_stmt_alloc ct_limit_stmt_alloc
+%destructor { stmt_free($$); } limit_stmt_alloc quota_stmt_alloc last_stmt_alloc ct_limit_stmt_alloc
%type <stmt> objref_stmt objref_stmt_counter objref_stmt_limit objref_stmt_quota objref_stmt_ct objref_stmt_synproxy
%destructor { stmt_free($$); } objref_stmt objref_stmt_counter objref_stmt_limit objref_stmt_quota objref_stmt_ct objref_stmt_synproxy
@@ -3181,7 +3181,7 @@ objref_stmt : objref_stmt_counter
stateful_stmt : counter_stmt close_scope_counter
| limit_stmt close_scope_limit
| quota_stmt close_scope_quota
- | connlimit_stmt
+ | connlimit_stmt close_scope_ct
| last_stmt close_scope_last
;
@@ -3277,16 +3277,27 @@ verdict_map_list_member_expr: opt_newline set_elem_expr COLON verdict_expr opt_n
}
;
-connlimit_stmt : CT COUNT NUM close_scope_ct
+ct_limit_stmt_alloc : CT COUNT
{
$$ = connlimit_stmt_alloc(&@$);
- $$->connlimit.count = $3;
}
- | CT COUNT OVER NUM close_scope_ct
+ ;
+
+connlimit_stmt : ct_limit_stmt_alloc ct_limit_args
+ ;
+
+ct_limit_args : NUM
{
- $$ = connlimit_stmt_alloc(&@$);
- $$->connlimit.count = $4;
- $$->connlimit.flags = NFT_CONNLIMIT_F_INV;
+ assert($<stmt>0->type == STMT_CONNLIMIT);
+
+ $<stmt>0->connlimit.count = $1;
+ }
+ | OVER NUM
+ {
+ assert($<stmt>0->type == STMT_CONNLIMIT);
+
+ $<stmt>0->connlimit.count = $2;
+ $<stmt>0->connlimit.flags = NFT_CONNLIMIT_F_INV;
}
;
@@ -4629,17 +4640,7 @@ set_elem_stmt_list : set_elem_stmt
set_elem_stmt : counter_stmt close_scope_counter
| limit_stmt close_scope_limit
- | CT COUNT NUM close_scope_ct
- {
- $$ = connlimit_stmt_alloc(&@$);
- $$->connlimit.count = $3;
- }
- | CT COUNT OVER NUM close_scope_ct
- {
- $$ = connlimit_stmt_alloc(&@$);
- $$->connlimit.count = $4;
- $$->connlimit.flags = NFT_CONNLIMIT_F_INV;
- }
+ | connlimit_stmt close_scope_ct
| quota_stmt close_scope_quota
| last_stmt close_scope_last
;
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread