From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [nft PATCH 2/6] parser_bison: Introduce tokens for chain types
Date: Tue, 9 Dec 2025 17:45:37 +0100 [thread overview]
Message-ID: <20251209164541.13425-3-phil@nwl.cc> (raw)
In-Reply-To: <20251209164541.13425-1-phil@nwl.cc>
Use the already existing SCANSTATE_TYPE for keyword scoping.
This is a bit of back-n-forth from string to token and back to string
but it eliminates the helper function and also takes care of error
handling.
Note that JSON parser does not validate the type string at all but
relies upon the kernel to reject wrong ones.
---
Changes since RFC:
- Fix for leaking chain_type token.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
include/rule.h | 1 -
src/parser_bison.y | 28 ++++++++++++++--------------
src/rule.c | 19 -------------------
src/scanner.l | 6 ++++++
4 files changed, 20 insertions(+), 34 deletions(-)
diff --git a/include/rule.h b/include/rule.h
index e67a01522d318..7c704be846485 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -260,7 +260,6 @@ struct chain {
#define STD_PRIO_BUFSIZE 100
extern int std_prio_lookup(const char *std_prio_name, int family, int hook);
-extern const char *chain_type_name_lookup(const char *name);
extern const char *chain_hookname_lookup(const char *name);
extern struct chain *chain_alloc(void);
extern struct chain *chain_get(struct chain *chain);
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 96d0e151b1586..405fe8f2690ca 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -715,6 +715,10 @@ int nft_lex(void *, void *, void *);
%token XT "xt"
+%token FILTER "filter"
+%token NAT "nat"
+%token ROUTE "route"
+
%type <limit_rate> limit_rate_pkts
%type <limit_rate> limit_rate_bytes
@@ -1034,6 +1038,9 @@ int nft_lex(void *, void *, void *);
%type <expr> set_elem_key_expr
%destructor { expr_free($$); } set_elem_key_expr
+%type <string> chain_type
+%destructor { free_const($$); } chain_type
+
%%
input : /* empty */
@@ -2736,22 +2743,10 @@ type_identifier : STRING { $$ = $1; }
| CLASSID { $$ = xstrdup("classid"); }
;
-hook_spec : TYPE close_scope_type STRING HOOK STRING dev_spec prio_spec
+hook_spec : TYPE chain_type close_scope_type HOOK STRING dev_spec prio_spec
{
- const char *chain_type = chain_type_name_lookup($3);
-
- if (chain_type == NULL) {
- erec_queue(error(&@3, "unknown chain type"),
- state->msgs);
- free_const($3);
- free_const($5);
- expr_free($6);
- expr_free($7.expr);
- YYERROR;
- }
$<chain>0->type.loc = @3;
- $<chain>0->type.str = xstrdup(chain_type);
- free_const($3);
+ $<chain>0->type.str = $2;
$<chain>0->loc = @$;
$<chain>0->hook.loc = @5;
@@ -2772,6 +2767,11 @@ hook_spec : TYPE close_scope_type STRING HOOK STRING dev_spec prio_spec
}
;
+chain_type : FILTER { $$ = xstrdup("filter"); }
+ | NAT { $$ = xstrdup("nat"); }
+ | ROUTE { $$ = xstrdup("route"); }
+ ;
+
prio_spec : PRIORITY extended_prio_spec
{
$$ = $2;
diff --git a/src/rule.c b/src/rule.c
index dabc16204f108..c32e08319d149 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -676,25 +676,6 @@ struct symbol *symbol_lookup_fuzzy(const struct scope *scope,
return st.obj;
}
-static const char * const chain_type_str_array[] = {
- "filter",
- "nat",
- "route",
- NULL,
-};
-
-const char *chain_type_name_lookup(const char *name)
-{
- int i;
-
- for (i = 0; chain_type_str_array[i]; i++) {
- if (!strcmp(name, chain_type_str_array[i]))
- return chain_type_str_array[i];
- }
-
- return NULL;
-}
-
static const char * const chain_hookname_str_array[] = {
"prerouting",
"input",
diff --git a/src/scanner.l b/src/scanner.l
index 99ace05773816..b397a147ef9bd 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -858,6 +858,12 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"out" { return OUT; }
}
+<SCANSTATE_TYPE>{
+ "filter" { return FILTER; }
+ "nat" { return NAT; }
+ "route" { return ROUTE; }
+}
+
"secmark" { scanner_push_start_cond(yyscanner, SCANSTATE_SECMARK); return SECMARK; }
"xt" { scanner_push_start_cond(yyscanner, SCANSTATE_XT); return XT; }
--
2.51.0
next prev parent reply other threads:[~2025-12-09 16:45 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-09 16:45 [nft PATCH 0/6] parser_bison: Less STRING more tokens Phil Sutter
2025-12-09 16:45 ` [nft PATCH 1/6] parser_bison: Introduce tokens for monitor events Phil Sutter
2025-12-09 16:45 ` Phil Sutter [this message]
2025-12-09 16:45 ` [nft PATCH 3/6] parser_bison: Introduce tokens for osf ttl values Phil Sutter
2025-12-09 16:45 ` [nft PATCH 4/6] parser_bison: Introduce tokens for log levels Phil Sutter
2025-12-09 16:45 ` [nft PATCH 5/6] parser_bison: Introduce bytes_unit Phil Sutter
2025-12-09 16:45 ` [nft PATCH 6/6] scanner: Introduce SCANSTATE_RATE Phil Sutter
2026-01-20 14:35 ` Florian Westphal
2026-01-20 16:28 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251209164541.13425-3-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox