struct mnl_socket;
struct parser_state;
+struct scope;
#define MAX_INCLUDE_DEPTH 16
uint32_t flags;
struct parser_state *state;
void *scanner;
+ struct scope *top_scope;
void *json_root;
FILE *f[MAX_INCLUDE_DEPTH];
};
struct list_head *msgs;
unsigned int nerrs;
- struct scope top_scope;
struct scope *scopes[SCOPE_NEST_MAX];
unsigned int scope;
struct mnl_socket;
extern void parser_init(struct nft_ctx *nft, struct parser_state *state,
- struct list_head *msgs, struct list_head *cmds);
+ struct list_head *msgs, struct list_head *cmds,
+ struct scope *top_scope);
extern int nft_parse(struct nft_ctx *ctx, void *, struct parser_state *state);
extern void *scanner_init(struct parser_state *state);
struct list_head symbols;
};
+extern struct scope *scope_alloc(void);
extern struct scope *scope_init(struct scope *scope, const struct scope *parent);
extern void scope_release(const struct scope *scope);
+extern void scope_free(struct scope *scope);
/**
* struct symbol
nft_ctx_add_include_path(ctx, DEFAULT_INCLUDE_PATH);
ctx->parser_max_errors = 10;
init_list_head(&ctx->cache.list);
+ ctx->top_scope = scope_alloc();
ctx->flags = flags;
ctx->output.output_fp = stdout;
ctx->output.error_fp = stderr;
iface_cache_release();
cache_release(&ctx->cache);
nft_ctx_clear_include_paths(ctx);
+ scope_free(ctx->top_scope);
xfree(ctx->state);
nft_exit(ctx);
xfree(ctx);
{
int ret;
- parser_init(nft, nft->state, msgs, cmds);
+ parser_init(nft, nft->state, msgs, cmds, nft->top_scope);
nft->scanner = scanner_init(nft->state);
scanner_push_buffer(nft->scanner, &indesc_cmdline, buf);
{
int ret;
- parser_init(nft, nft->state, msgs, cmds);
+ parser_init(nft, nft->state, msgs, cmds, nft->top_scope);
nft->scanner = scanner_init(nft->state);
if (scanner_read_file(nft, filename, &internal_location) < 0)
return -1;
#include "parser_bison.h"
void parser_init(struct nft_ctx *nft, struct parser_state *state,
- struct list_head *msgs, struct list_head *cmds)
+ struct list_head *msgs, struct list_head *cmds,
+ struct scope *top_scope)
{
memset(state, 0, sizeof(*state));
- init_list_head(&state->top_scope.symbols);
state->msgs = msgs;
state->cmds = cmds;
- state->scopes[0] = scope_init(&state->top_scope, NULL);
+ state->scopes[0] = scope_init(top_scope, NULL);
init_list_head(&state->indesc_list);
}
return NULL;
}
+struct scope *scope_alloc(void)
+{
+ struct scope *scope = xzalloc(sizeof(struct scope));
+
+ init_list_head(&scope->symbols);
+
+ return scope;
+}
+
struct scope *scope_init(struct scope *scope, const struct scope *parent)
{
scope->parent = parent;
}
}
+void scope_free(struct scope *scope)
+{
+ scope_release(scope);
+ xfree(scope);
+}
+
void symbol_bind(struct scope *scope, const char *identifier, struct expr *expr)
{
struct symbol *sym;
--- /dev/null
+#!/bin/bash
+
+set -e
+
+# test if using defines in interactive nft sessions works
+
+$NFT -i >/dev/null <<EOF
+add table inet t
+add chain inet t c
+define ports = { 22, 443 }
+add rule inet t c tcp dport \$ports accept
+add rule inet t c udp dport \$ports accept
+EOF
+
+$NFT -i >/dev/null <<EOF
+define port = 22
+flush chain inet t c
+redefine port = 443
+delete chain inet t c
+undefine port
+delete table inet t
+EOF
projects / thirdparty / nftables.git / commitdiff
