return expr;
}
+static bool already_set(const void *attr, const struct location *loc,
+ struct parser_state *state)
+{
+ if (!attr)
+ return false;
+
+ erec_queue(error(loc, "You can only specify this once. This statement is duplicated."),
+ state->msgs);
+ return true;
+}
+
#define YYLLOC_DEFAULT(Current, Rhs, N) location_update(&Current, Rhs, N)
#define symbol_value(loc, str) \
}
| comment_spec
{
+ if (already_set($<table>0->comment, &@$, state)) {
+ xfree($1);
+ YYERROR;
+ }
$<table>0->comment = $1;
}
;
| set_block set_mechanism stmt_separator
| set_block comment_spec stmt_separator
{
+ if (already_set($1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$1->comment = $2;
$$ = $1;
}
}
| map_block comment_spec stmt_separator
{
+ if (already_set($1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$1->comment = $2;
$$ = $1;
}
}
| counter_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
}
| quota_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
}
| ct_helper_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
}
| ct_timeout_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
}
| ct_expect_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
}
| limit_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
}
| secmark_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
}
| synproxy_block comment_spec
{
+ if (already_set($<obj>1->comment, &@2, state)) {
+ xfree($2);
+ YYERROR;
+ }
$<obj>1->comment = $2;
}
;
}
| comment_spec
{
+ if (already_set($<expr>0->comment, &@1, state)) {
+ xfree($1);
+ YYERROR;
+ }
$<expr>0->comment = $1;
}
;
}
| comment_spec
{
+ if (already_set($<expr>0->comment, &@1, state)) {
+ xfree($1);
+ YYERROR;
+ }
$<expr>0->comment = $1;
}
;
--- /dev/null
+#!/bin/bash
+
+EXPECTED='table ip filter {
+ quota q {
+ over 1200 bytes
+ comment "test1"
+ comment "test1"
+ }
+}
+'
+
+$NFT -f - <<< "$EXPECTED"
+if [ $? -eq 0 ]
+then
+ exit 1
+fi
+
+EXPECTED='table ip filter {
+ counter c {
+ packets 0 bytes 0
+ comment "test2"
+ comment "test2"
+ }
+}
+'
+
+$NFT -f - <<< "$EXPECTED"
+if [ $? -eq 0 ]
+then
+ exit 1
+fi
+
+EXPECTED='table ip filter {
+ ct helper h {
+ type "sip" protocol tcp
+ l3proto ip
+ comment "test3"
+ comment "test3"
+ }
+}
+'
+
+$NFT -f - <<< "$EXPECTED"
+if [ $? -eq 0 ]
+then
+ exit 1
+fi
+
+EXPECTED='table ip filter {
+ ct expectation e {
+ protocol tcp
+ dport 666
+ timeout 100ms
+ size 96
+ l3proto ip
+ comment "test4"
+ comment "test4"
+ }
+}
+'
+
+$NFT -f - <<< "$EXPECTED"
+if [ $? -eq 0 ]
+then
+ exit 1
+fi
+
+EXPECTED='table ip filter {
+ limit l {
+ rate 400/hour
+ comment "test5"
+ comment "test5"
+ }
+}
+'
+
+$NFT -f - <<< "$EXPECTED"
+if [ $? -eq 0 ]
+then
+ exit 1
+fi
+
+EXPECTED='table ip filter {
+ synproxy s {
+ mss 1460
+ wscale 2
+ comment "test6"
+ comment "test6"
+ }
+}
+'
+
+$NFT -f - <<< "$EXPECTED"
+if [ $? -eq 0 ]
+then
+ exit 1
+fi
projects / thirdparty / nftables.git / commitdiff
