struct set *set;
struct obj *obj;
struct flowtable *flowtable;
- struct counter *counter;
- struct quota *quota;
- struct secmark *secmark;
- struct synproxy *synproxy;
struct ct *ct;
- struct limit *limit;
const struct datatype *datatype;
struct handle_spec handle_spec;
struct position_spec position_spec;
%destructor { xfree($$); } monitor_event
%type <val> monitor_object monitor_format
-%type <counter> counter_config
-%destructor { xfree($$); } counter_config
-%type <quota> quota_config
-%destructor { xfree($$); } quota_config
-%type <limit> limit_config
-%destructor { xfree($$); } limit_config
-%type <secmark> secmark_config
-%destructor { xfree($$); } secmark_config
-%type <synproxy> synproxy_config
-%destructor { xfree($$); } synproxy_config
%type <val> synproxy_ts synproxy_sack
%type <expr> tcp_hdr_expr
handle_merge(&obj->handle, &$2);
$$ = cmd_alloc(CMD_ADD, CMD_OBJ_COUNTER, &$2, &@$, obj);
}
- | COUNTER obj_spec counter_obj
+ | COUNTER obj_spec counter_obj counter_config
{
$$ = cmd_alloc(CMD_ADD, CMD_OBJ_COUNTER, &$2, &@$, $3);
}
- | QUOTA obj_spec quota_obj
+ | QUOTA obj_spec quota_obj quota_config
{
$$ = cmd_alloc(CMD_ADD, CMD_OBJ_QUOTA, &$2, &@$, $3);
}
| CT HELPER obj_spec ct_obj_alloc '{' ct_helper_block '}'
{
-
$$ = cmd_alloc_obj_ct(CMD_ADD, NFT_OBJECT_CT_HELPER, &$3, &@$, $4);
}
| CT TIMEOUT obj_spec ct_obj_alloc '{' ct_timeout_block '}'
{
$$ = cmd_alloc_obj_ct(CMD_ADD, NFT_OBJECT_CT_EXPECT, &$3, &@$, $4);
}
- | LIMIT obj_spec limit_obj
+ | LIMIT obj_spec limit_obj limit_config
{
$$ = cmd_alloc(CMD_ADD, CMD_OBJ_LIMIT, &$2, &@$, $3);
}
- | SECMARK obj_spec secmark_obj
+ | SECMARK obj_spec secmark_obj secmark_config
{
$$ = cmd_alloc(CMD_ADD, CMD_OBJ_SECMARK, &$2, &@$, $3);
}
- | SYNPROXY obj_spec synproxy_obj
+ | SYNPROXY obj_spec synproxy_obj synproxy_config
{
$$ = cmd_alloc(CMD_ADD, CMD_OBJ_SYNPROXY, &$2, &@$, $3);
}
handle_merge(&obj->handle, &$2);
$$ = cmd_alloc(CMD_CREATE, CMD_OBJ_COUNTER, &$2, &@$, obj);
}
- | COUNTER obj_spec counter_obj
+ | COUNTER obj_spec counter_obj counter_config
{
$$ = cmd_alloc(CMD_CREATE, CMD_OBJ_COUNTER, &$2, &@$, $3);
}
- | QUOTA obj_spec quota_obj
+ | QUOTA obj_spec quota_obj quota_config
{
$$ = cmd_alloc(CMD_CREATE, CMD_OBJ_QUOTA, &$2, &@$, $3);
}
{
$$ = cmd_alloc_obj_ct(CMD_CREATE, NFT_OBJECT_CT_EXPECT, &$3, &@$, $4);
}
- | LIMIT obj_spec limit_obj
+ | LIMIT obj_spec limit_obj limit_config
{
$$ = cmd_alloc(CMD_CREATE, CMD_OBJ_LIMIT, &$2, &@$, $3);
}
- | SECMARK obj_spec secmark_obj
+ | SECMARK obj_spec secmark_obj secmark_config
{
$$ = cmd_alloc(CMD_CREATE, CMD_OBJ_SECMARK, &$2, &@$, $3);
}
- | SYNPROXY obj_spec synproxy_obj
+ | SYNPROXY obj_spec synproxy_obj synproxy_config
{
$$ = cmd_alloc(CMD_CREATE, CMD_OBJ_SYNPROXY, &$2, &@$, $3);
}
| counter_block stmt_separator
| counter_block counter_config
{
- $1->counter = *$2;
$$ = $1;
}
;
| quota_block stmt_separator
| quota_block quota_config
{
- $1->quota = *$2;
$$ = $1;
}
;
| limit_block stmt_separator
| limit_block limit_config
{
- $1->limit = *$2;
$$ = $1;
}
;
| secmark_block stmt_separator
| secmark_block secmark_config
{
- $1->secmark = *$2;
$$ = $1;
}
;
| synproxy_block stmt_separator
| synproxy_block synproxy_config
{
- $1->synproxy = *$2;
$$ = $1;
}
;
struct synproxy *synproxy;
uint32_t flags = 0;
- synproxy = xzalloc(sizeof(*synproxy));
+ synproxy = &$<obj>0->synproxy;
synproxy->mss = $2;
flags |= NF_SYNPROXY_OPT_MSS;
synproxy->wscale = $4;
if ($6)
flags |= $6;
synproxy->flags = flags;
- $$ = synproxy;
}
| MSS NUM stmt_separator WSCALE NUM stmt_separator synproxy_ts synproxy_sack
{
struct synproxy *synproxy;
uint32_t flags = 0;
- synproxy = xzalloc(sizeof(*synproxy));
+ synproxy = &$<obj>0->synproxy;
synproxy->mss = $2;
flags |= NF_SYNPROXY_OPT_MSS;
synproxy->wscale = $5;
if ($8)
flags |= $8;
synproxy->flags = flags;
- $$ = synproxy;
}
;
-synproxy_obj : synproxy_config
+synproxy_obj : /* empty */
{
$$ = obj_alloc(&@$);
$$->type = NFT_OBJECT_SYNPROXY;
- $$->synproxy = *$1;
}
;
{
struct counter *counter;
- counter = xzalloc(sizeof(*counter));
+ counter = &$<obj>0->counter;
counter->packets = $2;
counter->bytes = $4;
- $$ = counter;
}
;
-counter_obj : counter_config
+counter_obj : /* empty */
{
$$ = obj_alloc(&@$);
$$->type = NFT_OBJECT_COUNTER;
- $$->counter = *$1;
}
;
YYERROR;
}
- quota = xzalloc(sizeof(*quota));
+ quota = &$<obj>0->quota;
quota->bytes = $2 * rate;
quota->used = $4;
quota->flags = $1;
- $$ = quota;
}
;
-quota_obj : quota_config
+quota_obj : /* empty */
{
$$ = obj_alloc(&@$);
$$->type = NFT_OBJECT_QUOTA;
- $$->quota = *$1;
}
;
{
int ret;
struct secmark *secmark;
- secmark = xzalloc(sizeof(*secmark));
+
+ secmark = &$<obj>0->secmark;
ret = snprintf(secmark->ctx, sizeof(secmark->ctx), "%s", $1);
if (ret <= 0 || ret >= (int)sizeof(secmark->ctx)) {
erec_queue(error(&@1, "invalid context '%s', max length is %u\n", $1, (int)sizeof(secmark->ctx)), state->msgs);
+ xfree($1);
YYERROR;
}
- $$ = secmark;
+ xfree($1);
}
;
-secmark_obj : secmark_config
+secmark_obj : /* empty */
{
$$ = obj_alloc(&@$);
$$->type = NFT_OBJECT_SECMARK;
- $$->secmark = *$1;
}
;
}
;
-ct_obj_alloc :
+ct_obj_alloc : /* empty */
{
$$ = obj_alloc(&@$);
}
limit_config : RATE limit_mode NUM SLASH time_unit limit_burst_pkts
{
struct limit *limit;
- limit = xzalloc(sizeof(*limit));
+
+ limit = &$<obj>0->limit;
limit->rate = $3;
limit->unit = $5;
limit->burst = $6;
limit->type = NFT_LIMIT_PKTS;
limit->flags = $2;
- $$ = limit;
}
| RATE limit_mode NUM STRING limit_burst_bytes
{
YYERROR;
}
- limit = xzalloc(sizeof(*limit));
+ limit = &$<obj>0->limit;
limit->rate = rate * $3;
limit->unit = unit;
limit->burst = $5;
limit->type = NFT_LIMIT_PKT_BYTES;
limit->flags = $2;
- $$ = limit;
}
;
-limit_obj : limit_config
+limit_obj : /* empty */
{
$$ = obj_alloc(&@$);
$$->type = NFT_OBJECT_LIMIT;
- $$->limit = *$1;
}
;
projects / thirdparty / nftables.git / commitdiff
