From: Pablo Neira Ayuso Date: Fri, 1 Mar 2024 12:59:36 +0000 (+0100) Subject: parser: allow to define maps that contain timeouts and expectations X-Git-Tag: v1.0.6.1~227 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c0f25cc6076d3a816867ca7e7aba4d53e60cc62a;p=thirdparty%2Fnftables.git parser: allow to define maps that contain timeouts and expectations commit bb2054cfd99097973d98e231066297e9e8632a61 upstream. Its currently not possible to use ct timeouts/expectations/helpers in objref maps, bison parser lacks the relevant keywords. This change adds support for timeouts and expectations. Ct helpers are more problematic, this will come in a different change. Support is only added for the "typeof" keyword, otherwise we'd need to add pseudo-datatypes as well, but making "ct expectation" available as "type" as well might be confusing. Signed-off-by: Florian Westphal --- diff --git a/src/parser_bison.y b/src/parser_bison.y index 6291f4f3..83bb5ef3 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -717,7 +717,7 @@ int nft_lex(void *, void *, void *); %type map_block_alloc map_block %destructor { set_free($$); } map_block_alloc -%type map_block_obj_type map_block_data_interval +%type map_block_obj_type map_block_obj_typeof map_block_data_interval %type flowtable_block_alloc flowtable_block %destructor { flowtable_free($$); } flowtable_block_alloc @@ -947,7 +947,7 @@ int nft_lex(void *, void *, void *); %destructor { expr_free($$); } exthdr_exists_expr %type exthdr_key -%type ct_l4protoname ct_obj_type ct_cmd_type +%type ct_l4protoname ct_obj_type ct_cmd_type ct_obj_type_map %type timeout_states timeout_state %destructor { xfree($$); } timeout_states timeout_state @@ -2088,6 +2088,10 @@ map_block_alloc : /* empty */ } ; +ct_obj_type_map : TIMEOUT { $$ = NFT_OBJECT_CT_TIMEOUT; } + | EXPECTATION { $$ = NFT_OBJECT_CT_EXPECT; } + ; + map_block_obj_type : COUNTER close_scope_counter { $$ = NFT_OBJECT_COUNTER; } | QUOTA close_scope_quota { $$ = NFT_OBJECT_QUOTA; } | LIMIT close_scope_limit { $$ = NFT_OBJECT_LIMIT; } @@ -2095,6 +2099,10 @@ map_block_obj_type : COUNTER close_scope_counter { $$ = NFT_OBJECT_COUNTER; } | SYNPROXY close_scope_synproxy { $$ = NFT_OBJECT_SYNPROXY; } ; +map_block_obj_typeof : map_block_obj_type + | CT ct_obj_type_map close_scope_ct { $$ = $2; } + ; + map_block_data_interval : INTERVAL { $$ = EXPR_F_INTERVAL; } | { $$ = 0; } ; @@ -2160,7 +2168,7 @@ map_block : /* empty */ { $$ = $-1; } $$ = $1; } | map_block TYPEOF - typeof_expr COLON map_block_obj_type + typeof_expr COLON map_block_obj_typeof stmt_separator { $1->key = $3;