... and remove those keywords we no longer need.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
extern struct error_record *ct_dir_parse(const struct location *loc,
const char *str, int8_t *dir);
+extern struct error_record *ct_key_parse(const struct location *loc, const char *str,
+ unsigned int *key);
#endif /* NFTABLES_CT_H */
return error(loc, "Could not parse direction %s", str);
}
+struct error_record *ct_key_parse(const struct location *loc, const char *str,
+ unsigned int *key)
+{
+ int ret, len, offset = 0;
+ const char *sep = "";
+ unsigned int i;
+ char buf[1024];
+ size_t size;
+
+ for (i = 0; i < array_size(ct_templates); i++) {
+ if (!ct_templates[i].token || strcmp(ct_templates[i].token, str))
+ continue;
+
+ *key = i;
+ return NULL;
+ }
+
+ len = (int)sizeof(buf);
+ size = sizeof(buf);
+
+ for (i = 0; i < array_size(ct_templates); i++) {
+ if (!ct_templates[i].token)
+ continue;
+
+ if (offset)
+ sep = ", ";
+
+ ret = snprintf(buf+offset, len, "%s%s", sep, ct_templates[i].token);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ assert(offset < (int)sizeof(buf));
+ }
+
+ return error(loc, "syntax error, unexpected %s, known keys are %s", str, buf);
+}
+
struct expr *ct_expr_alloc(const struct location *loc, enum nft_ct_keys key,
int8_t direction)
{
{
$$ = ct_expr_alloc(&@$, $2, -1);
}
+ | CT STRING
+ {
+ struct error_record *erec;
+ unsigned int key;
+
+ erec = ct_key_parse(&@$, $2, &key);
+ if (erec != NULL) {
+ erec_queue(erec, state->msgs);
+ YYERROR;
+ }
+
+ $$ = ct_expr_alloc(&@$, key, -1);
+ }
| CT STRING ct_key_dir
{
struct error_record *erec;
}
;
-ct_key : STATE { $$ = NFT_CT_STATE; }
- | DIRECTION { $$ = NFT_CT_DIRECTION; }
- | STATUS { $$ = NFT_CT_STATUS; }
- | MARK { $$ = NFT_CT_MARK; }
- | EXPIRATION { $$ = NFT_CT_EXPIRATION; }
- | HELPER { $$ = NFT_CT_HELPER; }
- | LABEL { $$ = NFT_CT_LABELS; }
- | L3PROTOCOL { $$ = NFT_CT_L3PROTOCOL; }
- | PROTOCOL { $$ = NFT_CT_PROTOCOL; }
+ct_key : MARK { $$ = NFT_CT_MARK; }
| ct_key_counters
;
ct_key_dir : SADDR { $$ = NFT_CT_SRC; }
{
$$ = ct_stmt_alloc(&@$, $2, $4);
}
+ | CT STRING SET expr
+ {
+ struct error_record *erec;
+ unsigned int key;
+
+ erec = ct_key_parse(&@$, $2, &key);
+ if (erec != NULL) {
+ erec_queue(erec, state->msgs);
+ YYERROR;
+ }
+
+ $$ = ct_stmt_alloc(&@$, key, $4);
+ }
;
payload_stmt : payload_expr SET expr
"cgroup" { return CGROUP; }
"ct" { return CT; }
-"direction" { return DIRECTION; }
-"state" { return STATE; }
-"status" { return STATUS; }
-"expiration" { return EXPIRATION; }
-"helper" { return HELPER; }
"l3proto" { return L3PROTOCOL; }
"proto-src" { return PROTO_SRC; }
"proto-dst" { return PROTO_DST; }
-"label" { return LABEL; }
"numgen" { return NUMGEN; }
"inc" { return INC; }
ct label 127;ok
ct label set 127;ok
ct label 128;fail
+
+ct invalid;fail
+ct invalid original;fail
+ct set invalid original 42;fail
+ct set invalid 42;fail
projects / thirdparty / nftables.git / commitdiff
