This patch adds option '-D' with optarg in form test="foo" to define variable to be referenced from input file.
For eg. nft -D test="foo" -f /tmp/test1 Signed-off-by: Harsha Sharma <[email protected]> --- This patch passes identifier and its value as nft_ctx struct members and binds variable with symbol_bind and when symbol_lookup is called while parsing, then comparison returns true, but this patch causes segmentation fault. include/nftables.h | 6 ++++++ include/nftables/nftables.h | 2 ++ include/parser.h | 3 ++- src/libnftables.c | 11 +++++++++-- src/main.c | 18 +++++++++++++++++- src/parser_bison.y | 7 ++++++- 6 files changed, 42 insertions(+), 5 deletions(-) diff --git a/include/nftables.h b/include/nftables.h index 3bfa33e..50b8102 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -21,6 +21,11 @@ struct nft_cache { uint32_t seqnum; }; +struct nft_variable { + const char *identifier; + const char *expr_value; +}; + struct mnl_socket; struct nft_ctx { @@ -32,6 +37,7 @@ struct nft_ctx { struct output_ctx output; bool check; struct nft_cache cache; + struct nft_variable variable; uint32_t flags; }; diff --git a/include/nftables/nftables.h b/include/nftables/nftables.h index 8e59f2b..a06a202 100644 --- a/include/nftables/nftables.h +++ b/include/nftables/nftables.h @@ -55,6 +55,8 @@ bool nft_ctx_output_get_handle(struct nft_ctx *ctx); void nft_ctx_output_set_handle(struct nft_ctx *ctx, bool val); bool nft_ctx_output_get_echo(struct nft_ctx *ctx); void nft_ctx_output_set_echo(struct nft_ctx *ctx, bool val); +void nft_ctx_output_set_variable(struct nft_ctx *ctx, char *identifier, + char *expr_value); FILE *nft_ctx_set_output(struct nft_ctx *ctx, FILE *fp); int nft_ctx_add_include_path(struct nft_ctx *ctx, const char *path); diff --git a/include/parser.h b/include/parser.h index 0bdb3fa..46981fe 100644 --- a/include/parser.h +++ b/include/parser.h @@ -33,7 +33,8 @@ struct mnl_socket; extern void parser_init(struct mnl_socket *nf_sock, struct nft_cache *cache, struct parser_state *state, struct list_head *msgs, - unsigned int debug_level, struct output_ctx *octx); + unsigned int debug_level, struct output_ctx *octx, + struct nft_variable *variable); extern int nft_parse(struct nft_ctx *ctx, void *, struct parser_state *state); extern void *scanner_init(struct parser_state *state); diff --git a/src/libnftables.c b/src/libnftables.c index c86d894..b34cea3 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -269,6 +269,13 @@ void nft_ctx_output_set_echo(struct nft_ctx *ctx, bool val) ctx->output.echo = val; } +void nft_ctx_output_set_variable(struct nft_ctx *ctx, char *identifier, + char *expr_value) +{ + ctx->variable.identifier = identifier; + ctx->variable.expr_value = expr_value; +} + static const struct input_descriptor indesc_cmdline = { .type = INDESC_BUFFER, .name = "<cmdline>", @@ -283,7 +290,7 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, char *buf, size_t buflen) FILE *fp; parser_init(nft->nf_sock, &nft->cache, &state, - &msgs, nft->debug_mask, &nft->output); + &msgs, nft->debug_mask, &nft->output, &nft->variable); scanner = scanner_init(&state); scanner_push_buffer(scanner, &indesc_cmdline, buf); @@ -313,7 +320,7 @@ int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename) return -1; parser_init(nft->nf_sock, &nft->cache, &state, - &msgs, nft->debug_mask, &nft->output); + &msgs, nft->debug_mask, &nft->output, &nft->variable); scanner = scanner_init(&state); if (scanner_read_file(scanner, filename, &internal_location) < 0) { rc = -1; diff --git a/src/main.c b/src/main.c index 353b87b..d9402cf 100644 --- a/src/main.c +++ b/src/main.c @@ -37,10 +37,11 @@ enum opt_vals { OPT_DEBUG = 'd', OPT_HANDLE_OUTPUT = 'a', OPT_ECHO = 'e', + OPT_VARIABLE = 'D', OPT_INVALID = '?', }; -#define OPTSTRING "hvcf:iI:vnsNae" +#define OPTSTRING "hvcf:iI:vnsNaeD:" static const struct option options[] = { { @@ -95,6 +96,11 @@ static const struct option options[] = { .val = OPT_ECHO, }, { + .name = "variable", + .val = OPT_VARIABLE, + .has_arg = 1, + }, + { .name = NULL } }; @@ -119,6 +125,7 @@ static void show_help(const char *name) " -N Translate IP addresses to names.\n" " -a, --handle Output rule handle.\n" " -e, --echo Echo what has been added, inserted or replaced.\n" +" -D, --define Define variable names from command line for using in nft input file.\n" " -I, --includepath <directory> Add <directory> to the paths searched for include files. Default is: %s\n" " --debug <level [,level...]> Specify debugging level (scanner, parser, eval, netlink, mnl, proto-ctx, segtree, all)\n" "\n", @@ -166,6 +173,7 @@ static const struct { int main(int argc, char * const *argv) { char *buf = NULL, *filename = NULL; + char *identifier = NULL, *expr_value = NULL; enum nft_numeric_level numeric; bool interactive = false; unsigned int debug_mask; @@ -255,6 +263,14 @@ int main(int argc, char * const *argv) case OPT_ECHO: nft_ctx_output_set_echo(nft, true); break; + case OPT_VARIABLE: + { + const char *search = "="; + identifier = strtok(optarg, search); + expr_value = strtok(NULL, search); + nft_ctx_output_set_variable(nft, identifier, expr_value); + break; + } case OPT_INVALID: exit(EXIT_FAILURE); } diff --git a/src/parser_bison.y b/src/parser_bison.y index 6e85a62..f382add 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -37,7 +37,8 @@ void parser_init(struct mnl_socket *nf_sock, struct nft_cache *cache, struct parser_state *state, struct list_head *msgs, - unsigned int debug_mask, struct output_ctx *octx) + unsigned int debug_mask, struct output_ctx *octx, + struct nft_variable *variable) { memset(state, 0, sizeof(*state)); init_list_head(&state->cmds); @@ -49,6 +50,10 @@ void parser_init(struct mnl_socket *nf_sock, struct nft_cache *cache, state->ectx.nf_sock = nf_sock; state->ectx.debug_mask = debug_mask; state->ectx.octx = octx; + if (variable->identifier != NULL) { + struct expr *expr = (struct expr *) variable->expr_value; + symbol_bind(state->scopes[state->scope], variable->identifier, expr); + } } static void yyerror(struct location *loc, struct nft_ctx *nft, void *scanner, -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
