From patchwork Fri Aug 16 14:42:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Westphal X-Patchwork-Id: 1148265 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=strlen.de Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 4695gz5h1yz9sN6 for ; Sat, 17 Aug 2019 00:44:47 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727291AbfHPOor (ORCPT ); Fri, 16 Aug 2019 10:44:47 -0400 Received: from Chamillionaire.breakpoint.cc ([193.142.43.52]:46164 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727245AbfHPOoq (ORCPT ); Fri, 16 Aug 2019 10:44:46 -0400 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.89) (envelope-from ) id 1hydTB-0002nN-2w; Fri, 16 Aug 2019 16:44:45 +0200 From: Florian Westphal To: Subject: [PATCH nftables 0/8] add typeof keyword Date: Fri, 16 Aug 2019 16:42:33 +0200 Message-Id: <20190816144241.11469-1-fw@strlen.de> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This patch series adds the typeof keyword. The only dependency is a small change to libnftnl to add two new UDATA_SET_TYPEOF enum values. named set can be configured as follows: set os { type typeof(osf name) elements = { "Linux", "Windows" } } or nft add set ip filter allowed "{ type typeof(ip daddr) . typeof(tcp dport); }" ... which is the same as the "old" 'type ipv4_addr . inet_service". The type is stored in the kernel via the udata set infrastructure, on listing -- if a udata type is present -- nft will validate that this type matches the set key length. This initial submission doesn't include a documentation update because I'd like to get feedback on the chosen syntax first. Florian Westphal (8): src: libnftnl: run single-initcalls only once src: libnftnl: split nft_ctx_new/free src: store expr, not dtype to track data in sets src: parser: add syntax to provide bitsize for non-spcific types src: add "typeof" keyword src: add "typeof" print support src: netlink: remove assertion tests: add typeof test cases include/datatype.h | 1 include/netlink.h | 1 include/nftables.h | 3 include/rule.h | 6 src/datatype.c | 5 src/evaluate.c | 58 ++++-- src/expression.c | 2 src/json.c | 4 src/libnftables.c | 48 +++-- src/mnl.c | 39 ++++ src/monitor.c | 2 src/netlink.c | 176 ++++++++++++++++++--- src/netlink_delinearize.c | 15 + src/parser_bison.y | 26 ++- src/parser_json.c | 8 src/rule.c | 35 +++- src/scanner.l | 1 src/segtree.c | 8 tests/shell/testcases/maps/dumps/typeof_maps_0.nft | 16 + tests/shell/testcases/maps/typeof_maps_0 | 26 +++ tests/shell/testcases/sets/dumps/typeof_sets_0.nft | 31 +++ tests/shell/testcases/sets/typeof_sets_0 | 40 ++++ 22 files changed, 459 insertions(+), 92 deletions(-)