| Message ID | 20180605143051.19274-1-david.fabian@bosson.cz |
|---|---|
| Headers | show |
| Series | Added support for per-file variable scopes and global variables | expand |
Hello, any news about my patch?
On Tue, Aug 28, 2018 at 09:16:45AM +0200, David Fabian wrote: > Hello, > > any news about my patch? Do you need this? I thought the redefine support already in was enough.
Hello Pablo, yes, this series of patches adds proper scoping to the flat notation and also adds global variables. It opens new possibilities for scripting in a bash-like syntax and is also more secure since adjacent includes do not inherit variables. One can very easily organize FW definitions into multiple files an e.g. put all global constants into a single file. That's how we did it and it works very well for us.
This series of patches follows a discussion brought here about adding support for deeper variable scopes especially in the flat notation. These patches add a new variable scope to each include statement. The new scope is a child of the parent scope (script in which the include resides). All variables in the parent are still accessible in the child but the parent cannot access child variables. This effectively creates a tree hierarchy and with the support of redefine, one can even mask inherited variables in the child scopes. Sibling scopes are not accessible from each other. If one wants to have some global definitions in a separate script and not pollute the top-level script, one can use a new keyword global in the define like: global define global_var=eth0 This puts $global_var to the top-level scope which is accessible from everywhere and it survives any include. Global re-definitions and undefines are also supported. This verion of the patch changes the order of global and define in the syntax to maintain backwards compatibility with older scripts which may have tried to define a variable called global. David Fabian (4): Added implicit variable scope to each include command to support local variables Added support for global variable definitions. Global variables live only in the top-level scope and can be accessed from anywhere. They are unloaded at the end of parsing. Refactoring of indesc hierarchy. Indesc structure is now bound to scopes. Fixed issues with glob includes incorrectly increase the inclusion depth value. The entire scope tree gets cleaned up at the end of parsing now to properly support displaying of error messages. Added tests for nested file-based scopes include/nftables.h | 10 +- include/parser.h | 19 +- include/rule.h | 20 +- src/libnftables.c | 2 + src/parser_bison.y | 399 ++++++++++++++++++++- src/rule.c | 72 +++- src/scanner.l | 109 +++--- tests/shell/testcases/include/0016sibling_scopes_0 | 33 ++ .../shell/testcases/include/0017scope_hierarchy_0 | 39 ++ tests/shell/testcases/include/0018global_define_0 | 38 ++ tests/shell/testcases/include/0019global_define_1 | 20 ++ .../include/dumps/0016sibling_scopes_0.nft | 0 .../include/dumps/0017scope_hierarchy_0.nft | 0 .../include/dumps/0018global_define_0.nft | 0 14 files changed, 654 insertions(+), 107 deletions(-) mode change 100644 => 100755 src/parser_bison.y mode change 100644 => 100755 src/scanner.l create mode 100755 tests/shell/testcases/include/0016sibling_scopes_0 create mode 100755 tests/shell/testcases/include/0017scope_hierarchy_0 create mode 100755 tests/shell/testcases/include/0018global_define_0 create mode 100755 tests/shell/testcases/include/0019global_define_1 create mode 100644 tests/shell/testcases/include/dumps/0016sibling_scopes_0.nft create mode 100644 tests/shell/testcases/include/dumps/0017scope_hierarchy_0.nft create mode 100644 tests/shell/testcases/include/dumps/0018global_define_0.nft