Patchwork [2/2,nft] scanner: fix parsing of tc handle

login
register
mail settings
Submitter Pablo Neira
Date Feb. 13, 2014, 11:41 a.m.
Message ID <1392291672-7885-2-git-send-email-pablo@netfilter.org>
Download mbox | patch
Permalink /patch/319965/
State Deferred
Headers show

Comments

Pablo Neira - Feb. 13, 2014, 11:41 a.m.
hexstring:hexstring
hexstring:
:hexstring
---
The spaces to separate the key and the action in dictionaries is very
important, otherwise (with this patch) the scanner misinterprets this.

 # nft add filter input tcp dport vmap { 25:drop }
 <cmdline>:1:41-43: Error: syntax error, unexpected string, expecting comma or '}'
 add rule filter input tcp dport vmap { 25:drop }
                                        ^^^
I think we can just document this, I don't see any better solution for this
at this moment.

 src/scanner.l |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
Patrick McHardy - Feb. 13, 2014, 11:51 a.m.
On Thu, Feb 13, 2014 at 12:41:12PM +0100, Pablo Neira Ayuso wrote:
> hexstring:hexstring
> hexstring:
> :hexstring
> ---
> The spaces to separate the key and the action in dictionaries is very
> important, otherwise (with this patch) the scanner misinterprets this.
> 
>  # nft add filter input tcp dport vmap { 25:drop }
>  <cmdline>:1:41-43: Error: syntax error, unexpected string, expecting comma or '}'
>  add rule filter input tcp dport vmap { 25:drop }
>                                         ^^^
> I think we can just document this, I don't see any better solution for this
> at this moment.

Let me try if I can come up with something ...

> 
>  src/scanner.l |    7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/src/scanner.l b/src/scanner.l
> index e4cb398..ea61fa0 100644
> --- a/src/scanner.l
> +++ b/src/scanner.l
> @@ -109,7 +109,7 @@ digit		[0-9]
>  hexdigit	[0-9a-fA-F]
>  decstring	{digit}+
>  hexstring	0[xX]{hexdigit}+
> -range		({decstring}?:{decstring}?)
> +priostring	{hexdigit}{0,4}:{hexdigit}{0,4}
>  letter		[a-zA-Z]
>  string		({letter})({letter}|{digit}|[/\-_\.])*
>  quotedstring	\"[^"]*\"
> @@ -447,6 +447,11 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
>  				return STRING;
>  			}
>  
> +{priostring}		{
> +				yylval->string = xstrdup(yytext);
> +				return STRING;
> +			}
> +
>  \\{newline}		{
>  				reset_pos(yyget_extra(yyscanner), yylloc);
>  			}
> -- 
> 1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Patrick McHardy - Feb. 13, 2014, 1:01 p.m.
On Thu, Feb 13, 2014 at 11:51:12AM +0000, Patrick McHardy wrote:
> On Thu, Feb 13, 2014 at 12:41:12PM +0100, Pablo Neira Ayuso wrote:
> > hexstring:hexstring
> > hexstring:
> > :hexstring
> > ---
> > The spaces to separate the key and the action in dictionaries is very
> > important, otherwise (with this patch) the scanner misinterprets this.
> > 
> >  # nft add filter input tcp dport vmap { 25:drop }
> >  <cmdline>:1:41-43: Error: syntax error, unexpected string, expecting comma or '}'
> >  add rule filter input tcp dport vmap { 25:drop }
> >                                         ^^^
> > I think we can just document this, I don't see any better solution for this
> > at this moment.
> 
> Let me try if I can come up with something ...

I think we might be able to do something with flex "trailing contexts",
though I didn't manage to figure it out yet.

Generally it seems like using a ':' in maps might not be the best idea
after all, its used for too many other things already. This might be
the reason why I initially used =>, not sure anymore.

Is there a reasonable alternative to ':' with a single character?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Mart Frauenlob - Feb. 13, 2014, 1:08 p.m.
On 13.02.2014 14:01, Patrick McHardy wrote:
...

> Generally it seems like using a ':' in maps might not be the best idea
> after all, its used for too many other things already. This might be
> the reason why I initially used =>, not sure anymore.
>
> Is there a reasonable alternative to ':' with a single character?

x = y or x=y sounds and looks very reasonable and fitting the case to 
me, would it break something else?

Thanks


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Patrick McHardy - Feb. 13, 2014, 1:21 p.m.
On Thu, Feb 13, 2014 at 02:08:17PM +0100, Mart Frauenlob wrote:
> On 13.02.2014 14:01, Patrick McHardy wrote:
> ...
> 
> >Generally it seems like using a ':' in maps might not be the best idea
> >after all, its used for too many other things already. This might be
> >the reason why I initially used =>, not sure anymore.
> >
> >Is there a reasonable alternative to ':' with a single character?
> 
> x = y or x=y sounds and looks very reasonable and fitting the case
> to me, would it break something else?

I've thought about this myself, it should prevent these problems, though
I actually don't like it very much. Just my taste though, I still hope
we can come up with something in the lexer.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira - Feb. 13, 2014, 1:31 p.m.
On Thu, Feb 13, 2014 at 01:01:03PM +0000, Patrick McHardy wrote:
> On Thu, Feb 13, 2014 at 11:51:12AM +0000, Patrick McHardy wrote:
> > On Thu, Feb 13, 2014 at 12:41:12PM +0100, Pablo Neira Ayuso wrote:
> > > hexstring:hexstring
> > > hexstring:
> > > :hexstring
> > > ---
> > > The spaces to separate the key and the action in dictionaries is very
> > > important, otherwise (with this patch) the scanner misinterprets this.
> > > 
> > >  # nft add filter input tcp dport vmap { 25:drop }
> > >  <cmdline>:1:41-43: Error: syntax error, unexpected string, expecting comma or '}'
> > >  add rule filter input tcp dport vmap { 25:drop }
> > >                                         ^^^
> > > I think we can just document this, I don't see any better solution for this
> > > at this moment.
> > 
> > Let me try if I can come up with something ...
> 
> I think we might be able to do something with flex "trailing contexts",
> though I didn't manage to figure it out yet.
> 
> Generally it seems like using a ':' in maps might not be the best idea
> after all, its used for too many other things already. This might be
> the reason why I initially used =>, not sure anymore.
> 
> Is there a reasonable alternative to ':' with a single character?

Everything seems pretty overloaded, and I still like that python uses
this for dictionaries.

I think even bash and gcc provide bad error reporting if one space is
missing in a for/while statement or a missing bracket is left out.

Let's check if that trailing context can help us to fix it, if not,
just document it.

We can revisit the scanner/parser at some point. I checked antlr but I
don't think their C library API is very stable / ready for third party
project. But not now, we already have quite a lot of work in many
other fronts :)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Patrick McHardy - Feb. 13, 2014, 1:36 p.m.
On Thu, Feb 13, 2014 at 02:31:37PM +0100, Pablo Neira Ayuso wrote:
> On Thu, Feb 13, 2014 at 01:01:03PM +0000, Patrick McHardy wrote:
> > On Thu, Feb 13, 2014 at 11:51:12AM +0000, Patrick McHardy wrote:
> > 
> > I think we might be able to do something with flex "trailing contexts",
> > though I didn't manage to figure it out yet.
> > 
> > Generally it seems like using a ':' in maps might not be the best idea
> > after all, its used for too many other things already. This might be
> > the reason why I initially used =>, not sure anymore.
> > 
> > Is there a reasonable alternative to ':' with a single character?
> 
> Everything seems pretty overloaded, and I still like that python uses
> this for dictionaries.

I also thing this would be the nicest way to express this.

> I think even bash and gcc provide bad error reporting if one space is
> missing in a for/while statement or a missing bracket is left out.
> 
> Let's check if that trailing context can help us to fix it, if not,
> just document it.

I think I almost got it using:

{priostring}/[ \t\n:]   {

Only thing missing is EOF handling, IOW when the priostring is the last
expression on the command line (not in files) it fails.

I also changed priostring to:

priostring      ({hexdigit}{1,4}:{hexdigit}{0,4})|({hexdigit}{0,4}:{hexdigit}{1,4})

since it otherwise also matches a single ':'. I'll try again later, have
to take care of other things first.

> We can revisit the scanner/parser at some point. I checked antlr but I
> don't think their C library API is very stable / ready for third party
> project. But not now, we already have quite a lot of work in many
> other fronts :)

Yeah, this is something for the future.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/src/scanner.l b/src/scanner.l
index e4cb398..ea61fa0 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -109,7 +109,7 @@  digit		[0-9]
 hexdigit	[0-9a-fA-F]
 decstring	{digit}+
 hexstring	0[xX]{hexdigit}+
-range		({decstring}?:{decstring}?)
+priostring	{hexdigit}{0,4}:{hexdigit}{0,4}
 letter		[a-zA-Z]
 string		({letter})({letter}|{digit}|[/\-_\.])*
 quotedstring	\"[^"]*\"
@@ -447,6 +447,11 @@  addrstring	({macaddr}|{ip4addr}|{ip6addr})
 				return STRING;
 			}
 
+{priostring}		{
+				yylval->string = xstrdup(yytext);
+				return STRING;
+			}
+
 \\{newline}		{
 				reset_pos(yyget_extra(yyscanner), yylloc);
 			}