From patchwork Tue Sep 25 12:24:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 974372 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nwl.cc Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42KKyT0xXkz9s47 for ; Tue, 25 Sep 2018 22:24:49 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728865AbeIYScH (ORCPT ); Tue, 25 Sep 2018 14:32:07 -0400 Received: from orbyte.nwl.cc ([151.80.46.58]:44562 "EHLO orbyte.nwl.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728738AbeIYScH (ORCPT ); Tue, 25 Sep 2018 14:32:07 -0400 Received: from localhost ([::1]:52096 helo=tatos) by orbyte.nwl.cc with esmtp (Exim 4.90_1) (envelope-from ) id 1g4mOV-0007GK-Ox; Tue, 25 Sep 2018 14:24:47 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [nft PATCH 1/5] parser_bison: Fix for chain prio name 'out' Date: Tue, 25 Sep 2018 14:24:12 +0200 Message-Id: <20180925122416.15224-2-phil@nwl.cc> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180925122416.15224-1-phil@nwl.cc> References: <20180925122416.15224-1-phil@nwl.cc> MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Since 'out' is defined as a keyword in scanner.l, using it as a chain priority name without quotes is not possible. Fix this by introducing 'extended_prio_name' in bison which may be either a string (as before) or OUT, which is then converted into a string. Fixes: c8a0e8c90e2d1 ("src: Set/print standard chain prios with textual names") Signed-off-by: Phil Sutter --- src/parser_bison.y | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/parser_bison.y b/src/parser_bison.y index 1c68b4f4420e7..831090b66e8ec 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -541,6 +541,8 @@ int nft_lex(void *, void *, void *); %destructor { handle_free(&$$); } set_spec setid_spec set_identifier obj_spec objid_spec obj_identifier %type family_spec family_spec_explicit chain_policy int_num %type extended_prio_spec prio_spec +%type extended_prio_name +%destructor { xfree($$); } extended_prio_name %type dev_spec quota_unit %destructor { xfree($$); } dev_spec quota_unit @@ -1861,26 +1863,33 @@ prio_spec : PRIORITY extended_prio_spec } ; +extended_prio_name : OUT + { + $$ = strdup("out"); + } + | STRING + ; + extended_prio_spec : int_num { struct prio_spec spec = {0}; spec.num = $1; $$ = spec; } - | STRING + | extended_prio_name { struct prio_spec spec = {0}; spec.str = $1; $$ = spec; } - | STRING PLUS NUM + | extended_prio_name PLUS NUM { struct prio_spec spec = {0}; spec.num = $3; spec.str = $1; $$ = spec; } - | STRING DASH NUM + | extended_prio_name DASH NUM { struct prio_spec spec = {0}; spec.num = -$3; From patchwork Tue Sep 25 12:24:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 974373 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nwl.cc Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42KKyZ3Cchz9s7T for ; Tue, 25 Sep 2018 22:24:54 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728881AbeIYScM (ORCPT ); Tue, 25 Sep 2018 14:32:12 -0400 Received: from orbyte.nwl.cc ([151.80.46.58]:44568 "EHLO orbyte.nwl.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728721AbeIYScM (ORCPT ); Tue, 25 Sep 2018 14:32:12 -0400 Received: from localhost ([::1]:52102 helo=tatos) by orbyte.nwl.cc with esmtp (Exim 4.90_1) (envelope-from ) id 1g4mOb-0007Gh-2j; Tue, 25 Sep 2018 14:24:53 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [nft PATCH 2/5] tests: shell: Fix indenting in 0021prio_0 Date: Tue, 25 Sep 2018 14:24:13 +0200 Message-Id: <20180925122416.15224-3-phil@nwl.cc> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180925122416.15224-1-phil@nwl.cc> References: <20180925122416.15224-1-phil@nwl.cc> MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Pointless indenting doesn't increase readability, merely makes the script seem more complicated than it actually is. Signed-off-by: Phil Sutter --- tests/shell/testcases/chains/0021prio_0 | 67 ++++++++++++------------- 1 file changed, 33 insertions(+), 34 deletions(-) diff --git a/tests/shell/testcases/chains/0021prio_0 b/tests/shell/testcases/chains/0021prio_0 index ada1d92a047a0..b6647ac24ad10 100755 --- a/tests/shell/testcases/chains/0021prio_0 +++ b/tests/shell/testcases/chains/0021prio_0 @@ -47,51 +47,50 @@ do done hook=prerouting - prioname=dstnat - gen_chains $family $hook $prioname + prioname=dstnat + gen_chains $family $hook $prioname hook=postrouting - prioname=srcnat - gen_chains $family $hook $prioname + prioname=srcnat + gen_chains $family $hook $prioname done family=arp - $NFT add table $family x - for hook in input output - do - prioname=filter - gen_chains $family $hook $prioname - done +$NFT add table $family x +for hook in input output +do + prioname=filter + gen_chains $family $hook $prioname +done family=netdev - $NFT add table $family x - hook=ingress - prioname=filter - for i in -11 -10 0 10 11 - do - offset=`format_offset $i` - $NFT add chain $family x `chainname $hook $prioname $offset` "{ type filter hook $hook device lo priority $prioname $offset; }" - done +$NFT add table $family x +hook=ingress +prioname=filter +for i in -11 -10 0 10 11 +do + offset=`format_offset $i` + $NFT add chain $family x `chainname $hook $prioname $offset` "{ type filter hook $hook device lo priority $prioname $offset; }" +done family=bridge - $NFT add table $family x - for hook in prerouting input forward output postrouting - do - prioname=filter - gen_chains $family $hook $prioname - done - - hook=prerouting - prioname=dstnat - gen_chains $family $hook $prioname +$NFT add table $family x +for hook in prerouting input forward output postrouting +do + prioname=filter + gen_chains $family $hook $prioname +done - hook=output - prioname=out - gen_chains $family $hook $prioname +hook=prerouting +prioname=dstnat +gen_chains $family $hook $prioname - hook=postrouting - prioname=srcnat - gen_chains $family $hook $prioname +hook=output +prioname=out +gen_chains $family $hook $prioname +hook=postrouting +prioname=srcnat +gen_chains $family $hook $prioname From patchwork Tue Sep 25 12:24:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 974369 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nwl.cc Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42KKy95kcWz9s47 for ; Tue, 25 Sep 2018 22:24:33 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728873AbeIYSbv (ORCPT ); Tue, 25 Sep 2018 14:31:51 -0400 Received: from orbyte.nwl.cc ([151.80.46.58]:44544 "EHLO orbyte.nwl.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728738AbeIYSbv (ORCPT ); Tue, 25 Sep 2018 14:31:51 -0400 Received: from localhost ([::1]:52078 helo=tatos) by orbyte.nwl.cc with esmtp (Exim 4.90_1) (envelope-from ) id 1g4mOF-0007FJ-QL; Tue, 25 Sep 2018 14:24:31 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [nft PATCH 3/5] tests: shell: Drop one-time use variables in 0021prio_0 Date: Tue, 25 Sep 2018 14:24:14 +0200 Message-Id: <20180925122416.15224-4-phil@nwl.cc> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180925122416.15224-1-phil@nwl.cc> References: <20180925122416.15224-1-phil@nwl.cc> MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org There is really no point in declaring a variable which is used just once. Also mark function local variables as such to make sure they don't overwrite global ones. Signed-off-by: Phil Sutter --- tests/shell/testcases/chains/0021prio_0 | 45 +++++++++---------------- 1 file changed, 15 insertions(+), 30 deletions(-) diff --git a/tests/shell/testcases/chains/0021prio_0 b/tests/shell/testcases/chains/0021prio_0 index b6647ac24ad10..82f52e33cc2af 100755 --- a/tests/shell/testcases/chains/0021prio_0 +++ b/tests/shell/testcases/chains/0021prio_0 @@ -3,7 +3,7 @@ set -e format_offset () { - i=$1 + local i=$1 if ((i == 0)) then echo "" @@ -16,21 +16,21 @@ format_offset () { } chainname () { - hook=$1 - prioname=$2 - priooffset=$3 + local hook=$1 + local prioname=$2 + local priooffset=$3 echo "${hook}${prioname}${priooffset}" | tr "\-+" "mp" } gen_chains () { - family=$1 - hook=$2 - prioname=$3 + local family=$1 + local hook=$2 + local prioname=$3 for i in -11 -10 0 10 11 do - offset=`format_offset $i` + local offset=`format_offset $i` $NFT add chain $family x `chainname $hook $prioname $offset` "{ type filter hook $hook priority $prioname $offset; }" done } @@ -46,13 +46,8 @@ do done done - hook=prerouting - prioname=dstnat - gen_chains $family $hook $prioname - - hook=postrouting - prioname=srcnat - gen_chains $family $hook $prioname + gen_chains $family prerouting dstnat + gen_chains $family postrouting srcnat done @@ -60,8 +55,7 @@ family=arp $NFT add table $family x for hook in input output do - prioname=filter - gen_chains $family $hook $prioname + gen_chains $family $hook filter done @@ -79,18 +73,9 @@ family=bridge $NFT add table $family x for hook in prerouting input forward output postrouting do - prioname=filter - gen_chains $family $hook $prioname + gen_chains $family $hook filter done -hook=prerouting -prioname=dstnat -gen_chains $family $hook $prioname - -hook=output -prioname=out -gen_chains $family $hook $prioname - -hook=postrouting -prioname=srcnat -gen_chains $family $hook $prioname +gen_chains $family prerouting dstnat +gen_chains $family output out +gen_chains $family postrouting srcnat From patchwork Tue Sep 25 12:24:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 974370 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nwl.cc Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42KKyG3wmsz9s47 for ; Tue, 25 Sep 2018 22:24:38 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728915AbeIYSb4 (ORCPT ); Tue, 25 Sep 2018 14:31:56 -0400 Received: from orbyte.nwl.cc ([151.80.46.58]:44550 "EHLO orbyte.nwl.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728738AbeIYSb4 (ORCPT ); Tue, 25 Sep 2018 14:31:56 -0400 Received: from localhost ([::1]:52084 helo=tatos) by orbyte.nwl.cc with esmtp (Exim 4.90_1) (envelope-from ) id 1g4mOL-0007Fe-4X; Tue, 25 Sep 2018 14:24:37 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [nft PATCH 4/5] tests: shell: Improve gen_chains() in 0021prio_0 Date: Tue, 25 Sep 2018 14:24:15 +0200 Message-Id: <20180925122416.15224-5-phil@nwl.cc> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180925122416.15224-1-phil@nwl.cc> References: <20180925122416.15224-1-phil@nwl.cc> MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Enhance the function to accept an optional fourth parameter specifying the device name, then use it for netdev family. Also remove dubled empty lines and instead put together what belongs together. Signed-off-by: Phil Sutter --- tests/shell/testcases/chains/0021prio_0 | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/tests/shell/testcases/chains/0021prio_0 b/tests/shell/testcases/chains/0021prio_0 index 82f52e33cc2af..b54b6fae32c63 100755 --- a/tests/shell/testcases/chains/0021prio_0 +++ b/tests/shell/testcases/chains/0021prio_0 @@ -27,11 +27,13 @@ gen_chains () { local family=$1 local hook=$2 local prioname=$3 + local device=${4:+device $4} for i in -11 -10 0 10 11 do local offset=`format_offset $i` - $NFT add chain $family x `chainname $hook $prioname $offset` "{ type filter hook $hook priority $prioname $offset; }" + local chainname=`chainname $hook $prioname $offset` + $NFT add chain $family x $chainname "{ type filter hook $hook $device priority $prioname $offset; }" done } @@ -50,7 +52,6 @@ do gen_chains $family postrouting srcnat done - family=arp $NFT add table $family x for hook in input output @@ -58,16 +59,9 @@ do gen_chains $family $hook filter done - family=netdev $NFT add table $family x -hook=ingress -prioname=filter -for i in -11 -10 0 10 11 -do - offset=`format_offset $i` - $NFT add chain $family x `chainname $hook $prioname $offset` "{ type filter hook $hook device lo priority $prioname $offset; }" -done +gen_chains $family ingress filter lo family=bridge $NFT add table $family x @@ -75,7 +69,6 @@ for hook in prerouting input forward output postrouting do gen_chains $family $hook filter done - gen_chains $family prerouting dstnat gen_chains $family output out gen_chains $family postrouting srcnat From patchwork Tue Sep 25 12:24:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 974371 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nwl.cc Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42KKyP0mzzz9s47 for ; Tue, 25 Sep 2018 22:24:45 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728960AbeIYScC (ORCPT ); Tue, 25 Sep 2018 14:32:02 -0400 Received: from orbyte.nwl.cc ([151.80.46.58]:44556 "EHLO orbyte.nwl.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728738AbeIYScC (ORCPT ); Tue, 25 Sep 2018 14:32:02 -0400 Received: from localhost ([::1]:52090 helo=tatos) by orbyte.nwl.cc with esmtp (Exim 4.90_1) (envelope-from ) id 1g4mOQ-0007Fz-Eg; Tue, 25 Sep 2018 14:24:42 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [nft PATCH 5/5] tests: shell: Improve performance of 0021prio_0 Date: Tue, 25 Sep 2018 14:24:16 +0200 Message-Id: <20180925122416.15224-6-phil@nwl.cc> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180925122416.15224-1-phil@nwl.cc> References: <20180925122416.15224-1-phil@nwl.cc> MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This test called nft binary 391 times and took about 38s to complete on my testing VM. Improve this by writing all commands into a temporary file for processing in a single nft call. Reduces run-time to about 4s. Interestingly, piping the sub-process's output directly into 'nft -f -' leads to spurious errors (parser complaining about perfectly fine syntax). It seems like handling large input this way is not possible. Signed-off-by: Phil Sutter --- tests/shell/testcases/chains/0021prio_0 | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/tests/shell/testcases/chains/0021prio_0 b/tests/shell/testcases/chains/0021prio_0 index b54b6fae32c63..e761297492baf 100755 --- a/tests/shell/testcases/chains/0021prio_0 +++ b/tests/shell/testcases/chains/0021prio_0 @@ -32,14 +32,22 @@ gen_chains () { for i in -11 -10 0 10 11 do local offset=`format_offset $i` - local chainname=`chainname $hook $prioname $offset` - $NFT add chain $family x $chainname "{ type filter hook $hook $device priority $prioname $offset; }" + local cmd="add chain $family x" + cmd+=" `chainname $hook $prioname $offset` {" + cmd+=" type filter hook $hook $device" + cmd+=" priority $prioname $offset; }" + echo "$cmd" done } +tmpfile=$(mktemp) +trap "rm $tmpfile" EXIT + +( + for family in ip ip6 inet do - $NFT add table $family x + echo "add table $family x" for hook in prerouting input forward output postrouting do for prioname in raw mangle filter security @@ -47,24 +55,23 @@ do gen_chains $family $hook $prioname done done - gen_chains $family prerouting dstnat gen_chains $family postrouting srcnat done family=arp -$NFT add table $family x +echo "add table $family x" for hook in input output do gen_chains $family $hook filter done family=netdev -$NFT add table $family x +echo "add table $family x" gen_chains $family ingress filter lo family=bridge -$NFT add table $family x +echo "add table $family x" for hook in prerouting input forward output postrouting do gen_chains $family $hook filter @@ -72,3 +79,6 @@ done gen_chains $family prerouting dstnat gen_chains $family output out gen_chains $family postrouting srcnat + +) >$tmpfile +$NFT -f $tmpfile