<v2: attach the patch this time...>
The current syntax when handling chains seems counterintuitive to me. I would
expect that "add chain" would have the name of the chain directly after the
keyword "chain". But instead, the name of the table is there, with the chain
after. I think a better syntax might be this:
add chain <table>/<chain>
which seems clearer to me. And it has the added benefit of following the
"everything is a file" paradigm. Who knows - maybe someday we can add a sysfs
interface for nftables, and this will fit nicely within a tree:
nftables
tables
chains
rules
Thoughts? Attached patch is a general proof of concept.
Phil
diff --git a/src/parser.y b/src/parser.y
index a49e5c2..5f6fed0 100644
--- a/src/parser.y
+++ b/src/parser.y
@@ -833,10 +833,10 @@ tables_spec : family_spec
}
;
-chain_spec : table_spec identifier
+chain_spec : table_spec SLASH identifier
{
$$ = $1;
- $$.chain = $2;
+ $$.chain = $3;
}
;
diff --git a/src/scanner.l b/src/scanner.l
index cee6aa6..ba1dcdf 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -111,7 +111,7 @@ decstring {digit}+
hexstring 0[xX]{hexdigit}+
range ({decstring}?:{decstring}?)
letter [a-zA-Z]
-string ({letter})({letter}|{digit}|[/\-_\.])*
+string ({letter})({letter}|{digit}|[\-_\.])*
quotedstring \"[^"]*\"
comment #.*$
slash \/
