Global variables live only in the top-level scope and can be accessed from anywhere. They are unloaded at the end of parsing. Global definitions cannot contain local variables because those may get deleted when the local scope goes away and the subsequent use of the global would lead to a SIGSEGV. --- include/rule.h | 5 +- src/parser_bison.y | 335 ++++++++++++++++++++++++++++++++++++++++++++++++++++- src/rule.c | 15 ++- src/scanner.l | 1 + 4 files changed, 347 insertions(+), 9 deletions(-) mode change 100644 => 100755 src/parser_bison.y mode change 100644 => 100755 src/scanner.l diff --git a/include/rule.h b/include/rule.h index cfecf7f..8991025 100644 --- a/include/rule.h +++ b/include/rule.h @@ -109,8 +109,9 @@ extern void symbol_bind(struct scope *scope, const char *identifier, struct expr *expr); extern int symbol_unbind(const struct scope *scope, const char *identifier); extern struct symbol *symbol_lookup(const struct scope *scope, - const char *identifier); -struct symbol *symbol_get(const struct scope *scope, const char *identifier); + const char *identifier, int *global); +struct symbol *symbol_get(const struct scope *scope, const char *identifier, + int *global); enum table_flags { TABLE_F_DORMANT = (1 << 0), diff --git a/src/parser_bison.y b/src/parser_bison.y old mode 100644 new mode 100755 index 16a1f75..4500aac --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -62,6 +62,11 @@ static void yyerror(struct location *loc, struct nft_ctx *nft, void *scanner, erec_queue(error(loc, "%s", s), state->msgs); } +static struct scope *toplevel_scope(const struct parser_state *state) +{ + return state->scopes[0]; +} + struct scope *current_scope(const struct parser_state *state) { return state->scopes[state->scope]; @@ -192,6 +197,7 @@ int nft_lex(void *, void *, void *); %token DEFINE "define" %token REDEFINE "redefine" %token UNDEFINE "undefine" +%token GLOBAL "global" %token FIB "fib" @@ -739,6 +745,18 @@ int nft_lex(void *, void *, void *); %type <val> ct_l4protoname ct_obj_type +%type <expr> global_list_rhs_expr global_rhs_expr global_variable_expr global_basic_rhs_expr global_primary_rhs_expr global_symbol_expr +%destructor { expr_free($$); } global_list_rhs_expr global_rhs_expr global_variable_expr global_basic_rhs_expr global_primary_rhs_expr global_symbol_expr + +%type <expr> global_set_lhs_expr global_set_rhs_expr global_shift_rhs_expr global_and_rhs_expr global_exclusive_or_rhs_expr global_inclusive_or_rhs_expr +%destructor { expr_free($$); } global_set_lhs_expr global_set_rhs_expr global_shift_rhs_expr global_and_rhs_expr global_exclusive_or_rhs_expr global_inclusive_or_rhs_expr + +%type <expr> global_concat_rhs_expr global_prefix_rhs_expr global_initializer_expr +%destructor { expr_free($$); } global_concat_rhs_expr global_prefix_rhs_expr global_initializer_expr + +%type <expr> global_range_rhs_expr global_set_list_expr global_set_list_member_expr global_set_elem_expr_alloc global_set_expr global_set_elem_expr global_multiton_rhs_expr +%destructor { expr_free($$); } global_range_rhs_expr global_set_list_expr global_set_list_member_expr global_set_elem_expr_alloc global_set_expr global_set_elem_expr global_multiton_rhs_expr + %% input : /* empty */ @@ -780,7 +798,7 @@ common_block : INCLUDE QUOTED_STRING stmt_separator { struct scope *scope = current_scope(state); - if (symbol_lookup(scope, $2) != NULL) { + if (symbol_lookup(scope, $2, NULL) != NULL) { erec_queue(error(&@2, "redefinition of symbol '%s'", $2), state->msgs); xfree($2); @@ -807,8 +825,43 @@ common_block : INCLUDE QUOTED_STRING stmt_separator state->msgs); YYERROR; } + xfree($2); } + | GLOBAL DEFINE identifier '=' global_initializer_expr stmt_separator + { + struct scope *scope = toplevel_scope(state); + + if (symbol_lookup(scope, $3, NULL) != NULL) { + erec_queue(error(&@2, "redefinition of global symbol '%s'", $3), + state->msgs); + xfree($3); + expr_free($5); + YYERROR; + } + + symbol_bind(scope, $3, $5); + xfree($3); + } + | GLOBAL REDEFINE identifier '=' global_initializer_expr stmt_separator + { + struct scope *scope = toplevel_scope(state); + + symbol_bind(scope, $3, $5); + xfree($3); + } + | GLOBAL UNDEFINE identifier stmt_separator + { + struct scope *scope = toplevel_scope(state); + + if (symbol_unbind(scope, $3) < 0) { + erec_queue(error(&@2, "undefined global symbol '%s'", $3), + state->msgs); + YYERROR; + } + + xfree($3); + } | error stmt_separator { if (++state->nerrs == nft->parser_max_errors) @@ -2823,8 +2876,9 @@ variable_expr : '$' identifier { struct scope *scope = current_scope(state); struct symbol *sym; + int global; - sym = symbol_get(scope, $2); + sym = symbol_get(scope, $2, &global); if (!sym) { erec_queue(error(&@2, "unknown identifier '%s'", $2), state->msgs); @@ -2832,7 +2886,13 @@ variable_expr : '$' identifier YYERROR; } - $$ = variable_expr_alloc(&@$, scope, sym); + if (global) + /* global variables can only access top-level scope + this prevents SIGSEGVs when the local scope in which + the global is used has been freed */ + $$ = variable_expr_alloc(&@$, toplevel_scope(state), sym); + else + $$ = variable_expr_alloc(&@$, scope, sym); xfree($2); } ; @@ -4093,4 +4153,273 @@ exthdr_key : HBH { $$ = IPPROTO_HOPOPTS; } | MH { $$ = IPPROTO_MH; } ; +global_initializer_expr : global_rhs_expr + | global_list_rhs_expr + ; + +global_list_rhs_expr : global_basic_rhs_expr COMMA global_basic_rhs_expr + { + $$ = list_expr_alloc(&@$); + compound_expr_add($$, $1); + compound_expr_add($$, $3); + } + | global_list_rhs_expr COMMA global_basic_rhs_expr + { + $1->location = @$; + compound_expr_add($1, $3); + $$ = $1; + } + ; + +global_rhs_expr : global_concat_rhs_expr { $$ = $1; } + | global_multiton_rhs_expr { $$ = $1; } + | global_set_expr { $$ = $1; } + ; + +global_variable_expr : '$' identifier + { + struct scope *scope = toplevel_scope(state); + struct symbol *sym; + + sym = symbol_get(scope, $2, NULL); + if (!sym) { + scope = current_scope(state); + if (symbol_lookup(scope, $2, NULL) != NULL) { + erec_queue(error(&@2, "local variable '%s' not allowed in global definition", $2), + state->msgs); + } else { + erec_queue(error(&@2, "unknown identifier '%s'", $2), + state->msgs); + } + xfree($2); + YYERROR; + } + $$ = variable_expr_alloc(&@$, scope, sym); + xfree($2); + } + ; + +global_symbol_expr : global_variable_expr + | string + { + $$ = symbol_expr_alloc(&@$, SYMBOL_VALUE, + toplevel_scope(state), + $1); + xfree($1); + } + | AT identifier + { + $$ = symbol_expr_alloc(&@$, SYMBOL_SET, + toplevel_scope(state), + $2); + xfree($2); + } + ; + +global_primary_rhs_expr : global_symbol_expr { $$ = $1; } + | integer_expr { $$ = $1; } + | boolean_expr { $$ = $1; } + | keyword_expr { $$ = $1; } + | TCP + { + uint8_t data = IPPROTO_TCP; + $$ = constant_expr_alloc(&@$, &inet_protocol_type, + BYTEORDER_HOST_ENDIAN, + sizeof(data) * BITS_PER_BYTE, &data); + } + | UDP + { + uint8_t data = IPPROTO_UDP; + $$ = constant_expr_alloc(&@$, &inet_protocol_type, + BYTEORDER_HOST_ENDIAN, + sizeof(data) * BITS_PER_BYTE, &data); + } + | UDPLITE + { + uint8_t data = IPPROTO_UDPLITE; + $$ = constant_expr_alloc(&@$, &inet_protocol_type, + BYTEORDER_HOST_ENDIAN, + sizeof(data) * BITS_PER_BYTE, &data); + } + | ESP + { + uint8_t data = IPPROTO_ESP; + $$ = constant_expr_alloc(&@$, &inet_protocol_type, + BYTEORDER_HOST_ENDIAN, + sizeof(data) * BITS_PER_BYTE, &data); + } + | AH + { + uint8_t data = IPPROTO_AH; + $$ = constant_expr_alloc(&@$, &inet_protocol_type, + BYTEORDER_HOST_ENDIAN, + sizeof(data) * BITS_PER_BYTE, &data); + } + | ICMP + { + uint8_t data = IPPROTO_ICMP; + $$ = constant_expr_alloc(&@$, &inet_protocol_type, + BYTEORDER_HOST_ENDIAN, + sizeof(data) * BITS_PER_BYTE, &data); + } + | ICMP6 + { + uint8_t data = IPPROTO_ICMPV6; + $$ = constant_expr_alloc(&@$, &inet_protocol_type, + BYTEORDER_HOST_ENDIAN, + sizeof(data) * BITS_PER_BYTE, &data); + } + | COMP + { + uint8_t data = IPPROTO_COMP; + $$ = constant_expr_alloc(&@$, &inet_protocol_type, + BYTEORDER_HOST_ENDIAN, + sizeof(data) * BITS_PER_BYTE, &data); + } + | DCCP + { + uint8_t data = IPPROTO_DCCP; + $$ = constant_expr_alloc(&@$, &inet_protocol_type, + BYTEORDER_HOST_ENDIAN, + sizeof(data) * BITS_PER_BYTE, &data); + } + | SCTP + { + uint8_t data = IPPROTO_SCTP; + $$ = constant_expr_alloc(&@$, &inet_protocol_type, + BYTEORDER_HOST_ENDIAN, + sizeof(data) * BITS_PER_BYTE, &data); + } + | REDIRECT + { + uint8_t data = ICMP_REDIRECT; + $$ = constant_expr_alloc(&@$, &icmp_type_type, + BYTEORDER_HOST_ENDIAN, + sizeof(data) * BITS_PER_BYTE, &data); + } + ; + +global_shift_rhs_expr : global_primary_rhs_expr + | global_shift_rhs_expr LSHIFT global_primary_rhs_expr + { + $$ = binop_expr_alloc(&@$, OP_LSHIFT, $1, $3); + } + | global_shift_rhs_expr RSHIFT global_primary_rhs_expr + { + $$ = binop_expr_alloc(&@$, OP_RSHIFT, $1, $3); + } + ; + +global_and_rhs_expr : global_shift_rhs_expr + | global_and_rhs_expr AMPERSAND global_shift_rhs_expr + { + $$ = binop_expr_alloc(&@$, OP_AND, $1, $3); + } + ; + +global_exclusive_or_rhs_expr : global_and_rhs_expr + | global_exclusive_or_rhs_expr CARET global_and_rhs_expr + { + $$ = binop_expr_alloc(&@$, OP_XOR, $1, $3); + } + ; + +global_inclusive_or_rhs_expr : global_exclusive_or_rhs_expr + | global_inclusive_or_rhs_expr '|' global_exclusive_or_rhs_expr + { + $$ = binop_expr_alloc(&@$, OP_OR, $1, $3); + } + ; + +global_basic_rhs_expr : global_inclusive_or_rhs_expr + ; + +global_concat_rhs_expr : global_basic_rhs_expr + | global_concat_rhs_expr DOT global_basic_rhs_expr + { + if ($$->ops->type != EXPR_CONCAT) { + $$ = concat_expr_alloc(&@$); + compound_expr_add($$, $1); + } else { + struct location rhs[] = { + [1] = @2, + [2] = @3, + }; + location_update(&$3->location, rhs, 2); + + $$ = $1; + $$->location = @$; + } + compound_expr_add($$, $3); + } + ; + +global_prefix_rhs_expr : global_basic_rhs_expr SLASH NUM + { + $$ = prefix_expr_alloc(&@$, $1, $3); + } + ; + +global_range_rhs_expr : global_basic_rhs_expr DASH global_basic_rhs_expr + { + $$ = range_expr_alloc(&@$, $1, $3); + } + ; + +global_multiton_rhs_expr : global_prefix_rhs_expr + | global_range_rhs_expr + | wildcard_expr + ; + +global_set_list_expr : global_set_list_member_expr + { + $$ = set_expr_alloc(&@$, NULL); + compound_expr_add($$, $1); + } + | global_set_list_expr COMMA global_set_list_member_expr + { + compound_expr_add($1, $3); + $$ = $1; + } + | global_set_list_expr COMMA opt_newline + ; + +global_set_list_member_expr : opt_newline global_set_expr opt_newline + { + $$ = $2; + } + | opt_newline global_set_elem_expr opt_newline + { + $$ = $2; + } + | opt_newline global_set_elem_expr COLON global_set_rhs_expr opt_newline + { + $$ = mapping_expr_alloc(&@$, $2, $4); + } + ; + +global_set_lhs_expr : global_concat_rhs_expr + | global_multiton_rhs_expr + ; + +global_set_rhs_expr : global_concat_rhs_expr + | verdict_expr + ; + +global_set_elem_expr : global_set_elem_expr_alloc + | global_set_elem_expr_alloc set_elem_options + ; + +global_set_elem_expr_alloc : global_set_lhs_expr + { + $$ = set_elem_expr_alloc(&@1, $1); + } + ; + +global_set_expr : '{' global_set_list_expr '}' + { + $2->location = @$; + $$ = $2; + } + ; %% diff --git a/src/rule.c b/src/rule.c index 38529af..d40ec50 100644 --- a/src/rule.c +++ b/src/rule.c @@ -526,11 +526,12 @@ void symbol_bind(struct scope *scope, const char *identifier, struct expr *expr) list_add(&sym->list, &scope->symbols); } -struct symbol *symbol_get(const struct scope *scope, const char *identifier) +struct symbol *symbol_get(const struct scope *scope, const char *identifier, + int *global) { struct symbol *sym; - sym = symbol_lookup(scope, identifier); + sym = symbol_lookup(scope, identifier, global); if (!sym) return NULL; @@ -566,14 +567,20 @@ int symbol_unbind(const struct scope *scope, const char *identifier) return 0; } -struct symbol *symbol_lookup(const struct scope *scope, const char *identifier) +struct symbol *symbol_lookup(const struct scope *scope, const char *identifier, + int *global) { struct symbol *sym; + if (global) + *global = 0; while (scope != NULL) { list_for_each_entry(sym, &scope->symbols, list) { - if (!strcmp(sym->identifier, identifier)) + if (!strcmp(sym->identifier, identifier)) { + if (global && scope->parent == NULL) + *global = 1; return sym; + } } scope = scope->parent; } diff --git a/src/scanner.l b/src/scanner.l old mode 100644 new mode 100755 index e6e255d..96bb307 --- a/src/scanner.l +++ b/src/scanner.l @@ -236,6 +236,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "define" { return DEFINE; } "redefine" { return REDEFINE; } "undefine" { return UNDEFINE; } +"global" { return GLOBAL; } "describe" { return DESCRIBE; } -- 2.13.6 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html