This patch series adds the typeof keyword.
The only dependency is a small change to libnftnl to add two new
UDATA_SET_TYPEOF enum values.
named set can be configured as follows:
set os {
typeof osf name
elements = { "Linux", "Windows" }
}
or
nft add set ip filter allowed "{ typeof ip daddr . tcp dport; }"
... which is the same as the "old" 'type ipv4_addr . inet_service".
The type is stored in the kernel via the udata set infrastructure,
on listing -- if a udata type is present -- nft will validate that this
type matches the set key length.
Note that while 'typeof' can be used with concatenations, they
only work as aliases for known types -- its currently not possible
to use integer/string types via the 'typeof' keyword.
Doing so requires a bit more work to dissect the correct key
geometry on netlink dumps, we can also not fallback in this case,
i.e. if the typeof udata is not there/invalid, we would be
unable to reconstruct the needed subkey size information.
Florian Westphal (10):
parser: add a helper for concat expression handling
libnftnl: split nft_ctx_new/free
src: store expr, not dtype to track data in sets
src: parser: add syntax to provide size of variable-sized data types
src: add "typeof" print support
mnl: round up the map data size too
src: netlink: remove assertion
evaluate: print a hint about 'type,width' syntax on 0 keylen
doc: mention 'typeof' as alternative to 'type' keyword
tests: add typeof test cases
Pablo Neira Ayuso (1):
parser: add typeof keyword for declarations
23 files changed, 582 insertions(+), 154 deletions(-)
create mode 100644 tests/shell/testcases/maps/dumps/typeof_maps_0.nft
create mode 100755 tests/shell/testcases/maps/typeof_maps_0
create mode 100644 tests/shell/testcases/sets/dumps/typeof_sets_0.nft
create mode 100755 tests/shell/testcases/sets/typeof_sets_0
