I included a railroad diagram of Netfilter (nftables) 'nft' CLI terminal
program in mouse-click navigable PDF format:
https://egbert.net/images/nftables-railroad-chart.xhtml.pdf
Using latest:
libnftnl v1.2.9
nftables v1.1.3
I am curious with regard to CLI auto-completion, where do we stand with
the <TAB><TAB> to pull up a list of table names and choose from?
There are other dynamic/multi-context/multi-token fields such as (broken
down by functional group for easier multi-state machine modularization:
Identifier Group
table_spec/identifier (including 'last')
chain_spec/identifier (including 'last')
family_spec (ip/ip6/inet/netdev/arp/bridge), family_spec_explicit
set_spec/identifier, also set_identifier
map_spec/identifier, also map_identifier
flowtable_spec/identifier
xt_stmt/<STRING>
set_ref_symbol_expr/'at'/identifier
meta_key
Stateful Group
counter
limit
quota
connlimit
last
Dynamic Group
variable ('$', defined)
objref_
tableid_spec/'handle'/<NUM>
chainid_spec/'handle'/<NUM>
setid_spec/'handle'/'NUM'
flowtableid_spec/'handle'/<NUM>
rule/index_spec/<NUM>
rule/handle_spec/<NUM>
rule/position_spec/<NUM>
service names (port label, /etc/services?)
jump/goto
log level (severity)
log flag (facility)
time_unit (second/min/hour/day/week)
icmp type
icmp6 type
icmpx type
mss (well-known?)
wscale (well-known?)
For 'nft' CLI, I've identified over 1,412 edge-state transition, 240
states, consolidated into 27 groups that could be used to auto-fill any
dynamic content on the CLI prompt. Last worked on Bison for gdb-c, lua,
GNU c, nmap, and Bind named configuration file syntax (1,082 edge-states).
But ... readline() is relatively new to me, CLI prompt processing
(notably Cisco) is not.
I've scaled my prototypes of readline() for 3 separate groups of state
machines, including the master edge-state (where it goes from one token
to another). Just to be clear, I am not seeing this same capability in
other "readline" substitution libraries ...
In ChatGPT perusing of MARC.INFO netfilter-devel mailing list, only
Pablo Ayuso worked on 'libedit'. I hope he shed some brief wisdom for
this development route as I further study these syntactical requirements
of 'nft' CLI and small prototypings.
I do do have my Python program, that given a 'nft' Bison symbol, can
identify what the next available token directly derived from the
bison_parser.c file: did this by leveraging Bison EBNF outputter, EBNF
parser, EBNF->NFT parser, and then examining each AND/OR/concat logic
for its available next token. Due to lack of response, I'll wait until
a request is made before posting this code to GitLab.
Cheers,
S. Egbert
