diff options
author | Máté Eckl <ecklm94@gmail.com> | 2018-08-23 12:51:07 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-24 10:09:30 +0200 |
commit | cebbd9678b7ee6f74b3bd4eefc23de5b27135799 (patch) | |
tree | 32020dae0f0326d12637e98b4af95ef029792cb5 | |
parent | a55ca1a24b7b216144dc737f621fb68f4a924e38 (diff) |
src: Make invalid chain priority error more specific
So far if invalid priority name was specified the error message referred
to the whole chain/flowtable specification:
nft> add chain ip x h { type filter hook prerouting priority first; }
Error: 'first' is invalid priority in this context.
add chain ip x h { type filter hook prerouting priority first; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
With this patch this reference is made specific to the priority
specification:
nft> add chain ip x h { type filter hook prerouting priority first; }
Error: 'first' is invalid priority in this context.
add chain ip x h { type filter hook prerouting priority first; }
^^^^^^^^^^^^^^
`prio_spec` is also reused to keep naming intuitive. The parser section
formerly named `prio_spec` is renamed to `int_num` as it basically
provides the mathematical set of integer numbers.
Signed-off-by: Máté Eckl <ecklm94@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | include/rule.h | 1 | ||||
-rw-r--r-- | src/evaluate.c | 11 | ||||
-rw-r--r-- | src/parser_bison.y | 23 |
3 files changed, 22 insertions, 13 deletions
diff --git a/include/rule.h b/include/rule.h index d564cb01..cfbbcf1f 100644 --- a/include/rule.h +++ b/include/rule.h @@ -172,6 +172,7 @@ enum chain_flags { struct prio_spec { const char *str; int num; + struct location loc; }; /** diff --git a/src/evaluate.c b/src/evaluate.c index 647e1606..685924df 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3028,8 +3028,9 @@ static int flowtable_evaluate(struct eval_ctx *ctx, struct flowtable *ft) return chain_error(ctx, ft, "invalid hook %s", ft->hookstr); if (!evaluate_priority(&ft->priority, NFPROTO_NETDEV, ft->hooknum)) - return chain_error(ctx, ft, "'%s' is invalid priority.", - ft->priority.str); + return __stmt_binary_error(ctx, &ft->priority.loc, NULL, + "'%s' is invalid priority.", + ft->priority.str); if (!ft->dev_expr) return chain_error(ctx, ft, "Unbound flowtable not allowed (must specify devices)"); @@ -3186,9 +3187,9 @@ static int chain_evaluate(struct eval_ctx *ctx, struct chain *chain) if (!evaluate_priority(&chain->priority, chain->handle.family, chain->hooknum)) - return chain_error(ctx, chain, - "'%s' is invalid priority in this context.", - chain->priority.str); + return __stmt_binary_error(ctx, &chain->priority.loc, NULL, + "'%s' is invalid priority in this context.", + chain->priority.str); } list_for_each_entry(rule, &chain->rules, list) { diff --git a/src/parser_bison.y b/src/parser_bison.y index cc114717..ff795047 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -528,8 +528,8 @@ int nft_lex(void *, void *, void *); %destructor { handle_free(&$$); } table_spec tableid_spec chain_spec chainid_spec flowtable_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec index_spec %type <handle> set_spec setid_spec set_identifier flowtable_identifier obj_spec objid_spec obj_identifier %destructor { handle_free(&$$); } set_spec setid_spec set_identifier obj_spec objid_spec obj_identifier -%type <val> family_spec family_spec_explicit chain_policy prio_spec -%type <prio_spec> extended_prio_spec +%type <val> family_spec family_spec_explicit chain_policy int_num +%type <prio_spec> extended_prio_spec prio_spec %type <string> dev_spec quota_unit %destructor { xfree($$); } dev_spec quota_unit @@ -1647,7 +1647,7 @@ flowtable_block_alloc : /* empty */ flowtable_block : /* empty */ { $$ = $<flowtable>-1; } | flowtable_block common_block | flowtable_block stmt_separator - | flowtable_block HOOK STRING PRIORITY extended_prio_spec stmt_separator + | flowtable_block HOOK STRING prio_spec stmt_separator { $$->hookstr = chain_hookname_lookup($3); if ($$->hookstr == NULL) { @@ -1658,7 +1658,7 @@ flowtable_block : /* empty */ { $$ = $<flowtable>-1; } } xfree($3); - $$->priority = $5; + $$->priority = $4; } | flowtable_block DEVICES '=' flowtable_expr stmt_separator { @@ -1780,7 +1780,7 @@ type_identifier : STRING { $$ = $1; } | CLASSID { $$ = xstrdup("classid"); } ; -hook_spec : TYPE STRING HOOK STRING dev_spec PRIORITY extended_prio_spec +hook_spec : TYPE STRING HOOK STRING dev_spec prio_spec { const char *chain_type = chain_type_name_lookup($2); @@ -1803,12 +1803,19 @@ hook_spec : TYPE STRING HOOK STRING dev_spec PRIORITY extended_prio_spec xfree($4); $<chain>0->dev = $5; - $<chain>0->priority = $7; + $<chain>0->priority = $6; $<chain>0->flags |= CHAIN_F_BASECHAIN; } ; -extended_prio_spec : prio_spec +prio_spec : PRIORITY extended_prio_spec + { + $$ = $2; + $$.loc = @$; + } + ; + +extended_prio_spec : int_num { struct prio_spec spec = {0}; spec.num = $1; @@ -1836,7 +1843,7 @@ extended_prio_spec : prio_spec } ; -prio_spec : NUM { $$ = $1; } +int_num : NUM { $$ = $1; } | DASH NUM { $$ = -$2; } ; |