diff options
author | Fernando Fernandez Mancera <ffmancera@riseup.net> | 2019-05-24 15:06:50 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-24 21:56:23 +0200 |
commit | c64457cff9673fbb41f613a67e158b4d62235c09 (patch) | |
tree | 7078630dcce460d3c412d541517230895832812c /src/evaluate.c | |
parent | f1e8a129ee428419a0d5a45a2f410e8e4008d109 (diff) |
src: Allow goto and jump to a variable
This patch introduces the use of nft input files variables in 'jump' and 'goto'
statements, e.g.
define dest = ber
add table ip foo
add chain ip foo bar {type filter hook input priority 0;}
add chain ip foo ber
add rule ip foo ber counter
add rule ip foo bar jump $dest
table ip foo {
chain bar {
type filter hook input priority filter; policy accept;
jump ber
}
chain ber {
counter packets 71 bytes 6664
}
}
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r-- | src/evaluate.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 83940378..55fb3b61 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1950,6 +1950,13 @@ static int stmt_evaluate_verdict(struct eval_ctx *ctx, struct stmt *stmt) if (stmt->expr->chain != NULL) { if (expr_evaluate(ctx, &stmt->expr->chain) < 0) return -1; + if ((stmt->expr->chain->etype != EXPR_SYMBOL && + stmt->expr->chain->etype != EXPR_VALUE) || + stmt->expr->chain->symtype != SYMBOL_VALUE) { + return stmt_error(ctx, stmt, + "invalid verdict chain expression %s\n", + expr_name(stmt->expr->chain)); + } } break; case EXPR_MAP: |