src: Allow goto and jump to a variable

This patch introduces the use of nft input files variables in 'jump' and 'goto' statements, e.g. define dest = ber add table ip foo add chain ip foo bar {type filter hook input priority 0;} add chain ip foo ber add rule ip foo ber counter add rule ip foo bar jump $dest table ip foo { chain bar { type filter hook input priority filter; policy accept; jump ber } chain ber { counter packets 71 bytes 6664 } } Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Fernando Fernandez Mancera <ffmancera@riseup.net> 2019-05-24 15:06:50 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-05-24 21:56:23 +0200
commit: c64457cff9673fbb41f613a67e158b4d62235c09 (patch)
tree: 7078630dcce460d3c412d541517230895832812c /src/evaluate.c
parent: f1e8a129ee428419a0d5a45a2f410e8e4008d109 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 83940378..55fb3b61 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1950,6 +1950,13 @@ static int stmt_evaluate_verdict(struct eval_ctx *ctx, struct stmt *stmt)
 		if (stmt->expr->chain != NULL) {
 			if (expr_evaluate(ctx, &stmt->expr->chain) < 0)
 				return -1;
+			if ((stmt->expr->chain->etype != EXPR_SYMBOL &&
+			    stmt->expr->chain->etype != EXPR_VALUE) ||
+			    stmt->expr->chain->symtype != SYMBOL_VALUE) {
+				return stmt_error(ctx, stmt,
+						  "invalid verdict chain expression %s\n",
+						  expr_name(stmt->expr->chain));
+			}
 		}
 		break;
 	case EXPR_MAP:
author	Fernando Fernandez Mancera <ffmancera@riseup.net>	2019-05-24 15:06:50 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-05-24 21:56:23 +0200
commit	c64457cff9673fbb41f613a67e158b4d62235c09 (patch)
tree	7078630dcce460d3c412d541517230895832812c /src/evaluate.c
parent	f1e8a129ee428419a0d5a45a2f410e8e4008d109 (diff)