diff options
| author | Fernando Fernandez Mancera <ffmancera@riseup.net> | 2019-08-02 12:12:08 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-08-08 12:32:48 +0200 |
| commit | 627c451b2351310da9ad82dbdb64747b1fada8e5 (patch) | |
| tree | a049c393ec78296bd014d807943c573c75695e81 /src/mnl.c | |
| parent | 45cb29a2ada4edfc2b547fe023d923ce0299a61d (diff) | |
src: allow variables in the chain priority specification
This patch allows you to use variables in chain priority definitions,
e.g.
define prio = filter
define prionum = 10
define prioffset = "filter - 150"
add table ip foo
add chain ip foo bar { type filter hook input priority $prio; }
add chain ip foo ber { type filter hook input priority $prionum; }
add chain ip foo bor { type filter hook input priority $prioffset; }
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/mnl.c')
| -rw-r--r-- | src/mnl.c | 13 |
1 files changed, 9 insertions, 4 deletions
@@ -518,6 +518,7 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd, { struct nftnl_chain *nlc; struct nlmsghdr *nlh; + int priority; nlc = nftnl_chain_alloc(); if (nlc == NULL) @@ -531,8 +532,10 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd, if (cmd->chain->flags & CHAIN_F_BASECHAIN) { nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM, cmd->chain->hooknum); - nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO, - cmd->chain->priority.num); + mpz_export_data(&priority, + cmd->chain->priority.expr->value, + BYTEORDER_HOST_ENDIAN, sizeof(int)); + nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO, priority); nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE, cmd->chain->type); } @@ -1371,6 +1374,7 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd, const char *dev_array[8]; struct nlmsghdr *nlh; struct expr *expr; + int priority; int i = 0; flo = nftnl_flowtable_alloc(); @@ -1385,8 +1389,9 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd, cmd->handle.flowtable); nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_HOOKNUM, cmd->flowtable->hooknum); - nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_PRIO, - cmd->flowtable->priority.num); + mpz_export_data(&priority, cmd->flowtable->priority.expr->value, + BYTEORDER_HOST_ENDIAN, sizeof(int)); + nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_PRIO, priority); list_for_each_entry(expr, &cmd->flowtable->dev_expr->expressions, list) dev_array[i++] = expr->identifier; |