diff options
author | Fernando Fernandez Mancera <ffmancera@riseup.net> | 2019-08-02 12:12:08 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-08-08 12:32:48 +0200 |
commit | 627c451b2351310da9ad82dbdb64747b1fada8e5 (patch) | |
tree | a049c393ec78296bd014d807943c573c75695e81 /src/netlink.c | |
parent | 45cb29a2ada4edfc2b547fe023d923ce0299a61d (diff) |
src: allow variables in the chain priority specification
This patch allows you to use variables in chain priority definitions,
e.g.
define prio = filter
define prionum = 10
define prioffset = "filter - 150"
add table ip foo
add chain ip foo bar { type filter hook input priority $prio; }
add chain ip foo ber { type filter hook input priority $prionum; }
add chain ip foo bor { type filter hook input priority $prioffset; }
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink.c')
-rw-r--r-- | src/netlink.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/src/netlink.c b/src/netlink.c index 14b0df41..93067ef5 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -369,6 +369,7 @@ struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx, const struct nftnl_chain *nlc) { struct chain *chain; + int priority; chain = chain_alloc(nftnl_chain_get_str(nlc, NFTNL_CHAIN_NAME)); chain->handle.family = @@ -386,8 +387,13 @@ struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx, nftnl_chain_get_u32(nlc, NFTNL_CHAIN_HOOKNUM); chain->hookstr = hooknum2str(chain->handle.family, chain->hooknum); - chain->priority.num = - nftnl_chain_get_s32(nlc, NFTNL_CHAIN_PRIO); + priority = nftnl_chain_get_s32(nlc, NFTNL_CHAIN_PRIO); + chain->priority.expr = + constant_expr_alloc(&netlink_location, + &integer_type, + BYTEORDER_HOST_ENDIAN, + sizeof(int) * BITS_PER_BYTE, + &priority); chain->type = xstrdup(nftnl_chain_get_str(nlc, NFTNL_CHAIN_TYPE)); chain->policy = @@ -1080,7 +1086,7 @@ netlink_delinearize_flowtable(struct netlink_ctx *ctx, { struct flowtable *flowtable; const char * const *dev_array; - int len = 0, i; + int len = 0, i, priority; flowtable = flowtable_alloc(&netlink_location); flowtable->handle.family = @@ -1099,8 +1105,14 @@ netlink_delinearize_flowtable(struct netlink_ctx *ctx, flowtable->dev_array_len = len; - flowtable->priority.num = - nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_PRIO); + priority = nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_PRIO); + flowtable->priority.expr = + constant_expr_alloc(&netlink_location, + &integer_type, + BYTEORDER_HOST_ENDIAN, + sizeof(int) * + BITS_PER_BYTE, + &priority); flowtable->hooknum = nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_HOOKNUM); |