diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-12 20:52:43 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-12 20:54:19 +0200 |
| commit | 0f31d8258e7ead5bd3944080e6cec7d4074149e7 (patch) | |
| tree | 57247981c948e9073a9df656afeaeb4ed92b0179 /src | |
| parent | 47ffae232aeaadca37293861d52a11f907d6b768 (diff) | |
src: use definitions in include/linux/netfilter/nf_tables.h
Use NFT_LOGLEVEL_* definitions in UAPI.
Make an internal definition of NFT_OSF_F_VERSION, this was originally
defined in the UAPI header in the initial patch version, however, this
is not available anymore.
Add a bison rule to deal with the timeout case.
Otherwise, compilation breaks.
Fixes: d3869cae9d62 ("include: refresh nf_tables.h cached copy")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/evaluate.c | 2 | ||||
| -rw-r--r-- | src/parser_bison.y | 31 | ||||
| -rw-r--r-- | src/statement.c | 24 |
3 files changed, 29 insertions, 28 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 3593eb80..21d9e146 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2812,7 +2812,7 @@ static int stmt_evaluate_log(struct eval_ctx *ctx, struct stmt *stmt) return stmt_error(ctx, stmt, "flags and group are mutually exclusive"); } - if (stmt->log.level == LOGLEVEL_AUDIT && + if (stmt->log.level == NFT_LOGLEVEL_AUDIT && (stmt->log.flags & ~STMT_LOG_LEVEL || stmt->log.logflags)) return stmt_error(ctx, stmt, "log level audit doesn't support any further options"); diff --git a/src/parser_bison.y b/src/parser_bison.y index 9aea6526..9e632c0d 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2414,23 +2414,23 @@ log_arg : PREFIX string level_type : string { if (!strcmp("emerg", $1)) - $$ = LOG_EMERG; + $$ = NFT_LOGLEVEL_EMERG; else if (!strcmp("alert", $1)) - $$ = LOG_ALERT; + $$ = NFT_LOGLEVEL_ALERT; else if (!strcmp("crit", $1)) - $$ = LOG_CRIT; + $$ = NFT_LOGLEVEL_CRIT; else if (!strcmp("err", $1)) - $$ = LOG_ERR; + $$ = NFT_LOGLEVEL_ERR; else if (!strcmp("warn", $1)) - $$ = LOG_WARNING; + $$ = NFT_LOGLEVEL_WARNING; else if (!strcmp("notice", $1)) - $$ = LOG_NOTICE; + $$ = NFT_LOGLEVEL_NOTICE; else if (!strcmp("info", $1)) - $$ = LOG_INFO; + $$ = NFT_LOGLEVEL_INFO; else if (!strcmp("debug", $1)) - $$ = LOG_DEBUG; + $$ = NFT_LOGLEVEL_DEBUG; else if (!strcmp("audit", $1)) - $$ = LOGLEVEL_AUDIT; + $$ = NFT_LOGLEVEL_AUDIT; else { erec_queue(error(&@1, "invalid log level"), state->msgs); @@ -4101,7 +4101,6 @@ ct_key : L3PROTOCOL { $$ = NFT_CT_L3PROTOCOL; } | PROTO_DST { $$ = NFT_CT_PROTO_DST; } | LABEL { $$ = NFT_CT_LABELS; } | EVENT { $$ = NFT_CT_EVENTMASK; } - | TIMEOUT { $$ = NFT_CT_TIMEOUT; } | ct_key_dir_optional ; @@ -4150,16 +4149,18 @@ ct_stmt : CT ct_key SET stmt_expr $$->objref.type = NFT_OBJECT_CT_HELPER; $$->objref.expr = $4; break; - case NFT_CT_TIMEOUT: - $$ = objref_stmt_alloc(&@$); - $$->objref.type = NFT_OBJECT_CT_TIMEOUT; - $$->objref.expr = $4; - break; default: $$ = ct_stmt_alloc(&@$, $2, -1, $4); break; } } + | CT TIMEOUT SET stmt_expr + { + $$ = objref_stmt_alloc(&@$); + $$->objref.type = NFT_OBJECT_CT_TIMEOUT; + $$->objref.expr = $4; + + } | CT ct_dir ct_key_dir_optional SET stmt_expr { $$ = ct_stmt_alloc(&@$, $3, $2, $5); diff --git a/src/statement.c b/src/statement.c index 7f9c10b3..a9e8b3ae 100644 --- a/src/statement.c +++ b/src/statement.c @@ -256,21 +256,21 @@ struct stmt *objref_stmt_alloc(const struct location *loc) return stmt; } -static const char *syslog_level[LOGLEVEL_AUDIT + 1] = { - [LOG_EMERG] = "emerg", - [LOG_ALERT] = "alert", - [LOG_CRIT] = "crit", - [LOG_ERR] = "err", - [LOG_WARNING] = "warn", - [LOG_NOTICE] = "notice", - [LOG_INFO] = "info", - [LOG_DEBUG] = "debug", - [LOGLEVEL_AUDIT] = "audit" +static const char *syslog_level[NFT_LOGLEVEL_MAX + 1] = { + [NFT_LOGLEVEL_EMERG] = "emerg", + [NFT_LOGLEVEL_ALERT] = "alert", + [NFT_LOGLEVEL_CRIT] = "crit", + [NFT_LOGLEVEL_ERR] = "err", + [NFT_LOGLEVEL_WARNING] = "warn", + [NFT_LOGLEVEL_NOTICE] = "notice", + [NFT_LOGLEVEL_INFO] = "info", + [NFT_LOGLEVEL_DEBUG] = "debug", + [NFT_LOGLEVEL_AUDIT] = "audit" }; const char *log_level(uint32_t level) { - if (level > LOGLEVEL_AUDIT) + if (level > NFT_LOGLEVEL_MAX) return "unknown"; return syslog_level[level]; @@ -280,7 +280,7 @@ int log_level_parse(const char *level) { int i; - for (i = 0; i <= LOGLEVEL_AUDIT; i++) { + for (i = 0; i <= NFT_LOGLEVEL_MAX; i++) { if (syslog_level[i] && !strcmp(level, syslog_level[i])) return i; |