diff options
-rw-r--r-- | include/rule.h | 12 | ||||
-rw-r--r-- | src/evaluate.c | 18 | ||||
-rw-r--r-- | src/json.c | 4 | ||||
-rw-r--r-- | src/mnl.c | 4 | ||||
-rw-r--r-- | src/netlink.c | 8 | ||||
-rw-r--r-- | src/parser_bison.y | 10 | ||||
-rw-r--r-- | src/parser_json.c | 6 | ||||
-rw-r--r-- | src/rule.c | 12 |
8 files changed, 40 insertions, 34 deletions
diff --git a/include/rule.h b/include/rule.h index db11b1d6..06fefef8 100644 --- a/include/rule.h +++ b/include/rule.h @@ -189,6 +189,12 @@ struct prio_spec { struct expr *expr; }; +struct hook_spec { + struct location loc; + const char *name; + unsigned int num; +}; + /** * struct chain - nftables chain * @@ -211,9 +217,8 @@ struct chain { struct location location; unsigned int refcnt; uint32_t flags; - const char *hookstr; - unsigned int hooknum; struct prio_spec priority; + struct hook_spec hook; struct expr *policy; const char *type; const char **dev_array; @@ -485,8 +490,7 @@ struct flowtable { struct handle handle; struct scope scope; struct location location; - const char * hookstr; - unsigned int hooknum; + struct hook_spec hook; struct prio_spec priority; const char **dev_array; struct expr *dev_expr; diff --git a/src/evaluate.c b/src/evaluate.c index 8b03e1f3..759cdaaf 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3568,11 +3568,11 @@ static int flowtable_evaluate(struct eval_ctx *ctx, struct flowtable *ft) if (table == NULL) return table_not_found(ctx); - ft->hooknum = str2hooknum(NFPROTO_NETDEV, ft->hookstr); - if (ft->hooknum == NF_INET_NUMHOOKS) - return chain_error(ctx, ft, "invalid hook %s", ft->hookstr); + ft->hook.num = str2hooknum(NFPROTO_NETDEV, ft->hook.name); + if (ft->hook.num == NF_INET_NUMHOOKS) + return chain_error(ctx, ft, "invalid hook %s", ft->hook.name); - if (!evaluate_priority(ctx, &ft->priority, NFPROTO_NETDEV, ft->hooknum)) + if (!evaluate_priority(ctx, &ft->priority, NFPROTO_NETDEV, ft->hook.num)) return __stmt_binary_error(ctx, &ft->priority.loc, NULL, "invalid priority expression %s.", expr_name(ft->priority.expr)); @@ -3783,14 +3783,14 @@ static int chain_evaluate(struct eval_ctx *ctx, struct chain *chain) } if (chain->flags & CHAIN_F_BASECHAIN) { - chain->hooknum = str2hooknum(chain->handle.family, - chain->hookstr); - if (chain->hooknum == NF_INET_NUMHOOKS) + chain->hook.num = str2hooknum(chain->handle.family, + chain->hook.name); + if (chain->hook.num == NF_INET_NUMHOOKS) return chain_error(ctx, chain, "invalid hook %s", - chain->hookstr); + chain->hook.name); if (!evaluate_priority(ctx, &chain->priority, - chain->handle.family, chain->hooknum)) + chain->handle.family, chain->hook.num)) return __stmt_binary_error(ctx, &chain->priority.loc, NULL, "invalid priority expression %s in this context.", expr_name(chain->priority.expr)); @@ -240,7 +240,7 @@ static json_t *chain_print_json(const struct chain *chain) tmp = json_pack("{s:s, s:s, s:i, s:s}", "type", chain->type, "hook", hooknum2str(chain->handle.family, - chain->hooknum), + chain->hook.num), "prio", priority, "policy", chain_policy2str(policy)); if (chain->dev_expr) { @@ -415,7 +415,7 @@ static json_t *flowtable_print_json(const struct flowtable *ftable) "name", ftable->handle.flowtable.name, "table", ftable->handle.table.name, "handle", ftable->handle.handle.id, - "hook", hooknum2str(NFPROTO_NETDEV, ftable->hooknum), + "hook", hooknum2str(NFPROTO_NETDEV, ftable->hook.num), "prio", priority); for (i = 0; i < ftable->dev_array_len; i++) { @@ -630,7 +630,7 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, } if (cmd->chain->flags & CHAIN_F_BASECHAIN) { nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM, - cmd->chain->hooknum); + cmd->chain->hook.num); mpz_export_data(&priority, cmd->chain->priority.expr->value, BYTEORDER_HOST_ENDIAN, sizeof(int)); @@ -1601,7 +1601,7 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, struct cmd *cmd, nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_FAMILY, cmd->handle.family); nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_HOOKNUM, - cmd->flowtable->hooknum); + cmd->flowtable->hook.num); mpz_export_data(&priority, cmd->flowtable->priority.expr->value, BYTEORDER_HOST_ENDIAN, sizeof(int)); nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_PRIO, priority); diff --git a/src/netlink.c b/src/netlink.c index ab1afd42..24d746ca 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -445,10 +445,10 @@ struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx, nftnl_chain_is_set(nlc, NFTNL_CHAIN_PRIO) && nftnl_chain_is_set(nlc, NFTNL_CHAIN_TYPE) && nftnl_chain_is_set(nlc, NFTNL_CHAIN_POLICY)) { - chain->hooknum = + chain->hook.num = nftnl_chain_get_u32(nlc, NFTNL_CHAIN_HOOKNUM); - chain->hookstr = - hooknum2str(chain->handle.family, chain->hooknum); + chain->hook.name = + hooknum2str(chain->handle.family, chain->hook.num); priority = nftnl_chain_get_s32(nlc, NFTNL_CHAIN_PRIO); chain->priority.expr = constant_expr_alloc(&netlink_location, @@ -1340,7 +1340,7 @@ netlink_delinearize_flowtable(struct netlink_ctx *ctx, sizeof(int) * BITS_PER_BYTE, &priority); - flowtable->hooknum = + flowtable->hook.num = nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_HOOKNUM); flowtable->flags = nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_FLAGS); diff --git a/src/parser_bison.y b/src/parser_bison.y index 9976bcaf..ebaef17c 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1877,8 +1877,9 @@ flowtable_block : /* empty */ { $$ = $<flowtable>-1; } | flowtable_block stmt_separator | flowtable_block HOOK STRING prio_spec stmt_separator { - $$->hookstr = chain_hookname_lookup($3); - if ($$->hookstr == NULL) { + $$->hook.loc = @3; + $$->hook.name = chain_hookname_lookup($3); + if ($$->hook.name == NULL) { erec_queue(error(&@3, "unknown chain hook %s", $3), state->msgs); xfree($3); @@ -2056,8 +2057,9 @@ hook_spec : TYPE STRING HOOK STRING dev_spec prio_spec $<chain>0->type = xstrdup(chain_type); xfree($2); - $<chain>0->hookstr = chain_hookname_lookup($4); - if ($<chain>0->hookstr == NULL) { + $<chain>0->hook.loc = @4; + $<chain>0->hook.name = chain_hookname_lookup($4); + if ($<chain>0->hook.name == NULL) { erec_queue(error(&@4, "unknown chain hook %s", $4), state->msgs); xfree($4); diff --git a/src/parser_json.c b/src/parser_json.c index d158db78..a1765027 100644 --- a/src/parser_json.c +++ b/src/parser_json.c @@ -2628,8 +2628,8 @@ static struct cmd *json_parse_cmd_add_chain(struct json_ctx *ctx, json_t *root, BYTEORDER_HOST_ENDIAN, sizeof(int) * BITS_PER_BYTE, &prio); - chain->hookstr = chain_hookname_lookup(hookstr); - if (!chain->hookstr) { + chain->hook.name = chain_hookname_lookup(hookstr); + if (!chain->hook.name) { json_error(ctx, "Invalid chain hook '%s'.", hookstr); chain_free(chain); return NULL; @@ -3017,7 +3017,7 @@ static struct cmd *json_parse_cmd_add_flowtable(struct json_ctx *ctx, } flowtable = flowtable_alloc(int_loc); - flowtable->hookstr = hookstr; + flowtable->hook.name = hookstr; flowtable->priority.expr = constant_expr_alloc(int_loc, &integer_type, BYTEORDER_HOST_ENDIAN, @@ -1165,7 +1165,7 @@ static void chain_print_declaration(const struct chain *chain, nft_print(octx, "\n"); if (chain->flags & CHAIN_F_BASECHAIN) { nft_print(octx, "\t\ttype %s hook %s", chain->type, - hooknum2str(chain->handle.family, chain->hooknum)); + hooknum2str(chain->handle.family, chain->hook.num)); if (chain->dev_array_len == 1) { nft_print(octx, " device \"%s\"", chain->dev_array[0]); } else if (chain->dev_array_len > 1) { @@ -1179,7 +1179,7 @@ static void chain_print_declaration(const struct chain *chain, } nft_print(octx, " priority %s;", prio2str(octx, priobuf, sizeof(priobuf), - chain->handle.family, chain->hooknum, + chain->handle.family, chain->hook.num, chain->priority.expr)); if (chain->policy) { mpz_export_data(&policy, chain->policy->value, @@ -1220,9 +1220,9 @@ void chain_print_plain(const struct chain *chain, struct output_ctx *octx) mpz_export_data(&policy, chain->policy->value, BYTEORDER_HOST_ENDIAN, sizeof(int)); nft_print(octx, " { type %s hook %s priority %s; policy %s; }", - chain->type, chain->hookstr, + chain->type, chain->hook.name, prio2str(octx, priobuf, sizeof(priobuf), - chain->handle.family, chain->hooknum, + chain->handle.family, chain->hook.num, chain->priority.expr), chain_policy2str(policy)); } @@ -2235,9 +2235,9 @@ static void flowtable_print_declaration(const struct flowtable *flowtable, nft_print(octx, "%s", opts->nl); nft_print(octx, "%s%shook %s priority %s%s", opts->tab, opts->tab, - hooknum2str(NFPROTO_NETDEV, flowtable->hooknum), + hooknum2str(NFPROTO_NETDEV, flowtable->hook.num), prio2str(octx, priobuf, sizeof(priobuf), NFPROTO_NETDEV, - flowtable->hooknum, flowtable->priority.expr), + flowtable->hook.num, flowtable->priority.expr), opts->stmt_separator); nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab); |