summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/rule.h1
-rw-r--r--src/evaluate.c11
-rw-r--r--src/parser_bison.y23
3 files changed, 22 insertions, 13 deletions
diff --git a/include/rule.h b/include/rule.h
index d564cb01..cfbbcf1f 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -172,6 +172,7 @@ enum chain_flags {
struct prio_spec {
const char *str;
int num;
+ struct location loc;
};
/**
diff --git a/src/evaluate.c b/src/evaluate.c
index 647e1606..685924df 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3028,8 +3028,9 @@ static int flowtable_evaluate(struct eval_ctx *ctx, struct flowtable *ft)
return chain_error(ctx, ft, "invalid hook %s", ft->hookstr);
if (!evaluate_priority(&ft->priority, NFPROTO_NETDEV, ft->hooknum))
- return chain_error(ctx, ft, "'%s' is invalid priority.",
- ft->priority.str);
+ return __stmt_binary_error(ctx, &ft->priority.loc, NULL,
+ "'%s' is invalid priority.",
+ ft->priority.str);
if (!ft->dev_expr)
return chain_error(ctx, ft, "Unbound flowtable not allowed (must specify devices)");
@@ -3186,9 +3187,9 @@ static int chain_evaluate(struct eval_ctx *ctx, struct chain *chain)
if (!evaluate_priority(&chain->priority, chain->handle.family,
chain->hooknum))
- return chain_error(ctx, chain,
- "'%s' is invalid priority in this context.",
- chain->priority.str);
+ return __stmt_binary_error(ctx, &chain->priority.loc, NULL,
+ "'%s' is invalid priority in this context.",
+ chain->priority.str);
}
list_for_each_entry(rule, &chain->rules, list) {
diff --git a/src/parser_bison.y b/src/parser_bison.y
index cc114717..ff795047 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -528,8 +528,8 @@ int nft_lex(void *, void *, void *);
%destructor { handle_free(&$$); } table_spec tableid_spec chain_spec chainid_spec flowtable_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec index_spec
%type <handle> set_spec setid_spec set_identifier flowtable_identifier obj_spec objid_spec obj_identifier
%destructor { handle_free(&$$); } set_spec setid_spec set_identifier obj_spec objid_spec obj_identifier
-%type <val> family_spec family_spec_explicit chain_policy prio_spec
-%type <prio_spec> extended_prio_spec
+%type <val> family_spec family_spec_explicit chain_policy int_num
+%type <prio_spec> extended_prio_spec prio_spec
%type <string> dev_spec quota_unit
%destructor { xfree($$); } dev_spec quota_unit
@@ -1647,7 +1647,7 @@ flowtable_block_alloc : /* empty */
flowtable_block : /* empty */ { $$ = $<flowtable>-1; }
| flowtable_block common_block
| flowtable_block stmt_separator
- | flowtable_block HOOK STRING PRIORITY extended_prio_spec stmt_separator
+ | flowtable_block HOOK STRING prio_spec stmt_separator
{
$$->hookstr = chain_hookname_lookup($3);
if ($$->hookstr == NULL) {
@@ -1658,7 +1658,7 @@ flowtable_block : /* empty */ { $$ = $<flowtable>-1; }
}
xfree($3);
- $$->priority = $5;
+ $$->priority = $4;
}
| flowtable_block DEVICES '=' flowtable_expr stmt_separator
{
@@ -1780,7 +1780,7 @@ type_identifier : STRING { $$ = $1; }
| CLASSID { $$ = xstrdup("classid"); }
;
-hook_spec : TYPE STRING HOOK STRING dev_spec PRIORITY extended_prio_spec
+hook_spec : TYPE STRING HOOK STRING dev_spec prio_spec
{
const char *chain_type = chain_type_name_lookup($2);
@@ -1803,12 +1803,19 @@ hook_spec : TYPE STRING HOOK STRING dev_spec PRIORITY extended_prio_spec
xfree($4);
$<chain>0->dev = $5;
- $<chain>0->priority = $7;
+ $<chain>0->priority = $6;
$<chain>0->flags |= CHAIN_F_BASECHAIN;
}
;
-extended_prio_spec : prio_spec
+prio_spec : PRIORITY extended_prio_spec
+ {
+ $$ = $2;
+ $$.loc = @$;
+ }
+ ;
+
+extended_prio_spec : int_num
{
struct prio_spec spec = {0};
spec.num = $1;
@@ -1836,7 +1843,7 @@ extended_prio_spec : prio_spec
}
;
-prio_spec : NUM { $$ = $1; }
+int_num : NUM { $$ = $1; }
| DASH NUM { $$ = -$2; }
;