From a4fe9cfe788706c0bf1c3a40b7c92f1d2bebf7e7 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Wed, 20 Jul 2016 12:14:06 +0200 Subject: ct: use nftables sysconf location for connlabel configuration Instead of using /etc/xtables use the nftables syconfdir. Also update error message to tell which label failed translation and which config file was used for this: nft add filter input ct label foo :1:27-29: Error: /etc/nftables/connlabel.conf: could not parse conntrack label "foo" Suggested-by: Pablo Neira Ayuso Signed-off-by: Florian Westphal --- src/ct.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/ct.c b/src/ct.c index b971ba16..f383f298 100644 --- a/src/ct.c +++ b/src/ct.c @@ -29,6 +29,8 @@ #include #include +#define CONNLABEL_CONF DEFAULT_INCLUDE_PATH "connlabel.conf" + static const struct symbol_table ct_state_tbl = { .symbols = { SYMBOL("invalid", NF_CT_STATE_INVALID_BIT), @@ -128,7 +130,8 @@ static struct error_record *ct_label_type_parse(const struct expr *sym, dtype = sym->dtype; if (s->identifier == NULL) - return error(&sym->location, "Could not parse %s", dtype->desc); + return error(&sym->location, "%s: could not parse %s \"%s\"", + CONNLABEL_CONF, dtype->desc, sym->identifier); if (s->value >= CT_LABEL_BIT_SIZE) return error(&sym->location, "%s: out of range (%u max)", @@ -158,7 +161,7 @@ static const struct datatype ct_label_type = { static void __init ct_label_table_init(void) { - ct_label_tbl = rt_symbol_table_init("/etc/xtables/connlabel.conf"); + ct_label_tbl = rt_symbol_table_init(CONNLABEL_CONF); } #ifndef NF_CT_HELPER_NAME_LEN -- cgit v1.2.3