diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-03-10 11:43:32 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:27 +0100 |
| commit | c924c0cd07440aa9ce7465e2ba68fb266f07d7c3 (patch) | |
| tree | 5ec709dd5a89fa8b80bec6d2ca0965d56634362e /iptables/xtables-config-parser.y | |
| parent | c1ee3f1849436d81579632a1cc8ba6a4b878fc3c (diff) | |
xtables-config: priority has to be per-chain to support
To support NAT table chain configuration appropriately. Modify example
configuration file as well.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/xtables-config-parser.y')
| -rw-r--r-- | iptables/xtables-config-parser.y | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/iptables/xtables-config-parser.y b/iptables/xtables-config-parser.y index fe5bcbf1..ad5d624b 100644 --- a/iptables/xtables-config-parser.y +++ b/iptables/xtables-config-parser.y @@ -105,12 +105,10 @@ lines : line line : table ; -table : T_TABLE T_STRING T_PRIO T_INTEGER '{' chains '}' +table : T_TABLE T_STRING '{' chains '}' { /* added in reverse order to pop it in order */ - void *data = stack_push(T_PRIO, sizeof(int32_t)); - stack_put_i32(data, $4); - data = stack_push(T_TABLE, strlen($2)); + void *data = stack_push(T_TABLE, strlen($2)); stack_put_str(data, $2); } ; @@ -119,10 +117,12 @@ chains : chain | chains chain ; -chain : T_CHAIN T_STRING T_HOOK T_STRING +chain : T_CHAIN T_STRING T_HOOK T_STRING T_PRIO T_INTEGER { /* added in reverse order to pop it in order */ - void *data = stack_push(T_HOOK, strlen($4)); + void *data = stack_push(T_PRIO, sizeof(int32_t)); + stack_put_i32(data, $6); + data = stack_push(T_HOOK, strlen($4)); stack_put_str(data, $4); data = stack_push(T_CHAIN, strlen($2)); stack_put_str(data, $2); @@ -194,13 +194,13 @@ int xtables_config_parse(char *filename, struct nft_table_list *table_list, } nft_chain_attr_set(chain, NFT_CHAIN_ATTR_TABLE, (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME)); + nft_chain_attr_set_s32(chain, NFT_CHAIN_ATTR_PRIO, prio); nft_chain_attr_set(chain, NFT_CHAIN_ATTR_NAME, e->data); nft_chain_list_add(chain, chain_list); break; case T_HOOK: nft_chain_attr_set_u32(chain, NFT_CHAIN_ATTR_HOOKNUM, hooknametonum(e->data)); - nft_chain_attr_set_s32(chain, NFT_CHAIN_ATTR_PRIO, prio); break; default: printf("unknown token type %d\n", e->token); |