diff options
author | Florian Westphal <fw@strlen.de> | 2016-07-20 12:14:06 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2016-07-21 00:25:55 +0200 |
commit | a4fe9cfe788706c0bf1c3a40b7c92f1d2bebf7e7 (patch) | |
tree | f1f7e954c6154c792b78c18fd01f8ac59768ac98 | |
parent | 43d4b72aa45b669f839ef2c4e2eeb9bb316dd894 (diff) |
ct: use nftables sysconf location for connlabel configuration
Instead of using /etc/xtables use the nftables syconfdir.
Also update error message to tell which label failed translation
and which config file was used for this:
nft add filter input ct label foo
<cmdline>:1:27-29: Error: /etc/nftables/connlabel.conf: could not parse conntrack label "foo"
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | src/ct.c | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -29,6 +29,8 @@ #include <utils.h> #include <statement.h> +#define CONNLABEL_CONF DEFAULT_INCLUDE_PATH "connlabel.conf" + static const struct symbol_table ct_state_tbl = { .symbols = { SYMBOL("invalid", NF_CT_STATE_INVALID_BIT), @@ -128,7 +130,8 @@ static struct error_record *ct_label_type_parse(const struct expr *sym, dtype = sym->dtype; if (s->identifier == NULL) - return error(&sym->location, "Could not parse %s", dtype->desc); + return error(&sym->location, "%s: could not parse %s \"%s\"", + CONNLABEL_CONF, dtype->desc, sym->identifier); if (s->value >= CT_LABEL_BIT_SIZE) return error(&sym->location, "%s: out of range (%u max)", @@ -158,7 +161,7 @@ static const struct datatype ct_label_type = { static void __init ct_label_table_init(void) { - ct_label_tbl = rt_symbol_table_init("/etc/xtables/connlabel.conf"); + ct_label_tbl = rt_symbol_table_init(CONNLABEL_CONF); } #ifndef NF_CT_HELPER_NAME_LEN |