summaryrefslogtreecommitdiffstats
path: root/src/evaluate.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2020-05-20 20:23:35 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2020-06-02 14:05:38 +0200
commitd47f1652088769a9dedb1fc5762c2d9d2e5d500b (patch)
tree14d195e031bed83c4b8f1c7add18e53579830ad7 /src/evaluate.c
parent45f98f7451c7c3c3deb00de18683dba1970bee0c (diff)
src: add devices to an existing flowtable
This patch allows you to add new devices to an existing flowtables. # nft add flowtable x y { devices = { eth0 } \; } Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r--src/evaluate.c21
1 files changed, 10 insertions, 11 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 4156d896..fbc8f1fb 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3624,17 +3624,16 @@ static int flowtable_evaluate(struct eval_ctx *ctx, struct flowtable *ft)
if (table == NULL)
return table_not_found(ctx);
- ft->hook.num = str2hooknum(NFPROTO_NETDEV, ft->hook.name);
- if (ft->hook.num == NF_INET_NUMHOOKS)
- return chain_error(ctx, ft, "invalid hook %s", ft->hook.name);
-
- if (!evaluate_priority(ctx, &ft->priority, NFPROTO_NETDEV, ft->hook.num))
- return __stmt_binary_error(ctx, &ft->priority.loc, NULL,
- "invalid priority expression %s.",
- expr_name(ft->priority.expr));
-
- if (!ft->dev_expr)
- return chain_error(ctx, ft, "Unbound flowtable not allowed (must specify devices)");
+ if (ft->hook.name) {
+ ft->hook.num = str2hooknum(NFPROTO_NETDEV, ft->hook.name);
+ if (ft->hook.num == NF_INET_NUMHOOKS)
+ return chain_error(ctx, ft, "invalid hook %s",
+ ft->hook.name);
+ if (!evaluate_priority(ctx, &ft->priority, NFPROTO_NETDEV, ft->hook.num))
+ return __stmt_binary_error(ctx, &ft->priority.loc, NULL,
+ "invalid priority expression %s.",
+ expr_name(ft->priority.expr));
+ }
return 0;
}