src: allow variable in chain policy

This patch allows you to use variables in chain policy definition, e.g. define default_policy = "accept" add table ip foo add chain ip foo bar {type filter hook input priority filter; policy $default_policy} Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Fernando Fernandez Mancera <ffmancera@riseup.net> 2019-08-02 12:12:10 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-08-08 12:43:10 +0200
commit: dba4a9b4b5fe2c4b6929be799fdb9332fc653e1b (patch)
tree: 800a99b457f9a37fd7790a8308c0d4ec33809510 /src/parser_json.c
parent: 627c451b2351310da9ad82dbdb64747b1fada8e5 (diff)
1 files changed, 12 insertions, 5 deletions
diff --git a/src/parser_json.c b/src/parser_json.c
index a45234ad..956233b9 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2530,13 +2530,20 @@ static struct cmd *json_parse_cmd_add_table(struct json_ctx *ctx, json_t *root,
 	return cmd_alloc(op, obj, &h, int_loc, NULL);
 }
 
-static int parse_policy(const char *policy)
+static struct expr *parse_policy(const char *policy)
 {
+	int policy_num;
+
 	if (!strcmp(policy, "accept"))
-		return NF_ACCEPT;
-	if (!strcmp(policy, "drop"))
-		return NF_DROP;
-	return -1;
+		policy_num = NF_ACCEPT;
+	else if (!strcmp(policy, "drop"))
+		policy_num = NF_DROP;
+	else
+		return NULL;
+
+	return constant_expr_alloc(int_loc, &integer_type,
+				   BYTEORDER_HOST_ENDIAN,
+				   sizeof(int) * BITS_PER_BYTE, &policy_num);
 }
 
 static struct cmd *json_parse_cmd_add_chain(struct json_ctx *ctx, json_t *root,
author	Fernando Fernandez Mancera <ffmancera@riseup.net>	2019-08-02 12:12:10 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-08-08 12:43:10 +0200
commit	dba4a9b4b5fe2c4b6929be799fdb9332fc653e1b (patch)
tree	800a99b457f9a37fd7790a8308c0d4ec33809510 /src/parser_json.c
parent	627c451b2351310da9ad82dbdb64747b1fada8e5 (diff)