diff options
author | Fernando Fernandez Mancera <ffmancera@riseup.net> | 2019-08-02 12:12:08 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-08-08 12:32:48 +0200 |
commit | 627c451b2351310da9ad82dbdb64747b1fada8e5 (patch) | |
tree | a049c393ec78296bd014d807943c573c75695e81 /src/rule.c | |
parent | 45cb29a2ada4edfc2b547fe023d923ce0299a61d (diff) |
src: allow variables in the chain priority specification
This patch allows you to use variables in chain priority definitions,
e.g.
define prio = filter
define prionum = 10
define prioffset = "filter - 150"
add table ip foo
add chain ip foo bar { type filter hook input priority $prio; }
add chain ip foo ber { type filter hook input priority $prionum; }
add chain ip foo bor { type filter hook input priority $prioffset; }
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
-rw-r--r-- | src/rule.c | 15 |
1 files changed, 8 insertions, 7 deletions
@@ -821,7 +821,7 @@ void chain_free(struct chain *chain) xfree(chain->type); if (chain->dev != NULL) xfree(chain->dev); - xfree(chain->priority.str); + expr_free(chain->priority.expr); xfree(chain); } @@ -1051,14 +1051,15 @@ int std_prio_lookup(const char *std_prio_name, int family, int hook) static const char *prio2str(const struct output_ctx *octx, char *buf, size_t bufsize, int family, int hook, - int prio) + const struct expr *expr) { const struct prio_tag *prio_arr; + int std_prio, offset, prio; const char *std_prio_str; const int reach = 10; - int std_prio, offset; size_t i, arr_size; + mpz_export_data(&prio, expr->value, BYTEORDER_HOST_ENDIAN, sizeof(int)); if (family == NFPROTO_BRIDGE) { prio_arr = bridge_std_prios; arr_size = array_size(bridge_std_prios); @@ -1110,7 +1111,7 @@ static void chain_print_declaration(const struct chain *chain, nft_print(octx, " priority %s; policy %s;\n", prio2str(octx, priobuf, sizeof(priobuf), chain->handle.family, chain->hooknum, - chain->priority.num), + chain->priority.expr), chain_policy2str(chain->policy)); } } @@ -1141,7 +1142,7 @@ void chain_print_plain(const struct chain *chain, struct output_ctx *octx) chain->type, chain->hookstr, prio2str(octx, priobuf, sizeof(priobuf), chain->handle.family, chain->hooknum, - chain->priority.num), + chain->priority.expr), chain_policy2str(chain->policy)); } if (nft_output_handle(octx)) @@ -2047,7 +2048,7 @@ void flowtable_free(struct flowtable *flowtable) if (--flowtable->refcnt > 0) return; handle_free(&flowtable->handle); - xfree(flowtable->priority.str); + expr_free(flowtable->priority.expr); xfree(flowtable); } @@ -2077,7 +2078,7 @@ static void flowtable_print_declaration(const struct flowtable *flowtable, opts->tab, opts->tab, hooknum2str(NFPROTO_NETDEV, flowtable->hooknum), prio2str(octx, priobuf, sizeof(priobuf), NFPROTO_NETDEV, - flowtable->hooknum, flowtable->priority.num), + flowtable->hooknum, flowtable->priority.expr), opts->stmt_separator); nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab); |