summaryrefslogtreecommitdiffstats
path: root/src/rule.c
diff options
context:
space:
mode:
authorFernando Fernandez Mancera <ffmancera@riseup.net>2019-08-02 12:12:08 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2019-08-08 12:32:48 +0200
commit627c451b2351310da9ad82dbdb64747b1fada8e5 (patch)
treea049c393ec78296bd014d807943c573c75695e81 /src/rule.c
parent45cb29a2ada4edfc2b547fe023d923ce0299a61d (diff)
src: allow variables in the chain priority specification
This patch allows you to use variables in chain priority definitions, e.g. define prio = filter define prionum = 10 define prioffset = "filter - 150" add table ip foo add chain ip foo bar { type filter hook input priority $prio; } add chain ip foo ber { type filter hook input priority $prionum; } add chain ip foo bor { type filter hook input priority $prioffset; } Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
-rw-r--r--src/rule.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/src/rule.c b/src/rule.c
index 29360657..2aca8aff 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -821,7 +821,7 @@ void chain_free(struct chain *chain)
xfree(chain->type);
if (chain->dev != NULL)
xfree(chain->dev);
- xfree(chain->priority.str);
+ expr_free(chain->priority.expr);
xfree(chain);
}
@@ -1051,14 +1051,15 @@ int std_prio_lookup(const char *std_prio_name, int family, int hook)
static const char *prio2str(const struct output_ctx *octx,
char *buf, size_t bufsize, int family, int hook,
- int prio)
+ const struct expr *expr)
{
const struct prio_tag *prio_arr;
+ int std_prio, offset, prio;
const char *std_prio_str;
const int reach = 10;
- int std_prio, offset;
size_t i, arr_size;
+ mpz_export_data(&prio, expr->value, BYTEORDER_HOST_ENDIAN, sizeof(int));
if (family == NFPROTO_BRIDGE) {
prio_arr = bridge_std_prios;
arr_size = array_size(bridge_std_prios);
@@ -1110,7 +1111,7 @@ static void chain_print_declaration(const struct chain *chain,
nft_print(octx, " priority %s; policy %s;\n",
prio2str(octx, priobuf, sizeof(priobuf),
chain->handle.family, chain->hooknum,
- chain->priority.num),
+ chain->priority.expr),
chain_policy2str(chain->policy));
}
}
@@ -1141,7 +1142,7 @@ void chain_print_plain(const struct chain *chain, struct output_ctx *octx)
chain->type, chain->hookstr,
prio2str(octx, priobuf, sizeof(priobuf),
chain->handle.family, chain->hooknum,
- chain->priority.num),
+ chain->priority.expr),
chain_policy2str(chain->policy));
}
if (nft_output_handle(octx))
@@ -2047,7 +2048,7 @@ void flowtable_free(struct flowtable *flowtable)
if (--flowtable->refcnt > 0)
return;
handle_free(&flowtable->handle);
- xfree(flowtable->priority.str);
+ expr_free(flowtable->priority.expr);
xfree(flowtable);
}
@@ -2077,7 +2078,7 @@ static void flowtable_print_declaration(const struct flowtable *flowtable,
opts->tab, opts->tab,
hooknum2str(NFPROTO_NETDEV, flowtable->hooknum),
prio2str(octx, priobuf, sizeof(priobuf), NFPROTO_NETDEV,
- flowtable->hooknum, flowtable->priority.num),
+ flowtable->hooknum, flowtable->priority.expr),
opts->stmt_separator);
nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab);