diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-19 14:57:26 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-19 17:29:30 +0100 |
commit | 6cce26e03778c57bbdbe4653c839de4325d21807 (patch) | |
tree | 87f3ba1ba2efcc978fcd7e01917a10d7a743b0f9 /src | |
parent | 086ec6f30c96e9a920baf22ba700ea1ee0363df7 (diff) |
src: improve error reporting when setting policy on non-base chain
When trying to set a policy to non-base chain:
# nft add chain x y { policy accept\; }
Error: Could not process rule: Operation not supported
add chain x y { policy accept; }
^^^^^^^^^^^^^
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/mnl.c | 12 | ||||
-rw-r--r-- | src/parser_bison.y | 3 |
2 files changed, 9 insertions, 6 deletions
@@ -619,11 +619,6 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE, cmd->chain->type); } - if (cmd->chain->policy) { - mpz_export_data(&policy, cmd->chain->policy->value, - BYTEORDER_HOST_ENDIAN, sizeof(int)); - nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY, policy); - } if (cmd->chain->dev_expr) { dev_array = xmalloc(sizeof(char *) * 8); dev_array_len = 8; @@ -658,6 +653,13 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.chain.location); mnl_attr_put_strz(nlh, NFTA_CHAIN_NAME, cmd->handle.chain.name); + if (cmd->chain && cmd->chain->policy) { + mpz_export_data(&policy, cmd->chain->policy->value, + BYTEORDER_HOST_ENDIAN, sizeof(int)); + cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->chain->policy->location); + mnl_attr_put_u32(nlh, NFTA_CHAIN_POLICY, htonl(policy)); + } + nftnl_chain_nlmsg_build_payload(nlh, nlc); nftnl_chain_free(nlc); diff --git a/src/parser_bison.y b/src/parser_bison.y index 819c78bf..cc77d042 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2160,7 +2160,8 @@ policy_spec : POLICY policy_expr expr_free($2); YYERROR; } - $<chain>0->policy = $2; + $<chain>0->policy = $2; + $<chain>0->policy->location = @$; } ; |