summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/rule.h11
-rw-r--r--src/netlink.c2
-rw-r--r--src/parser.y2
3 files changed, 14 insertions, 1 deletions
diff --git a/include/rule.h b/include/rule.h
index 97543072..23171ffb 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -79,10 +79,20 @@ extern void table_add_hash(struct table *table);
extern struct table *table_lookup(const struct handle *h);
/**
+ * enum chain_flags - chain flags
+ *
+ * @CHAIN_F_BASECHAIN: chain is a base chain
+ */
+enum chain_flags {
+ CHAIN_F_BASECHAIN = 0x1,
+};
+
+/**
* struct chain - nftables chain
*
* @list: list node in table list
* @handle: chain handle
+ * @flags: chain flags
* @hooknum: hook number (base chains)
* @priority: hook priority (base chains)
* @rules: rules contained in the chain
@@ -90,6 +100,7 @@ extern struct table *table_lookup(const struct handle *h);
struct chain {
struct list_head list;
struct handle handle;
+ uint32_t flags;
unsigned int hooknum;
unsigned int priority;
struct scope scope;
diff --git a/src/netlink.c b/src/netlink.c
index 54d92c42..0427f4ac 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -422,7 +422,7 @@ int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h,
int err;
nlc = alloc_nft_chain(h);
- if (chain != NULL && (chain->hooknum || chain->priority)) {
+ if (chain != NULL && chain->flags & CHAIN_F_BASECHAIN) {
nfnl_nft_chain_set_hooknum(nlc, chain->hooknum);
nfnl_nft_chain_set_priority(nlc, chain->priority);
}
diff --git a/src/parser.y b/src/parser.y
index f70b505d..8e3d3639 100644
--- a/src/parser.y
+++ b/src/parser.y
@@ -740,11 +740,13 @@ hook_spec : HOOK HOOKNUM NUM
{
$<chain>0->hooknum = $2;
$<chain>0->priority = $3;
+ $<chain>0->flags |= CHAIN_F_BASECHAIN;
}
| HOOK HOOKNUM DASH NUM
{
$<chain>0->hooknum = $2;
$<chain>0->priority = -$4;
+ $<chain>0->flags |= CHAIN_F_BASECHAIN;
}
;