From 676b0499528a64061075034065c346ad9498cafd Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 10 Jan 2014 13:47:57 +0100 Subject: netlink: fix wrong type in attributes Fix inconsistent attribute types in meta and cmp expressions, use uint32_t. This problem was added when converting nft to use libmnl and libnftables. Signed-off-by: Pablo Neira Ayuso --- src/netlink_delinearize.c | 8 ++++---- src/netlink_linearize.c | 14 +++++++------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 7e4e38c4..3d98131b 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -103,7 +103,7 @@ static void netlink_parse_immediate(struct netlink_parse_ctx *ctx, static enum ops netlink_parse_cmp_op(const struct nft_rule_expr *nle) { - switch (nft_rule_expr_get_u8(nle, NFT_EXPR_CMP_OP)) { + switch (nft_rule_expr_get_u32(nle, NFT_EXPR_CMP_OP)) { case NFT_CMP_EQ: return OP_EQ; case NFT_CMP_NEQ: @@ -132,7 +132,7 @@ static void netlink_parse_cmp(struct netlink_parse_ctx *ctx, nld.value = nft_rule_expr_get(nle, NFT_EXPR_CMP_DATA, &nld.len); left = netlink_get_register(ctx, loc, - nft_rule_expr_get_u8(nle, NFT_EXPR_CMP_SREG)); + nft_rule_expr_get_u32(nle, NFT_EXPR_CMP_SREG)); if (left == NULL) return netlink_error(ctx, loc, "Relational expression has no left " @@ -332,9 +332,9 @@ static void netlink_parse_meta(struct netlink_parse_ctx *ctx, struct expr *expr; expr = meta_expr_alloc(loc, - nft_rule_expr_get_u8(nle, NFT_EXPR_META_KEY)); + nft_rule_expr_get_u32(nle, NFT_EXPR_META_KEY)); netlink_set_register(ctx, - nft_rule_expr_get_u8(nle, NFT_EXPR_META_DREG), + nft_rule_expr_get_u32(nle, NFT_EXPR_META_DREG), expr); } diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index e64e92a8..79cb6a70 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -210,9 +210,9 @@ static void netlink_gen_cmp(struct netlink_linearize_ctx *ctx, } nle = alloc_nft_expr("cmp"); - nft_rule_expr_set_u8(nle, NFT_EXPR_CMP_SREG, sreg); - nft_rule_expr_set_u8(nle, NFT_EXPR_CMP_OP, - netlink_gen_cmp_op(expr->op)); + nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_SREG, sreg); + nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_OP, + netlink_gen_cmp_op(expr->op)); netlink_gen_data(right, &nld); nft_rule_expr_set(nle, NFT_EXPR_CMP_DATA, nld.value, nld.len); release_register(ctx); @@ -235,7 +235,7 @@ static void netlink_gen_range(struct netlink_linearize_ctx *ctx, netlink_gen_expr(ctx, expr->left, sreg); nle = alloc_nft_expr("cmp"); - nft_rule_expr_set_u8(nle, NFT_EXPR_CMP_SREG, sreg); + nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_SREG, sreg); nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_OP, netlink_gen_cmp_op(OP_GTE)); netlink_gen_data(range->left, &nld); @@ -243,7 +243,7 @@ static void netlink_gen_range(struct netlink_linearize_ctx *ctx, nft_rule_add_expr(ctx->nlr, nle); nle = alloc_nft_expr("cmp"); - nft_rule_expr_set_u8(nle, NFT_EXPR_CMP_SREG, sreg); + nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_SREG, sreg); nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_OP, netlink_gen_cmp_op(OP_LTE)); netlink_gen_data(range->right, &nld); @@ -283,8 +283,8 @@ static void netlink_gen_flagcmp(struct netlink_linearize_ctx *ctx, nle = alloc_nft_expr("cmp"); netlink_gen_raw_data(zero, expr->right->byteorder, len, &nld); - nft_rule_expr_set_u8(nle, NFT_EXPR_CMP_SREG, sreg); - nft_rule_expr_set_u8(nle, NFT_EXPR_CMP_OP, NFT_CMP_NEQ); + nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_SREG, sreg); + nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_OP, NFT_CMP_NEQ); netlink_gen_data(expr->right, &nld); nft_rule_expr_set(nle, NFT_EXPR_CMP_DATA, nld.value, nld.len); nft_rule_add_expr(ctx->nlr, nle); -- cgit v1.2.3 From b566123b9b60aff8ef21dfa7b21f817261236b1d Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 13 Jan 2014 06:36:45 +0000 Subject: nftables: drop hard coded install using root user owner and group Packaging systems build as a non priv user, so can't install as root. Users installing from source can 'sudo make install' or run 'make install' as root Signed-off-by: Kevin Fenzi Signed-off-by: Patrick McHardy --- Makefile.rules.in | 2 +- doc/Makefile.in | 4 ++-- files/Makefile.in | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile.rules.in b/Makefile.rules.in index a93a26bd..25988dd7 100644 --- a/Makefile.rules.in +++ b/Makefile.rules.in @@ -61,7 +61,7 @@ clean_targets += $(1)-clean $(1)-install: @echo -e " INSTALL\t$1" $(MKDIR_P) $$(DESTDIR)/$$($(1)-destdir) - $(INSTALL) -m 755 -o root -g root \ + $(INSTALL) -m 755 -p \ $(SUBDIR)$(1) \ $$(DESTDIR)/$$($(1)-destdir)/$(1) install_targets += $(1)-install diff --git a/doc/Makefile.in b/doc/Makefile.in index 2c42d7e5..e0732adb 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -10,11 +10,11 @@ install: $(mandocs-y) $(pdfdocs-y) @echo -e " INSTALL\tdoc" if test -n "$(mandocs-y)"; then \ $(MKDIR_P) $(DESTDIR)/${mandir}/man8 ;\ - $(INSTALL) -m 755 -o root -g root $(mandocs-y) \ + $(INSTALL) -m 755 -p $(mandocs-y) \ $(DESTDIR)/${mandir}/man8/ ;\ fi if test -n "$(pdfdocs-y)"; then \ $(MKDIR_P) $(DESTDIR)/${pdfdir} ;\ - $(INSTALL) -m 755 -o root -g root $(pdfdocs-y) \ + $(INSTALL) -m 755 -p $(pdfdocs-y) \ $(DESTDIR)/${pdfdir}/ ;\ fi diff --git a/files/Makefile.in b/files/Makefile.in index cd67c37d..c3643df2 100644 --- a/files/Makefile.in +++ b/files/Makefile.in @@ -1,4 +1,4 @@ install: @echo -e " INSTALL\tfiles" $(MKDIR_P) $(DESTDIR)/$(confdir) - $(INSTALL) -m 755 -o root -g root $(SUBDIR)nftables/* $(DESTDIR)/$(confdir)/ + $(INSTALL) -m 755 -p $(SUBDIR)nftables/* $(DESTDIR)/$(confdir)/ -- cgit v1.2.3 From c54ce2e0fd25d79f5343792c1c620fecdc3b03bc Mon Sep 17 00:00:00 2001 From: Arturo Borrero Gonzalez Date: Mon, 13 Jan 2014 09:37:45 +0000 Subject: files: replace interpreter during installation Many systems (for example Debian) don't recognice `#!nft -f' as a valid interpreter. A short way to handle this is to provide the full path to the interpreter in the shebang. That is what this patch does: update the shebang's path during installation. For example, if you are installing under /usr/local, the shebang becomes: #!/usr/local/sbin/nft -f If using --prefix=/, then: #!/sbin/nft -f NOTE: If the shebang in source files are changed in a future, this sed script should be updated as well. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Patrick McHardy --- Makefile.defs.in | 1 + configure.ac | 1 + files/Makefile.in | 1 + 3 files changed, 3 insertions(+) diff --git a/Makefile.defs.in b/Makefile.defs.in index 502f3748..3fee9c22 100644 --- a/Makefile.defs.in +++ b/Makefile.defs.in @@ -5,6 +5,7 @@ LEX = @LEX@ YACC = @YACC@ MKDIR_P = @MKDIR_P@ INSTALL = @INSTALL@ +SED = @SED@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ diff --git a/configure.ac b/configure.ac index 811d7e22..ca14d835 100644 --- a/configure.ac +++ b/configure.ac @@ -23,6 +23,7 @@ AC_SUBST([CONFIG_DEBUG]) AC_PROG_CC AC_PROG_MKDIR_P AC_PROG_INSTALL +AC_PROG_SED AC_CHECK_PROG(CONFIG_MAN, docbook2x-man, y, n) if test "$CONFIG_MAN" != "y" diff --git a/files/Makefile.in b/files/Makefile.in index c3643df2..dc237e23 100644 --- a/files/Makefile.in +++ b/files/Makefile.in @@ -2,3 +2,4 @@ install: @echo -e " INSTALL\tfiles" $(MKDIR_P) $(DESTDIR)/$(confdir) $(INSTALL) -m 755 -p $(SUBDIR)nftables/* $(DESTDIR)/$(confdir)/ + $(SED) -i "s~#\! nft~#\!@sbindir@/nft~" $(DESTDIR)/$(confdir)/* -- cgit v1.2.3 From 5e8f8a1807917f92e568437598670b0026462c1c Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Tue, 14 Jan 2014 12:30:48 +0000 Subject: parser: replace "vmap" keyword by "map" Consistently use "map" to express mappings. Signed-off-by: Patrick McHardy --- src/parser.y | 3 +-- src/scanner.l | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/src/parser.y b/src/parser.y index 26e71e37..faa9a33f 100644 --- a/src/parser.y +++ b/src/parser.y @@ -150,7 +150,6 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token DASH "-" %token AT "@" %token ARROW "=>" -%token VMAP "vmap" %token INCLUDE "include" %token DEFINE "define" @@ -1207,7 +1206,7 @@ map_expr : concat_expr MAP expr } ; -verdict_map_expr : concat_expr VMAP expr +verdict_map_expr : concat_expr MAP expr { $$ = map_expr_alloc(&@$, $1, $3); } diff --git a/src/scanner.l b/src/scanner.l index cee6aa6e..13b0ce8c 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -210,7 +210,6 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "$" { return '$'; } "=" { return '='; } "=>" { return ARROW; } -"vmap" { return VMAP; } "include" { return INCLUDE; } "define" { return DEFINE; } -- cgit v1.2.3