From 6cce26e03778c57bbdbe4653c839de4325d21807 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 19 Feb 2020 14:57:26 +0100 Subject: src: improve error reporting when setting policy on non-base chain When trying to set a policy to non-base chain: # nft add chain x y { policy accept\; } Error: Could not process rule: Operation not supported add chain x y { policy accept; } ^^^^^^^^^^^^^ Signed-off-by: Pablo Neira Ayuso --- src/mnl.c | 12 +++++++----- src/parser_bison.y | 3 ++- 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/mnl.c b/src/mnl.c index f9591969..28ab582d 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -619,11 +619,6 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE, cmd->chain->type); } - if (cmd->chain->policy) { - mpz_export_data(&policy, cmd->chain->policy->value, - BYTEORDER_HOST_ENDIAN, sizeof(int)); - nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY, policy); - } if (cmd->chain->dev_expr) { dev_array = xmalloc(sizeof(char *) * 8); dev_array_len = 8; @@ -658,6 +653,13 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.chain.location); mnl_attr_put_strz(nlh, NFTA_CHAIN_NAME, cmd->handle.chain.name); + if (cmd->chain && cmd->chain->policy) { + mpz_export_data(&policy, cmd->chain->policy->value, + BYTEORDER_HOST_ENDIAN, sizeof(int)); + cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->chain->policy->location); + mnl_attr_put_u32(nlh, NFTA_CHAIN_POLICY, htonl(policy)); + } + nftnl_chain_nlmsg_build_payload(nlh, nlc); nftnl_chain_free(nlc); diff --git a/src/parser_bison.y b/src/parser_bison.y index 819c78bf..cc77d042 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2160,7 +2160,8 @@ policy_spec : POLICY policy_expr expr_free($2); YYERROR; } - $0->policy = $2; + $0->policy = $2; + $0->policy->location = @$; } ; -- cgit v1.2.3