src: use definitions in include/linux/netfilter/nf_tables.h

Use NFT_LOGLEVEL_* definitions in UAPI.

Make an internal definition of NFT_OSF_F_VERSION, this was originally
defined in the UAPI header in the initial patch version, however, this
is not available anymore.

Add a bison rule to deal with the timeout case.

Otherwise, compilation breaks.

Fixes: d3869cae9d62 ("include: refresh nf_tables.h cached copy")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/osf.h b/include/osf.h
index 8f6f5840620e21d6a2d3ccfe109e93b10ada3f10..2eef257c2b5110b286985a78bd0cbf272439b4b2 100644 (file)
--- a/include/osf.h
+++ b/include/osf.h
@@ -1,6 +1,8 @@
 #ifndef NFTABLES_OSF_H
 #define NFTABLES_OSF_H
 
+#define NFT_OSF_F_VERSION      0x1
+
 struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl,
                            const uint32_t flags);
 

diff --git a/src/evaluate.c b/src/evaluate.c
index 3593eb80a6a6f9ec9e20b1052de7fe5923e776b9..21d9e146e587f49aacad615d514b63e5500af6b6 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2812,7 +2812,7 @@ static int stmt_evaluate_log(struct eval_ctx *ctx, struct stmt *stmt)
                        return stmt_error(ctx, stmt,
                                  "flags and group are mutually exclusive");
        }
-       if (stmt->log.level == LOGLEVEL_AUDIT &&
+       if (stmt->log.level == NFT_LOGLEVEL_AUDIT &&
            (stmt->log.flags & ~STMT_LOG_LEVEL || stmt->log.logflags))
                return stmt_error(ctx, stmt,
                                  "log level audit doesn't support any further options");

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 9aea6526533294357a9fd9b76adaac9b1e6aa3cf..9e632c0d1f6e90225d6d37aa87c82e1651ecb5b4 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2414,23 +2414,23 @@ log_arg                 :       PREFIX                  string
 level_type             :       string
                        {
                                if (!strcmp("emerg", $1))
-                                       $$ = LOG_EMERG;
+                                       $$ = NFT_LOGLEVEL_EMERG;
                                else if (!strcmp("alert", $1))
-                                       $$ = LOG_ALERT;
+                                       $$ = NFT_LOGLEVEL_ALERT;
                                else if (!strcmp("crit", $1))
-                                       $$ = LOG_CRIT;
+                                       $$ = NFT_LOGLEVEL_CRIT;
                                else if (!strcmp("err", $1))
-                                       $$ = LOG_ERR;
+                                       $$ = NFT_LOGLEVEL_ERR;
                                else if (!strcmp("warn", $1))
-                                       $$ = LOG_WARNING;
+                                       $$ = NFT_LOGLEVEL_WARNING;
                                else if (!strcmp("notice", $1))
-                                       $$ = LOG_NOTICE;
+                                       $$ = NFT_LOGLEVEL_NOTICE;
                                else if (!strcmp("info", $1))
-                                       $$ = LOG_INFO;
+                                       $$ = NFT_LOGLEVEL_INFO;
                                else if (!strcmp("debug", $1))
-                                       $$ = LOG_DEBUG;
+                                       $$ = NFT_LOGLEVEL_DEBUG;
                                else if (!strcmp("audit", $1))
-                                       $$ = LOGLEVEL_AUDIT;
+                                       $$ = NFT_LOGLEVEL_AUDIT;
                                else {
                                        erec_queue(error(&@1, "invalid log level"),
                                                   state->msgs);
@@ -4101,7 +4101,6 @@ ct_key                    :       L3PROTOCOL      { $$ = NFT_CT_L3PROTOCOL; }
                        |       PROTO_DST       { $$ = NFT_CT_PROTO_DST; }
                        |       LABEL           { $$ = NFT_CT_LABELS; }
                        |       EVENT           { $$ = NFT_CT_EVENTMASK; }
-                       |       TIMEOUT         { $$ = NFT_CT_TIMEOUT; }
                        |       ct_key_dir_optional
                        ;
 
@@ -4150,16 +4149,18 @@ ct_stmt                 :       CT      ct_key          SET     stmt_expr
                                        $$->objref.type = NFT_OBJECT_CT_HELPER;
                                        $$->objref.expr = $4;
                                        break;
-                               case NFT_CT_TIMEOUT:
-                                       $$ = objref_stmt_alloc(&@$);
-                                       $$->objref.type = NFT_OBJECT_CT_TIMEOUT;
-                                       $$->objref.expr = $4;
-                                       break;
                                default:
                                        $$ = ct_stmt_alloc(&@$, $2, -1, $4);
                                        break;
                                }
                        }
+                       |       CT      TIMEOUT         SET     stmt_expr
+                       {
+                               $$ = objref_stmt_alloc(&@$);
+                               $$->objref.type = NFT_OBJECT_CT_TIMEOUT;
+                               $$->objref.expr = $4;
+
+                       }
                        |       CT      ct_dir  ct_key_dir_optional SET stmt_expr
                        {
                                $$ = ct_stmt_alloc(&@$, $3, $2, $5);

diff --git a/src/statement.c b/src/statement.c
index 7f9c10b38244f35deb758000bd8137054ba76ba8..a9e8b3ae07807fac84adf93f9489033434104223 100644 (file)
--- a/src/statement.c
+++ b/src/statement.c
@@ -256,21 +256,21 @@ struct stmt *objref_stmt_alloc(const struct location *loc)
        return stmt;
 }
 
-static const char *syslog_level[LOGLEVEL_AUDIT + 1] = {
-       [LOG_EMERG]     = "emerg",
-       [LOG_ALERT]     = "alert",
-       [LOG_CRIT]      = "crit",
-       [LOG_ERR]       = "err",
-       [LOG_WARNING]   = "warn",
-       [LOG_NOTICE]    = "notice",
-       [LOG_INFO]      = "info",
-       [LOG_DEBUG]     = "debug",
-       [LOGLEVEL_AUDIT] = "audit"
+static const char *syslog_level[NFT_LOGLEVEL_MAX + 1] = {
+       [NFT_LOGLEVEL_EMERG]    = "emerg",
+       [NFT_LOGLEVEL_ALERT]    = "alert",
+       [NFT_LOGLEVEL_CRIT]     = "crit",
+       [NFT_LOGLEVEL_ERR]      = "err",
+       [NFT_LOGLEVEL_WARNING]  = "warn",
+       [NFT_LOGLEVEL_NOTICE]   = "notice",
+       [NFT_LOGLEVEL_INFO]     = "info",
+       [NFT_LOGLEVEL_DEBUG]    = "debug",
+       [NFT_LOGLEVEL_AUDIT]    = "audit"
 };
 
 const char *log_level(uint32_t level)
 {
-       if (level > LOGLEVEL_AUDIT)
+       if (level > NFT_LOGLEVEL_MAX)
                return "unknown";
 
        return syslog_level[level];
@@ -280,7 +280,7 @@ int log_level_parse(const char *level)
 {
        int i;
 
-       for (i = 0; i <= LOGLEVEL_AUDIT; i++) {
+       for (i = 0; i <= NFT_LOGLEVEL_MAX; i++) {
                if (syslog_level[i] &&
                    !strcmp(level, syslog_level[i]))
                        return i;