]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f2be4af)
src: add set_spec
authorPablo Neira Ayuso <pablo@netfilter.org>
Thu, 3 May 2018 10:31:48 +0000 (12:31 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sun, 6 May 2018 20:48:30 +0000 (22:48 +0200)
Store location object in handle to improve error reporting.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/rule.h patch | blob | blame | history
src/evaluate.c patch | blob | blame | history
src/expression.c patch | blob | blame | history
src/netlink.c patch | blob | blame | history
src/netlink_linearize.c patch | blob | blame | history
src/parser_bison.y patch | blob | blame | history
src/rule.c patch | blob | blame | history
src/segtree.c patch | blob | blame | history

diff --git a/include/rule.h b/include/rule.h
index 4ea09c52b12e1f794579484ea5814e74595fba00..68d32f10c353857c18e994b47c45af25214a0e34 100644 (file)
--- a/include/rule.h
+++ b/include/rule.h
@@ -37,6 +37,11 @@ struct chain_spec {
        const char              *name;
 };
 
+struct set_spec {
+       struct location         location;
+       const char              *name;
+};
+
 /**
  * struct handle - handle for tables, chains, rules and sets
  *
@@ -54,7 +59,7 @@ struct handle {
        uint32_t                family;
        struct table_spec       table;
        struct chain_spec       chain;
-       const char              *set;
+       struct set_spec         set;
        const char              *obj;
        const char              *flowtable;
        struct handle_spec      handle;
diff --git a/src/evaluate.c b/src/evaluate.c
index c924547cd69b9af1245fd0040f15086bafbe4331..f52ee7a60302f67443b4125e09f065cd4c9ba379 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -84,7 +84,7 @@ static struct expr *implicit_set_declaration(struct eval_ctx *ctx,
 
        set = set_alloc(&expr->location);
        set->flags      = NFT_SET_ANONYMOUS | expr->set_flags;
-       set->handle.set = xstrdup(name);
+       set->handle.set.name = xstrdup(name);
        set->key        = key;
        set->init       = expr;
        set->automerge  = set->flags & NFT_SET_INTERVAL;
@@ -2750,10 +2750,10 @@ static int setelem_evaluate(struct eval_ctx *ctx, struct expr **expr)
                return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
                                 ctx->cmd->handle.table.name);
 
-       set = set_lookup(table, ctx->cmd->handle.set);
+       set = set_lookup(table, ctx->cmd->handle.set.name);
        if (set == NULL)
                return cmd_error(ctx, "Could not process rule: Set '%s' does not exist",
-                                ctx->cmd->handle.set);
+                                ctx->cmd->handle.set.name);
 
        ctx->set = set;
        expr_set_context(&ctx->ectx, set->key->dtype, set->key->len);
@@ -2814,7 +2814,7 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set)
        }
        ctx->set = NULL;
 
-       if (set_lookup(table, set->handle.set) == NULL)
+       if (set_lookup(table, set->handle.set.name) == NULL)
                set_add_hash(set_get(set), table);
 
        /* Default timeout value implies timeout support */
@@ -3090,10 +3090,10 @@ static int cmd_evaluate_get(struct eval_ctx *ctx, struct cmd *cmd)
                if (table == NULL)
                        return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
                                         cmd->handle.table.name);
-               set = set_lookup(table, cmd->handle.set);
+               set = set_lookup(table, cmd->handle.set.name);
                if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL))
                        return cmd_error(ctx, "Could not process rule: Set '%s' does not exist",
-                                        cmd->handle.set);
+                                        cmd->handle.set.name);
 
                return setelem_evaluate(ctx, &cmd->expr);
        default:
@@ -3145,30 +3145,30 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
                if (table == NULL)
                        return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
                                         cmd->handle.table.name);
-               set = set_lookup(table, cmd->handle.set);
+               set = set_lookup(table, cmd->handle.set.name);
                if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL))
                        return cmd_error(ctx, "Could not process rule: Set '%s' does not exist",
-                                        cmd->handle.set);
+                                        cmd->handle.set.name);
                return 0;
        case CMD_OBJ_METER:
                table = table_lookup(&cmd->handle, ctx->cache);
                if (table == NULL)
                        return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
                                         cmd->handle.table.name);
-               set = set_lookup(table, cmd->handle.set);
+               set = set_lookup(table, cmd->handle.set.name);
                if (set == NULL || !(set->flags & NFT_SET_EVAL))
                        return cmd_error(ctx, "Could not process rule: Meter '%s' does not exist",
-                                        cmd->handle.set);
+                                        cmd->handle.set.name);
                return 0;
        case CMD_OBJ_MAP:
                table = table_lookup(&cmd->handle, ctx->cache);
                if (table == NULL)
                        return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
                                         cmd->handle.table.name);
-               set = set_lookup(table, cmd->handle.set);
+               set = set_lookup(table, cmd->handle.set.name);
                if (set == NULL || !(set->flags & NFT_SET_MAP))
                        return cmd_error(ctx, "Could not process rule: Map '%s' does not exist",
-                                        cmd->handle.set);
+                                        cmd->handle.set.name);
                return 0;
        case CMD_OBJ_CHAIN:
                table = table_lookup(&cmd->handle, ctx->cache);
@@ -3261,10 +3261,10 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
                if (table == NULL)
                        return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
                                         cmd->handle.table.name);
-               set = set_lookup(table, cmd->handle.set);
+               set = set_lookup(table, cmd->handle.set.name);
                if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL))
                        return cmd_error(ctx, "Could not process rule: Set '%s' does not exist",
-                                        cmd->handle.set);
+                                        cmd->handle.set.name);
                return 0;
        case CMD_OBJ_MAP:
                ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
@@ -3276,10 +3276,10 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
                if (table == NULL)
                        return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
                                         cmd->handle.table.name);
-               set = set_lookup(table, cmd->handle.set);
+               set = set_lookup(table, cmd->handle.set.name);
                if (set == NULL || !(set->flags & NFT_SET_MAP))
                        return cmd_error(ctx, "Could not process rule: Map '%s' does not exist",
-                                        cmd->handle.set);
+                                        cmd->handle.set.name);
                return 0;
        case CMD_OBJ_METER:
                ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
@@ -3291,10 +3291,10 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
                if (table == NULL)
                        return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
                                         cmd->handle.table.name);
-               set = set_lookup(table, cmd->handle.set);
+               set = set_lookup(table, cmd->handle.set.name);
                if (set == NULL || !(set->flags & NFT_SET_EVAL))
                        return cmd_error(ctx, "Could not process rule: Meter '%s' does not exist",
-                                        cmd->handle.set);
+                                        cmd->handle.set.name);
                return 0;
        default:
                BUG("invalid command object type %u\n", cmd->obj);
diff --git a/src/expression.c b/src/expression.c
index e698b14c969c79e63b31cf1848e550d88ec48738..239cf8825c4f4772b6b41247b94540e45540988f 100644 (file)
--- a/src/expression.c
+++ b/src/expression.c
@@ -978,11 +978,11 @@ static void set_ref_expr_print(const struct expr *expr, struct output_ctx *octx)
 {
        if (expr->set->flags & NFT_SET_ANONYMOUS) {
                if (expr->set->flags & NFT_SET_EVAL)
-                       nft_print(octx, "%s", expr->set->handle.set);
+                       nft_print(octx, "%s", expr->set->handle.set.name);
                else
                        expr_print(expr->set->init, octx);
        } else {
-               nft_print(octx, "@%s", expr->set->handle.set);
+               nft_print(octx, "@%s", expr->set->handle.set.name);
        }
 }
 
diff --git a/src/netlink.c b/src/netlink.c
index e33e094e1992706b9c397480e8252b54d0252144..e465daa79c841878f1e4a1601b2f8809e64992dc 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -192,8 +192,8 @@ struct nftnl_set *alloc_nftnl_set(const struct handle *h)
 
        nftnl_set_set_u32(nls, NFTNL_SET_FAMILY, h->family);
        nftnl_set_set_str(nls, NFTNL_SET_TABLE, h->table.name);
-       if (h->set != NULL)
-               nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set);
+       if (h->set.name != NULL)
+               nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set.name);
        if (h->set_id)
                nftnl_set_set_u32(nls, NFTNL_SET_ID, h->set_id);
        if (h->handle.id)
@@ -926,7 +926,7 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
        set = set_alloc(&netlink_location);
        set->handle.family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY);
        set->handle.table.name = xstrdup(nftnl_set_get_str(nls, NFTNL_SET_TABLE));
-       set->handle.set    = xstrdup(nftnl_set_get_str(nls, NFTNL_SET_NAME));
+       set->handle.set.name = xstrdup(nftnl_set_get_str(nls, NFTNL_SET_NAME));
        set->automerge     = automerge;
 
        set->key     = constant_expr_alloc(&netlink_location,
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 6c49969bf5a9d791859b98229519f32b0f56cfbf..2ab8accf0bf4dfc4d2fecb2c66d081f296a95fbf 100644 (file)
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -265,7 +265,7 @@ static void netlink_gen_map(struct netlink_linearize_ctx *ctx,
        netlink_put_register(nle, NFTNL_EXPR_LOOKUP_SREG, sreg);
        netlink_put_register(nle, NFTNL_EXPR_LOOKUP_DREG, dreg);
        nftnl_expr_set_str(nle, NFTNL_EXPR_LOOKUP_SET,
-                          expr->mappings->set->handle.set);
+                          expr->mappings->set->handle.set.name);
        nftnl_expr_set_u32(nle, NFTNL_EXPR_LOOKUP_SET_ID,
                           expr->mappings->set->handle.set_id);
 
@@ -291,7 +291,7 @@ static void netlink_gen_lookup(struct netlink_linearize_ctx *ctx,
        nle = alloc_nft_expr("lookup");
        netlink_put_register(nle, NFTNL_EXPR_LOOKUP_SREG, sreg);
        nftnl_expr_set_str(nle, NFTNL_EXPR_LOOKUP_SET,
-                          expr->right->set->handle.set);
+                          expr->right->set->handle.set.name);
        nftnl_expr_set_u32(nle, NFTNL_EXPR_LOOKUP_SET_ID,
                           expr->right->set->handle.set_id);
        if (expr->op == OP_NEQ)
@@ -716,7 +716,7 @@ static void netlink_gen_objref_stmt(struct netlink_linearize_ctx *ctx,
 
                nftnl_expr_set_u32(nle, NFTNL_EXPR_OBJREF_SET_SREG, sreg_key);
                nftnl_expr_set_str(nle, NFTNL_EXPR_OBJREF_SET_NAME,
-                                  expr->mappings->set->handle.set);
+                                  expr->mappings->set->handle.set.name);
                nftnl_expr_set_u32(nle, NFTNL_EXPR_OBJREF_SET_ID,
                                   expr->mappings->set->handle.set_id);
                break;
@@ -1172,7 +1172,7 @@ static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx,
                nftnl_expr_set_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT,
                                   stmt->set.key->timeout);
        nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_OP, stmt->set.op);
-       nftnl_expr_set_str(nle, NFTNL_EXPR_DYNSET_SET_NAME, set->handle.set);
+       nftnl_expr_set_str(nle, NFTNL_EXPR_DYNSET_SET_NAME, set->handle.set.name);
        nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_SET_ID, set->handle.set_id);
        nftnl_rule_add_expr(ctx->nlr, nle);
 }
@@ -1228,7 +1228,7 @@ static void netlink_gen_meter_stmt(struct netlink_linearize_ctx *ctx,
                nftnl_expr_set_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT,
                                   stmt->meter.key->timeout);
        nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_OP, op);
-       nftnl_expr_set_str(nle, NFTNL_EXPR_DYNSET_SET_NAME, set->handle.set);
+       nftnl_expr_set_str(nle, NFTNL_EXPR_DYNSET_SET_NAME, set->handle.set.name);
        nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_SET_ID, set->handle.set_id);
        nftnl_expr_set(nle, NFTNL_EXPR_DYNSET_EXPR,
                       netlink_gen_stmt_stateful(ctx, stmt->meter.stmt), 0);
diff --git a/src/parser_bison.y b/src/parser_bison.y
index b5229ae1b9920739f65cb8c93d84a16e435fa84e..28aa6cc1905137c991e682da8e32eddadcde705b 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1885,7 +1885,8 @@ chain_identifier  :       identifier
 set_spec               :       table_spec      identifier
                        {
                                $$              = $1;
-                               $$.set          = $2;
+                               $$.set.name     = $2;
+                               $$.set.location = @2;
                        }
                        ;
 
@@ -1900,7 +1901,8 @@ setid_spec                :       table_spec      HANDLE NUM
 set_identifier         :       identifier
                        {
                                memset(&$$, 0, sizeof($$));
-                               $$.set          = $1;
+                               $$.set.name     = $1;
+                               $$.set.location = @1;
                        }
                        ;
 
diff --git a/src/rule.c b/src/rule.c
index bbf23a6bcb50dad6c93c9d1c116b9dca37afb82a..7d18bd08c1fb3439693ea372747357cfa7a4f75b 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -32,7 +32,7 @@ void handle_free(struct handle *h)
 {
        xfree(h->table.name);
        xfree(h->chain.name);
-       xfree(h->set);
+       xfree(h->set.name);
        xfree(h->flowtable);
 }
 
@@ -44,8 +44,8 @@ void handle_merge(struct handle *dst, const struct handle *src)
                dst->table.name = xstrdup(src->table.name);
        if (dst->chain.name == NULL && src->chain.name != NULL)
                dst->chain.name = xstrdup(src->chain.name);
-       if (dst->set == NULL && src->set != NULL)
-               dst->set = xstrdup(src->set);
+       if (dst->set.name == NULL && src->set.name != NULL)
+               dst->set.name = xstrdup(src->set.name);
        if (dst->flowtable == NULL && src->flowtable != NULL)
                dst->flowtable = xstrdup(src->flowtable);
        if (dst->obj == NULL && src->obj != NULL)
@@ -257,7 +257,7 @@ struct set *set_lookup(const struct table *table, const char *name)
        struct set *set;
 
        list_for_each_entry(set, &table->sets, list) {
-               if (!strcmp(set->handle.set, name))
+               if (!strcmp(set->handle.set.name, name))
                        return set;
        }
        return NULL;
@@ -322,7 +322,7 @@ static void set_print_declaration(const struct set *set,
        if (opts->table != NULL)
                nft_print(octx, " %s", opts->table);
 
-       nft_print(octx, " %s {", set->handle.set);
+       nft_print(octx, " %s {", set->handle.set.name);
 
        if (octx->handle > 0)
                nft_print(octx, " # handle %" PRIu64, set->handle.handle.id);
@@ -1100,7 +1100,7 @@ static int do_add_setelems(struct netlink_ctx *ctx, struct cmd *cmd,
        struct set *set;
 
        table = table_lookup(h, ctx->cache);
-       set = set_lookup(table, h->set);
+       set = set_lookup(table, h->set.name);
 
        if (set->flags & NFT_SET_INTERVAL &&
            set_to_intervals(ctx->msgs, set, init, true,
@@ -1212,7 +1212,7 @@ static int do_delete_setelems(struct netlink_ctx *ctx, struct cmd *cmd)
        struct set *set;
 
        table = table_lookup(h, ctx->cache);
-       set = set_lookup(table, h->set);
+       set = set_lookup(table, h->set.name);
 
        if (set->flags & NFT_SET_INTERVAL &&
            set_to_intervals(ctx->msgs, set, expr, false,
@@ -1800,7 +1800,7 @@ static int do_list_set(struct netlink_ctx *ctx, struct cmd *cmd,
 {
        struct set *set;
 
-       set = set_lookup(table, cmd->handle.set);
+       set = set_lookup(table, cmd->handle.set.name);
        if (set == NULL)
                return -1;
 
@@ -1867,7 +1867,7 @@ static int do_get_setelems(struct netlink_ctx *ctx, struct cmd *cmd,
        struct expr *init;
        int err;
 
-       set = set_lookup(table, cmd->handle.set);
+       set = set_lookup(table, cmd->handle.set.name);
 
        /* Create a list of elements based of what we got from command line. */
        if (set->flags & NFT_SET_INTERVAL)
diff --git a/src/segtree.c b/src/segtree.c
index 5939d8fc7b4a852f7f4397fcef20bcec726a22a2..e1339daf1341449d960f86bc881e3a9c51e81951 100644 (file)
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -686,7 +686,7 @@ void get_set_decompose(struct table *table, struct set *set)
                } else {
                        if (left) {
                                left = get_set_interval_end(table,
-                                                           set->handle.set,
+                                                           set->handle.set.name,
                                                            left);
                                compound_expr_add(new_init, left);
                        }
@@ -694,7 +694,7 @@ void get_set_decompose(struct table *table, struct set *set)
                }
        }
        if (left) {
-               left = get_set_interval_end(table, set->handle.set, left);
+               left = get_set_interval_end(table, set->handle.set.name, left);
                compound_expr_add(new_init, left);
        }
 
Mirror of git://git.netfilter.org/nftables