rule: add hook_spec

Store location of chain hook definition.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/rule.h b/include/rule.h
index db11b1d60658079ba4ac0362310910207d5caf1a..06fefef8a5d848bee687c021958c5ba87e599175 100644 (file)
--- a/include/rule.h
+++ b/include/rule.h
@@ -189,6 +189,12 @@ struct prio_spec {
        struct expr     *expr;
 };
 
+struct hook_spec {
+       struct location loc;
+       const char      *name;
+       unsigned int    num;
+};
+
 /**
  * struct chain - nftables chain
  *
@@ -211,9 +217,8 @@ struct chain {
        struct location         location;
        unsigned int            refcnt;
        uint32_t                flags;
-       const char              *hookstr;
-       unsigned int            hooknum;
        struct prio_spec        priority;
+       struct hook_spec        hook;
        struct expr             *policy;
        const char              *type;
        const char              **dev_array;
@@ -485,8 +490,7 @@ struct flowtable {
        struct handle           handle;
        struct scope            scope;
        struct location         location;
-       const char *            hookstr;
-       unsigned int            hooknum;
+       struct hook_spec        hook;
        struct prio_spec        priority;
        const char              **dev_array;
        struct expr             *dev_expr;

diff --git a/src/evaluate.c b/src/evaluate.c
index 8b03e1f3cfb8826950df907729ad398175af9500..759cdaafb0ea7d7e8bb03e83b97869210d139740 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3568,11 +3568,11 @@ static int flowtable_evaluate(struct eval_ctx *ctx, struct flowtable *ft)
        if (table == NULL)
                return table_not_found(ctx);
 
-       ft->hooknum = str2hooknum(NFPROTO_NETDEV, ft->hookstr);
-       if (ft->hooknum == NF_INET_NUMHOOKS)
-               return chain_error(ctx, ft, "invalid hook %s", ft->hookstr);
+       ft->hook.num = str2hooknum(NFPROTO_NETDEV, ft->hook.name);
+       if (ft->hook.num == NF_INET_NUMHOOKS)
+               return chain_error(ctx, ft, "invalid hook %s", ft->hook.name);
 
-       if (!evaluate_priority(ctx, &ft->priority, NFPROTO_NETDEV, ft->hooknum))
+       if (!evaluate_priority(ctx, &ft->priority, NFPROTO_NETDEV, ft->hook.num))
                return __stmt_binary_error(ctx, &ft->priority.loc, NULL,
                                           "invalid priority expression %s.",
                                           expr_name(ft->priority.expr));
@@ -3783,14 +3783,14 @@ static int chain_evaluate(struct eval_ctx *ctx, struct chain *chain)
        }
 
        if (chain->flags & CHAIN_F_BASECHAIN) {
-               chain->hooknum = str2hooknum(chain->handle.family,
-                                            chain->hookstr);
-               if (chain->hooknum == NF_INET_NUMHOOKS)
+               chain->hook.num = str2hooknum(chain->handle.family,
+                                             chain->hook.name);
+               if (chain->hook.num == NF_INET_NUMHOOKS)
                        return chain_error(ctx, chain, "invalid hook %s",
-                                          chain->hookstr);
+                                          chain->hook.name);
 
                if (!evaluate_priority(ctx, &chain->priority,
-                                      chain->handle.family, chain->hooknum))
+                                      chain->handle.family, chain->hook.num))
                        return __stmt_binary_error(ctx, &chain->priority.loc, NULL,
                                                   "invalid priority expression %s in this context.",
                                                   expr_name(chain->priority.expr));

diff --git a/src/json.c b/src/json.c
index 86028959b8a32b9086908a52b37c3c318b43d34f..ed7131816d7d0651660df1b65fc394823aa83b56 100644 (file)
--- a/src/json.c
+++ b/src/json.c
@@ -240,7 +240,7 @@ static json_t *chain_print_json(const struct chain *chain)
                tmp = json_pack("{s:s, s:s, s:i, s:s}",
                                "type", chain->type,
                                "hook", hooknum2str(chain->handle.family,
-                                                   chain->hooknum),
+                                                   chain->hook.num),
                                "prio", priority,
                                "policy", chain_policy2str(policy));
                if (chain->dev_expr) {
@@ -415,7 +415,7 @@ static json_t *flowtable_print_json(const struct flowtable *ftable)
                        "name", ftable->handle.flowtable.name,
                        "table", ftable->handle.table.name,
                        "handle", ftable->handle.handle.id,
-                       "hook", hooknum2str(NFPROTO_NETDEV, ftable->hooknum),
+                       "hook", hooknum2str(NFPROTO_NETDEV, ftable->hook.num),
                        "prio", priority);
 
        for (i = 0; i < ftable->dev_array_len; i++) {

diff --git a/src/mnl.c b/src/mnl.c
index 2eea85e838fcbc5827d865ba7c1adb3a2ef2bfde..3c009fab6dcfa320db9795ea11013f8d85f3ddfe 100644 (file)
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -630,7 +630,7 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd,
                }
                if (cmd->chain->flags & CHAIN_F_BASECHAIN) {
                        nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM,
-                                           cmd->chain->hooknum);
+                                           cmd->chain->hook.num);
                        mpz_export_data(&priority,
                                        cmd->chain->priority.expr->value,
                                        BYTEORDER_HOST_ENDIAN, sizeof(int));
@@ -1601,7 +1601,7 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, struct cmd *cmd,
        nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_FAMILY,
                                cmd->handle.family);
        nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_HOOKNUM,
-                               cmd->flowtable->hooknum);
+                               cmd->flowtable->hook.num);
        mpz_export_data(&priority, cmd->flowtable->priority.expr->value,
                        BYTEORDER_HOST_ENDIAN, sizeof(int));
        nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_PRIO, priority);

diff --git a/src/netlink.c b/src/netlink.c
index ab1afd42f60bda0caeee888b16258f44bb5ecdd1..24d746ca636b7da3123882fb848316770386afe2 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -445,10 +445,10 @@ struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
            nftnl_chain_is_set(nlc, NFTNL_CHAIN_PRIO) &&
            nftnl_chain_is_set(nlc, NFTNL_CHAIN_TYPE) &&
            nftnl_chain_is_set(nlc, NFTNL_CHAIN_POLICY)) {
-               chain->hooknum       =
+               chain->hook.num =
                        nftnl_chain_get_u32(nlc, NFTNL_CHAIN_HOOKNUM);
-               chain->hookstr       =
-                       hooknum2str(chain->handle.family, chain->hooknum);
+               chain->hook.name =
+                       hooknum2str(chain->handle.family, chain->hook.num);
                priority = nftnl_chain_get_s32(nlc, NFTNL_CHAIN_PRIO);
                chain->priority.expr =
                                constant_expr_alloc(&netlink_location,
@@ -1340,7 +1340,7 @@ netlink_delinearize_flowtable(struct netlink_ctx *ctx,
                                                    sizeof(int) *
                                                    BITS_PER_BYTE,
                                                    &priority);
-       flowtable->hooknum =
+       flowtable->hook.num =
                nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_HOOKNUM);
        flowtable->flags =
                nftnl_flowtable_get_u32(nlo, NFTNL_FLOWTABLE_FLAGS);

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 9976bcafb2c4a1fa5e318abfeab24255f37444ff..ebaef17c904c7364a4707574e2322507aac75526 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1877,8 +1877,9 @@ flowtable_block           :       /* empty */     { $$ = $<flowtable>-1; }
                        |       flowtable_block stmt_separator
                        |       flowtable_block HOOK            STRING  prio_spec       stmt_separator
                        {
-                               $$->hookstr     = chain_hookname_lookup($3);
-                               if ($$->hookstr == NULL) {
+                               $$->hook.loc = @3;
+                               $$->hook.name = chain_hookname_lookup($3);
+                               if ($$->hook.name == NULL) {
                                        erec_queue(error(&@3, "unknown chain hook %s", $3),
                                                   state->msgs);
                                        xfree($3);
@@ -2056,8 +2057,9 @@ hook_spec         :       TYPE            STRING          HOOK            STRING          dev_spec        prio_spec
                                $<chain>0->type         = xstrdup(chain_type);
                                xfree($2);
 
-                               $<chain>0->hookstr      = chain_hookname_lookup($4);
-                               if ($<chain>0->hookstr == NULL) {
+                               $<chain>0->hook.loc = @4;
+                               $<chain>0->hook.name = chain_hookname_lookup($4);
+                               if ($<chain>0->hook.name == NULL) {
                                        erec_queue(error(&@4, "unknown chain hook %s", $4),
                                                   state->msgs);
                                        xfree($4);

diff --git a/src/parser_json.c b/src/parser_json.c
index d158db786b8d50e056c20f375dec4167e18e425d..a1765027fdf3cca0654027343ff27a467ebdce83 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2628,8 +2628,8 @@ static struct cmd *json_parse_cmd_add_chain(struct json_ctx *ctx, json_t *root,
                                                   BYTEORDER_HOST_ENDIAN,
                                                   sizeof(int) * BITS_PER_BYTE,
                                                   &prio);
-       chain->hookstr = chain_hookname_lookup(hookstr);
-       if (!chain->hookstr) {
+       chain->hook.name = chain_hookname_lookup(hookstr);
+       if (!chain->hook.name) {
                json_error(ctx, "Invalid chain hook '%s'.", hookstr);
                chain_free(chain);
                return NULL;
@@ -3017,7 +3017,7 @@ static struct cmd *json_parse_cmd_add_flowtable(struct json_ctx *ctx,
        }
 
        flowtable = flowtable_alloc(int_loc);
-       flowtable->hookstr = hookstr;
+       flowtable->hook.name = hookstr;
        flowtable->priority.expr =
                constant_expr_alloc(int_loc, &integer_type,
                                    BYTEORDER_HOST_ENDIAN,

diff --git a/src/rule.c b/src/rule.c
index 92fa129be0776903984b3260cdd18bc9e930e5bf..a312693f4edc7c4d98c61db2b2d5198e8eaa553f 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -1165,7 +1165,7 @@ static void chain_print_declaration(const struct chain *chain,
        nft_print(octx, "\n");
        if (chain->flags & CHAIN_F_BASECHAIN) {
                nft_print(octx, "\t\ttype %s hook %s", chain->type,
-                         hooknum2str(chain->handle.family, chain->hooknum));
+                         hooknum2str(chain->handle.family, chain->hook.num));
                if (chain->dev_array_len == 1) {
                        nft_print(octx, " device \"%s\"", chain->dev_array[0]);
                } else if (chain->dev_array_len > 1) {
@@ -1179,7 +1179,7 @@ static void chain_print_declaration(const struct chain *chain,
                }
                nft_print(octx, " priority %s;",
                          prio2str(octx, priobuf, sizeof(priobuf),
-                                  chain->handle.family, chain->hooknum,
+                                  chain->handle.family, chain->hook.num,
                                   chain->priority.expr));
                if (chain->policy) {
                        mpz_export_data(&policy, chain->policy->value,
@@ -1220,9 +1220,9 @@ void chain_print_plain(const struct chain *chain, struct output_ctx *octx)
                mpz_export_data(&policy, chain->policy->value,
                                BYTEORDER_HOST_ENDIAN, sizeof(int));
                nft_print(octx, " { type %s hook %s priority %s; policy %s; }",
-                         chain->type, chain->hookstr,
+                         chain->type, chain->hook.name,
                          prio2str(octx, priobuf, sizeof(priobuf),
-                                  chain->handle.family, chain->hooknum,
+                                  chain->handle.family, chain->hook.num,
                                   chain->priority.expr),
                          chain_policy2str(policy));
        }
@@ -2235,9 +2235,9 @@ static void flowtable_print_declaration(const struct flowtable *flowtable,
        nft_print(octx, "%s", opts->nl);
        nft_print(octx, "%s%shook %s priority %s%s",
                  opts->tab, opts->tab,
-                 hooknum2str(NFPROTO_NETDEV, flowtable->hooknum),
+                 hooknum2str(NFPROTO_NETDEV, flowtable->hook.num),
                  prio2str(octx, priobuf, sizeof(priobuf), NFPROTO_NETDEV,
-                          flowtable->hooknum, flowtable->priority.expr),
+                          flowtable->hook.num, flowtable->priority.expr),
                  opts->stmt_separator);
 
        nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab);