src: add chain_spec

Store location object in handle to improve error reporting.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/rule.h b/include/rule.h
index 88750f0a4b54629932240cdb588bad881d28a93f..4ea09c52b12e1f794579484ea5814e74595fba00 100644 (file)
--- a/include/rule.h
+++ b/include/rule.h
@@ -32,6 +32,11 @@ struct table_spec {
        const char              *name;
 };
 
+struct chain_spec {
+       struct location         location;
+       const char              *name;
+};
+
 /**
  * struct handle - handle for tables, chains, rules and sets
  *
@@ -48,7 +53,7 @@ struct table_spec {
 struct handle {
        uint32_t                family;
        struct table_spec       table;
-       const char              *chain;
+       struct chain_spec       chain;
        const char              *set;
        const char              *obj;
        const char              *flowtable;

diff --git a/src/evaluate.c b/src/evaluate.c
index de314c1d3b75872b0350c1cda26158f3da1f3ecb..c924547cd69b9af1245fd0040f15086bafbe4331 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3177,7 +3177,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
                                         cmd->handle.table.name);
                if (chain_lookup(table, &cmd->handle) == NULL)
                        return cmd_error(ctx, "Could not process rule: Chain '%s' does not exist",
-                                        cmd->handle.chain);
+                                        cmd->handle.chain.name);
                return 0;
        case CMD_OBJ_QUOTA:
                return cmd_evaluate_list_obj(ctx, cmd, NFT_OBJECT_QUOTA);
@@ -3320,7 +3320,7 @@ static int cmd_evaluate_rename(struct eval_ctx *ctx, struct cmd *cmd)
                                         ctx->cmd->handle.table.name);
                if (chain_lookup(table, &ctx->cmd->handle) == NULL)
                        return cmd_error(ctx, "Could not process rule: Chain '%s' does not exist",
-                                        ctx->cmd->handle.chain);
+                                        ctx->cmd->handle.chain.name);
                break;
        default:
                BUG("invalid command object type %u\n", cmd->obj);

diff --git a/src/netlink.c b/src/netlink.c
index 0c078d6433447b2197c94ced615a8d202dbed259..e33e094e1992706b9c397480e8252b54d0252144 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -145,8 +145,8 @@ struct nftnl_chain *alloc_nftnl_chain(const struct handle *h)
        nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, h->table.name);
        if (h->handle.id)
                nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE, h->handle.id);
-       if (h->chain != NULL)
-               nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, h->chain);
+       if (h->chain.name != NULL)
+               nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, h->chain.name);
 
        return nlc;
 }
@@ -161,8 +161,8 @@ struct nftnl_rule *alloc_nftnl_rule(const struct handle *h)
 
        nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family);
        nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table.name);
-       if (h->chain != NULL)
-               nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain);
+       if (h->chain.name != NULL)
+               nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name);
        if (h->handle.id)
                nftnl_rule_set_u64(nlr, NFTNL_RULE_HANDLE, h->handle.id);
        if (h->position.id)
@@ -540,7 +540,7 @@ static int list_rule_cb(struct nftnl_rule *nlr, void *arg)
 
        if (h->family != family ||
            strcmp(table, h->table.name) != 0 ||
-           (h->chain && strcmp(chain, h->chain) != 0))
+           (h->chain.name && strcmp(chain, h->chain.name) != 0))
                return 0;
 
        netlink_dump_rule(nlr, ctx);
@@ -697,7 +697,7 @@ static int list_chain_cb(struct nftnl_chain *nlc, void *arg)
 
        if (h->family != family || strcmp(table, h->table.name) != 0)
                return 0;
-       if (h->chain && strcmp(name, h->chain) != 0)
+       if (h->chain.name && strcmp(name, h->chain.name) != 0)
                return 0;
 
        chain = netlink_delinearize_chain(ctx, nlc);
@@ -1720,7 +1720,7 @@ static void trace_print_rule(const struct nftnl_trace *nlt,
 
        h.family = nftnl_trace_get_u32(nlt, NFTNL_TRACE_FAMILY);
        h.table.name  = nftnl_trace_get_str(nlt, NFTNL_TRACE_TABLE);
-       h.chain  = nftnl_trace_get_str(nlt, NFTNL_TRACE_CHAIN);
+       h.chain.name  = nftnl_trace_get_str(nlt, NFTNL_TRACE_CHAIN);
 
        if (!h.table.name)
                return;

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 6a082ad15fc81dcda69cb476fb4454eb32dd8797..8f4035a291f49da7ea104f6586066446e77a74f2 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2445,8 +2445,8 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
 
        memset(&h, 0, sizeof(h));
        h.family = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY);
-       h.table.name  = xstrdup(nftnl_rule_get_str(nlr, NFTNL_RULE_TABLE));
-       h.chain  = xstrdup(nftnl_rule_get_str(nlr, NFTNL_RULE_CHAIN));
+       h.table.name = xstrdup(nftnl_rule_get_str(nlr, NFTNL_RULE_TABLE));
+       h.chain.name = xstrdup(nftnl_rule_get_str(nlr, NFTNL_RULE_CHAIN));
        h.handle.id = nftnl_rule_get_u64(nlr, NFTNL_RULE_HANDLE);
 
        if (nftnl_rule_is_set(nlr, NFTNL_RULE_POSITION))

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 95a42d3e9f89b64491526f6b2644f75e64fde681..b5229ae1b9920739f65cb8c93d84a16e435fa84e 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1861,7 +1861,8 @@ tableid_spec              :       family_spec     HANDLE NUM
 chain_spec             :       table_spec      identifier
                        {
                                $$              = $1;
-                               $$.chain        = $2;
+                               $$.chain.name   = $2;
+                               $$.chain.location = @2;
                        }
                        ;
 
@@ -1876,7 +1877,8 @@ chainid_spec              :       table_spec      HANDLE NUM
 chain_identifier       :       identifier
                        {
                                memset(&$$, 0, sizeof($$));
-                               $$.chain        = $1;
+                               $$.chain.name           = $1;
+                               $$.chain.location       = @1;
                        }
                        ;
 

diff --git a/src/rule.c b/src/rule.c
index 6c2b4eea7c24df9b43f3624019140da8a4937728..bbf23a6bcb50dad6c93c9d1c116b9dca37afb82a 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -31,7 +31,7 @@
 void handle_free(struct handle *h)
 {
        xfree(h->table.name);
-       xfree(h->chain);
+       xfree(h->chain.name);
        xfree(h->set);
        xfree(h->flowtable);
 }
@@ -42,8 +42,8 @@ void handle_merge(struct handle *dst, const struct handle *src)
                dst->family = src->family;
        if (dst->table.name == NULL && src->table.name != NULL)
                dst->table.name = xstrdup(src->table.name);
-       if (dst->chain == NULL && src->chain != NULL)
-               dst->chain = xstrdup(src->chain);
+       if (dst->chain.name == NULL && src->chain.name != NULL)
+               dst->chain.name = xstrdup(src->chain.name);
        if (dst->set == NULL && src->set != NULL)
                dst->set = xstrdup(src->set);
        if (dst->flowtable == NULL && src->flowtable != NULL)
@@ -620,7 +620,7 @@ struct chain *chain_alloc(const char *name)
        init_list_head(&chain->rules);
        init_list_head(&chain->scope.symbols);
        if (name != NULL)
-               chain->handle.chain = xstrdup(name);
+               chain->handle.chain.name = xstrdup(name);
 
        chain->policy = -1;
        return chain;
@@ -658,7 +658,7 @@ struct chain *chain_lookup(const struct table *table, const struct handle *h)
        struct chain *chain;
 
        list_for_each_entry(chain, &table->chains, list) {
-               if (!strcmp(chain->handle.chain, h->chain))
+               if (!strcmp(chain->handle.chain.name, h->chain.name))
                        return chain;
        }
        return NULL;
@@ -746,7 +746,7 @@ static const char *chain_policy2str(uint32_t policy)
 static void chain_print_declaration(const struct chain *chain,
                                    struct output_ctx *octx)
 {
-       nft_print(octx, "\tchain %s {", chain->handle.chain);
+       nft_print(octx, "\tchain %s {", chain->handle.chain.name);
        if (octx->handle > 0)
                nft_print(octx, " # handle %" PRIu64, chain->handle.handle.id);
        nft_print(octx, "\n");
@@ -777,7 +777,7 @@ static void chain_print(const struct chain *chain, struct output_ctx *octx)
 void chain_print_plain(const struct chain *chain, struct output_ctx *octx)
 {
        nft_print(octx, "chain %s %s %s", family2str(chain->handle.family),
-                 chain->handle.table.name, chain->handle.chain);
+                 chain->handle.table.name, chain->handle.chain.name);
 
        if (chain->flags & CHAIN_F_BASECHAIN) {
                nft_print(octx, " { type %s hook %s priority %d; policy %s; }",
@@ -1754,7 +1754,7 @@ static int do_list_chain(struct netlink_ctx *ctx, struct cmd *cmd,
 
        list_for_each_entry(chain, &table->chains, list) {
                if (chain->handle.family != cmd->handle.family ||
-                   strcmp(cmd->handle.chain, chain->handle.chain) != 0)
+                   strcmp(cmd->handle.chain.name, chain->handle.chain.name) != 0)
                        continue;
 
                chain_print(chain, ctx->octx);