ct: use nftables sysconf location for connlabel configuration

Instead of using /etc/xtables use the nftables syconfdir.
Also update error message to tell which label failed translation
and which config file was used for this:

nft add filter input ct label foo
<cmdline>:1:27-29: Error: /etc/nftables/connlabel.conf: could not parse conntrack label "foo"

Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/ct.c b/src/ct.c
index b971ba16aedccb0d389bdc57d3a9dcb0f6e8ffca..f383f2985817e67d4bb857ccb7ed3bc802303b65 100644 (file)
--- a/src/ct.c
+++ b/src/ct.c
@@ -29,6 +29,8 @@
 #include <utils.h>
 #include <statement.h>
 
+#define CONNLABEL_CONF DEFAULT_INCLUDE_PATH "connlabel.conf"
+
 static const struct symbol_table ct_state_tbl = {
        .symbols        = {
                SYMBOL("invalid",       NF_CT_STATE_INVALID_BIT),
@@ -128,7 +130,8 @@ static struct error_record *ct_label_type_parse(const struct expr *sym,
 
        dtype = sym->dtype;
        if (s->identifier == NULL)
-               return error(&sym->location, "Could not parse %s", dtype->desc);
+               return error(&sym->location, "%s: could not parse %s \"%s\"",
+                            CONNLABEL_CONF, dtype->desc, sym->identifier);
 
        if (s->value >= CT_LABEL_BIT_SIZE)
                return error(&sym->location, "%s: out of range (%u max)",
@@ -158,7 +161,7 @@ static const struct datatype ct_label_type = {
 
 static void __init ct_label_table_init(void)
 {
-       ct_label_tbl = rt_symbol_table_init("/etc/xtables/connlabel.conf");
+       ct_label_tbl = rt_symbol_table_init(CONNLABEL_CONF);
 }
 
 #ifndef NF_CT_HELPER_NAME_LEN