src: Better error reporting if chain type is invalid

This patch verifies at command line parsing that given chain type
is valid. Possibilities are: filter, nat, and route.

nft add chain test test { type cheese hook input priority 0 };
<cmdline>:1:28-33: Error: unknown chain type cheese
add chain test test { type cheese hook input priority 0 };
                           ^^^^^^

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/rule.h b/include/rule.h
index 1de23dce6fd02a1d3945d02e4e0b7db84990c4e3..10cfebde60df1562293de31a877f703f0f7e494a 100644 (file)
--- a/include/rule.h
+++ b/include/rule.h
@@ -117,6 +117,7 @@ struct chain {
        struct list_head        rules;
 };
 
+extern const char *chain_type_name_lookup(const char *name);
 extern const char *chain_hookname_lookup(const char *name);
 extern struct chain *chain_alloc(const char *name);
 extern void chain_free(struct chain *chain);

diff --git a/src/parser.y b/src/parser.y
index a7dfdcc488ca184aac4dbe0608c9b3ec2390142d..074f0758c31865567ba83203b8a70fd35f3c8498 100644 (file)
--- a/src/parser.y
+++ b/src/parser.y
@@ -769,10 +769,15 @@ map_block         :       /* empty */     { $$ = $<set>-1; }
 
 hook_spec              :       TYPE            STRING          HOOK            STRING          PRIORITY        NUM
                        {
-                               $<chain>0->type         = $2;
+                               $<chain>0->type         = chain_type_name_lookup($2);
+                               if ($<chain>0->type == NULL) {
+                                       erec_queue(error(&@2, "unknown chain type %s", $2),
+                                                  state->msgs);
+                                       YYERROR;
+                               }
                                $<chain>0->hookstr      = chain_hookname_lookup($4);
                                if ($<chain>0->hookstr == NULL) {
-                                       erec_queue(error(&@4, "unknown hook name %s", $4),
+                                       erec_queue(error(&@4, "unknown chain type %s", $4),
                                                   state->msgs);
                                        YYERROR;
                                }
@@ -781,7 +786,12 @@ hook_spec          :       TYPE            STRING          HOOK            STRING          PRIORITY        NUM
                        }
                        |       TYPE            STRING          HOOK            STRING          PRIORITY        DASH    NUM
                        {
-                               $<chain>0->type         = $2;
+                               $<chain>0->type         = chain_type_name_lookup($2);
+                               if ($<chain>0->type == NULL) {
+                                       erec_queue(error(&@2, "unknown type name %s", $2),
+                                                  state->msgs);
+                                       YYERROR;
+                               }
                                $<chain>0->hookstr      = chain_hookname_lookup($4);
                                if ($<chain>0->hookstr == NULL) {
                                        erec_queue(error(&@4, "unknown hook name %s", $4),

diff --git a/src/rule.c b/src/rule.c
index 42ba37f4a9859dc1ed1eba38f31765d4590f2bce..2cf024a4b187a4577eaed7c20f6f82fd9b41735c 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -190,6 +190,25 @@ struct symbol *symbol_lookup(const struct scope *scope, const char *identifier)
        return NULL;
 }
 
+static const char *chain_type_str_array[] = {
+       "filter",
+       "nat",
+       "route",
+       NULL,
+};
+
+const char *chain_type_name_lookup(const char *name)
+{
+       int i;
+
+       for (i = 0; chain_type_str_array[i]; i++) {
+               if (!strcmp(name, chain_type_str_array[i]))
+                       return chain_type_str_array[i];
+       }
+
+       return NULL;
+}
+
 static const char *chain_hookname_str_array[] = {
        "prerouting",
        "input",