From: Florian Westphal Date: Wed, 20 Jul 2016 10:14:06 +0000 (+0200) Subject: ct: use nftables sysconf location for connlabel configuration X-Git-Tag: v0.7~141 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4fe9cfe788706c0bf1c3a40b7c92f1d2bebf7e7;p=thirdparty%2Fnftables.git ct: use nftables sysconf location for connlabel configuration Instead of using /etc/xtables use the nftables syconfdir. Also update error message to tell which label failed translation and which config file was used for this: nft add filter input ct label foo :1:27-29: Error: /etc/nftables/connlabel.conf: could not parse conntrack label "foo" Suggested-by: Pablo Neira Ayuso Signed-off-by: Florian Westphal --- diff --git a/src/ct.c b/src/ct.c index b971ba16..f383f298 100644 --- a/src/ct.c +++ b/src/ct.c @@ -29,6 +29,8 @@ #include #include +#define CONNLABEL_CONF DEFAULT_INCLUDE_PATH "connlabel.conf" + static const struct symbol_table ct_state_tbl = { .symbols = { SYMBOL("invalid", NF_CT_STATE_INVALID_BIT), @@ -128,7 +130,8 @@ static struct error_record *ct_label_type_parse(const struct expr *sym, dtype = sym->dtype; if (s->identifier == NULL) - return error(&sym->location, "Could not parse %s", dtype->desc); + return error(&sym->location, "%s: could not parse %s \"%s\"", + CONNLABEL_CONF, dtype->desc, sym->identifier); if (s->value >= CT_LABEL_BIT_SIZE) return error(&sym->location, "%s: out of range (%u max)", @@ -158,7 +161,7 @@ static const struct datatype ct_label_type = { static void __init ct_label_table_init(void) { - ct_label_tbl = rt_symbol_table_init("/etc/xtables/connlabel.conf"); + ct_label_tbl = rt_symbol_table_init(CONNLABEL_CONF); } #ifndef NF_CT_HELPER_NAME_LEN