src: Make invalid chain priority error more specific

So far if invalid priority name was specified the error message referred
to the whole chain/flowtable specification:

	nft> add chain ip x h { type filter hook prerouting priority first; }
	Error: 'first' is invalid priority in this context.
	add chain ip x h { type filter hook prerouting priority first; }
	                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

With this patch this reference is made specific to the priority
specification:

	nft> add chain ip x h { type filter hook prerouting priority first; }
	Error: 'first' is invalid priority in this context.
	add chain ip x h { type filter hook prerouting priority first; }
	                                               ^^^^^^^^^^^^^^

`prio_spec` is also reused to keep naming intuitive. The parser section
formerly named `prio_spec` is renamed to `int_num` as it basically
provides the mathematical set of integer numbers.

Signed-off-by: Máté Eckl <ecklm94@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/rule.h b/include/rule.h
index d564cb01f235ca6e5690f0c0b35b67f4d63f83f4..cfbbcf1f13d71448b437b9c04a9e5044f08da05e 100644 (file)
--- a/include/rule.h
+++ b/include/rule.h
@@ -172,6 +172,7 @@ enum chain_flags {
 struct prio_spec {
        const char  *str;
        int          num;
+       struct location loc;
 };
 
 /**

diff --git a/src/evaluate.c b/src/evaluate.c
index 647e16069ba4b1e150250329a723ae64869c5117..685924dfadd920c8bc0692149399e4cdc11ed430 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3028,8 +3028,9 @@ static int flowtable_evaluate(struct eval_ctx *ctx, struct flowtable *ft)
                return chain_error(ctx, ft, "invalid hook %s", ft->hookstr);
 
        if (!evaluate_priority(&ft->priority, NFPROTO_NETDEV, ft->hooknum))
-               return chain_error(ctx, ft, "'%s' is invalid priority.",
-                                  ft->priority.str);
+               return __stmt_binary_error(ctx, &ft->priority.loc, NULL,
+                                          "'%s' is invalid priority.",
+                                          ft->priority.str);
 
        if (!ft->dev_expr)
                return chain_error(ctx, ft, "Unbound flowtable not allowed (must specify devices)");
@@ -3186,9 +3187,9 @@ static int chain_evaluate(struct eval_ctx *ctx, struct chain *chain)
 
                if (!evaluate_priority(&chain->priority, chain->handle.family,
                                       chain->hooknum))
-                       return chain_error(ctx, chain,
-                                          "'%s' is invalid priority in this context.",
-                                          chain->priority.str);
+                       return __stmt_binary_error(ctx, &chain->priority.loc, NULL,
+                                                  "'%s' is invalid priority in this context.",
+                                                  chain->priority.str);
        }
 
        list_for_each_entry(rule, &chain->rules, list) {

diff --git a/src/parser_bison.y b/src/parser_bison.y
index cc114717f579bd0345ce74809ee56aaa4024705f..ff7950475b8e140649d2b17bccb50769832c8ab9 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -528,8 +528,8 @@ int nft_lex(void *, void *, void *);
 %destructor { handle_free(&$$); } table_spec tableid_spec chain_spec chainid_spec flowtable_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec index_spec
 %type <handle>                 set_spec setid_spec set_identifier flowtable_identifier obj_spec objid_spec obj_identifier
 %destructor { handle_free(&$$); } set_spec setid_spec set_identifier obj_spec objid_spec obj_identifier
-%type <val>                    family_spec family_spec_explicit chain_policy prio_spec
-%type <prio_spec>              extended_prio_spec
+%type <val>                    family_spec family_spec_explicit chain_policy int_num
+%type <prio_spec>              extended_prio_spec prio_spec
 
 %type <string>                 dev_spec quota_unit
 %destructor { xfree($$); }     dev_spec quota_unit
@@ -1647,7 +1647,7 @@ flowtable_block_alloc     :       /* empty */
 flowtable_block                :       /* empty */     { $$ = $<flowtable>-1; }
                        |       flowtable_block common_block
                        |       flowtable_block stmt_separator
-                       |       flowtable_block HOOK            STRING  PRIORITY        extended_prio_spec      stmt_separator
+                       |       flowtable_block HOOK            STRING  prio_spec       stmt_separator
                        {
                                $$->hookstr     = chain_hookname_lookup($3);
                                if ($$->hookstr == NULL) {
@@ -1658,7 +1658,7 @@ flowtable_block           :       /* empty */     { $$ = $<flowtable>-1; }
                                }
                                xfree($3);
 
-                               $$->priority = $5;
+                               $$->priority = $4;
                        }
                        |       flowtable_block DEVICES         '='     flowtable_expr  stmt_separator
                        {
@@ -1780,7 +1780,7 @@ type_identifier           :       STRING  { $$ = $1; }
                        |       CLASSID { $$ = xstrdup("classid"); }
                        ;
 
-hook_spec              :       TYPE            STRING          HOOK            STRING          dev_spec        PRIORITY        extended_prio_spec
+hook_spec              :       TYPE            STRING          HOOK            STRING          dev_spec        prio_spec
                        {
                                const char *chain_type = chain_type_name_lookup($2);
 
@@ -1803,12 +1803,19 @@ hook_spec               :       TYPE            STRING          HOOK            STRING          dev_spec        PRIORITY        extended_prio_spec
                                xfree($4);
 
                                $<chain>0->dev          = $5;
-                               $<chain>0->priority     = $7;
+                               $<chain>0->priority     = $6;
                                $<chain>0->flags        |= CHAIN_F_BASECHAIN;
                        }
                        ;
 
-extended_prio_spec     :       prio_spec
+prio_spec              :       PRIORITY extended_prio_spec
+                       {
+                               $$ = $2;
+                               $$.loc = @$;
+                       }
+                       ;
+
+extended_prio_spec     :       int_num
                        {
                                struct prio_spec spec = {0};
                                spec.num = $1;
@@ -1836,7 +1843,7 @@ extended_prio_spec        :       prio_spec
                        }
                        ;
 
-prio_spec              :       NUM                     { $$ = $1; }
+int_num                :       NUM                     { $$ = $1; }
                        |       DASH    NUM             { $$ = -$2; }
                        ;