On Tue, Aug 14, 2018 at 03:26:16PM +0200, Pablo Neira Ayuso wrote:
> On Fri, Aug 03, 2018 at 10:55:33AM +0200, Máté Eckl wrote:
> > This patch adds the possibility to use textual names to set the chain priority
> > to standard values so that numeric values do not need to be learnt any more for
> > basic usage.
> >
> [...]
> > Example:
> > nft> add table ip x
> > nft> add chain ip x y { type filter hook prerouting priority raw; }
> > nft> add chain ip x z { type filter hook prerouting priority mangle + 1; }
> > nft> add chain ip x w { type filter hook prerouting priority dstnat - 5; }
> > nft> add chain ip x r { type filter hook prerouting priority filter + 10; }
> > nft> add chain ip x t { type filter hook prerouting priority security; }
> > nft> add chain ip x q { type filter hook postrouting priority srcnat + 11; }
> > nft> add chain ip x h { type filter hook prerouting priority 15; }
>
> Applied, thanks Máté. BTW, can we have automated tests for this?
I will make them.
>
> [...]
> > nft> add chain ip x h { type filter hook prerouting priority first; }
> > Error: 'first' is invalid priority in this context.
> > add chain ip x h { type filter hook prerouting priority first; }
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> BTW, now that you have added a prio_spec object, you can place the
> struct location there and store the position from the parser, so we
> can perform better error reporting, eg.
>
> nft> add chain ip x h { type filter hook prerouting priority first; }
> Error: 'first' is invalid priority in this context.
> add chain ip x h { type filter hook prerouting priority first; }
> ^^^^^^^^^^^^^^
Thanks for the idea, I'll try it out next week.
>
> Thanks.
