[PATCH nft] Standard prios: Make invalid prio error more specific

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

So far if invalid priority name was specified the error message referred
to the whole chain/flowtable specification:
	nft> add chain ip x h { type filter hook prerouting priority first; }
	Error: 'first' is invalid priority in this context.
	add chain ip x h { type filter hook prerouting priority first; }
	                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

With this patch this reference is made specific to the priority
specification:
	nft> add chain ip x h { type filter hook prerouting priority first; }
	Error: 'first' is invalid priority in this context.
	add chain ip x h { type filter hook prerouting priority first; }
	                                               ^^^^^^^^^^^^^^

`prio_spec` is also reused to keep naming intuitive. The parser section
formerly named `prio_spec` is renamed to `int_num` as it basically provides the
mathematical set of integer numbers.

Signed-off-by: Máté Eckl <ecklm94@xxxxxxxxx>
---
 include/rule.h     |  1 +
 src/evaluate.c     | 11 ++++++-----
 src/parser_bison.y | 22 ++++++++++++++--------
 3 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/include/rule.h b/include/rule.h
index d564cb0..cfbbcf1 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -172,6 +172,7 @@ enum chain_flags {
 struct prio_spec {
 	const char  *str;
 	int          num;
+	struct location loc;
 };
 
 /**
diff --git a/src/evaluate.c b/src/evaluate.c
index 8b2cd8c..a5431c1 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2995,8 +2995,9 @@ static int flowtable_evaluate(struct eval_ctx *ctx, struct flowtable *ft)
 		return chain_error(ctx, ft, "invalid hook %s", ft->hookstr);
 
 	if (!evaluate_priority(&ft->priority, NFPROTO_NETDEV, ft->hooknum))
-		return chain_error(ctx, ft, "'%s' is invalid priority.",
-				   ft->priority.str);
+		return __stmt_binary_error(ctx, &ft->priority.loc, NULL,
+					   "'%s' is invalid priority.",
+					   ft->priority.str);
 
 	if (!ft->dev_expr)
 		return chain_error(ctx, ft, "Unbound flowtable not allowed (must specify devices)");
@@ -3153,9 +3154,9 @@ static int chain_evaluate(struct eval_ctx *ctx, struct chain *chain)
 
 		if (!evaluate_priority(&chain->priority, chain->handle.family,
 				       chain->hooknum))
-			return chain_error(ctx, chain,
-					   "'%s' is invalid priority in this context.",
-					   chain->priority.str);
+			return __stmt_binary_error(ctx, &chain->priority.loc, NULL,
+						   "'%s' is invalid priority in this context.",
+						   chain->priority.str);
 	}
 
 	list_for_each_entry(rule, &chain->rules, list) {
diff --git a/src/parser_bison.y b/src/parser_bison.y
index bc6f727..7e247bc 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -528,8 +528,8 @@ int nft_lex(void *, void *, void *);
 %destructor { handle_free(&$$); } table_spec tableid_spec chain_spec chainid_spec flowtable_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec index_spec
 %type <handle>			set_spec setid_spec set_identifier flowtable_identifier obj_spec objid_spec obj_identifier
 %destructor { handle_free(&$$); } set_spec setid_spec set_identifier obj_spec objid_spec obj_identifier
-%type <val>			family_spec family_spec_explicit chain_policy prio_spec
-%type <prio_spec>		extended_prio_spec
+%type <val>			family_spec family_spec_explicit chain_policy int_num
+%type <prio_spec>		extended_prio_spec prio_spec
 
 %type <string>			dev_spec quota_unit
 %destructor { xfree($$); }	dev_spec quota_unit
@@ -1647,7 +1647,7 @@ flowtable_block_alloc	:	/* empty */
 flowtable_block		:	/* empty */	{ $$ = $<flowtable>-1; }
 			|	flowtable_block	common_block
 			|	flowtable_block	stmt_separator
-			|	flowtable_block	HOOK		STRING	PRIORITY	extended_prio_spec	stmt_separator
+			|	flowtable_block	HOOK		STRING	prio_spec	stmt_separator
 			{
 				$$->hookstr	= chain_hookname_lookup($3);
 				if ($$->hookstr == NULL) {
@@ -1658,7 +1658,7 @@ flowtable_block		:	/* empty */	{ $$ = $<flowtable>-1; }
 				}
 				xfree($3);
 
-				$$->priority = $5;
+				$$->priority = $4;
 			}
 			|	flowtable_block	DEVICES		'='	flowtable_expr	stmt_separator
 			{
@@ -1780,7 +1780,7 @@ type_identifier		:	STRING	{ $$ = $1; }
 			|	CLASSID { $$ = xstrdup("classid"); }
 			;
 
-hook_spec		:	TYPE		STRING		HOOK		STRING		dev_spec	PRIORITY	extended_prio_spec
+hook_spec		:	TYPE		STRING		HOOK		STRING		dev_spec	prio_spec
 			{
 				const char *chain_type = chain_type_name_lookup($2);
 
@@ -1803,12 +1803,18 @@ hook_spec		:	TYPE		STRING		HOOK		STRING		dev_spec	PRIORITY	extended_prio_spec
 				xfree($4);
 
 				$<chain>0->dev		= $5;
-				$<chain>0->priority	= $7;
+				$<chain>0->priority	= $6;
 				$<chain>0->flags	|= CHAIN_F_BASECHAIN;
 			}
 			;
 
-extended_prio_spec	:	prio_spec
+prio_spec	:	PRIORITY extended_prio_spec
+			{
+				$$ = $2;
+				$$.loc = @$;
+			}
+
+extended_prio_spec	:	int_num
 			{
 				struct prio_spec spec = {0};
 				spec.num = $1;
@@ -1836,7 +1842,7 @@ extended_prio_spec	:	prio_spec
 			}
 			;
 
-prio_spec		:	NUM			{ $$ = $1; }
+int_num		:	NUM			{ $$ = $1; }
 			|	DASH	NUM		{ $$ = -$2; }
 			;
 
-- 
ecklm
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux