Use NFT_LOGLEVEL_* definitions in UAPI. Make an internal definition of NFT_OSF_F_VERSION, this was originally defined in the UAPI header in the initial patch version, however, this is not available anymore. Add a bison rule to deal with the timeout case. Otherwise, compilation breaks. Fixes: d3869cae9d62 ("include: refresh nf_tables.h cached copy") Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- include/osf.h | 2 ++ src/evaluate.c | 2 +- src/parser_bison.y | 31 ++++++++++++++++--------------- src/statement.c | 24 ++++++++++++------------ 4 files changed, 31 insertions(+), 28 deletions(-) diff --git a/include/osf.h b/include/osf.h index 8f6f5840620e..2eef257c2b51 100644 --- a/include/osf.h +++ b/include/osf.h @@ -1,6 +1,8 @@ #ifndef NFTABLES_OSF_H #define NFTABLES_OSF_H +#define NFT_OSF_F_VERSION 0x1 + struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl, const uint32_t flags); diff --git a/src/evaluate.c b/src/evaluate.c index 3593eb80a6a6..21d9e146e587 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2812,7 +2812,7 @@ static int stmt_evaluate_log(struct eval_ctx *ctx, struct stmt *stmt) return stmt_error(ctx, stmt, "flags and group are mutually exclusive"); } - if (stmt->log.level == LOGLEVEL_AUDIT && + if (stmt->log.level == NFT_LOGLEVEL_AUDIT && (stmt->log.flags & ~STMT_LOG_LEVEL || stmt->log.logflags)) return stmt_error(ctx, stmt, "log level audit doesn't support any further options"); diff --git a/src/parser_bison.y b/src/parser_bison.y index 9aea65265332..9e632c0d1f6e 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2414,23 +2414,23 @@ log_arg : PREFIX string level_type : string { if (!strcmp("emerg", $1)) - $$ = LOG_EMERG; + $$ = NFT_LOGLEVEL_EMERG; else if (!strcmp("alert", $1)) - $$ = LOG_ALERT; + $$ = NFT_LOGLEVEL_ALERT; else if (!strcmp("crit", $1)) - $$ = LOG_CRIT; + $$ = NFT_LOGLEVEL_CRIT; else if (!strcmp("err", $1)) - $$ = LOG_ERR; + $$ = NFT_LOGLEVEL_ERR; else if (!strcmp("warn", $1)) - $$ = LOG_WARNING; + $$ = NFT_LOGLEVEL_WARNING; else if (!strcmp("notice", $1)) - $$ = LOG_NOTICE; + $$ = NFT_LOGLEVEL_NOTICE; else if (!strcmp("info", $1)) - $$ = LOG_INFO; + $$ = NFT_LOGLEVEL_INFO; else if (!strcmp("debug", $1)) - $$ = LOG_DEBUG; + $$ = NFT_LOGLEVEL_DEBUG; else if (!strcmp("audit", $1)) - $$ = LOGLEVEL_AUDIT; + $$ = NFT_LOGLEVEL_AUDIT; else { erec_queue(error(&@1, "invalid log level"), state->msgs); @@ -4101,7 +4101,6 @@ ct_key : L3PROTOCOL { $$ = NFT_CT_L3PROTOCOL; } | PROTO_DST { $$ = NFT_CT_PROTO_DST; } | LABEL { $$ = NFT_CT_LABELS; } | EVENT { $$ = NFT_CT_EVENTMASK; } - | TIMEOUT { $$ = NFT_CT_TIMEOUT; } | ct_key_dir_optional ; @@ -4150,16 +4149,18 @@ ct_stmt : CT ct_key SET stmt_expr $$->objref.type = NFT_OBJECT_CT_HELPER; $$->objref.expr = $4; break; - case NFT_CT_TIMEOUT: - $$ = objref_stmt_alloc(&@$); - $$->objref.type = NFT_OBJECT_CT_TIMEOUT; - $$->objref.expr = $4; - break; default: $$ = ct_stmt_alloc(&@$, $2, -1, $4); break; } } + | CT TIMEOUT SET stmt_expr + { + $$ = objref_stmt_alloc(&@$); + $$->objref.type = NFT_OBJECT_CT_TIMEOUT; + $$->objref.expr = $4; + + } | CT ct_dir ct_key_dir_optional SET stmt_expr { $$ = ct_stmt_alloc(&@$, $3, $2, $5); diff --git a/src/statement.c b/src/statement.c index 7f9c10b38244..a9e8b3ae0780 100644 --- a/src/statement.c +++ b/src/statement.c @@ -256,21 +256,21 @@ struct stmt *objref_stmt_alloc(const struct location *loc) return stmt; } -static const char *syslog_level[LOGLEVEL_AUDIT + 1] = { - [LOG_EMERG] = "emerg", - [LOG_ALERT] = "alert", - [LOG_CRIT] = "crit", - [LOG_ERR] = "err", - [LOG_WARNING] = "warn", - [LOG_NOTICE] = "notice", - [LOG_INFO] = "info", - [LOG_DEBUG] = "debug", - [LOGLEVEL_AUDIT] = "audit" +static const char *syslog_level[NFT_LOGLEVEL_MAX + 1] = { + [NFT_LOGLEVEL_EMERG] = "emerg", + [NFT_LOGLEVEL_ALERT] = "alert", + [NFT_LOGLEVEL_CRIT] = "crit", + [NFT_LOGLEVEL_ERR] = "err", + [NFT_LOGLEVEL_WARNING] = "warn", + [NFT_LOGLEVEL_NOTICE] = "notice", + [NFT_LOGLEVEL_INFO] = "info", + [NFT_LOGLEVEL_DEBUG] = "debug", + [NFT_LOGLEVEL_AUDIT] = "audit" }; const char *log_level(uint32_t level) { - if (level > LOGLEVEL_AUDIT) + if (level > NFT_LOGLEVEL_MAX) return "unknown"; return syslog_level[level]; @@ -280,7 +280,7 @@ int log_level_parse(const char *level) { int i; - for (i = 0; i <= LOGLEVEL_AUDIT; i++) { + for (i = 0; i <= NFT_LOGLEVEL_MAX; i++) { if (syslog_level[i] && !strcmp(level, syslog_level[i])) return i; -- 2.11.0