[PATCH nft] src: use definitions in include/linux/netfilter/nf_tables.h

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Use NFT_LOGLEVEL_* definitions in UAPI.

Make an internal definition of NFT_OSF_F_VERSION, this was originally
defined in the UAPI header in the initial patch version, however, this
is not available anymore.

Add a bison rule to deal with the timeout case.

Otherwise, compilation breaks.

Fixes: d3869cae9d62 ("include: refresh nf_tables.h cached copy")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 include/osf.h      |  2 ++
 src/evaluate.c     |  2 +-
 src/parser_bison.y | 31 ++++++++++++++++---------------
 src/statement.c    | 24 ++++++++++++------------
 4 files changed, 31 insertions(+), 28 deletions(-)

diff --git a/include/osf.h b/include/osf.h
index 8f6f5840620e..2eef257c2b51 100644
--- a/include/osf.h
+++ b/include/osf.h
@@ -1,6 +1,8 @@
 #ifndef NFTABLES_OSF_H
 #define NFTABLES_OSF_H
 
+#define NFT_OSF_F_VERSION	0x1
+
 struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl,
 			    const uint32_t flags);
 
diff --git a/src/evaluate.c b/src/evaluate.c
index 3593eb80a6a6..21d9e146e587 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2812,7 +2812,7 @@ static int stmt_evaluate_log(struct eval_ctx *ctx, struct stmt *stmt)
 			return stmt_error(ctx, stmt,
 				  "flags and group are mutually exclusive");
 	}
-	if (stmt->log.level == LOGLEVEL_AUDIT &&
+	if (stmt->log.level == NFT_LOGLEVEL_AUDIT &&
 	    (stmt->log.flags & ~STMT_LOG_LEVEL || stmt->log.logflags))
 		return stmt_error(ctx, stmt,
 				  "log level audit doesn't support any further options");
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 9aea65265332..9e632c0d1f6e 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2414,23 +2414,23 @@ log_arg			:	PREFIX			string
 level_type		:	string
 			{
 				if (!strcmp("emerg", $1))
-					$$ = LOG_EMERG;
+					$$ = NFT_LOGLEVEL_EMERG;
 				else if (!strcmp("alert", $1))
-					$$ = LOG_ALERT;
+					$$ = NFT_LOGLEVEL_ALERT;
 				else if (!strcmp("crit", $1))
-					$$ = LOG_CRIT;
+					$$ = NFT_LOGLEVEL_CRIT;
 				else if (!strcmp("err", $1))
-					$$ = LOG_ERR;
+					$$ = NFT_LOGLEVEL_ERR;
 				else if (!strcmp("warn", $1))
-					$$ = LOG_WARNING;
+					$$ = NFT_LOGLEVEL_WARNING;
 				else if (!strcmp("notice", $1))
-					$$ = LOG_NOTICE;
+					$$ = NFT_LOGLEVEL_NOTICE;
 				else if (!strcmp("info", $1))
-					$$ = LOG_INFO;
+					$$ = NFT_LOGLEVEL_INFO;
 				else if (!strcmp("debug", $1))
-					$$ = LOG_DEBUG;
+					$$ = NFT_LOGLEVEL_DEBUG;
 				else if (!strcmp("audit", $1))
-					$$ = LOGLEVEL_AUDIT;
+					$$ = NFT_LOGLEVEL_AUDIT;
 				else {
 					erec_queue(error(&@1, "invalid log level"),
 						   state->msgs);
@@ -4101,7 +4101,6 @@ ct_key			:	L3PROTOCOL	{ $$ = NFT_CT_L3PROTOCOL; }
 			|	PROTO_DST	{ $$ = NFT_CT_PROTO_DST; }
 			|	LABEL		{ $$ = NFT_CT_LABELS; }
 			|	EVENT		{ $$ = NFT_CT_EVENTMASK; }
-			|	TIMEOUT 	{ $$ = NFT_CT_TIMEOUT; }
 			|	ct_key_dir_optional
 			;
 
@@ -4150,16 +4149,18 @@ ct_stmt			:	CT	ct_key		SET	stmt_expr
 					$$->objref.type = NFT_OBJECT_CT_HELPER;
 					$$->objref.expr = $4;
 					break;
-				case NFT_CT_TIMEOUT:
-					$$ = objref_stmt_alloc(&@$);
-					$$->objref.type = NFT_OBJECT_CT_TIMEOUT;
-					$$->objref.expr = $4;
-					break;
 				default:
 					$$ = ct_stmt_alloc(&@$, $2, -1, $4);
 					break;
 				}
 			}
+			|	CT	TIMEOUT		SET	stmt_expr
+			{
+				$$ = objref_stmt_alloc(&@$);
+				$$->objref.type = NFT_OBJECT_CT_TIMEOUT;
+				$$->objref.expr = $4;
+
+			}
 			|	CT	ct_dir	ct_key_dir_optional SET	stmt_expr
 			{
 				$$ = ct_stmt_alloc(&@$, $3, $2, $5);
diff --git a/src/statement.c b/src/statement.c
index 7f9c10b38244..a9e8b3ae0780 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -256,21 +256,21 @@ struct stmt *objref_stmt_alloc(const struct location *loc)
 	return stmt;
 }
 
-static const char *syslog_level[LOGLEVEL_AUDIT + 1] = {
-	[LOG_EMERG]	= "emerg",
-	[LOG_ALERT]	= "alert",
-	[LOG_CRIT]	= "crit",
-	[LOG_ERR]       = "err",
-	[LOG_WARNING]	= "warn",
-	[LOG_NOTICE]	= "notice",
-	[LOG_INFO]	= "info",
-	[LOG_DEBUG]	= "debug",
-	[LOGLEVEL_AUDIT] = "audit"
+static const char *syslog_level[NFT_LOGLEVEL_MAX + 1] = {
+	[NFT_LOGLEVEL_EMERG]	= "emerg",
+	[NFT_LOGLEVEL_ALERT]	= "alert",
+	[NFT_LOGLEVEL_CRIT]	= "crit",
+	[NFT_LOGLEVEL_ERR]	= "err",
+	[NFT_LOGLEVEL_WARNING]	= "warn",
+	[NFT_LOGLEVEL_NOTICE]	= "notice",
+	[NFT_LOGLEVEL_INFO]	= "info",
+	[NFT_LOGLEVEL_DEBUG]	= "debug",
+	[NFT_LOGLEVEL_AUDIT] 	= "audit"
 };
 
 const char *log_level(uint32_t level)
 {
-	if (level > LOGLEVEL_AUDIT)
+	if (level > NFT_LOGLEVEL_MAX)
 		return "unknown";
 
 	return syslog_level[level];
@@ -280,7 +280,7 @@ int log_level_parse(const char *level)
 {
 	int i;
 
-	for (i = 0; i <= LOGLEVEL_AUDIT; i++) {
+	for (i = 0; i <= NFT_LOGLEVEL_MAX; i++) {
 		if (syslog_level[i] &&
 		    !strcmp(level, syslog_level[i]))
 			return i;
-- 
2.11.0




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux