When trying to set a policy to non-base chain:
# nft add chain x y { policy accept\; }
Error: Could not process rule: Operation not supported
add chain x y { policy accept; }
^^^^^^^^^^^^^
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/mnl.c | 12 +++++++-----
src/parser_bison.y | 3 ++-
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/mnl.c b/src/mnl.c
index f959196922fc..6d1e476444ef 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -619,11 +619,6 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd,
nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE,
cmd->chain->type);
}
- if (cmd->chain->policy) {
- mpz_export_data(&policy, cmd->chain->policy->value,
- BYTEORDER_HOST_ENDIAN, sizeof(int));
- nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY, policy);
- }
if (cmd->chain->dev_expr) {
dev_array = xmalloc(sizeof(char *) * 8);
dev_array_len = 8;
@@ -658,6 +653,13 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd,
cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.chain.location);
mnl_attr_put_strz(nlh, NFTA_CHAIN_NAME, cmd->handle.chain.name);
+ if (cmd && cmd->chain->policy) {
+ mpz_export_data(&policy, cmd->chain->policy->value,
+ BYTEORDER_HOST_ENDIAN, sizeof(int));
+ cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->chain->policy->location);
+ mnl_attr_put_u32(nlh, NFTA_CHAIN_POLICY, htonl(policy));
+ }
+
nftnl_chain_nlmsg_build_payload(nlh, nlc);
nftnl_chain_free(nlc);
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 819c78bfa6d1..cc77d0420cb0 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2160,7 +2160,8 @@ policy_spec : POLICY policy_expr
expr_free($2);
YYERROR;
}
- $<chain>0->policy = $2;
+ $<chain>0->policy = $2;
+ $<chain>0->policy->location = @$;
}
;
--
2.11.0
