Use NFT_LOGLEVEL_* definitions in UAPI.
Make an internal definition of NFT_OSF_F_VERSION, this was originally
defined in the UAPI header in the initial patch version, however, this
is not available anymore.
Add a bison rule to deal with the timeout case.
Otherwise, compilation breaks.
Fixes: d3869cae9d62 ("include: refresh nf_tables.h cached copy")
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/osf.h | 2 ++
src/evaluate.c | 2 +-
src/parser_bison.y | 31 ++++++++++++++++---------------
src/statement.c | 24 ++++++++++++------------
4 files changed, 31 insertions(+), 28 deletions(-)
diff --git a/include/osf.h b/include/osf.h
index 8f6f5840620e..2eef257c2b51 100644
--- a/include/osf.h
+++ b/include/osf.h
@@ -1,6 +1,8 @@
#ifndef NFTABLES_OSF_H
#define NFTABLES_OSF_H
+#define NFT_OSF_F_VERSION 0x1
+
struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl,
const uint32_t flags);
diff --git a/src/evaluate.c b/src/evaluate.c
index 3593eb80a6a6..21d9e146e587 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2812,7 +2812,7 @@ static int stmt_evaluate_log(struct eval_ctx *ctx, struct
stmt *stmt)
return stmt_error(ctx, stmt,
"flags and group are mutually exclusive");
}
- if (stmt->log.level == LOGLEVEL_AUDIT &&
+ if (stmt->log.level == NFT_LOGLEVEL_AUDIT &&
(stmt->log.flags & ~STMT_LOG_LEVEL || stmt->log.logflags))
return stmt_error(ctx, stmt,
"log level audit doesn't support any further
options");
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 9aea65265332..9e632c0d1f6e 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2414,23 +2414,23 @@ log_arg : PREFIX
string
level_type : string
{
if (!strcmp("emerg", $1))
- $$ = LOG_EMERG;
+ $$ = NFT_LOGLEVEL_EMERG;
else if (!strcmp("alert", $1))
- $$ = LOG_ALERT;
+ $$ = NFT_LOGLEVEL_ALERT;
else if (!strcmp("crit", $1))
- $$ = LOG_CRIT;
+ $$ = NFT_LOGLEVEL_CRIT;
else if (!strcmp("err", $1))
- $$ = LOG_ERR;
+ $$ = NFT_LOGLEVEL_ERR;
else if (!strcmp("warn", $1))
- $$ = LOG_WARNING;
+ $$ = NFT_LOGLEVEL_WARNING;
else if (!strcmp("notice", $1))
- $$ = LOG_NOTICE;
+ $$ = NFT_LOGLEVEL_NOTICE;
else if (!strcmp("info", $1))
- $$ = LOG_INFO;
+ $$ = NFT_LOGLEVEL_INFO;
else if (!strcmp("debug", $1))
- $$ = LOG_DEBUG;
+ $$ = NFT_LOGLEVEL_DEBUG;
else if (!strcmp("audit", $1))
- $$ = LOGLEVEL_AUDIT;
+ $$ = NFT_LOGLEVEL_AUDIT;
else {
erec_queue(error(&@1, "invalid log
level"),
state->msgs);
@@ -4101,7 +4101,6 @@ ct_key : L3PROTOCOL { $$ =
NFT_CT_L3PROTOCOL; }
| PROTO_DST { $$ = NFT_CT_PROTO_DST; }
| LABEL { $$ = NFT_CT_LABELS; }
| EVENT { $$ = NFT_CT_EVENTMASK; }
- | TIMEOUT { $$ = NFT_CT_TIMEOUT; }
| ct_key_dir_optional
;
@@ -4150,16 +4149,18 @@ ct_stmt : CT ct_key
SET stmt_expr
$$->objref.type = NFT_OBJECT_CT_HELPER;
$$->objref.expr = $4;
break;
- case NFT_CT_TIMEOUT:
- $$ = objref_stmt_alloc(&@$);
- $$->objref.type = NFT_OBJECT_CT_TIMEOUT;
- $$->objref.expr = $4;
- break;
default:
$$ = ct_stmt_alloc(&@$, $2, -1, $4);
break;
}
}
+ | CT TIMEOUT SET stmt_expr
+ {
+ $$ = objref_stmt_alloc(&@$);
+ $$->objref.type = NFT_OBJECT_CT_TIMEOUT;
+ $$->objref.expr = $4;
+
+ }
| CT ct_dir ct_key_dir_optional SET
stmt_expr
{
$$ = ct_stmt_alloc(&@$, $3, $2, $5);
diff --git a/src/statement.c b/src/statement.c
index 7f9c10b38244..a9e8b3ae0780 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -256,21 +256,21 @@ struct stmt *objref_stmt_alloc(const struct location *loc)
return stmt;
}
-static const char *syslog_level[LOGLEVEL_AUDIT + 1] = {
- [LOG_EMERG] = "emerg",
- [LOG_ALERT] = "alert",
- [LOG_CRIT] = "crit",
- [LOG_ERR] = "err",
- [LOG_WARNING] = "warn",
- [LOG_NOTICE] = "notice",
- [LOG_INFO] = "info",
- [LOG_DEBUG] = "debug",
- [LOGLEVEL_AUDIT] = "audit"
+static const char *syslog_level[NFT_LOGLEVEL_MAX + 1] = {
+ [NFT_LOGLEVEL_EMERG] = "emerg",
+ [NFT_LOGLEVEL_ALERT] = "alert",
+ [NFT_LOGLEVEL_CRIT] = "crit",
+ [NFT_LOGLEVEL_ERR] = "err",
+ [NFT_LOGLEVEL_WARNING] = "warn",
+ [NFT_LOGLEVEL_NOTICE] = "notice",
+ [NFT_LOGLEVEL_INFO] = "info",
+ [NFT_LOGLEVEL_DEBUG] = "debug",
+ [NFT_LOGLEVEL_AUDIT] = "audit"
};
const char *log_level(uint32_t level)
{
- if (level > LOGLEVEL_AUDIT)
+ if (level > NFT_LOGLEVEL_MAX)
return "unknown";
return syslog_level[level];
@@ -280,7 +280,7 @@ int log_level_parse(const char *level)
{
int i;
- for (i = 0; i <= LOGLEVEL_AUDIT; i++) {
+ for (i = 0; i <= NFT_LOGLEVEL_MAX; i++) {
if (syslog_level[i] &&
!strcmp(level, syslog_level[i]))
return i;
--
2.11.0
