From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nft] ct: use nftables sysconf location for connlabel configuration
Date: Wed, 20 Jul 2016 18:19:17 +0200 [thread overview]
Message-ID: <20160720161917.GA1413@salvia> (raw)
In-Reply-To: <1469009825-1188-1-git-send-email-fw@strlen.de>
[-- Attachment #1: Type: text/plain, Size: 1070 bytes --]
On Wed, Jul 20, 2016 at 12:17:05PM +0200, Florian Westphal wrote:
> Instead of using /etc/xtables use the nftables syconfdir.
> Also update error message to tell which label failed translation
> and which config file was used for this:
>
> nft add filter input ct label foo
> <cmdline>:1:27-29: Error: /etc/nftables/connlabel.conf: could not parse conntrack label "foo"
>
> Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
> src/Makefile.am | 2 ++
> src/ct.c | 7 +++++--
> 2 files changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/src/Makefile.am b/src/Makefile.am
> index 8c59449..ff1dd6e 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -27,6 +27,8 @@ parser_bison.o scanner.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-decl
>
> BUILT_SOURCES = parser_bison.h
>
> +ct.o: AM_CFLAGS += -DCONNLABEL_PATH="\"${sysconfdir}/\""
I think we can simplify this by using DEFAULT_INCLUDE_PATH.
See patch attached, it applies on top of this one. Feel free to
collapse them.
[-- Attachment #2: x.patch --]
[-- Type: text/x-diff, Size: 1207 bytes --]
diff --git a/src/Makefile.am b/src/Makefile.am
index ff1dd6e..8c59449 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -27,8 +27,6 @@ parser_bison.o scanner.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-decl
BUILT_SOURCES = parser_bison.h
-ct.o: AM_CFLAGS += -DCONNLABEL_PATH="\"${sysconfdir}/\""
-
nft_SOURCES = main.c \
rule.c \
statement.c \
diff --git a/src/ct.c b/src/ct.c
index e974307..f383f29 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -29,7 +29,7 @@
#include <utils.h>
#include <statement.h>
-#define CONNLABEL_CONF CONNLABEL_PATH "connlabel.conf"
+#define CONNLABEL_CONF DEFAULT_INCLUDE_PATH "connlabel.conf"
static const struct symbol_table ct_state_tbl = {
.symbols = {
@@ -130,8 +130,8 @@ static struct error_record *ct_label_type_parse(const struct expr *sym,
dtype = sym->dtype;
if (s->identifier == NULL)
- return error(&sym->location, "%s: could not parse %s \"%s\"", CONNLABEL_CONF,
- dtype->desc, sym->identifier);
+ return error(&sym->location, "%s: could not parse %s \"%s\"",
+ CONNLABEL_CONF, dtype->desc, sym->identifier);
if (s->value >= CT_LABEL_BIT_SIZE)
return error(&sym->location, "%s: out of range (%u max)",
next prev parent reply other threads:[~2016-07-20 16:19 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-20 10:17 [PATCH nft] ct: use nftables sysconf location for connlabel configuration Florian Westphal
2016-07-20 16:19 ` Pablo Neira Ayuso [this message]
2016-07-20 22:27 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160720161917.GA1413@salvia \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.