summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2013-09-05 21:54:56 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-09-05 22:01:00 +0200
commit29a89694181f8eaa8b9dcd8c95224ced6199ad94 (patch)
tree0e8b4cfeb48217478648491e295ede89c1a09911
parentccf29a40923fb16f3909f6436d7603996cefebe5 (diff)
chain: use human readable netfilter hook
Since (108d9f6 src: Wrap netfilter hooks around human readable strings) in nft, we have to use human readable netfilter hooks. This patch also adapts the XML and JSON tests. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/chain.c60
-rw-r--r--tests/jsonfiles/11-chain.json2
-rw-r--r--tests/jsonfiles/12-chain.json2
-rw-r--r--tests/jsonfiles/13-chain.json2
-rw-r--r--tests/xmlfiles/10-chain.xml2
-rw-r--r--tests/xmlfiles/11-chain.xml2
-rw-r--r--tests/xmlfiles/12-chain.xml2
7 files changed, 49 insertions, 23 deletions
diff --git a/src/chain.c b/src/chain.c
index 1761772..b196cd6 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -24,6 +24,7 @@
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
#include <linux/netfilter.h>
+#include <linux/netfilter_arp.h>
#include <libnftables/chain.h>
@@ -44,13 +45,38 @@ struct nft_chain {
uint32_t flags;
};
-static const char *hooknum2str_array[NF_INET_NUMHOOKS] = {
- [NF_INET_PRE_ROUTING] = "NF_INET_PRE_ROUTING",
- [NF_INET_LOCAL_IN] = "NF_INET_LOCAL_IN",
- [NF_INET_FORWARD] = "NF_INET_FORWARD",
- [NF_INET_LOCAL_OUT] = "NF_INET_LOCAL_OUT",
- [NF_INET_POST_ROUTING] = "NF_INET_POST_ROUTING",
-};
+static const char *nft_hooknum2str(int family, int hooknum)
+{
+ switch (family) {
+ case NFPROTO_IPV4:
+ case NFPROTO_IPV6:
+ case NFPROTO_BRIDGE:
+ switch (hooknum) {
+ case NF_INET_PRE_ROUTING:
+ return "prerouting";
+ case NF_INET_LOCAL_IN:
+ return "input";
+ case NF_INET_FORWARD:
+ return "forward";
+ case NF_INET_LOCAL_OUT:
+ return "output";
+ case NF_INET_POST_ROUTING:
+ return "postrouting";
+ }
+ break;
+ case NFPROTO_ARP:
+ switch (hooknum) {
+ case NF_ARP_IN:
+ return "input";
+ case NF_ARP_OUT:
+ return "output";
+ case NF_ARP_FORWARD:
+ return "forward";
+ }
+ break;
+ }
+ return "unknown";
+}
struct nft_chain *nft_chain_alloc(void)
{
@@ -468,12 +494,12 @@ int nft_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_chain *c)
}
EXPORT_SYMBOL(nft_chain_nlmsg_parse);
-static inline int nft_str2hooknum(const char *hook)
+static inline int nft_str2hooknum(int family, const char *hook)
{
int hooknum;
for (hooknum = 0; hooknum < NF_INET_NUMHOOKS; hooknum++) {
- if (strcmp(hook, hooknum2str_array[hooknum]) == 0)
+ if (strcmp(hook, nft_hooknum2str(family, hooknum)) == 0)
return hooknum;
}
return -1;
@@ -548,7 +574,7 @@ static int nft_chain_json_parse(struct nft_chain *c, const char *json)
if (valstr == NULL)
goto err;
- val32 = nft_str2hooknum(valstr);
+ val32 = nft_str2hooknum(c->family, valstr);
if (val32 == -1)
goto err;
@@ -635,7 +661,7 @@ static int nft_chain_xml_parse(struct nft_chain *c, const char *xml)
hooknum_str = nft_mxml_str_parse(tree, "hooknum", MXML_DESCEND_FIRST);
if (hooknum_str != NULL) {
- hooknum = nft_str2hooknum(hooknum_str);
+ hooknum = nft_str2hooknum(c->family, hooknum_str);
if (hooknum < 0)
goto err;
@@ -728,8 +754,8 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
"\"hooknum\": \"%s\","
"\"prio\": %d,"
"\"policy\": \"%s\"",
- c->type, hooknum2str_array[c->hooknum], c->prio,
- nft_verdict2str(c->policy));
+ c->type, nft_hooknum2str(c->family, c->hooknum),
+ c->prio, nft_verdict2str(c->policy));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
@@ -757,8 +783,8 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
"<hooknum>%s</hooknum>"
"<prio>%d</prio>"
"<policy>%s</policy>",
- c->type, hooknum2str_array[c->hooknum], c->prio,
- nft_verdict2str(c->policy));
+ c->type, nft_hooknum2str(c->family, c->hooknum),
+ c->prio, nft_verdict2str(c->policy));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
@@ -782,8 +808,8 @@ static int nft_chain_snprintf_default(char *buf, size_t size,
ret = snprintf(buf+offset, size,
" type %s hook %s prio %d policy %s use %d "
"packets %"PRIu64" bytes %"PRIu64"",
- c->type, hooknum2str_array[c->hooknum], c->prio,
- nft_verdict2str(c->policy), c->use,
+ c->type, nft_hooknum2str(c->family, c->hooknum),
+ c->prio, nft_verdict2str(c->policy), c->use,
c->packets, c->bytes);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
diff --git a/tests/jsonfiles/11-chain.json b/tests/jsonfiles/11-chain.json
index 0e71e8f..2381eb6 100644
--- a/tests/jsonfiles/11-chain.json
+++ b/tests/jsonfiles/11-chain.json
@@ -1 +1 @@
-{ "chain": {"name": "input","handle": 1,"bytes": 1375696,"packets": 4136,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "NF_INET_LOCAL_IN","prio": 0,"policy": "accept"}}
+{ "chain": {"name": "input","handle": 1,"bytes": 1375696,"packets": 4136,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "input","prio": 0,"policy": "accept"}}
diff --git a/tests/jsonfiles/12-chain.json b/tests/jsonfiles/12-chain.json
index e841032..d20cb1d 100644
--- a/tests/jsonfiles/12-chain.json
+++ b/tests/jsonfiles/12-chain.json
@@ -1 +1 @@
-{ "chain": {"name": "forward","handle": 2,"bytes": 0,"packets": 0,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "NF_INET_FORWARD","prio": 0,"policy": "accept"}}
+{ "chain": {"name": "forward","handle": 2,"bytes": 0,"packets": 0,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "forward","prio": 0,"policy": "accept"}}
diff --git a/tests/jsonfiles/13-chain.json b/tests/jsonfiles/13-chain.json
index 9967233..69f8750 100644
--- a/tests/jsonfiles/13-chain.json
+++ b/tests/jsonfiles/13-chain.json
@@ -1 +1 @@
-{ "chain": {"name": "output","handle": 3,"bytes": 454786,"packets": 2681,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "NF_INET_LOCAL_OUT","prio": 0,"policy": "accept"}}
+{ "chain": {"name": "output","handle": 3,"bytes": 454786,"packets": 2681,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "output","prio": 0,"policy": "accept"}}
diff --git a/tests/xmlfiles/10-chain.xml b/tests/xmlfiles/10-chain.xml
index f0d9da9..c6aa156 100644
--- a/tests/xmlfiles/10-chain.xml
+++ b/tests/xmlfiles/10-chain.xml
@@ -1 +1 @@
-<chain><name>test</name><handle>0</handle><bytes>0</bytes><packets>0</packets><table>filter</table><type>filter</type><hooknum>NF_INET_LOCAL_IN</hooknum><prio>0</prio><policy>accept</policy><family>ip</family></chain>
+<chain><name>test</name><handle>0</handle><bytes>0</bytes><packets>0</packets><table>filter</table><type>filter</type><hooknum>input</hooknum><prio>0</prio><policy>accept</policy><family>ip</family></chain>
diff --git a/tests/xmlfiles/11-chain.xml b/tests/xmlfiles/11-chain.xml
index 1e04d0f..3423078 100644
--- a/tests/xmlfiles/11-chain.xml
+++ b/tests/xmlfiles/11-chain.xml
@@ -1 +1 @@
-<chain><name>test</name><handle>0</handle><bytes>59</bytes><packets>1</packets><table>filter</table><type>filter</type><hooknum>NF_INET_FORWARD</hooknum><prio>0</prio><policy>drop</policy><family>ip6</family></chain>
+<chain><name>test</name><handle>0</handle><bytes>59</bytes><packets>1</packets><table>filter</table><type>filter</type><hooknum>forward</hooknum><prio>0</prio><policy>drop</policy><family>ip6</family></chain>
diff --git a/tests/xmlfiles/12-chain.xml b/tests/xmlfiles/12-chain.xml
index 5903760..6afcd00 100644
--- a/tests/xmlfiles/12-chain.xml
+++ b/tests/xmlfiles/12-chain.xml
@@ -1 +1 @@
-<chain><name>foo</name><handle>100</handle><bytes>59264154979</bytes><packets>2548796325</packets><table>nat</table><type>nat</type><hooknum>NF_INET_POST_ROUTING</hooknum><prio>0</prio><policy>accept</policy><family>ip</family></chain>
+<chain><name>foo</name><handle>100</handle><bytes>59264154979</bytes><packets>2548796325</packets><table>nat</table><type>nat</type><hooknum>postrouting</hooknum><prio>0</prio><policy>accept</policy><family>ip</family></chain>