diff options
author | Ana Rey <anarey@gmail.com> | 2014-06-03 12:41:56 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-05 15:22:56 +0200 |
commit | d79329a5e99f4f2fdf293f9e3418cad0af7e7b1d (patch) | |
tree | 71d8fdac7d56140c893465bcb8d31a01c4893ced | |
parent | 131b5b7801d6801dbf57b6ae3e85b3c2a10cacac (diff) |
expr: log: Do not print unset values in xml
It changes the parse and the snprint functions to omit unset values.
If we used this rule:
nft add rule ip test output log
We got this xml file:
<rule><family>ip</family>
<table>test</table>
<chain>output</chain>
<handle>88</handle>
<expr type="log">
<prefix>(null)</prefix>
<group>0</group>
<snaplen>0</snaplen>
<qthreshold>0</qthreshold>
</expr>
</rule>
And It was imposible import this file.
Now, That rule creates this xml file without null values:
<rule><family>ip</family>
<table>test</table>
<chain>output</chain>
<handle>88</handle>
<expr type="log">
</expr>
</rule>
and It's possible import this xml file.
Signed-off-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/expr/log.c | 49 |
1 files changed, 31 insertions, 18 deletions
diff --git a/src/expr/log.c b/src/expr/log.c index 497d5a3..bd9bdc5 100644 --- a/src/expr/log.c +++ b/src/expr/log.c @@ -210,25 +210,21 @@ static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e, prefix = nft_mxml_str_parse(tree, "prefix", MXML_DESCEND_FIRST, NFT_XML_MAND, err); - if (prefix == NULL) - return -1; - nft_rule_expr_set_str(e, NFT_EXPR_LOG_PREFIX, prefix); + if (prefix != NULL) + nft_rule_expr_set_str(e, NFT_EXPR_LOG_PREFIX, prefix); if (nft_mxml_num_parse(tree, "group", MXML_DESCEND_FIRST, BASE_DEC, - &group, NFT_TYPE_U16, NFT_XML_MAND, err) < 0) - return -1; - nft_rule_expr_set_u16(e, NFT_EXPR_LOG_GROUP, group); + &group, NFT_TYPE_U16, NFT_XML_MAND, err) == 0) + nft_rule_expr_set_u16(e, NFT_EXPR_LOG_GROUP, group); if (nft_mxml_num_parse(tree, "snaplen", MXML_DESCEND_FIRST, BASE_DEC, - &snaplen, NFT_TYPE_U32, NFT_XML_MAND, err) < 0) - return -1; - nft_rule_expr_set_u32(e, NFT_EXPR_LOG_SNAPLEN, snaplen); + &snaplen, NFT_TYPE_U32, NFT_XML_MAND, err) == 0) + nft_rule_expr_set_u32(e, NFT_EXPR_LOG_SNAPLEN, snaplen); if (nft_mxml_num_parse(tree, "qthreshold", MXML_DESCEND_FIRST, BASE_DEC, &qthreshold, NFT_TYPE_U16, NFT_XML_MAND, - err) < 0) - return -1; - nft_rule_expr_set_u16(e, NFT_EXPR_LOG_QTHRESHOLD, qthreshold); + err) == 0) + nft_rule_expr_set_u16(e, NFT_EXPR_LOG_QTHRESHOLD, qthreshold); return 0; #else @@ -250,14 +246,31 @@ static int nft_rule_expr_log_snprintf_default(char *buf, size_t len, static int nft_rule_expr_log_snprintf_xml(char *buf, size_t size, struct nft_rule_expr *e) { + int ret, len = size, offset = 0; struct nft_expr_log *log = nft_expr_data(e); - return snprintf(buf, size, "<prefix>%s</prefix>" - "<group>%u</group>" - "<snaplen>%u</snaplen>" - "<qthreshold>%u</qthreshold>", - log->prefix, log->group, - log->snaplen, log->qthreshold); + if (e->flags & (1 << NFT_EXPR_LOG_PREFIX)) { + ret = snprintf(buf + offset, len, "<prefix>%s</prefix>", + log->prefix); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (e->flags & (1 << NFT_EXPR_LOG_GROUP)) { + ret = snprintf(buf + offset, len, "<group>%u</group>", + log->group); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (e->flags & (1 << NFT_EXPR_LOG_SNAPLEN)) { + ret = snprintf(buf + offset, len, "<snaplen>%u</snaplen>", + log->snaplen); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (e->flags & (1 << NFT_EXPR_LOG_QTHRESHOLD)) { + ret = snprintf(buf + offset, len, "<qthreshold>%u</qthreshold>", + log->qthreshold); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + return offset; } static int nft_rule_expr_log_snprintf_json(char *buf, size_t len, |