diff options
author | Ana Rey <anarey@gmail.com> | 2014-06-04 13:38:09 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-05 15:23:01 +0200 |
commit | ee673abc6cb7ff8d0b4d2d96548f4234c501b148 (patch) | |
tree | 8c31ebf18d9bc9649b5d13b2b65dff3c52d3bdd7 /src/expr/reject.c | |
parent | ca4b919937684d8367842b1ec757bf9948a2c8c6 (diff) |
expr: reject: Do not print unset values in xml
It changes the parse and the snprint functions to omit unset values.
If we used this rule:
nft add rule ip test output reject
It gets this xml file:
[...]
<expr type="reject">
<type>0</type>
<code>0</code>
</expr>
</rule></nftables>
Now, That rule creates this xml file without null values:
[...]
<expr type="reject">
</expr>
</rule></nftables>
Signed-off-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/expr/reject.c')
-rw-r--r-- | src/expr/reject.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/src/expr/reject.c b/src/expr/reject.c index 35aa964..3a76048 100644 --- a/src/expr/reject.c +++ b/src/expr/reject.c @@ -155,14 +155,12 @@ nft_rule_expr_reject_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, uint8_t code; if (nft_mxml_num_parse(tree, "type", MXML_DESCEND_FIRST, BASE_DEC, - &type, NFT_TYPE_U32, NFT_XML_MAND, err) < 0) - return -1; - nft_rule_expr_set_u32(e, NFT_EXPR_REJECT_TYPE, type); + &type, NFT_TYPE_U32, NFT_XML_MAND, err) == 0) + nft_rule_expr_set_u32(e, NFT_EXPR_REJECT_TYPE, type); if (nft_mxml_num_parse(tree, "code", MXML_DESCEND_FIRST, BASE_DEC, - &code, NFT_TYPE_U8, NFT_XML_MAND, err) < 0) - return -1; - nft_rule_expr_set_u8(e, NFT_EXPR_REJECT_CODE, code); + &code, NFT_TYPE_U8, NFT_XML_MAND, err) == 0) + nft_rule_expr_set_u8(e, NFT_EXPR_REJECT_CODE, code); return 0; #else @@ -183,11 +181,21 @@ static int nft_rule_expr_reject_snprintf_default(char *buf, size_t len, static int nft_rule_expr_reject_snprintf_xml(char *buf, size_t len, struct nft_rule_expr *e) { + int ret, size = len, offset = 0; struct nft_expr_reject *reject = nft_expr_data(e); - return snprintf(buf, len, "<type>%u</type>" - "<code>%u</code>", - reject->type, reject->icmp_code); + if (e->flags & (1 << NFT_EXPR_REJECT_TYPE)) { + ret = snprintf(buf+offset, len, "<type>%u</type>", + reject->type); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (e->flags & (1 << NFT_EXPR_REJECT_CODE)) { + ret = snprintf(buf+offset, len, "<code>%u</code>", + reject->icmp_code); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + return offset; } static int nft_rule_expr_reject_snprintf_json(char *buf, size_t len, |