diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-02-03 14:04:42 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-02-03 18:43:13 +0100 |
commit | 29fd6a1df9f6c80d155a7a73b8514a68dc9cd22d (patch) | |
tree | 9dc15a3e19a6ff36ae9ee3d38c7b8190b73f0a72 /src/expr | |
parent | 16871a3615edcf358d688a8d079b1e7b20053fb1 (diff) | |
parent | 076fd1e66e7f1bc3b2bd91f3efb84080da26fb9c (diff) |
Merge branch 'master' into next-3.14
This patch includes changes to adapt this branch to the library
rename that happened in the master branch.
Conflicts:
src/Makefile.am
src/expr/cmp.c
src/expr/ct.c
src/expr/data_reg.c
src/expr/meta.c
tests/jsonfiles/01-table.json
tests/jsonfiles/02-table.json
tests/jsonfiles/64-ruleset.json
tests/xmlfiles/01-table.xml
tests/xmlfiles/02-table.xml
Diffstat (limited to 'src/expr')
-rw-r--r-- | src/expr/bitwise.c | 36 | ||||
-rw-r--r-- | src/expr/byteorder.c | 38 | ||||
-rw-r--r-- | src/expr/cmp.c | 33 | ||||
-rw-r--r-- | src/expr/counter.c | 20 | ||||
-rw-r--r-- | src/expr/ct.c | 167 | ||||
-rw-r--r-- | src/expr/data_reg.c | 232 | ||||
-rw-r--r-- | src/expr/data_reg.h | 6 | ||||
-rw-r--r-- | src/expr/exthdr.c | 39 | ||||
-rw-r--r-- | src/expr/immediate.c | 22 | ||||
-rw-r--r-- | src/expr/limit.c | 21 | ||||
-rw-r--r-- | src/expr/log.c | 31 | ||||
-rw-r--r-- | src/expr/lookup.c | 78 | ||||
-rw-r--r-- | src/expr/match.c | 14 | ||||
-rw-r--r-- | src/expr/meta.c | 80 | ||||
-rw-r--r-- | src/expr/nat.c | 44 | ||||
-rw-r--r-- | src/expr/payload.c | 37 | ||||
-rw-r--r-- | src/expr/queue.c | 4 | ||||
-rw-r--r-- | src/expr/reject.c | 20 | ||||
-rw-r--r-- | src/expr/target.c | 14 |
19 files changed, 551 insertions, 385 deletions
diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c index bcec516..c8fd0ec 100644 --- a/src/expr/bitwise.c +++ b/src/expr/bitwise.c @@ -18,8 +18,8 @@ #include <errno.h> #include <libmnl/libmnl.h> #include <linux/netfilter/nf_tables.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "data_reg.h" #include "expr_ops.h" @@ -181,35 +181,36 @@ nft_rule_expr_bitwise_parse(struct nft_rule_expr *e, struct nlattr *attr) } static int -nft_rule_expr_bitwise_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_bitwise_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING struct nft_expr_bitwise *bitwise = nft_expr_data(e); uint32_t reg, len; - if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_SREG, reg); - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_DREG, reg); - if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &len) < 0) + if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &len, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_LEN, len); if (nft_jansson_data_reg_parse(root, "mask", - &bitwise->mask) != DATA_VALUE) + &bitwise->mask, err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_BITWISE_MASK); if (nft_jansson_data_reg_parse(root, "xor", - &bitwise->xor) != DATA_VALUE) + &bitwise->xor, err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_BITWISE_XOR); @@ -225,21 +226,22 @@ nft_rule_expr_bitwise_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_bitwise *bitwise = nft_expr_data(e); - int32_t reg; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; bitwise->sreg = reg; e->flags |= (1 << NFT_EXPR_BITWISE_SREG); - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; bitwise->dreg = reg; @@ -247,19 +249,19 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, &bitwise->len, NFT_TYPE_U8, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_BITWISE_LEN); if (nft_mxml_data_reg_parse(tree, "mask", &bitwise->mask, - NFT_XML_MAND) != DATA_VALUE) + NFT_XML_MAND, err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_BITWISE_MASK); if (nft_mxml_data_reg_parse(tree, "xor", &bitwise->xor, - NFT_XML_MAND) != DATA_VALUE) + NFT_XML_MAND, err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_BITWISE_XOR); diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c index 7224c82..4889e80 100644 --- a/src/expr/byteorder.c +++ b/src/expr/byteorder.c @@ -18,8 +18,8 @@ #include <errno.h> #include <libmnl/libmnl.h> #include <linux/netfilter/nf_tables.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "data_reg.h" #include "expr_ops.h" @@ -194,24 +194,25 @@ static inline int nft_str2ntoh(const char *op) } static int -nft_rule_expr_byteorder_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_byteorder_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *op; uint32_t uval32; int ntoh; - if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_SREG, uval32); - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_DREG, uval32); - op = nft_jansson_parse_str(root, "op"); + op = nft_jansson_parse_str(root, "op", err); if (op == NULL) return -1; @@ -221,12 +222,12 @@ nft_rule_expr_byteorder_json_parse(struct nft_rule_expr *e, json_t *root) nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_OP, ntoh); - if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_LEN, uval32); - if (nft_jansson_parse_val(root, "size", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "size", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_SIZE, uval32); @@ -239,28 +240,31 @@ nft_rule_expr_byteorder_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_byteorder *byteorder = nft_expr_data(e); const char *op; - int32_t reg, ntoh; + int32_t ntoh; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; byteorder->sreg = reg; e->flags |= (1 << NFT_EXPR_BYTEORDER_SREG); - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND, NFT_XML_MAND, + err) != 0) return -1; byteorder->dreg = reg; e->flags |= (1 << NFT_EXPR_BYTEORDER_DREG); - op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND); + op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND, + err); if (op == NULL) return -1; @@ -273,14 +277,14 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, &byteorder->len, NFT_TYPE_U8, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_BYTEORDER_LEN); if (nft_mxml_num_parse(tree, "size", MXML_DESCEND_FIRST, BASE_DEC, &byteorder->size, NFT_TYPE_U8, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_BYTEORDER_SIZE); diff --git a/src/expr/cmp.c b/src/expr/cmp.c index 1c5787e..63250f3 100644 --- a/src/expr/cmp.c +++ b/src/expr/cmp.c @@ -19,15 +19,15 @@ #include <libmnl/libmnl.h> #include <linux/netfilter/nf_tables.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" #include "data_reg.h" struct nft_expr_cmp { union nft_data_reg data; - uint32_t sreg; /* enum nft_registers */ - uint32_t op; /* enum nft_cmp_ops */ + enum nft_registers sreg; + enum nft_cmp_ops op; }; static int @@ -174,7 +174,8 @@ static inline int nft_str2cmp(const char *op) } } -static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root) +static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING struct nft_expr_cmp *cmp = nft_expr_data(e); @@ -182,12 +183,12 @@ static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root) uint32_t uval32; int base; - if (nft_jansson_parse_val(root, "sreg", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "sreg", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_CMP_SREG, uval32); - op = nft_jansson_parse_str(root, "op"); + op = nft_jansson_parse_str(root, "op", err); if (op == NULL) return -1; @@ -198,7 +199,7 @@ static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root) nft_rule_expr_set_u32(e, NFT_EXPR_CMP_OP, base); if (nft_jansson_data_reg_parse(root, "cmpdata", - &cmp->data) != DATA_VALUE) + &cmp->data, err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_CMP_DATA); @@ -210,21 +211,24 @@ static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root) #endif } -static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_cmp *cmp = nft_expr_data(e); const char *op; - int32_t reg, op_value; + int32_t op_value; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; cmp->sreg = reg; e->flags |= (1 << NFT_EXPR_CMP_SREG); - op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND); + op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND, + err); if (op == NULL) return -1; @@ -236,7 +240,8 @@ static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre e->flags |= (1 << NFT_EXPR_CMP_OP); if (nft_mxml_data_reg_parse(tree, "cmpdata", - &cmp->data, NFT_XML_MAND) != DATA_VALUE) + &cmp->data, NFT_XML_MAND, + err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_CMP_DATA); diff --git a/src/expr/counter.c b/src/expr/counter.c index 4919a69..4bb7f1b 100644 --- a/src/expr/counter.c +++ b/src/expr/counter.c @@ -19,8 +19,8 @@ #include "internal.h" #include <libmnl/libmnl.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" struct nft_expr_counter { @@ -119,17 +119,18 @@ nft_rule_expr_counter_parse(struct nft_rule_expr *e, struct nlattr *attr) } static int -nft_rule_expr_counter_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_counter_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING uint64_t uval64; - if (nft_jansson_parse_val(root, "pkts", NFT_TYPE_U64, &uval64) < 0) + if (nft_jansson_parse_val(root, "pkts", NFT_TYPE_U64, &uval64, err) < 0) return -1; nft_rule_expr_set_u64(e, NFT_EXPR_CTR_PACKETS, uval64); - if (nft_jansson_parse_val(root, "bytes", NFT_TYPE_U64, &uval64) < 0) + if (nft_jansson_parse_val(root, "bytes", NFT_TYPE_U64, &uval64, err) < 0) return -1; nft_rule_expr_set_u64(e, NFT_EXPR_CTR_BYTES, uval64); @@ -142,19 +143,22 @@ nft_rule_expr_counter_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_counter_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_counter_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_counter *ctr = nft_expr_data(e); if (nft_mxml_num_parse(tree, "pkts", MXML_DESCEND_FIRST, BASE_DEC, - &ctr->pkts, NFT_TYPE_U64, NFT_XML_MAND) != 0) + &ctr->pkts, NFT_TYPE_U64, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_CTR_PACKETS); if (nft_mxml_num_parse(tree, "bytes", MXML_DESCEND_FIRST, BASE_DEC, - &ctr->bytes, NFT_TYPE_U64, NFT_XML_MAND) != 0) + &ctr->bytes, NFT_TYPE_U64, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_CTR_BYTES); diff --git a/src/expr/ct.c b/src/expr/ct.c index 49d8495..2df761c 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -18,8 +18,8 @@ #include "internal.h" #include <libmnl/libmnl.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" struct nft_expr_ct { @@ -141,10 +141,6 @@ nft_rule_expr_ct_parse(struct nft_rule_expr *e, struct nlattr *attr) ct->key = ntohl(mnl_attr_get_u32(tb[NFTA_CT_KEY])); e->flags |= (1 << NFT_EXPR_CT_KEY); } - if (tb[NFTA_CT_DIRECTION]) { - ct->dir = mnl_attr_get_u8(tb[NFTA_CT_DIRECTION]); - e->flags |= (1 << NFT_EXPR_CT_DIR); - } if (tb[NFTA_CT_DREG]) { ct->dreg = ntohl(mnl_attr_get_u32(tb[NFTA_CT_DREG])); e->flags |= (1 << NFT_EXPR_CT_DREG); @@ -153,6 +149,10 @@ nft_rule_expr_ct_parse(struct nft_rule_expr *e, struct nlattr *attr) ct->sreg = ntohl(mnl_attr_get_u32(tb[NFTA_CT_SREG])); e->flags |= (1 << NFT_EXPR_CT_SREG); } + if (tb[NFTA_CT_DIRECTION]) { + ct->dir = mnl_attr_get_u8(tb[NFTA_CT_DIRECTION]); + e->flags |= (1 << NFT_EXPR_CT_DIR); + } return 0; } @@ -165,6 +165,7 @@ const char *ctkey2str_array[NFT_CT_MAX] = { [NFT_CT_SECMARK] = "secmark", [NFT_CT_EXPIRATION] = "expiration", [NFT_CT_HELPER] = "helper", + [NFT_CT_L3PROTOCOL] = "l3protocol", [NFT_CT_PROTOCOL] = "protocol", [NFT_CT_SRC] = "src", [NFT_CT_DST] = "dst", @@ -192,30 +193,58 @@ static inline int str2ctkey(const char *ctkey) return -1; } -static int nft_rule_expr_ct_json_parse(struct nft_rule_expr *e, json_t *root) +static const char *ctdir2str(uint8_t ctdir) +{ + switch (ctdir) { + case IP_CT_DIR_ORIGINAL: + return "original"; + case IP_CT_DIR_REPLY: + return "reply"; + default: + return "unknow"; + } +} + +static inline int str2ctdir(const char *str, uint8_t *ctdir) +{ + if (strcmp(str, "original") == 0) { + *ctdir = IP_CT_DIR_ORIGINAL; + return 0; + } + + if (strcmp(str, "reply") == 0) { + *ctdir = IP_CT_DIR_REPLY; + return 0; + } + + return -1; +} + +static int nft_rule_expr_ct_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING - const char *key_str; + const char *key_str, *dir_str; uint32_t reg; uint8_t dir; int key; if (nft_jansson_node_exist(root, "dreg")) { - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_CT_DREG, reg); } if (nft_jansson_node_exist(root, "sreg")) { - if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_CT_SREG, reg); } if (nft_jansson_node_exist(root, "key")) { - key_str = nft_jansson_parse_str(root, "key"); + key_str = nft_jansson_parse_str(root, "key", err); if (key_str == NULL) return -1; @@ -228,11 +257,15 @@ static int nft_rule_expr_ct_json_parse(struct nft_rule_expr *e, json_t *root) } if (nft_jansson_node_exist(root, "dir")) { - if (nft_jansson_parse_val(root, "dir", NFT_TYPE_U8, &dir) < 0) + dir_str = nft_jansson_parse_str(root, "dir", err); + if (dir_str == NULL) return -1; - if (dir != IP_CT_DIR_ORIGINAL && dir != IP_CT_DIR_REPLY) + if (str2ctdir(dir_str, &dir) != 0) { + err->node_name = "dir"; + err->error = NFT_PARSE_EBADTYPE; goto err; + } nft_rule_expr_set_u8(e, NFT_EXPR_CT_DIR, dir); } @@ -248,29 +281,30 @@ err: } -static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_ct *ct = nft_expr_data(e); - const char *key_str; - int32_t reg; + const char *key_str, *dir_str; int key; uint8_t dir; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST); - if (reg >= 0) { + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST, + NFT_XML_OPT, err) >= 0) { ct->dreg = reg; e->flags |= (1 << NFT_EXPR_CT_DREG); } - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST); - if (reg >= 0) { + if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND_FIRST, + NFT_XML_OPT, err) >= 0) { ct->sreg = reg; e->flags |= (1 << NFT_EXPR_CT_SREG); } key_str = nft_mxml_str_parse(tree, "key", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (key_str == NULL) return -1; @@ -281,15 +315,17 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree ct->key = key; e->flags |= (1 << NFT_EXPR_CT_KEY); - if (nft_mxml_num_parse(tree, "dir", MXML_DESCEND_FIRST, BASE_DEC, - &dir, NFT_TYPE_U8, NFT_XML_MAND) != 0) - return -1; - - if (dir != IP_CT_DIR_ORIGINAL && dir != IP_CT_DIR_REPLY) - goto err; + dir_str = nft_mxml_str_parse(tree, "dir", MXML_DESCEND_FIRST, + NFT_XML_OPT, err); + if (dir_str != NULL) { + if (str2ctdir(dir_str, &dir) != 0) { + err->node_name = "dir"; + err->error = NFT_PARSE_EBADTYPE; + goto err; + } - ct->dir = dir; - e->flags |= (1 << NFT_EXPR_CT_DIR); + nft_rule_expr_set_u8(e, NFT_EXPR_CT_DIR, dir); + } return 0; err: @@ -302,21 +338,41 @@ err: } static int -nft_rule_expr_ct_snprintf_default(char *buf, size_t size, - struct nft_rule_expr *e) +nft_expr_ct_snprintf_json(char *buf, size_t size, struct nft_rule_expr *e) { + int ret, len = size, offset = 0; struct nft_expr_ct *ct = nft_expr_data(e); - if (e->flags & (1 << NFT_EXPR_CT_SREG)) - return snprintf(buf, size, "set %s with reg %u ", - ctkey2str(ct->key), ct->sreg); + if (e->flags & (1 << NFT_EXPR_CT_DREG)) { + ret = snprintf(buf+offset, len, "\"dreg\":%u,", ct->dreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + if (e->flags & (1 << NFT_EXPR_CT_SREG)) { + ret = snprintf(buf+offset, len, "\"sreg:\":%u,", ct->sreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + if (e->flags & (1 << NFT_EXPR_CT_KEY)) { + ret = snprintf(buf+offset, len, "\"key\":\"%s\",", + ctkey2str(ct->key)); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) { + ret = snprintf(buf+offset, len, "\"dir\":\"%s\",", + ctdir2str(ct->dir)); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + /* Remove the last separator characther */ + buf[offset-1] = '\0'; - return snprintf(buf, size, "load %s => reg %u dir %u ", - ctkey2str(ct->key), ct->dreg, ct->dir); + return offset-1; } static int -nft_rule_expr_ct_snprintf_xml(char *buf, size_t size, struct nft_rule_expr *e) +nft_expr_ct_snprintf_xml(char *buf, size_t size, struct nft_rule_expr *e) { int ret, len = size, offset = 0; struct nft_expr_ct *ct = nft_expr_data(e); @@ -337,8 +393,9 @@ nft_rule_expr_ct_snprintf_xml(char *buf, size_t size, struct nft_rule_expr *e) SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } - if (e->flags & (1 << NFT_EXPR_CT_DIR)) { - ret = snprintf(buf+offset, len, "<dir>%u</dir>", ct->dir); + if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) { + ret = snprintf(buf+offset, len, "<dir>%s</dir>", + ctdir2str(ct->dir)); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } @@ -346,36 +403,30 @@ nft_rule_expr_ct_snprintf_xml(char *buf, size_t size, struct nft_rule_expr *e) } static int -nft_rule_expr_ct_snprintf_json(char *buf, size_t size, struct nft_rule_expr *e) +nft_expr_ct_snprintf_default(char *buf, size_t size, struct nft_rule_expr *e) { int ret, len = size, offset = 0; struct nft_expr_ct *ct = nft_expr_data(e); - if (e->flags & (1 << NFT_EXPR_CT_DREG)) { - ret = snprintf(buf+offset, len, "\"dreg\":%u,", ct->dreg); - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); - } - if (e->flags & (1 << NFT_EXPR_CT_SREG)) { - ret = snprintf(buf+offset, len, "\"sreg:\":%u,", ct->sreg); + ret = snprintf(buf, size, "set %s with reg %u ", + ctkey2str(ct->key), ct->sreg); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } - if (e->flags & (1 << NFT_EXPR_CT_KEY)) { - ret = snprintf(buf+offset, len, "\"key\":\"%s\",", - ctkey2str(ct->key)); + if (e->flags & (1 << NFT_EXPR_CT_DREG)) { + ret = snprintf(buf, len, "load %s => reg %u ", + ctkey2str(ct->key), ct->dreg); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } - if (e->flags & (1 << NFT_EXPR_CT_DIR)) { - ret = snprintf(buf+offset, len, "\"dir\":%u,", ct->dir); + if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) { + ret = snprintf(buf+offset, len, ", dir %s ", + ctdir2str(ct->dir)); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } - /* Remove the last separator characther */ - buf[offset-1] = '\0'; - - return offset-1; + return offset; } static int @@ -384,11 +435,11 @@ nft_rule_expr_ct_snprintf(char *buf, size_t len, uint32_t type, { switch(type) { case NFT_OUTPUT_DEFAULT: - return nft_rule_expr_ct_snprintf_default(buf, len, e); + return nft_expr_ct_snprintf_default(buf, len, e); case NFT_OUTPUT_XML: - return nft_rule_expr_ct_snprintf_xml(buf, len, e); + return nft_expr_ct_snprintf_xml(buf, len, e); case NFT_OUTPUT_JSON: - return nft_rule_expr_ct_snprintf_json(buf, len, e); + return nft_expr_ct_snprintf_json(buf, len, e); default: break; } diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c index a198c67..0523cb7 100644 --- a/src/expr/data_reg.c +++ b/src/expr/data_reg.c @@ -18,82 +18,85 @@ #include <netinet/in.h> #include <libmnl/libmnl.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> -#include "internal.h" - #include <linux/netfilter.h> #include <linux/netfilter/nf_tables.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> +#include "expr_ops.h" +#include "data_reg.h" +#include "internal.h" #ifdef JSON_PARSING -static int nft_data_reg_verdict_json_parse(union nft_data_reg *reg, json_t *data) +static int nft_data_reg_verdict_json_parse(union nft_data_reg *reg, json_t *data, + struct nft_parse_err *err) { int verdict; const char *verdict_str; + const char *chain; - verdict_str = nft_jansson_parse_str(data, "verdict"); + verdict_str = nft_jansson_parse_str(data, "verdict", err); if (verdict_str == NULL) - return -1; + return DATA_NONE; - verdict = nft_str2verdict(verdict_str); - if (verdict < 0) + if (nft_str2verdict(verdict_str, &verdict) != 0) { + err->node_name = "verdict"; + err->error = NFT_PARSE_EBADTYPE; + errno = EINVAL; return -1; + } reg->verdict = (uint32_t)verdict; - return 0; -} + if (nft_jansson_node_exist(data, "chain")) { + chain = nft_jansson_parse_str(data, "chain", err); + if (chain == NULL) + return DATA_NONE; -static int nft_data_reg_chain_json_parse(union nft_data_reg *reg, json_t *data) -{ - reg->chain = strdup(nft_jansson_parse_str(data, "chain")); - if (reg->chain == NULL) { - return -1; + reg->chain = strdup(chain); } - return 0; + return DATA_VERDICT; } -static int nft_data_reg_value_json_parse(union nft_data_reg *reg, json_t *data) +static int nft_data_reg_value_json_parse(union nft_data_reg *reg, json_t *data, + struct nft_parse_err *err) { int i; char node_name[6]; - if (nft_jansson_parse_val(data, "len", NFT_TYPE_U8, ®->len) < 0) - return -1; + if (nft_jansson_parse_val(data, "len", NFT_TYPE_U8, ®->len, err) < 0) + return DATA_NONE; for (i = 0; i < div_round_up(reg->len, sizeof(uint32_t)); i++) { sprintf(node_name, "data%d", i); if (nft_jansson_str2num(data, node_name, BASE_HEX, - ®->val[i], NFT_TYPE_U32) != 0) - return -1; + ®->val[i], NFT_TYPE_U32, err) != 0) + return DATA_NONE; } - return 0; + return DATA_VALUE; } #endif -int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data) +int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *type; - type = nft_jansson_parse_str(data, "type"); + type = nft_jansson_parse_str(data, "type", err); if (type == NULL) return -1; /* Select what type of parsing is needed */ - if (strcmp(type, "value") == 0) { - return nft_data_reg_value_json_parse(reg, data); - } else if (strcmp(type, "verdict") == 0) { - return nft_data_reg_verdict_json_parse(reg, data); - } else if (strcmp(type, "chain") == 0) { - return nft_data_reg_chain_json_parse(reg, data); - } + if (strcmp(type, "value") == 0) + return nft_data_reg_value_json_parse(reg, data, err); + else if (strcmp(type, "verdict") == 0) + return nft_data_reg_verdict_json_parse(reg, data, err); - return 0; + return DATA_NONE; #else errno = EOPNOTSUPP; return -1; @@ -102,44 +105,42 @@ int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data) #ifdef XML_PARSING static int nft_data_reg_verdict_xml_parse(union nft_data_reg *reg, - mxml_node_t *tree) + mxml_node_t *tree, + struct nft_parse_err *err) { int verdict; const char *verdict_str; + const char *chain; verdict_str = nft_mxml_str_parse(tree, "verdict", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (verdict_str == NULL) return DATA_NONE; - verdict = nft_str2verdict(verdict_str); - if (verdict < 0) + if (nft_str2verdict(verdict_str, &verdict) != 0) { + err->node_name = "verdict"; + err->error = NFT_PARSE_EBADTYPE; + errno = EINVAL; return DATA_NONE; + } reg->verdict = (uint32_t)verdict; - return DATA_VERDICT; -} - -static int nft_data_reg_chain_xml_parse(union nft_data_reg *reg, - mxml_node_t *tree) -{ - const char *chain; - chain = nft_mxml_str_parse(tree, "chain", MXML_DESCEND_FIRST, - NFT_XML_MAND); - if (chain == NULL) - return DATA_NONE; + NFT_XML_OPT, err); + if (chain != NULL) { + if (reg->chain) + xfree(reg->chain); - if (reg->chain) - xfree(reg->chain); + reg->chain = strdup(chain); + } - reg->chain = strdup(chain); - return DATA_CHAIN; + return DATA_VERDICT; } static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, - mxml_node_t *tree) + mxml_node_t *tree, + struct nft_parse_err *err) { int i; char node_name[6]; @@ -155,7 +156,7 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, */ if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, - ®->len, NFT_TYPE_U8, NFT_XML_MAND) != 0) + ®->len, NFT_TYPE_U8, NFT_XML_MAND, err) != 0) return DATA_NONE; /* Get and set <dataN> */ @@ -164,7 +165,7 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, if (nft_mxml_num_parse(tree, node_name, MXML_DESCEND_FIRST, BASE_HEX, ®->val[i], NFT_TYPE_U32, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return DATA_NONE; } @@ -172,7 +173,8 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, } #endif -int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree) +int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING const char *type; @@ -180,26 +182,25 @@ int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree) node = mxmlFindElement(tree, tree, "data_reg", "type", NULL, MXML_DESCEND_FIRST); - if (node == NULL) { - errno = EINVAL; - return DATA_NONE; - } + if (node == NULL) + goto err; type = mxmlElementGetAttr(node, "type"); - if (type == NULL) { - errno = EINVAL; - return DATA_NONE; - } + if (type == NULL) + goto err; if (strcmp(type, "value") == 0) - return nft_data_reg_value_xml_parse(reg, node); + return nft_data_reg_value_xml_parse(reg, node, err); else if (strcmp(type, "verdict") == 0) - return nft_data_reg_verdict_xml_parse(reg, node); - else if (strcmp(type, "chain") == 0) - return nft_data_reg_chain_xml_parse(reg, node); + return nft_data_reg_verdict_xml_parse(reg, node, err); return DATA_NONE; +err: + errno = EINVAL; + err->node_name = "data_reg"; + err->error = NFT_PARSE_EMISSINGNODE; + return DATA_NONE; #else errno = EOPNOTSUPP; return -1; @@ -293,6 +294,67 @@ nft_data_reg_value_snprintf_default(char *buf, size_t size, return offset; } +static int +nft_data_reg_verdict_snprintf_def(char *buf, size_t size, + union nft_data_reg *reg, uint32_t flags) +{ + int len = size, offset = 0, ret = 0; + + ret = snprintf(buf, size, "%s ", nft_verdict2str(reg->verdict)); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + if (reg->chain != NULL) { + ret = snprintf(buf+offset, size, "-> %s ", reg->chain); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + return offset; +} + +static int +nft_data_reg_verdict_snprintf_xml(char *buf, size_t size, + union nft_data_reg *reg, uint32_t flags) +{ + int len = size, offset = 0, ret = 0; + + ret = snprintf(buf, size, "<data_reg type=\"verdict\">" + "<verdict>%s</verdict>", nft_verdict2str(reg->verdict)); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + if (reg->chain != NULL) { + ret = snprintf(buf+offset, size, "<chain>%s</chain>", + reg->chain); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + ret = snprintf(buf+offset, size, "</data_reg>"); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + return offset; +} + +static int +nft_data_reg_verdict_snprintf_json(char *buf, size_t size, + union nft_data_reg *reg, uint32_t flags) +{ + int len = size, offset = 0, ret = 0; + + ret = snprintf(buf, size, "\"data_reg\":{\"type\":\"verdict\"," + "\"verdict\":\"%s\"", nft_verdict2str(reg->verdict)); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + if (reg->chain != NULL) { + ret = snprintf(buf+offset, size, ",\"chain\":\"%s\"", + reg->chain); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + ret = snprintf(buf+offset, size, "}"); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + return offset; +} + int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg, uint32_t output_format, uint32_t flags, int reg_type) { @@ -312,44 +374,24 @@ int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg, break; } case DATA_VERDICT: - switch(output_format) { - case NFT_OUTPUT_DEFAULT: - return snprintf(buf, size, "%d ", reg->verdict); - case NFT_OUTPUT_XML: - return snprintf(buf, size, - "<data_reg type=\"verdict\">" - "<verdict>%s</verdict>" - "</data_reg>", - nft_verdict2str(reg->verdict)); - case NFT_OUTPUT_JSON: - return snprintf(buf, size, - "\"data_reg\":{" - "\"type\":\"verdict\"," - "\"verdict\":\"%s\"" - "}", nft_verdict2str(reg->verdict)); - default: - break; - } case DATA_CHAIN: switch(output_format) { case NFT_OUTPUT_DEFAULT: - return snprintf(buf, size, "%s ", reg->chain); + return nft_data_reg_verdict_snprintf_def(buf, size, + reg, flags); case NFT_OUTPUT_XML: - return snprintf(buf, size, - "<data_reg type=\"chain\">" - "<chain>%s</chain>" - "</data_reg>", reg->chain); + return nft_data_reg_verdict_snprintf_xml(buf, size, + reg, flags); case NFT_OUTPUT_JSON: - return snprintf(buf, size, - "\"data_reg\":{\"type\":\"chain\"," - "\"chain\":\"%s\"" - "}", reg->chain); + return nft_data_reg_verdict_snprintf_json(buf, size, + reg, flags); default: break; } default: break; } + return -1; } diff --git a/src/expr/data_reg.h b/src/expr/data_reg.h index 8a6a235..5258051 100644 --- a/src/expr/data_reg.h +++ b/src/expr/data_reg.h @@ -29,8 +29,10 @@ union nft_data_reg { int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg, uint32_t output_format, uint32_t flags, int reg_type); -int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree); +int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree, + struct nft_parse_err *err); int nft_parse_data(union nft_data_reg *data, struct nlattr *attr, int *type); -int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data); +int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data, + struct nft_parse_err *err); #endif diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c index 6841ac1..66a6cf5 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c @@ -21,8 +21,8 @@ #include <linux/netfilter/nf_tables.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" @@ -32,9 +32,9 @@ struct nft_expr_exthdr { enum nft_registers dreg; + uint32_t offset; + uint32_t len; uint8_t type; - unsigned int offset; - unsigned int len; }; static int @@ -51,10 +51,10 @@ nft_rule_expr_exthdr_set(struct nft_rule_expr *e, uint16_t type, exthdr->type = *((uint8_t *)data); break; case NFT_EXPR_EXTHDR_OFFSET: - exthdr->offset = *((unsigned int *)data); + exthdr->offset = *((uint32_t *)data); break; case NFT_EXPR_EXTHDR_LEN: - exthdr->len = *((unsigned int *)data); + exthdr->len = *((uint32_t *)data); break; default: return -1; @@ -193,19 +193,20 @@ static inline int str2exthdr_type(const char *str) } static int -nft_rule_expr_exthdr_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_exthdr_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *exthdr_type; uint32_t uval32; int type; - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_EXTHDR_DREG, uval32); - exthdr_type = nft_jansson_parse_str(root, "exthdr_type"); + exthdr_type = nft_jansson_parse_str(root, "exthdr_type", err); if (exthdr_type == NULL) return -1; @@ -215,12 +216,12 @@ nft_rule_expr_exthdr_json_parse(struct nft_rule_expr *e, json_t *root) nft_rule_expr_set_u32(e, NFT_EXPR_EXTHDR_TYPE, type); - if (nft_jansson_parse_val(root, "offset", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "offset", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_EXTHDR_OFFSET, uval32); - if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_EXTHDR_LEN, uval32); @@ -233,23 +234,24 @@ nft_rule_expr_exthdr_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_exthdr *exthdr = nft_expr_data(e); const char *exthdr_type; - int32_t reg; int type; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; exthdr->dreg = reg; e->flags |= (1 << NFT_EXPR_EXTHDR_DREG); exthdr_type = nft_mxml_str_parse(tree, "exthdr_type", - MXML_DESCEND_FIRST, NFT_XML_MAND); + MXML_DESCEND_FIRST, NFT_XML_MAND, err); if (exthdr_type == NULL) return -1; @@ -263,14 +265,15 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) /* Get and set <offset> */ if (nft_mxml_num_parse(tree, "offset", MXML_DESCEND_FIRST, BASE_DEC, &exthdr->offset, NFT_TYPE_U32, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET); /* Get and set <len> */ if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, - &exthdr->len, NFT_TYPE_U32, NFT_XML_MAND) != 0) + &exthdr->len, NFT_TYPE_U32, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_EXTHDR_LEN); diff --git a/src/expr/immediate.c b/src/expr/immediate.c index a96d3de..b3c52b8 100644 --- a/src/expr/immediate.c +++ b/src/expr/immediate.c @@ -17,8 +17,8 @@ #include "internal.h" #include <libmnl/libmnl.h> #include <linux/netfilter/nf_tables.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" #include "data_reg.h" @@ -178,20 +178,21 @@ nft_rule_expr_immediate_parse(struct nft_rule_expr *e, struct nlattr *attr) } static int -nft_rule_expr_immediate_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_immediate_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING struct nft_expr_immediate *imm = nft_expr_data(e); int datareg_type; uint32_t reg; - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_IMM_DREG, reg); datareg_type = nft_jansson_data_reg_parse(root, "immediatedata", - &imm->data); + &imm->data, err); if (datareg_type < 0) return -1; @@ -217,22 +218,23 @@ nft_rule_expr_immediate_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_immediate *imm = nft_expr_data(e); int datareg_type; - int32_t reg; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; imm->dreg = reg; e->flags |= (1 << NFT_EXPR_IMM_DREG); datareg_type = nft_mxml_data_reg_parse(tree, "immediatedata", - &imm->data, NFT_XML_MAND); + &imm->data, NFT_XML_MAND, err); switch (datareg_type) { case DATA_VALUE: e->flags |= (1 << NFT_EXPR_IMM_DATA); diff --git a/src/expr/limit.c b/src/expr/limit.c index 4854a77..7d10340 100644 --- a/src/expr/limit.c +++ b/src/expr/limit.c @@ -19,8 +19,8 @@ #include "internal.h" #include <libmnl/libmnl.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" struct nft_expr_limit { @@ -118,17 +118,18 @@ nft_rule_expr_limit_parse(struct nft_rule_expr *e, struct nlattr *attr) return 0; } -static int nft_rule_expr_limit_json_parse(struct nft_rule_expr *e, json_t *root) +static int nft_rule_expr_limit_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING uint64_t uval64; - if (nft_jansson_parse_val(root, "rate", NFT_TYPE_U64, &uval64) < 0) + if (nft_jansson_parse_val(root, "rate", NFT_TYPE_U64, &uval64, err) < 0) return -1; nft_rule_expr_set_u64(e, NFT_EXPR_LIMIT_RATE, uval64); - if (nft_jansson_parse_val(root, "unit", NFT_TYPE_U64, &uval64) < 0) + if (nft_jansson_parse_val(root, "unit", NFT_TYPE_U64, &uval64, err) < 0) return -1; nft_rule_expr_set_u64(e, NFT_EXPR_LIMIT_UNIT, uval64); @@ -140,19 +141,23 @@ static int nft_rule_expr_limit_json_parse(struct nft_rule_expr *e, json_t *root) #endif } -static int nft_rule_expr_limit_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_limit_xml_parse(struct nft_rule_expr *e, + mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_limit *limit = nft_expr_data(e); if (nft_mxml_num_parse(tree, "rate", MXML_DESCEND_FIRST, BASE_DEC, - &limit->rate, NFT_TYPE_U64, NFT_XML_MAND) != 0) + &limit->rate, NFT_TYPE_U64, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_LIMIT_RATE); if (nft_mxml_num_parse(tree, "unit", MXML_DESCEND_FIRST, BASE_DEC, - &limit->unit, NFT_TYPE_U64, NFT_XML_MAND) != 0) + &limit->unit, NFT_TYPE_U64, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_LIMIT_UNIT); diff --git a/src/expr/log.c b/src/expr/log.c index 76657a9..5119c20 100644 --- a/src/expr/log.c +++ b/src/expr/log.c @@ -18,8 +18,8 @@ #include "internal.h" #include <libmnl/libmnl.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" struct nft_expr_log { @@ -160,31 +160,34 @@ nft_rule_expr_log_parse(struct nft_rule_expr *e, struct nlattr *attr) return 0; } -static int nft_rule_expr_log_json_parse(struct nft_rule_expr *e, json_t *root) +static int nft_rule_expr_log_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *prefix; uint32_t snaplen; uint16_t uval16; - prefix = nft_jansson_parse_str(root, "prefix"); + prefix = nft_jansson_parse_str(root, "prefix", err); if (prefix == NULL) return -1; nft_rule_expr_set_str(e, NFT_EXPR_LOG_PREFIX, prefix); - if (nft_jansson_parse_val(root, "group", NFT_TYPE_U16, &uval16) < 0) + if (nft_jansson_parse_val(root, "group", NFT_TYPE_U16, &uval16, + err) < 0) return -1; nft_rule_expr_set_u16(e, NFT_EXPR_LOG_GROUP, uval16); - if (nft_jansson_parse_val(root, "snaplen", NFT_TYPE_U32, &snaplen) < 0) + if (nft_jansson_parse_val(root, "snaplen", NFT_TYPE_U32, &snaplen, + err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_LOG_SNAPLEN, snaplen); if (nft_jansson_parse_val(root, "qthreshold", NFT_TYPE_U16, - &uval16) < 0) + &uval16, err) < 0) return -1; nft_rule_expr_set_u16(e, NFT_EXPR_LOG_QTHRESHOLD, uval16); @@ -196,14 +199,16 @@ static int nft_rule_expr_log_json_parse(struct nft_rule_expr *e, json_t *root) #endif } -static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e, + mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_log *log = nft_expr_data(e); const char *prefix; prefix = nft_mxml_str_parse(tree, "prefix", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (prefix == NULL) return -1; @@ -211,20 +216,22 @@ static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre e->flags |= (1 << NFT_EXPR_LOG_PREFIX); if (nft_mxml_num_parse(tree, "group", MXML_DESCEND_FIRST, BASE_DEC, - &log->group, NFT_TYPE_U16, NFT_XML_MAND) != 0) + &log->group, NFT_TYPE_U16, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_LOG_GROUP); if (nft_mxml_num_parse(tree, "snaplen", MXML_DESCEND_FIRST, BASE_DEC, - &log->snaplen, NFT_TYPE_U32, NFT_XML_MAND) != 0) + &log->snaplen, NFT_TYPE_U32, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_LOG_SNAPLEN); if (nft_mxml_num_parse(tree, "qthreshold", MXML_DESCEND_FIRST, BASE_DEC, &log->qthreshold, - NFT_TYPE_U16, NFT_XML_MAND) != 0) + NFT_TYPE_U16, NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_LOG_QTHRESHOLD); diff --git a/src/expr/lookup.c b/src/expr/lookup.c index 4e91cfb..5e0bf75 100644 --- a/src/expr/lookup.c +++ b/src/expr/lookup.c @@ -18,8 +18,8 @@ #include <errno.h> #include <libmnl/libmnl.h> #include <linux/netfilter/nf_tables.h> -#include <libnftables/rule.h> -#include <libnftables/expr.h> +#include <libnftnl/rule.h> +#include <libnftnl/expr.h> #include "data_reg.h" #include "expr_ops.h" @@ -143,24 +143,25 @@ nft_rule_expr_lookup_parse(struct nft_rule_expr *e, struct nlattr *attr) } static int -nft_rule_expr_lookup_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_lookup_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *set_name; int32_t reg; - set_name = nft_jansson_parse_str(root, "set"); + set_name = nft_jansson_parse_str(root, "set", err); if (set_name == NULL) return -1; nft_rule_expr_set_str(e, NFT_EXPR_LOOKUP_SET, set_name); - if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_LOOKUP_SREG, reg); - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_LOOKUP_DREG, reg); @@ -173,15 +174,16 @@ nft_rule_expr_lookup_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_lookup *lookup = nft_expr_data(e); const char *set_name; - int32_t reg; + uint32_t reg; set_name = nft_mxml_str_parse(tree, "set", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (set_name == NULL) return -1; @@ -189,19 +191,18 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) lookup->set_name[IFNAMSIZ-1] = '\0'; e->flags |= (1 << NFT_EXPR_LOOKUP_SET); - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND, + NFT_XML_MAND, err) != 0) return -1; lookup->sreg = reg; e->flags |= (1 << NFT_EXPR_LOOKUP_SREG); - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND); - if (reg < 0) - return -1; - - lookup->dreg = reg; - e->flags |= (1 << NFT_EXPR_LOOKUP_DREG); + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND, + NFT_XML_OPT, err) == 0) { + lookup->dreg = reg; + e->flags |= (1 << NFT_EXPR_LOOKUP_DREG); + } return 0; #else @@ -212,41 +213,59 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) static int nft_rule_expr_lookup_snprintf_json(char *buf, size_t size, - struct nft_expr_lookup *l) + struct nft_rule_expr *e) { int len = size, offset = 0, ret; + struct nft_expr_lookup *l = nft_expr_data(e); - ret = snprintf(buf, len, "\"set\":\"%s\",\"sreg\":%u,\"dreg\":%u", - l->set_name, l->sreg, l->dreg); + ret = snprintf(buf, len, "\"set\":\"%s\",\"sreg\":%u", + l->set_name, l->sreg); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + if (e->flags & (1 << NFT_EXPR_LOOKUP_DREG)) { + ret = snprintf(buf+offset, len, ",\"dreg\":%u", l->dreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + return offset; } static int nft_rule_expr_lookup_snprintf_xml(char *buf, size_t size, - struct nft_expr_lookup *l) + struct nft_rule_expr *e) { int len = size, offset = 0, ret; + struct nft_expr_lookup *l = nft_expr_data(e); - ret = snprintf(buf, len, "<set>%s</set><sreg>%u</sreg><dreg>%u</dreg>", - l->set_name, l->sreg, l->dreg); + ret = snprintf(buf, len, "<set>%s</set><sreg>%u</sreg>", + l->set_name, l->sreg); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + if (e->flags & (1 << NFT_EXPR_LOOKUP_DREG)) { + ret = snprintf(buf+offset, len, "<dreg>%u</dreg>", l->dreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + return offset; } static int nft_rule_expr_lookup_snprintf_default(char *buf, size_t size, - struct nft_expr_lookup *l) + struct nft_rule_expr *e) { int len = size, offset = 0, ret; + struct nft_expr_lookup *l = nft_expr_data(e); - ret = snprintf(buf, len, "reg %u set %s dreg %u ", - l->sreg, l->set_name, l->dreg); + ret = snprintf(buf, len, "reg %u set %s ", l->sreg, l->set_name); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + if (e->flags & (1 << NFT_EXPR_LOOKUP_DREG)) { + ret = snprintf(buf+offset, len, "dreg %u ", l->dreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + return offset; } @@ -254,15 +273,14 @@ static int nft_rule_expr_lookup_snprintf(char *buf, size_t size, uint32_t type, uint32_t flags, struct nft_rule_expr *e) { - struct nft_expr_lookup *lookup = nft_expr_data(e); switch(type) { case NFT_OUTPUT_DEFAULT: - return nft_rule_expr_lookup_snprintf_default(buf, size, lookup); + return nft_rule_expr_lookup_snprintf_default(buf, size, e); case NFT_OUTPUT_XML: - return nft_rule_expr_lookup_snprintf_xml(buf, size, lookup); + return nft_rule_expr_lookup_snprintf_xml(buf, size, e); case NFT_OUTPUT_JSON: - return nft_rule_expr_lookup_snprintf_json(buf, size, lookup); + return nft_rule_expr_lookup_snprintf_json(buf, size, e); default: break; } diff --git a/src/expr/match.c b/src/expr/match.c index c7863b8..9f2fa03 100644 --- a/src/expr/match.c +++ b/src/expr/match.c @@ -22,8 +22,8 @@ #include <linux/netfilter/nf_tables_compat.h> #include <linux/netfilter/x_tables.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" @@ -170,12 +170,13 @@ static int nft_rule_expr_match_parse(struct nft_rule_expr *e, struct nlattr *att return 0; } -static int nft_rule_expr_match_json_parse(struct nft_rule_expr *e, json_t *root) +static int nft_rule_expr_match_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *name; - name = nft_jansson_parse_str(root, "name"); + name = nft_jansson_parse_str(root, "name", err); if (name == NULL) return -1; @@ -189,14 +190,15 @@ static int nft_rule_expr_match_json_parse(struct nft_rule_expr *e, json_t *root) } -static int nft_rule_expr_match_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_match_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_match *mt = nft_expr_data(e); const char *name; name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (name == NULL) return -1; diff --git a/src/expr/meta.c b/src/expr/meta.c index f96b081..bee2f4c 100644 --- a/src/expr/meta.c +++ b/src/expr/meta.c @@ -18,8 +18,8 @@ #include "internal.h" #include <libmnl/libmnl.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" #ifndef NFT_META_MAX @@ -27,9 +27,9 @@ #endif struct nft_expr_meta { - uint32_t key; /* enum nft_meta_keys */ - uint32_t dreg; /* enum nft_registers */ - uint32_t sreg; /* enum nft_registers */ + enum nft_meta_keys key; + enum nft_registers dreg; + enum nft_registers sreg; }; static int @@ -135,7 +135,7 @@ nft_rule_expr_meta_parse(struct nft_rule_expr *e, struct nlattr *attr) return 0; } -const char *meta_key2str_array[NFT_META_MAX] = { +static const char *meta_key2str_array[NFT_META_MAX] = { [NFT_META_LEN] = "len", [NFT_META_PROTOCOL] = "protocol", [NFT_META_NFPROTO] = "nfproto", @@ -176,14 +176,15 @@ static inline int str2meta_key(const char *str) return -1; } -static int nft_rule_expr_meta_json_parse(struct nft_rule_expr *e, json_t *root) +static int nft_rule_expr_meta_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *key_str; - uint32_t reg, sreg; + uint32_t reg; int key; - key_str = nft_jansson_parse_str(root, "key"); + key_str = nft_jansson_parse_str(root, "key", err); if (key_str == NULL) return -1; @@ -194,18 +195,19 @@ static int nft_rule_expr_meta_json_parse(struct nft_rule_expr *e, json_t *root) nft_rule_expr_set_u32(e, NFT_EXPR_META_KEY, key); if (nft_jansson_node_exist(root, "dreg")) { - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, + err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_META_DREG, reg); } if (nft_jansson_node_exist(root, "sreg")) { - if (nft_jansson_parse_reg(root, "sreg", - NFT_TYPE_U32, &sreg) < 0) + if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, ®, + err) < 0) return -1; - nft_rule_expr_set_u32(e, NFT_EXPR_META_SREG, sreg); + nft_rule_expr_set_u32(e, NFT_EXPR_META_SREG, reg); } return 0; @@ -216,16 +218,17 @@ static int nft_rule_expr_meta_json_parse(struct nft_rule_expr *e, json_t *root) } -static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_meta *meta = nft_expr_data(e); const char *key_str; - int32_t reg; int key; + uint32_t reg; key_str = nft_mxml_str_parse(tree, "key", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (key_str == NULL) return -1; @@ -236,14 +239,14 @@ static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, mxml_node_t *tr meta->key = key; e->flags |= (1 << NFT_EXPR_META_KEY); - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST); - if (reg >= 0) { + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST, + NFT_XML_OPT, err) >= 0) { meta->dreg = reg; e->flags |= (1 << NFT_EXPR_META_DREG); } - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST); - if (reg >= 0) { + if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND_FIRST, + NFT_XML_OPT, err) >= 0) { meta->sreg = reg; e->flags |= (1 << NFT_EXPR_META_SREG); } @@ -261,12 +264,15 @@ nft_rule_expr_meta_snprintf_default(char *buf, size_t len, { struct nft_expr_meta *meta = nft_expr_data(e); - if (e->flags & (1 << NFT_EXPR_META_SREG)) + if (e->flags & (1 << NFT_EXPR_META_SREG)) { return snprintf(buf, len, "set %s with reg %u ", meta_key2str(meta->key), meta->sreg); - - return snprintf(buf, len, "load %s => reg %u ", - meta_key2str(meta->key), meta->dreg); + } + if (e->flags & (1 << NFT_EXPR_META_DREG)) { + return snprintf(buf, len, "load %s => reg %u ", + meta_key2str(meta->key), meta->dreg); + } + return 0; } static int @@ -276,6 +282,12 @@ nft_rule_expr_meta_snprintf_xml(char *buf, size_t size, int ret, len = size, offset = 0; struct nft_expr_meta *meta = nft_expr_data(e); + if (e->flags & (1 << NFT_EXPR_META_DREG)) { + ret = snprintf(buf+offset, len, "<dreg>%u</dreg>", + meta->dreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (e->flags & (1 << NFT_EXPR_META_KEY)) { ret = snprintf(buf+offset, len, "<key>%s</key>", meta_key2str(meta->key)); @@ -288,12 +300,6 @@ nft_rule_expr_meta_snprintf_xml(char *buf, size_t size, SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } - if (e->flags & (1 << NFT_EXPR_META_DREG)) { - ret = snprintf(buf+offset, len, "<dreg>%u</dreg>", - meta->dreg); - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); - } - return offset; } @@ -304,6 +310,12 @@ nft_rule_expr_meta_snprintf_json(char *buf, size_t size, int ret, len = size, offset = 0; struct nft_expr_meta *meta = nft_expr_data(e); + if (e->flags & (1 << NFT_EXPR_META_DREG)) { + ret = snprintf(buf+offset, len, "\"dreg\":%u,", + meta->dreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (e->flags & (1 << NFT_EXPR_META_KEY)) { ret = snprintf(buf+offset, len, "\"key\":\"%s\",", meta_key2str(meta->key)); @@ -311,17 +323,11 @@ nft_rule_expr_meta_snprintf_json(char *buf, size_t size, } if (e->flags & (1 << NFT_EXPR_META_SREG)) { - ret = snprintf(buf+offset, len, "\"sreg\":%u\",", + ret = snprintf(buf+offset, len, "\"sreg\":%u,", meta->sreg); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } - if (e->flags & (1 << NFT_EXPR_META_DREG)) { - ret = snprintf(buf+offset, len, "\"dreg\":%u\",", - meta->dreg); - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); - } - /* Remove the last separator characther */ buf[offset-1] = '\0'; diff --git a/src/expr/nat.c b/src/expr/nat.c index 30b02ec..42f2b49 100644 --- a/src/expr/nat.c +++ b/src/expr/nat.c @@ -20,8 +20,8 @@ #include <arpa/inet.h> #include <libmnl/libmnl.h> #include <linux/netfilter/nf_tables.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" struct nft_expr_nat { @@ -196,14 +196,15 @@ static inline int nft_str2nat(const char *nat) } } -static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root) +static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *nat_type, *family_str; uint32_t reg; int val32; - nat_type = nft_jansson_parse_str(root, "nat_type"); + nat_type = nft_jansson_parse_str(root, "nat_type", err); if (nat_type == NULL) return -1; @@ -213,7 +214,7 @@ static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root) nft_rule_expr_set_u32(e, NFT_EXPR_NAT_TYPE, val32); - family_str = nft_jansson_parse_str(root, "family"); + family_str = nft_jansson_parse_str(root, "family", err); if (family_str == NULL) return -1; @@ -224,25 +225,25 @@ static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root) nft_rule_expr_set_u32(e, NFT_EXPR_NAT_FAMILY, val32); if (nft_jansson_parse_reg(root, "sreg_addr_min", NFT_TYPE_U32, - ®) < 0) + ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_ADDR_MIN, reg); if (nft_jansson_parse_reg(root, "sreg_addr_max", NFT_TYPE_U32, - ®) < 0) + ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_ADDR_MAX, reg); if (nft_jansson_parse_reg(root, "sreg_proto_min", NFT_TYPE_U32, - ®) < 0) + ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_PROTO_MIN, reg); if (nft_jansson_parse_reg(root, "sreg_proto_max", NFT_TYPE_U32, - ®) < 0) + ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_PROTO_MAX, reg); @@ -254,16 +255,17 @@ static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root) #endif } -static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_nat *nat = nft_expr_data(e); const char *nat_type; - int32_t reg; int family, nat_type_value; + uint32_t reg; nat_type = nft_mxml_str_parse(tree, "type", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (nat_type == NULL) return -1; @@ -275,7 +277,7 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre e->flags |= (1 << NFT_EXPR_NAT_TYPE); family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (family < 0) { mxmlDelete(tree); return -1; @@ -284,29 +286,29 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre nat->family = family; e->flags |= (1 << NFT_EXPR_NAT_FAMILY); - reg = nft_mxml_reg_parse(tree, "sreg_addr_min", MXML_DESCEND); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg_addr_min", ®, + MXML_DESCEND, NFT_XML_MAND, err) != 0) return -1; nat->sreg_addr_min = reg; e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MIN); - reg = nft_mxml_reg_parse(tree, "sreg_addr_max", MXML_DESCEND); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg_addr_max", ®, + MXML_DESCEND, NFT_XML_MAND, err) != 0) return -1; nat->sreg_addr_max = reg; e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MAX); - reg = nft_mxml_reg_parse(tree, "sreg_proto_min", MXML_DESCEND); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg_proto_min", ®, + MXML_DESCEND, NFT_XML_MAND, err) != 0) return -1; nat->sreg_proto_min = reg; e->flags |= (1 << NFT_EXPR_NAT_REG_PROTO_MIN); - reg = nft_mxml_reg_parse(tree, "sreg_proto_max", MXML_DESCEND); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg_proto_max", ®, + MXML_DESCEND, NFT_XML_MAND, err) != 0) return -1; nat->sreg_proto_max = reg; diff --git a/src/expr/payload.c b/src/expr/payload.c index fc32ff2..ad82015 100644 --- a/src/expr/payload.c +++ b/src/expr/payload.c @@ -21,16 +21,16 @@ #include <linux/netfilter/nf_tables.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" struct nft_expr_payload { enum nft_registers dreg; enum nft_payload_bases base; - unsigned int offset; - unsigned int len; + uint32_t offset; + uint32_t len; }; static int @@ -194,19 +194,20 @@ static inline int nft_str2base(const char *base) } static int -nft_rule_expr_payload_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_payload_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *base_str; uint32_t reg, uval32; int base; - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_DREG, reg); - base_str = nft_jansson_parse_str(root, "base"); + base_str = nft_jansson_parse_str(root, "base", err); if (base_str == NULL) return -1; @@ -216,12 +217,13 @@ nft_rule_expr_payload_json_parse(struct nft_rule_expr *e, json_t *root) nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_BASE, base); - if (nft_jansson_parse_val(root, "offset", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "offset", NFT_TYPE_U32, &uval32, + err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_OFFSET, uval32); - if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_LEN, uval32); @@ -234,22 +236,24 @@ nft_rule_expr_payload_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_payload *payload = nft_expr_data(e); const char *base_str; - int32_t reg, base; + int32_t base; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; payload->dreg = reg; e->flags |= (1 << NFT_EXPR_PAYLOAD_DREG); base_str = nft_mxml_str_parse(tree, "base", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (base_str == NULL) return -1; @@ -262,13 +266,14 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) if (nft_mxml_num_parse(tree, "offset", MXML_DESCEND_FIRST, BASE_DEC, &payload->offset, NFT_TYPE_U8, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_PAYLOAD_OFFSET); if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, - &payload->len, NFT_TYPE_U8, NFT_XML_MAND) != 0) + &payload->len, NFT_TYPE_U8, + NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_PAYLOAD_LEN); diff --git a/src/expr/queue.c b/src/expr/queue.c index 4c1c8a7..c3d0e19 100644 --- a/src/expr/queue.c +++ b/src/expr/queue.c @@ -17,8 +17,8 @@ #include "internal.h" #include <libmnl/libmnl.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" struct nft_expr_queue { diff --git a/src/expr/reject.c b/src/expr/reject.c index 848f004..62346e9 100644 --- a/src/expr/reject.c +++ b/src/expr/reject.c @@ -18,8 +18,8 @@ #include "internal.h" #include <libmnl/libmnl.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" struct nft_expr_reject { @@ -122,18 +122,19 @@ nft_rule_expr_reject_parse(struct nft_rule_expr *e, struct nlattr *attr) } static int -nft_rule_expr_reject_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_reject_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING uint32_t type; uint16_t code; - if (nft_jansson_parse_val(root, "type", NFT_TYPE_U32, &type) < 0) + if (nft_jansson_parse_val(root, "type", NFT_TYPE_U32, &type, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_REJECT_TYPE, type); - if (nft_jansson_parse_val(root, "code", NFT_TYPE_U8, &code) < 0) + if (nft_jansson_parse_val(root, "code", NFT_TYPE_U8, &code, err) < 0) return -1; nft_rule_expr_set_u8(e, NFT_EXPR_REJECT_CODE, code); @@ -146,19 +147,22 @@ nft_rule_expr_reject_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_reject_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_reject_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_reject *reject = nft_expr_data(e); if (nft_mxml_num_parse(tree, "type", MXML_DESCEND_FIRST, BASE_DEC, - &reject->type, NFT_TYPE_U32, NFT_XML_MAND) != 0) + &reject->type, NFT_TYPE_U32, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_REJECT_TYPE); if (nft_mxml_num_parse(tree, "code", MXML_DESCEND_FIRST, BASE_DEC, - &reject->icmp_code, NFT_TYPE_U8, NFT_XML_MAND) != 0) + &reject->icmp_code, NFT_TYPE_U8, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_REJECT_CODE); diff --git a/src/expr/target.c b/src/expr/target.c index 23dff3a..36e37de 100644 --- a/src/expr/target.c +++ b/src/expr/target.c @@ -22,8 +22,8 @@ #include <linux/netfilter/nf_tables_compat.h> #include <linux/netfilter/x_tables.h> -#include <libnftables/expr.h> -#include <libnftables/rule.h> +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> #include "expr_ops.h" @@ -171,12 +171,13 @@ static int nft_rule_expr_target_parse(struct nft_rule_expr *e, struct nlattr *at } static int -nft_rule_expr_target_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_target_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *name; - name = nft_jansson_parse_str(root, "name"); + name = nft_jansson_parse_str(root, "name", err); if (name == NULL) return -1; @@ -190,14 +191,15 @@ nft_rule_expr_target_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_target_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_target_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_target *tg = nft_expr_data(e); const char *name; name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (name == NULL) return -1; |