diff options
| author | Alvaro Neira Ayuso <alvaroneay@gmail.com> | 2015-02-09 21:09:53 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-02-10 12:23:42 +0100 |
| commit | 15ad64734a544a9af033e54d232f112971072c15 (patch) | |
| tree | 151c7529eec0b969287db0492e5abb65aae8e013 /src/table.c | |
| parent | 8875d20e4d9aaa3feee27a164ad2d8b033749a2f (diff) | |
src: add command tag in JSON/XML export support
Currently, we can't do incremental updates via JSON/XML.
This patch enriches the existing output to indicate the kind of
update that you want to perform.
So, if we have a ruleset like:
table ip filter {
chain input {
type filter hook input priority 0;
}
}
The new output looks like:
{"nftables":[{"add":[{"table":{"name":"filter",...}}]}]}
^^^^^
Where we explicitly indicate that we want to add a table.
We support all the actions that we can do with nft, they are:
- Add, delete and flush tables and chains.
- Add, delete, replace and insert rules.
- Add and delete sets.
- Add and delete set elements.
- Flush ruleset.
You only need to add the command tag:
{"nftables":[{"delete":[{...}, {...},...}]}]}
^^^^^^^^
The possible command tags that you can use are "add", "delete", "insert",
"replace" and "flush".
- Flush table or chain, eg.:
{"nftables":[{"flush":[{"table":{"name":...}}]}]}
- Delete table, chain, set or rule:
{"nftables":[{"delete":[{"chain":{"name":...}]}]}
- Replace a rule (you have to specify the handle):
{"nftables":[{"replace":[{"rule":{...}}]}]}
- Insert a rule:
{"nftables":[{"insert":[{"rule":{...}}]}]}
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/table.c')
| -rw-r--r-- | src/table.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/src/table.c b/src/table.c index e947394..ab0a8ea 100644 --- a/src/table.c +++ b/src/table.c @@ -419,12 +419,12 @@ static int nft_table_snprintf_default(char *buf, size_t size, struct nft_table * t->table_flags, t->use); } -int nft_table_snprintf(char *buf, size_t size, struct nft_table *t, - uint32_t type, uint32_t flags) +static int nft_table_cmd_snprintf(char *buf, size_t size, struct nft_table *t, + uint32_t cmd, uint32_t type, uint32_t flags) { int ret, len = size, offset = 0; - ret = nft_event_header_snprintf(buf+offset, len, type, flags); + ret = nft_cmd_header_snprintf(buf + offset, len, cmd, type, flags); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); switch (type) { @@ -440,15 +440,23 @@ int nft_table_snprintf(char *buf, size_t size, struct nft_table *t, } SNPRINTF_BUFFER_SIZE(ret, size, len, offset); - ret = nft_event_footer_snprintf(buf+offset, len, type, flags); + ret = nft_cmd_footer_snprintf(buf + offset, len, cmd, type, flags); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); return offset; } + +int nft_table_snprintf(char *buf, size_t size, struct nft_table *t, + uint32_t type, uint32_t flags) +{ + return nft_table_cmd_snprintf(buf, size, t, nft_flag2cmd(flags), type, + flags); +} EXPORT_SYMBOL(nft_table_snprintf); static inline int nft_table_do_snprintf(char *buf, size_t size, void *t, - uint32_t type, uint32_t flags) + uint32_t cmd, uint32_t type, + uint32_t flags) { return nft_table_snprintf(buf, size, t, type, flags); } @@ -456,7 +464,8 @@ static inline int nft_table_do_snprintf(char *buf, size_t size, void *t, int nft_table_fprintf(FILE *fp, struct nft_table *t, uint32_t type, uint32_t flags) { - return nft_fprintf(fp, t, type, flags, nft_table_do_snprintf); + return nft_fprintf(fp, t, NFT_CMD_UNSPEC, type, flags, + nft_table_do_snprintf); } EXPORT_SYMBOL(nft_table_fprintf); |