diff options
64 files changed, 379 insertions, 166 deletions
diff --git a/src/chain.c b/src/chain.c index 0dd3461..3ad52fd 100644 --- a/src/chain.c +++ b/src/chain.c @@ -587,8 +587,7 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml) #ifdef XML_PARSING mxml_node_t *tree = NULL; mxml_node_t *node = NULL; - char *endptr = NULL; - uint64_t utmp; + const char *name; const char *hooknum_str; int family, hooknum; @@ -599,54 +598,43 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml) if (tree == NULL) return -1; - /* Get and set <chain name="xxx" ... >*/ - if (mxmlElementGetAttr(tree, "name") == NULL) { + if (strcmp(tree->value.opaque, "chain") != 0) { mxmlDelete(tree); return -1; } - strncpy(c->name, mxmlElementGetAttr(tree, "name"), - NFT_CHAIN_MAXNAMELEN); - c->flags |= (1 << NFT_CHAIN_ATTR_NAME); - /* Get and set <chain handle="x" ... >*/ - if (mxmlElementGetAttr(tree, "handle") == NULL) { + name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST); + if (name == NULL) { mxmlDelete(tree); return -1; } - utmp = strtoull(mxmlElementGetAttr(tree, "handle"), &endptr, 10); - if (utmp == UINT64_MAX || utmp < 0 || *endptr) { + strncpy(c->name, name, NFT_CHAIN_MAXNAMELEN); + xfree(name); + c->flags |= (1 << NFT_CHAIN_ATTR_NAME); + + if (nft_mxml_num_parse(tree, "handle", MXML_DESCEND_FIRST, BASE_DEC, + &c->handle, NFT_TYPE_U64) != 0) { mxmlDelete(tree); return -1; } - c->handle = utmp; c->flags |= (1 << NFT_CHAIN_ATTR_HANDLE); - /* Get and set <chain bytes="x" ... >*/ - if (mxmlElementGetAttr(tree, "bytes") == NULL) { + if (nft_mxml_num_parse(tree, "bytes", MXML_DESCEND_FIRST, BASE_DEC, + &c->bytes, NFT_TYPE_U64) != 0) { mxmlDelete(tree); return -1; } - utmp = strtoull(mxmlElementGetAttr(tree, "bytes"), &endptr, 10); - if (utmp == UINT64_MAX || utmp < 0 || *endptr) { - mxmlDelete(tree); - return -1; - } - c->bytes = utmp; + c->flags |= (1 << NFT_CHAIN_ATTR_BYTES); - /* Get and set <chain packets="x" ... > */ - if (mxmlElementGetAttr(tree, "packets") == NULL) { + if (nft_mxml_num_parse(tree, "packets", MXML_DESCEND_FIRST, BASE_DEC, + &c->packets, NFT_TYPE_U64) != 0) { mxmlDelete(tree); return -1; } - utmp = strtoull(mxmlElementGetAttr(tree, "packets"), &endptr, 10); - if (utmp == UINT64_MAX || utmp < 0 || *endptr) { - mxmlDelete(tree); - return -1; - } - c->packets = utmp; + c->flags |= (1 << NFT_CHAIN_ATTR_PACKETS); /* Get and set <type> */ @@ -724,13 +712,7 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml) c->flags |= (1 << NFT_CHAIN_ATTR_POLICY); /* Get and set <family> */ - node = mxmlFindElement(tree, tree, "family", NULL, NULL, MXML_DESCEND); - if (node == NULL) { - mxmlDelete(tree); - return -1; - } - - family = nft_str2family(node->child->value.opaque); + family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST); if (family < 0) { mxmlDelete(tree); return -1; @@ -810,11 +792,11 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c) { int ret, len = size, offset = 0; - ret = snprintf(buf, size, - "<chain name=\"%s\" handle=\"%"PRIu64"\"" - " bytes=\"%"PRIu64"\" packets=\"%"PRIu64"\">" - "<type>%s</type><table>%s</table><prio>%d</prio>" - "<use>%d</use><hooknum>%s</hooknum>", + ret = snprintf(buf, size, "<chain><name>%s</name>" + "<handle>%"PRIu64"</handle><bytes>%"PRIu64"</bytes>" + "<packets>%"PRIu64"</packets><type>%s</type>" + "<table>%s</table><prio>%d</prio><use>%d</use>" + "<hooknum>%s</hooknum>", c->name, c->handle, c->bytes, c->packets, c->type, c->table, c->prio, c->use, hooknum2str_array[c->hooknum]); diff --git a/src/expr/nat.c b/src/expr/nat.c index 7446258..4b7ec27 100644 --- a/src/expr/nat.c +++ b/src/expr/nat.c @@ -188,7 +188,7 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre { #ifdef XML_PARSING struct nft_expr_nat *nat = nft_expr_data(e); - const char *nat_type, *family_str; + const char *nat_type; int32_t reg; int family; @@ -205,13 +205,11 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre e->flags |= (1 << NFT_EXPR_NAT_TYPE); - family_str = nft_mxml_str_parse(tree, "family", MXML_DESCEND_FIRST); - if (family_str == NULL) - return -1; - - family = nft_str2family(family_str); - if (family < 0) + family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST); + if (family < 0) { + mxmlDelete(tree); return -1; + } nat->family = family; e->flags |= (1 << NFT_EXPR_NAT_FAMILY); diff --git a/src/internal.h b/src/internal.h index 8d11acf..1ebdb1a 100644 --- a/src/internal.h +++ b/src/internal.h @@ -36,6 +36,7 @@ union nft_data_reg; int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, union nft_data_reg *data_reg); int nft_mxml_num_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags, int base, void *number, enum nft_type type); const char *nft_mxml_str_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags); +int nft_mxml_family_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags); struct nft_set_elem *nft_mxml_set_elem_parse(mxml_node_t *node); #endif @@ -166,6 +166,25 @@ const char *nft_mxml_str_parse(mxml_node_t *tree, const char *node_name, return strdup(node->child->value.opaque); } +int nft_mxml_family_parse(mxml_node_t *tree, const char *node_name, + uint32_t mxml_flags) +{ + const char *family_str; + int family; + + family_str = nft_mxml_str_parse(tree, node_name, mxml_flags); + if (family_str == NULL) + return -1; + + family = nft_str2family(family_str); + xfree(family_str); + + if (family < 0) + errno = EAFNOSUPPORT; + + return family; +} + struct nft_set_elem *nft_mxml_set_elem_parse(mxml_node_t *node) { mxml_node_t *save; @@ -477,8 +477,8 @@ static int nft_rule_xml_parse(struct nft_rule *r, char *xml) mxml_node_t *node = NULL; mxml_node_t *save = NULL; struct nft_rule_expr *e; - char *endptr = NULL; - uint64_t tmp; + const char *table; + const char *chain; int family; /* Load the tree */ @@ -486,13 +486,12 @@ static int nft_rule_xml_parse(struct nft_rule *r, char *xml) if (tree == NULL) return -1; - /* get and set <rule ... family=X ... > */ - if (mxmlElementGetAttr(tree, "family") == NULL) { + if (strcmp(tree->value.opaque, "rule") != 0) { mxmlDelete(tree); return -1; } - family = nft_str2family(mxmlElementGetAttr(tree, "family")); + family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST); if (family < 0) { mxmlDelete(tree); return -1; @@ -501,8 +500,8 @@ static int nft_rule_xml_parse(struct nft_rule *r, char *xml) r->family = family; r->flags |= (1 << NFT_RULE_ATTR_FAMILY); - /* get and set <rule ... table=X ...> */ - if (mxmlElementGetAttr(tree, "table") == NULL) { + table = nft_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST); + if (table == NULL) { mxmlDelete(tree); return -1; } @@ -510,11 +509,11 @@ static int nft_rule_xml_parse(struct nft_rule *r, char *xml) if (r->table) xfree(r->table); - r->table = strdup(mxmlElementGetAttr(tree, "table")); + r->table = (char *)table; r->flags |= (1 << NFT_RULE_ATTR_TABLE); - /* get and set <rule ... chain=X ...> */ - if (mxmlElementGetAttr(tree, "chain") == NULL) { + chain = nft_mxml_str_parse(tree, "chain", MXML_DESCEND_FIRST); + if (chain == NULL) { mxmlDelete(tree); return -1; } @@ -522,21 +521,15 @@ static int nft_rule_xml_parse(struct nft_rule *r, char *xml) if (r->chain) xfree(r->chain); - r->chain = strdup(mxmlElementGetAttr(tree, "chain")); + r->chain = (char *)chain; r->flags |= (1 << NFT_RULE_ATTR_CHAIN); - /* get and set <rule ... handle=X ...> */ - if (mxmlElementGetAttr(tree, "handle") == NULL) { - mxmlDelete(tree); - return -1; - } - tmp = strtoull(mxmlElementGetAttr(tree, "handle"), &endptr, 10); - if (tmp == UINT64_MAX || tmp < 0 || *endptr) { + if (nft_mxml_num_parse(tree, "handle", MXML_DESCEND_FIRST, BASE_DEC, + &r->handle, NFT_TYPE_U64) != 0) { mxmlDelete(tree); return -1; } - r->handle = tmp; r->flags |= (1 << NFT_RULE_ATTR_HANDLE); /* get and set <rule_flags> */ @@ -551,28 +544,26 @@ static int nft_rule_xml_parse(struct nft_rule *r, char *xml) /* <compat_proto> is optional */ node = mxmlFindElement(tree, tree, "compat_proto", NULL, NULL, MXML_DESCEND); - if (node != NULL) { - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT32_MAX || tmp < 0 || *endptr) { + if (node != NULL && node->child != NULL) { + if (nft_strtoi(node->child->value.opaque, BASE_DEC, + &r->compat.proto, NFT_TYPE_U32) != 0) { mxmlDelete(tree); return -1; } - r->compat.proto = tmp; r->flags |= (1 << NFT_RULE_ATTR_COMPAT_PROTO); } /* <compat_flags> is optional */ node = mxmlFindElement(tree, tree, "compat_flags", NULL, NULL, MXML_DESCEND); - if (node != NULL) { - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT32_MAX || tmp < 0 || *endptr) { + if (node != NULL && node->child != NULL) { + if (nft_strtoi(node->child->value.opaque, BASE_DEC, + &r->compat.flags, NFT_TYPE_U32) != 0) { mxmlDelete(tree); return -1; } - r->compat.flags = tmp; r->flags |= (1 << NFT_RULE_ATTR_COMPAT_FLAGS); } @@ -676,11 +667,11 @@ static int nft_rule_snprintf_xml(char *buf, size_t size, struct nft_rule *r, int ret, len = size, offset = 0; struct nft_rule_expr *expr; - ret = snprintf(buf, size, - "<rule family=\"%s\" table=\"%s\" " - "chain=\"%s\" handle=\"%llu\">", - nft_family2str(r->family), r->table, r->chain, - (unsigned long long)r->handle); + ret = snprintf(buf, size, "<rule><family>%s</family>" + "<table>%s</table><chain>%s</chain>" + "<handle>%llu</handle>", + nft_family2str(r->family), r->table, r->chain, + (unsigned long long)r->handle); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); ret = snprintf(buf+offset, len, "<rule_flags>%u</rule_flags>", diff --git a/src/table.c b/src/table.c index 6875dd7..bb66717 100644 --- a/src/table.c +++ b/src/table.c @@ -222,7 +222,7 @@ static int nft_table_xml_parse(struct nft_table *t, char *xml) { #ifdef XML_PARSING mxml_node_t *tree = NULL; - mxml_node_t *node = NULL; + const char *name; int family; /* NOTE: all XML nodes are mandatory */ @@ -232,8 +232,13 @@ static int nft_table_xml_parse(struct nft_table *t, char *xml) if (tree == NULL) return -1; - /* Get and set the name of the table */ - if (mxmlElementGetAttr(tree, "name") == NULL) { + if (strcmp(tree->value.opaque, "table") != 0) { + mxmlDelete(tree); + return -1; + } + + name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST); + if (name == NULL) { mxmlDelete(tree); return -1; } @@ -241,18 +246,10 @@ static int nft_table_xml_parse(struct nft_table *t, char *xml) if (t->name) xfree(t->name); - t->name = strdup(mxmlElementGetAttr(tree, "name")); + t->name = name; t->flags |= (1 << NFT_TABLE_ATTR_NAME); - /* Get the and set <family> node */ - node = mxmlFindElement(tree, tree, "family", NULL, NULL, - MXML_DESCEND_FIRST); - if (node == NULL) { - mxmlDelete(tree); - return -1; - } - - family = nft_str2family(node->child->value.opaque); + family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST); if (family < 0) { mxmlDelete(tree); return -1; @@ -261,7 +258,6 @@ static int nft_table_xml_parse(struct nft_table *t, char *xml) t->family = family; t->flags |= (1 << NFT_TABLE_ATTR_FAMILY); - /* Get and set <table_flags> */ if (nft_mxml_num_parse(tree, "table_flags", MXML_DESCEND, BASE_DEC, &t->table_flags, NFT_TYPE_U32) != 0) { mxmlDelete(tree); @@ -360,7 +356,7 @@ static int nft_table_snprintf_json(char *buf, size_t size, struct nft_table *t) static int nft_table_snprintf_xml(char *buf, size_t size, struct nft_table *t) { - return snprintf(buf, size, "<table name=\"%s\"><family>%s</family>" + return snprintf(buf, size, "<table><name>%s</name><family>%s</family>" "<table_flags>%d</table_flags></table>", t->name, nft_family2str(t->family), t->table_flags); } diff --git a/tests/xmlfiles/01-table.xml b/tests/xmlfiles/01-table.xml index 2e33354..2aa6492 100644 --- a/tests/xmlfiles/01-table.xml +++ b/tests/xmlfiles/01-table.xml @@ -1,4 +1,5 @@ -<table name="filter"> +<table> + <name>filter</name> <family>ip</family> <table_flags>0</table_flags> </table> diff --git a/tests/xmlfiles/02-table.xml b/tests/xmlfiles/02-table.xml index 27d0208..fa18d32 100644 --- a/tests/xmlfiles/02-table.xml +++ b/tests/xmlfiles/02-table.xml @@ -1,4 +1,5 @@ -<table name="nat"> +<table> + <name>nat</name> <family>ip6</family> <table_flags>0</table_flags> </table> diff --git a/tests/xmlfiles/10-chain.xml b/tests/xmlfiles/10-chain.xml index 6d1875e..014a915 100644 --- a/tests/xmlfiles/10-chain.xml +++ b/tests/xmlfiles/10-chain.xml @@ -1,4 +1,8 @@ -<chain name="test" handle="0" bytes="0" packets="0"> +<chain> + <name>test</name> + <handle>0</handle> + <bytes>0</bytes> + <packets>0</packets> <type>filter</type> <table>filter</table> <prio>0</prio> diff --git a/tests/xmlfiles/11-chain.xml b/tests/xmlfiles/11-chain.xml index 986cd81..ea6aa19 100644 --- a/tests/xmlfiles/11-chain.xml +++ b/tests/xmlfiles/11-chain.xml @@ -1,4 +1,8 @@ -<chain name="test" handle="0" bytes="59" packets="1"> +<chain> + <name>test</name> + <handle>0</handle> + <bytes>59</bytes> + <packets>1</packets> <type>filter</type> <table>filter</table> <prio>0</prio> diff --git a/tests/xmlfiles/12-chain.xml b/tests/xmlfiles/12-chain.xml index 23fef8c..7f03ace 100644 --- a/tests/xmlfiles/12-chain.xml +++ b/tests/xmlfiles/12-chain.xml @@ -1,4 +1,8 @@ -<chain name="foo" handle="100" bytes="59264154979" packets="2548796325"> +<chain> + <name>foo</name> + <handle>100</handle> + <bytes>59264154979</bytes> + <packets>2548796325</packets> <type>nat</type> <table>nat</table> <prio>0</prio> diff --git a/tests/xmlfiles/20-rule-bitwise.xml b/tests/xmlfiles/20-rule-bitwise.xml index 616bb03..86b2c6a 100644 --- a/tests/xmlfiles/20-rule-bitwise.xml +++ b/tests/xmlfiles/20-rule-bitwise.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="INPUT" handle="100"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>INPUT</chain> + <handle>100</handle> <rule_flags>0</rule_flags> <expr type="bitwise"> <sreg>1</sreg> diff --git a/tests/xmlfiles/21-rule-byteorder.xml b/tests/xmlfiles/21-rule-byteorder.xml index c83fe22..b19380c 100644 --- a/tests/xmlfiles/21-rule-byteorder.xml +++ b/tests/xmlfiles/21-rule-byteorder.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="test" chain="test" handle="1000"> +<rule> + <family>ip</family> + <table>test</table> + <chain>test</chain> + <handle>1000</handle> <rule_flags>0</rule_flags> <expr type="byteorder"> <sreg>3</sreg> diff --git a/tests/xmlfiles/22-rule-cmp.xml b/tests/xmlfiles/22-rule-cmp.xml index 1ad90cb..aae6de9 100644 --- a/tests/xmlfiles/22-rule-cmp.xml +++ b/tests/xmlfiles/22-rule-cmp.xml @@ -1,4 +1,8 @@ -<rule family="ip6" table="filter" chain="test" handle="36"> +<rule> + <family>ip6</family> + <table>filter</table> + <chain>test</chain> + <handle>36</handle> <rule_flags>0</rule_flags> <expr type="cmp"> <sreg>1</sreg> diff --git a/tests/xmlfiles/23-rule-counter.xml b/tests/xmlfiles/23-rule-counter.xml index 15f2e51..0c56f4a 100644 --- a/tests/xmlfiles/23-rule-counter.xml +++ b/tests/xmlfiles/23-rule-counter.xml @@ -1,4 +1,8 @@ -<rule family="ip6" table="filter" chain="test" handle="39"> +<rule> + <family>ip6</family> + <table>filter</table> + <chain>test</chain> + <handle>39</handle> <rule_flags>0</rule_flags> <expr type="counter"> <pkts>3</pkts> diff --git a/tests/xmlfiles/24-rule-ct.xml b/tests/xmlfiles/24-rule-ct.xml index 9a534c5..f4d52c1 100644 --- a/tests/xmlfiles/24-rule-ct.xml +++ b/tests/xmlfiles/24-rule-ct.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="INPUT" handle="100"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>INPUT</chain> + <handle>100</handle> <rule_flags>0</rule_flags> <expr type="ct"> <dreg>1</dreg> diff --git a/tests/xmlfiles/25-rule-exthdr.xml b/tests/xmlfiles/25-rule-exthdr.xml index f4c44f0..a29e857 100644 --- a/tests/xmlfiles/25-rule-exthdr.xml +++ b/tests/xmlfiles/25-rule-exthdr.xml @@ -1,4 +1,8 @@ -<rule family="ip6" table="filter" chain="INPUT" handle="100"> +<rule> + <family>ip6</family> + <table>filter</table> + <chain>INPUT</chain> + <handle>100</handle> <rule_flags>0</rule_flags> <expr type="exthdr"> <dreg>1</dreg> diff --git a/tests/xmlfiles/26-rule-immediate.xml b/tests/xmlfiles/26-rule-immediate.xml index 322e49f..dee0e7a 100644 --- a/tests/xmlfiles/26-rule-immediate.xml +++ b/tests/xmlfiles/26-rule-immediate.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="input" handle="32"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>input</chain> + <handle>32</handle> <rule_flags>0</rule_flags> <expr type="immediate"> <dreg>0</dreg> diff --git a/tests/xmlfiles/27-rule-limit.xml b/tests/xmlfiles/27-rule-limit.xml index 7fa6963..7596429 100644 --- a/tests/xmlfiles/27-rule-limit.xml +++ b/tests/xmlfiles/27-rule-limit.xml @@ -1,7 +1,11 @@ -<rule family="ip" table="filter" chain="INPUT" handle="100"> - <rule_flags>0</rule_flags> - <expr type="limit"> - <rate>123123</rate> - <depth>321321</depth> - </expr> +<rule> + <family>ip</family> + <table>filter</table> + <chain>INPUT</chain> + <handle>100</handle> + <rule_flags>0</rule_flags> + <expr type="limit"> + <rate>123123</rate> + <depth>321321</depth> + </expr> </rule> diff --git a/tests/xmlfiles/28-rule-log.xml b/tests/xmlfiles/28-rule-log.xml index b001610..976b29c 100644 --- a/tests/xmlfiles/28-rule-log.xml +++ b/tests/xmlfiles/28-rule-log.xml @@ -1,4 +1,8 @@ -<rule family="ip6" table="filter" chain="test" handle="96"> +<rule> + <family>ip6</family> + <table>filter</table> + <chain>test</chain> + <handle>96</handle> <rule_flags>0</rule_flags> <expr type="log"> <prefix>test_chain</prefix> diff --git a/tests/xmlfiles/29-rule-lookup.xml b/tests/xmlfiles/29-rule-lookup.xml index 50f9340..0df7709 100644 --- a/tests/xmlfiles/29-rule-lookup.xml +++ b/tests/xmlfiles/29-rule-lookup.xml @@ -1,4 +1,8 @@ -<rule family="ip6" table="filter" chain="test" handle="37"> +<rule> + <family>ip6</family> + <table>filter</table> + <chain>test</chain> + <handle>37</handle> <rule_flags>0</rule_flags> <expr type="lookup"> <set>set0</set> diff --git a/tests/xmlfiles/30-rule-match.xml b/tests/xmlfiles/30-rule-match.xml index 99d53f7..817b88f 100644 --- a/tests/xmlfiles/30-rule-match.xml +++ b/tests/xmlfiles/30-rule-match.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="INPUT" handle="100"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>INPUT</chain> + <handle>100</handle> <rule_flags>0</rule_flags> <expr type="match"> <name>state</name> diff --git a/tests/xmlfiles/31-rule-meta.xml b/tests/xmlfiles/31-rule-meta.xml index 2ffb7c5..1bce08b 100644 --- a/tests/xmlfiles/31-rule-meta.xml +++ b/tests/xmlfiles/31-rule-meta.xml @@ -1,4 +1,8 @@ -<rule family="ip6" table="filter" chain="test" handle="36"> +<rule> + <family>ip6</family> + <table>filter</table> + <chain>test</chain> + <handle>36</handle> <rule_flags>0</rule_flags> <expr type="meta"> <dreg>1</dreg> diff --git a/tests/xmlfiles/32-rule-nat6.xml b/tests/xmlfiles/32-rule-nat6.xml index 108722a..a80b4d4 100644 --- a/tests/xmlfiles/32-rule-nat6.xml +++ b/tests/xmlfiles/32-rule-nat6.xml @@ -1,4 +1,8 @@ -<rule family="ip6" table="nat" chain="OUTPUT" handle="100"> +<rule> + <family>ip6</family> + <table>nat</table> + <chain>OUTPUT</chain> + <handle>100</handle> <rule_flags>0</rule_flags> <expr type="nat"> <family>ip6</family> diff --git a/tests/xmlfiles/33-rule-nat4.xml b/tests/xmlfiles/33-rule-nat4.xml index 1729b9f..05933af 100644 --- a/tests/xmlfiles/33-rule-nat4.xml +++ b/tests/xmlfiles/33-rule-nat4.xml @@ -1,11 +1,15 @@ -<rule family="ip" table="filter" chain="INPUT" handle="100"> - <rule_flags>0</rule_flags> - <expr type="nat"> - <sreg_addr_min>1</sreg_addr_min> - <sreg_addr_max>2</sreg_addr_max> - <sreg_proto_min>3</sreg_proto_min> - <sreg_proto_max>4</sreg_proto_max> - <family>ip</family> - <nat_type>dnat</nat_type> - </expr> +<rule> + <family>ip</family> + <table>filter</table> + <chain>INPUT</chain> + <handle>100</handle> + <rule_flags>0</rule_flags> + <expr type="nat"> + <sreg_addr_min>1</sreg_addr_min> + <sreg_addr_max>2</sreg_addr_max> + <sreg_proto_min>3</sreg_proto_min> + <sreg_proto_max>4</sreg_proto_max> + <family>ip</family> + <nat_type>dnat</nat_type> + </expr> </rule> diff --git a/tests/xmlfiles/34-rule-payload.xml b/tests/xmlfiles/34-rule-payload.xml index 0920c65..bd344cc 100644 --- a/tests/xmlfiles/34-rule-payload.xml +++ b/tests/xmlfiles/34-rule-payload.xml @@ -1,4 +1,8 @@ -<rule family="ip6" table="filter" chain="test" handle="34"> +<rule> + <family>ip6</family> + <table>filter</table> + <chain>test</chain> + <handle>34</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/35-rule-target.xml b/tests/xmlfiles/35-rule-target.xml index 8fce3b5..914bb9a 100644 --- a/tests/xmlfiles/35-rule-target.xml +++ b/tests/xmlfiles/35-rule-target.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="INPUT" handle="100"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>INPUT</chain> + <handle>100</handle> <rule_flags>0</rule_flags> <expr type="target"> <name>LOG</name> diff --git a/tests/xmlfiles/36-rule-real.xml b/tests/xmlfiles/36-rule-real.xml index 352027a..5ba79b7 100644 --- a/tests/xmlfiles/36-rule-real.xml +++ b/tests/xmlfiles/36-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="22"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>22</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/37-rule-real.xml b/tests/xmlfiles/37-rule-real.xml index a4ced2c..42ea43a 100644 --- a/tests/xmlfiles/37-rule-real.xml +++ b/tests/xmlfiles/37-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="INPUT" handle="25"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>INPUT</chain> + <handle>25</handle> <rule_flags>0</rule_flags> <expr type="meta"> <dreg>1</dreg> diff --git a/tests/xmlfiles/38-rule-real.xml b/tests/xmlfiles/38-rule-real.xml index d48547c..08de9d3 100644 --- a/tests/xmlfiles/38-rule-real.xml +++ b/tests/xmlfiles/38-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="INPUT" handle="30"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>INPUT</chain> + <handle>30</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/39-rule-real.xml b/tests/xmlfiles/39-rule-real.xml index 8e8b77f..de1692c 100644 --- a/tests/xmlfiles/39-rule-real.xml +++ b/tests/xmlfiles/39-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip6" table="filter" chain="test" handle="31"> +<rule> + <family>ip6</family> + <table>filter</table> + <chain>test</chain> + <handle>31</handle> <rule_flags>0</rule_flags> <expr type="meta"> <dreg>1</dreg> diff --git a/tests/xmlfiles/40-rule-real.xml b/tests/xmlfiles/40-rule-real.xml index 00a333d..944b1bd 100644 --- a/tests/xmlfiles/40-rule-real.xml +++ b/tests/xmlfiles/40-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="2"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>2</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/41-rule-real.xml b/tests/xmlfiles/41-rule-real.xml index 58c13d0..de951f8 100644 --- a/tests/xmlfiles/41-rule-real.xml +++ b/tests/xmlfiles/41-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="3"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>3</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/42-rule-real.xml b/tests/xmlfiles/42-rule-real.xml index 298181c..d528a38 100644 --- a/tests/xmlfiles/42-rule-real.xml +++ b/tests/xmlfiles/42-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="4"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>4</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/43-rule-real.xml b/tests/xmlfiles/43-rule-real.xml index b814e55..0e6381c 100644 --- a/tests/xmlfiles/43-rule-real.xml +++ b/tests/xmlfiles/43-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="5"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>5</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/44-rule-real.xml b/tests/xmlfiles/44-rule-real.xml index 7be5705..a9fc698 100644 --- a/tests/xmlfiles/44-rule-real.xml +++ b/tests/xmlfiles/44-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="6"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>6</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/45-rule-real.xml b/tests/xmlfiles/45-rule-real.xml index d1cab48..ed4645d 100644 --- a/tests/xmlfiles/45-rule-real.xml +++ b/tests/xmlfiles/45-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="7"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>7</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/46-rule-real.xml b/tests/xmlfiles/46-rule-real.xml index e87194f..56cb088 100644 --- a/tests/xmlfiles/46-rule-real.xml +++ b/tests/xmlfiles/46-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="8"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>8</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/47-rule-real.xml b/tests/xmlfiles/47-rule-real.xml index c15edc0..2ec3e19 100644 --- a/tests/xmlfiles/47-rule-real.xml +++ b/tests/xmlfiles/47-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="9"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>9</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/48-rule-real.xml b/tests/xmlfiles/48-rule-real.xml index 097f602..36ca11b 100644 --- a/tests/xmlfiles/48-rule-real.xml +++ b/tests/xmlfiles/48-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="10"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>10</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/49-rule-real.xml b/tests/xmlfiles/49-rule-real.xml index 32cc623..ef968ac 100644 --- a/tests/xmlfiles/49-rule-real.xml +++ b/tests/xmlfiles/49-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="11"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>11</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/50-rule-real.xml b/tests/xmlfiles/50-rule-real.xml index 6800d19..5b4bb2f 100644 --- a/tests/xmlfiles/50-rule-real.xml +++ b/tests/xmlfiles/50-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="12"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>12</handle> <rule_flags>0</rule_flags> <expr type="ct"> <dreg>1</dreg> diff --git a/tests/xmlfiles/51-rule-real.xml b/tests/xmlfiles/51-rule-real.xml index a77d5d9..1e5a46c 100644 --- a/tests/xmlfiles/51-rule-real.xml +++ b/tests/xmlfiles/51-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="13"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>13</handle> <rule_flags>0</rule_flags> <expr type="ct"> <dreg>1</dreg> diff --git a/tests/xmlfiles/52-rule-real.xml b/tests/xmlfiles/52-rule-real.xml index 289a6eb..6cb3a0e 100644 --- a/tests/xmlfiles/52-rule-real.xml +++ b/tests/xmlfiles/52-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="14"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>14</handle> <rule_flags>0</rule_flags> <expr type="ct"> <dreg>1</dreg> diff --git a/tests/xmlfiles/53-rule-real.xml b/tests/xmlfiles/53-rule-real.xml index ba1ba42..1be6c89 100644 --- a/tests/xmlfiles/53-rule-real.xml +++ b/tests/xmlfiles/53-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="15"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>15</handle> <rule_flags>0</rule_flags> <expr type="ct"> <dreg>1</dreg> diff --git a/tests/xmlfiles/54-rule-real.xml b/tests/xmlfiles/54-rule-real.xml index bcb81b7..caf9ebe 100644 --- a/tests/xmlfiles/54-rule-real.xml +++ b/tests/xmlfiles/54-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="16"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>16</handle> <rule_flags>0</rule_flags> <expr type="ct"> <dreg>1</dreg> diff --git a/tests/xmlfiles/55-rule-real.xml b/tests/xmlfiles/55-rule-real.xml index fd98495..f452e50 100644 --- a/tests/xmlfiles/55-rule-real.xml +++ b/tests/xmlfiles/55-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="17"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>17</handle> <rule_flags>0</rule_flags> <expr type="ct"> <dreg>1</dreg> diff --git a/tests/xmlfiles/56-rule-real.xml b/tests/xmlfiles/56-rule-real.xml index cfffce8..3175803 100644 --- a/tests/xmlfiles/56-rule-real.xml +++ b/tests/xmlfiles/56-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="18"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>18</handle> <rule_flags>0</rule_flags> <expr type="ct"> <dreg>1</dreg> diff --git a/tests/xmlfiles/57-rule-real.xml b/tests/xmlfiles/57-rule-real.xml index 6674496..9c63ed4 100644 --- a/tests/xmlfiles/57-rule-real.xml +++ b/tests/xmlfiles/57-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="19"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>19</handle> <rule_flags>0</rule_flags> <expr type="ct"> <dreg>1</dreg> diff --git a/tests/xmlfiles/58-rule-real.xml b/tests/xmlfiles/58-rule-real.xml index f7adb9c..0ba27a8 100644 --- a/tests/xmlfiles/58-rule-real.xml +++ b/tests/xmlfiles/58-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="20"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>20</handle> <rule_flags>0</rule_flags> <expr type="meta"> <dreg>1</dreg> diff --git a/tests/xmlfiles/59-rule-real.xml b/tests/xmlfiles/59-rule-real.xml index 88442a1..1305516 100644 --- a/tests/xmlfiles/59-rule-real.xml +++ b/tests/xmlfiles/59-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="21"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>21</handle> <rule_flags>0</rule_flags> <expr type="meta"> <dreg>1</dreg> diff --git a/tests/xmlfiles/60-rule-real.xml b/tests/xmlfiles/60-rule-real.xml index 2cfbec7..d7db206 100644 --- a/tests/xmlfiles/60-rule-real.xml +++ b/tests/xmlfiles/60-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="22"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>22</handle> <rule_flags>0</rule_flags> <expr type="meta"> <dreg>1</dreg> diff --git a/tests/xmlfiles/61-rule-real.xml b/tests/xmlfiles/61-rule-real.xml index 0b7e8a3..0d21968 100644 --- a/tests/xmlfiles/61-rule-real.xml +++ b/tests/xmlfiles/61-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="23"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>23</handle> <rule_flags>0</rule_flags> <expr type="meta"> <dreg>1</dreg> diff --git a/tests/xmlfiles/62-rule-real.xml b/tests/xmlfiles/62-rule-real.xml index 6ef3055..7f2aba2 100644 --- a/tests/xmlfiles/62-rule-real.xml +++ b/tests/xmlfiles/62-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="24"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>24</handle> <rule_flags>0</rule_flags> <expr type="meta"> <dreg>1</dreg> diff --git a/tests/xmlfiles/63-rule-real.xml b/tests/xmlfiles/63-rule-real.xml index 69933f2..e632d51 100644 --- a/tests/xmlfiles/63-rule-real.xml +++ b/tests/xmlfiles/63-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="25"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>25</handle> <rule_flags>0</rule_flags> <expr type="meta"> <dreg>1</dreg> diff --git a/tests/xmlfiles/64-rule-real.xml b/tests/xmlfiles/64-rule-real.xml index 10db311..9e11132 100644 --- a/tests/xmlfiles/64-rule-real.xml +++ b/tests/xmlfiles/64-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="26"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>26</handle> <rule_flags>0</rule_flags> <expr type="meta"> <dreg>1</dreg> diff --git a/tests/xmlfiles/65-rule-real.xml b/tests/xmlfiles/65-rule-real.xml index b88f81a..3cbdd13 100644 --- a/tests/xmlfiles/65-rule-real.xml +++ b/tests/xmlfiles/65-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="27"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>27</handle> <rule_flags>0</rule_flags> <expr type="meta"> <dreg>1</dreg> diff --git a/tests/xmlfiles/66-rule-real.xml b/tests/xmlfiles/66-rule-real.xml index f0bf768..4790065 100644 --- a/tests/xmlfiles/66-rule-real.xml +++ b/tests/xmlfiles/66-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="28"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>28</handle> <rule_flags>0</rule_flags> <expr type="meta"> <dreg>1</dreg> diff --git a/tests/xmlfiles/67-rule-real.xml b/tests/xmlfiles/67-rule-real.xml index 82d1310..c3413e2 100644 --- a/tests/xmlfiles/67-rule-real.xml +++ b/tests/xmlfiles/67-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="29"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>29</handle> <rule_flags>0</rule_flags> <expr type="meta"> <dreg>1</dreg> diff --git a/tests/xmlfiles/68-rule-real.xml b/tests/xmlfiles/68-rule-real.xml index f538185..a63a51c 100644 --- a/tests/xmlfiles/68-rule-real.xml +++ b/tests/xmlfiles/68-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="32"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>32</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/69-rule-real.xml b/tests/xmlfiles/69-rule-real.xml index bfa4efe..02baab4 100644 --- a/tests/xmlfiles/69-rule-real.xml +++ b/tests/xmlfiles/69-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="33"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>33</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/70-rule-real.xml b/tests/xmlfiles/70-rule-real.xml index 8f15733..a459542 100644 --- a/tests/xmlfiles/70-rule-real.xml +++ b/tests/xmlfiles/70-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="34"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>34</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/71-rule-real.xml b/tests/xmlfiles/71-rule-real.xml index f8e199a..444b9ca 100644 --- a/tests/xmlfiles/71-rule-real.xml +++ b/tests/xmlfiles/71-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="35"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>35</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> diff --git a/tests/xmlfiles/72-rule-real.xml b/tests/xmlfiles/72-rule-real.xml index 4b9f93b..64b4ec6 100644 --- a/tests/xmlfiles/72-rule-real.xml +++ b/tests/xmlfiles/72-rule-real.xml @@ -1,4 +1,8 @@ -<rule family="ip" table="filter" chain="output" handle="36"> +<rule> + <family>ip</family> + <table>filter</table> + <chain>output</chain> + <handle>36</handle> <rule_flags>0</rule_flags> <expr type="payload"> <dreg>1</dreg> |