summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* expr: byteorder: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-231-23/+14
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: byteorder: Get a nft_rule_expr type in ↵Ana Rey2014-06-231-18/+13
| | | | | | | | | | nft_rule_expr_byteorder_snprintf_* functions Code refactoring in nft_rule_expr_byteorder_snprintf_* functions to get a nft_rule_expr type instead of nft_expr_byorder type. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: target: Do not print unset values in json fileAna Rey2014-06-231-6/+6
| | | | | | | It changes the parse and snrintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: target: Do not print unset values in xml fileAna Rey2014-06-231-6/+6
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: target: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-231-4/+1
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: target: get a nft_rule_expr type in nft_rule_expr_target_snprintf_* ↵Ana Rey2014-06-231-11/+10
| | | | | | | | | | | | | | functions Code refactoring in nft_rule_expr_target_snprintf_* functions to get a nft_rule_expr type instead of nft_expr_target type. The nft_rule_expr is needed to check information into flags variables. Moreover, It remanes some variables like 'tg' to 'target' for code readability reasons. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: payload: Do not print unset values in json fileAna Rey2014-06-231-27/+30
| | | | | | It changes the parse functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com>
* expr: payload: Do not print unset values in xml fileAna Rey2014-06-231-24/+30
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: payload: get a nft_rule_expr type in nft_rule_expr_payload_snprintf_* ↵Ana Rey2014-06-231-8/+10
| | | | | | | | | | | | | | functions. Code refactoring in nft_rule_expr_payload_snprintf_* functions to get a nft_rule_expr type instead of nft_expr_payload type. The nft_rule_expr is needed to check information into flags variables. Moreover, It remanes a variable from 'p' to 'payload' for code readability reasons. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: payload: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-231-13/+8
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: meta: Do not print unset values in json fileAna Rey2014-06-231-26/+17
| | | | | | | | | It changes the parse and snprintf functions to omit unset values. Moreover, It adds some whitespaces arount '+' caracter, as the CodingStyle recommends. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: meta: Do not print unset values in xml fileAna Rey2014-06-231-16/+11
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: meta: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-231-15/+8
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: immediate: Do not print unset values in xml fileAna Rey2014-06-231-22/+23
| | | | | | | It changes the parse functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: immediate: Do not print unset values in json fileAna Rey2014-06-231-27/+23
| | | | | | | It changes the parse functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: immediate: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-231-3/+1
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: bitwise: Do not print unset values in jsonAna Rey2014-06-231-39/+48
| | | | | | | It changes the parse and the snprint functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: bitwise: Do not print unset values in xmlAna Rey2014-06-231-47/+49
| | | | | | | | | It changes the parse and the snprint functions to omit unset values. Now, This part of a xml file is gotten without unset elements. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: bitwise: Get a nft_rule_expr type in nft_rule_expr_bitwise_snprintf_* ↵Ana Rey2014-06-231-15/+12
| | | | | | | | | | functions Code refactoring in nft_rule_expr_bitwise_snprintf_* functions to get a nft_rule_expr type instead of nft_expr_bitwise type. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: remove alignment through XT_ALIGN in match and targetPablo Neira Ayuso2014-06-172-2/+2
| | | | | | | The info area that this gets via the setter should be already aligned. The caller has to care of this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: limit: Do not print unset values in xmlAna Rey2014-06-161-11/+17
| | | | | | | | | | | | | | It changes the parse and the snprint functions to omit unset values. Now, This part of a xml file is gotten without unset elements. <expr type="limit"> <rate>400</rate> <unit>60</unit> </expr> Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: limit: Do not print unset values in jsonAna Rey2014-06-161-11/+21
| | | | | | | | | | | It changes the parse and the snprint functions to omit unset values. Now, This part of a json file is gotten without unset elements. {"expr":[{"type":"limit","rate":400,"unit":60}]} Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: limit: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-161-9/+7
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: limit: Add nft_rule_expr_limit_snprinf_* functionsAna Rey2014-06-161-9/+32
| | | | | | | | | | | | Code refactoring in nft_rule_expr_limit_snprinf functions. This process adds three new functions: * nft_rule_expr_limit_snprinf_default * nft_rule_expr_limit_snprinf_xml * nft_rule_expr_limit_snprinf_json Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: nat: Do not print unset values in json fileAna Rey2014-06-161-16/+8
| | | | | | | | | | | | | | | | | It changes the parse functions to omit unset values. Now, It possible to use a xml file like this: [...] { "type": "nat", "nat_type": "snat", "family": "ip", "sreg_addr_min": 1, "sreg_addr_max": 1, } Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: nat: Do not print unset values in xml fileAna Rey2014-06-161-12/+8
| | | | | | | | | | | | | | | | It changes the parse functions to omit unset values. Now, It possible to use a xml file like this: [...] <expr type="nat"> <type>snat</type> <family>ip</family> <sreg_addr_min>1</sreg_addr_min> <sreg_addr_max>1</sreg_addr_max> </expr></rule> Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: nat: Use nft_rule_expr_set_* in the xmlAna Rey2014-06-161-29/+17
| | | | | | | | | Code refactoring to use nft_rule_expr_set_* in parse xml functions. Also, It renames some variables for code readability reasons and It converts some variables from int to uint32_t. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: Add json and xml test file for queueAna Rey2014-06-164-0/+5
| | | | | | | New xml and json test files. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: queue: Use snprintf and SNPRINTF_BUFFER_SIZE in snprintf_default functionAna Rey2014-06-161-16/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Code refactoring to use snprintf and SNPRINTF_BUFFER_SIZE in snprintf_default functions. Also, It adapts to the next syntax in queue. Added in: http://git.netfilter.org/nftables/commit/?id=27619ffbe503ed4d9e59a02e81db9a7ac49d37af Here, some examples: ip test input 31 [ queue num 3-5 bypass fanout] ip test input 32 31 [ queue num 0] ip test input 33 32 [ queue num 4] ip test input 34 33 [ queue num 2-6 bypass] table ip test { chain input { type filter hook input priority 0; queue num 3-5 bypass fanout queue num 0 queue num 4 queue num 2-6 bypass } } Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: queue: Use the correct data typeAna Rey2014-06-161-4/+5
| | | | | | | Fix wrong data types, eg. queue num is u16. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: queue: Do not print unset values in jsonAna Rey2014-06-161-17/+29
| | | | | | | | | | | It changes the parse and the snprint functions to omit unset values. This json file is gotten for a queue: {"expr":[{"type":"queue","num":0,"total":1,"flags":0}]} Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: queue: Do not print unset values in xmlAna Rey2014-06-161-14/+25
| | | | | | | | | | | | | | | | | It changes the parse and the snprint functions to omit unset values. This xml file is gotten for a queue: [...] <expr type="queue"> <num>0</num> <total>1</total> <flags>0</flags> </expr> [...] Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: queue: Use nft_rule_expr_* in the xmlAna Rey2014-06-161-10/+7
| | | | | | | Code refactoring to use nft_rule_expr_* in parse xml functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: queue: Add nft_rule_expr_queue_snprinf_* functionsAna Rey2014-06-161-31/+51
| | | | | | | | | | | | | | | Code refactoring in nft_rule_expr_queue_snprinf functions. This patch adds three new functions: * nft_rule_expr_queue_snprinf_default * nft_rule_expr_queue_snprinf_xml * nft_rule_expr_queue_snprinf_json Moreover, I have deleted an unnecesary whitespace as the CodingStyle recommends. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: xmlfiles: Test files without unset child elements in set elementsAna Rey2014-06-113-3/+3
| | | | | | | Test files without unset child element in set elements. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: Free memory in the same function that is reservedAna Rey2014-06-111-11/+10
| | | | | | | Free memory in the same function that is reserved. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: set: Do not print unset values in jsonAna Rey2014-06-113-67/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It changes the parse and the snprint functions to omit unset values. This json file is gotten for a set: { "set": { "name": "mi6set3", "table": "test6", "flags": "0", "family": "unknown", "key_type": "0", "key_len": "0", "set_elem": [ { "flags": "0", "key": { "data_reg": { "type": "value", "len": "16", "data0": "0x000080fe", "data1": "0x00000000", "data2": "0xffb30202", "data3": "0x89001efe" Now, This json file is gotten for a set without unset elements. { "set": { "name": "mi6set3", "table": "test6", "family": "unknown", "set_elem": [ { "key": { "data_reg": { "type": "value", "len": "16", "data0": "0x000080fe", "data1": "0x00000000", "data2": "0xffb30202", "data3": "0x89001efe" [ Note: These fields are unset when they are obtained from the set element information --pablo. ] Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: set: Do not print unset values in xmlAna Rey2014-06-112-46/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It changes the parse and the snprint functions to omit unset values. This xml file is gotten for a set: <set> <family>unknown</family> <table>test</table> <name>miset</name> <flags>0</flags> <key_type>0</key_type> <key_len>0</key_len> <set_elem> <flags>0</flags> <key> <data_reg type="value"> <len>4</len> <data0>0x0401a8c0</data0> </data_reg> </key> </set_elem> <set_elem> <flags>0</flags> <key> <data_reg type="value"> <len>4</len> <data0>0x0501a8c0</data0> </data_reg> </key> </set_elem> </set> Now, this xml file is gotten without unset values: <set> <family>unknown</family> <table>test</table> <name>miset</name> <set_elem> <key> <data_reg type="value"> <len>4</len> <data0>0x00000002</data0> </data_reg> </key> </set_elem> <set_elem> <key> <data_reg type="value"> <len>4</len> <data0>0x0401a8c0</data0> </data_reg> </key> </set_elem> </set> Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* common: homogeneous error message in nft_parse_perror()Pablo Neira Ayuso2014-06-111-7/+7
| | | | | | | | The user-specified message should be used even if the error type is unspecified. Moreover, make the output error message homogeneous. Sometimes is was including a space before the ':' separator. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: nft-parsing-test: Display error reason when testing XMLAna Rey2014-06-111-1/+2
| | | | | | | | | | | | | | | Add the use of system errors (nft_parse_perror) in test_xml to know which node is not found. Example: parsing xmlfiles/75-ruleset.xml: FAILED (Invalid argument) Reason : Node "flags" not found [ I have mangled this patch to rename this the current 'fail' message to 'Reason' --pablo ] Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: set: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-112-35/+21
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: xmlfile: Remove unset child elements in the log expressionAna Rey2014-06-104-4/+4
| | | | | | | Test files without unset child element in the log expression. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* configure: uclinux is also linux (nommu)Gustavo Zacarias2014-06-051-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: reject: Do not print unset values in jsonAna Rey2014-06-051-11/+20
| | | | | | | | | | | | | | | | It changes the parse and the snprint functions to omit unset values. If It uses this rule: nft add rule ip test output input It gets this json file: [...] "expr":[{"type":"reject","type":0,"code":0}]} Now, That rule creates this json file without null values: [...] "expr":[{"type":"reject"}]} Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: reject: Convert the type of a variableAna Rey2014-06-051-1/+1
| | | | | | | Convert the type of a variable from uint16_t to uint8_t. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: reject: Do not print unset values in xmlAna Rey2014-06-051-9/+17
| | | | | | | | | | | | | | | | | | | | | | | | | It changes the parse and the snprint functions to omit unset values. If we used this rule: nft add rule ip test output reject It gets this xml file: [...] <expr type="reject"> <type>0</type> <code>0</code> </expr> </rule></nftables> Now, That rule creates this xml file without null values: [...] <expr type="reject"> </expr> </rule></nftables> Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: reject: Use nft_rule_expr_set_* in the xmlAna Rey2014-06-051-9/+6
| | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com>
* expr: reject: Add nft_rule_expr_reject_snprinf_* functionsAna Rey2014-06-051-10/+32
| | | | | | | | | | | | Code refactoring in nft_rule_expr_reject_snprinf functions. This process adds three new functions: * nft_rule_expr_reject_snprinf_default * nft_rule_expr_reject_snprinf_xml * nft_rule_expr_reject_snprinf_json Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: log: Do not print unset values in jsonAna Rey2014-06-052-22/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | It changes the parse and the snprint functions to omit unset values. Also, It fixes an unnecessary comma after key-value pair type. This comma is not necessary if there is not more key-value pairs in this expr. Example: "expr":[{"type":"log"}] If It uses this rule: nft add rule ip test output log It gets this json file: [...] {"expr":[{"type":"log","prefix":"(null)","group":0,"snaplen":0,"qthreshold":0}]} [...] Now, That rule creates this json file without null values: {"expr":[{"type":"log"}]} Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: log: Do not print unset values in xmlAna Rey2014-06-051-18/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It changes the parse and the snprint functions to omit unset values. If we used this rule: nft add rule ip test output log We got this xml file: <rule><family>ip</family> <table>test</table> <chain>output</chain> <handle>88</handle> <expr type="log"> <prefix>(null)</prefix> <group>0</group> <snaplen>0</snaplen> <qthreshold>0</qthreshold> </expr> </rule> And It was imposible import this file. Now, That rule creates this xml file without null values: <rule><family>ip</family> <table>test</table> <chain>output</chain> <handle>88</handle> <expr type="log"> </expr> </rule> and It's possible import this xml file. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>