| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Since the 'use' attribute in a chain can't be set, ignore it in the
XML printing.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Some node reorganization in order to have an input file equal to
what set_snprintf will output.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
This assignation was wrong.
Introduced at commit e13819c
(src: xml: consolidate common XML code via nft_mxml_num_parse).
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
It's already done a couple of lines above.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this patch, the test only verified that we could parse
the file. After this, it also compares what it has parsed with
the original file.
Basically, the idea is that:
file -> buffer -> object -> buffer'
read snprintf
So we also compare that buffer = buffer' which should be true
since our tests should be based on the output that the library
generates.
This is an example output for the OK and FAILED cases:
parsing and validating xmlfiles/25-rule-exthdr.xml: OK
validating xmlfiles/27-rule-limit.xml: FAILED
from file: it"><rate>123123</ra
from snprintf: it"><rate>321321</ra
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Use base2str instead to consolidate code in the snprintf path.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These XML files are intented to be used for automated tests. Thus, it's
important to have exactly the same output that was generated by the library.
The beautified output does not match the real output that the library provides
and it just makes things harder for us to provide a more advanced automated
testing.
If you want to make any of those file human readable, please use:
xmllint --format file.xml
or open the xml file and any browser, eg. firefox.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Reported-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Refactor some existing code with the new function nft_jansson_family.
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
I have added the parameter family in the example nft-rule-get.
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Add function that will be use in the JSON parser
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Add function that will be use in the JSON parser.
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Add function that will be use in the JSON parser
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Add function that will be use in the JSON parser.
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch adapts JSON nodes to mimic current XML node tags.
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
I have added the len node in bitwise which was missing
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Display direction and key if available
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Fixed display compat_proto value and compat_flag if available.
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Fixed wrong value in data_reg_chain snprintf.
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Added missing curly braces in json output support.
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Added missing commas in json output support.
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Move nft_mxml_set_elem_parse to set_elem.c to improve readability, thus,
we don't need to jump from set_elem.c to mxml.c to see how the parsing
is done.
I have also refactored some common parsing code in the new helper
function nft_mxml_set_elem_parse, that avoids conversions from XML tree
to text and then again back to tree.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes some XML nodes with prefixes, as the example below
ilustrates.
Before:
<rule>
<rule_flags/>
<rule_family/>
<rule>
After:
<rule>
<flags>
<family>
</rule>
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Use nft_mxml_family_parse() to parse the family.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Not needed anymore after constification.
Based on patch from Arturo Borrero.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Should have been done in (ec75831 src: fully constify nft_*_get
functions).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Should have been done in (ec75831 src: fully constify
nft_*_get functions)
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Remove a good bunch of LOC with this cleanup.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When working with XML, it's desirable to work with nodes better than
attributes.
Table/chain/rules had attributes in their XML representation, and
this patch transform those to nodes, ie:
Before:
<table name="filter">
<family>ip</family>
<table_flags>0</table_flags>
</table>
After:
<table>
<name>filter</name>
<family>ip</family>
<table_flags>0</table_flags>
</table>
While at it:
* There was a lot of redundant code that is now collapsed with the
new nft_mxml_family_parse() helper function.
* I've added a small fix: additional validation for the name of
the current XML object, and also replace raw strtol calls to nft_strtoi.
* Also, all XML testfiles are updated to keep passing the parsing tests and
mantain the repo in consisten state.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
We have several char * field that were not constify to avoid
gcc compilation warnings when calling free. Since (99d2574 src:
add xfree and use it), we can fully constify these objects
fields without trouble.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch adds xfree, a replacement of free that accepts
const pointers. This helps to remove ugly castings that you usually
need to calm down gcc.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Note: I've used MXML_DESCEND_FIRST flag when calling nft_mxml_str_parse()
to ensure that the parsing travels from the top of the chain XML tree.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
|
| |
|
|
|
|
|
|
| |
If neither XML_PARSING nor JSON_PARSING are defined (libnftables configured
without XML/JSON parsing support), a warning is produced due to unused
nft_str2hooknum() function.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch deletes the <properties> node in chain and table XML objects.
For this to work, the first tree search with MXML_DESCEND_FIRST flag is moved
to the next node.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
nft_str2hooknum() should return -1 if no hooknum was found.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Test the functions for parsing chains in JSON.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Add function for parsing chains in format JSON.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
I have removed the properties node from chain because it's a node without relevant information
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
I have removed the properties node from table because
it provides no relevant information.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Add a helper function that parses and returns the jansson
tree, use it in the table parser.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Use nft_verdict2str function instead.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the version XML node and the version JSON field
in all our existing objects. The current versioning approach
consists of adding a version field to every object representation
in XML and JSON. While listing my entire rule-set, one can notice
that this approach is too bloated.
Once the library enters stable stage, if we need to obsolete a XML
node and a JSON field, we can follow this procedure:
1) Remove the XML node and the JSON field from the output, so fresh
outputs will not contain the old ones anymore.
2) Do not remove the parsing of the old XML node and the JSON field
inmediately. We have to keep supporting the parsing for a while
to avoid breaking the interpretion of old XML/JSON files. We can
spot a warning to warn about it, so users generate a fresh
output again.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sets are now parsed, following this previous snprintf pattern:
<set>
<set_name>string</set_name>
<set_table>table</set_table>
<set_xml_version>int</set_xml_version>
<set_flags>uint32_t</set_flags>
<key_type>uint32_t</key_type>
<key_len>size_t</key_len>
<data_type>uint32_t</data_type>
<data_len>size_t</data_len>
<set_elem>
<set_elem_flags>uint32_t</set_elem_flags>
<set_elem_key>
<data_reg type="value">
<len></len>
<dataN></dataN>
</data_reg>
</set_elem_key>
<set_elem_data>
<data_reg type="xx">
[...]
</data_reg>
</set_elem_data>
</set_elem>
</set>
Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes all XML attributes to XML nodes in nft_set.
In order to avoid issues regarding XML nodes with the same name but
different meanings, I've followed this pattern for the new elements:
<set>
<set_table>string</set_table>
<set_name>string</set_name>
[...]
</set>
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Instead of returning ERANGE all the time, let functions set
errno accordingly and set EINVAL otherwise.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Test the functions for parsing tables in JSON Support
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Add function for parsing tables in format JSON
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch refresh current XML testfiles with some realworld
expressions extracted from rules. The nft instruction itself is added
as a comment for future references.
All XMl files are now indented with tabs instead of spaces. Also, a
bunch of new realworld rules with mixed expressions are added.
I used this command to get the XML formatted with tabs:
$ export XMLLINT_INDENT=$'\t'
$ xmllint --format file.xml
The xmllint tool is included in the libxml2-utils package (at least on
debian systems).
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
