summaryrefslogtreecommitdiffstats
path: root/src/expr/log.c
Commit message (Collapse)AuthorAgeFilesLines
* src: new error reporting approach for XML/JSON parsersÁlvaro Neira Ayuso2014-01-061-10/+17
| | | | | | | | | | | | | | I have added a new structure for reporting some errors in parser that we can't cover with errno. In this patch, we have three errors that we can't cover with errno: NFT_PARSE_EBADINPUT : Bad XML/JSON format in the input NFT_PARSE_EMISSINGNODE : Missing node in our input NFT_PARSE_EBADTYPE : Wrong type value in a node Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: log: fix wrong attribute type in nft_rule_expr_log_parseAna Rey2013-11-191-1/+1
| | | | | | | | I fixed it by using the correct value. Signed-off-by: Ana Rey <anarey@gmail.com> Acked-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: log: fix missing \0 when sending log prefix to kernelAna Rey2013-11-191-1/+1
| | | | | | | | | | | | | | | | If I run my automatic unit test for libnftables, It shows: "ERROR: Expr NFT_EXPR_LOG_PREFIX mismatches" a: test b: test ^^ garbage The problem was in nft_rule_expr_log_build function. With the attached patch, we use mnl_attr_put_strz() instead of mnl_attr_put_str() as in other functions in the library. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: log: release prefixPablo Neira Ayuso2013-11-181-0/+8
| | | | | | | | | Ana Rey reported a leak in the log expression. Fix it by using the new .free interface added in (3cf788a expr: fix leak in target and match expressions). Reported-by: Ana Rey Botello <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: unify parse and output typesÁlvaro Neira Ayuso2013-11-141-3/+3
| | | | | | | | | Unify parse and output types that are redundant to all existing nftables objects. Thus, all NFT_*_O_[XML|JSON|DEFAULT] are merged into NFT_OUTPUT_[JSON|XML] and NFT_PARSE_[JSON|XML]. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: json: remove spacesÁlvaro Neira Ayuso2013-10-171-4/+4
| | | | | | | | | | | | Remove all the spaces from the JSON output to reduce the size of the output string, this also provides a consistent output in table, chain, rule and set. As Stephen Hemminger suggested, better to squash the output to consume as less bytes as possible. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: replace size_t by uint32_t in set/get interfacesPablo Neira Ayuso2013-09-191-2/+2
| | | | | | | | | | | | This patch breaks the ABI to shrink the size parameter from 8 to 4 bytes in x86_64. The maximum length of netlink attributes is 2 bytes, so 4 bytes as attribute payload length should be enough. After this patch, size_t is only used in the nft_*_snprintf interfaces. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: add parsing optional/mandatory flagArturo Borrero Gonzalez2013-09-161-4/+6
| | | | | | | | | | | Add an optional/mandatory flag to XML parsing. In some elements (ie regs), no flag is used because is always mandatory. DATA_NONE is created to indicate a non-parsed data_reg. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: log: use real length when fetching attributesFlorian Westphal2013-09-141-2/+6
| | | | | | | | | | | | | NFTA_LOG_SNAPLEN is u32 and NFTA_LOG_QTHRESHOLD is u16. Without this, netlink messages from kernel fail mnl_validate step when QTHRESH or SNAPLEN was set. Also, nft_rule_expr_log_get must update data_length, else 'nft list' doesn't show log arguments (prefix, group ..) because the netlink message decoding uses nft_rule_expr_get_u16/32 etc. which validate the length, too. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: json: s/nft_jansson_value_parse_val/nft_jansson_parse_val/gPablo Neira Ayuso2013-08-241-6/+4
| | | | | | | | This patch is a cleanup to save LOC. I have also changed it to use < 0 to check for error conditions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: json: s/nft_jansson_value_parse_str/nft_jansson_parse_str/gPablo Neira Ayuso2013-08-241-1/+1
| | | | | | Remove _value_ infix to make the function name smaller. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: Add json parser supportÁlvaro Neira Ayuso2013-08-201-0/+39
| | | | | | | Add function for parsing rules in JSON format Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: log: group and qthreshold are 16 bits longPablo Neira Ayuso2013-08-151-13/+17
| | | | | | Since kernel patch: netfilter: nft_log: group and qthreshold are 2^16 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: don't duplicate string in nft_table_xml_parsePablo Neira Ayuso2013-08-141-1/+1
| | | | | | | | | | | With this patch, nft_table_xml_parse does not duplicate the string anymore, which is what most callers seem to need. This fixes memleaks in several places in the code. Thus, this patch also adapts the code to duplicate it when needed. Based on patch from Arturo Borrero. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove useless castingPablo Neira Ayuso2013-08-061-1/+1
| | | | | | | | Not needed anymore after constification. Based on patch from Arturo Borrero. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: fully constify nft_*_get functionsPablo Neira Ayuso2013-08-061-1/+1
| | | | | | | | | We have several char * field that were not constify to avoid gcc compilation warnings when calling free. Since (99d2574 src: add xfree and use it), we can fully constify these objects fields without trouble. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add xfree and use itPablo Neira Ayuso2013-08-061-2/+2
| | | | | | | | This patch adds xfree, a replacement of free that accepts const pointers. This helps to remove ugly castings that you usually need to calm down gcc. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* mxml: nft_mxml_str_parse returns copy of the stringPablo Neira Ayuso2013-07-251-1/+1
| | | | | | | | | | | Otherwise, the string points to an invalid memory position somewhere in the XML tree that is released after the parsing. This problem was there before the conversion to the new helper function nft_mxml_str_parse. Reported-by: Arturo Borrero <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: consolidate common XML code via nft_mxml_str_parsePablo Neira Ayuso2013-07-251-7/+4
| | | | | | This patch moves common XML string parsing code to nft_mxml_str_parse(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: consolidate common XML code via nft_mxml_num_parseArturo Borrero2013-07-251-33/+13
| | | | | | | | | | | This patch moves common XML parsing code to nft_mxml_num_parse(). To handle this, the nft_strtoi() helper fuction is included. I've changed some MXML_DESCEND[_FIRST] flags to avoid match a nested node under some circumstances, ie, matching two nodes with the same name that are descendant. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: simplify getter logicPablo Neira Ayuso2013-07-181-22/+4
| | | | | | | | This patch refactors the getter code to simplify it. The default cases have been removed so gcc will spot a warning if an attribute is not handled appropriately. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add nft_expr_data to replace explicit casting to obtain expression dataPablo Neira Ayuso2013-07-131-6/+6
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: use __attribute__((constructor)) to register expressionPablo Neira Ayuso2013-07-131-0/+5
| | | | | | Instead of manual array registration. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: improve default text outputGiuseppe Longo2013-07-051-2/+2
| | | | | | | | | | | | | This patch improves default plain text output by mimicing the default output of libnl-nft. While at it, several %lu has been translated to use %"PRIu64" for correctness. [ I have added the policy to string translation --pablo ] Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: consolidate XML parsing of expressions via nft_mxml_expr_parsePablo Neira Ayuso2013-07-041-14/+1
| | | | | | | | | Move common code for XML parsing of expressions to the new nft_mxml_expr_parse function. This patch reduces the XML parsing code in 300 LOC. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: support JSON format in chain, rule and expressionsÁlvaro Neira Ayuso2013-06-291-0/+7
| | | | | | | While at it, order possible switch cases of _snprintf. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: constify first parameter of all nft_*_getPablo Neira Ayuso2013-06-171-1/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add log expressionPablo Neira Ayuso2013-06-101-0/+281
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>