summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* nat: xml: fix wrong node name in snprintfArturo Borrero2013-08-121-3/+3
| | | | | | | | | | | | | | This patch renames all <nat_type> nodes to <type> in nat expr. A bug is fixed, since the default option in snprintf was already <type>. This follows the pattern of avoid prefixing XML nodes. Note that this is mostly reverting what was done at: 31e34c3 (nat: xml: rename node type to nat_type). Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: xml: delete <use> nodeArturo Borrero2013-08-121-2/+2
| | | | | | | | Since the 'use' attribute in a chain can't be set, ignore it in the XML printing. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* xml: expr: limit: fix wrong assignation when parsingArturo Borrero2013-08-121-1/+1
| | | | | | | | | | This assignation was wrong. Introduced at commit e13819c (src: xml: consolidate common XML code via nft_mxml_num_parse). Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: expr: use the function base2str in payloadÁlvaro Neira Ayuso2013-08-111-56/+24
| | | | | | | Use base2str instead to consolidate code in the snprintf path. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: payload: fix missing base setting in XML parserPablo Neira Ayuso2013-08-091-0/+1
| | | | | Reported-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* jansson: Add nft_jansson_family functionÁlvaro Neira Ayuso2013-08-094-15/+23
| | | | | | | Refactor some existing code with the new function nft_jansson_family. Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: payload: add nft_str2base functionÁlvaro Neira Ayuso2013-08-091-12/+19
| | | | | | | Add function that will be use in the JSON parser Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: nat: add nft_str2nat functionÁlvaro Neira Ayuso2013-08-091-10/+17
| | | | | | | Add function that will be use in the JSON parser. Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: cmp: add nft_str2cmp functionÁlvaro Neira Ayuso2013-08-091-14/+24
| | | | | | | Add function that will be use in the JSON parser Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: bytecode: add nft_str2ntoh functionÁlvaro Neira Ayuso2013-08-091-8/+16
| | | | | | | Add function that will be use in the JSON parser. Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: json: delete unneeded JSON prefixesÁlvaro Neira Ayuso2013-08-093-7/+6
| | | | | | | This patch adapts JSON nodes to mimic current XML node tags. Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* json: bitwise: add missing node lenÁlvaro Neira Ayuso2013-08-092-4/+5
| | | | | | | I have added the len node in bitwise which was missing Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: ct: optional output in ctÁlvaro Neira Ayuso2013-08-091-4/+25
| | | | | | | Display direction and key if available Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: fix display of compat_flag and compat_protoÁlvaro Neira Ayuso2013-08-091-4/+5
| | | | | | | Fixed display compat_proto value and compat_flag if available. Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: expr: fix wrong value in the chain field of data_regÁlvaro Neira Ayuso2013-08-091-2/+2
| | | | | | | Fixed wrong value in data_reg_chain snprintf. Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: expr: missing curly braces in json output supportÁlvaro Neira Ayuso2013-08-091-3/+3
| | | | | | | Added missing curly braces in json output support. Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: expr: missing commas in json output supportÁlvaro Neira Ayuso2013-08-092-2/+2
| | | | | | | Added missing commas in json output support. Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: cleanup set element parsingPablo Neira Ayuso2013-08-074-71/+35
| | | | | | | | | | | | Move nft_mxml_set_elem_parse to set_elem.c to improve readability, thus, we don't need to jump from set_elem.c to mxml.c to see how the parsing is done. I have also refactored some common parsing code in the new helper function nft_mxml_set_elem_parse, that avoids conversions from XML tree to text and then again back to tree. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: delete unneeded XML prefixesArturo Borrero Gonzalez2013-08-074-31/+24
| | | | | | | | | | | | | | | | | | | | This patch changes some XML nodes with prefixes, as the example below ilustrates. Before: <rule> <rule_flags/> <rule_family/> <rule> After: <rule> <flags> <family> </rule> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: xml: use nft_mxml_family_parseArturo Borrero Gonzalez2013-08-061-7/+2
| | | | | | | Use nft_mxml_family_parse() to parse the family. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove useless castingPablo Neira Ayuso2013-08-064-13/+7
| | | | | | | | Not needed anymore after constification. Based on patch from Arturo Borrero. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: constify char * fieldsPablo Neira Ayuso2013-08-061-4/+4
| | | | | | | Should have been done in (ec75831 src: fully constify nft_*_get functions). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set_elem: constify nft_set_elem_attr_get_strPablo Neira Ayuso2013-08-061-1/+1
| | | | | | | Should have been done in (ec75831 src: fully constify nft_*_get functions) Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: consolidate error path in table and chain objectsPablo Neira Ayuso2013-08-062-85/+44
| | | | | | Remove a good bunch of LOC with this cleanup. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: use nodes instead of attributesArturo Borrero Gonzalez2013-08-066-94/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When working with XML, it's desirable to work with nodes better than attributes. Table/chain/rules had attributes in their XML representation, and this patch transform those to nodes, ie: Before: <table name="filter"> <family>ip</family> <table_flags>0</table_flags> </table> After: <table> <name>filter</name> <family>ip</family> <table_flags>0</table_flags> </table> While at it: * There was a lot of redundant code that is now collapsed with the new nft_mxml_family_parse() helper function. * I've added a small fix: additional validation for the name of the current XML object, and also replace raw strtol calls to nft_strtoi. * Also, all XML testfiles are updated to keep passing the parsing tests and mantain the repo in consisten state. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: fully constify nft_*_get functionsPablo Neira Ayuso2013-08-066-12/+12
| | | | | | | | | We have several char * field that were not constify to avoid gcc compilation warnings when calling free. Since (99d2574 src: add xfree and use it), we can fully constify these objects fields without trouble. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add xfree and use itPablo Neira Ayuso2013-08-0614-67/+74
| | | | | | | | This patch adds xfree, a replacement of free that accepts const pointers. This helps to remove ugly castings that you usually need to calm down gcc. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Use nft_str2hooknum() in the XML parsing code.Arturo Borrero Gonzalez2013-08-051-15/+11
| | | | | | | Note: I've used MXML_DESCEND_FIRST flag when calling nft_mxml_str_parse() to ensure that the parsing travels from the top of the chain XML tree. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
* chain: fix compilation warning due to unused nft_str2hooknum()Arturo Borrero Gonzalez2013-08-051-1/+1
| | | | | | | | If neither XML_PARSING nor JSON_PARSING are defined (libnftables configured without XML/JSON parsing support), a warning is produced due to unused nft_str2hooknum() function. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
* src: xml: table/chain delete propertiesArturo Borrero Gonzalez2013-08-052-25/+10
| | | | | | | | | | This patch deletes the <properties> node in chain and table XML objects. For this to work, the first tree search with MXML_DESCEND_FIRST flag is moved to the next node. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: fix nft_str2hooknum return valueArturo Borrero Gonzalez2013-08-051-2/+2
| | | | | | | nft_str2hooknum() should return -1 if no hooknum was found. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Add json parser supportÁlvaro Neira Ayuso2013-07-311-0/+117
| | | | | | | Add function for parsing chains in format JSON. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: remove the properties node in Json outputÁlvaro Neira Ayuso2013-07-311-5/+3
| | | | | | | I have removed the properties node from chain because it's a node without relevant information Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: remove the properties node in Json outputÁlvaro Neira Ayuso2013-07-311-10/+2
| | | | | | | | I have removed the properties node from table because it provides no relevant information. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* jansson: Add helper function for building the tree and use itÁlvaro Neira Ayuso2013-07-313-11/+23
| | | | | | | | Add a helper function that parses and returns the jansson tree, use it in the table parser. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: remove duplicated policy2strÁlvaro Neira Ayuso2013-07-311-15/+2
| | | | | | | Use nft_verdict2str function instead. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove version from XML and JSON representationsPablo Neira Ayuso2013-07-265-84/+13
| | | | | | | | | | | | | | | | | | | | | | This patch removes the version XML node and the version JSON field in all our existing objects. The current versioning approach consists of adding a version field to every object representation in XML and JSON. While listing my entire rule-set, one can notice that this approach is too bloated. Once the library enters stable stage, if we need to obsolete a XML node and a JSON field, we can follow this procedure: 1) Remove the XML node and the JSON field from the output, so fresh outputs will not contain the old ones anymore. 2) Do not remove the parsing of the old XML node and the JSON field inmediately. We have to keep supporting the parsing for a while to avoid breaking the interpretion of old XML/JSON files. We can spot a warning to warn about it, so users generate a fresh output again. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add XML parsingArturo Borrero2013-07-265-1/+273
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sets are now parsed, following this previous snprintf pattern: <set> <set_name>string</set_name> <set_table>table</set_table> <set_xml_version>int</set_xml_version> <set_flags>uint32_t</set_flags> <key_type>uint32_t</key_type> <key_len>size_t</key_len> <data_type>uint32_t</data_type> <data_len>size_t</data_len> <set_elem> <set_elem_flags>uint32_t</set_elem_flags> <set_elem_key> <data_reg type="value"> <len></len> <dataN></dataN> </data_reg> </set_elem_key> <set_elem_data> <data_reg type="xx"> [...] </data_reg> </set_elem_data> </set_elem> </set> Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: xml: change XML attributes to nodes.Arturo Borrero2013-07-261-14/+12
| | | | | | | | | | | | | | | | This patch changes all XML attributes to XML nodes in nft_set. In order to avoid issues regarding XML nodes with the same name but different meanings, I've followed this pattern for the new elements: <set> <set_table>string</set_table> <set_name>string</set_name> [...] </set> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: json: fix returned errno value while parsingPablo Neira Ayuso2013-07-252-21/+20
| | | | | | | Instead of returning ERANGE all the time, let functions set errno accordingly and set EINVAL otherwise. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: Add json parser supportÁlvaro Neira Ayuso2013-07-255-25/+197
| | | | | | | Add function for parsing tables in format JSON Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* immediate: xml: fix name inconsistencyArturo Borrero2013-07-251-1/+2
| | | | | | | | | | <immdata> should be <immediatedata> instead. This bug was introduced at (1e8e5d4 src: xml: consolidate parsing of data_reg via nft_mxml_data_reg_parse). Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: nft_str2family sets errnoPablo Neira Ayuso2013-07-251-0/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: utils: add verdict2str and use itArturo Borrero2013-07-253-31/+62
| | | | | | | | | | | | Add verdict2str() and str2verdict() helper functions and use in XML. While at it, I've fixed a small style issue in the data_reg JSON output and a bug in the data_reg XML parser: The parser walked the top level tree, instead of single <data_reg> node. Introduced in (51370f0 src: add support for XML parsing). Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: don't override errno value if nft_mxml_num_parse is usedPablo Neira Ayuso2013-07-253-13/+9
| | | | | | That function already sets errno for us. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* mxml: nft_mxml_str_parse returns copy of the stringPablo Neira Ayuso2013-07-252-2/+2
| | | | | | | | | | | Otherwise, the string points to an invalid memory position somewhere in the XML tree that is released after the parsing. This problem was there before the conversion to the new helper function nft_mxml_str_parse. Reported-by: Arturo Borrero <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: ct: use nft_mxml_str_parsePablo Neira Ayuso2013-07-251-5/+5
| | | | | | Replace existing code to use this function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: payload: use nft_mxml_num_parsePablo Neira Ayuso2013-07-251-22/+8
| | | | | | Replace existing code to use this function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: consolidate common XML code via nft_mxml_str_parsePablo Neira Ayuso2013-07-2512-105/+109
| | | | | | This patch moves common XML string parsing code to nft_mxml_str_parse(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: cmp: cmpdata is mandatory nodePablo Neira Ayuso2013-07-251-8/+4
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>