From 0b3161731262d3a8c6110c17fd818af325dbf491 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 10 Dec 2013 17:21:47 +0100 Subject: examples: nft-rule-add: use existing batch infrastructure This patch reworks the existing example to add the rule: nft add rule ip filter input tcp dport 22 counter It uses the existing nfnl batching approach using the generic mnl netlink message batching infrastructure. It also removed the code that uses xtables compat code. Based on original patch by Arturo Borrero Gonzalez. Signed-off-by: Pablo Neira Ayuso --- examples/nft-rule-add.c | 257 +++++++++++++++++++++--------------- include/linux/netfilter/nfnetlink.h | 5 + 2 files changed, 152 insertions(+), 110 deletions(-) diff --git a/examples/nft-rule-add.c b/examples/nft-rule-add.c index f896bc0..0534fa5 100644 --- a/examples/nft-rule-add.c +++ b/examples/nft-rule-add.c @@ -14,126 +14,178 @@ #include #include /* for offsetof */ #include +#include +#include #include +#include +#include +#include #include +#include #include #include #include #include -#include -#include - -#include - -static void add_target_log(struct nft_rule_expr *e) +static void add_payload(struct nft_rule *r, uint32_t base, uint32_t dreg, + uint32_t offset, uint32_t len) { - struct ipt_log_info *info; + struct nft_rule_expr *e; - nft_rule_expr_set(e, NFT_EXPR_TG_NAME, "LOG", strlen("LOG")); - nft_rule_expr_set_u32(e, NFT_EXPR_TG_REV, 0); - - info = calloc(1, sizeof(struct ipt_log_info)); - if (info == NULL) - return; + e = nft_rule_expr_alloc("payload"); + if (e == NULL) { + perror("expr payload oom"); + exit(EXIT_FAILURE); + } - sprintf(info->prefix, "test: "); - info->prefix[sizeof(info->prefix)-1] = '\0'; - info->logflags = 0x0f; - info->level = 5; + nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_BASE, base); + nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_DREG, dreg); + nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_OFFSET, offset); + nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_LEN, len); - nft_rule_expr_set(e, NFT_EXPR_TG_INFO, info, sizeof(*info)); + nft_rule_add_expr(r, e); } -static void add_expr_target(struct nft_rule *r) +static void add_cmp(struct nft_rule *r, uint32_t sreg, uint32_t op, + const void *data, uint32_t data_len) { - struct nft_rule_expr *expr; + struct nft_rule_expr *e; - expr = nft_rule_expr_alloc("target"); - if (expr == NULL) - return; + e = nft_rule_expr_alloc("cmp"); + if (e == NULL) { + perror("expr cmp oom"); + exit(EXIT_FAILURE); + } - add_target_log(expr); + nft_rule_expr_set_u32(e, NFT_EXPR_CMP_SREG, sreg); + nft_rule_expr_set_u32(e, NFT_EXPR_CMP_OP, op); + nft_rule_expr_set(e, NFT_EXPR_CMP_DATA, data, data_len); - nft_rule_add_expr(r, expr); + nft_rule_add_expr(r, e); } -static void add_match_iprange(struct nft_rule_expr *e) +static void add_counter(struct nft_rule *r) { - struct xt_iprange_mtinfo *info; - - nft_rule_expr_set(e, NFT_EXPR_MT_NAME, "iprange", strlen("iprange")); - nft_rule_expr_set_u32(e, NFT_EXPR_MT_REV, 1); + struct nft_rule_expr *e; - info = calloc(1, sizeof(struct xt_iprange_mtinfo)); - if (info == NULL) - return; - - info->src_min.ip = info->dst_min.ip = inet_addr("127.0.0.1"); - info->src_max.ip = info->dst_max.ip = inet_addr("127.0.0.1"); - info->flags = IPRANGE_SRC; + e = nft_rule_expr_alloc("counter"); + if (e == NULL) { + perror("expr counter oom"); + exit(EXIT_FAILURE); + } - nft_rule_expr_set(e, NFT_EXPR_MT_INFO, info, sizeof(*info)); + nft_rule_add_expr(r, e); } -static void add_expr_match(struct nft_rule *r) +static struct nft_rule *setup_rule(uint8_t family, const char *table, + const char *chain) { - struct nft_rule_expr *expr; + struct nft_rule *r = NULL; + uint8_t proto; + uint16_t dport; - expr = nft_rule_expr_alloc("match"); - if (expr == NULL) - return; + r = nft_rule_alloc(); + if (r == NULL) { + perror("OOM"); + exit(EXIT_FAILURE); + } - add_match_iprange(expr); + nft_rule_attr_set(r, NFT_RULE_ATTR_TABLE, table); + nft_rule_attr_set(r, NFT_RULE_ATTR_CHAIN, chain); + nft_rule_attr_set_u32(r, NFT_RULE_ATTR_FAMILY, family); - nft_rule_add_expr(r, expr); -} + proto = IPPROTO_TCP; + add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1, + offsetof(struct iphdr, protocol), sizeof(uint8_t)); + add_cmp(r, NFT_REG_1, NFT_CMP_EQ, &proto, sizeof(uint8_t)); -#define field_sizeof(t, f) (sizeof(((t *)NULL)->f)) + dport = htons(22); + add_payload(r, NFT_PAYLOAD_TRANSPORT_HEADER, NFT_REG_1, + offsetof(struct tcphdr, dest), sizeof(uint16_t)); + add_cmp(r, NFT_REG_1, NFT_CMP_EQ, &dport, sizeof(uint16_t)); -static void add_payload2(struct nft_rule_expr *e) -{ - nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_BASE, - NFT_PAYLOAD_NETWORK_HEADER); - nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_DREG, NFT_REG_1); - nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_OFFSET, - offsetof(struct iphdr, protocol)); - nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_LEN, 1); + add_counter(r); + + return r; } -static void add_payload(struct nft_rule *r) +static int seq; + +static void nft_mnl_batch_put(struct mnl_nlmsg_batch *batch, int type) { - struct nft_rule_expr *expr; + struct nlmsghdr *nlh; + struct nfgenmsg *nfg; - expr = nft_rule_expr_alloc("payload"); - if (expr == NULL) - return; + nlh = mnl_nlmsg_put_header(mnl_nlmsg_batch_current(batch)); + nlh->nlmsg_type = type; + nlh->nlmsg_flags = NLM_F_REQUEST; + nlh->nlmsg_seq = seq++; - add_payload2(expr); + nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg)); + nfg->nfgen_family = AF_INET; + nfg->version = NFNETLINK_V0; + nfg->res_id = NFNL_SUBSYS_NFTABLES; - nft_rule_add_expr(r, expr); + mnl_nlmsg_batch_next(batch); +} + +static int nft_mnl_batch_talk(struct mnl_socket *nl, struct mnl_nlmsg_batch *b) +{ + int ret, fd = mnl_socket_get_fd(nl); + char rcv_buf[MNL_SOCKET_BUFFER_SIZE]; + fd_set readfds; + struct timeval tv = { + .tv_sec = 0, + .tv_usec = 0 + }; + + ret = mnl_socket_sendto(nl, mnl_nlmsg_batch_head(b), + mnl_nlmsg_batch_size(b)); + if (ret == -1) + goto err; + + FD_ZERO(&readfds); + FD_SET(fd, &readfds); + + /* receive and digest all the acknowledgments from the kernel. */ + ret = select(fd+1, &readfds, NULL, NULL, &tv); + if (ret == -1) + goto err; + + while (ret > 0 && FD_ISSET(fd, &readfds)) { + ret = mnl_socket_recvfrom(nl, rcv_buf, sizeof(rcv_buf)); + if (ret == -1) + goto err; + + ret = mnl_cb_run(rcv_buf, ret, 0, mnl_socket_get_portid(nl), + NULL, NULL); + if (ret < 0) + goto err; + + ret = select(fd+1, &readfds, NULL, NULL, &tv); + if (ret == -1) + goto err; + + FD_ZERO(&readfds); + FD_SET(fd, &readfds); + } +err: + return ret; } int main(int argc, char *argv[]) { struct mnl_socket *nl; - char buf[MNL_SOCKET_BUFFER_SIZE]; + struct nft_rule *r; struct nlmsghdr *nlh; - uint32_t portid, seq; - struct nft_rule *r = NULL; - int ret, family; + struct mnl_nlmsg_batch *batch; + uint8_t family; + char buf[4096]; if (argc != 4) { - fprintf(stderr, "Usage: %s \n", - argv[0]); - exit(EXIT_FAILURE); - } - - r = nft_rule_alloc(); - if (r == NULL) { - perror("OOM"); + fprintf(stderr, "Usage: %s
\n", argv[0]); exit(EXIT_FAILURE); } @@ -141,32 +193,12 @@ int main(int argc, char *argv[]) family = NFPROTO_IPV4; else if (strcmp(argv[1], "ip6") == 0) family = NFPROTO_IPV6; - else if (strcmp(argv[1], "bridge") == 0) - family = NFPROTO_BRIDGE; - else if (strcmp(argv[1], "arp") == 0) - family = NFPROTO_ARP; else { - fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n"); + fprintf(stderr, "Unknown family: ip, ip6\n"); exit(EXIT_FAILURE); } - nft_rule_attr_set(r, NFT_RULE_ATTR_TABLE, argv[2]); - nft_rule_attr_set(r, NFT_RULE_ATTR_CHAIN, argv[3]); - - add_expr_match(r); - add_payload(r); - add_expr_target(r); - - char tmp[1024]; - nft_rule_snprintf(tmp, sizeof(tmp), r, 0, 0); - printf("%s\n", tmp); - - seq = time(NULL); - nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, family, - NLM_F_APPEND|NLM_F_ACK|NLM_F_CREATE, - seq); - nft_rule_nlmsg_build_payload(nlh, r); - nft_rule_free(r); + r = setup_rule(family, argv[2], argv[3]); nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { @@ -178,24 +210,29 @@ int main(int argc, char *argv[]) perror("mnl_socket_bind"); exit(EXIT_FAILURE); } - portid = mnl_socket_get_portid(nl); - if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { - perror("mnl_socket_send"); - exit(EXIT_FAILURE); - } + batch = mnl_nlmsg_batch_start(buf, sizeof(buf)); - ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); - while (ret > 0) { - ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL); - if (ret <= 0) - break; - ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); - } - if (ret == -1) { - perror("error"); + nft_mnl_batch_put(batch, NFNL_MSG_BATCH_BEGIN); + + nlh = nft_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_NEWRULE, + nft_rule_attr_get_u32(r, NFT_RULE_ATTR_FAMILY), + NLM_F_APPEND|NLM_F_CREATE, seq); + + nft_rule_nlmsg_build_payload(nlh, r); + nft_rule_free(r); + mnl_nlmsg_batch_next(batch); + + nft_mnl_batch_put(batch, NFNL_MSG_BATCH_END); + + if (nft_mnl_batch_talk(nl, batch) < 0) { + perror("Netlink problem"); exit(EXIT_FAILURE); } + + mnl_nlmsg_batch_stop(batch); + mnl_socket_close(nl); return EXIT_SUCCESS; diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h index 91eebab..336c10c 100644 --- a/include/linux/netfilter/nfnetlink.h +++ b/include/linux/netfilter/nfnetlink.h @@ -97,4 +97,9 @@ extern void nfnl_unlock(void); MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys)) #endif /* __KERNEL__ */ + +/* Reserved control nfnetlink messages */ +#define NFNL_MSG_BATCH_BEGIN NLMSG_MIN_TYPE +#define NFNL_MSG_BATCH_END NLMSG_MIN_TYPE+1 + #endif /* _NFNETLINK_H */ -- cgit v1.2.3 From 2307124fe813e2d2d7e1a7bab09076a5a961e79b Mon Sep 17 00:00:00 2001 From: Tomasz Bursztyka Date: Thu, 12 Dec 2013 15:00:43 +0200 Subject: include: update netlink.h to 3.13 Use kernel header from 3.13-rc upstream kernel, this includes documentation changes that were missing. Signed-off-by: Tomasz Bursztyka Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter/nf_tables.h | 89 ++++++++++++++++++++++++++++++++++--- 1 file changed, 84 insertions(+), 5 deletions(-) diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 4ec8187..fbfd229 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -32,6 +32,25 @@ enum nft_verdicts { NFT_RETURN = -5, }; +/** + * enum nf_tables_msg_types - nf_tables netlink message types + * + * @NFT_MSG_NEWTABLE: create a new table (enum nft_table_attributes) + * @NFT_MSG_GETTABLE: get a table (enum nft_table_attributes) + * @NFT_MSG_DELTABLE: delete a table (enum nft_table_attributes) + * @NFT_MSG_NEWCHAIN: create a new chain (enum nft_chain_attributes) + * @NFT_MSG_GETCHAIN: get a chain (enum nft_chain_attributes) + * @NFT_MSG_DELCHAIN: delete a chain (enum nft_chain_attributes) + * @NFT_MSG_NEWRULE: create a new rule (enum nft_rule_attributes) + * @NFT_MSG_GETRULE: get a rule (enum nft_rule_attributes) + * @NFT_MSG_DELRULE: delete a rule (enum nft_rule_attributes) + * @NFT_MSG_NEWSET: create a new set (enum nft_set_attributes) + * @NFT_MSG_GETSET: get a set (enum nft_set_attributes) + * @NFT_MSG_DELSET: delete a set (enum nft_set_attributes) + * @NFT_MSG_NEWSETELEM: create a new set element (enum nft_set_elem_attributes) + * @NFT_MSG_GETSETELEM: get a set element (enum nft_set_elem_attributes) + * @NFT_MSG_DELSETELEM: delete a set element (enum nft_set_elem_attributes) + */ enum nf_tables_msg_types { NFT_MSG_NEWTABLE, NFT_MSG_GETTABLE, @@ -90,6 +109,7 @@ enum nft_table_flags { * enum nft_table_attributes - nf_tables table netlink attributes * * @NFTA_TABLE_NAME: name of the table (NLA_STRING) + * @NFTA_TABLE_FLAGS: bitmask of enum nft_table_flags (NLA_U32) */ enum nft_table_attributes { NFTA_TABLE_UNSPEC, @@ -103,8 +123,13 @@ enum nft_table_attributes { * enum nft_chain_attributes - nf_tables chain netlink attributes * * @NFTA_CHAIN_TABLE: name of the table containing the chain (NLA_STRING) + * @NFTA_CHAIN_HANDLE: numeric handle of the chain (NLA_U64) * @NFTA_CHAIN_NAME: name of the chain (NLA_STRING) * @NFTA_CHAIN_HOOK: hook specification for basechains (NLA_NESTED: nft_hook_attributes) + * @NFTA_CHAIN_POLICY: numeric policy of the chain (NLA_U32) + * @NFTA_CHAIN_USE: number of references to this chain (NLA_U32) + * @NFTA_CHAIN_TYPE: type name of the string (NLA_NUL_STRING) + * @NFTA_CHAIN_COUNTERS: counter specification of the chain (NLA_NESTED: nft_counter_attributes) */ enum nft_chain_attributes { NFTA_CHAIN_UNSPEC, @@ -125,8 +150,10 @@ enum nft_chain_attributes { * * @NFTA_RULE_TABLE: name of the table containing the rule (NLA_STRING) * @NFTA_RULE_CHAIN: name of the chain containing the rule (NLA_STRING) - * @NFTA_RULE_HANDLE: numeric handle of the rule (NLA_U16) + * @NFTA_RULE_HANDLE: numeric handle of the rule (NLA_U64) * @NFTA_RULE_EXPRESSIONS: list of expressions (NLA_NESTED: nft_expr_attributes) + * @NFTA_RULE_COMPAT: compatibility specifications of the rule (NLA_NESTED: nft_rule_compat_attributes) + * @NFTA_RULE_POSITION: numeric handle of the previous rule (NLA_U64) */ enum nft_rule_attributes { NFTA_RULE_UNSPEC, @@ -140,11 +167,22 @@ enum nft_rule_attributes { }; #define NFTA_RULE_MAX (__NFTA_RULE_MAX - 1) +/** + * enum nft_rule_compat_flags - nf_tables rule compat flags + * + * @NFT_RULE_COMPAT_F_INV: invert the check result + */ enum nft_rule_compat_flags { NFT_RULE_COMPAT_F_INV = (1 << 1), NFT_RULE_COMPAT_F_MASK = NFT_RULE_COMPAT_F_INV, }; +/** + * enum nft_rule_compat_attributes - nf_tables rule compat attributes + * + * @NFTA_RULE_COMPAT_PROTO: numerice value of handled protocol (NLA_U32) + * @NFTA_RULE_COMPAT_FLAGS: bitmask of enum nft_rule_compat_flags (NLA_U32) + */ enum nft_rule_compat_attributes { NFTA_RULE_COMPAT_UNSPEC, NFTA_RULE_COMPAT_PROTO, @@ -342,11 +380,26 @@ enum nft_bitwise_attributes { }; #define NFTA_BITWISE_MAX (__NFTA_BITWISE_MAX - 1) +/** + * enum nft_byteorder_ops - nf_tables byteorder operators + * + * @NFT_BYTEORDER_NTOH: network to host operator + * @NFT_BYTEORDER_HTON: host to network opertaor + */ enum nft_byteorder_ops { NFT_BYTEORDER_NTOH, NFT_BYTEORDER_HTON, }; +/** + * enum nft_byteorder_attributes - nf_tables byteorder expression netlink attributes + * + * @NFTA_BYTEORDER_SREG: source register (NLA_U32: nft_registers) + * @NFTA_BYTEORDER_DREG: destination register (NLA_U32: nft_registers) + * @NFTA_BYTEORDER_OP: operator (NLA_U32: enum nft_byteorder_ops) + * @NFTA_BYTEORDER_LEN: length of the data (NLA_U32) + * @NFTA_BYTEORDER_SIZE: data size in bytes (NLA_U32: 2 or 4) + */ enum nft_byteorder_attributes { NFTA_BYTEORDER_UNSPEC, NFTA_BYTEORDER_SREG, @@ -358,6 +411,16 @@ enum nft_byteorder_attributes { }; #define NFTA_BYTEORDER_MAX (__NFTA_BYTEORDER_MAX - 1) +/** + * enum nft_cmp_ops - nf_tables relational operator + * + * @NFT_CMP_EQ: equal + * @NFT_CMP_NEQ: not equal + * @NFT_CMP_LT: less than + * @NFT_CMP_LTE: less than or equal to + * @NFT_CMP_GT: greater than + * @NFT_CMP_GTE: greater than or equal to + */ enum nft_cmp_ops { NFT_CMP_EQ, NFT_CMP_NEQ, @@ -383,6 +446,13 @@ enum nft_cmp_attributes { }; #define NFTA_CMP_MAX (__NFTA_CMP_MAX - 1) +/** + * enum nft_lookup_attributes - nf_tables set lookup expression netlink attributes + * + * @NFTA_LOOKUP_SET: name of the set where to look for (NLA_STRING) + * @NFTA_LOOKUP_SREG: source register of the data to look for (NLA_U32: nft_registers) + * @NFTA_LOOKUP_DREG: destination register (NLA_U32: nft_registers) + */ enum nft_lookup_attributes { NFTA_LOOKUP_UNSPEC, NFTA_LOOKUP_SET, @@ -423,6 +493,14 @@ enum nft_payload_attributes { }; #define NFTA_PAYLOAD_MAX (__NFTA_PAYLOAD_MAX - 1) +/** + * enum nft_exthdr_attributes - nf_tables IPv6 extension header expression netlink attributes + * + * @NFTA_EXTHDR_DREG: destination register (NLA_U32: nft_registers) + * @NFTA_EXTHDR_TYPE: extension header type (NLA_U8) + * @NFTA_EXTHDR_OFFSET: extension header offset (NLA_U32) + * @NFTA_EXTHDR_LEN: extension header length (NLA_U32) + */ enum nft_exthdr_attributes { NFTA_EXTHDR_UNSPEC, NFTA_EXTHDR_DREG, @@ -619,10 +697,11 @@ enum nft_nat_types { * enum nft_nat_attributes - nf_tables nat expression netlink attributes * * @NFTA_NAT_TYPE: NAT type (NLA_U32: nft_nat_types) - * @NFTA_NAT_ADDR_MIN: source register of address range start (NLA_U32: nft_registers) - * @NFTA_NAT_ADDR_MAX: source register of address range end (NLA_U32: nft_registers) - * @NFTA_NAT_PROTO_MIN: source register of proto range start (NLA_U32: nft_registers) - * @NFTA_NAT_PROTO_MAX: source register of proto range end (NLA_U32: nft_registers) + * @NFTA_NAT_FAMILY: NAT family (NLA_U32) + * @NFTA_NAT_REG_ADDR_MIN: source register of address range start (NLA_U32: nft_registers) + * @NFTA_NAT_REG_ADDR_MAX: source register of address range end (NLA_U32: nft_registers) + * @NFTA_NAT_REG_PROTO_MIN: source register of proto range start (NLA_U32: nft_registers) + * @NFTA_NAT_REG_PROTO_MAX: source register of proto range end (NLA_U32: nft_registers) */ enum nft_nat_attributes { NFTA_NAT_UNSPEC, -- cgit v1.2.3 From 24e08e5ecd81c1570d2521f354acfb341d8e9ce4 Mon Sep 17 00:00:00 2001 From: Douglas Freed Date: Mon, 23 Dec 2013 09:14:57 +0000 Subject: build: properly handle --without-{xml,json}-parsing This patch fixes how --without-{xml,json}-parsing (and subsequently --with-{xml,json}-parsing=no) is handled. Prior to this, --without-{xml,json}-parsing actually resulted in libnftables being built with that parsing enabled. Signed-off-by: Douglas Freed Signed-off-by: Pablo Neira Ayuso --- configure.ac | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index b023755..6219737 100644 --- a/configure.ac +++ b/configure.ac @@ -16,11 +16,9 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) dnl Dependencies PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.0]) AC_ARG_WITH([xml-parsing], - AS_HELP_STRING([--with-xml-parsing], [XML parsing support]), - [with_xml_parsing="yes"], [with_xml_parsing="no"]) + AS_HELP_STRING([--with-xml-parsing], [XML parsing support])) AC_ARG_WITH([json-parsing], - AS_HELP_STRING([--with-json-parsing], [JSON parsing support]), - [with_json_parsing="yes"], [with_json_parsing="no"]) + AS_HELP_STRING([--with-json-parsing], [JSON parsing support])) AS_IF([test "x$with_xml_parsing" = "xyes"], [ PKG_CHECK_MODULES([LIBXML], [mxml >= 2.6]) -- cgit v1.2.3 From b4a0d19dc1b16a614cdf0aa362f754e734486b38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Neira=20Ayuso?= Date: Tue, 31 Dec 2013 12:27:47 +0100 Subject: src: rename the parameter tag to node_name in jansson function I have changed this parameter for having consistence with the xml helper function. This patch is a cleanup. Signed-off-by: Alvaro Neira Ayuso Signed-off-by: Pablo Neira Ayuso --- src/internal.h | 18 ++++++++++-------- src/jansson.c | 34 ++++++++++++++++++---------------- 2 files changed, 28 insertions(+), 24 deletions(-) diff --git a/src/internal.h b/src/internal.h index a10d874..f975ad1 100644 --- a/src/internal.h +++ b/src/internal.h @@ -57,19 +57,21 @@ int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s); #ifdef JSON_PARSING #include -int nft_jansson_parse_val(json_t *root, const char *tag, int type, void *out); -const char *nft_jansson_parse_str(json_t *root, const char *tag); -bool nft_jansson_node_exist(json_t *root, const char *tag); +int nft_jansson_parse_val(json_t *root, const char *node_name, int type, + void *out); +const char *nft_jansson_parse_str(json_t *root, const char *node_name); +bool nft_jansson_node_exist(json_t *root, const char *node_name); json_t *nft_jansson_create_root(const char *json, json_error_t *err); -json_t *nft_jansson_get_node(json_t *root, const char *tag); +json_t *nft_jansson_get_node(json_t *root, const char *node_name); void nft_jansson_free_root(json_t *root); int nft_jansson_parse_family(json_t *root, void *out); -int nft_jansson_str2num(json_t *root, const char *tag, int base, void *out, - enum nft_type type); -int nft_jansson_parse_reg(json_t *root, const char *tag, int type, void *out); +int nft_jansson_str2num(json_t *root, const char *node_name, int base, + void *out, enum nft_type type); +int nft_jansson_parse_reg(json_t *root, const char *node_name, int type, + void *out); struct nft_rule_expr *nft_jansson_expr_parse(json_t *root); union nft_data_reg; -int nft_jansson_data_reg_parse(json_t *root, const char *tag, +int nft_jansson_data_reg_parse(json_t *root, const char *node_name, union nft_data_reg *data_reg); struct nft_set_elem; int nft_set_elem_json_parse(struct nft_set_elem *e, json_t *root); diff --git a/src/jansson.c b/src/jansson.c index 04146e2..539f9ab 100644 --- a/src/jansson.c +++ b/src/jansson.c @@ -23,12 +23,12 @@ #ifdef JSON_PARSING -static int nft_jansson_load_int_node(json_t *root, const char *tag, +static int nft_jansson_load_int_node(json_t *root, const char *node_name, json_int_t *val) { json_t *node; - node = json_object_get(root, tag); + node = json_object_get(root, node_name); if (node == NULL) { errno = EINVAL; return -1; @@ -43,12 +43,12 @@ static int nft_jansson_load_int_node(json_t *root, const char *tag, return 0; } -const char *nft_jansson_parse_str(json_t *root, const char *tag) +const char *nft_jansson_parse_str(json_t *root, const char *node_name) { json_t *node; const char *val; - node = json_object_get(root, tag); + node = json_object_get(root, node_name); if (node == NULL) { errno = EINVAL; return NULL; @@ -58,11 +58,12 @@ const char *nft_jansson_parse_str(json_t *root, const char *tag) return val; } -int nft_jansson_parse_val(json_t *root, const char *tag, int type, void *out) +int nft_jansson_parse_val(json_t *root, const char *node_name, int type, + void *out) { json_int_t val; - if (nft_jansson_load_int_node(root, tag, &val) == -1) + if (nft_jansson_load_int_node(root, node_name, &val) == -1) return -1; if (nft_get_value(type, &val, out) == -1) @@ -71,9 +72,9 @@ int nft_jansson_parse_val(json_t *root, const char *tag, int type, void *out) return 0; } -bool nft_jansson_node_exist(json_t *root, const char *tag) +bool nft_jansson_node_exist(json_t *root, const char *node_name) { - return json_object_get(root, tag) != NULL; + return json_object_get(root, node_name) != NULL; } json_t *nft_jansson_create_root(const char *json, json_error_t *err) @@ -89,11 +90,11 @@ json_t *nft_jansson_create_root(const char *json, json_error_t *err) return root; } -json_t *nft_jansson_get_node(json_t *root, const char *tag) +json_t *nft_jansson_get_node(json_t *root, const char *node_name) { json_t *node; - node = json_object_get(root, tag); + node = json_object_get(root, node_name); if (node == NULL) { errno = EINVAL; return NULL; @@ -126,9 +127,10 @@ int nft_jansson_parse_family(json_t *root, void *out) return 0; } -int nft_jansson_parse_reg(json_t *root, const char *tag, int type, void *out) +int nft_jansson_parse_reg(json_t *root, const char *node_name, int type, + void *out) { - if (nft_jansson_parse_val(root, tag, type, out) < 0) + if (nft_jansson_parse_val(root, node_name, type, out) < 0) return -1; if (*((uint32_t *)out) > NFT_REG_MAX){ @@ -139,12 +141,12 @@ int nft_jansson_parse_reg(json_t *root, const char *tag, int type, void *out) return 0; } -int nft_jansson_str2num(json_t *root, const char *tag, int base, +int nft_jansson_str2num(json_t *root, const char *node_name, int base, void *out, enum nft_type type) { const char *str; - str = nft_jansson_parse_str(root, tag); + str = nft_jansson_parse_str(root, node_name); if (str == NULL) return -1; @@ -170,14 +172,14 @@ struct nft_rule_expr *nft_jansson_expr_parse(json_t *root) return ret < 0 ? NULL : e; } -int nft_jansson_data_reg_parse(json_t *root, const char *tag, +int nft_jansson_data_reg_parse(json_t *root, const char *node_name, union nft_data_reg *data_reg) { json_t *data; const char *type; int ret; - data = json_object_get(root, tag); + data = json_object_get(root, node_name); if (data == NULL) { errno = EINVAL; return -1; -- cgit v1.2.3 From e87d2f9ef8a4a298de5514b30ec2d43d3c90a644 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Neira=20Ayuso?= Date: Mon, 6 Jan 2014 00:51:14 +0100 Subject: src: new error reporting approach for XML/JSON parsers I have added a new structure for reporting some errors in parser that we can't cover with errno. In this patch, we have three errors that we can't cover with errno: NFT_PARSE_EBADINPUT : Bad XML/JSON format in the input NFT_PARSE_EMISSINGNODE : Missing node in our input NFT_PARSE_EBADTYPE : Wrong type value in a node Signed-off-by: Alvaro Neira Ayuso Signed-off-by: Pablo Neira Ayuso --- examples/nft-chain-json-add.c | 12 +++++- examples/nft-chain-xml-add.c | 12 +++++- examples/nft-rule-json-add.c | 12 +++++- examples/nft-rule-xml-add.c | 12 +++++- examples/nft-set-json-add.c | 12 +++++- examples/nft-table-json-add.c | 12 +++++- examples/nft-table-xml-add.c | 13 ++++++- include/libnftables/chain.h | 3 +- include/libnftables/common.h | 11 ++++++ include/libnftables/rule.h | 3 +- include/libnftables/ruleset.h | 3 +- include/libnftables/set.h | 6 ++- include/libnftables/table.h | 3 +- src/Makefile.am | 1 + src/chain.c | 75 +++++++++++++++++++++--------------- src/common.c | 31 +++++++++++++++ src/expr/bitwise.c | 26 +++++++------ src/expr/byteorder.c | 27 +++++++------ src/expr/cmp.c | 20 ++++++---- src/expr/counter.c | 16 +++++--- src/expr/ct.c | 19 +++++---- src/expr/data_reg.c | 54 +++++++++++++++----------- src/expr/data_reg.h | 6 ++- src/expr/exthdr.c | 23 ++++++----- src/expr/immediate.c | 14 ++++--- src/expr/limit.c | 17 +++++--- src/expr/log.c | 27 ++++++++----- src/expr/lookup.c | 18 +++++---- src/expr/match.c | 10 +++-- src/expr/meta.c | 14 ++++--- src/expr/nat.c | 30 ++++++++------- src/expr/payload.c | 24 +++++++----- src/expr/reject.c | 16 +++++--- src/expr/target.c | 10 +++-- src/expr_ops.h | 6 ++- src/internal.h | 90 ++++++++++++++++++++++++++++++------------- src/jansson.c | 83 ++++++++++++++++++++++++++------------- src/libnftables.map | 4 ++ src/mxml.c | 83 +++++++++++++++++++++++++++++---------- src/rule.c | 69 +++++++++++++++++++-------------- src/ruleset.c | 72 +++++++++++++++++++--------------- src/set.c | 70 ++++++++++++++++++--------------- src/set_elem.c | 21 +++++----- src/table.c | 44 ++++++++++++--------- tests/nft-parsing-test.c | 40 +++++++++++-------- 45 files changed, 757 insertions(+), 417 deletions(-) diff --git a/examples/nft-chain-json-add.c b/examples/nft-chain-json-add.c index 50cb29f..1802fb0 100644 --- a/examples/nft-chain-json-add.c +++ b/examples/nft-chain-json-add.c @@ -39,6 +39,7 @@ int main(int argc, char *argv[]) uint16_t family; char json[4096]; char reprint[4096]; + struct nft_parse_err *err; if (argc < 2) { printf("Usage: %s \n", argv[0]); @@ -63,10 +64,16 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } + err = nft_parse_err_alloc(); + if (err == NULL) { + perror("error"); + exit(EXIT_FAILURE); + } + close(fd); - if (nft_chain_parse(c, NFT_PARSE_JSON, json) < 0) { - printf("E: Unable to parse JSON file: %s\n", strerror(errno)); + if (nft_chain_parse(c, NFT_PARSE_JSON, json, err) < 0) { + nft_parse_perror("Unable to parse JSON file", err); exit(EXIT_FAILURE); } @@ -82,6 +89,7 @@ int main(int argc, char *argv[]) nft_chain_nlmsg_build_payload(nlh, c); nft_chain_free(c); + nft_parse_err_free(err); nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { diff --git a/examples/nft-chain-xml-add.c b/examples/nft-chain-xml-add.c index 03a2950..79b1541 100644 --- a/examples/nft-chain-xml-add.c +++ b/examples/nft-chain-xml-add.c @@ -37,6 +37,7 @@ int main(int argc, char *argv[]) uint16_t family; char xml[4096]; char reprint[4096]; + struct nft_parse_err *err; if (argc < 2) { printf("Usage: %s \n", argv[0]); @@ -49,6 +50,12 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } + err = nft_parse_err_alloc(); + if (err == NULL) { + perror("error"); + exit(EXIT_FAILURE); + } + fd = open(argv[1], O_RDONLY); if (fd < 0) { perror("open"); @@ -63,8 +70,8 @@ int main(int argc, char *argv[]) close(fd); - if (nft_chain_parse(c, NFT_PARSE_XML, xml) < 0) { - printf("E: Unable to parse XML file: %s\n", strerror(errno)); + if (nft_chain_parse(c, NFT_PARSE_XML, xml, err) < 0) { + nft_parse_perror("Unable to parse XML file", err); exit(EXIT_FAILURE); } @@ -80,6 +87,7 @@ int main(int argc, char *argv[]) nft_chain_nlmsg_build_payload(nlh, c); nft_chain_free(c); + nft_parse_err_free(err); nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { diff --git a/examples/nft-rule-json-add.c b/examples/nft-rule-json-add.c index 8659081..de1fb54 100644 --- a/examples/nft-rule-json-add.c +++ b/examples/nft-rule-json-add.c @@ -38,6 +38,7 @@ int main(int argc, char *argv[]) uint8_t family; char json[4096]; char reprint[4096]; + struct nft_parse_err *err; if (argc < 2) { printf("Usage: %s \n", argv[0]); @@ -63,8 +64,14 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - if (nft_rule_parse(r, NFT_PARSE_JSON, json) < 0) { - printf("E: Unable to parse JSON file: %s\n", strerror(errno)); + err = nft_parse_err_alloc(); + if (err == NULL) { + perror("error"); + exit(EXIT_FAILURE); + } + + if (nft_rule_parse(r, NFT_PARSE_JSON, json, err) < 0) { + nft_parse_perror("Unable to parse JSON file", err); exit(EXIT_FAILURE); } @@ -80,6 +87,7 @@ int main(int argc, char *argv[]) seq); nft_rule_nlmsg_build_payload(nlh, r); nft_rule_free(r); + nft_parse_err_free(err); nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { diff --git a/examples/nft-rule-xml-add.c b/examples/nft-rule-xml-add.c index ce33fe7..8a7685d 100644 --- a/examples/nft-rule-xml-add.c +++ b/examples/nft-rule-xml-add.c @@ -38,6 +38,7 @@ int main(int argc, char *argv[]) uint8_t family; char xml[4096]; char reprint[4096]; + struct nft_parse_err *err; if (argc < 2) { printf("Usage: %s \n", argv[0]); @@ -63,8 +64,14 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - if (nft_rule_parse(r, NFT_PARSE_XML, xml) < 0) { - printf("E: Unable to parse XML file: %s\n", strerror(errno)); + err = nft_parse_err_alloc(); + if (err == NULL) { + perror("error"); + exit(EXIT_FAILURE); + } + + if (nft_rule_parse(r, NFT_PARSE_XML, xml, err) < 0) { + nft_parse_perror("Unable to parse XML file", err); exit(EXIT_FAILURE); } @@ -80,6 +87,7 @@ int main(int argc, char *argv[]) seq); nft_rule_nlmsg_build_payload(nlh, r); nft_rule_free(r); + nft_parse_err_free(err); nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { diff --git a/examples/nft-set-json-add.c b/examples/nft-set-json-add.c index 9a4aa48..9553ebf 100644 --- a/examples/nft-set-json-add.c +++ b/examples/nft-set-json-add.c @@ -38,6 +38,7 @@ int main(int argc, char *argv[]) uint16_t family; char json[4096]; char reprint[4096]; + struct nft_parse_err *err; if (argc < 2) { printf("Usage: %s \n", argv[0]); @@ -62,10 +63,16 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } + err = nft_parse_err_alloc(); + if (err == NULL) { + perror("error"); + exit(EXIT_FAILURE); + } + close(fd); - if (nft_set_parse(s, NFT_PARSE_JSON, json) < 0) { - printf("E: Unable to parse JSON file: %s\n", strerror(errno)); + if (nft_set_parse(s, NFT_PARSE_JSON, json, err) < 0) { + nft_parse_perror("Unable to parse JSON file", err); exit(EXIT_FAILURE); } @@ -80,6 +87,7 @@ int main(int argc, char *argv[]) NLM_F_CREATE|NLM_F_ACK, seq); nft_set_nlmsg_build_payload(nlh, s); nft_set_free(s); + nft_parse_err_free(err); nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { diff --git a/examples/nft-table-json-add.c b/examples/nft-table-json-add.c index 6b16c7f..f3a57c0 100644 --- a/examples/nft-table-json-add.c +++ b/examples/nft-table-json-add.c @@ -39,6 +39,7 @@ int main(int argc, char *argv[]) uint16_t family; char json[4096]; char reprint[4096]; + struct nft_parse_err *err; if (argc < 2) { printf("Usage: %s \n", argv[0]); @@ -64,8 +65,14 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - if (nft_table_parse(t, NFT_PARSE_JSON, json) < 0) { - printf("E: Unable to parse JSON file: %s\n", strerror(errno)); + err = nft_parse_err_alloc(); + if (err == NULL) { + perror("error"); + exit(EXIT_FAILURE); + } + + if (nft_table_parse(t, NFT_PARSE_JSON, json, err) < 0) { + nft_parse_perror("Unable to parse JSON file", err); exit(EXIT_FAILURE); } @@ -80,6 +87,7 @@ int main(int argc, char *argv[]) NLM_F_CREATE|NLM_F_ACK, seq); nft_table_nlmsg_build_payload(nlh, t); nft_table_free(t); + nft_parse_err_free(err); nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { diff --git a/examples/nft-table-xml-add.c b/examples/nft-table-xml-add.c index 6a9163b..edef1d4 100644 --- a/examples/nft-table-xml-add.c +++ b/examples/nft-table-xml-add.c @@ -23,6 +23,7 @@ #include #include +#include int main(int argc, char *argv[]) { @@ -35,6 +36,7 @@ int main(int argc, char *argv[]) uint16_t family; char xml[4096]; char reprint[4096]; + struct nft_parse_err *err; if (argc < 2) { printf("Usage: %s \n", argv[0]); @@ -60,8 +62,14 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - if (nft_table_parse(t, NFT_PARSE_XML, xml) < 0) { - printf("E: Unable to parse XML file: %s\n", strerror(errno)); + err = nft_parse_err_alloc(); + if (err == NULL) { + perror("error"); + exit(EXIT_FAILURE); + } + + if (nft_table_parse(t, NFT_PARSE_XML, xml, err) < 0) { + nft_parse_perror("Unable to parse XML file", err); exit(EXIT_FAILURE); } @@ -76,6 +84,7 @@ int main(int argc, char *argv[]) NLM_F_CREATE|NLM_F_ACK, seq); nft_table_nlmsg_build_payload(nlh, t); nft_table_free(t); + nft_parse_err_free(err); nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { diff --git a/include/libnftables/chain.h b/include/libnftables/chain.h index 8b4eab9..dec1a77 100644 --- a/include/libnftables/chain.h +++ b/include/libnftables/chain.h @@ -51,7 +51,8 @@ struct nlmsghdr; void nft_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_chain *t); -int nft_chain_parse(struct nft_chain *c, enum nft_parse_type type, const char *data); +int nft_chain_parse(struct nft_chain *c, enum nft_parse_type type, + const char *data, struct nft_parse_err *err); int nft_chain_snprintf(char *buf, size_t size, struct nft_chain *t, uint32_t type, uint32_t flags); int nft_chain_fprintf(FILE *fp, struct nft_chain *c, uint32_t type, uint32_t flags); diff --git a/include/libnftables/common.h b/include/libnftables/common.h index 9cd92b2..1ef88ba 100644 --- a/include/libnftables/common.h +++ b/include/libnftables/common.h @@ -1,6 +1,12 @@ #ifndef _LIBNFTABLES_COMMON_H_ #define _LIBNFTABLES_COMMON_H_ +enum { + NFT_PARSE_EBADINPUT = 0, + NFT_PARSE_EMISSINGNODE, + NFT_PARSE_EBADTYPE, +}; + enum nft_output_type { NFT_OUTPUT_DEFAULT = 0, NFT_OUTPUT_XML, @@ -14,7 +20,12 @@ enum nft_parse_type { NFT_PARSE_MAX, }; +struct nft_parse_err; + struct nlmsghdr *nft_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family, uint16_t type, uint32_t seq); +struct nft_parse_err *nft_parse_err_alloc(void); +void nft_parse_err_free(struct nft_parse_err *); +int nft_parse_perror(const char *str, struct nft_parse_err *err); #endif diff --git a/include/libnftables/rule.h b/include/libnftables/rule.h index 86dbc17..1510203 100644 --- a/include/libnftables/rule.h +++ b/include/libnftables/rule.h @@ -47,7 +47,8 @@ struct nlmsghdr; void nft_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_rule *t); -int nft_rule_parse(struct nft_rule *r, enum nft_parse_type type, const char *data); +int nft_rule_parse(struct nft_rule *r, enum nft_parse_type type, + const char *data, struct nft_parse_err *err); int nft_rule_snprintf(char *buf, size_t size, struct nft_rule *t, uint32_t type, uint32_t flags); int nft_rule_fprintf(FILE *fp, struct nft_rule *r, uint32_t type, uint32_t flags); diff --git a/include/libnftables/ruleset.h b/include/libnftables/ruleset.h index 1ec3059..b523346 100644 --- a/include/libnftables/ruleset.h +++ b/include/libnftables/ruleset.h @@ -30,7 +30,8 @@ void nft_ruleset_attr_unset(struct nft_ruleset *r, uint16_t attr); void nft_ruleset_attr_set(struct nft_ruleset *r, uint16_t attr, void *data); const void *nft_ruleset_attr_get(const struct nft_ruleset *r, uint16_t attr); -int nft_ruleset_parse(struct nft_ruleset *rs, enum nft_parse_type type, const char *data); +int nft_ruleset_parse(struct nft_ruleset *rs, enum nft_parse_type type, + const char *data, struct nft_parse_err *err); int nft_ruleset_snprintf(char *buf, size_t size, const struct nft_ruleset *rs, uint32_t type, uint32_t flags); int nft_ruleset_fprintf(FILE *fp, const struct nft_ruleset *rs, uint32_t type, uint32_t flags); diff --git a/include/libnftables/set.h b/include/libnftables/set.h index 13ac857..9711729 100644 --- a/include/libnftables/set.h +++ b/include/libnftables/set.h @@ -60,7 +60,8 @@ struct nft_set *nft_set_list_iter_cur(struct nft_set_list_iter *iter); struct nft_set *nft_set_list_iter_next(struct nft_set_list_iter *iter); void nft_set_list_iter_destroy(struct nft_set_list_iter *iter); -int nft_set_parse(struct nft_set *s, enum nft_parse_type type, const char *data); +int nft_set_parse(struct nft_set *s, enum nft_parse_type type, + const char *data, struct nft_parse_err *err); /* * Set elements @@ -98,7 +99,8 @@ void nft_set_elem_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_set_elem int nft_set_elem_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set_elem *s); -int nft_set_elem_parse(struct nft_set_elem *e, enum nft_parse_type type, const char *data); +int nft_set_elem_parse(struct nft_set_elem *e, enum nft_parse_type type, + const char *data, struct nft_parse_err *err); int nft_set_elem_snprintf(char *buf, size_t size, struct nft_set_elem *s, uint32_t type, uint32_t flags); int nft_set_elem_fprintf(FILE *fp, struct nft_set_elem *se, uint32_t type, uint32_t flags); diff --git a/include/libnftables/table.h b/include/libnftables/table.h index be60da9..80f2349 100644 --- a/include/libnftables/table.h +++ b/include/libnftables/table.h @@ -39,7 +39,8 @@ struct nlmsghdr; void nft_table_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_table *t); -int nft_table_parse(struct nft_table *t, enum nft_parse_type type, const char *data); +int nft_table_parse(struct nft_table *t, enum nft_parse_type type, + const char *data, struct nft_parse_err *err); int nft_table_snprintf(char *buf, size_t size, struct nft_table *t, uint32_t type, uint32_t flags); int nft_table_fprintf(FILE *fp, struct nft_table *t, uint32_t type, uint32_t flags); diff --git a/src/Makefile.am b/src/Makefile.am index 83ab658..fc13e46 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -4,6 +4,7 @@ lib_LTLIBRARIES = libnftables.la libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBXML_LIBS} ${LIBJSON_LIBS} libnftables_la_LDFLAGS = -Wl,--version-script=$(srcdir)/libnftables.map \ -version-info $(LIBVERSION) + libnftables_la_SOURCES = utils.c \ common.c \ table.c \ diff --git a/src/chain.c b/src/chain.c index a0004b5..a4ddb06 100644 --- a/src/chain.c +++ b/src/chain.c @@ -498,7 +498,8 @@ static inline int nft_str2hooknum(int family, const char *hook) } #ifdef JSON_PARSING -int nft_jansson_parse_chain(struct nft_chain *c, json_t *tree) +int nft_jansson_parse_chain(struct nft_chain *c, json_t *tree, + struct nft_parse_err *err) { json_t *root; uint64_t uval64; @@ -506,37 +507,40 @@ int nft_jansson_parse_chain(struct nft_chain *c, json_t *tree) int32_t val32; const char *valstr; - root = nft_jansson_get_node(tree, "chain"); + root = nft_jansson_get_node(tree, "chain", err); if (root == NULL) return -1; - valstr = nft_jansson_parse_str(root, "name"); + valstr = nft_jansson_parse_str(root, "name", err); if (valstr == NULL) goto err; nft_chain_attr_set_str(c, NFT_CHAIN_ATTR_NAME, valstr); - if (nft_jansson_parse_val(root, "handle", NFT_TYPE_U64, &uval64) < 0) + if (nft_jansson_parse_val(root, "handle", NFT_TYPE_U64, &uval64, + err) < 0) goto err; nft_chain_attr_set_u64(c,NFT_CHAIN_ATTR_HANDLE, uval64); - if (nft_jansson_parse_val(root, "bytes", NFT_TYPE_U64, &uval64) < 0) + if (nft_jansson_parse_val(root, "bytes", NFT_TYPE_U64, &uval64, + err) < 0) goto err; nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_BYTES, uval64); - if (nft_jansson_parse_val(root, "packets", NFT_TYPE_U64, &uval64) < 0) + if (nft_jansson_parse_val(root, "packets", NFT_TYPE_U64, &uval64, + err) < 0) goto err; nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_PACKETS, uval64); - if (nft_jansson_parse_family(root, &val32) != 0) + if (nft_jansson_parse_family(root, &val32, err) != 0) goto err; nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_FAMILY, val32); - valstr = nft_jansson_parse_str(root, "table"); + valstr = nft_jansson_parse_str(root, "table", err); if (valstr == NULL) goto err; @@ -544,7 +548,7 @@ int nft_jansson_parse_chain(struct nft_chain *c, json_t *tree) nft_chain_attr_set_str(c, NFT_CHAIN_ATTR_TABLE, valstr); if (nft_jansson_node_exist(root, "hooknum")) { - valstr = nft_jansson_parse_str(root, "type"); + valstr = nft_jansson_parse_str(root, "type", err); if (valstr == NULL) goto err; @@ -552,12 +556,12 @@ int nft_jansson_parse_chain(struct nft_chain *c, json_t *tree) nft_chain_attr_set_str(c, NFT_CHAIN_ATTR_TYPE, valstr); if (nft_jansson_parse_val(root, "prio", NFT_TYPE_S32, - &val32) < 0) + &val32, err) < 0) goto err; nft_chain_attr_set_s32(c, NFT_CHAIN_ATTR_PRIO, val32); - valstr = nft_jansson_parse_str(root, "hooknum"); + valstr = nft_jansson_parse_str(root, "hooknum", err); if (valstr == NULL) goto err; @@ -567,7 +571,7 @@ int nft_jansson_parse_chain(struct nft_chain *c, json_t *tree) nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_HOOKNUM, val32); - valstr = nft_jansson_parse_str(root, "policy"); + valstr = nft_jansson_parse_str(root, "policy", err); if (valstr == NULL) goto err; @@ -587,17 +591,18 @@ err: } #endif -static int nft_chain_json_parse(struct nft_chain *c, const char *json) +static int nft_chain_json_parse(struct nft_chain *c, const char *json, + struct nft_parse_err *err) { #ifdef JSON_PARSING json_t *tree; json_error_t error; - tree = nft_jansson_create_root(json, &error); + tree = nft_jansson_create_root(json, &error, err); if (tree == NULL) return -1; - return nft_jansson_parse_chain(c, tree); + return nft_jansson_parse_chain(c, tree, err); #else errno = EOPNOTSUPP; return -1; @@ -605,13 +610,14 @@ static int nft_chain_json_parse(struct nft_chain *c, const char *json) } #ifdef XML_PARSING -int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c) +int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c, + struct nft_parse_err *err) { const char *table, *name, *hooknum_str, *policy_str, *type; int family, hooknum, policy; name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (name == NULL) return -1; @@ -619,25 +625,25 @@ int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c) c->flags |= (1 << NFT_CHAIN_ATTR_NAME); if (nft_mxml_num_parse(tree, "handle", MXML_DESCEND_FIRST, BASE_DEC, - &c->handle, NFT_TYPE_U64, NFT_XML_MAND) != 0) + &c->handle, NFT_TYPE_U64, NFT_XML_MAND, err) != 0) return -1; c->flags |= (1 << NFT_CHAIN_ATTR_HANDLE); if (nft_mxml_num_parse(tree, "bytes", MXML_DESCEND_FIRST, BASE_DEC, - &c->bytes, NFT_TYPE_U64, NFT_XML_MAND) != 0) + &c->bytes, NFT_TYPE_U64, NFT_XML_MAND, err) != 0) return -1; c->flags |= (1 << NFT_CHAIN_ATTR_BYTES); if (nft_mxml_num_parse(tree, "packets", MXML_DESCEND_FIRST, BASE_DEC, - &c->packets, NFT_TYPE_U64, NFT_XML_MAND) != 0) + &c->packets, NFT_TYPE_U64, NFT_XML_MAND, err) != 0) return -1; c->flags |= (1 << NFT_CHAIN_ATTR_PACKETS); table = nft_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (table == NULL) return -1; @@ -648,7 +654,7 @@ int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c) c->flags |= (1 << NFT_CHAIN_ATTR_TABLE); family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (family < 0) return -1; @@ -656,7 +662,7 @@ int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c) c->flags |= (1 << NFT_CHAIN_ATTR_FAMILY); hooknum_str = nft_mxml_str_parse(tree, "hooknum", MXML_DESCEND_FIRST, - NFT_XML_OPT); + NFT_XML_OPT, err); if (hooknum_str != NULL) { hooknum = nft_str2hooknum(c->family, hooknum_str); if (hooknum < 0) @@ -666,7 +672,7 @@ int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c) c->flags |= (1 << NFT_CHAIN_ATTR_HOOKNUM); type = nft_mxml_str_parse(tree, "type", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (type == NULL) return -1; @@ -679,14 +685,14 @@ int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c) if (nft_mxml_num_parse(tree, "prio", MXML_DESCEND, BASE_DEC, &c->prio, NFT_TYPE_S32, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return -1; c->flags |= (1 << NFT_CHAIN_ATTR_PRIO); policy_str = nft_mxml_str_parse(tree, "policy", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (policy_str == NULL) return -1; @@ -702,15 +708,16 @@ int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c) } #endif -static int nft_chain_xml_parse(struct nft_chain *c, const char *xml) +static int nft_chain_xml_parse(struct nft_chain *c, const char *xml, + struct nft_parse_err *err) { #ifdef XML_PARSING int ret; - mxml_node_t *tree = nft_mxml_build_tree(xml, "chain"); + mxml_node_t *tree = nft_mxml_build_tree(xml, "chain", err); if (tree == NULL) return -1; - ret = nft_mxml_chain_parse(tree, c); + ret = nft_mxml_chain_parse(tree, c, err); mxmlDelete(tree); return ret; #else @@ -720,16 +727,17 @@ static int nft_chain_xml_parse(struct nft_chain *c, const char *xml) } int nft_chain_parse(struct nft_chain *c, enum nft_parse_type type, - const char *data) + const char *data, struct nft_parse_err *err) { int ret; + struct nft_parse_err perr; switch (type) { case NFT_PARSE_XML: - ret = nft_chain_xml_parse(c, data); + ret = nft_chain_xml_parse(c, data, &perr); break; case NFT_PARSE_JSON: - ret = nft_chain_json_parse(c, data); + ret = nft_chain_json_parse(c, data, &perr); break; default: ret = -1; @@ -737,6 +745,9 @@ int nft_chain_parse(struct nft_chain *c, enum nft_parse_type type, break; } + if (err != NULL) + *err = perr; + return ret; } EXPORT_SYMBOL(nft_chain_parse); diff --git a/src/common.c b/src/common.c index f03e730..5c6ddbf 100644 --- a/src/common.c +++ b/src/common.c @@ -14,6 +14,7 @@ #include #include "internal.h" +#include struct nlmsghdr *nft_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family, uint16_t type, uint32_t seq) @@ -34,3 +35,33 @@ struct nlmsghdr *nft_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family, return nlh; } EXPORT_SYMBOL(nft_nlmsg_build_hdr); + +struct nft_parse_err *nft_parse_err_alloc(void) +{ + return calloc(1, sizeof(struct nft_parse_err)); +} +EXPORT_SYMBOL(nft_parse_err_alloc); + +void nft_parse_err_free(struct nft_parse_err *err) +{ + xfree(err); +} +EXPORT_SYMBOL(nft_parse_err_free); + +int nft_parse_perror(const char *str, struct nft_parse_err *err) +{ + switch (err->error) { + case NFT_PARSE_EBADINPUT: + return fprintf(stderr, "%s : Bad input format in line %d column %d\n", + str, err->line, err->column); + case NFT_PARSE_EMISSINGNODE: + return fprintf(stderr, "%s : Node \"%s\" not found\n", + str, err->node_name); + case NFT_PARSE_EBADTYPE: + return fprintf(stderr, "%s: Invalid type in node \"%s\"\n", + str, err->node_name); + default: + return fprintf(stderr, "Undefined error\n"); + } +} +EXPORT_SYMBOL(nft_parse_perror); diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c index bcec516..3c4f644 100644 --- a/src/expr/bitwise.c +++ b/src/expr/bitwise.c @@ -181,35 +181,36 @@ nft_rule_expr_bitwise_parse(struct nft_rule_expr *e, struct nlattr *attr) } static int -nft_rule_expr_bitwise_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_bitwise_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING struct nft_expr_bitwise *bitwise = nft_expr_data(e); uint32_t reg, len; - if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_SREG, reg); - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_DREG, reg); - if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &len) < 0) + if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &len, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_LEN, len); if (nft_jansson_data_reg_parse(root, "mask", - &bitwise->mask) != DATA_VALUE) + &bitwise->mask, err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_BITWISE_MASK); if (nft_jansson_data_reg_parse(root, "xor", - &bitwise->xor) != DATA_VALUE) + &bitwise->xor, err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_BITWISE_XOR); @@ -225,20 +226,21 @@ nft_rule_expr_bitwise_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_bitwise *bitwise = nft_expr_data(e); int32_t reg; - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST); + reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST, err); if (reg < 0) return -1; bitwise->sreg = reg; e->flags |= (1 << NFT_EXPR_BITWISE_SREG); - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND); + reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND, err); if (reg < 0) return -1; @@ -247,19 +249,19 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, &bitwise->len, NFT_TYPE_U8, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_BITWISE_LEN); if (nft_mxml_data_reg_parse(tree, "mask", &bitwise->mask, - NFT_XML_MAND) != DATA_VALUE) + NFT_XML_MAND, err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_BITWISE_MASK); if (nft_mxml_data_reg_parse(tree, "xor", &bitwise->xor, - NFT_XML_MAND) != DATA_VALUE) + NFT_XML_MAND, err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_BITWISE_XOR); diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c index 7224c82..d6beba3 100644 --- a/src/expr/byteorder.c +++ b/src/expr/byteorder.c @@ -194,24 +194,25 @@ static inline int nft_str2ntoh(const char *op) } static int -nft_rule_expr_byteorder_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_byteorder_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *op; uint32_t uval32; int ntoh; - if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_SREG, uval32); - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_DREG, uval32); - op = nft_jansson_parse_str(root, "op"); + op = nft_jansson_parse_str(root, "op", err); if (op == NULL) return -1; @@ -221,12 +222,12 @@ nft_rule_expr_byteorder_json_parse(struct nft_rule_expr *e, json_t *root) nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_OP, ntoh); - if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_LEN, uval32); - if (nft_jansson_parse_val(root, "size", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "size", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_SIZE, uval32); @@ -239,28 +240,30 @@ nft_rule_expr_byteorder_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_byteorder *byteorder = nft_expr_data(e); const char *op; int32_t reg, ntoh; - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST); + reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST, err); if (reg < 0) return -1; byteorder->sreg = reg; e->flags |= (1 << NFT_EXPR_BYTEORDER_SREG); - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND); + reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND, err); if (reg < 0) return -1; byteorder->dreg = reg; e->flags |= (1 << NFT_EXPR_BYTEORDER_DREG); - op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND); + op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND, + err); if (op == NULL) return -1; @@ -273,14 +276,14 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, &byteorder->len, NFT_TYPE_U8, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_BYTEORDER_LEN); if (nft_mxml_num_parse(tree, "size", MXML_DESCEND_FIRST, BASE_DEC, &byteorder->size, NFT_TYPE_U8, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_BYTEORDER_SIZE); diff --git a/src/expr/cmp.c b/src/expr/cmp.c index 246f22f..ca1503c 100644 --- a/src/expr/cmp.c +++ b/src/expr/cmp.c @@ -174,7 +174,8 @@ static inline int nft_str2cmp(const char *op) } } -static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root) +static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING struct nft_expr_cmp *cmp = nft_expr_data(e); @@ -182,12 +183,12 @@ static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root) uint32_t uval32; int base; - if (nft_jansson_parse_val(root, "sreg", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "sreg", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_CMP_SREG, uval32); - op = nft_jansson_parse_str(root, "op"); + op = nft_jansson_parse_str(root, "op", err); if (op == NULL) return -1; @@ -198,7 +199,7 @@ static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root) nft_rule_expr_set_u32(e, NFT_EXPR_CMP_OP, base); if (nft_jansson_data_reg_parse(root, "cmpdata", - &cmp->data) != DATA_VALUE) + &cmp->data, err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_CMP_DATA); @@ -210,21 +211,23 @@ static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root) #endif } -static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_cmp *cmp = nft_expr_data(e); const char *op; int32_t reg, op_value; - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST); + reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST, err); if (reg < 0) return -1; cmp->sreg = reg; e->flags |= (1 << NFT_EXPR_CMP_SREG); - op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND); + op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND, + err); if (op == NULL) return -1; @@ -236,7 +239,8 @@ static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre e->flags |= (1 << NFT_EXPR_CMP_OP); if (nft_mxml_data_reg_parse(tree, "cmpdata", - &cmp->data, NFT_XML_MAND) != DATA_VALUE) + &cmp->data, NFT_XML_MAND, + err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_CMP_DATA); diff --git a/src/expr/counter.c b/src/expr/counter.c index 4919a69..11afb83 100644 --- a/src/expr/counter.c +++ b/src/expr/counter.c @@ -119,17 +119,18 @@ nft_rule_expr_counter_parse(struct nft_rule_expr *e, struct nlattr *attr) } static int -nft_rule_expr_counter_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_counter_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING uint64_t uval64; - if (nft_jansson_parse_val(root, "pkts", NFT_TYPE_U64, &uval64) < 0) + if (nft_jansson_parse_val(root, "pkts", NFT_TYPE_U64, &uval64, err) < 0) return -1; nft_rule_expr_set_u64(e, NFT_EXPR_CTR_PACKETS, uval64); - if (nft_jansson_parse_val(root, "bytes", NFT_TYPE_U64, &uval64) < 0) + if (nft_jansson_parse_val(root, "bytes", NFT_TYPE_U64, &uval64, err) < 0) return -1; nft_rule_expr_set_u64(e, NFT_EXPR_CTR_BYTES, uval64); @@ -142,19 +143,22 @@ nft_rule_expr_counter_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_counter_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_counter_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_counter *ctr = nft_expr_data(e); if (nft_mxml_num_parse(tree, "pkts", MXML_DESCEND_FIRST, BASE_DEC, - &ctr->pkts, NFT_TYPE_U64, NFT_XML_MAND) != 0) + &ctr->pkts, NFT_TYPE_U64, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_CTR_PACKETS); if (nft_mxml_num_parse(tree, "bytes", MXML_DESCEND_FIRST, BASE_DEC, - &ctr->bytes, NFT_TYPE_U64, NFT_XML_MAND) != 0) + &ctr->bytes, NFT_TYPE_U64, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_CTR_BYTES); diff --git a/src/expr/ct.c b/src/expr/ct.c index 46e3cef..59d05a5 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -178,7 +178,8 @@ static inline int str2ctkey(const char *ctkey) return -1; } -static int nft_rule_expr_ct_json_parse(struct nft_rule_expr *e, json_t *root) +static int nft_rule_expr_ct_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *key_str; @@ -186,13 +187,13 @@ static int nft_rule_expr_ct_json_parse(struct nft_rule_expr *e, json_t *root) uint8_t dir; int key; - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_CT_DREG, reg); if (nft_jansson_node_exist(root, "key")) { - key_str = nft_jansson_parse_str(root, "key"); + key_str = nft_jansson_parse_str(root, "key", err); if (key_str == NULL) return -1; @@ -205,7 +206,8 @@ static int nft_rule_expr_ct_json_parse(struct nft_rule_expr *e, json_t *root) } if (nft_jansson_node_exist(root, "dir")) { - if (nft_jansson_parse_val(root, "dir", NFT_TYPE_U8, &dir) < 0) + if (nft_jansson_parse_val(root, "dir", NFT_TYPE_U8, &dir, + err) < 0) return -1; if (dir != IP_CT_DIR_ORIGINAL && dir != IP_CT_DIR_REPLY) @@ -225,7 +227,8 @@ err: } -static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_ct *ct = nft_expr_data(e); @@ -234,7 +237,7 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree int key; uint8_t dir; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST); + reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err); if (reg < 0) return -1; @@ -242,7 +245,7 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree e->flags |= (1 << NFT_EXPR_CT_DREG); key_str = nft_mxml_str_parse(tree, "key", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (key_str == NULL) return -1; @@ -254,7 +257,7 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree e->flags |= (1 << NFT_EXPR_CT_KEY); if (nft_mxml_num_parse(tree, "dir", MXML_DESCEND_FIRST, BASE_DEC, - &dir, NFT_TYPE_U8, NFT_XML_MAND) != 0) + &dir, NFT_TYPE_U8, NFT_XML_MAND, err) != 0) return -1; if (dir != IP_CT_DIR_ORIGINAL && dir != IP_CT_DIR_REPLY) diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c index 76231af..e487bc7 100644 --- a/src/expr/data_reg.c +++ b/src/expr/data_reg.c @@ -27,12 +27,13 @@ #include "internal.h" #ifdef JSON_PARSING -static int nft_data_reg_verdict_json_parse(union nft_data_reg *reg, json_t *data) +static int nft_data_reg_verdict_json_parse(union nft_data_reg *reg, json_t *data, + struct nft_parse_err *err) { int verdict; const char *verdict_str; - verdict_str = nft_jansson_parse_str(data, "verdict"); + verdict_str = nft_jansson_parse_str(data, "verdict", err); if (verdict_str == NULL) return -1; @@ -45,9 +46,10 @@ static int nft_data_reg_verdict_json_parse(union nft_data_reg *reg, json_t *data return 0; } -static int nft_data_reg_chain_json_parse(union nft_data_reg *reg, json_t *data) +static int nft_data_reg_chain_json_parse(union nft_data_reg *reg, json_t *data, + struct nft_parse_err *err) { - reg->chain = strdup(nft_jansson_parse_str(data, "chain")); + reg->chain = strdup(nft_jansson_parse_str(data, "chain", err)); if (reg->chain == NULL) { return -1; } @@ -55,19 +57,20 @@ static int nft_data_reg_chain_json_parse(union nft_data_reg *reg, json_t *data) return 0; } -static int nft_data_reg_value_json_parse(union nft_data_reg *reg, json_t *data) +static int nft_data_reg_value_json_parse(union nft_data_reg *reg, json_t *data, + struct nft_parse_err *err) { int i; char node_name[6]; - if (nft_jansson_parse_val(data, "len", NFT_TYPE_U8, ®->len) < 0) + if (nft_jansson_parse_val(data, "len", NFT_TYPE_U8, ®->len, err) < 0) return -1; for (i = 0; i < div_round_up(reg->len, sizeof(uint32_t)); i++) { sprintf(node_name, "data%d", i); if (nft_jansson_str2num(data, node_name, BASE_HEX, - ®->val[i], NFT_TYPE_U32) != 0) + ®->val[i], NFT_TYPE_U32, err) != 0) return -1; } @@ -75,23 +78,24 @@ static int nft_data_reg_value_json_parse(union nft_data_reg *reg, json_t *data) } #endif -int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data) +int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *type; - type = nft_jansson_parse_str(data, "type"); + type = nft_jansson_parse_str(data, "type", err); if (type == NULL) return -1; /* Select what type of parsing is needed */ if (strcmp(type, "value") == 0) { - return nft_data_reg_value_json_parse(reg, data); + return nft_data_reg_value_json_parse(reg, data, err); } else if (strcmp(type, "verdict") == 0) { - return nft_data_reg_verdict_json_parse(reg, data); + return nft_data_reg_verdict_json_parse(reg, data, err); } else if (strcmp(type, "chain") == 0) { - return nft_data_reg_chain_json_parse(reg, data); + return nft_data_reg_chain_json_parse(reg, data, err); } return 0; @@ -103,13 +107,14 @@ int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data) #ifdef XML_PARSING static int nft_data_reg_verdict_xml_parse(union nft_data_reg *reg, - mxml_node_t *tree) + mxml_node_t *tree, + struct nft_parse_err *err) { int verdict; const char *verdict_str; verdict_str = nft_mxml_str_parse(tree, "verdict", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (verdict_str == NULL) return DATA_NONE; @@ -123,12 +128,13 @@ static int nft_data_reg_verdict_xml_parse(union nft_data_reg *reg, } static int nft_data_reg_chain_xml_parse(union nft_data_reg *reg, - mxml_node_t *tree) + mxml_node_t *tree, + struct nft_parse_err *err) { const char *chain; chain = nft_mxml_str_parse(tree, "chain", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (chain == NULL) return DATA_NONE; @@ -140,7 +146,8 @@ static int nft_data_reg_chain_xml_parse(union nft_data_reg *reg, } static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, - mxml_node_t *tree) + mxml_node_t *tree, + struct nft_parse_err *err) { int i; char node_name[6]; @@ -156,7 +163,7 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, */ if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, - ®->len, NFT_TYPE_U8, NFT_XML_MAND) != 0) + ®->len, NFT_TYPE_U8, NFT_XML_MAND, err) != 0) return DATA_NONE; /* Get and set */ @@ -165,7 +172,7 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, if (nft_mxml_num_parse(tree, node_name, MXML_DESCEND_FIRST, BASE_HEX, ®->val[i], NFT_TYPE_U32, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return DATA_NONE; } @@ -173,7 +180,8 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, } #endif -int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree) +int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING const char *type; @@ -194,11 +202,11 @@ int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree) } if (strcmp(type, "value") == 0) - return nft_data_reg_value_xml_parse(reg, node); + return nft_data_reg_value_xml_parse(reg, node, err); else if (strcmp(type, "verdict") == 0) - return nft_data_reg_verdict_xml_parse(reg, node); + return nft_data_reg_verdict_xml_parse(reg, node, err); else if (strcmp(type, "chain") == 0) - return nft_data_reg_chain_xml_parse(reg, node); + return nft_data_reg_chain_xml_parse(reg, node, err); return DATA_NONE; #else diff --git a/src/expr/data_reg.h b/src/expr/data_reg.h index 8a6a235..5258051 100644 --- a/src/expr/data_reg.h +++ b/src/expr/data_reg.h @@ -29,8 +29,10 @@ union nft_data_reg { int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg, uint32_t output_format, uint32_t flags, int reg_type); -int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree); +int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree, + struct nft_parse_err *err); int nft_parse_data(union nft_data_reg *data, struct nlattr *attr, int *type); -int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data); +int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data, + struct nft_parse_err *err); #endif diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c index 6841ac1..813830b 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c @@ -193,19 +193,20 @@ static inline int str2exthdr_type(const char *str) } static int -nft_rule_expr_exthdr_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_exthdr_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *exthdr_type; uint32_t uval32; int type; - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_EXTHDR_DREG, uval32); - exthdr_type = nft_jansson_parse_str(root, "exthdr_type"); + exthdr_type = nft_jansson_parse_str(root, "exthdr_type", err); if (exthdr_type == NULL) return -1; @@ -215,12 +216,12 @@ nft_rule_expr_exthdr_json_parse(struct nft_rule_expr *e, json_t *root) nft_rule_expr_set_u32(e, NFT_EXPR_EXTHDR_TYPE, type); - if (nft_jansson_parse_val(root, "offset", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "offset", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_EXTHDR_OFFSET, uval32); - if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_EXTHDR_LEN, uval32); @@ -233,7 +234,8 @@ nft_rule_expr_exthdr_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_exthdr *exthdr = nft_expr_data(e); @@ -241,7 +243,7 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) int32_t reg; int type; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST); + reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err); if (reg < 0) return -1; @@ -249,7 +251,7 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) e->flags |= (1 << NFT_EXPR_EXTHDR_DREG); exthdr_type = nft_mxml_str_parse(tree, "exthdr_type", - MXML_DESCEND_FIRST, NFT_XML_MAND); + MXML_DESCEND_FIRST, NFT_XML_MAND, err); if (exthdr_type == NULL) return -1; @@ -263,14 +265,15 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) /* Get and set */ if (nft_mxml_num_parse(tree, "offset", MXML_DESCEND_FIRST, BASE_DEC, &exthdr->offset, NFT_TYPE_U32, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET); /* Get and set */ if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, - &exthdr->len, NFT_TYPE_U32, NFT_XML_MAND) != 0) + &exthdr->len, NFT_TYPE_U32, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_EXTHDR_LEN); diff --git a/src/expr/immediate.c b/src/expr/immediate.c index a96d3de..3ae4082 100644 --- a/src/expr/immediate.c +++ b/src/expr/immediate.c @@ -178,20 +178,21 @@ nft_rule_expr_immediate_parse(struct nft_rule_expr *e, struct nlattr *attr) } static int -nft_rule_expr_immediate_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_immediate_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING struct nft_expr_immediate *imm = nft_expr_data(e); int datareg_type; uint32_t reg; - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_IMM_DREG, reg); datareg_type = nft_jansson_data_reg_parse(root, "immediatedata", - &imm->data); + &imm->data, err); if (datareg_type < 0) return -1; @@ -217,14 +218,15 @@ nft_rule_expr_immediate_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_immediate *imm = nft_expr_data(e); int datareg_type; int32_t reg; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST); + reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err); if (reg < 0) return -1; @@ -232,7 +234,7 @@ nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) e->flags |= (1 << NFT_EXPR_IMM_DREG); datareg_type = nft_mxml_data_reg_parse(tree, "immediatedata", - &imm->data, NFT_XML_MAND); + &imm->data, NFT_XML_MAND, err); switch (datareg_type) { case DATA_VALUE: e->flags |= (1 << NFT_EXPR_IMM_DATA); diff --git a/src/expr/limit.c b/src/expr/limit.c index 4854a77..e6b0492 100644 --- a/src/expr/limit.c +++ b/src/expr/limit.c @@ -118,17 +118,18 @@ nft_rule_expr_limit_parse(struct nft_rule_expr *e, struct nlattr *attr) return 0; } -static int nft_rule_expr_limit_json_parse(struct nft_rule_expr *e, json_t *root) +static int nft_rule_expr_limit_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING uint64_t uval64; - if (nft_jansson_parse_val(root, "rate", NFT_TYPE_U64, &uval64) < 0) + if (nft_jansson_parse_val(root, "rate", NFT_TYPE_U64, &uval64, err) < 0) return -1; nft_rule_expr_set_u64(e, NFT_EXPR_LIMIT_RATE, uval64); - if (nft_jansson_parse_val(root, "unit", NFT_TYPE_U64, &uval64) < 0) + if (nft_jansson_parse_val(root, "unit", NFT_TYPE_U64, &uval64, err) < 0) return -1; nft_rule_expr_set_u64(e, NFT_EXPR_LIMIT_UNIT, uval64); @@ -140,19 +141,23 @@ static int nft_rule_expr_limit_json_parse(struct nft_rule_expr *e, json_t *root) #endif } -static int nft_rule_expr_limit_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_limit_xml_parse(struct nft_rule_expr *e, + mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_limit *limit = nft_expr_data(e); if (nft_mxml_num_parse(tree, "rate", MXML_DESCEND_FIRST, BASE_DEC, - &limit->rate, NFT_TYPE_U64, NFT_XML_MAND) != 0) + &limit->rate, NFT_TYPE_U64, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_LIMIT_RATE); if (nft_mxml_num_parse(tree, "unit", MXML_DESCEND_FIRST, BASE_DEC, - &limit->unit, NFT_TYPE_U64, NFT_XML_MAND) != 0) + &limit->unit, NFT_TYPE_U64, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_LIMIT_UNIT); diff --git a/src/expr/log.c b/src/expr/log.c index 76657a9..c62a8b4 100644 --- a/src/expr/log.c +++ b/src/expr/log.c @@ -160,31 +160,34 @@ nft_rule_expr_log_parse(struct nft_rule_expr *e, struct nlattr *attr) return 0; } -static int nft_rule_expr_log_json_parse(struct nft_rule_expr *e, json_t *root) +static int nft_rule_expr_log_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *prefix; uint32_t snaplen; uint16_t uval16; - prefix = nft_jansson_parse_str(root, "prefix"); + prefix = nft_jansson_parse_str(root, "prefix", err); if (prefix == NULL) return -1; nft_rule_expr_set_str(e, NFT_EXPR_LOG_PREFIX, prefix); - if (nft_jansson_parse_val(root, "group", NFT_TYPE_U16, &uval16) < 0) + if (nft_jansson_parse_val(root, "group", NFT_TYPE_U16, &uval16, + err) < 0) return -1; nft_rule_expr_set_u16(e, NFT_EXPR_LOG_GROUP, uval16); - if (nft_jansson_parse_val(root, "snaplen", NFT_TYPE_U32, &snaplen) < 0) + if (nft_jansson_parse_val(root, "snaplen", NFT_TYPE_U32, &snaplen, + err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_LOG_SNAPLEN, snaplen); if (nft_jansson_parse_val(root, "qthreshold", NFT_TYPE_U16, - &uval16) < 0) + &uval16, err) < 0) return -1; nft_rule_expr_set_u16(e, NFT_EXPR_LOG_QTHRESHOLD, uval16); @@ -196,14 +199,16 @@ static int nft_rule_expr_log_json_parse(struct nft_rule_expr *e, json_t *root) #endif } -static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e, + mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_log *log = nft_expr_data(e); const char *prefix; prefix = nft_mxml_str_parse(tree, "prefix", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (prefix == NULL) return -1; @@ -211,20 +216,22 @@ static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre e->flags |= (1 << NFT_EXPR_LOG_PREFIX); if (nft_mxml_num_parse(tree, "group", MXML_DESCEND_FIRST, BASE_DEC, - &log->group, NFT_TYPE_U16, NFT_XML_MAND) != 0) + &log->group, NFT_TYPE_U16, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_LOG_GROUP); if (nft_mxml_num_parse(tree, "snaplen", MXML_DESCEND_FIRST, BASE_DEC, - &log->snaplen, NFT_TYPE_U32, NFT_XML_MAND) != 0) + &log->snaplen, NFT_TYPE_U32, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_LOG_SNAPLEN); if (nft_mxml_num_parse(tree, "qthreshold", MXML_DESCEND_FIRST, BASE_DEC, &log->qthreshold, - NFT_TYPE_U16, NFT_XML_MAND) != 0) + NFT_TYPE_U16, NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_LOG_QTHRESHOLD); diff --git a/src/expr/lookup.c b/src/expr/lookup.c index 4e91cfb..b0aadf2 100644 --- a/src/expr/lookup.c +++ b/src/expr/lookup.c @@ -143,24 +143,25 @@ nft_rule_expr_lookup_parse(struct nft_rule_expr *e, struct nlattr *attr) } static int -nft_rule_expr_lookup_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_lookup_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *set_name; int32_t reg; - set_name = nft_jansson_parse_str(root, "set"); + set_name = nft_jansson_parse_str(root, "set", err); if (set_name == NULL) return -1; nft_rule_expr_set_str(e, NFT_EXPR_LOOKUP_SET, set_name); - if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_LOOKUP_SREG, reg); - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_LOOKUP_DREG, reg); @@ -173,7 +174,8 @@ nft_rule_expr_lookup_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_lookup *lookup = nft_expr_data(e); @@ -181,7 +183,7 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) int32_t reg; set_name = nft_mxml_str_parse(tree, "set", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (set_name == NULL) return -1; @@ -189,14 +191,14 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) lookup->set_name[IFNAMSIZ-1] = '\0'; e->flags |= (1 << NFT_EXPR_LOOKUP_SET); - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND); + reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND, err); if (reg < 0) return -1; lookup->sreg = reg; e->flags |= (1 << NFT_EXPR_LOOKUP_SREG); - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND); + reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND, err); if (reg < 0) return -1; diff --git a/src/expr/match.c b/src/expr/match.c index c7863b8..5487050 100644 --- a/src/expr/match.c +++ b/src/expr/match.c @@ -170,12 +170,13 @@ static int nft_rule_expr_match_parse(struct nft_rule_expr *e, struct nlattr *att return 0; } -static int nft_rule_expr_match_json_parse(struct nft_rule_expr *e, json_t *root) +static int nft_rule_expr_match_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *name; - name = nft_jansson_parse_str(root, "name"); + name = nft_jansson_parse_str(root, "name", err); if (name == NULL) return -1; @@ -189,14 +190,15 @@ static int nft_rule_expr_match_json_parse(struct nft_rule_expr *e, json_t *root) } -static int nft_rule_expr_match_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_match_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_match *mt = nft_expr_data(e); const char *name; name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (name == NULL) return -1; diff --git a/src/expr/meta.c b/src/expr/meta.c index 88d2908..3c5fd77 100644 --- a/src/expr/meta.c +++ b/src/expr/meta.c @@ -160,19 +160,20 @@ static inline int str2meta_key(const char *str) return -1; } -static int nft_rule_expr_meta_json_parse(struct nft_rule_expr *e, json_t *root) +static int nft_rule_expr_meta_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *key_str; uint32_t reg; int key; - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_META_DREG, reg); - key_str = nft_jansson_parse_str(root, "key"); + key_str = nft_jansson_parse_str(root, "key", err); if (key_str == NULL) return -1; @@ -190,7 +191,8 @@ static int nft_rule_expr_meta_json_parse(struct nft_rule_expr *e, json_t *root) } -static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_meta *meta = nft_expr_data(e); @@ -198,7 +200,7 @@ static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, mxml_node_t *tr int32_t reg; int key; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST); + reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err); if (reg < 0) return -1; @@ -206,7 +208,7 @@ static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, mxml_node_t *tr e->flags |= (1 << NFT_EXPR_META_DREG); key_str = nft_mxml_str_parse(tree, "key", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (key_str == NULL) return -1; diff --git a/src/expr/nat.c b/src/expr/nat.c index 30b02ec..34a977a 100644 --- a/src/expr/nat.c +++ b/src/expr/nat.c @@ -196,14 +196,15 @@ static inline int nft_str2nat(const char *nat) } } -static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root) +static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *nat_type, *family_str; uint32_t reg; int val32; - nat_type = nft_jansson_parse_str(root, "nat_type"); + nat_type = nft_jansson_parse_str(root, "nat_type", err); if (nat_type == NULL) return -1; @@ -213,7 +214,7 @@ static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root) nft_rule_expr_set_u32(e, NFT_EXPR_NAT_TYPE, val32); - family_str = nft_jansson_parse_str(root, "family"); + family_str = nft_jansson_parse_str(root, "family", err); if (family_str == NULL) return -1; @@ -224,25 +225,25 @@ static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root) nft_rule_expr_set_u32(e, NFT_EXPR_NAT_FAMILY, val32); if (nft_jansson_parse_reg(root, "sreg_addr_min", NFT_TYPE_U32, - ®) < 0) + ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_ADDR_MIN, reg); if (nft_jansson_parse_reg(root, "sreg_addr_max", NFT_TYPE_U32, - ®) < 0) + ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_ADDR_MAX, reg); if (nft_jansson_parse_reg(root, "sreg_proto_min", NFT_TYPE_U32, - ®) < 0) + ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_PROTO_MIN, reg); if (nft_jansson_parse_reg(root, "sreg_proto_max", NFT_TYPE_U32, - ®) < 0) + ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_PROTO_MAX, reg); @@ -254,7 +255,8 @@ static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root) #endif } -static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_nat *nat = nft_expr_data(e); @@ -263,7 +265,7 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre int family, nat_type_value; nat_type = nft_mxml_str_parse(tree, "type", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (nat_type == NULL) return -1; @@ -275,7 +277,7 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre e->flags |= (1 << NFT_EXPR_NAT_TYPE); family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (family < 0) { mxmlDelete(tree); return -1; @@ -284,28 +286,28 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre nat->family = family; e->flags |= (1 << NFT_EXPR_NAT_FAMILY); - reg = nft_mxml_reg_parse(tree, "sreg_addr_min", MXML_DESCEND); + reg = nft_mxml_reg_parse(tree, "sreg_addr_min", MXML_DESCEND, err); if (reg < 0) return -1; nat->sreg_addr_min = reg; e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MIN); - reg = nft_mxml_reg_parse(tree, "sreg_addr_max", MXML_DESCEND); + reg = nft_mxml_reg_parse(tree, "sreg_addr_max", MXML_DESCEND, err); if (reg < 0) return -1; nat->sreg_addr_max = reg; e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MAX); - reg = nft_mxml_reg_parse(tree, "sreg_proto_min", MXML_DESCEND); + reg = nft_mxml_reg_parse(tree, "sreg_proto_min", MXML_DESCEND, err); if (reg < 0) return -1; nat->sreg_proto_min = reg; e->flags |= (1 << NFT_EXPR_NAT_REG_PROTO_MIN); - reg = nft_mxml_reg_parse(tree, "sreg_proto_max", MXML_DESCEND); + reg = nft_mxml_reg_parse(tree, "sreg_proto_max", MXML_DESCEND, err); if (reg < 0) return -1; diff --git a/src/expr/payload.c b/src/expr/payload.c index fc32ff2..911bb01 100644 --- a/src/expr/payload.c +++ b/src/expr/payload.c @@ -194,19 +194,20 @@ static inline int nft_str2base(const char *base) } static int -nft_rule_expr_payload_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_payload_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *base_str; uint32_t reg, uval32; int base; - if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®) < 0) + if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_DREG, reg); - base_str = nft_jansson_parse_str(root, "base"); + base_str = nft_jansson_parse_str(root, "base", err); if (base_str == NULL) return -1; @@ -216,12 +217,13 @@ nft_rule_expr_payload_json_parse(struct nft_rule_expr *e, json_t *root) nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_BASE, base); - if (nft_jansson_parse_val(root, "offset", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "offset", NFT_TYPE_U32, &uval32, + err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_OFFSET, uval32); - if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_LEN, uval32); @@ -234,14 +236,15 @@ nft_rule_expr_payload_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_payload *payload = nft_expr_data(e); const char *base_str; int32_t reg, base; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST); + reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err); if (reg < 0) return -1; @@ -249,7 +252,7 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) e->flags |= (1 << NFT_EXPR_PAYLOAD_DREG); base_str = nft_mxml_str_parse(tree, "base", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (base_str == NULL) return -1; @@ -262,13 +265,14 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) if (nft_mxml_num_parse(tree, "offset", MXML_DESCEND_FIRST, BASE_DEC, &payload->offset, NFT_TYPE_U8, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_PAYLOAD_OFFSET); if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, - &payload->len, NFT_TYPE_U8, NFT_XML_MAND) != 0) + &payload->len, NFT_TYPE_U8, + NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_EXPR_PAYLOAD_LEN); diff --git a/src/expr/reject.c b/src/expr/reject.c index 848f004..c06b070 100644 --- a/src/expr/reject.c +++ b/src/expr/reject.c @@ -122,18 +122,19 @@ nft_rule_expr_reject_parse(struct nft_rule_expr *e, struct nlattr *attr) } static int -nft_rule_expr_reject_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_reject_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING uint32_t type; uint16_t code; - if (nft_jansson_parse_val(root, "type", NFT_TYPE_U32, &type) < 0) + if (nft_jansson_parse_val(root, "type", NFT_TYPE_U32, &type, err) < 0) return -1; nft_rule_expr_set_u32(e, NFT_EXPR_REJECT_TYPE, type); - if (nft_jansson_parse_val(root, "code", NFT_TYPE_U8, &code) < 0) + if (nft_jansson_parse_val(root, "code", NFT_TYPE_U8, &code, err) < 0) return -1; nft_rule_expr_set_u8(e, NFT_EXPR_REJECT_CODE, code); @@ -146,19 +147,22 @@ nft_rule_expr_reject_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_reject_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_reject_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_reject *reject = nft_expr_data(e); if (nft_mxml_num_parse(tree, "type", MXML_DESCEND_FIRST, BASE_DEC, - &reject->type, NFT_TYPE_U32, NFT_XML_MAND) != 0) + &reject->type, NFT_TYPE_U32, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_REJECT_TYPE); if (nft_mxml_num_parse(tree, "code", MXML_DESCEND_FIRST, BASE_DEC, - &reject->icmp_code, NFT_TYPE_U8, NFT_XML_MAND) != 0) + &reject->icmp_code, NFT_TYPE_U8, NFT_XML_MAND, + err) != 0) return -1; e->flags |= (1 << NFT_EXPR_REJECT_CODE); diff --git a/src/expr/target.c b/src/expr/target.c index 23dff3a..071fb07 100644 --- a/src/expr/target.c +++ b/src/expr/target.c @@ -171,12 +171,13 @@ static int nft_rule_expr_target_parse(struct nft_rule_expr *e, struct nlattr *at } static int -nft_rule_expr_target_json_parse(struct nft_rule_expr *e, json_t *root) +nft_rule_expr_target_json_parse(struct nft_rule_expr *e, json_t *root, + struct nft_parse_err *err) { #ifdef JSON_PARSING const char *name; - name = nft_jansson_parse_str(root, "name"); + name = nft_jansson_parse_str(root, "name", err); if (name == NULL) return -1; @@ -190,14 +191,15 @@ nft_rule_expr_target_json_parse(struct nft_rule_expr *e, json_t *root) } static int -nft_rule_expr_target_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) +nft_rule_expr_target_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err) { #ifdef XML_PARSING struct nft_expr_target *tg = nft_expr_data(e); const char *name; name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (name == NULL) return -1; diff --git a/src/expr_ops.h b/src/expr_ops.h index 26e0b82..b06f575 100644 --- a/src/expr_ops.h +++ b/src/expr_ops.h @@ -29,8 +29,10 @@ struct expr_ops { int (*parse)(struct nft_rule_expr *e, struct nlattr *attr); void (*build)(struct nlmsghdr *nlh, struct nft_rule_expr *e); int (*snprintf)(char *buf, size_t len, uint32_t type, uint32_t flags, struct nft_rule_expr *e); - int (*xml_parse)(struct nft_rule_expr *e, mxml_node_t *tree); - int (*json_parse)(struct nft_rule_expr *e, json_t *data); + int (*xml_parse)(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err); + int (*json_parse)(struct nft_rule_expr *e, json_t *data, + struct nft_parse_err *err); }; void nft_expr_ops_register(struct expr_ops *ops); diff --git a/src/internal.h b/src/internal.h index f975ad1..9ef505f 100644 --- a/src/internal.h +++ b/src/internal.h @@ -13,6 +13,7 @@ #include #include +#include #define BASE_DEC 10 #define BASE_HEX 16 @@ -30,59 +31,94 @@ enum nft_type { NFT_TYPE_S64, }; +struct nft_parse_err { + int line; + int column; + int error; + const char *node_name; +}; + #ifdef XML_PARSING #include #define NFT_XML_MAND 0 #define NFT_XML_OPT (1 << 0) -mxml_node_t *nft_mxml_build_tree(const char *xml, const char *treename); -struct nft_rule_expr *nft_mxml_expr_parse(mxml_node_t *node); -int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags); +mxml_node_t *nft_mxml_build_tree(const char *xml, const char *treename, + struct nft_parse_err *err); +struct nft_rule_expr *nft_mxml_expr_parse(mxml_node_t *node, + struct nft_parse_err *err); +int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags, + struct nft_parse_err *err); union nft_data_reg; -int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, union nft_data_reg *data_reg, uint16_t flags); -int nft_mxml_num_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags, int base, void *number, enum nft_type type, uint16_t flags); -const char *nft_mxml_str_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags, uint16_t flags); -int nft_mxml_family_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags, uint16_t flags); +int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, + union nft_data_reg *data_reg, uint16_t flags, + struct nft_parse_err *err); +int nft_mxml_num_parse(mxml_node_t *tree, const char *node_name, + uint32_t mxml_flags, int base, void *number, + enum nft_type type, uint16_t flags, + struct nft_parse_err *err); +const char *nft_mxml_str_parse(mxml_node_t *tree, const char *node_name, + uint32_t mxml_flags, uint16_t flags, + struct nft_parse_err *err); +int nft_mxml_family_parse(mxml_node_t *tree, const char *node_name, + uint32_t mxml_flags, uint16_t flags, + struct nft_parse_err *err); struct nft_set_elem; -int nft_mxml_set_elem_parse(mxml_node_t *node, struct nft_set_elem *e); +int nft_mxml_set_elem_parse(mxml_node_t *node, struct nft_set_elem *e, + struct nft_parse_err *err); struct nft_table; -int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t); +int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t, + struct nft_parse_err *err); struct nft_chain; -int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c); +int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c, + struct nft_parse_err *err); struct nft_rule; -int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r); +int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r, + struct nft_parse_err *err); struct nft_set; -int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s); +int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s, + struct nft_parse_err *err); #endif #ifdef JSON_PARSING #include + int nft_jansson_parse_val(json_t *root, const char *node_name, int type, - void *out); -const char *nft_jansson_parse_str(json_t *root, const char *node_name); + void *out, struct nft_parse_err *err); +const char *nft_jansson_parse_str(json_t *root, const char *node_name, + struct nft_parse_err *err); bool nft_jansson_node_exist(json_t *root, const char *node_name); -json_t *nft_jansson_create_root(const char *json, json_error_t *err); -json_t *nft_jansson_get_node(json_t *root, const char *node_name); +json_t *nft_jansson_create_root(const char *json, json_error_t *error, + struct nft_parse_err *err); +json_t *nft_jansson_get_node(json_t *root, const char *node_name, + struct nft_parse_err *err); void nft_jansson_free_root(json_t *root); -int nft_jansson_parse_family(json_t *root, void *out); -int nft_jansson_str2num(json_t *root, const char *node_name, int base, - void *out, enum nft_type type); +int nft_jansson_parse_family(json_t *root, void *out, struct nft_parse_err *err); +int nft_jansson_str2num(json_t *root, const char *node_name, int base, void *out, + enum nft_type type, struct nft_parse_err *err); int nft_jansson_parse_reg(json_t *root, const char *node_name, int type, - void *out); -struct nft_rule_expr *nft_jansson_expr_parse(json_t *root); + void *out, struct nft_parse_err *err); +struct nft_rule_expr *nft_jansson_expr_parse(json_t *root, + struct nft_parse_err *err); union nft_data_reg; int nft_jansson_data_reg_parse(json_t *root, const char *node_name, - union nft_data_reg *data_reg); + union nft_data_reg *data_reg, + struct nft_parse_err *err); struct nft_set_elem; -int nft_set_elem_json_parse(struct nft_set_elem *e, json_t *root); +int nft_set_elem_json_parse(struct nft_set_elem *e, json_t *root, + struct nft_parse_err *err); struct nft_table; -int nft_jansson_parse_table(struct nft_table *t, json_t *tree); +int nft_jansson_parse_table(struct nft_table *t, json_t *tree, + struct nft_parse_err *err); struct nft_chain; -int nft_jansson_parse_chain(struct nft_chain *c, json_t *tree); +int nft_jansson_parse_chain(struct nft_chain *c, json_t *tree, + struct nft_parse_err *err); struct nft_rule; -int nft_jansson_parse_rule(struct nft_rule *r, json_t *tree); +int nft_jansson_parse_rule(struct nft_rule *r, json_t *tree, + struct nft_parse_err *err); struct nft_set; -int nft_jansson_parse_set(struct nft_set *s, json_t *tree); +int nft_jansson_parse_set(struct nft_set *s, json_t *tree, + struct nft_parse_err *err); #endif const char *nft_family2str(uint32_t family); diff --git a/src/jansson.c b/src/jansson.c index 539f9ab..54a56b9 100644 --- a/src/jansson.c +++ b/src/jansson.c @@ -24,17 +24,21 @@ #ifdef JSON_PARSING static int nft_jansson_load_int_node(json_t *root, const char *node_name, - json_int_t *val) + json_int_t *val, struct nft_parse_err *err) { json_t *node; node = json_object_get(root, node_name); if (node == NULL) { + err->error = NFT_PARSE_EMISSINGNODE; + err->node_name = node_name; errno = EINVAL; return -1; } if (!json_is_integer(node)) { + err->error = NFT_PARSE_EBADTYPE; + err->node_name = node_name; errno = ERANGE; return -1; } @@ -43,27 +47,35 @@ static int nft_jansson_load_int_node(json_t *root, const char *node_name, return 0; } -const char *nft_jansson_parse_str(json_t *root, const char *node_name) +const char *nft_jansson_parse_str(json_t *root, const char *node_name, + struct nft_parse_err *err) { json_t *node; const char *val; node = json_object_get(root, node_name); if (node == NULL) { + err->error = NFT_PARSE_EMISSINGNODE; + err->node_name = node_name; errno = EINVAL; return NULL; } + val = json_string_value(node); + if (val == NULL) { + err->error = NFT_PARSE_EBADTYPE; + err->node_name = node_name; + } return val; } int nft_jansson_parse_val(json_t *root, const char *node_name, int type, - void *out) + void *out, struct nft_parse_err *err) { json_int_t val; - if (nft_jansson_load_int_node(root, node_name, &val) == -1) + if (nft_jansson_load_int_node(root, node_name, &val, err) == -1) return -1; if (nft_get_value(type, &val, out) == -1) @@ -77,12 +89,17 @@ bool nft_jansson_node_exist(json_t *root, const char *node_name) return json_object_get(root, node_name) != NULL; } -json_t *nft_jansson_create_root(const char *json, json_error_t *err) +json_t *nft_jansson_create_root(const char *json, json_error_t *error, + struct nft_parse_err *err) { json_t *root; - root = json_loadb(json, strlen(json), 0, err); + root = json_loadb(json, strlen(json), 0, error); if (root == NULL) { + err->error = NFT_PARSE_EBADINPUT; + err->line = error->line; + err->column = error->column; + err->node_name = error->source; errno = EINVAL; return NULL; } @@ -90,12 +107,15 @@ json_t *nft_jansson_create_root(const char *json, json_error_t *err) return root; } -json_t *nft_jansson_get_node(json_t *root, const char *node_name) +json_t *nft_jansson_get_node(json_t *root, const char *node_name, + struct nft_parse_err *err) { json_t *node; node = json_object_get(root, node_name); if (node == NULL) { + err->error = NFT_PARSE_EMISSINGNODE; + err->node_name = node_name; errno = EINVAL; return NULL; } @@ -108,17 +128,18 @@ void nft_jansson_free_root(json_t *root) json_decref(root); } -int nft_jansson_parse_family(json_t *root, void *out) +int nft_jansson_parse_family(json_t *root, void *out, struct nft_parse_err *err) { const char *str; int family; - str = nft_jansson_parse_str(root, "family"); + str = nft_jansson_parse_str(root, "family", err); if (str == NULL) return -1; family = nft_str2family(str); if (family < 0) { + err->node_name = "family"; errno = EINVAL; return -1; } @@ -128,9 +149,9 @@ int nft_jansson_parse_family(json_t *root, void *out) } int nft_jansson_parse_reg(json_t *root, const char *node_name, int type, - void *out) + void *out, struct nft_parse_err *err) { - if (nft_jansson_parse_val(root, node_name, type, out) < 0) + if (nft_jansson_parse_val(root, node_name, type, out, err) < 0) return -1; if (*((uint32_t *)out) > NFT_REG_MAX){ @@ -142,38 +163,42 @@ int nft_jansson_parse_reg(json_t *root, const char *node_name, int type, } int nft_jansson_str2num(json_t *root, const char *node_name, int base, - void *out, enum nft_type type) + void *out, enum nft_type type, struct nft_parse_err *err) { const char *str; - str = nft_jansson_parse_str(root, node_name); + str = nft_jansson_parse_str(root, node_name, err); if (str == NULL) return -1; return nft_strtoi(str, base, out, type); } -struct nft_rule_expr *nft_jansson_expr_parse(json_t *root) +struct nft_rule_expr *nft_jansson_expr_parse(json_t *root, + struct nft_parse_err *err) { struct nft_rule_expr *e; const char *type; int ret; - type = nft_jansson_parse_str(root, "type"); + type = nft_jansson_parse_str(root, "type", err); if (type == NULL) return NULL; e = nft_rule_expr_alloc(type); - if (e == NULL) - return NULL;; + if (e == NULL) { + err->node_name = "type"; + return NULL; + } - ret = e->ops->json_parse(e, root); + ret = e->ops->json_parse(e, root, err); return ret < 0 ? NULL : e; } int nft_jansson_data_reg_parse(json_t *root, const char *node_name, - union nft_data_reg *data_reg) + union nft_data_reg *data_reg, + struct nft_parse_err *err) { json_t *data; const char *type; @@ -181,24 +206,27 @@ int nft_jansson_data_reg_parse(json_t *root, const char *node_name, data = json_object_get(root, node_name); if (data == NULL) { + err->error = NFT_PARSE_EMISSINGNODE; + err->node_name = node_name; errno = EINVAL; return -1; } data = json_object_get(data, "data_reg"); if (data == NULL) { + err->error = NFT_PARSE_EMISSINGNODE; + err->node_name = "data_reg"; errno = EINVAL; return -1; } - ret = nft_data_reg_json_parse(data_reg, data); - + ret = nft_data_reg_json_parse(data_reg, data, err); if (ret < 0) { errno = EINVAL; return -1; } - type = nft_jansson_parse_str(data, "type"); + type = nft_jansson_parse_str(data, "type", err); if (type == NULL) return -1; @@ -209,29 +237,32 @@ int nft_jansson_data_reg_parse(json_t *root, const char *node_name, else if (strcmp(type, "chain") == 0) return DATA_CHAIN; else { + err->error = NFT_PARSE_EBADTYPE; + err->node_name = "type"; errno = EINVAL; return -1; } } -int nft_set_elem_json_parse(struct nft_set_elem *e, json_t *root) +int nft_set_elem_json_parse(struct nft_set_elem *e, json_t *root, + struct nft_parse_err *err) { uint32_t uval32; int set_elem_data; - if (nft_jansson_parse_val(root, "flags", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "flags", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_set_elem_attr_set_u32(e, NFT_SET_ELEM_ATTR_FLAGS, uval32); - if (nft_jansson_data_reg_parse(root, "key", &e->key) != DATA_VALUE) + if (nft_jansson_data_reg_parse(root, "key", &e->key, err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_SET_ELEM_ATTR_KEY); if (nft_jansson_node_exist(root, "data")) { set_elem_data = nft_jansson_data_reg_parse(root, "data", - &e->data); + &e->data, err); switch (set_elem_data) { case DATA_VALUE: e->flags |= (1 << NFT_SET_ELEM_ATTR_DATA); diff --git a/src/libnftables.map b/src/libnftables.map index 7dc9aee..be5c783 100644 --- a/src/libnftables.map +++ b/src/libnftables.map @@ -184,5 +184,9 @@ global: nft_nlmsg_build_hdr; + nft_parse_err_alloc; + nft_parse_err_free; + nft_parse_perror; + local: *; }; diff --git a/src/mxml.c b/src/mxml.c index 82156b7..bd09bb3 100644 --- a/src/mxml.c +++ b/src/mxml.c @@ -22,13 +22,18 @@ #include #ifdef XML_PARSING -mxml_node_t *nft_mxml_build_tree(const char *xml, const char *treename) +mxml_node_t *nft_mxml_build_tree(const char *xml, const char *treename, + struct nft_parse_err *err) { mxml_node_t *tree; tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK); - if (tree == NULL) + if (tree == NULL) { + err->error = NFT_PARSE_EBADINPUT; + err->line = 0; + err->column = 0; goto err; + } if (strcmp(tree->value.opaque, treename) == 0) return tree; @@ -39,7 +44,8 @@ err: return NULL; } -struct nft_rule_expr *nft_mxml_expr_parse(mxml_node_t *node) +struct nft_rule_expr *nft_mxml_expr_parse(mxml_node_t *node, + struct nft_parse_err *err) { mxml_node_t *tree; struct nft_rule_expr *e; @@ -48,8 +54,11 @@ struct nft_rule_expr *nft_mxml_expr_parse(mxml_node_t *node) int ret; expr_name = mxmlElementGetAttr(node, "type"); - if (expr_name == NULL) + if (expr_name == NULL) { + err->node_name = "type"; + err->error = NFT_PARSE_EMISSINGNODE; goto err; + } e = nft_rule_expr_alloc(expr_name); if (e == NULL) @@ -65,7 +74,7 @@ struct nft_rule_expr *nft_mxml_expr_parse(mxml_node_t *node) if (tree == NULL) goto err_expr; - ret = e->ops->xml_parse(e, tree); + ret = e->ops->xml_parse(e, tree, err); mxmlDelete(tree); return ret < 0 ? NULL : e; @@ -77,20 +86,24 @@ err: return NULL; } -int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags) +int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags, + struct nft_parse_err *err) { mxml_node_t *node; uint64_t val; node = mxmlFindElement(tree, tree, reg_name, NULL, NULL, flags); if (node == NULL) { + err->error = NFT_PARSE_EMISSINGNODE; errno = EINVAL; goto err; } if (nft_strtoi(node->child->value.opaque, BASE_DEC, &val, - NFT_TYPE_U64) != 0) + NFT_TYPE_U64) != 0) { + err->error = NFT_PARSE_EBADTYPE; goto err; + } if (val > NFT_REG_MAX) { errno = ERANGE; @@ -98,73 +111,101 @@ int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags) } return val; err: + err->node_name = reg_name; return -1; } int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, - union nft_data_reg *data_reg, uint16_t flags) + union nft_data_reg *data_reg, uint16_t flags, + struct nft_parse_err *err) { mxml_node_t *node; node = mxmlFindElement(tree, tree, node_name, NULL, NULL, MXML_DESCEND_FIRST); if (node == NULL || node->child == NULL) { - if (!(flags & NFT_XML_OPT)) + if (!(flags & NFT_XML_OPT)) { + err->error = NFT_PARSE_EMISSINGNODE; + err->node_name = node_name; errno = EINVAL; + } return DATA_NONE; } - return nft_data_reg_xml_parse(data_reg, node); + return nft_data_reg_xml_parse(data_reg, node, err); } int nft_mxml_num_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags, int base, void *number, - enum nft_type type, uint16_t flags) + enum nft_type type, uint16_t flags, + struct nft_parse_err *err) { mxml_node_t *node = NULL; + int ret; node = mxmlFindElement(tree, tree, node_name, NULL, NULL, mxml_flags); if (node == NULL || node->child == NULL) { - if (!(flags & NFT_XML_OPT)) + if (!(flags & NFT_XML_OPT)) { errno = EINVAL; - + err->node_name = node_name; + err->error = NFT_PARSE_EMISSINGNODE; + } return -1; } - return nft_strtoi(node->child->value.opaque, base, number, type); + + ret = nft_strtoi(node->child->value.opaque, base, number, type); + + if (ret != 0) { + err->error = NFT_PARSE_EBADTYPE; + err->node_name = node_name; + } + return ret; } const char *nft_mxml_str_parse(mxml_node_t *tree, const char *node_name, - uint32_t mxml_flags, uint16_t flags) + uint32_t mxml_flags, uint16_t flags, + struct nft_parse_err *err) { mxml_node_t *node; + const char *ret; node = mxmlFindElement(tree, tree, node_name, NULL, NULL, mxml_flags); if (node == NULL || node->child == NULL) { - if (!(flags & NFT_XML_OPT)) + if (!(flags & NFT_XML_OPT)) { errno = EINVAL; - + err->node_name = node_name; + err->error = NFT_PARSE_EMISSINGNODE; + } return NULL; } - return node->child->value.opaque; + ret = node->child->value.opaque; + if (ret == NULL) { + err->node_name = node_name; + err->error = NFT_PARSE_EBADTYPE; + } + return ret; } int nft_mxml_family_parse(mxml_node_t *tree, const char *node_name, - uint32_t mxml_flags, uint16_t flags) + uint32_t mxml_flags, uint16_t flags, + struct nft_parse_err *err) { const char *family_str; int family; family_str = nft_mxml_str_parse(tree, node_name, mxml_flags, - flags); + flags, err); if (family_str == NULL) return -1; family = nft_str2family(family_str); - if (family < 0) + if (family < 0) { + err->node_name = node_name; errno = EAFNOSUPPORT; + } return family; } diff --git a/src/rule.c b/src/rule.c index 280350a..2e35aba 100644 --- a/src/rule.c +++ b/src/rule.c @@ -442,7 +442,8 @@ int nft_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_rule *r) EXPORT_SYMBOL(nft_rule_nlmsg_parse); #ifdef JSON_PARSING -int nft_jansson_parse_rule(struct nft_rule *r, json_t *tree) +int nft_jansson_parse_rule(struct nft_rule *r, json_t *tree, + struct nft_parse_err *err) { json_t *root, *array; struct nft_rule_expr *e; @@ -451,28 +452,29 @@ int nft_jansson_parse_rule(struct nft_rule *r, json_t *tree) uint32_t uval32; int i, family; - root = nft_jansson_get_node(tree, "rule"); + root = nft_jansson_get_node(tree, "rule", err); if (root == NULL) return -1; - if (nft_jansson_parse_family(root, &family) != 0) + if (nft_jansson_parse_family(root, &family, err) != 0) goto err; nft_rule_attr_set_u32(r, NFT_RULE_ATTR_FAMILY, family); - str = nft_jansson_parse_str(root, "table"); + str = nft_jansson_parse_str(root, "table", err); if (str == NULL) goto err; nft_rule_attr_set_str(r, NFT_RULE_ATTR_TABLE, str); - str = nft_jansson_parse_str(root, "chain"); + str = nft_jansson_parse_str(root, "chain", err); if (str == NULL) goto err; nft_rule_attr_set_str(r, NFT_RULE_ATTR_CHAIN, str); - if (nft_jansson_parse_val(root, "handle", NFT_TYPE_U64, &uval64) < 0) + if (nft_jansson_parse_val(root, "handle", NFT_TYPE_U64, &uval64, + err) < 0) goto err; nft_rule_attr_set_u64(r, NFT_RULE_ATTR_HANDLE, uval64); @@ -480,13 +482,13 @@ int nft_jansson_parse_rule(struct nft_rule *r, json_t *tree) if (nft_jansson_node_exist(root, "compat_proto") || nft_jansson_node_exist(root, "compat_flags")) { if (nft_jansson_parse_val(root, "compat_proto", NFT_TYPE_U32, - &uval32) < 0) + &uval32, err) < 0) goto err; nft_rule_attr_set_u32(r, NFT_RULE_ATTR_COMPAT_PROTO, uval32); if (nft_jansson_parse_val(root, "compat_flags", NFT_TYPE_U32, - &uval32) < 0) + &uval32, err) < 0) goto err; nft_rule_attr_set_u32(r, NFT_RULE_ATTR_COMPAT_FLAGS, uval32); @@ -494,19 +496,22 @@ int nft_jansson_parse_rule(struct nft_rule *r, json_t *tree) if (nft_jansson_node_exist(root, "position")) { if (nft_jansson_parse_val(root, "position", NFT_TYPE_U64, - &uval64) < 0) + &uval64, err) < 0) goto err; nft_rule_attr_set_u64(r, NFT_RULE_ATTR_POSITION, uval64); } array = json_object_get(root, "expr"); - if (array == NULL) + if (array == NULL) { + err->error = NFT_PARSE_EMISSINGNODE; + err->node_name = "expr"; goto err; + } for (i = 0; i < json_array_size(array); ++i) { - e = nft_jansson_expr_parse(json_array_get(array, i)); + e = nft_jansson_expr_parse(json_array_get(array, i), err); if (e == NULL) goto err; @@ -521,17 +526,18 @@ err: } #endif -static int nft_rule_json_parse(struct nft_rule *r, const char *json) +static int nft_rule_json_parse(struct nft_rule *r, const char *json, + struct nft_parse_err *err) { #ifdef JSON_PARSING json_t *tree; json_error_t error; - tree = nft_jansson_create_root(json, &error); + tree = nft_jansson_create_root(json, &error, err); if (tree == NULL) return -1; - return nft_jansson_parse_rule(r, tree); + return nft_jansson_parse_rule(r, tree, err); #else errno = EOPNOTSUPP; return -1; @@ -539,7 +545,8 @@ static int nft_rule_json_parse(struct nft_rule *r, const char *json) } #ifdef XML_PARSING -int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r) +int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r, + struct nft_parse_err *err) { mxml_node_t *node; struct nft_rule_expr *e; @@ -547,7 +554,7 @@ int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r) int family; family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (family < 0) return -1; @@ -555,7 +562,7 @@ int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r) r->flags |= (1 << NFT_RULE_ATTR_FAMILY); table = nft_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (table == NULL) return -1; @@ -566,7 +573,7 @@ int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r) r->flags |= (1 << NFT_RULE_ATTR_TABLE); chain = nft_mxml_str_parse(tree, "chain", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (chain == NULL) return -1; @@ -577,19 +584,19 @@ int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r) r->flags |= (1 << NFT_RULE_ATTR_CHAIN); if (nft_mxml_num_parse(tree, "handle", MXML_DESCEND_FIRST, BASE_DEC, - &r->handle, NFT_TYPE_U64, NFT_XML_MAND) != 0) + &r->handle, NFT_TYPE_U64, NFT_XML_MAND, err) != 0) return -1; r->flags |= (1 << NFT_RULE_ATTR_HANDLE); if (nft_mxml_num_parse(tree, "compat_proto", MXML_DESCEND_FIRST, BASE_DEC, &r->compat.proto, NFT_TYPE_U32, - NFT_XML_OPT) >= 0) + NFT_XML_OPT, err) >= 0) r->flags |= (1 << NFT_RULE_ATTR_COMPAT_PROTO); if (nft_mxml_num_parse(tree, "compat_flags", MXML_DESCEND_FIRST, BASE_DEC, &r->compat.flags, NFT_TYPE_U32, - NFT_XML_OPT) >= 0) + NFT_XML_OPT, err) >= 0) r->flags |= (1 << NFT_RULE_ATTR_COMPAT_FLAGS); if (nft_rule_attr_is_set(r, NFT_RULE_ATTR_COMPAT_PROTO) != @@ -600,7 +607,7 @@ int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r) if (nft_mxml_num_parse(tree, "position", MXML_DESCEND_FIRST, BASE_DEC, &r->position, NFT_TYPE_U64, - NFT_XML_OPT) >= 0) + NFT_XML_OPT, err) >= 0) r->flags |= (1 << NFT_RULE_ATTR_POSITION); /* Iterating over */ @@ -609,7 +616,7 @@ int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r) node != NULL; node = mxmlFindElement(node, tree, "expr", "type", NULL, MXML_DESCEND)) { - e = nft_mxml_expr_parse(node); + e = nft_mxml_expr_parse(node, err); if (e == NULL) return -1; @@ -620,15 +627,16 @@ int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r) } #endif -static int nft_rule_xml_parse(struct nft_rule *r, const char *xml) +static int nft_rule_xml_parse(struct nft_rule *r, const char *xml, + struct nft_parse_err *err) { #ifdef XML_PARSING int ret; - mxml_node_t *tree = nft_mxml_build_tree(xml, "rule"); + mxml_node_t *tree = nft_mxml_build_tree(xml, "rule", err); if (tree == NULL) return -1; - ret = nft_mxml_rule_parse(tree, r); + ret = nft_mxml_rule_parse(tree, r, err); mxmlDelete(tree); return ret; #else @@ -638,22 +646,25 @@ static int nft_rule_xml_parse(struct nft_rule *r, const char *xml) } int nft_rule_parse(struct nft_rule *r, enum nft_parse_type type, - const char *data) + const char *data, struct nft_parse_err *err) { int ret; + struct nft_parse_err perr; switch (type) { case NFT_PARSE_XML: - ret = nft_rule_xml_parse(r, data); + ret = nft_rule_xml_parse(r, data, &perr); break; case NFT_PARSE_JSON: - ret = nft_rule_json_parse(r, data); + ret = nft_rule_json_parse(r, data, &perr); break; default: ret = -1; errno = EOPNOTSUPP; break; } + if (err != NULL) + *err = perr; return ret; } diff --git a/src/ruleset.c b/src/ruleset.c index f591382..a12efa9 100644 --- a/src/ruleset.c +++ b/src/ruleset.c @@ -132,7 +132,8 @@ const void *nft_ruleset_attr_get(const struct nft_ruleset *r, uint16_t attr) EXPORT_SYMBOL(nft_ruleset_attr_get); #ifdef JSON_PARSING -static int nft_ruleset_json_parse_tables(struct nft_ruleset *rs, json_t *array) +static int nft_ruleset_json_parse_tables(struct nft_ruleset *rs, json_t *array, + struct nft_parse_err *err) { int i, len; json_t *node; @@ -161,7 +162,7 @@ static int nft_ruleset_json_parse_tables(struct nft_ruleset *rs, json_t *array) goto err; } - if (nft_jansson_parse_table(o, node) < 0) { + if (nft_jansson_parse_table(o, node, err) < 0) { nft_table_free(o); goto err; } @@ -180,7 +181,8 @@ err: return -1; } -static int nft_ruleset_json_parse_chains(struct nft_ruleset *rs, json_t *array) +static int nft_ruleset_json_parse_chains(struct nft_ruleset *rs, json_t *array, + struct nft_parse_err *err) { int i, len; json_t *node; @@ -209,7 +211,7 @@ static int nft_ruleset_json_parse_chains(struct nft_ruleset *rs, json_t *array) goto err; } - if (nft_jansson_parse_chain(o, node) < 0) { + if (nft_jansson_parse_chain(o, node, err) < 0) { nft_chain_free(o); goto err; } @@ -228,7 +230,8 @@ err: return -1; } -static int nft_ruleset_json_parse_sets(struct nft_ruleset *rs, json_t *array) +static int nft_ruleset_json_parse_sets(struct nft_ruleset *rs, json_t *array, + struct nft_parse_err *err) { int i, len; json_t *node; @@ -257,7 +260,7 @@ static int nft_ruleset_json_parse_sets(struct nft_ruleset *rs, json_t *array) goto err; } - if (nft_jansson_parse_set(s, node) < 0) { + if (nft_jansson_parse_set(s, node, err) < 0) { nft_set_free(s); goto err; } @@ -276,7 +279,8 @@ err: return -1; } -static int nft_ruleset_json_parse_rules(struct nft_ruleset *rs, json_t *array) +static int nft_ruleset_json_parse_rules(struct nft_ruleset *rs, json_t *array, + struct nft_parse_err *err) { int i, len; json_t *node; @@ -305,7 +309,7 @@ static int nft_ruleset_json_parse_rules(struct nft_ruleset *rs, json_t *array) goto err; } - if (nft_jansson_parse_rule(o, node) < 0) { + if (nft_jansson_parse_rule(o, node, err) < 0) { nft_rule_free(o); goto err; } @@ -326,13 +330,14 @@ err: #endif -static int nft_ruleset_json_parse(struct nft_ruleset *rs, const char *json) +static int nft_ruleset_json_parse(struct nft_ruleset *rs, const char *json, + struct nft_parse_err *err) { #ifdef JSON_PARSING json_t *root, *array; json_error_t error; - root = nft_jansson_create_root(json, &error); + root = nft_jansson_create_root(json, &error, err); if (root == NULL) return -1; @@ -342,16 +347,16 @@ static int nft_ruleset_json_parse(struct nft_ruleset *rs, const char *json) goto err; } - if (nft_ruleset_json_parse_tables(rs, array) != 0) + if (nft_ruleset_json_parse_tables(rs, array, err) != 0) goto err; - if (nft_ruleset_json_parse_chains(rs, array) != 0) + if (nft_ruleset_json_parse_chains(rs, array, err) != 0) goto err; - if (nft_ruleset_json_parse_sets(rs, array) != 0) + if (nft_ruleset_json_parse_sets(rs, array, err) != 0) goto err; - if (nft_ruleset_json_parse_rules(rs, array) != 0) + if (nft_ruleset_json_parse_rules(rs, array, err) != 0) goto err; nft_jansson_free_root(root); @@ -367,7 +372,8 @@ err: #ifdef XML_PARSING static int -nft_ruleset_xml_parse_tables(struct nft_ruleset *rs, mxml_node_t *tree) +nft_ruleset_xml_parse_tables(struct nft_ruleset *rs, mxml_node_t *tree, + struct nft_parse_err *err) { mxml_node_t *node; struct nft_table *t; @@ -386,7 +392,7 @@ nft_ruleset_xml_parse_tables(struct nft_ruleset *rs, mxml_node_t *tree) if (t == NULL) goto err_free; - if (nft_mxml_table_parse(node, t) != 0) { + if (nft_mxml_table_parse(node, t, err) != 0) { nft_table_free(t); goto err_free; } @@ -407,7 +413,8 @@ err_free: } static int -nft_ruleset_xml_parse_chains(struct nft_ruleset *rs, mxml_node_t *tree) +nft_ruleset_xml_parse_chains(struct nft_ruleset *rs, mxml_node_t *tree, + struct nft_parse_err *err) { mxml_node_t *node; struct nft_chain *c; @@ -426,7 +433,7 @@ nft_ruleset_xml_parse_chains(struct nft_ruleset *rs, mxml_node_t *tree) if (c == NULL) goto err_free; - if (nft_mxml_chain_parse(node, c) != 0) { + if (nft_mxml_chain_parse(node, c, err) != 0) { nft_chain_free(c); goto err_free; } @@ -447,7 +454,8 @@ err_free: } static int -nft_ruleset_xml_parse_sets(struct nft_ruleset *rs, mxml_node_t *tree) +nft_ruleset_xml_parse_sets(struct nft_ruleset *rs, mxml_node_t *tree, + struct nft_parse_err *err) { mxml_node_t *node; struct nft_set *s; @@ -466,7 +474,7 @@ nft_ruleset_xml_parse_sets(struct nft_ruleset *rs, mxml_node_t *tree) if (s == NULL) goto err_free; - if (nft_mxml_set_parse(node, s) != 0) { + if (nft_mxml_set_parse(node, s, err) != 0) { nft_set_free(s); goto err_free; } @@ -486,7 +494,8 @@ err_free: } static int -nft_ruleset_xml_parse_rules(struct nft_ruleset *rs, mxml_node_t *tree) +nft_ruleset_xml_parse_rules(struct nft_ruleset *rs, mxml_node_t *tree, + struct nft_parse_err *err) { mxml_node_t *node; struct nft_rule *r; @@ -505,7 +514,7 @@ nft_ruleset_xml_parse_rules(struct nft_ruleset *rs, mxml_node_t *tree) if (r == NULL) goto err_free; - if (nft_mxml_rule_parse(node, r) != 0) { + if (nft_mxml_rule_parse(node, r, err) != 0) { nft_rule_free(r); goto err_free; } @@ -525,25 +534,26 @@ err_free: } #endif -static int nft_ruleset_xml_parse(struct nft_ruleset *rs, const char *xml) +static int nft_ruleset_xml_parse(struct nft_ruleset *rs, const char *xml, + struct nft_parse_err *err) { #ifdef XML_PARSING mxml_node_t *tree; - tree = nft_mxml_build_tree(xml, "nftables"); + tree = nft_mxml_build_tree(xml, "nftables", err); if (tree == NULL) return -1; - if (nft_ruleset_xml_parse_tables(rs, tree) != 0) + if (nft_ruleset_xml_parse_tables(rs, tree, err) != 0) goto err; - if (nft_ruleset_xml_parse_chains(rs, tree) != 0) + if (nft_ruleset_xml_parse_chains(rs, tree, err) != 0) goto err; - if (nft_ruleset_xml_parse_sets(rs, tree) != 0) + if (nft_ruleset_xml_parse_sets(rs, tree, err) != 0) goto err; - if (nft_ruleset_xml_parse_rules(rs, tree) != 0) + if (nft_ruleset_xml_parse_rules(rs, tree, err) != 0) goto err; mxmlDelete(tree); @@ -558,16 +568,16 @@ err: } int nft_ruleset_parse(struct nft_ruleset *r, enum nft_parse_type type, - const char *data) + const char *data, struct nft_parse_err *err) { int ret; switch (type) { case NFT_PARSE_XML: - ret = nft_ruleset_xml_parse(r, data); + ret = nft_ruleset_xml_parse(r, data, err); break; case NFT_PARSE_JSON: - ret = nft_ruleset_json_parse(r, data); + ret = nft_ruleset_json_parse(r, data, err); break; default: ret = -1; diff --git a/src/set.c b/src/set.c index c5204cc..32c7fff 100644 --- a/src/set.c +++ b/src/set.c @@ -283,7 +283,8 @@ int nft_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set *s) EXPORT_SYMBOL(nft_set_nlmsg_parse); #ifdef JSON_PARSING -int nft_jansson_parse_set(struct nft_set *s, json_t *tree) +int nft_jansson_parse_set(struct nft_set *s, json_t *tree, + struct nft_parse_err *err) { json_t *root, *array, *json_elem; uint32_t uval32; @@ -291,45 +292,47 @@ int nft_jansson_parse_set(struct nft_set *s, json_t *tree) const char *valstr; struct nft_set_elem *elem; - root = nft_jansson_get_node(tree, "set"); + root = nft_jansson_get_node(tree, "set", err); if (root == NULL) return -1; - valstr = nft_jansson_parse_str(root, "name"); + valstr = nft_jansson_parse_str(root, "name", err); if (valstr == NULL) return -1; nft_set_attr_set_str(s, NFT_SET_ATTR_NAME, valstr); - valstr = nft_jansson_parse_str(root, "table"); + valstr = nft_jansson_parse_str(root, "table", err); if (valstr == NULL) return -1; nft_set_attr_set_str(s, NFT_SET_ATTR_TABLE, valstr); - if (nft_jansson_parse_val(root, "flags", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "flags", NFT_TYPE_U32, &uval32, err) < 0) return -1; nft_set_attr_set_u32(s, NFT_SET_ATTR_FLAGS, uval32); - if (nft_jansson_parse_family(root, &family) < 0) + if (nft_jansson_parse_family(root, &family, err) < 0) return -1; nft_set_attr_set_u32(s, NFT_SET_ATTR_FAMILY, family); - if (nft_jansson_parse_val(root, "key_type", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "key_type", NFT_TYPE_U32, &uval32, + err) < 0) return -1; nft_set_attr_set_u32(s, NFT_SET_ATTR_KEY_TYPE, uval32); - if (nft_jansson_parse_val(root, "key_len", NFT_TYPE_U32, &uval32) < 0) + if (nft_jansson_parse_val(root, "key_len", NFT_TYPE_U32, &uval32, + err) < 0) return -1; nft_set_attr_set_u32(s, NFT_SET_ATTR_KEY_LEN, uval32); if (nft_jansson_node_exist(root, "data_type")) { if (nft_jansson_parse_val(root, "data_type", NFT_TYPE_U32, - &uval32) < 0) + &uval32, err) < 0) goto err; nft_set_attr_set_u32(s, NFT_SET_ATTR_DATA_TYPE, uval32); @@ -337,7 +340,7 @@ int nft_jansson_parse_set(struct nft_set *s, json_t *tree) if (nft_jansson_node_exist(root, "data_len")) { if (nft_jansson_parse_val(root, "data_len", NFT_TYPE_U32, - &uval32) < 0) + &uval32, err) < 0) goto err; nft_set_attr_set_u32(s, NFT_SET_ATTR_DATA_LEN, uval32); @@ -354,7 +357,7 @@ int nft_jansson_parse_set(struct nft_set *s, json_t *tree) if (json_elem == NULL) goto err; - if (nft_set_elem_json_parse(elem, json_elem) < 0) + if (nft_set_elem_json_parse(elem, json_elem, err) < 0) goto err; list_add_tail(&elem->head, &s->element_list); @@ -371,17 +374,18 @@ err: } #endif -static int nft_set_json_parse(struct nft_set *s, const char *json) +static int nft_set_json_parse(struct nft_set *s, const char *json, + struct nft_parse_err *err) { #ifdef JSON_PARSING json_t *tree; json_error_t error; - tree = nft_jansson_create_root(json, &error); + tree = nft_jansson_create_root(json, &error, err); if (tree == NULL) return -1; - return nft_jansson_parse_set(s, tree); + return nft_jansson_parse_set(s, tree, err); #else errno = EOPNOTSUPP; return -1; @@ -389,7 +393,8 @@ static int nft_set_json_parse(struct nft_set *s, const char *json) } #ifdef XML_PARSING -int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s) +int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s, + struct nft_parse_err *err) { mxml_node_t *node = NULL; struct nft_set_elem *elem; @@ -397,7 +402,7 @@ int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s) int family; name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (name == NULL) return -1; @@ -408,7 +413,7 @@ int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s) s->flags |= (1 << NFT_SET_ATTR_NAME); table = nft_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (table == NULL) return -1; @@ -419,7 +424,7 @@ int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s) s->flags |= (1 << NFT_SET_ATTR_TABLE); family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (family < 0) return -1; @@ -428,31 +433,31 @@ int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s) s->flags |= (1 << NFT_SET_ATTR_FAMILY); if (nft_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, BASE_DEC, - &s->set_flags, NFT_TYPE_U32, NFT_XML_MAND) != 0) + &s->set_flags, NFT_TYPE_U32, NFT_XML_MAND, err) != 0) return -1; s->flags |= (1 << NFT_SET_ATTR_FLAGS); if (nft_mxml_num_parse(tree, "key_type", MXML_DESCEND_FIRST, BASE_DEC, - &s->key_type, NFT_TYPE_U32, NFT_XML_MAND) != 0) + &s->key_type, NFT_TYPE_U32, NFT_XML_MAND, err) != 0) return -1; s->flags |= (1 << NFT_SET_ATTR_KEY_TYPE); if (nft_mxml_num_parse(tree, "key_len", MXML_DESCEND_FIRST, BASE_DEC, - &s->key_len, NFT_TYPE_U32, NFT_XML_MAND) != 0) + &s->key_len, NFT_TYPE_U32, NFT_XML_MAND, err) != 0) return -1; s->flags |= (1 << NFT_SET_ATTR_KEY_LEN); if (nft_mxml_num_parse(tree, "data_type", MXML_DESCEND_FIRST, BASE_DEC, - &s->data_type, NFT_TYPE_U32, NFT_XML_MAND) != 0) + &s->data_type, NFT_TYPE_U32, NFT_XML_MAND, err) != 0) return -1; s->flags |= (1 << NFT_SET_ATTR_DATA_TYPE); if (nft_mxml_num_parse(tree, "data_len", MXML_DESCEND_FIRST, BASE_DEC, - &s->data_len, NFT_TYPE_U32, NFT_XML_MAND) != 0) + &s->data_len, NFT_TYPE_U32, NFT_XML_MAND, err) != 0) return -1; s->flags |= (1 << NFT_SET_ATTR_DATA_LEN); @@ -467,7 +472,7 @@ int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s) if (elem == NULL) return -1; - if (nft_mxml_set_elem_parse(node, elem) < 0) + if (nft_mxml_set_elem_parse(node, elem, err) < 0) return -1; list_add_tail(&elem->head, &s->element_list); @@ -477,15 +482,16 @@ int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s) } #endif -static int nft_set_xml_parse(struct nft_set *s, const char *xml) +static int nft_set_xml_parse(struct nft_set *s, const char *xml, + struct nft_parse_err *err) { #ifdef XML_PARSING int ret; - mxml_node_t *tree = nft_mxml_build_tree(xml, "set"); + mxml_node_t *tree = nft_mxml_build_tree(xml, "set", err); if (tree == NULL) return -1; - ret = nft_mxml_set_parse(tree, s); + ret = nft_mxml_set_parse(tree, s, err); mxmlDelete(tree); return ret; #else @@ -495,16 +501,17 @@ static int nft_set_xml_parse(struct nft_set *s, const char *xml) } int nft_set_parse(struct nft_set *s, enum nft_parse_type type, - const char *data) + const char *data, struct nft_parse_err *err) { int ret; + struct nft_parse_err perr; switch (type) { case NFT_PARSE_XML: - ret = nft_set_xml_parse(s, data); + ret = nft_set_xml_parse(s, data, &perr); break; case NFT_PARSE_JSON: - ret = nft_set_json_parse(s, data); + ret = nft_set_json_parse(s, data, &perr); break; default: ret = -1; @@ -512,6 +519,9 @@ int nft_set_parse(struct nft_set *s, enum nft_parse_type type, break; } + if (err != NULL) + *err = perr; + return ret; } EXPORT_SYMBOL(nft_set_parse); diff --git a/src/set_elem.c b/src/set_elem.c index fce9c1d..7365aff 100644 --- a/src/set_elem.c +++ b/src/set_elem.c @@ -357,26 +357,27 @@ int nft_set_elems_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set *s) EXPORT_SYMBOL(nft_set_elems_nlmsg_parse); #ifdef XML_PARSING -int nft_mxml_set_elem_parse(mxml_node_t *tree, struct nft_set_elem *e) +int nft_mxml_set_elem_parse(mxml_node_t *tree, struct nft_set_elem *e, + struct nft_parse_err *err) { int set_elem_data; if (nft_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, BASE_DEC, &e->set_elem_flags, - NFT_TYPE_U32, NFT_XML_MAND) != 0) + NFT_TYPE_U32, NFT_XML_MAND, err) != 0) return -1; e->flags |= (1 << NFT_SET_ELEM_ATTR_FLAGS); if (nft_mxml_data_reg_parse(tree, "key", &e->key, - NFT_XML_MAND) != DATA_VALUE) + NFT_XML_MAND, err) != DATA_VALUE) return -1; e->flags |= (1 << NFT_SET_ELEM_ATTR_KEY); /* is not mandatory */ set_elem_data = nft_mxml_data_reg_parse(tree, "data", - &e->data, NFT_XML_OPT); + &e->data, NFT_XML_OPT, err); switch (set_elem_data) { case DATA_VALUE: e->flags |= (1 << NFT_SET_ELEM_ATTR_DATA); @@ -393,17 +394,18 @@ int nft_mxml_set_elem_parse(mxml_node_t *tree, struct nft_set_elem *e) } #endif -static int nft_set_elem_xml_parse(struct nft_set_elem *e, const char *xml) +static int nft_set_elem_xml_parse(struct nft_set_elem *e, const char *xml, + struct nft_parse_err *err) { #ifdef XML_PARSING mxml_node_t *tree; int ret; - tree = nft_mxml_build_tree(xml, "set_elem"); + tree = nft_mxml_build_tree(xml, "set_elem", err); if (tree == NULL) return -1; - ret = nft_mxml_set_elem_parse(tree, e); + ret = nft_mxml_set_elem_parse(tree, e, err); mxmlDelete(tree); return ret; #else @@ -413,12 +415,13 @@ static int nft_set_elem_xml_parse(struct nft_set_elem *e, const char *xml) } int nft_set_elem_parse(struct nft_set_elem *e, - enum nft_parse_type type, const char *data) { + enum nft_parse_type type, const char *data, + struct nft_parse_err *err) { int ret; switch (type) { case NFT_PARSE_XML: - ret = nft_set_elem_xml_parse(e, data); + ret = nft_set_elem_xml_parse(e, data, err); break; default: errno = EOPNOTSUPP; diff --git a/src/table.c b/src/table.c index 9e20768..9b5f5c9 100644 --- a/src/table.c +++ b/src/table.c @@ -211,13 +211,14 @@ int nft_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_table *t) EXPORT_SYMBOL(nft_table_nlmsg_parse); #ifdef XML_PARSING -int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t) +int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t, + struct nft_parse_err *err) { const char *name; int family; name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (name == NULL) return -1; @@ -228,7 +229,7 @@ int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t) t->flags |= (1 << NFT_TABLE_ATTR_NAME); family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST, - NFT_XML_MAND); + NFT_XML_MAND, err); if (family < 0) return -1; @@ -237,7 +238,7 @@ int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t) if (nft_mxml_num_parse(tree, "flags", MXML_DESCEND, BASE_DEC, &t->table_flags, NFT_TYPE_U32, - NFT_XML_MAND) != 0) + NFT_XML_MAND, err) != 0) return -1; t->flags |= (1 << NFT_TABLE_ATTR_FLAGS); @@ -246,15 +247,16 @@ int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t) } #endif -static int nft_table_xml_parse(struct nft_table *t, const char *xml) +static int nft_table_xml_parse(struct nft_table *t, const char *xml, + struct nft_parse_err *err) { #ifdef XML_PARSING int ret; - mxml_node_t *tree = nft_mxml_build_tree(xml, "table"); + mxml_node_t *tree = nft_mxml_build_tree(xml, "table", err); if (tree == NULL) return -1; - ret = nft_mxml_table_parse(tree, t); + ret = nft_mxml_table_parse(tree, t, err); mxmlDelete(tree); return ret; #else @@ -264,29 +266,30 @@ static int nft_table_xml_parse(struct nft_table *t, const char *xml) } #ifdef JSON_PARSING -int nft_jansson_parse_table(struct nft_table *t, json_t *tree) +int nft_jansson_parse_table(struct nft_table *t, json_t *tree, + struct nft_parse_err *err) { json_t *root; uint32_t flags; const char *str; int family; - root = nft_jansson_get_node(tree, "table"); + root = nft_jansson_get_node(tree, "table", err); if (root == NULL) return -1; - str = nft_jansson_parse_str(root, "name"); + str = nft_jansson_parse_str(root, "name", err); if (str == NULL) goto err; nft_table_attr_set_str(t, NFT_TABLE_ATTR_NAME, str); - if (nft_jansson_parse_family(root, &family) != 0) + if (nft_jansson_parse_family(root, &family, err) != 0) goto err; nft_table_attr_set_u32(t, NFT_TABLE_ATTR_FAMILY, family); - if (nft_jansson_parse_val(root, "flags", NFT_TYPE_U32, &flags) < 0) + if (nft_jansson_parse_val(root, "flags", NFT_TYPE_U32, &flags, err) < 0) goto err; nft_table_attr_set_u32(t, NFT_TABLE_ATTR_FLAGS, flags); @@ -299,17 +302,18 @@ err: } #endif -static int nft_table_json_parse(struct nft_table *t, const char *json) +static int nft_table_json_parse(struct nft_table *t, const char *json, + struct nft_parse_err *err) { #ifdef JSON_PARSING json_t *tree; json_error_t error; - tree = nft_jansson_create_root(json, &error); + tree = nft_jansson_create_root(json, &error, err); if (tree == NULL) return -1; - return nft_jansson_parse_table(t, tree); + return nft_jansson_parse_table(t, tree, err); #else errno = EOPNOTSUPP; return -1; @@ -317,16 +321,17 @@ static int nft_table_json_parse(struct nft_table *t, const char *json) } int nft_table_parse(struct nft_table *t, enum nft_parse_type type, - const char *data) + const char *data, struct nft_parse_err *err) { int ret; + struct nft_parse_err perr; switch (type) { case NFT_PARSE_XML: - ret = nft_table_xml_parse(t, data); + ret = nft_table_xml_parse(t, data, &perr); break; case NFT_PARSE_JSON: - ret = nft_table_json_parse(t, data); + ret = nft_table_json_parse(t, data, &perr); break; default: ret = -1; @@ -334,6 +339,9 @@ int nft_table_parse(struct nft_table *t, enum nft_parse_type type, break; } + if (err != NULL) + *err = perr; + return ret; } EXPORT_SYMBOL(nft_table_parse); diff --git a/tests/nft-parsing-test.c b/tests/nft-parsing-test.c index 6a5ab4d..558c849 100644 --- a/tests/nft-parsing-test.c +++ b/tests/nft-parsing-test.c @@ -167,7 +167,7 @@ static int compare_test(uint32_t type, void *input, const char *filename) } #endif -static int test_json(const char *filename) +static int test_json(const char *filename, struct nft_parse_err *err) { #ifdef JSON_PARSING int ret = -1; @@ -181,17 +181,15 @@ static int test_json(const char *filename) char *json; root = json_load_file(filename, 0, &error); - if (!root) { - printf("Error on the line %d : %s", error.line, error.text); + if (!root) return -1; - } json = json_dumps(root, JSON_INDENT(0)); if (json_object_get(root, "table") != NULL) { t = nft_table_alloc(); if (t != NULL) { - if (nft_table_parse(t, NFT_PARSE_JSON, json) == 0) + if (nft_table_parse(t, NFT_PARSE_JSON, json, err) == 0) ret = compare_test(TEST_JSON_TABLE, t, filename); else goto failparsing; @@ -201,7 +199,7 @@ static int test_json(const char *filename) } else if (json_object_get(root, "chain") != NULL) { c = nft_chain_alloc(); if (c != NULL) { - if (nft_chain_parse(c, NFT_PARSE_JSON, json) == 0) + if (nft_chain_parse(c, NFT_PARSE_JSON, json, err) == 0) ret = compare_test(TEST_JSON_CHAIN, c, filename); else goto failparsing; @@ -211,7 +209,7 @@ static int test_json(const char *filename) } else if (json_object_get(root, "rule") != NULL) { r = nft_rule_alloc(); if (r != NULL) { - if (nft_rule_parse(r, NFT_PARSE_JSON, json) == 0) + if (nft_rule_parse(r, NFT_PARSE_JSON, json, err) == 0) ret = compare_test(TEST_JSON_RULE, r, filename); else goto failparsing; @@ -221,7 +219,7 @@ static int test_json(const char *filename) } else if (json_object_get(root, "set") != NULL) { s = nft_set_alloc(); if (s != NULL) { - if (nft_set_parse(s, NFT_PARSE_JSON, json) == 0) + if (nft_set_parse(s, NFT_PARSE_JSON, json, err) == 0) ret = compare_test(TEST_JSON_SET, s, filename); else goto failparsing; @@ -231,7 +229,7 @@ static int test_json(const char *filename) } else if (json_object_get(root, "nftables") != NULL) { rs = nft_ruleset_alloc(); if (rs != NULL) { - if (nft_ruleset_parse(rs, NFT_PARSE_JSON, json) == 0) + if (nft_ruleset_parse(rs, NFT_PARSE_JSON, json, err) == 0) ret = compare_test(TEST_JSON_RULESET, rs, filename); else goto failparsing; @@ -256,7 +254,7 @@ failparsing: #endif } -static int test_xml(const char *filename) +static int test_xml(const char *filename, struct nft_parse_err *err) { #ifdef XML_PARSING int ret = -1; @@ -290,7 +288,7 @@ static int test_xml(const char *filename) if (strcmp(tree->value.opaque, "table") == 0) { t = nft_table_alloc(); if (t != NULL) { - if (nft_table_parse(t, NFT_PARSE_XML, xml) == 0) + if (nft_table_parse(t, NFT_PARSE_XML, xml, err) == 0) ret = compare_test(TEST_XML_TABLE, t, filename); else goto failparsing; @@ -300,7 +298,7 @@ static int test_xml(const char *filename) } else if (strcmp(tree->value.opaque, "chain") == 0) { c = nft_chain_alloc(); if (c != NULL) { - if (nft_chain_parse(c, NFT_PARSE_XML, xml) == 0) + if (nft_chain_parse(c, NFT_PARSE_XML, xml, err) == 0) ret = compare_test(TEST_XML_CHAIN, c, filename); else goto failparsing; @@ -310,7 +308,7 @@ static int test_xml(const char *filename) } else if (strcmp(tree->value.opaque, "rule") == 0) { r = nft_rule_alloc(); if (r != NULL) { - if (nft_rule_parse(r, NFT_PARSE_XML, xml) == 0) + if (nft_rule_parse(r, NFT_PARSE_XML, xml, err) == 0) ret = compare_test(TEST_XML_RULE, r, filename); else goto failparsing; @@ -320,7 +318,7 @@ static int test_xml(const char *filename) } else if (strcmp(tree->value.opaque, "set") == 0) { s = nft_set_alloc(); if (s != NULL) { - if (nft_set_parse(s, NFT_PARSE_XML, xml) == 0) + if (nft_set_parse(s, NFT_PARSE_XML, xml, err) == 0) ret = compare_test(TEST_XML_SET, s, filename); else goto failparsing; @@ -331,7 +329,7 @@ static int test_xml(const char *filename) rs = nft_ruleset_alloc(); if (rs != NULL) { if (nft_ruleset_parse(rs, NFT_PARSE_XML, - xml) == 0) + xml, err) == 0) ret = compare_test(TEST_XML_RULESET, rs, filename); else @@ -361,6 +359,7 @@ int main(int argc, char *argv[]) struct dirent *dent; char path[PATH_MAX]; int ret = 0, exit_code = 0; + struct nft_parse_err *err; if (argc != 2) { fprintf(stderr, "Usage: %s \n", argv[0]); @@ -373,6 +372,12 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } + err = nft_parse_err_alloc(); + if (err == NULL) { + perror("error"); + exit(EXIT_FAILURE); + } + while ((dent = readdir(d)) != NULL) { int len = strlen(dent->d_name); @@ -383,14 +388,14 @@ int main(int argc, char *argv[]) snprintf(path, sizeof(path), "%s/%s", argv[1], dent->d_name); if (strcmp(&dent->d_name[len-4], ".xml") == 0) { - if ((ret = test_xml(path)) == 0) { + if ((ret = test_xml(path, err)) == 0) { printf("parsing and validating %s: ", path); printf("\033[32mOK\e[0m\n"); } exit_code += ret; } if (strcmp(&dent->d_name[len-5], ".json") == 0) { - if ((ret = test_json(path)) == 0) { + if ((ret = test_json(path, err)) == 0) { printf("parsing and validating %s: ", path); printf("\033[32mOK\e[0m\n"); } @@ -399,6 +404,7 @@ int main(int argc, char *argv[]) } closedir(d); + nft_parse_err_free(err); if (exit_code != 0) exit(EXIT_FAILURE); -- cgit v1.2.3 From 7cf3f99d7a4673644dd56984dc418daae48c6dd9 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Tue, 7 Jan 2014 12:47:16 +0100 Subject: mxml: add error reference of the top node We know the top node we are building. Let the user also know it. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/mxml.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/mxml.c b/src/mxml.c index bd09bb3..bc0f084 100644 --- a/src/mxml.c +++ b/src/mxml.c @@ -30,16 +30,19 @@ mxml_node_t *nft_mxml_build_tree(const char *xml, const char *treename, tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK); if (tree == NULL) { err->error = NFT_PARSE_EBADINPUT; - err->line = 0; - err->column = 0; goto err; } if (strcmp(tree->value.opaque, treename) == 0) return tree; + err->error = NFT_PARSE_EMISSINGNODE; + err->node_name = treename; + mxmlDelete(tree); err: + err->line = 0; + err->column = 0; errno = EINVAL; return NULL; } -- cgit v1.2.3 From 2c21b41889abf93ff816b82b59e6bf2d4a084a61 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Tue, 7 Jan 2014 12:47:21 +0100 Subject: set_elem: add json parsing to API Add missing support in the API function to parse a JSON set_elem. I've renamed the main JSON parsing function to prevent clashing. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/internal.h | 4 ++-- src/jansson.c | 4 ++-- src/set.c | 3 ++- src/set_elem.c | 21 +++++++++++++++++++++ 4 files changed, 27 insertions(+), 5 deletions(-) diff --git a/src/internal.h b/src/internal.h index 9ef505f..5fef6d6 100644 --- a/src/internal.h +++ b/src/internal.h @@ -105,8 +105,8 @@ int nft_jansson_data_reg_parse(json_t *root, const char *node_name, union nft_data_reg *data_reg, struct nft_parse_err *err); struct nft_set_elem; -int nft_set_elem_json_parse(struct nft_set_elem *e, json_t *root, - struct nft_parse_err *err); +int nft_jansson_set_elem_parse(struct nft_set_elem *e, json_t *root, + struct nft_parse_err *err); struct nft_table; int nft_jansson_parse_table(struct nft_table *t, json_t *tree, struct nft_parse_err *err); diff --git a/src/jansson.c b/src/jansson.c index 54a56b9..e62116b 100644 --- a/src/jansson.c +++ b/src/jansson.c @@ -244,8 +244,8 @@ int nft_jansson_data_reg_parse(json_t *root, const char *node_name, } } -int nft_set_elem_json_parse(struct nft_set_elem *e, json_t *root, - struct nft_parse_err *err) +int nft_jansson_set_elem_parse(struct nft_set_elem *e, json_t *root, + struct nft_parse_err *err) { uint32_t uval32; int set_elem_data; diff --git a/src/set.c b/src/set.c index 32c7fff..9317b9c 100644 --- a/src/set.c +++ b/src/set.c @@ -357,7 +357,8 @@ int nft_jansson_parse_set(struct nft_set *s, json_t *tree, if (json_elem == NULL) goto err; - if (nft_set_elem_json_parse(elem, json_elem, err) < 0) + if (nft_jansson_set_elem_parse(elem, + json_elem, err) < 0) goto err; list_add_tail(&elem->head, &s->element_list); diff --git a/src/set_elem.c b/src/set_elem.c index 7365aff..14bf6f4 100644 --- a/src/set_elem.c +++ b/src/set_elem.c @@ -414,6 +414,24 @@ static int nft_set_elem_xml_parse(struct nft_set_elem *e, const char *xml, #endif } +static int nft_set_elem_json_parse(struct nft_set_elem *e, const void *json, + struct nft_parse_err *err) +{ +#ifdef JSON_PARSING + json_t *tree; + json_error_t error; + + tree = nft_jansson_create_root(json, &error, err); + if (tree == NULL) + return -1; + + return nft_jansson_set_elem_parse(e, tree, err); +#else + errno = EOPNOTSUPP; + return -1; +#endif +} + int nft_set_elem_parse(struct nft_set_elem *e, enum nft_parse_type type, const char *data, struct nft_parse_err *err) { @@ -423,6 +441,9 @@ int nft_set_elem_parse(struct nft_set_elem *e, case NFT_PARSE_XML: ret = nft_set_elem_xml_parse(e, data, err); break; + case NFT_PARSE_JSON: + ret = nft_set_elem_json_parse(e, data, err); + break; default: errno = EOPNOTSUPP; ret = -1; -- cgit v1.2.3 From fc423ae81487e906141f700c7b3515328ff62b7c Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Thu, 9 Jan 2014 12:19:06 +0100 Subject: src: rework and generalize the build/parse system The intention behind this patch is to prepare the introduction of the new API that will allow us to parse files that contain the rule-sets expressed in XML/JSON format. This adds the NFT_PARSE_BUFFER that indicates that the input is provided in a buffer, which is what we currently support. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/chain.c | 29 +++++++++++++++++++---------- src/internal.h | 12 ++++++++---- src/jansson.c | 19 ++++++++++++++----- src/mxml.c | 13 ++++++++++--- src/rule.c | 28 ++++++++++++++++++---------- src/ruleset.c | 28 ++++++++++++++++++---------- src/set.c | 26 ++++++++++++++++---------- src/set_elem.c | 29 +++++++++++++++++++---------- src/table.c | 29 +++++++++++++++++++---------- 9 files changed, 141 insertions(+), 72 deletions(-) diff --git a/src/chain.c b/src/chain.c index a4ddb06..8f40ede 100644 --- a/src/chain.c +++ b/src/chain.c @@ -591,14 +591,15 @@ err: } #endif -static int nft_chain_json_parse(struct nft_chain *c, const char *json, - struct nft_parse_err *err) +static int nft_chain_json_parse(struct nft_chain *c, const void *json, + struct nft_parse_err *err, + enum nft_parse_input input) { #ifdef JSON_PARSING json_t *tree; json_error_t error; - tree = nft_jansson_create_root(json, &error, err); + tree = nft_jansson_create_root(json, &error, err, input); if (tree == NULL) return -1; @@ -708,12 +709,13 @@ int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c, } #endif -static int nft_chain_xml_parse(struct nft_chain *c, const char *xml, - struct nft_parse_err *err) +static int nft_chain_xml_parse(struct nft_chain *c, const void *xml, + struct nft_parse_err *err, + enum nft_parse_input input) { #ifdef XML_PARSING int ret; - mxml_node_t *tree = nft_mxml_build_tree(xml, "chain", err); + mxml_node_t *tree = nft_mxml_build_tree(xml, "chain", err, input); if (tree == NULL) return -1; @@ -726,18 +728,19 @@ static int nft_chain_xml_parse(struct nft_chain *c, const char *xml, #endif } -int nft_chain_parse(struct nft_chain *c, enum nft_parse_type type, - const char *data, struct nft_parse_err *err) +static int nft_chain_do_parse(struct nft_chain *c, enum nft_parse_type type, + const void *data, struct nft_parse_err *err, + enum nft_parse_input input) { int ret; struct nft_parse_err perr; switch (type) { case NFT_PARSE_XML: - ret = nft_chain_xml_parse(c, data, &perr); + ret = nft_chain_xml_parse(c, data, &perr, input); break; case NFT_PARSE_JSON: - ret = nft_chain_json_parse(c, data, &perr); + ret = nft_chain_json_parse(c, data, &perr, input); break; default: ret = -1; @@ -750,6 +753,12 @@ int nft_chain_parse(struct nft_chain *c, enum nft_parse_type type, return ret; } + +int nft_chain_parse(struct nft_chain *c, enum nft_parse_type type, + const char *data, struct nft_parse_err *err) +{ + return nft_chain_do_parse(c, type, data, err, NFT_PARSE_BUFFER); +} EXPORT_SYMBOL(nft_chain_parse); static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c) diff --git a/src/internal.h b/src/internal.h index 5fef6d6..fa092cf 100644 --- a/src/internal.h +++ b/src/internal.h @@ -38,12 +38,16 @@ struct nft_parse_err { const char *node_name; }; +enum nft_parse_input { + NFT_PARSE_BUFFER, +}; + #ifdef XML_PARSING #include #define NFT_XML_MAND 0 #define NFT_XML_OPT (1 << 0) -mxml_node_t *nft_mxml_build_tree(const char *xml, const char *treename, - struct nft_parse_err *err); +mxml_node_t *nft_mxml_build_tree(const void *data, const char *treename, + struct nft_parse_err *err, enum nft_parse_input input); struct nft_rule_expr *nft_mxml_expr_parse(mxml_node_t *node, struct nft_parse_err *err); int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags, @@ -88,8 +92,8 @@ int nft_jansson_parse_val(json_t *root, const char *node_name, int type, const char *nft_jansson_parse_str(json_t *root, const char *node_name, struct nft_parse_err *err); bool nft_jansson_node_exist(json_t *root, const char *node_name); -json_t *nft_jansson_create_root(const char *json, json_error_t *error, - struct nft_parse_err *err); +json_t *nft_jansson_create_root(const void *json, json_error_t *error, + struct nft_parse_err *err, enum nft_parse_input input); json_t *nft_jansson_get_node(json_t *root, const char *node_name, struct nft_parse_err *err); void nft_jansson_free_root(json_t *root); diff --git a/src/jansson.c b/src/jansson.c index e62116b..3428f2f 100644 --- a/src/jansson.c +++ b/src/jansson.c @@ -89,22 +89,31 @@ bool nft_jansson_node_exist(json_t *root, const char *node_name) return json_object_get(root, node_name) != NULL; } -json_t *nft_jansson_create_root(const char *json, json_error_t *error, - struct nft_parse_err *err) +json_t *nft_jansson_create_root(const void *json, json_error_t *error, + struct nft_parse_err *err, enum nft_parse_input input) { json_t *root; - root = json_loadb(json, strlen(json), 0, error); + switch (input) { + case NFT_PARSE_BUFFER: + root = json_loadb(json, strlen(json), 0, error); + break; + default: + goto err; + } + if (root == NULL) { err->error = NFT_PARSE_EBADINPUT; err->line = error->line; err->column = error->column; err->node_name = error->source; - errno = EINVAL; - return NULL; + goto err; } return root; +err: + errno = EINVAL; + return NULL; } json_t *nft_jansson_get_node(json_t *root, const char *node_name, diff --git a/src/mxml.c b/src/mxml.c index bc0f084..575383c 100644 --- a/src/mxml.c +++ b/src/mxml.c @@ -22,12 +22,19 @@ #include #ifdef XML_PARSING -mxml_node_t *nft_mxml_build_tree(const char *xml, const char *treename, - struct nft_parse_err *err) +mxml_node_t *nft_mxml_build_tree(const void *data, const char *treename, + struct nft_parse_err *err, enum nft_parse_input input) { mxml_node_t *tree; - tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK); + switch (input) { + case NFT_PARSE_BUFFER: + tree = mxmlLoadString(NULL, data, MXML_OPAQUE_CALLBACK); + break; + default: + goto err; + } + if (tree == NULL) { err->error = NFT_PARSE_EBADINPUT; goto err; diff --git a/src/rule.c b/src/rule.c index 2e35aba..081686c 100644 --- a/src/rule.c +++ b/src/rule.c @@ -526,14 +526,15 @@ err: } #endif -static int nft_rule_json_parse(struct nft_rule *r, const char *json, - struct nft_parse_err *err) +static int nft_rule_json_parse(struct nft_rule *r, const void *json, + struct nft_parse_err *err, + enum nft_parse_input input) { #ifdef JSON_PARSING json_t *tree; json_error_t error; - tree = nft_jansson_create_root(json, &error, err); + tree = nft_jansson_create_root(json, &error, err, input); if (tree == NULL) return -1; @@ -627,12 +628,13 @@ int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r, } #endif -static int nft_rule_xml_parse(struct nft_rule *r, const char *xml, - struct nft_parse_err *err) +static int nft_rule_xml_parse(struct nft_rule *r, const void *xml, + struct nft_parse_err *err, + enum nft_parse_input input) { #ifdef XML_PARSING int ret; - mxml_node_t *tree = nft_mxml_build_tree(xml, "rule", err); + mxml_node_t *tree = nft_mxml_build_tree(xml, "rule", err, input); if (tree == NULL) return -1; @@ -645,18 +647,19 @@ static int nft_rule_xml_parse(struct nft_rule *r, const char *xml, #endif } -int nft_rule_parse(struct nft_rule *r, enum nft_parse_type type, - const char *data, struct nft_parse_err *err) +static int nft_rule_do_parse(struct nft_rule *r, enum nft_parse_type type, + const void *data, struct nft_parse_err *err, + enum nft_parse_input input) { int ret; struct nft_parse_err perr; switch (type) { case NFT_PARSE_XML: - ret = nft_rule_xml_parse(r, data, &perr); + ret = nft_rule_xml_parse(r, data, &perr, input); break; case NFT_PARSE_JSON: - ret = nft_rule_json_parse(r, data, &perr); + ret = nft_rule_json_parse(r, data, &perr, input); break; default: ret = -1; @@ -668,6 +671,11 @@ int nft_rule_parse(struct nft_rule *r, enum nft_parse_type type, return ret; } +int nft_rule_parse(struct nft_rule *r, enum nft_parse_type type, + const char *data, struct nft_parse_err *err) +{ + return nft_rule_do_parse(r, type, data, err, NFT_PARSE_BUFFER); +} EXPORT_SYMBOL(nft_rule_parse); static int nft_rule_snprintf_json(char *buf, size_t size, struct nft_rule *r, diff --git a/src/ruleset.c b/src/ruleset.c index a12efa9..c6bcc4b 100644 --- a/src/ruleset.c +++ b/src/ruleset.c @@ -330,14 +330,14 @@ err: #endif -static int nft_ruleset_json_parse(struct nft_ruleset *rs, const char *json, - struct nft_parse_err *err) +static int nft_ruleset_json_parse(struct nft_ruleset *rs, const void *json, + struct nft_parse_err *err, enum nft_parse_input input) { #ifdef JSON_PARSING json_t *root, *array; json_error_t error; - root = nft_jansson_create_root(json, &error, err); + root = nft_jansson_create_root(json, &error, err, input); if (root == NULL) return -1; @@ -534,13 +534,13 @@ err_free: } #endif -static int nft_ruleset_xml_parse(struct nft_ruleset *rs, const char *xml, - struct nft_parse_err *err) +static int nft_ruleset_xml_parse(struct nft_ruleset *rs, const void *xml, + struct nft_parse_err *err, enum nft_parse_input input) { #ifdef XML_PARSING mxml_node_t *tree; - tree = nft_mxml_build_tree(xml, "nftables", err); + tree = nft_mxml_build_tree(xml, "nftables", err, input); if (tree == NULL) return -1; @@ -567,17 +567,19 @@ err: #endif } -int nft_ruleset_parse(struct nft_ruleset *r, enum nft_parse_type type, - const char *data, struct nft_parse_err *err) +static int +nft_ruleset_do_parse(struct nft_ruleset *r, enum nft_parse_type type, + const void *data, struct nft_parse_err *err, + enum nft_parse_input input) { int ret; switch (type) { case NFT_PARSE_XML: - ret = nft_ruleset_xml_parse(r, data, err); + ret = nft_ruleset_xml_parse(r, data, err, input); break; case NFT_PARSE_JSON: - ret = nft_ruleset_json_parse(r, data, err); + ret = nft_ruleset_json_parse(r, data, err, input); break; default: ret = -1; @@ -587,6 +589,12 @@ int nft_ruleset_parse(struct nft_ruleset *r, enum nft_parse_type type, return ret; } + +int nft_ruleset_parse(struct nft_ruleset *r, enum nft_parse_type type, + const char *data, struct nft_parse_err *err) +{ + return nft_ruleset_do_parse(r, type, data, err, NFT_PARSE_BUFFER); +} EXPORT_SYMBOL(nft_ruleset_parse); static const char *nft_ruleset_o_opentag(uint32_t type) diff --git a/src/set.c b/src/set.c index 9317b9c..1c9caf8 100644 --- a/src/set.c +++ b/src/set.c @@ -375,14 +375,14 @@ err: } #endif -static int nft_set_json_parse(struct nft_set *s, const char *json, - struct nft_parse_err *err) +static int nft_set_json_parse(struct nft_set *s, const void *json, + struct nft_parse_err *err, enum nft_parse_input input) { #ifdef JSON_PARSING json_t *tree; json_error_t error; - tree = nft_jansson_create_root(json, &error, err); + tree = nft_jansson_create_root(json, &error, err, input); if (tree == NULL) return -1; @@ -483,12 +483,12 @@ int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s, } #endif -static int nft_set_xml_parse(struct nft_set *s, const char *xml, - struct nft_parse_err *err) +static int nft_set_xml_parse(struct nft_set *s, const void *xml, + struct nft_parse_err *err, enum nft_parse_input input) { #ifdef XML_PARSING int ret; - mxml_node_t *tree = nft_mxml_build_tree(xml, "set", err); + mxml_node_t *tree = nft_mxml_build_tree(xml, "set", err, input); if (tree == NULL) return -1; @@ -501,18 +501,19 @@ static int nft_set_xml_parse(struct nft_set *s, const char *xml, #endif } -int nft_set_parse(struct nft_set *s, enum nft_parse_type type, - const char *data, struct nft_parse_err *err) +static int nft_set_do_parse(struct nft_set *s, enum nft_parse_type type, + const void *data, struct nft_parse_err *err, + enum nft_parse_input input) { int ret; struct nft_parse_err perr; switch (type) { case NFT_PARSE_XML: - ret = nft_set_xml_parse(s, data, &perr); + ret = nft_set_xml_parse(s, data, &perr, input); break; case NFT_PARSE_JSON: - ret = nft_set_json_parse(s, data, &perr); + ret = nft_set_json_parse(s, data, &perr, input); break; default: ret = -1; @@ -525,6 +526,11 @@ int nft_set_parse(struct nft_set *s, enum nft_parse_type type, return ret; } +int nft_set_parse(struct nft_set *s, enum nft_parse_type type, + const char *data, struct nft_parse_err *err) +{ + return nft_set_do_parse(s, type, data, err, NFT_PARSE_BUFFER); +} EXPORT_SYMBOL(nft_set_parse); static int nft_set_snprintf_json(char *buf, size_t size, struct nft_set *s, diff --git a/src/set_elem.c b/src/set_elem.c index 14bf6f4..93e8291 100644 --- a/src/set_elem.c +++ b/src/set_elem.c @@ -394,14 +394,15 @@ int nft_mxml_set_elem_parse(mxml_node_t *tree, struct nft_set_elem *e, } #endif -static int nft_set_elem_xml_parse(struct nft_set_elem *e, const char *xml, - struct nft_parse_err *err) +static int nft_set_elem_xml_parse(struct nft_set_elem *e, const void *xml, + struct nft_parse_err *err, + enum nft_parse_input input) { #ifdef XML_PARSING mxml_node_t *tree; int ret; - tree = nft_mxml_build_tree(xml, "set_elem", err); + tree = nft_mxml_build_tree(xml, "set_elem", err, input); if (tree == NULL) return -1; @@ -415,13 +416,14 @@ static int nft_set_elem_xml_parse(struct nft_set_elem *e, const char *xml, } static int nft_set_elem_json_parse(struct nft_set_elem *e, const void *json, - struct nft_parse_err *err) + struct nft_parse_err *err, + enum nft_parse_input input) { #ifdef JSON_PARSING json_t *tree; json_error_t error; - tree = nft_jansson_create_root(json, &error, err); + tree = nft_jansson_create_root(json, &error, err, input); if (tree == NULL) return -1; @@ -432,17 +434,19 @@ static int nft_set_elem_json_parse(struct nft_set_elem *e, const void *json, #endif } -int nft_set_elem_parse(struct nft_set_elem *e, - enum nft_parse_type type, const char *data, - struct nft_parse_err *err) { +static int +nft_set_elem_do_parse(struct nft_set_elem *e, enum nft_parse_type type, + const void *data, struct nft_parse_err *err, + enum nft_parse_input input) +{ int ret; switch (type) { case NFT_PARSE_XML: - ret = nft_set_elem_xml_parse(e, data, err); + ret = nft_set_elem_xml_parse(e, data, err, input); break; case NFT_PARSE_JSON: - ret = nft_set_elem_json_parse(e, data, err); + ret = nft_set_elem_json_parse(e, data, err, input); break; default: errno = EOPNOTSUPP; @@ -452,6 +456,11 @@ int nft_set_elem_parse(struct nft_set_elem *e, return ret; } +int nft_set_elem_parse(struct nft_set_elem *e, enum nft_parse_type type, + const char *data, struct nft_parse_err *err) +{ + return nft_set_elem_do_parse(e, type, data, err, NFT_PARSE_BUFFER); +} EXPORT_SYMBOL(nft_set_elem_parse); static int nft_set_elem_snprintf_json(char *buf, size_t size, diff --git a/src/table.c b/src/table.c index 9b5f5c9..4f2d5d2 100644 --- a/src/table.c +++ b/src/table.c @@ -247,12 +247,13 @@ int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t, } #endif -static int nft_table_xml_parse(struct nft_table *t, const char *xml, - struct nft_parse_err *err) +static int nft_table_xml_parse(struct nft_table *t, const void *data, + struct nft_parse_err *err, + enum nft_parse_input input) { #ifdef XML_PARSING int ret; - mxml_node_t *tree = nft_mxml_build_tree(xml, "table", err); + mxml_node_t *tree = nft_mxml_build_tree(data, "table", err, input); if (tree == NULL) return -1; @@ -302,14 +303,15 @@ err: } #endif -static int nft_table_json_parse(struct nft_table *t, const char *json, - struct nft_parse_err *err) +static int nft_table_json_parse(struct nft_table *t, const void *json, + struct nft_parse_err *err, + enum nft_parse_input input) { #ifdef JSON_PARSING json_t *tree; json_error_t error; - tree = nft_jansson_create_root(json, &error, err); + tree = nft_jansson_create_root(json, &error, err, input); if (tree == NULL) return -1; @@ -320,18 +322,19 @@ static int nft_table_json_parse(struct nft_table *t, const char *json, #endif } -int nft_table_parse(struct nft_table *t, enum nft_parse_type type, - const char *data, struct nft_parse_err *err) +static int nft_table_do_parse(struct nft_table *t, enum nft_parse_type type, + const void *data, struct nft_parse_err *err, + enum nft_parse_input input) { int ret; struct nft_parse_err perr; switch (type) { case NFT_PARSE_XML: - ret = nft_table_xml_parse(t, data, &perr); + ret = nft_table_xml_parse(t, data, &perr, input); break; case NFT_PARSE_JSON: - ret = nft_table_json_parse(t, data, &perr); + ret = nft_table_json_parse(t, data, &perr, input); break; default: ret = -1; @@ -344,6 +347,12 @@ int nft_table_parse(struct nft_table *t, enum nft_parse_type type, return ret; } + +int nft_table_parse(struct nft_table *t, enum nft_parse_type type, + const char *data, struct nft_parse_err *err) +{ + return nft_table_do_parse(t, type, data, err, NFT_PARSE_BUFFER); +} EXPORT_SYMBOL(nft_table_parse); static int nft_table_snprintf_json(char *buf, size_t size, struct nft_table *t) -- cgit v1.2.3 From d34f0c0508f08a84f4351f2a9369e85ccccfe5a0 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Thu, 9 Jan 2014 12:19:12 +0100 Subject: src: add interface to parse from file This patch adds a new API to parse rule-set expressed in XML/JSON from a file. A new enum nft_parse_input type is added for this purpose. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- include/libnftables/chain.h | 2 ++ include/libnftables/rule.h | 2 ++ include/libnftables/ruleset.h | 2 ++ include/libnftables/set.h | 4 ++++ include/libnftables/table.h | 2 ++ src/chain.c | 7 +++++++ src/internal.h | 1 + src/jansson.c | 3 +++ src/libnftables.map | 6 ++++++ src/mxml.c | 3 +++ src/rule.c | 7 +++++++ src/ruleset.c | 7 +++++++ src/set.c | 13 +++++++++++-- src/set_elem.c | 7 +++++++ src/table.c | 7 +++++++ 15 files changed, 71 insertions(+), 2 deletions(-) diff --git a/include/libnftables/chain.h b/include/libnftables/chain.h index dec1a77..d213bf1 100644 --- a/include/libnftables/chain.h +++ b/include/libnftables/chain.h @@ -53,6 +53,8 @@ void nft_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_chain int nft_chain_parse(struct nft_chain *c, enum nft_parse_type type, const char *data, struct nft_parse_err *err); +int nft_chain_parse_file(struct nft_chain *c, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err); int nft_chain_snprintf(char *buf, size_t size, struct nft_chain *t, uint32_t type, uint32_t flags); int nft_chain_fprintf(FILE *fp, struct nft_chain *c, uint32_t type, uint32_t flags); diff --git a/include/libnftables/rule.h b/include/libnftables/rule.h index 1510203..48b9974 100644 --- a/include/libnftables/rule.h +++ b/include/libnftables/rule.h @@ -49,6 +49,8 @@ void nft_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_rule *t); int nft_rule_parse(struct nft_rule *r, enum nft_parse_type type, const char *data, struct nft_parse_err *err); +int nft_rule_parse_file(struct nft_rule *r, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err); int nft_rule_snprintf(char *buf, size_t size, struct nft_rule *t, uint32_t type, uint32_t flags); int nft_rule_fprintf(FILE *fp, struct nft_rule *r, uint32_t type, uint32_t flags); diff --git a/include/libnftables/ruleset.h b/include/libnftables/ruleset.h index b523346..f916fba 100644 --- a/include/libnftables/ruleset.h +++ b/include/libnftables/ruleset.h @@ -32,6 +32,8 @@ const void *nft_ruleset_attr_get(const struct nft_ruleset *r, uint16_t attr); int nft_ruleset_parse(struct nft_ruleset *rs, enum nft_parse_type type, const char *data, struct nft_parse_err *err); +int nft_ruleset_parse_file(struct nft_ruleset *rs, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err); int nft_ruleset_snprintf(char *buf, size_t size, const struct nft_ruleset *rs, uint32_t type, uint32_t flags); int nft_ruleset_fprintf(FILE *fp, const struct nft_ruleset *rs, uint32_t type, uint32_t flags); diff --git a/include/libnftables/set.h b/include/libnftables/set.h index 9711729..c4b1ff6 100644 --- a/include/libnftables/set.h +++ b/include/libnftables/set.h @@ -62,6 +62,8 @@ void nft_set_list_iter_destroy(struct nft_set_list_iter *iter); int nft_set_parse(struct nft_set *s, enum nft_parse_type type, const char *data, struct nft_parse_err *err); +int nft_set_parse_file(struct nft_set *s, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err); /* * Set elements @@ -101,6 +103,8 @@ int nft_set_elem_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set_elem *s) int nft_set_elem_parse(struct nft_set_elem *e, enum nft_parse_type type, const char *data, struct nft_parse_err *err); +int nft_set_elem_parse_file(struct nft_set_elem *e, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err); int nft_set_elem_snprintf(char *buf, size_t size, struct nft_set_elem *s, uint32_t type, uint32_t flags); int nft_set_elem_fprintf(FILE *fp, struct nft_set_elem *se, uint32_t type, uint32_t flags); diff --git a/include/libnftables/table.h b/include/libnftables/table.h index 80f2349..64fbf88 100644 --- a/include/libnftables/table.h +++ b/include/libnftables/table.h @@ -41,6 +41,8 @@ void nft_table_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_table int nft_table_parse(struct nft_table *t, enum nft_parse_type type, const char *data, struct nft_parse_err *err); +int nft_table_parse_file(struct nft_table *t, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err); int nft_table_snprintf(char *buf, size_t size, struct nft_table *t, uint32_t type, uint32_t flags); int nft_table_fprintf(FILE *fp, struct nft_table *t, uint32_t type, uint32_t flags); diff --git a/src/chain.c b/src/chain.c index 8f40ede..18a52da 100644 --- a/src/chain.c +++ b/src/chain.c @@ -761,6 +761,13 @@ int nft_chain_parse(struct nft_chain *c, enum nft_parse_type type, } EXPORT_SYMBOL(nft_chain_parse); +int nft_chain_parse_file(struct nft_chain *c, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err) +{ + return nft_chain_do_parse(c, type, fp, err, NFT_PARSE_FILE); +} +EXPORT_SYMBOL(nft_chain_parse_file); + static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c) { int ret, len = size, offset = 0; diff --git a/src/internal.h b/src/internal.h index fa092cf..d3c58a2 100644 --- a/src/internal.h +++ b/src/internal.h @@ -40,6 +40,7 @@ struct nft_parse_err { enum nft_parse_input { NFT_PARSE_BUFFER, + NFT_PARSE_FILE, }; #ifdef XML_PARSING diff --git a/src/jansson.c b/src/jansson.c index 3428f2f..f446e17 100644 --- a/src/jansson.c +++ b/src/jansson.c @@ -98,6 +98,9 @@ json_t *nft_jansson_create_root(const void *json, json_error_t *error, case NFT_PARSE_BUFFER: root = json_loadb(json, strlen(json), 0, error); break; + case NFT_PARSE_FILE: + root = json_loadf((FILE *)json, 0, error); + break; default: goto err; } diff --git a/src/libnftables.map b/src/libnftables.map index be5c783..faf0913 100644 --- a/src/libnftables.map +++ b/src/libnftables.map @@ -13,6 +13,7 @@ global: nft_table_attr_get_u32; nft_table_attr_get_str; nft_table_parse; + nft_table_parse_file; nft_table_snprintf; nft_table_fprintf; nft_table_nlmsg_build_payload; @@ -45,6 +46,7 @@ global: nft_chain_attr_get_u64; nft_chain_attr_get_str; nft_chain_parse; + nft_chain_parse_file; nft_chain_snprintf; nft_chain_fprintf; nft_chain_nlmsg_build_payload; @@ -74,6 +76,7 @@ global: nft_rule_attr_get_u64; nft_rule_attr_get_str; nft_rule_parse; + nft_rule_parse_file; nft_rule_snprintf; nft_rule_fprintf; nft_rule_nlmsg_build_payload; @@ -128,6 +131,7 @@ global: nft_set_nlmsg_build_payload; nft_set_nlmsg_parse; nft_set_parse; + nft_set_parse_file; nft_set_snprintf; nft_set_fprintf; @@ -159,6 +163,7 @@ global: nft_set_elem_nlmsg_build_payload; nft_set_elem_nlmsg_parse; nft_set_elem_parse; + nft_set_elem_parse_file; nft_set_elem_snprintf; nft_set_elem_fprinf; @@ -179,6 +184,7 @@ global: nft_ruleset_attr_set; nft_ruleset_attr_get; nft_ruleset_parse; + nft_ruleset_parse_file; nft_ruleset_snprintf; nft_ruleset_fprintf; diff --git a/src/mxml.c b/src/mxml.c index 575383c..ddbd01b 100644 --- a/src/mxml.c +++ b/src/mxml.c @@ -31,6 +31,9 @@ mxml_node_t *nft_mxml_build_tree(const void *data, const char *treename, case NFT_PARSE_BUFFER: tree = mxmlLoadString(NULL, data, MXML_OPAQUE_CALLBACK); break; + case NFT_PARSE_FILE: + tree = mxmlLoadFile(NULL, (FILE *)data, MXML_OPAQUE_CALLBACK); + break; default: goto err; } diff --git a/src/rule.c b/src/rule.c index 081686c..9b4b01f 100644 --- a/src/rule.c +++ b/src/rule.c @@ -678,6 +678,13 @@ int nft_rule_parse(struct nft_rule *r, enum nft_parse_type type, } EXPORT_SYMBOL(nft_rule_parse); +int nft_rule_parse_file(struct nft_rule *r, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err) +{ + return nft_rule_do_parse(r, type, fp, err, NFT_PARSE_FILE); +} +EXPORT_SYMBOL(nft_rule_parse_file); + static int nft_rule_snprintf_json(char *buf, size_t size, struct nft_rule *r, uint32_t type, uint32_t flags) { diff --git a/src/ruleset.c b/src/ruleset.c index c6bcc4b..f5e1157 100644 --- a/src/ruleset.c +++ b/src/ruleset.c @@ -597,6 +597,13 @@ int nft_ruleset_parse(struct nft_ruleset *r, enum nft_parse_type type, } EXPORT_SYMBOL(nft_ruleset_parse); +int nft_ruleset_parse_file(struct nft_ruleset *rs, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err) +{ + return nft_ruleset_do_parse(rs, type, fp, err, NFT_PARSE_FILE); +} +EXPORT_SYMBOL(nft_ruleset_parse_file); + static const char *nft_ruleset_o_opentag(uint32_t type) { switch (type) { diff --git a/src/set.c b/src/set.c index 1c9caf8..822a715 100644 --- a/src/set.c +++ b/src/set.c @@ -376,7 +376,8 @@ err: #endif static int nft_set_json_parse(struct nft_set *s, const void *json, - struct nft_parse_err *err, enum nft_parse_input input) + struct nft_parse_err *err, + enum nft_parse_input input) { #ifdef JSON_PARSING json_t *tree; @@ -484,7 +485,8 @@ int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s, #endif static int nft_set_xml_parse(struct nft_set *s, const void *xml, - struct nft_parse_err *err, enum nft_parse_input input) + struct nft_parse_err *err, + enum nft_parse_input input) { #ifdef XML_PARSING int ret; @@ -533,6 +535,13 @@ int nft_set_parse(struct nft_set *s, enum nft_parse_type type, } EXPORT_SYMBOL(nft_set_parse); +int nft_set_parse_file(struct nft_set *s, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err) +{ + return nft_set_do_parse(s, type, fp, err, NFT_PARSE_FILE); +} +EXPORT_SYMBOL(nft_set_parse_file); + static int nft_set_snprintf_json(char *buf, size_t size, struct nft_set *s, uint32_t type, uint32_t flags) { diff --git a/src/set_elem.c b/src/set_elem.c index 93e8291..2bbfb0e 100644 --- a/src/set_elem.c +++ b/src/set_elem.c @@ -463,6 +463,13 @@ int nft_set_elem_parse(struct nft_set_elem *e, enum nft_parse_type type, } EXPORT_SYMBOL(nft_set_elem_parse); +int nft_set_elem_parse_file(struct nft_set_elem *e, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err) +{ + return nft_set_elem_do_parse(e, type, fp, err, NFT_PARSE_FILE); +} +EXPORT_SYMBOL(nft_set_elem_parse_file); + static int nft_set_elem_snprintf_json(char *buf, size_t size, struct nft_set_elem *e, uint32_t flags) { diff --git a/src/table.c b/src/table.c index 4f2d5d2..ad3570f 100644 --- a/src/table.c +++ b/src/table.c @@ -355,6 +355,13 @@ int nft_table_parse(struct nft_table *t, enum nft_parse_type type, } EXPORT_SYMBOL(nft_table_parse); +int nft_table_parse_file(struct nft_table *t, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err) +{ + return nft_table_do_parse(t, type, fp, err, NFT_PARSE_FILE); +} +EXPORT_SYMBOL(nft_table_parse_file); + static int nft_table_snprintf_json(char *buf, size_t size, struct nft_table *t) { return snprintf(buf, size, -- cgit v1.2.3 From eaf04163c4a0baeeddf8a449ecb9d47e111ff557 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Thu, 9 Jan 2014 12:19:17 +0100 Subject: tests: nft-parsing-test: use nft_ruleset_parse_file() All testfiles are now enclosed in the corresponding top element, ie. * XML: ... * JSON: {"nftables":[...]} Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- tests/jsonfiles/01-table.json | 2 +- tests/jsonfiles/02-table.json | 2 +- tests/jsonfiles/11-chain.json | 2 +- tests/jsonfiles/12-chain.json | 2 +- tests/jsonfiles/13-chain.json | 2 +- tests/jsonfiles/14-chain.json | 2 +- tests/jsonfiles/20-rule-bitwise.json | 2 +- tests/jsonfiles/21-rule-byteorder.json | 2 +- tests/jsonfiles/22-rule-cmp.json | 2 +- tests/jsonfiles/23-rule-counter.json | 2 +- tests/jsonfiles/24-rule-ct.json | 2 +- tests/jsonfiles/25-rule-exthdr.json | 2 +- tests/jsonfiles/26-rule-immediate.json | 2 +- tests/jsonfiles/27-rule-limit.json | 2 +- tests/jsonfiles/28-rule-log.json | 2 +- tests/jsonfiles/29-rule-match.json | 2 +- tests/jsonfiles/30-rule-lookup.json | 2 +- tests/jsonfiles/31-rule-meta.json | 2 +- tests/jsonfiles/32-rule-nat4.json | 2 +- tests/jsonfiles/33-rule-nat6.json | 2 +- tests/jsonfiles/34-rule-payload.json | 2 +- tests/jsonfiles/35-rule-target.json | 2 +- tests/jsonfiles/36-rule-real.json | 2 +- tests/jsonfiles/37-rule-real.json | 2 +- tests/jsonfiles/38-rule-real.json | 2 +- tests/jsonfiles/39-rule-real.json | 2 +- tests/jsonfiles/40-rule-real.json | 2 +- tests/jsonfiles/41-rule-real.json | 2 +- tests/jsonfiles/42-rule-real.json | 2 +- tests/jsonfiles/43-rule-real.json | 2 +- tests/jsonfiles/44-rule-real.json | 2 +- tests/jsonfiles/45-rule-real.json | 2 +- tests/jsonfiles/46-rule-real.json | 2 +- tests/jsonfiles/47-rule-real.json | 2 +- tests/jsonfiles/48-rule-real.json | 2 +- tests/jsonfiles/49-rule-real.json | 2 +- tests/jsonfiles/50-rule-real.json | 2 +- tests/jsonfiles/51-rule-real.json | 2 +- tests/jsonfiles/52-rule-real.json | 2 +- tests/jsonfiles/53-rule-real.json | 2 +- tests/jsonfiles/54-rule-real.json | 2 +- tests/jsonfiles/55-rule-real.json | 2 +- tests/jsonfiles/56-rule-real.json | 2 +- tests/jsonfiles/57-rule-real.json | 2 +- tests/jsonfiles/58-rule-real.json | 2 +- tests/jsonfiles/59-rule-real.json | 2 +- tests/jsonfiles/60-rule-real.json | 2 +- tests/jsonfiles/61-rule-real.json | 2 +- tests/jsonfiles/62-set.json | 2 +- tests/jsonfiles/63-set.json | 2 +- tests/jsonfiles/64-ruleset.json | 1 - tests/nft-parsing-test.c | 261 +++++---------------------------- tests/xmlfiles/01-table.xml | 2 +- tests/xmlfiles/02-table.xml | 2 +- tests/xmlfiles/10-chain.xml | 2 +- tests/xmlfiles/11-chain.xml | 2 +- tests/xmlfiles/12-chain.xml | 2 +- tests/xmlfiles/20-rule-bitwise.xml | 2 +- tests/xmlfiles/21-rule-byteorder.xml | 2 +- tests/xmlfiles/22-rule-cmp.xml | 2 +- tests/xmlfiles/23-rule-counter.xml | 2 +- tests/xmlfiles/24-rule-ct.xml | 2 +- tests/xmlfiles/25-rule-exthdr.xml | 2 +- tests/xmlfiles/26-rule-immediate.xml | 2 +- tests/xmlfiles/27-rule-limit.xml | 2 +- tests/xmlfiles/28-rule-log.xml | 2 +- tests/xmlfiles/29-rule-lookup.xml | 2 +- tests/xmlfiles/30-rule-match.xml | 2 +- tests/xmlfiles/31-rule-meta.xml | 2 +- tests/xmlfiles/32-rule-nat6.xml | 2 +- tests/xmlfiles/33-rule-nat4.xml | 2 +- tests/xmlfiles/34-rule-payload.xml | 2 +- tests/xmlfiles/35-rule-target.xml | 2 +- tests/xmlfiles/36-rule-real.xml | 2 +- tests/xmlfiles/37-rule-real.xml | 2 +- tests/xmlfiles/38-rule-real.xml | 2 +- tests/xmlfiles/39-rule-real.xml | 2 +- tests/xmlfiles/40-rule-real.xml | 2 +- tests/xmlfiles/41-rule-real.xml | 2 +- tests/xmlfiles/42-rule-real.xml | 2 +- tests/xmlfiles/43-rule-real.xml | 2 +- tests/xmlfiles/44-rule-real.xml | 2 +- tests/xmlfiles/45-rule-real.xml | 2 +- tests/xmlfiles/46-rule-real.xml | 2 +- tests/xmlfiles/47-rule-real.xml | 2 +- tests/xmlfiles/48-rule-real.xml | 2 +- tests/xmlfiles/49-rule-real.xml | 2 +- tests/xmlfiles/50-rule-real.xml | 2 +- tests/xmlfiles/51-rule-real.xml | 2 +- tests/xmlfiles/52-rule-real.xml | 2 +- tests/xmlfiles/53-rule-real.xml | 2 +- tests/xmlfiles/54-rule-real.xml | 2 +- tests/xmlfiles/55-rule-real.xml | 2 +- tests/xmlfiles/56-rule-real.xml | 2 +- tests/xmlfiles/57-rule-real.xml | 2 +- tests/xmlfiles/58-rule-real.xml | 2 +- tests/xmlfiles/59-rule-real.xml | 2 +- tests/xmlfiles/60-rule-real.xml | 2 +- tests/xmlfiles/61-rule-real.xml | 2 +- tests/xmlfiles/62-rule-real.xml | 2 +- tests/xmlfiles/63-rule-real.xml | 2 +- tests/xmlfiles/64-rule-real.xml | 2 +- tests/xmlfiles/65-rule-real.xml | 2 +- tests/xmlfiles/66-rule-real.xml | 2 +- tests/xmlfiles/67-rule-real.xml | 2 +- tests/xmlfiles/68-rule-real.xml | 2 +- tests/xmlfiles/69-rule-real.xml | 2 +- tests/xmlfiles/70-rule-real.xml | 2 +- tests/xmlfiles/71-rule-real.xml | 2 +- tests/xmlfiles/72-rule-real.xml | 2 +- tests/xmlfiles/73-set.xml | 2 +- tests/xmlfiles/74-set.xml | 2 +- 112 files changed, 144 insertions(+), 338 deletions(-) diff --git a/tests/jsonfiles/01-table.json b/tests/jsonfiles/01-table.json index cfe7e9d..8668fb79 100644 --- a/tests/jsonfiles/01-table.json +++ b/tests/jsonfiles/01-table.json @@ -1 +1 @@ -{"table":{"name":"filter","family":"ip","flags":0}} +{"nftables":[{"table":{"name":"filter","family":"ip","flags":0}}]} diff --git a/tests/jsonfiles/02-table.json b/tests/jsonfiles/02-table.json index ddd119c..f8f5a1d 100644 --- a/tests/jsonfiles/02-table.json +++ b/tests/jsonfiles/02-table.json @@ -1 +1 @@ -{"table":{"name":"filter2","family":"ip6","flags":0}} +{"nftables":[{"table":{"name":"filter2","family":"ip6","flags":0}}]} diff --git a/tests/jsonfiles/11-chain.json b/tests/jsonfiles/11-chain.json index e1ed07f..2610b79 100644 --- a/tests/jsonfiles/11-chain.json +++ b/tests/jsonfiles/11-chain.json @@ -1 +1 @@ -{"chain":{"name":"input","handle":1,"bytes":1375696,"packets":4136,"family":"ip","table":"filter","use":0,"type":"filter","hooknum":"input","prio":0,"policy":"accept"}} +{"nftables":[{"chain":{"name":"input","handle":1,"bytes":1375696,"packets":4136,"family":"ip","table":"filter","use":0,"type":"filter","hooknum":"input","prio":0,"policy":"accept"}}]} diff --git a/tests/jsonfiles/12-chain.json b/tests/jsonfiles/12-chain.json index b3fa541..3d15982 100644 --- a/tests/jsonfiles/12-chain.json +++ b/tests/jsonfiles/12-chain.json @@ -1 +1 @@ -{"chain":{"name":"forward","handle":2,"bytes":0,"packets":0,"family":"ip","table":"filter","use":0,"type":"filter","hooknum":"forward","prio":0,"policy":"accept"}} +{"nftables":[{"chain":{"name":"forward","handle":2,"bytes":0,"packets":0,"family":"ip","table":"filter","use":0,"type":"filter","hooknum":"forward","prio":0,"policy":"accept"}}]} diff --git a/tests/jsonfiles/13-chain.json b/tests/jsonfiles/13-chain.json index 6d8230d..e3a17f0 100644 --- a/tests/jsonfiles/13-chain.json +++ b/tests/jsonfiles/13-chain.json @@ -1 +1 @@ -{"chain":{"name":"output","handle":3,"bytes":454786,"packets":2681,"family":"ip","table":"filter","use":0,"type":"filter","hooknum":"output","prio":0,"policy":"accept"}} +{"nftables":[{"chain":{"name":"output","handle":3,"bytes":454786,"packets":2681,"family":"ip","table":"filter","use":0,"type":"filter","hooknum":"output","prio":0,"policy":"accept"}}]} diff --git a/tests/jsonfiles/14-chain.json b/tests/jsonfiles/14-chain.json index 44bc106..d98dc94 100644 --- a/tests/jsonfiles/14-chain.json +++ b/tests/jsonfiles/14-chain.json @@ -1 +1 @@ -{"chain":{"name":"chain1","handle":4,"bytes":0,"packets":0,"family":"ip","table":"filter","use":0}} +{"nftables":[{"chain":{"name":"chain1","handle":4,"bytes":0,"packets":0,"family":"ip","table":"filter","use":0}}]} diff --git a/tests/jsonfiles/20-rule-bitwise.json b/tests/jsonfiles/20-rule-bitwise.json index 511ad88..de3d9ec 100644 --- a/tests/jsonfiles/20-rule-bitwise.json +++ b/tests/jsonfiles/20-rule-bitwise.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"input","handle":20,"expr":[{"type":"bitwise","sreg":1,"dreg":1,"len":4,"mask":{"data_reg":{"type":"value","len":4,"data0":"0x0000000a"}},"xor":{"data_reg":{"type":"value","len":4,"data0":"0x00000000"}}}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"input","handle":20,"expr":[{"type":"bitwise","sreg":1,"dreg":1,"len":4,"mask":{"data_reg":{"type":"value","len":4,"data0":"0x0000000a"}},"xor":{"data_reg":{"type":"value","len":4,"data0":"0x00000000"}}}]}}]} diff --git a/tests/jsonfiles/21-rule-byteorder.json b/tests/jsonfiles/21-rule-byteorder.json index 9c5498e..ae6fb32 100644 --- a/tests/jsonfiles/21-rule-byteorder.json +++ b/tests/jsonfiles/21-rule-byteorder.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"input","handle":21,"expr":[{"type":"byteorder","sreg":3,"dreg":4,"op":"hton","len":4,"size":4}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"input","handle":21,"expr":[{"type":"byteorder","sreg":3,"dreg":4,"op":"hton","len":4,"size":4}]}}]} diff --git a/tests/jsonfiles/22-rule-cmp.json b/tests/jsonfiles/22-rule-cmp.json index ad1c71a..c32d7ad 100644 --- a/tests/jsonfiles/22-rule-cmp.json +++ b/tests/jsonfiles/22-rule-cmp.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"forward","handle":22,"expr":[{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":16,"data0":"0x00000000","data1":"0x6e6f6200","data2":"0x2e303164","data3":"0x00393331"}}}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"forward","handle":22,"expr":[{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":16,"data0":"0x00000000","data1":"0x6e6f6200","data2":"0x2e303164","data3":"0x00393331"}}}]}}]} diff --git a/tests/jsonfiles/23-rule-counter.json b/tests/jsonfiles/23-rule-counter.json index 331ab2c..95d5072 100644 --- a/tests/jsonfiles/23-rule-counter.json +++ b/tests/jsonfiles/23-rule-counter.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":23,"expr":[{"type":"counter","pkts":135,"bytes":21655}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":23,"expr":[{"type":"counter","pkts":135,"bytes":21655}]}}]} diff --git a/tests/jsonfiles/24-rule-ct.json b/tests/jsonfiles/24-rule-ct.json index 3b161f3..1aa3dd2 100644 --- a/tests/jsonfiles/24-rule-ct.json +++ b/tests/jsonfiles/24-rule-ct.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"input","handle":24,"expr":[{"type":"ct","dreg":1,"key":"state"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000008"}}}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"input","handle":24,"expr":[{"type":"ct","dreg":1,"key":"state"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000008"}}}]}}]} diff --git a/tests/jsonfiles/25-rule-exthdr.json b/tests/jsonfiles/25-rule-exthdr.json index 32667a3..c40a074 100644 --- a/tests/jsonfiles/25-rule-exthdr.json +++ b/tests/jsonfiles/25-rule-exthdr.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"input","handle":25,"expr":[{"type":"exthdr","dreg":1,"exthdr_type":"mh","offset":2,"len":16}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"input","handle":25,"expr":[{"type":"exthdr","dreg":1,"exthdr_type":"mh","offset":2,"len":16}]}}]} diff --git a/tests/jsonfiles/26-rule-immediate.json b/tests/jsonfiles/26-rule-immediate.json index fbe7f8b..3582a39 100644 --- a/tests/jsonfiles/26-rule-immediate.json +++ b/tests/jsonfiles/26-rule-immediate.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"input","handle":26,"expr":[{"type":"immediate","dreg":0,"immediatedata":{"data_reg":{"type":"verdict","verdict":"accept"}}}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"input","handle":26,"expr":[{"type":"immediate","dreg":0,"immediatedata":{"data_reg":{"type":"verdict","verdict":"accept"}}}]}}]} diff --git a/tests/jsonfiles/27-rule-limit.json b/tests/jsonfiles/27-rule-limit.json index 3ac5118..c268357 100644 --- a/tests/jsonfiles/27-rule-limit.json +++ b/tests/jsonfiles/27-rule-limit.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"input","handle":27,"expr":[{"type":"limit","rate":321321,"unit":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"input","handle":27,"expr":[{"type":"limit","rate":321321,"unit":0}]}}]} diff --git a/tests/jsonfiles/28-rule-log.json b/tests/jsonfiles/28-rule-log.json index ad0ca8f..1e739f1 100644 --- a/tests/jsonfiles/28-rule-log.json +++ b/tests/jsonfiles/28-rule-log.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"input","handle":28,"expr":[{"type":"log","prefix":"test_chain","group":1,"snaplen":0,"qthreshold":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"input","handle":28,"expr":[{"type":"log","prefix":"test_chain","group":1,"snaplen":0,"qthreshold":0}]}}]} diff --git a/tests/jsonfiles/29-rule-match.json b/tests/jsonfiles/29-rule-match.json index 78f087d..b533e77 100644 --- a/tests/jsonfiles/29-rule-match.json +++ b/tests/jsonfiles/29-rule-match.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"input","handle":9,"expr":[{"type":"match","name":"state"},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"input","handle":9,"expr":[{"type":"match","name":"state"},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/30-rule-lookup.json b/tests/jsonfiles/30-rule-lookup.json index 5dbf823..05576b0 100644 --- a/tests/jsonfiles/30-rule-lookup.json +++ b/tests/jsonfiles/30-rule-lookup.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"input","handle":8,"expr":[{"type":"payload","dreg":1,"offset":12,"len":4,"base":"network"},{"type":"lookup","set":"set0","sreg":1,"dreg":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"input","handle":8,"expr":[{"type":"payload","dreg":1,"offset":12,"len":4,"base":"network"},{"type":"lookup","set":"set0","sreg":1,"dreg":0}]}}]} diff --git a/tests/jsonfiles/31-rule-meta.json b/tests/jsonfiles/31-rule-meta.json index b52d29e..96e02e5 100644 --- a/tests/jsonfiles/31-rule-meta.json +++ b/tests/jsonfiles/31-rule-meta.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":8,"expr":[{"type":"meta","dreg":1,"key":"protocol"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x000003e8"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":8,"expr":[{"type":"meta","dreg":1,"key":"protocol"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x000003e8"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/32-rule-nat4.json b/tests/jsonfiles/32-rule-nat4.json index eb3ae5b..aa2b50d 100644 --- a/tests/jsonfiles/32-rule-nat4.json +++ b/tests/jsonfiles/32-rule-nat4.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"input","handle":10,"expr":[{"type":"nat","nat_type":"dnat","family":"ip","sreg_addr_min":1,"sreg_addr_max":2,"sreg_proto_min":3,"sreg_proto_max":4}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"input","handle":10,"expr":[{"type":"nat","nat_type":"dnat","family":"ip","sreg_addr_min":1,"sreg_addr_max":2,"sreg_proto_min":3,"sreg_proto_max":4}]}}]} diff --git a/tests/jsonfiles/33-rule-nat6.json b/tests/jsonfiles/33-rule-nat6.json index fae48d0..e5d8c8f 100644 --- a/tests/jsonfiles/33-rule-nat6.json +++ b/tests/jsonfiles/33-rule-nat6.json @@ -1 +1 @@ -{"rule":{"family":"ip6","table":"nat","chain":"output","handle":33,"expr":[{"type":"nat","nat_type":"snat","family":"ip6","sreg_addr_min":1,"sreg_addr_max":2,"sreg_proto_min":3,"sreg_proto_max":4}]}} +{"nftables":[{"rule":{"family":"ip6","table":"nat","chain":"output","handle":33,"expr":[{"type":"nat","nat_type":"snat","family":"ip6","sreg_addr_min":1,"sreg_addr_max":2,"sreg_proto_min":3,"sreg_proto_max":4}]}}]} diff --git a/tests/jsonfiles/34-rule-payload.json b/tests/jsonfiles/34-rule-payload.json index 3559ca6..7eaff41 100644 --- a/tests/jsonfiles/34-rule-payload.json +++ b/tests/jsonfiles/34-rule-payload.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"input","handle":26,"expr":[{"type":"payload","dreg":1,"offset":9,"len":1,"base":"network"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":1,"data0":"0x00000006"}}},{"type":"payload","dreg":1,"offset":2,"len":2,"base":"transport"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":2,"data0":"0x00001600"}}},{"type":"immediate","dreg":0,"immediatedata":{"data_reg":{"type":"verdict","verdict":"accept"}}}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"input","handle":26,"expr":[{"type":"payload","dreg":1,"offset":9,"len":1,"base":"network"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":1,"data0":"0x00000006"}}},{"type":"payload","dreg":1,"offset":2,"len":2,"base":"transport"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":2,"data0":"0x00001600"}}},{"type":"immediate","dreg":0,"immediatedata":{"data_reg":{"type":"verdict","verdict":"accept"}}}]}}]} diff --git a/tests/jsonfiles/35-rule-target.json b/tests/jsonfiles/35-rule-target.json index c8ff656..da02921 100644 --- a/tests/jsonfiles/35-rule-target.json +++ b/tests/jsonfiles/35-rule-target.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"INPUT","handle":20,"expr":[{"type":"counter","pkts":17,"bytes":4436},{"type":"target","name":"LOG"}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"INPUT","handle":20,"expr":[{"type":"counter","pkts":17,"bytes":4436},{"type":"target","name":"LOG"}]}}]} diff --git a/tests/jsonfiles/36-rule-real.json b/tests/jsonfiles/36-rule-real.json index c8bfc26..4c5e331 100644 --- a/tests/jsonfiles/36-rule-real.json +++ b/tests/jsonfiles/36-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":36,"expr":[{"type":"payload","dreg":1,"offset":12,"len":8,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":8,"data0":"0x0100a8c0","data1":"0x6400a8c0"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":36,"expr":[{"type":"payload","dreg":1,"offset":12,"len":8,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":8,"data0":"0x0100a8c0","data1":"0x6400a8c0"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/37-rule-real.json b/tests/jsonfiles/37-rule-real.json index d9b4580..2645328 100644 --- a/tests/jsonfiles/37-rule-real.json +++ b/tests/jsonfiles/37-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":37,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":37,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}}]}}]} diff --git a/tests/jsonfiles/38-rule-real.json b/tests/jsonfiles/38-rule-real.json index ce37407..2a7640b 100644 --- a/tests/jsonfiles/38-rule-real.json +++ b/tests/jsonfiles/38-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":38,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":38,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}}]}}]} diff --git a/tests/jsonfiles/39-rule-real.json b/tests/jsonfiles/39-rule-real.json index 8529d06..5ab4fae 100644 --- a/tests/jsonfiles/39-rule-real.json +++ b/tests/jsonfiles/39-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":39,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"gte","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}},{"type":"cmp","sreg":1,"op":"lte","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0xfa00a8c0"}}}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":39,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"gte","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}},{"type":"cmp","sreg":1,"op":"lte","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0xfa00a8c0"}}}]}}]} diff --git a/tests/jsonfiles/40-rule-real.json b/tests/jsonfiles/40-rule-real.json index f13c99e..483a1a5 100644 --- a/tests/jsonfiles/40-rule-real.json +++ b/tests/jsonfiles/40-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":40,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":40,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/41-rule-real.json b/tests/jsonfiles/41-rule-real.json index ed23fc2..d8ed85c 100644 --- a/tests/jsonfiles/41-rule-real.json +++ b/tests/jsonfiles/41-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":41,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}},{"type":"counter","pkts":0,"bytes":0},{"type":"immediate","dreg":0,"immediatedata":{"data_reg":{"type":"verdict","verdict":"drop"}}}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":41,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}},{"type":"counter","pkts":0,"bytes":0},{"type":"immediate","dreg":0,"immediatedata":{"data_reg":{"type":"verdict","verdict":"drop"}}}]}}]} diff --git a/tests/jsonfiles/42-rule-real.json b/tests/jsonfiles/42-rule-real.json index 6c305e1..49f9b56 100644 --- a/tests/jsonfiles/42-rule-real.json +++ b/tests/jsonfiles/42-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":42,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}},{"type":"counter","pkts":0,"bytes":0},{"type":"log","prefix":"(null)","group":0,"snaplen":0,"qthreshold":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":42,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}},{"type":"counter","pkts":0,"bytes":0},{"type":"log","prefix":"(null)","group":0,"snaplen":0,"qthreshold":0}]}}]} diff --git a/tests/jsonfiles/43-rule-real.json b/tests/jsonfiles/43-rule-real.json index 95d0333..be2c6fb 100644 --- a/tests/jsonfiles/43-rule-real.json +++ b/tests/jsonfiles/43-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":43,"expr":[{"type":"payload","dreg":1,"offset":9,"len":1,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":1,"data0":"0x00000006"}}},{"type":"payload","dreg":1,"offset":2,"len":2,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":2,"data0":"0x00001600"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":43,"expr":[{"type":"payload","dreg":1,"offset":9,"len":1,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":1,"data0":"0x00000006"}}},{"type":"payload","dreg":1,"offset":2,"len":2,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":2,"data0":"0x00001600"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/44-rule-real.json b/tests/jsonfiles/44-rule-real.json index a838dbb..890e529 100644 --- a/tests/jsonfiles/44-rule-real.json +++ b/tests/jsonfiles/44-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":44,"expr":[{"type":"payload","dreg":1,"offset":9,"len":1,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":1,"data0":"0x00000006"}}},{"type":"payload","dreg":1,"offset":0,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x16000004"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":44,"expr":[{"type":"payload","dreg":1,"offset":9,"len":1,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":1,"data0":"0x00000006"}}},{"type":"payload","dreg":1,"offset":0,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x16000004"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/45-rule-real.json b/tests/jsonfiles/45-rule-real.json index 8b143d6..ed61093 100644 --- a/tests/jsonfiles/45-rule-real.json +++ b/tests/jsonfiles/45-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":45,"expr":[{"type":"payload","dreg":1,"offset":12,"len":8,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":8,"data0":"0x0100a8c0","data1":"0x6400a8c0"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":45,"expr":[{"type":"payload","dreg":1,"offset":12,"len":8,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":8,"data0":"0x0100a8c0","data1":"0x6400a8c0"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/46-rule-real.json b/tests/jsonfiles/46-rule-real.json index 28643c8..ed2431e 100644 --- a/tests/jsonfiles/46-rule-real.json +++ b/tests/jsonfiles/46-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":46,"expr":[{"type":"payload","dreg":1,"offset":9,"len":1,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":1,"data0":"0x00000006"}}},{"type":"payload","dreg":1,"offset":0,"len":8,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":8,"data0":"0x16000004","data1":"0x00000000"}}}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":46,"expr":[{"type":"payload","dreg":1,"offset":9,"len":1,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":1,"data0":"0x00000006"}}},{"type":"payload","dreg":1,"offset":0,"len":8,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":8,"data0":"0x16000004","data1":"0x00000000"}}}]}}]} diff --git a/tests/jsonfiles/47-rule-real.json b/tests/jsonfiles/47-rule-real.json index 8f68634..828e3ef 100644 --- a/tests/jsonfiles/47-rule-real.json +++ b/tests/jsonfiles/47-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":47,"expr":[{"type":"payload","dreg":1,"offset":9,"len":1,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":1,"data0":"0x00000006"}}},{"type":"payload","dreg":1,"offset":0,"len":8,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":8,"data0":"0x16000004","data1":"0x00000000"}}}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":47,"expr":[{"type":"payload","dreg":1,"offset":9,"len":1,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":1,"data0":"0x00000006"}}},{"type":"payload","dreg":1,"offset":0,"len":8,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":8,"data0":"0x16000004","data1":"0x00000000"}}}]}}]} diff --git a/tests/jsonfiles/48-rule-real.json b/tests/jsonfiles/48-rule-real.json index 0cd835e..7f08637 100644 --- a/tests/jsonfiles/48-rule-real.json +++ b/tests/jsonfiles/48-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":48,"expr":[{"type":"meta","dreg":1,"key":"len"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x000003e8"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":48,"expr":[{"type":"meta","dreg":1,"key":"len"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x000003e8"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/49-rule-real.json b/tests/jsonfiles/49-rule-real.json index 445f46a..26f2672 100644 --- a/tests/jsonfiles/49-rule-real.json +++ b/tests/jsonfiles/49-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":49,"expr":[{"type":"meta","dreg":1,"key":"mark"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000000"}}},{"type":"counter","pkts":55,"bytes":11407}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":49,"expr":[{"type":"meta","dreg":1,"key":"mark"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000000"}}},{"type":"counter","pkts":55,"bytes":11407}]}}]} diff --git a/tests/jsonfiles/50-rule-real.json b/tests/jsonfiles/50-rule-real.json index 2722236..b63d722 100644 --- a/tests/jsonfiles/50-rule-real.json +++ b/tests/jsonfiles/50-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":50,"expr":[{"type":"meta","dreg":1,"key":"iif"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000001"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":50,"expr":[{"type":"meta","dreg":1,"key":"iif"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000001"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/51-rule-real.json b/tests/jsonfiles/51-rule-real.json index 3161fa4..441716e 100644 --- a/tests/jsonfiles/51-rule-real.json +++ b/tests/jsonfiles/51-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":51,"expr":[{"type":"meta","dreg":1,"key":"iifname"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":16,"data0":"0x00000000","data1":"0x00000000","data2":"0x65000000","data3":"0x00306874"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":51,"expr":[{"type":"meta","dreg":1,"key":"iifname"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":16,"data0":"0x00000000","data1":"0x00000000","data2":"0x65000000","data3":"0x00306874"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/52-rule-real.json b/tests/jsonfiles/52-rule-real.json index d4092c6..baec217 100644 --- a/tests/jsonfiles/52-rule-real.json +++ b/tests/jsonfiles/52-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":52,"expr":[{"type":"meta","dreg":1,"key":"oif"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000001"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":52,"expr":[{"type":"meta","dreg":1,"key":"oif"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000001"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/53-rule-real.json b/tests/jsonfiles/53-rule-real.json index 526c9d3..bb28dea 100644 --- a/tests/jsonfiles/53-rule-real.json +++ b/tests/jsonfiles/53-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":53,"expr":[{"type":"meta","dreg":1,"key":"oifname"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":16,"data0":"0x00000000","data1":"0x00000000","data2":"0x65000000","data3":"0x00306874"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":53,"expr":[{"type":"meta","dreg":1,"key":"oifname"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":16,"data0":"0x00000000","data1":"0x00000000","data2":"0x65000000","data3":"0x00306874"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/54-rule-real.json b/tests/jsonfiles/54-rule-real.json index edb8c18..ae3b6e8 100644 --- a/tests/jsonfiles/54-rule-real.json +++ b/tests/jsonfiles/54-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":54,"expr":[{"type":"meta","dreg":1,"key":"skuid"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x000003e8"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":54,"expr":[{"type":"meta","dreg":1,"key":"skuid"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x000003e8"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/55-rule-real.json b/tests/jsonfiles/55-rule-real.json index a10fc0f..69febc0 100644 --- a/tests/jsonfiles/55-rule-real.json +++ b/tests/jsonfiles/55-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":55,"expr":[{"type":"meta","dreg":1,"key":"skgid"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x000003e8"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":55,"expr":[{"type":"meta","dreg":1,"key":"skgid"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x000003e8"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/56-rule-real.json b/tests/jsonfiles/56-rule-real.json index 137e146..6f5f4c5 100644 --- a/tests/jsonfiles/56-rule-real.json +++ b/tests/jsonfiles/56-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":56,"expr":[{"type":"meta","dreg":1,"key":"secmark"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000000"}}},{"type":"counter","pkts":55,"bytes":11407}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":56,"expr":[{"type":"meta","dreg":1,"key":"secmark"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000000"}}},{"type":"counter","pkts":55,"bytes":11407}]}}]} diff --git a/tests/jsonfiles/57-rule-real.json b/tests/jsonfiles/57-rule-real.json index 8694ea1..da17f64 100644 --- a/tests/jsonfiles/57-rule-real.json +++ b/tests/jsonfiles/57-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":57,"expr":[{"type":"meta","dreg":1,"key":"len"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x000003e8"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":57,"expr":[{"type":"meta","dreg":1,"key":"len"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x000003e8"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/58-rule-real.json b/tests/jsonfiles/58-rule-real.json index 59237b6..52532f1 100644 --- a/tests/jsonfiles/58-rule-real.json +++ b/tests/jsonfiles/58-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":58,"expr":[{"type":"meta","dreg":1,"key":"protocol"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":2,"data0":"0x00000008"}}},{"type":"counter","pkts":55,"bytes":11407}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":58,"expr":[{"type":"meta","dreg":1,"key":"protocol"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":2,"data0":"0x00000008"}}},{"type":"counter","pkts":55,"bytes":11407}]}}]} diff --git a/tests/jsonfiles/59-rule-real.json b/tests/jsonfiles/59-rule-real.json index d6245b2..aa632d3 100644 --- a/tests/jsonfiles/59-rule-real.json +++ b/tests/jsonfiles/59-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":59,"expr":[{"type":"meta","dreg":1,"key":"mark"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000000"}}},{"type":"counter","pkts":55,"bytes":11407}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":59,"expr":[{"type":"meta","dreg":1,"key":"mark"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000000"}}},{"type":"counter","pkts":55,"bytes":11407}]}}]} diff --git a/tests/jsonfiles/60-rule-real.json b/tests/jsonfiles/60-rule-real.json index 54d5288..4b58efd 100644 --- a/tests/jsonfiles/60-rule-real.json +++ b/tests/jsonfiles/60-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":60,"expr":[{"type":"meta","dreg":1,"key":"iif"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000001"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":60,"expr":[{"type":"meta","dreg":1,"key":"iif"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x00000001"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/61-rule-real.json b/tests/jsonfiles/61-rule-real.json index 3942c3f..c6acf03 100644 --- a/tests/jsonfiles/61-rule-real.json +++ b/tests/jsonfiles/61-rule-real.json @@ -1 +1 @@ -{"rule":{"family":"ip","table":"filter","chain":"output","handle":61,"expr":[{"type":"meta","dreg":1,"key":"iifname"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":16,"data0":"0x00000000","data1":"0x00000000","data2":"0x65000000","data3":"0x00306874"}}},{"type":"counter","pkts":0,"bytes":0}]}} +{"nftables":[{"rule":{"family":"ip","table":"filter","chain":"output","handle":61,"expr":[{"type":"meta","dreg":1,"key":"iifname"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":16,"data0":"0x00000000","data1":"0x00000000","data2":"0x65000000","data3":"0x00306874"}}},{"type":"counter","pkts":0,"bytes":0}]}}]} diff --git a/tests/jsonfiles/62-set.json b/tests/jsonfiles/62-set.json index 0e52f70..8a8d99c 100644 --- a/tests/jsonfiles/62-set.json +++ b/tests/jsonfiles/62-set.json @@ -1 +1 @@ -{"set":{"name":"set0","table":"filter","flags":3,"family":"ip","key_type":12,"key_len":2,"set_elem":[{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001700"}}},{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001600"}}}]}} +{"nftables":[{"set":{"name":"set0","table":"filter","flags":3,"family":"ip","key_type":12,"key_len":2,"set_elem":[{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001700"}}},{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001600"}}}]}}]} diff --git a/tests/jsonfiles/63-set.json b/tests/jsonfiles/63-set.json index 90afec3..ea2fe3d 100644 --- a/tests/jsonfiles/63-set.json +++ b/tests/jsonfiles/63-set.json @@ -1 +1 @@ -{"set":{"name":"map0","table":"filter","flags":11,"family":"ip","key_type":12,"key_len":2,"data_type":4294967040,"data_len":16,"set_elem":[{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001700"}},"data":{"data_reg":{"type":"chain","chain":"forward"}}},{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001600"}},"data":{"data_reg":{"type":"chain","chain":"chain1"}}}]}} +{"nftables":[{"set":{"name":"map0","table":"filter","flags":11,"family":"ip","key_type":12,"key_len":2,"data_type":4294967040,"data_len":16,"set_elem":[{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001700"}},"data":{"data_reg":{"type":"chain","chain":"forward"}}},{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001600"}},"data":{"data_reg":{"type":"chain","chain":"chain1"}}}]}}]} diff --git a/tests/jsonfiles/64-ruleset.json b/tests/jsonfiles/64-ruleset.json index 533d7fa..54eb1ff 100644 --- a/tests/jsonfiles/64-ruleset.json +++ b/tests/jsonfiles/64-ruleset.json @@ -1,2 +1 @@ {"nftables":[{"table":{"name":"filter","family":"ip","flags":0}},{"table":{"name":"filter2","family":"ip6","flags":0}},{"chain":{"name":"input","handle":1,"bytes":10681449,"packets":16216,"family":"ip","table":"filter","use":0,"type":"filter","hooknum":"input","prio":0,"policy":"accept"}},{"chain":{"name":"forward","handle":2,"bytes":0,"packets":0,"family":"ip","table":"filter","use":0,"type":"filter","hooknum":"forward","prio":0,"policy":"accept"}},{"chain":{"name":"output","handle":3,"bytes":2375830,"packets":15184,"family":"ip","table":"filter","use":0,"type":"filter","hooknum":"output","prio":0,"policy":"accept"}},{"chain":{"name":"chain1","handle":4,"bytes":0,"packets":0,"family":"ip","table":"filter","use":0}},{"set":{"name":"set0","table":"filter","flags":3,"family":"ip","key_type":12,"key_len":2}},{"rule":{"family":"ip","table":"filter","chain":"output","handle":6,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}},{"type":"counter","pkts":0,"bytes":0},{"type":"immediate","dreg":0,"immediatedata":{"data_reg":{"type":"verdict","verdict":"drop"}}}]}},{"rule":{"family":"ip","table":"filter","chain":"output","handle":9,"expr":[{"type":"payload","dreg":1,"offset":9,"len":1,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":1,"data0":"0x00000006"}}},{"type":"payload","dreg":1,"offset":2,"len":2,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":2,"data0":"0x00001600"}}},{"type":"counter","pkts":0,"bytes":0}]}},{"rule":{"family":"ip","table":"filter","chain":"output","handle":10,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}},{"type":"counter","pkts":0,"bytes":0}]}},{"rule":{"family":"ip","table":"filter","chain":"output","handle":11,"expr":[{"type":"payload","dreg":1,"offset":16,"len":4,"base":"link"},{"type":"cmp","sreg":1,"op":"eq","cmpdata":{"data_reg":{"type":"value","len":4,"data0":"0x0100a8c0"}}},{"type":"counter","pkts":0,"bytes":0},{"type":"immediate","dreg":0,"immediatedata":{"data_reg":{"type":"verdict","verdict":"drop"}}}]}}]} - diff --git a/tests/nft-parsing-test.c b/tests/nft-parsing-test.c index 558c849..b2ad62e 100644 --- a/tests/nft-parsing-test.c +++ b/tests/nft-parsing-test.c @@ -12,28 +12,11 @@ #include #include -#ifdef XML_PARSING -#include -#endif - -#ifdef JSON_PARSING -#include -#endif - enum { - TEST_XML_TABLE = 0, - TEST_XML_CHAIN, - TEST_XML_RULE, - TEST_XML_SET, TEST_XML_RULESET, - TEST_JSON_TABLE, - TEST_JSON_CHAIN, - TEST_JSON_RULE, - TEST_JSON_SET, TEST_JSON_RULESET, }; -#if defined(XML_PARSING) || defined(JSON_PARSING) static void print_detail_error(char *a, char *b) { int i; @@ -73,68 +56,13 @@ static void print_detail_error(char *a, char *b) } } -static int compare_test(uint32_t type, void *input, const char *filename) +static int compare_test(uint32_t type, struct nft_ruleset *rs, + const char *filename, FILE *fp) { - struct nft_table *t = NULL; - struct nft_chain *c = NULL; - struct nft_rule *r = NULL; - struct nft_set *s = NULL; - struct nft_ruleset *rs = NULL; char orig[4096]; char out[4096]; - FILE *fp; switch (type) { - case TEST_XML_TABLE: - case TEST_JSON_TABLE: - t = (struct nft_table *)input; - break; - case TEST_XML_CHAIN: - case TEST_JSON_CHAIN: - c = (struct nft_chain *)input; - break; - case TEST_XML_RULE: - case TEST_JSON_RULE: - r = (struct nft_rule *)input; - break; - case TEST_XML_SET: - case TEST_JSON_SET: - s = (struct nft_set *)input; - break; - case TEST_XML_RULESET: - case TEST_JSON_RULESET: - rs = (struct nft_ruleset *)input; - break; - default: - errno = EINVAL; - return -1; - } - - switch (type) { - case TEST_XML_TABLE: - nft_table_snprintf(out, sizeof(out), t, NFT_OUTPUT_XML, 0); - break; - case TEST_JSON_TABLE: - nft_table_snprintf(out, sizeof(out), t, NFT_OUTPUT_JSON, 0); - break; - case TEST_XML_CHAIN: - nft_chain_snprintf(out, sizeof(out), c, NFT_OUTPUT_XML, 0); - break; - case TEST_JSON_CHAIN: - nft_chain_snprintf(out, sizeof(out), c, NFT_OUTPUT_JSON, 0); - break; - case TEST_XML_RULE: - nft_rule_snprintf(out, sizeof(out), r, NFT_OUTPUT_XML, 0); - break; - case TEST_JSON_RULE: - nft_rule_snprintf(out, sizeof(out), r, NFT_OUTPUT_JSON, 0); - break; - case TEST_XML_SET: - nft_set_snprintf(out, sizeof(out), s, NFT_OUTPUT_XML, 0); - break; - case TEST_JSON_SET: - nft_set_snprintf(out, sizeof(out), s, NFT_OUTPUT_JSON, 0); - break; case TEST_XML_RULESET: nft_ruleset_snprintf(out, sizeof(out), rs, NFT_OUTPUT_XML, 0); @@ -148,14 +76,8 @@ static int compare_test(uint32_t type, void *input, const char *filename) return -1; } - fp = fopen(filename, "r"); - if (fp == NULL) { - perror("open"); - exit(EXIT_FAILURE); - } - + rewind(fp); fgets(orig, sizeof(orig), fp); - fclose(fp); if (strncmp(orig, out, strlen(out)) == 0) return 0; @@ -165,192 +87,77 @@ static int compare_test(uint32_t type, void *input, const char *filename) print_detail_error(orig, out); return -1; } -#endif static int test_json(const char *filename, struct nft_parse_err *err) { -#ifdef JSON_PARSING int ret = -1; - struct nft_table *t; - struct nft_chain *c; - struct nft_rule *r; - struct nft_set *s; struct nft_ruleset *rs; - json_t *root; - json_error_t error; - char *json; + FILE *fp; - root = json_load_file(filename, 0, &error); - if (!root) + fp = fopen(filename, "r"); + if (fp == NULL) { + printf("unable to open file %s: %s\n", filename, + strerror(errno)); return -1; + } - json = json_dumps(root, JSON_INDENT(0)); - - if (json_object_get(root, "table") != NULL) { - t = nft_table_alloc(); - if (t != NULL) { - if (nft_table_parse(t, NFT_PARSE_JSON, json, err) == 0) - ret = compare_test(TEST_JSON_TABLE, t, filename); - else - goto failparsing; - - nft_table_free(t); - } - } else if (json_object_get(root, "chain") != NULL) { - c = nft_chain_alloc(); - if (c != NULL) { - if (nft_chain_parse(c, NFT_PARSE_JSON, json, err) == 0) - ret = compare_test(TEST_JSON_CHAIN, c, filename); - else - goto failparsing; - - nft_chain_free(c); - } - } else if (json_object_get(root, "rule") != NULL) { - r = nft_rule_alloc(); - if (r != NULL) { - if (nft_rule_parse(r, NFT_PARSE_JSON, json, err) == 0) - ret = compare_test(TEST_JSON_RULE, r, filename); - else - goto failparsing; + rs = nft_ruleset_alloc(); + if (rs == NULL) { + perror("nft_ruleset_alloc"); + return -1; + } - nft_rule_free(r); - } - } else if (json_object_get(root, "set") != NULL) { - s = nft_set_alloc(); - if (s != NULL) { - if (nft_set_parse(s, NFT_PARSE_JSON, json, err) == 0) - ret = compare_test(TEST_JSON_SET, s, filename); - else - goto failparsing; + if (nft_ruleset_parse_file(rs, NFT_PARSE_JSON, fp, err) == 0) + ret = compare_test(TEST_JSON_RULESET, rs, filename, fp); + else + goto failparsing; - nft_set_free(s); - } - } else if (json_object_get(root, "nftables") != NULL) { - rs = nft_ruleset_alloc(); - if (rs != NULL) { - if (nft_ruleset_parse(rs, NFT_PARSE_JSON, json, err) == 0) - ret = compare_test(TEST_JSON_RULESET, rs, filename); - else - goto failparsing; - - nft_ruleset_free(rs); - } - } + nft_ruleset_free(rs); + fclose(fp); - free(json); - json_decref(root); return ret; failparsing: + fclose(fp); printf("parsing %s: ", filename); printf("\033[31mFAILED\e[0m (%s)\n", strerror(errno)); - free(json); - json_decref(root); return -1; -#else - printf("Compiled without support for JSON.\n"); - return -1; -#endif } static int test_xml(const char *filename, struct nft_parse_err *err) { -#ifdef XML_PARSING int ret = -1; - struct nft_table *t; - struct nft_chain *c; - struct nft_rule *r; - struct nft_set *s; struct nft_ruleset *rs; FILE *fp; - mxml_node_t *tree; - char *xml; fp = fopen(filename, "r"); - tree = mxmlLoadFile(NULL, fp, MXML_NO_CALLBACK); - fclose(fp); - - if (tree == NULL) { - printf("unable to build XML tree from file " - "%s \033[31mFAILED\e[0m\n", filename); + if (fp == NULL) { + printf("unable to open file %s: %s\n", filename, + strerror(errno)); return -1; } - xml = mxmlSaveAllocString(tree, MXML_NO_CALLBACK); - if (xml == NULL) { - printf("unable to alloc string from XML tree from %s " - "\033[31mFAILED\e[0m\n", filename); + rs = nft_ruleset_alloc(); + if (rs == NULL) { + perror("nft_ruleset_alloc"); return -1; } - /* Check what parsing should be done */ - if (strcmp(tree->value.opaque, "table") == 0) { - t = nft_table_alloc(); - if (t != NULL) { - if (nft_table_parse(t, NFT_PARSE_XML, xml, err) == 0) - ret = compare_test(TEST_XML_TABLE, t, filename); - else - goto failparsing; - - nft_table_free(t); - } - } else if (strcmp(tree->value.opaque, "chain") == 0) { - c = nft_chain_alloc(); - if (c != NULL) { - if (nft_chain_parse(c, NFT_PARSE_XML, xml, err) == 0) - ret = compare_test(TEST_XML_CHAIN, c, filename); - else - goto failparsing; - - nft_chain_free(c); - } - } else if (strcmp(tree->value.opaque, "rule") == 0) { - r = nft_rule_alloc(); - if (r != NULL) { - if (nft_rule_parse(r, NFT_PARSE_XML, xml, err) == 0) - ret = compare_test(TEST_XML_RULE, r, filename); - else - goto failparsing; - - nft_rule_free(r); - } - } else if (strcmp(tree->value.opaque, "set") == 0) { - s = nft_set_alloc(); - if (s != NULL) { - if (nft_set_parse(s, NFT_PARSE_XML, xml, err) == 0) - ret = compare_test(TEST_XML_SET, s, filename); - else - goto failparsing; + if (nft_ruleset_parse_file(rs, NFT_PARSE_XML, fp, err) == 0) + ret = compare_test(TEST_XML_RULESET, rs, filename, fp); + else + goto failparsing; - nft_set_free(s); - } - } else if (strcmp(tree->value.opaque, "nftables") == 0) { - rs = nft_ruleset_alloc(); - if (rs != NULL) { - if (nft_ruleset_parse(rs, NFT_PARSE_XML, - xml, err) == 0) - ret = compare_test(TEST_XML_RULESET, rs, - filename); - else - goto failparsing; - - nft_ruleset_free(rs); - } - } + nft_ruleset_free(rs); + fclose(fp); - mxmlDelete(tree); return ret; failparsing: - mxmlDelete(tree); + fclose(fp); printf("parsing %s: ", filename); printf("\033[31mFAILED\e[0m (%s)\n", strerror(errno)); return -1; -#else - printf("Compiled without support for XML.\n"); - return -1; -#endif } int main(int argc, char *argv[]) diff --git a/tests/xmlfiles/01-table.xml b/tests/xmlfiles/01-table.xml index fefcf67..f806334 100644 --- a/tests/xmlfiles/01-table.xml +++ b/tests/xmlfiles/01-table.xml @@ -1 +1 @@ -
filterip0
+filterip0
 diff --git a/tests/xmlfiles/02-table.xml b/tests/xmlfiles/02-table.xml index d0873ca..ea4e154 100644 --- a/tests/xmlfiles/02-table.xml +++ b/tests/xmlfiles/02-table.xml @@ -1 +1 @@ -natip60
+natip60
 diff --git a/tests/xmlfiles/10-chain.xml b/tests/xmlfiles/10-chain.xml index c6aa156..9c00eda 100644 --- a/tests/xmlfiles/10-chain.xml +++ b/tests/xmlfiles/10-chain.xml @@ -1 +1 @@ -test000filter
filterinput0acceptip +test000filter
filterinput0acceptip diff --git a/tests/xmlfiles/11-chain.xml b/tests/xmlfiles/11-chain.xml index 3423078..3d9978e 100644 --- a/tests/xmlfiles/11-chain.xml +++ b/tests/xmlfiles/11-chain.xml @@ -1 +1 @@ -test0591filter
filterforward0dropip6 +test0591filter
filterforward0dropip6 diff --git a/tests/xmlfiles/12-chain.xml b/tests/xmlfiles/12-chain.xml index 6afcd00..db0f56c 100644 --- a/tests/xmlfiles/12-chain.xml +++ b/tests/xmlfiles/12-chain.xml @@ -1 +1 @@ -foo100592641549792548796325nat
natpostrouting0acceptip +foo100592641549792548796325nat
natpostrouting0acceptip diff --git a/tests/xmlfiles/20-rule-bitwise.xml b/tests/xmlfiles/20-rule-bitwise.xml index 9517db9..8562863 100644 --- a/tests/xmlfiles/20-rule-bitwise.xml +++ b/tests/xmlfiles/20-rule-bitwise.xml @@ -1,2 +1,2 @@ -ipfilter
INPUT10011440x0000000a40x00000000 +ipfilter
INPUT10011440x0000000a40x00000000 diff --git a/tests/xmlfiles/21-rule-byteorder.xml b/tests/xmlfiles/21-rule-byteorder.xml index f8f13b6..fce4ed1 100644 --- a/tests/xmlfiles/21-rule-byteorder.xml +++ b/tests/xmlfiles/21-rule-byteorder.xml @@ -1 +1 @@ -iptest
test100034hton44 +iptest
test100034hton44 diff --git a/tests/xmlfiles/22-rule-cmp.xml b/tests/xmlfiles/22-rule-cmp.xml index 837d0de..ea8ea30 100644 --- a/tests/xmlfiles/22-rule-cmp.xml +++ b/tests/xmlfiles/22-rule-cmp.xml @@ -1,2 +1,2 @@ -ip6filter
test361eq160x000000000x6e6f62000x2e3031640x00393331 +ip6filter
test361eq160x000000000x6e6f62000x2e3031640x00393331 diff --git a/tests/xmlfiles/23-rule-counter.xml b/tests/xmlfiles/23-rule-counter.xml index 77aba7a..82700de 100644 --- a/tests/xmlfiles/23-rule-counter.xml +++ b/tests/xmlfiles/23-rule-counter.xml @@ -1,2 +1,2 @@ -ip6filter
test393177 +ip6filter
test393177 diff --git a/tests/xmlfiles/24-rule-ct.xml b/tests/xmlfiles/24-rule-ct.xml index 814ab52..e8e565d 100644 --- a/tests/xmlfiles/24-rule-ct.xml +++ b/tests/xmlfiles/24-rule-ct.xml @@ -1,2 +1,2 @@ -ipfilter
INPUT1001state0 +ipfilter
INPUT1001state0 diff --git a/tests/xmlfiles/25-rule-exthdr.xml b/tests/xmlfiles/25-rule-exthdr.xml index 6bf139c..9e10a88 100644 --- a/tests/xmlfiles/25-rule-exthdr.xml +++ b/tests/xmlfiles/25-rule-exthdr.xml @@ -1 +1 @@ -ip6filter
INPUT1001mh216 +ip6filter
INPUT1001mh216 diff --git a/tests/xmlfiles/26-rule-immediate.xml b/tests/xmlfiles/26-rule-immediate.xml index 2928142..4d10eb6 100644 --- a/tests/xmlfiles/26-rule-immediate.xml +++ b/tests/xmlfiles/26-rule-immediate.xml @@ -1,2 +1,2 @@ -ipfilter
input320accept +ipfilter
input320accept diff --git a/tests/xmlfiles/27-rule-limit.xml b/tests/xmlfiles/27-rule-limit.xml index 6761c9e..a4398e8 100644 --- a/tests/xmlfiles/27-rule-limit.xml +++ b/tests/xmlfiles/27-rule-limit.xml @@ -1 +1 @@ -ipfilter
INPUT100123123321321 +ipfilter
INPUT100123123321321 diff --git a/tests/xmlfiles/28-rule-log.xml b/tests/xmlfiles/28-rule-log.xml index d30e5fb..f24f858 100644 --- a/tests/xmlfiles/28-rule-log.xml +++ b/tests/xmlfiles/28-rule-log.xml @@ -1,2 +1,2 @@ -ip6filter
test96test_chain100 +ip6filter
test96test_chain100 diff --git a/tests/xmlfiles/29-rule-lookup.xml b/tests/xmlfiles/29-rule-lookup.xml index b08ccd3..c77e95c 100644 --- a/tests/xmlfiles/29-rule-lookup.xml +++ b/tests/xmlfiles/29-rule-lookup.xml @@ -1,2 +1,2 @@ -ip6filter
test37set010 +ip6filter
test37set010 diff --git a/tests/xmlfiles/30-rule-match.xml b/tests/xmlfiles/30-rule-match.xml index b4cf72b..4cfe33b 100644 --- a/tests/xmlfiles/30-rule-match.xml +++ b/tests/xmlfiles/30-rule-match.xml @@ -1 +1 @@ -ipfilter
INPUT100state +ipfilter
INPUT100state diff --git a/tests/xmlfiles/31-rule-meta.xml b/tests/xmlfiles/31-rule-meta.xml index b38e430..22498e7 100644 --- a/tests/xmlfiles/31-rule-meta.xml +++ b/tests/xmlfiles/31-rule-meta.xml @@ -1,2 +1,2 @@ -ip6filter
test361iifname +ip6filter
test361iifname diff --git a/tests/xmlfiles/32-rule-nat6.xml b/tests/xmlfiles/32-rule-nat6.xml index 81566ce..f96b7d8 100644 --- a/tests/xmlfiles/32-rule-nat6.xml +++ b/tests/xmlfiles/32-rule-nat6.xml @@ -1 +1 @@ -ip6nat
OUTPUT100snatip61234 +ip6nat
OUTPUT100snatip61234 diff --git a/tests/xmlfiles/33-rule-nat4.xml b/tests/xmlfiles/33-rule-nat4.xml index 0e495a8..73c5b56 100644 --- a/tests/xmlfiles/33-rule-nat4.xml +++ b/tests/xmlfiles/33-rule-nat4.xml @@ -1 +1 @@ -ipfilter
INPUT100dnatip1234 +ipfilter
INPUT100dnatip1234 diff --git a/tests/xmlfiles/34-rule-payload.xml b/tests/xmlfiles/34-rule-payload.xml index 6c2da6a..833e640 100644 --- a/tests/xmlfiles/34-rule-payload.xml +++ b/tests/xmlfiles/34-rule-payload.xml @@ -1,2 +1,2 @@ -ip6filter
test34122transport +ip6filter
test34122transport diff --git a/tests/xmlfiles/35-rule-target.xml b/tests/xmlfiles/35-rule-target.xml index 6925d96..5b46350 100644 --- a/tests/xmlfiles/35-rule-target.xml +++ b/tests/xmlfiles/35-rule-target.xml @@ -1 +1 @@ -ipfilter
INPUT100LOG +ipfilter
INPUT100LOG diff --git a/tests/xmlfiles/36-rule-real.xml b/tests/xmlfiles/36-rule-real.xml index 1c953e7..17f1e5f 100644 --- a/tests/xmlfiles/36-rule-real.xml +++ b/tests/xmlfiles/36-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output221128network1eq80x0100a8c00x6400a8c000 +ipfilter
output221128network1eq80x0100a8c00x6400a8c000 diff --git a/tests/xmlfiles/37-rule-real.xml b/tests/xmlfiles/37-rule-real.xml index 3c8ba13..dc45629 100644 --- a/tests/xmlfiles/37-rule-real.xml +++ b/tests/xmlfiles/37-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
INPUT251iifname1eq160x000000000x000000000x650000000x00306874191network1eq10x00000006122transport1eq20x000016001state011440x0000000a40x000000001neq40x0000000000testprefix100 +ipfilter
INPUT251iifname1eq160x000000000x000000000x650000000x00306874191network1eq10x00000006122transport1eq20x000016001state011440x0000000a40x000000001neq40x0000000000testprefix100 diff --git a/tests/xmlfiles/38-rule-real.xml b/tests/xmlfiles/38-rule-real.xml index 6161425..6f41f0e 100644 --- a/tests/xmlfiles/38-rule-real.xml +++ b/tests/xmlfiles/38-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
INPUT301164networkset310191network1eq10x00000006122transport1eq20x0000bb01000accept +ipfilter
INPUT301164networkset310191network1eq10x00000006122transport1eq20x0000bb01000accept diff --git a/tests/xmlfiles/39-rule-real.xml b/tests/xmlfiles/39-rule-real.xml index fbf3d61..c823c25 100644 --- a/tests/xmlfiles/39-rule-real.xml +++ b/tests/xmlfiles/39-rule-real.xml @@ -1,2 +1,2 @@ -ip6filter
test311iifname1eq160x000000000x000000000x6f6200000x0030646e1oifname1eq160x000000000x620000000x31646e6f0x0037322e1816network1eq160xc09a002a0x2700cac10x000000000x50010000161network1eq10x00000011122transport1eq20x000035001status01eq40x0000000100dns_drop2000drop +ip6filter
test311iifname1eq160x000000000x000000000x6f6200000x0030646e1oifname1eq160x000000000x620000000x31646e6f0x0037322e1816network1eq160xc09a002a0x2700cac10x000000000x50010000161network1eq10x00000011122transport1eq20x000035001status01eq40x0000000100dns_drop2000drop diff --git a/tests/xmlfiles/40-rule-real.xml b/tests/xmlfiles/40-rule-real.xml index 8e1d565..835dcec 100644 --- a/tests/xmlfiles/40-rule-real.xml +++ b/tests/xmlfiles/40-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output21164network1eq40x0100a8c0 +ipfilter
output21164network1eq40x0100a8c0 diff --git a/tests/xmlfiles/41-rule-real.xml b/tests/xmlfiles/41-rule-real.xml index 810267d..001a20e 100644 --- a/tests/xmlfiles/41-rule-real.xml +++ b/tests/xmlfiles/41-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output31164network1gte40x0100a8c01lte40xfa00a8c0 +ipfilter
output31164network1gte40x0100a8c01lte40xfa00a8c0 diff --git a/tests/xmlfiles/42-rule-real.xml b/tests/xmlfiles/42-rule-real.xml index 6aba9eb..6398c48 100644 --- a/tests/xmlfiles/42-rule-real.xml +++ b/tests/xmlfiles/42-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output41164network1eq40x0100a8c000 +ipfilter
output41164network1eq40x0100a8c000 diff --git a/tests/xmlfiles/43-rule-real.xml b/tests/xmlfiles/43-rule-real.xml index 7a2fe6b..38be43e 100644 --- a/tests/xmlfiles/43-rule-real.xml +++ b/tests/xmlfiles/43-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output51164network1eq40x0100a8c0000drop +ipfilter
output51164network1eq40x0100a8c0000drop diff --git a/tests/xmlfiles/44-rule-real.xml b/tests/xmlfiles/44-rule-real.xml index 69bdca8..8ab5db9 100644 --- a/tests/xmlfiles/44-rule-real.xml +++ b/tests/xmlfiles/44-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output61164network1eq40x0100a8c000(null)000 +ipfilter
output61164network1eq40x0100a8c000(null)000 diff --git a/tests/xmlfiles/45-rule-real.xml b/tests/xmlfiles/45-rule-real.xml index 36837de..165d581 100644 --- a/tests/xmlfiles/45-rule-real.xml +++ b/tests/xmlfiles/45-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output7191network1eq10x00000006122transport1eq20x0000160000 +ipfilter
output7191network1eq10x00000006122transport1eq20x0000160000 diff --git a/tests/xmlfiles/46-rule-real.xml b/tests/xmlfiles/46-rule-real.xml index 8465d0f..d6f7376 100644 --- a/tests/xmlfiles/46-rule-real.xml +++ b/tests/xmlfiles/46-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output8191network1eq10x00000006104transport1eq40x1600000400 +ipfilter
output8191network1eq10x00000006104transport1eq40x1600000400 diff --git a/tests/xmlfiles/47-rule-real.xml b/tests/xmlfiles/47-rule-real.xml index 39a09a5..815bd61 100644 --- a/tests/xmlfiles/47-rule-real.xml +++ b/tests/xmlfiles/47-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output91128network1eq80x0100a8c00x6400a8c000 +ipfilter
output91128network1eq80x0100a8c00x6400a8c000 diff --git a/tests/xmlfiles/48-rule-real.xml b/tests/xmlfiles/48-rule-real.xml index 89c5088..4b31948 100644 --- a/tests/xmlfiles/48-rule-real.xml +++ b/tests/xmlfiles/48-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output10191network1eq10x00000006108transport1eq80x160000040x00000000 +ipfilter
output10191network1eq10x00000006108transport1eq80x160000040x00000000 diff --git a/tests/xmlfiles/49-rule-real.xml b/tests/xmlfiles/49-rule-real.xml index 0896823..a4db57f 100644 --- a/tests/xmlfiles/49-rule-real.xml +++ b/tests/xmlfiles/49-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output11191network1eq10x00000006108transport1eq80x160000040x00000000 +ipfilter
output11191network1eq10x00000006108transport1eq80x160000040x00000000 diff --git a/tests/xmlfiles/50-rule-real.xml b/tests/xmlfiles/50-rule-real.xml index 1195131..72bddc7 100644 --- a/tests/xmlfiles/50-rule-real.xml +++ b/tests/xmlfiles/50-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output121state011440x0000000a40x000000001neq40x000000005511407 +ipfilter
output121state011440x0000000a40x000000001neq40x000000005511407 diff --git a/tests/xmlfiles/51-rule-real.xml b/tests/xmlfiles/51-rule-real.xml index 4064ffb..72cac29 100644 --- a/tests/xmlfiles/51-rule-real.xml +++ b/tests/xmlfiles/51-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output131direction01eq10x000000005160 +ipfilter
output131direction01eq10x000000005160 diff --git a/tests/xmlfiles/52-rule-real.xml b/tests/xmlfiles/52-rule-real.xml index 6ee7459..ca14eb8 100644 --- a/tests/xmlfiles/52-rule-real.xml +++ b/tests/xmlfiles/52-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output141direction01eq10x000000015011247 +ipfilter
output141direction01eq10x000000015011247 diff --git a/tests/xmlfiles/53-rule-real.xml b/tests/xmlfiles/53-rule-real.xml index ec4ea21..304732b 100644 --- a/tests/xmlfiles/53-rule-real.xml +++ b/tests/xmlfiles/53-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output151status01eq40x0000000100 +ipfilter
output151status01eq40x0000000100 diff --git a/tests/xmlfiles/54-rule-real.xml b/tests/xmlfiles/54-rule-real.xml index c80d43a..5312eca 100644 --- a/tests/xmlfiles/54-rule-real.xml +++ b/tests/xmlfiles/54-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output161mark01eq40x0000006400 +ipfilter
output161mark01eq40x0000006400 diff --git a/tests/xmlfiles/55-rule-real.xml b/tests/xmlfiles/55-rule-real.xml index 47f2e01..757a7a2 100644 --- a/tests/xmlfiles/55-rule-real.xml +++ b/tests/xmlfiles/55-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output171secmark01eq40x000000005511407 +ipfilter
output171secmark01eq40x000000005511407 diff --git a/tests/xmlfiles/56-rule-real.xml b/tests/xmlfiles/56-rule-real.xml index e4965e1..242ddbb 100644 --- a/tests/xmlfiles/56-rule-real.xml +++ b/tests/xmlfiles/56-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output181expiration01eq40x0000001e00 +ipfilter
output181expiration01eq40x0000001e00 diff --git a/tests/xmlfiles/57-rule-real.xml b/tests/xmlfiles/57-rule-real.xml index 985b274..136e5f1 100644 --- a/tests/xmlfiles/57-rule-real.xml +++ b/tests/xmlfiles/57-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output191helper01eq40x0070746600 +ipfilter
output191helper01eq40x0070746600 diff --git a/tests/xmlfiles/58-rule-real.xml b/tests/xmlfiles/58-rule-real.xml index 4b456c1..4474eb2 100644 --- a/tests/xmlfiles/58-rule-real.xml +++ b/tests/xmlfiles/58-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output201len1eq40x000003e800 +ipfilter
output201len1eq40x000003e800 diff --git a/tests/xmlfiles/59-rule-real.xml b/tests/xmlfiles/59-rule-real.xml index 603fe19..4e231a2 100644 --- a/tests/xmlfiles/59-rule-real.xml +++ b/tests/xmlfiles/59-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output211protocol1eq20x000000085511407 +ipfilter
output211protocol1eq20x000000085511407 diff --git a/tests/xmlfiles/60-rule-real.xml b/tests/xmlfiles/60-rule-real.xml index 66a96fe..535ab54 100644 --- a/tests/xmlfiles/60-rule-real.xml +++ b/tests/xmlfiles/60-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output221mark1eq40x000000005511407 +ipfilter
output221mark1eq40x000000005511407 diff --git a/tests/xmlfiles/61-rule-real.xml b/tests/xmlfiles/61-rule-real.xml index 5c1340c..2a5d411 100644 --- a/tests/xmlfiles/61-rule-real.xml +++ b/tests/xmlfiles/61-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output231iif1eq40x0000000100 +ipfilter
output231iif1eq40x0000000100 diff --git a/tests/xmlfiles/62-rule-real.xml b/tests/xmlfiles/62-rule-real.xml index 6a6d381..dfb6e44 100644 --- a/tests/xmlfiles/62-rule-real.xml +++ b/tests/xmlfiles/62-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output241iifname1eq160x000000000x000000000x650000000x0030687400 +ipfilter
output241iifname1eq160x000000000x000000000x650000000x0030687400 diff --git a/tests/xmlfiles/63-rule-real.xml b/tests/xmlfiles/63-rule-real.xml index baa13a7..b144889 100644 --- a/tests/xmlfiles/63-rule-real.xml +++ b/tests/xmlfiles/63-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output251oif1eq40x0000000100 +ipfilter
output251oif1eq40x0000000100 diff --git a/tests/xmlfiles/64-rule-real.xml b/tests/xmlfiles/64-rule-real.xml index 157773f..a83efb9 100644 --- a/tests/xmlfiles/64-rule-real.xml +++ b/tests/xmlfiles/64-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output261oifname1eq160x000000000x000000000x650000000x0030687400 +ipfilter
output261oifname1eq160x000000000x000000000x650000000x0030687400 diff --git a/tests/xmlfiles/65-rule-real.xml b/tests/xmlfiles/65-rule-real.xml index 06c560b..cfec802 100644 --- a/tests/xmlfiles/65-rule-real.xml +++ b/tests/xmlfiles/65-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output271skuid1eq40x000003e800 +ipfilter
output271skuid1eq40x000003e800 diff --git a/tests/xmlfiles/66-rule-real.xml b/tests/xmlfiles/66-rule-real.xml index 9a5b721..57b0d45 100644 --- a/tests/xmlfiles/66-rule-real.xml +++ b/tests/xmlfiles/66-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output281skgid1eq40x000003e800 +ipfilter
output281skgid1eq40x000003e800 diff --git a/tests/xmlfiles/67-rule-real.xml b/tests/xmlfiles/67-rule-real.xml index a3cbc2d..1ee49fc 100644 --- a/tests/xmlfiles/67-rule-real.xml +++ b/tests/xmlfiles/67-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output291secmark1eq40x000000005511407 +ipfilter
output291secmark1eq40x000000005511407 diff --git a/tests/xmlfiles/68-rule-real.xml b/tests/xmlfiles/68-rule-real.xml index 7023e59..70bccd9 100644 --- a/tests/xmlfiles/68-rule-real.xml +++ b/tests/xmlfiles/68-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output32191network1eq10x00000006122transportset01000 +ipfilter
output32191network1eq10x00000006122transportset01000 diff --git a/tests/xmlfiles/69-rule-real.xml b/tests/xmlfiles/69-rule-real.xml index dc2728e..2c61706 100644 --- a/tests/xmlfiles/69-rule-real.xml +++ b/tests/xmlfiles/69-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output331164networkset110 +ipfilter
output331164networkset110 diff --git a/tests/xmlfiles/70-rule-real.xml b/tests/xmlfiles/70-rule-real.xml index 64834d4..0a876e9 100644 --- a/tests/xmlfiles/70-rule-real.xml +++ b/tests/xmlfiles/70-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output34191network1eq10x00000006122transportmap010 +ipfilter
output34191network1eq10x00000006122transportmap010 diff --git a/tests/xmlfiles/71-rule-real.xml b/tests/xmlfiles/71-rule-real.xml index e10437a..143de72 100644 --- a/tests/xmlfiles/71-rule-real.xml +++ b/tests/xmlfiles/71-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output35191network1eq10x00000006122transportmap110 +ipfilter
output35191network1eq10x00000006122transportmap110 diff --git a/tests/xmlfiles/72-rule-real.xml b/tests/xmlfiles/72-rule-real.xml index ccda1fe..fb35523 100644 --- a/tests/xmlfiles/72-rule-real.xml +++ b/tests/xmlfiles/72-rule-real.xml @@ -1,2 +1,2 @@ -ipfilter
output361164networkmap210 +ipfilter
output361164networkmap210 diff --git a/tests/xmlfiles/73-set.xml b/tests/xmlfiles/73-set.xml index 88bf402..37fb2ee 100644 --- a/tests/xmlfiles/73-set.xml +++ b/tests/xmlfiles/73-set.xml @@ -1,2 +1,2 @@ -ipfilter
set000000040x0300a8c0040x0200a8c0040x0100a8c0 +ipfilter
set000000040x0300a8c0040x0200a8c0040x0100a8c0 diff --git a/tests/xmlfiles/74-set.xml b/tests/xmlfiles/74-set.xml index 5b6e8f1..679ee30 100644 --- a/tests/xmlfiles/74-set.xml +++ b/tests/xmlfiles/74-set.xml @@ -1,2 +1,2 @@ -ip6filter
set0000000160xc09a002a0x2700cac10x000000000x700100000160xc09a002a0x2700cac10x000000000x50010000 +ip6filter
set0000000160xc09a002a0x2700cac10x000000000x700100000160xc09a002a0x2700cac10x000000000x50010000 -- cgit v1.2.3 From 6bdc8a89f7c0dd94684974c5c775bdc411a4e6e2 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 10 Jan 2014 13:21:44 +0100 Subject: expr: fix incorrect data type for several expression object fields This patch fixes the incorrect data type (from uint8_t to uint32_t) in several private data area of the expressions. It also cleans up this by translating several unsigned int to uint32_t. Signed-off-by: Pablo Neira Ayuso --- src/expr/cmp.c | 4 ++-- src/expr/ct.c | 2 +- src/expr/exthdr.c | 8 ++++---- src/expr/meta.c | 4 ++-- src/expr/payload.c | 4 ++-- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/expr/cmp.c b/src/expr/cmp.c index ca1503c..b5c694a 100644 --- a/src/expr/cmp.c +++ b/src/expr/cmp.c @@ -26,8 +26,8 @@ struct nft_expr_cmp { union nft_data_reg data; - uint8_t sreg; /* enum nft_registers */ - uint8_t op; /* enum nft_cmp_ops */ + enum nft_registers sreg; + enum nft_cmp_ops op; }; static int diff --git a/src/expr/ct.c b/src/expr/ct.c index 59d05a5..7e20464 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -24,7 +24,7 @@ struct nft_expr_ct { enum nft_ct_keys key; - uint32_t dreg; /* enum nft_registers */ + enum nft_registers dreg; uint8_t dir; }; diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c index 813830b..d9e293a 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c @@ -32,9 +32,9 @@ struct nft_expr_exthdr { enum nft_registers dreg; + uint32_t offset; + uint32_t len; uint8_t type; - unsigned int offset; - unsigned int len; }; static int @@ -51,10 +51,10 @@ nft_rule_expr_exthdr_set(struct nft_rule_expr *e, uint16_t type, exthdr->type = *((uint8_t *)data); break; case NFT_EXPR_EXTHDR_OFFSET: - exthdr->offset = *((unsigned int *)data); + exthdr->offset = *((uint32_t *)data); break; case NFT_EXPR_EXTHDR_LEN: - exthdr->len = *((unsigned int *)data); + exthdr->len = *((uint32_t *)data); break; default: return -1; diff --git a/src/expr/meta.c b/src/expr/meta.c index 3c5fd77..fb62bfd 100644 --- a/src/expr/meta.c +++ b/src/expr/meta.c @@ -27,8 +27,8 @@ #endif struct nft_expr_meta { - uint8_t key; /* enum nft_meta_keys */ - uint8_t dreg; /* enum nft_registers */ + enum nft_meta_keys key; + enum nft_registers dreg; }; static int diff --git a/src/expr/payload.c b/src/expr/payload.c index 911bb01..2c1ef04 100644 --- a/src/expr/payload.c +++ b/src/expr/payload.c @@ -29,8 +29,8 @@ struct nft_expr_payload { enum nft_registers dreg; enum nft_payload_bases base; - unsigned int offset; - unsigned int len; + uint32_t offset; + uint32_t len; }; static int -- cgit v1.2.3 From 47150ba130ceb9a4ddd5f26a6b35723000e074f8 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 15 Jan 2014 10:19:06 +0100 Subject: update COPYING It includes the new FSF office address. Reported-by: Kevin Fenzi Signed-off-by: Pablo Neira Ayuso --- COPYING | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/COPYING b/COPYING index a43ea21..21b9363 100644 --- a/COPYING +++ b/COPYING @@ -2,7 +2,7 @@ Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 675 Mass Ave, Cambridge, MA 02139, USA + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -278,8 +278,9 @@ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS - - Appendix: How to Apply These Terms to Your New Programs + + + How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it @@ -305,7 +306,8 @@ the "copyright" line and a pointer to where the full notice is found. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Also add information on how to contact you by electronic and paper mail. -- cgit v1.2.3 From 8ef53967043455bca4e53ec9acea8bd5d492f36c Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Mon, 13 Jan 2014 13:14:52 +0100 Subject: set: xml: data_type/data_len are optional Don't print data_type and data_len if they aren't set. Also, they are optional when parsing. Printing and parsing unconditionally leads to false values and other errors. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/set.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/src/set.c b/src/set.c index 822a715..bee9540 100644 --- a/src/set.c +++ b/src/set.c @@ -453,16 +453,17 @@ int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s, s->flags |= (1 << NFT_SET_ATTR_KEY_LEN); if (nft_mxml_num_parse(tree, "data_type", MXML_DESCEND_FIRST, BASE_DEC, - &s->data_type, NFT_TYPE_U32, NFT_XML_MAND, err) != 0) - return -1; - - s->flags |= (1 << NFT_SET_ATTR_DATA_TYPE); + &s->data_type, NFT_TYPE_U32, + NFT_XML_OPT, err) == 0) { + s->flags |= (1 << NFT_SET_ATTR_DATA_TYPE); - if (nft_mxml_num_parse(tree, "data_len", MXML_DESCEND_FIRST, BASE_DEC, - &s->data_len, NFT_TYPE_U32, NFT_XML_MAND, err) != 0) - return -1; + if (nft_mxml_num_parse(tree, "data_len", MXML_DESCEND_FIRST, + BASE_DEC, &s->data_len, NFT_TYPE_U32, + NFT_XML_MAND, err) != 0) + return -1; - s->flags |= (1 << NFT_SET_ATTR_DATA_LEN); + s->flags |= (1 << NFT_SET_ATTR_DATA_LEN); + } for (node = mxmlFindElement(tree, tree, "set_elem", NULL, NULL, MXML_DESCEND); @@ -634,14 +635,20 @@ static int nft_set_snprintf_xml(char *buf, size_t size, struct nft_set *s, "%s" "%u" "%u" - "%u" - "%u" - "%u", + "%u", nft_family2str(s->family), s->table, s->name, - s->set_flags, s->key_type, - s->key_len, s->data_type, s->data_len); + s->set_flags, s->key_type, s->key_len); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + if (s->flags & (1 << NFT_SET_ATTR_DATA_TYPE) && + s->flags & (1 << NFT_SET_ATTR_DATA_LEN)) { + ret = snprintf(buf+offset, len, "%u" + "%u", + s->data_type, s->data_len); + + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + if (!list_empty(&s->element_list)) { list_for_each_entry(elem, &s->element_list, head) { ret = nft_set_elem_snprintf(buf+offset, len, elem, -- cgit v1.2.3 From 16c04f3be3f9596f065a75fad2cfb8a37ab53b24 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Wed, 15 Jan 2014 11:42:17 +0100 Subject: mxml: add optional/mandatory flag to nft_mxml_reg_parse There are some cases where a reg is not mandatory, for example: * dreg in lookup * dreg/sreg in meta (last version) So, lets change the function nft_mxml_reg_parse() to add an optional/mandatory flag. dreg in lookup is optional as stated at: net/netfilter/nft_lookup.c:nft_lookup_init() Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/expr/bitwise.c | 10 +++++----- src/expr/byteorder.c | 11 ++++++----- src/expr/cmp.c | 7 ++++--- src/expr/ct.c | 6 +++--- src/expr/exthdr.c | 6 +++--- src/expr/immediate.c | 6 +++--- src/expr/lookup.c | 17 ++++++++--------- src/expr/meta.c | 6 +++--- src/expr/nat.c | 18 +++++++++--------- src/expr/payload.c | 7 ++++--- src/internal.h | 3 ++- src/mxml.c | 24 ++++++++++++++---------- 12 files changed, 64 insertions(+), 57 deletions(-) diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c index 3c4f644..e57c244 100644 --- a/src/expr/bitwise.c +++ b/src/expr/bitwise.c @@ -231,17 +231,17 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, { #ifdef XML_PARSING struct nft_expr_bitwise *bitwise = nft_expr_data(e); - int32_t reg; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; bitwise->sreg = reg; e->flags |= (1 << NFT_EXPR_BITWISE_SREG); - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; bitwise->dreg = reg; diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c index d6beba3..49ae38f 100644 --- a/src/expr/byteorder.c +++ b/src/expr/byteorder.c @@ -246,17 +246,18 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, #ifdef XML_PARSING struct nft_expr_byteorder *byteorder = nft_expr_data(e); const char *op; - int32_t reg, ntoh; + int32_t ntoh; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; byteorder->sreg = reg; e->flags |= (1 << NFT_EXPR_BYTEORDER_SREG); - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND, NFT_XML_MAND, + err) != 0) return -1; byteorder->dreg = reg; diff --git a/src/expr/cmp.c b/src/expr/cmp.c index b5c694a..ebd3e5c 100644 --- a/src/expr/cmp.c +++ b/src/expr/cmp.c @@ -217,10 +217,11 @@ static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre #ifdef XML_PARSING struct nft_expr_cmp *cmp = nft_expr_data(e); const char *op; - int32_t reg, op_value; + int32_t op_value; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; cmp->sreg = reg; diff --git a/src/expr/ct.c b/src/expr/ct.c index 7e20464..97f9dcc 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -233,12 +233,12 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree #ifdef XML_PARSING struct nft_expr_ct *ct = nft_expr_data(e); const char *key_str; - int32_t reg; int key; uint8_t dir; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; ct->dreg = reg; diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c index d9e293a..0bf1de3 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c @@ -240,11 +240,11 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, #ifdef XML_PARSING struct nft_expr_exthdr *exthdr = nft_expr_data(e); const char *exthdr_type; - int32_t reg; int type; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; exthdr->dreg = reg; diff --git a/src/expr/immediate.c b/src/expr/immediate.c index 3ae4082..db7b958 100644 --- a/src/expr/immediate.c +++ b/src/expr/immediate.c @@ -224,10 +224,10 @@ nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, #ifdef XML_PARSING struct nft_expr_immediate *imm = nft_expr_data(e); int datareg_type; - int32_t reg; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; imm->dreg = reg; diff --git a/src/expr/lookup.c b/src/expr/lookup.c index b0aadf2..546066a 100644 --- a/src/expr/lookup.c +++ b/src/expr/lookup.c @@ -180,7 +180,7 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, #ifdef XML_PARSING struct nft_expr_lookup *lookup = nft_expr_data(e); const char *set_name; - int32_t reg; + uint32_t reg; set_name = nft_mxml_str_parse(tree, "set", MXML_DESCEND_FIRST, NFT_XML_MAND, err); @@ -191,19 +191,18 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, lookup->set_name[IFNAMSIZ-1] = '\0'; e->flags |= (1 << NFT_EXPR_LOOKUP_SET); - reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND, + NFT_XML_MAND, err) != 0) return -1; lookup->sreg = reg; e->flags |= (1 << NFT_EXPR_LOOKUP_SREG); - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND, err); - if (reg < 0) - return -1; - - lookup->dreg = reg; - e->flags |= (1 << NFT_EXPR_LOOKUP_DREG); + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND, + NFT_XML_OPT, err) == 0) { + lookup->dreg = reg; + e->flags |= (1 << NFT_EXPR_LOOKUP_DREG); + } return 0; #else diff --git a/src/expr/meta.c b/src/expr/meta.c index fb62bfd..1b5c904 100644 --- a/src/expr/meta.c +++ b/src/expr/meta.c @@ -197,11 +197,11 @@ static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, mxml_node_t *tr #ifdef XML_PARSING struct nft_expr_meta *meta = nft_expr_data(e); const char *key_str; - int32_t reg; int key; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) < 0) return -1; meta->dreg = reg; diff --git a/src/expr/nat.c b/src/expr/nat.c index 34a977a..65b35ea 100644 --- a/src/expr/nat.c +++ b/src/expr/nat.c @@ -261,8 +261,8 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre #ifdef XML_PARSING struct nft_expr_nat *nat = nft_expr_data(e); const char *nat_type; - int32_t reg; int family, nat_type_value; + uint32_t reg; nat_type = nft_mxml_str_parse(tree, "type", MXML_DESCEND_FIRST, NFT_XML_MAND, err); @@ -286,29 +286,29 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre nat->family = family; e->flags |= (1 << NFT_EXPR_NAT_FAMILY); - reg = nft_mxml_reg_parse(tree, "sreg_addr_min", MXML_DESCEND, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg_addr_min", ®, + MXML_DESCEND, NFT_XML_MAND, err) != 0) return -1; nat->sreg_addr_min = reg; e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MIN); - reg = nft_mxml_reg_parse(tree, "sreg_addr_max", MXML_DESCEND, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg_addr_max", ®, + MXML_DESCEND, NFT_XML_MAND, err) != 0) return -1; nat->sreg_addr_max = reg; e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MAX); - reg = nft_mxml_reg_parse(tree, "sreg_proto_min", MXML_DESCEND, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg_proto_min", ®, + MXML_DESCEND, NFT_XML_MAND, err) != 0) return -1; nat->sreg_proto_min = reg; e->flags |= (1 << NFT_EXPR_NAT_REG_PROTO_MIN); - reg = nft_mxml_reg_parse(tree, "sreg_proto_max", MXML_DESCEND, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "sreg_proto_max", ®, + MXML_DESCEND, NFT_XML_MAND, err) != 0) return -1; nat->sreg_proto_max = reg; diff --git a/src/expr/payload.c b/src/expr/payload.c index 2c1ef04..d64b097 100644 --- a/src/expr/payload.c +++ b/src/expr/payload.c @@ -242,10 +242,11 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, #ifdef XML_PARSING struct nft_expr_payload *payload = nft_expr_data(e); const char *base_str; - int32_t reg, base; + int32_t base; + uint32_t reg; - reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err); - if (reg < 0) + if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST, + NFT_XML_MAND, err) != 0) return -1; payload->dreg = reg; diff --git a/src/internal.h b/src/internal.h index d3c58a2..ab12cec 100644 --- a/src/internal.h +++ b/src/internal.h @@ -51,7 +51,8 @@ mxml_node_t *nft_mxml_build_tree(const void *data, const char *treename, struct nft_parse_err *err, enum nft_parse_input input); struct nft_rule_expr *nft_mxml_expr_parse(mxml_node_t *node, struct nft_parse_err *err); -int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags, +int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t *reg, + uint32_t mxmlflags, uint32_t flags, struct nft_parse_err *err); union nft_data_reg; int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, diff --git a/src/mxml.c b/src/mxml.c index ddbd01b..4988502 100644 --- a/src/mxml.c +++ b/src/mxml.c @@ -99,30 +99,34 @@ err: return NULL; } -int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags, +int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t *reg, + uint32_t mxmlflags, uint32_t flags, struct nft_parse_err *err) { mxml_node_t *node; - uint64_t val; - node = mxmlFindElement(tree, tree, reg_name, NULL, NULL, flags); + node = mxmlFindElement(tree, tree, reg_name, NULL, NULL, mxmlflags); if (node == NULL) { - err->error = NFT_PARSE_EMISSINGNODE; - errno = EINVAL; - goto err; + if (!(flags & NFT_XML_OPT)) { + err->error = NFT_PARSE_EMISSINGNODE; + errno = EINVAL; + goto err; + } + return -1; } - if (nft_strtoi(node->child->value.opaque, BASE_DEC, &val, - NFT_TYPE_U64) != 0) { + if (nft_strtoi(node->child->value.opaque, BASE_DEC, reg, + NFT_TYPE_U32) != 0) { err->error = NFT_PARSE_EBADTYPE; goto err; } - if (val > NFT_REG_MAX) { + if (*reg > NFT_REG_MAX) { errno = ERANGE; goto err; } - return val; + + return 0; err: err->node_name = reg_name; return -1; -- cgit v1.2.3 From d4e9556f36078ef60d0d6468d5203872e5f2a753 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Wed, 15 Jan 2014 11:42:22 +0100 Subject: lookup: xml: conditional output of dreg The dreg attribute is optional as stated at: linux/net/netfilter/nft_lookup.c Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/expr/lookup.c | 43 ++++++++++++++++++++++++++++++------------- 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/src/expr/lookup.c b/src/expr/lookup.c index 546066a..0e53f58 100644 --- a/src/expr/lookup.c +++ b/src/expr/lookup.c @@ -213,41 +213,59 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree, static int nft_rule_expr_lookup_snprintf_json(char *buf, size_t size, - struct nft_expr_lookup *l) + struct nft_rule_expr *e) { int len = size, offset = 0, ret; + struct nft_expr_lookup *l = nft_expr_data(e); - ret = snprintf(buf, len, "\"set\":\"%s\",\"sreg\":%u,\"dreg\":%u", - l->set_name, l->sreg, l->dreg); + ret = snprintf(buf, len, "\"set\":\"%s\",\"sreg\":%u", + l->set_name, l->sreg); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + if (e->flags & (1 << NFT_EXPR_LOOKUP_DREG)) { + ret = snprintf(buf+offset, len, ",\"dreg\":%u", l->dreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + return offset; } static int nft_rule_expr_lookup_snprintf_xml(char *buf, size_t size, - struct nft_expr_lookup *l) + struct nft_rule_expr *e) { int len = size, offset = 0, ret; + struct nft_expr_lookup *l = nft_expr_data(e); - ret = snprintf(buf, len, "%s%u%u", - l->set_name, l->sreg, l->dreg); + ret = snprintf(buf, len, "%s%u", + l->set_name, l->sreg); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + if (e->flags & (1 << NFT_EXPR_LOOKUP_DREG)) { + ret = snprintf(buf+offset, len, "%u", l->dreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + return offset; } static int nft_rule_expr_lookup_snprintf_default(char *buf, size_t size, - struct nft_expr_lookup *l) + struct nft_rule_expr *e) { int len = size, offset = 0, ret; + struct nft_expr_lookup *l = nft_expr_data(e); - ret = snprintf(buf, len, "reg %u set %s dreg %u ", - l->sreg, l->set_name, l->dreg); + ret = snprintf(buf, len, "reg %u set %s ", l->sreg, l->set_name); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + if (e->flags & (1 << NFT_EXPR_LOOKUP_DREG)) { + ret = snprintf(buf+offset, len, "dreg %u ", l->dreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + return offset; } @@ -255,15 +273,14 @@ static int nft_rule_expr_lookup_snprintf(char *buf, size_t size, uint32_t type, uint32_t flags, struct nft_rule_expr *e) { - struct nft_expr_lookup *lookup = nft_expr_data(e); switch(type) { case NFT_OUTPUT_DEFAULT: - return nft_rule_expr_lookup_snprintf_default(buf, size, lookup); + return nft_rule_expr_lookup_snprintf_default(buf, size, e); case NFT_OUTPUT_XML: - return nft_rule_expr_lookup_snprintf_xml(buf, size, lookup); + return nft_rule_expr_lookup_snprintf_xml(buf, size, e); case NFT_OUTPUT_JSON: - return nft_rule_expr_lookup_snprintf_json(buf, size, lookup); + return nft_rule_expr_lookup_snprintf_json(buf, size, e); default: break; } -- cgit v1.2.3 From 5b7ca05aa453f999ec015db671c1665f116e3bb2 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Wed, 15 Jan 2014 12:12:18 +0100 Subject: tests: xml: delete comments When building a XML tree, only one root node can be in place. This is a "feature" added in libmxml 2.7: <<< mxmlLoad... did not error out on XML with multiple root nodes (Bug #403) >>> In libmxml 2.6 the second root node was ignored, not because it was a comment but a bug. Our files had two root nodes, being comments or not. libmxml accept comments, but inside the root node. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- tests/xmlfiles/20-rule-bitwise.xml | 1 - tests/xmlfiles/22-rule-cmp.xml | 1 - tests/xmlfiles/23-rule-counter.xml | 1 - tests/xmlfiles/24-rule-ct.xml | 1 - tests/xmlfiles/26-rule-immediate.xml | 1 - tests/xmlfiles/28-rule-log.xml | 1 - tests/xmlfiles/29-rule-lookup.xml | 1 - tests/xmlfiles/31-rule-meta.xml | 1 - tests/xmlfiles/34-rule-payload.xml | 1 - tests/xmlfiles/36-rule-real.xml | 1 - tests/xmlfiles/37-rule-real.xml | 1 - tests/xmlfiles/38-rule-real.xml | 1 - tests/xmlfiles/39-rule-real.xml | 1 - tests/xmlfiles/40-rule-real.xml | 1 - tests/xmlfiles/41-rule-real.xml | 1 - tests/xmlfiles/42-rule-real.xml | 1 - tests/xmlfiles/43-rule-real.xml | 1 - tests/xmlfiles/44-rule-real.xml | 1 - tests/xmlfiles/45-rule-real.xml | 1 - tests/xmlfiles/46-rule-real.xml | 1 - tests/xmlfiles/47-rule-real.xml | 1 - tests/xmlfiles/48-rule-real.xml | 1 - tests/xmlfiles/49-rule-real.xml | 1 - tests/xmlfiles/50-rule-real.xml | 1 - tests/xmlfiles/51-rule-real.xml | 1 - tests/xmlfiles/52-rule-real.xml | 1 - tests/xmlfiles/53-rule-real.xml | 1 - tests/xmlfiles/54-rule-real.xml | 1 - tests/xmlfiles/55-rule-real.xml | 1 - tests/xmlfiles/56-rule-real.xml | 1 - tests/xmlfiles/57-rule-real.xml | 1 - tests/xmlfiles/58-rule-real.xml | 1 - tests/xmlfiles/59-rule-real.xml | 1 - tests/xmlfiles/60-rule-real.xml | 1 - tests/xmlfiles/61-rule-real.xml | 1 - tests/xmlfiles/62-rule-real.xml | 1 - tests/xmlfiles/63-rule-real.xml | 1 - tests/xmlfiles/64-rule-real.xml | 1 - tests/xmlfiles/65-rule-real.xml | 1 - tests/xmlfiles/66-rule-real.xml | 1 - tests/xmlfiles/67-rule-real.xml | 1 - tests/xmlfiles/68-rule-real.xml | 1 - tests/xmlfiles/69-rule-real.xml | 1 - tests/xmlfiles/70-rule-real.xml | 1 - tests/xmlfiles/71-rule-real.xml | 1 - tests/xmlfiles/72-rule-real.xml | 1 - tests/xmlfiles/73-set.xml | 1 - tests/xmlfiles/74-set.xml | 1 - 48 files changed, 48 deletions(-) diff --git a/tests/xmlfiles/20-rule-bitwise.xml b/tests/xmlfiles/20-rule-bitwise.xml index 8562863..756b22c 100644 --- a/tests/xmlfiles/20-rule-bitwise.xml +++ b/tests/xmlfiles/20-rule-bitwise.xml @@ -1,2 +1 @@ ipfilter
INPUT10011440x0000000a40x00000000 - diff --git a/tests/xmlfiles/22-rule-cmp.xml b/tests/xmlfiles/22-rule-cmp.xml index ea8ea30..308fb9f 100644 --- a/tests/xmlfiles/22-rule-cmp.xml +++ b/tests/xmlfiles/22-rule-cmp.xml @@ -1,2 +1 @@ ip6filter
test361eq160x000000000x6e6f62000x2e3031640x00393331 - diff --git a/tests/xmlfiles/23-rule-counter.xml b/tests/xmlfiles/23-rule-counter.xml index 82700de..6299e84 100644 --- a/tests/xmlfiles/23-rule-counter.xml +++ b/tests/xmlfiles/23-rule-counter.xml @@ -1,2 +1 @@ ip6filter
test393177 - diff --git a/tests/xmlfiles/24-rule-ct.xml b/tests/xmlfiles/24-rule-ct.xml index e8e565d..b3f4ad8 100644 --- a/tests/xmlfiles/24-rule-ct.xml +++ b/tests/xmlfiles/24-rule-ct.xml @@ -1,2 +1 @@ ipfilter
INPUT1001state0 - diff --git a/tests/xmlfiles/26-rule-immediate.xml b/tests/xmlfiles/26-rule-immediate.xml index 4d10eb6..1258c8b 100644 --- a/tests/xmlfiles/26-rule-immediate.xml +++ b/tests/xmlfiles/26-rule-immediate.xml @@ -1,2 +1 @@ ipfilter
input320accept - diff --git a/tests/xmlfiles/28-rule-log.xml b/tests/xmlfiles/28-rule-log.xml index f24f858..5865bd4 100644 --- a/tests/xmlfiles/28-rule-log.xml +++ b/tests/xmlfiles/28-rule-log.xml @@ -1,2 +1 @@ ip6filter
test96test_chain100 - diff --git a/tests/xmlfiles/29-rule-lookup.xml b/tests/xmlfiles/29-rule-lookup.xml index c77e95c..052b008 100644 --- a/tests/xmlfiles/29-rule-lookup.xml +++ b/tests/xmlfiles/29-rule-lookup.xml @@ -1,2 +1 @@ ip6filter
test37set010 - diff --git a/tests/xmlfiles/31-rule-meta.xml b/tests/xmlfiles/31-rule-meta.xml index 22498e7..a1c9e8c 100644 --- a/tests/xmlfiles/31-rule-meta.xml +++ b/tests/xmlfiles/31-rule-meta.xml @@ -1,2 +1 @@ ip6filter
test361iifname - diff --git a/tests/xmlfiles/34-rule-payload.xml b/tests/xmlfiles/34-rule-payload.xml index 833e640..a6faca9 100644 --- a/tests/xmlfiles/34-rule-payload.xml +++ b/tests/xmlfiles/34-rule-payload.xml @@ -1,2 +1 @@ ip6filter
test34122transport - diff --git a/tests/xmlfiles/36-rule-real.xml b/tests/xmlfiles/36-rule-real.xml index 17f1e5f..5c8e075 100644 --- a/tests/xmlfiles/36-rule-real.xml +++ b/tests/xmlfiles/36-rule-real.xml @@ -1,2 +1 @@ ipfilter
output221128network1eq80x0100a8c00x6400a8c000 - diff --git a/tests/xmlfiles/37-rule-real.xml b/tests/xmlfiles/37-rule-real.xml index dc45629..89b06b8 100644 --- a/tests/xmlfiles/37-rule-real.xml +++ b/tests/xmlfiles/37-rule-real.xml @@ -1,2 +1 @@ ipfilter
INPUT251iifname1eq160x000000000x000000000x650000000x00306874191network1eq10x00000006122transport1eq20x000016001state011440x0000000a40x000000001neq40x0000000000testprefix100 - diff --git a/tests/xmlfiles/38-rule-real.xml b/tests/xmlfiles/38-rule-real.xml index 6f41f0e..b8830b0 100644 --- a/tests/xmlfiles/38-rule-real.xml +++ b/tests/xmlfiles/38-rule-real.xml @@ -1,2 +1 @@ ipfilter
INPUT301164networkset310191network1eq10x00000006122transport1eq20x0000bb01000accept - diff --git a/tests/xmlfiles/39-rule-real.xml b/tests/xmlfiles/39-rule-real.xml index c823c25..a307a2e 100644 --- a/tests/xmlfiles/39-rule-real.xml +++ b/tests/xmlfiles/39-rule-real.xml @@ -1,2 +1 @@ ip6filter
test311iifname1eq160x000000000x000000000x6f6200000x0030646e1oifname1eq160x000000000x620000000x31646e6f0x0037322e1816network1eq160xc09a002a0x2700cac10x000000000x50010000161network1eq10x00000011122transport1eq20x000035001status01eq40x0000000100dns_drop2000drop - diff --git a/tests/xmlfiles/40-rule-real.xml b/tests/xmlfiles/40-rule-real.xml index 835dcec..0041ebf 100644 --- a/tests/xmlfiles/40-rule-real.xml +++ b/tests/xmlfiles/40-rule-real.xml @@ -1,2 +1 @@ ipfilter
output21164network1eq40x0100a8c0 - diff --git a/tests/xmlfiles/41-rule-real.xml b/tests/xmlfiles/41-rule-real.xml index 001a20e..bd213b0 100644 --- a/tests/xmlfiles/41-rule-real.xml +++ b/tests/xmlfiles/41-rule-real.xml @@ -1,2 +1 @@ ipfilter
output31164network1gte40x0100a8c01lte40xfa00a8c0 - diff --git a/tests/xmlfiles/42-rule-real.xml b/tests/xmlfiles/42-rule-real.xml index 6398c48..b5cc1bd 100644 --- a/tests/xmlfiles/42-rule-real.xml +++ b/tests/xmlfiles/42-rule-real.xml @@ -1,2 +1 @@ ipfilter
output41164network1eq40x0100a8c000 - diff --git a/tests/xmlfiles/43-rule-real.xml b/tests/xmlfiles/43-rule-real.xml index 38be43e..a84f513 100644 --- a/tests/xmlfiles/43-rule-real.xml +++ b/tests/xmlfiles/43-rule-real.xml @@ -1,2 +1 @@ ipfilter
output51164network1eq40x0100a8c0000drop - diff --git a/tests/xmlfiles/44-rule-real.xml b/tests/xmlfiles/44-rule-real.xml index 8ab5db9..5a99e6f 100644 --- a/tests/xmlfiles/44-rule-real.xml +++ b/tests/xmlfiles/44-rule-real.xml @@ -1,2 +1 @@ ipfilter
output61164network1eq40x0100a8c000(null)000 - diff --git a/tests/xmlfiles/45-rule-real.xml b/tests/xmlfiles/45-rule-real.xml index 165d581..53fa009 100644 --- a/tests/xmlfiles/45-rule-real.xml +++ b/tests/xmlfiles/45-rule-real.xml @@ -1,2 +1 @@ ipfilter
output7191network1eq10x00000006122transport1eq20x0000160000 - diff --git a/tests/xmlfiles/46-rule-real.xml b/tests/xmlfiles/46-rule-real.xml index d6f7376..0ddf6c8 100644 --- a/tests/xmlfiles/46-rule-real.xml +++ b/tests/xmlfiles/46-rule-real.xml @@ -1,2 +1 @@ ipfilter
output8191network1eq10x00000006104transport1eq40x1600000400 - diff --git a/tests/xmlfiles/47-rule-real.xml b/tests/xmlfiles/47-rule-real.xml index 815bd61..fde6d26 100644 --- a/tests/xmlfiles/47-rule-real.xml +++ b/tests/xmlfiles/47-rule-real.xml @@ -1,2 +1 @@ ipfilter
output91128network1eq80x0100a8c00x6400a8c000 - diff --git a/tests/xmlfiles/48-rule-real.xml b/tests/xmlfiles/48-rule-real.xml index 4b31948..547a0f6 100644 --- a/tests/xmlfiles/48-rule-real.xml +++ b/tests/xmlfiles/48-rule-real.xml @@ -1,2 +1 @@ ipfilter
output10191network1eq10x00000006108transport1eq80x160000040x00000000 - diff --git a/tests/xmlfiles/49-rule-real.xml b/tests/xmlfiles/49-rule-real.xml index a4db57f..dc662a3 100644 --- a/tests/xmlfiles/49-rule-real.xml +++ b/tests/xmlfiles/49-rule-real.xml @@ -1,2 +1 @@ ipfilter
output11191network1eq10x00000006108transport1eq80x160000040x00000000 - diff --git a/tests/xmlfiles/50-rule-real.xml b/tests/xmlfiles/50-rule-real.xml index 72bddc7..d15eff4 100644 --- a/tests/xmlfiles/50-rule-real.xml +++ b/tests/xmlfiles/50-rule-real.xml @@ -1,2 +1 @@ ipfilter
output121state011440x0000000a40x000000001neq40x000000005511407 - diff --git a/tests/xmlfiles/51-rule-real.xml b/tests/xmlfiles/51-rule-real.xml index 72cac29..471cd2b 100644 --- a/tests/xmlfiles/51-rule-real.xml +++ b/tests/xmlfiles/51-rule-real.xml @@ -1,2 +1 @@ ipfilter
output131direction01eq10x000000005160 - diff --git a/tests/xmlfiles/52-rule-real.xml b/tests/xmlfiles/52-rule-real.xml index ca14eb8..61a1269 100644 --- a/tests/xmlfiles/52-rule-real.xml +++ b/tests/xmlfiles/52-rule-real.xml @@ -1,2 +1 @@ ipfilter
output141direction01eq10x000000015011247 - diff --git a/tests/xmlfiles/53-rule-real.xml b/tests/xmlfiles/53-rule-real.xml index 304732b..d835639 100644 --- a/tests/xmlfiles/53-rule-real.xml +++ b/tests/xmlfiles/53-rule-real.xml @@ -1,2 +1 @@ ipfilter
output151status01eq40x0000000100 - diff --git a/tests/xmlfiles/54-rule-real.xml b/tests/xmlfiles/54-rule-real.xml index 5312eca..ed27e56 100644 --- a/tests/xmlfiles/54-rule-real.xml +++ b/tests/xmlfiles/54-rule-real.xml @@ -1,2 +1 @@ ipfilter
output161mark01eq40x0000006400 - diff --git a/tests/xmlfiles/55-rule-real.xml b/tests/xmlfiles/55-rule-real.xml index 757a7a2..2d2bf7f 100644 --- a/tests/xmlfiles/55-rule-real.xml +++ b/tests/xmlfiles/55-rule-real.xml @@ -1,2 +1 @@ ipfilter
output171secmark01eq40x000000005511407 - diff --git a/tests/xmlfiles/56-rule-real.xml b/tests/xmlfiles/56-rule-real.xml index 242ddbb..4596689 100644 --- a/tests/xmlfiles/56-rule-real.xml +++ b/tests/xmlfiles/56-rule-real.xml @@ -1,2 +1 @@ ipfilter
output181expiration01eq40x0000001e00 - diff --git a/tests/xmlfiles/57-rule-real.xml b/tests/xmlfiles/57-rule-real.xml index 136e5f1..6a2ad52 100644 --- a/tests/xmlfiles/57-rule-real.xml +++ b/tests/xmlfiles/57-rule-real.xml @@ -1,2 +1 @@ ipfilter
output191helper01eq40x0070746600 - diff --git a/tests/xmlfiles/58-rule-real.xml b/tests/xmlfiles/58-rule-real.xml index 4474eb2..d9bfe3a 100644 --- a/tests/xmlfiles/58-rule-real.xml +++ b/tests/xmlfiles/58-rule-real.xml @@ -1,2 +1 @@ ipfilter
output201len1eq40x000003e800 - diff --git a/tests/xmlfiles/59-rule-real.xml b/tests/xmlfiles/59-rule-real.xml index 4e231a2..6af8aa6 100644 --- a/tests/xmlfiles/59-rule-real.xml +++ b/tests/xmlfiles/59-rule-real.xml @@ -1,2 +1 @@ ipfilter
output211protocol1eq20x000000085511407 - diff --git a/tests/xmlfiles/60-rule-real.xml b/tests/xmlfiles/60-rule-real.xml index 535ab54..24cf057 100644 --- a/tests/xmlfiles/60-rule-real.xml +++ b/tests/xmlfiles/60-rule-real.xml @@ -1,2 +1 @@ ipfilter
output221mark1eq40x000000005511407 - diff --git a/tests/xmlfiles/61-rule-real.xml b/tests/xmlfiles/61-rule-real.xml index 2a5d411..3aaad57 100644 --- a/tests/xmlfiles/61-rule-real.xml +++ b/tests/xmlfiles/61-rule-real.xml @@ -1,2 +1 @@ ipfilter
output231iif1eq40x0000000100 - diff --git a/tests/xmlfiles/62-rule-real.xml b/tests/xmlfiles/62-rule-real.xml index dfb6e44..d7935d1 100644 --- a/tests/xmlfiles/62-rule-real.xml +++ b/tests/xmlfiles/62-rule-real.xml @@ -1,2 +1 @@ ipfilter
output241iifname1eq160x000000000x000000000x650000000x0030687400 - diff --git a/tests/xmlfiles/63-rule-real.xml b/tests/xmlfiles/63-rule-real.xml index b144889..f2a36f4 100644 --- a/tests/xmlfiles/63-rule-real.xml +++ b/tests/xmlfiles/63-rule-real.xml @@ -1,2 +1 @@ ipfilter
output251oif1eq40x0000000100 - diff --git a/tests/xmlfiles/64-rule-real.xml b/tests/xmlfiles/64-rule-real.xml index a83efb9..01a8708 100644 --- a/tests/xmlfiles/64-rule-real.xml +++ b/tests/xmlfiles/64-rule-real.xml @@ -1,2 +1 @@ ipfilter
output261oifname1eq160x000000000x000000000x650000000x0030687400 - diff --git a/tests/xmlfiles/65-rule-real.xml b/tests/xmlfiles/65-rule-real.xml index cfec802..2d59190 100644 --- a/tests/xmlfiles/65-rule-real.xml +++ b/tests/xmlfiles/65-rule-real.xml @@ -1,2 +1 @@ ipfilter
output271skuid1eq40x000003e800 - diff --git a/tests/xmlfiles/66-rule-real.xml b/tests/xmlfiles/66-rule-real.xml index 57b0d45..f9d9c5e 100644 --- a/tests/xmlfiles/66-rule-real.xml +++ b/tests/xmlfiles/66-rule-real.xml @@ -1,2 +1 @@ ipfilter
output281skgid1eq40x000003e800 - diff --git a/tests/xmlfiles/67-rule-real.xml b/tests/xmlfiles/67-rule-real.xml index 1ee49fc..555139c 100644 --- a/tests/xmlfiles/67-rule-real.xml +++ b/tests/xmlfiles/67-rule-real.xml @@ -1,2 +1 @@ ipfilter
output291secmark1eq40x000000005511407 - diff --git a/tests/xmlfiles/68-rule-real.xml b/tests/xmlfiles/68-rule-real.xml index 70bccd9..a0ff9ce 100644 --- a/tests/xmlfiles/68-rule-real.xml +++ b/tests/xmlfiles/68-rule-real.xml @@ -1,2 +1 @@ ipfilter
output32191network1eq10x00000006122transportset01000 - diff --git a/tests/xmlfiles/69-rule-real.xml b/tests/xmlfiles/69-rule-real.xml index 2c61706..e39e2cb 100644 --- a/tests/xmlfiles/69-rule-real.xml +++ b/tests/xmlfiles/69-rule-real.xml @@ -1,2 +1 @@ ipfilter
output331164networkset110 - diff --git a/tests/xmlfiles/70-rule-real.xml b/tests/xmlfiles/70-rule-real.xml index 0a876e9..6edd166 100644 --- a/tests/xmlfiles/70-rule-real.xml +++ b/tests/xmlfiles/70-rule-real.xml @@ -1,2 +1 @@ ipfilter
output34191network1eq10x00000006122transportmap010 - diff --git a/tests/xmlfiles/71-rule-real.xml b/tests/xmlfiles/71-rule-real.xml index 143de72..fba3af9 100644 --- a/tests/xmlfiles/71-rule-real.xml +++ b/tests/xmlfiles/71-rule-real.xml @@ -1,2 +1 @@ ipfilter
output35191network1eq10x00000006122transportmap110 - diff --git a/tests/xmlfiles/72-rule-real.xml b/tests/xmlfiles/72-rule-real.xml index fb35523..aac8b85 100644 --- a/tests/xmlfiles/72-rule-real.xml +++ b/tests/xmlfiles/72-rule-real.xml @@ -1,2 +1 @@ ipfilter
output361164networkmap210 - diff --git a/tests/xmlfiles/73-set.xml b/tests/xmlfiles/73-set.xml index 37fb2ee..6a9323a 100644 --- a/tests/xmlfiles/73-set.xml +++ b/tests/xmlfiles/73-set.xml @@ -1,2 +1 @@ ipfilter
set000000040x0300a8c0040x0200a8c0040x0100a8c0 - diff --git a/tests/xmlfiles/74-set.xml b/tests/xmlfiles/74-set.xml index 679ee30..5f0e7ae 100644 --- a/tests/xmlfiles/74-set.xml +++ b/tests/xmlfiles/74-set.xml @@ -1,2 +1 @@ ip6filter
set0000000160xc09a002a0x2700cac10x000000000x700100000160xc09a002a0x2700cac10x000000000x50010000 - -- cgit v1.2.3 From aa07b0d424e7a4b9a964e916b89859caedc63671 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Wed, 15 Jan 2014 19:18:46 +0100 Subject: expr: ct: fix missing NFT_CT_L3PROTOCOL in ctkey2str_array Due to missing NFT_CT_L3PROTOCOL key in ctkey2str_array, a segfault is produced when the str2ctkey() loop reaches that position, since strcmp() will try to compare a NULL value. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/expr/ct.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/expr/ct.c b/src/expr/ct.c index 97f9dcc..e960134 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -151,6 +151,7 @@ const char *ctkey2str_array[NFT_CT_MAX] = { [NFT_CT_SECMARK] = "secmark", [NFT_CT_EXPIRATION] = "expiration", [NFT_CT_HELPER] = "helper", + [NFT_CT_L3PROTOCOL] = "l3protocol", [NFT_CT_PROTOCOL] = "protocol", [NFT_CT_SRC] = "src", [NFT_CT_DST] = "dst", -- cgit v1.2.3 From db7a982ba56792ea4b716ee15c3e3ff282566a9c Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Fri, 17 Jan 2014 02:15:06 +0100 Subject: expr: ct: direction is optional The 'dir' attribute is optional as stated in the kernel sources. Previous to this patch, using XML/JSON to manage this expr produces some undefined and erroneous behaviours. While at it, fix also the default output format. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/expr/ct.c | 62 ++++++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 46 insertions(+), 16 deletions(-) diff --git a/src/expr/ct.c b/src/expr/ct.c index e960134..3070795 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -258,14 +258,12 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree e->flags |= (1 << NFT_EXPR_CT_KEY); if (nft_mxml_num_parse(tree, "dir", MXML_DESCEND_FIRST, BASE_DEC, - &dir, NFT_TYPE_U8, NFT_XML_MAND, err) != 0) - return -1; - - if (dir != IP_CT_DIR_ORIGINAL && dir != IP_CT_DIR_REPLY) - goto err; + &dir, NFT_TYPE_U8, NFT_XML_OPT, err) == 0) { + if (dir != IP_CT_DIR_ORIGINAL && dir != IP_CT_DIR_REPLY) + goto err; - ct->dir = dir; - e->flags |= (1 << NFT_EXPR_CT_DIR); + nft_rule_expr_set_u8(e, NFT_EXPR_CT_DIR, dir); + } return 0; err: @@ -292,30 +290,62 @@ nft_expr_ct_snprintf_json(char *buf, size_t size, struct nft_rule_expr *e) SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } - if (e->flags & (1 << NFT_EXPR_CT_DIR)) { + if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) { ret = snprintf(buf+offset, len, ",\"dir\":%u", ct->dir); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } return offset; +} + +static int +nft_expr_ct_snprintf_xml(char *buf, size_t size, struct nft_rule_expr *e) +{ + int ret, len = size, offset = 0; + struct nft_expr_ct *ct = nft_expr_data(e); + + ret = snprintf(buf, len, "%u", ct->dreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + ret = snprintf(buf+offset, len, "%s", + ctkey2str(ct->key)); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) { + ret = snprintf(buf+offset, len, "%u", ct->dir); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + return offset; +} + +static int +nft_expr_ct_snprintf_default(char *buf, size_t size, struct nft_rule_expr *e) +{ + int ret, len = size, offset = 0; + struct nft_expr_ct *ct = nft_expr_data(e); + + ret = snprintf(buf, len, "load %s => reg %u ", + ctkey2str(ct->key), ct->dreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) { + ret = snprintf(buf+offset, len, "dir %u ", ct->dir); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + return offset; } static int nft_rule_expr_ct_snprintf(char *buf, size_t len, uint32_t type, uint32_t flags, struct nft_rule_expr *e) { - struct nft_expr_ct *ct = nft_expr_data(e); - switch(type) { case NFT_OUTPUT_DEFAULT: - return snprintf(buf, len, "load %s => reg %u dir %u ", - ctkey2str(ct->key), ct->dreg, ct->dir); + return nft_expr_ct_snprintf_default(buf, len, e); case NFT_OUTPUT_XML: - return snprintf(buf, len, "%u" - "%s" - "%u", - ct->dreg, ctkey2str(ct->key), ct->dir); + return nft_expr_ct_snprintf_xml(buf, len, e); case NFT_OUTPUT_JSON: return nft_expr_ct_snprintf_json(buf, len, e); default: -- cgit v1.2.3 From cd9a80990abb035fba5810bbeb0ecdff46425d2f Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 17 Jan 2014 10:44:56 +0100 Subject: expr: meta: statify meta_key2str_array It's not used out of the scope of expr/meta.c Signed-off-by: Pablo Neira Ayuso --- src/expr/meta.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/expr/meta.c b/src/expr/meta.c index 1b5c904..6c3e20e 100644 --- a/src/expr/meta.c +++ b/src/expr/meta.c @@ -121,7 +121,7 @@ nft_rule_expr_meta_parse(struct nft_rule_expr *e, struct nlattr *attr) return 0; } -const char *meta_key2str_array[NFT_META_MAX] = { +static const char *meta_key2str_array[NFT_META_MAX] = { [NFT_META_LEN] = "len", [NFT_META_PROTOCOL] = "protocol", [NFT_META_PRIORITY] = "priority", -- cgit v1.2.3 From 871c7fd0204325b947a5fde3ab8617ef89b9168f Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Sat, 18 Jan 2014 17:01:44 +0100 Subject: utils: fix nft_str2verdict return value Some verdicts have a negative value. The caller of nft_str2verdict() checking if return was < 0 clash with enum nft_verdict. While at it, add error reporting of invalid verdicts. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/chain.c | 16 +++++++++++----- src/expr/data_reg.c | 14 ++++++++++---- src/internal.h | 2 +- src/utils.c | 28 +++++++++++++++++----------- 4 files changed, 39 insertions(+), 21 deletions(-) diff --git a/src/chain.c b/src/chain.c index 18a52da..37515bb 100644 --- a/src/chain.c +++ b/src/chain.c @@ -503,7 +503,7 @@ int nft_jansson_parse_chain(struct nft_chain *c, json_t *tree, { json_t *root; uint64_t uval64; - uint32_t policy; + int policy; int32_t val32; const char *valstr; @@ -575,9 +575,12 @@ int nft_jansson_parse_chain(struct nft_chain *c, json_t *tree, if (valstr == NULL) goto err; - policy = nft_str2verdict(valstr); - if (policy == -1) + if (nft_str2verdict(valstr, &policy) != 0) { + errno = EINVAL; + err->node_name = "policy"; + err->error = NFT_PARSE_EBADTYPE; goto err; + } nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_POLICY, policy); } @@ -697,9 +700,12 @@ int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c, if (policy_str == NULL) return -1; - policy = nft_str2verdict(policy_str); - if (policy == -1) + if (nft_str2verdict(policy_str, &policy) != 0) { + errno = EINVAL; + err->node_name = "policy"; + err->error = NFT_PARSE_EBADTYPE; return -1; + } c->policy = policy; c->flags |= (1 << NFT_CHAIN_ATTR_POLICY); diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c index e487bc7..8812daf 100644 --- a/src/expr/data_reg.c +++ b/src/expr/data_reg.c @@ -37,9 +37,12 @@ static int nft_data_reg_verdict_json_parse(union nft_data_reg *reg, json_t *data if (verdict_str == NULL) return -1; - verdict = nft_str2verdict(verdict_str); - if (verdict < 0) + if (nft_str2verdict(verdict_str, &verdict) != 0) { + err->node_name = "verdict"; + err->error = NFT_PARSE_EBADTYPE; + errno = EINVAL; return -1; + } reg->verdict = (uint32_t)verdict; @@ -118,9 +121,12 @@ static int nft_data_reg_verdict_xml_parse(union nft_data_reg *reg, if (verdict_str == NULL) return DATA_NONE; - verdict = nft_str2verdict(verdict_str); - if (verdict < 0) + if (nft_str2verdict(verdict_str, &verdict) != 0) { + err->node_name = "verdict"; + err->error = NFT_PARSE_EBADTYPE; + errno = EINVAL; return DATA_NONE; + } reg->verdict = (uint32_t)verdict; diff --git a/src/internal.h b/src/internal.h index ab12cec..256dd3d 100644 --- a/src/internal.h +++ b/src/internal.h @@ -131,7 +131,7 @@ const char *nft_family2str(uint32_t family); int nft_str2family(const char *family); int nft_strtoi(const char *string, int base, void *number, enum nft_type type); const char *nft_verdict2str(uint32_t verdict); -int nft_str2verdict(const char *verdict); +int nft_str2verdict(const char *verdict, int *verdict_num); int nft_get_value(enum nft_type type, void *val, void *out); #include diff --git a/src/utils.c b/src/utils.c index 2415917..dd7fd1d 100644 --- a/src/utils.c +++ b/src/utils.c @@ -154,18 +154,24 @@ const char *nft_verdict2str(uint32_t verdict) } } -int nft_str2verdict(const char *verdict) +int nft_str2verdict(const char *verdict, int *verdict_num) { - if (strcmp(verdict, "accept") == 0) - return NF_ACCEPT; - else if (strcmp(verdict, "drop") == 0) - return NF_DROP; - else if (strcmp(verdict, "return") == 0) - return NFT_RETURN; - else if (strcmp(verdict, "jump") == 0) - return NFT_JUMP; - else if (strcmp(verdict, "goto") == 0) - return NFT_GOTO; + if (strcmp(verdict, "accept") == 0) { + *verdict_num = NF_ACCEPT; + return 0; + } else if (strcmp(verdict, "drop") == 0) { + *verdict_num = NF_DROP; + return 0; + } else if (strcmp(verdict, "return") == 0) { + *verdict_num = NFT_RETURN; + return 0; + } else if (strcmp(verdict, "jump") == 0) { + *verdict_num = NFT_JUMP; + return 0; + } else if (strcmp(verdict, "goto") == 0) { + *verdict_num = NFT_GOTO; + return 0; + } return -1; } -- cgit v1.2.3 From dec687412e31118a3add7bad8de6ac496f7c1c65 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Sat, 18 Jan 2014 17:56:45 +0100 Subject: data_reg: fix verdict format approach Patrick reports that the XML/JSON formats of the data_reg object are not accuarate. This patch updates these formats, so they are now as follow: * with raw data (this doesn't change). * with a concrete verdict (eg drop accept) and an optional , with destination. In XML: goto output In JSON: "data_reg" : { "type" : "verdict", "verdict" : "goto" "chain" : "output", } The default output format is updated to reflect these changes (minor collateral thing). When parsing set_elems, to know if we need to add the NFT_SET_ELEM_ATTR_CHAIN flag, a basic check for the chain not being NULL is done, instead of evaluating if the result of the parsing was DATA_CHAIN. The DATA_CHAIN symbol is no longer used in the data_reg XML/JSON parsing zone. While at it, I updated the error reporting stuff regarding data_reg/verdict, in order to leave a consistent state in the library. A JSON testfile is updated as well. Reported-by: Patrick McHardy Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/expr/data_reg.c | 171 +++++++++++++++++++++++++------------------- src/jansson.c | 27 ++----- src/set_elem.c | 6 +- tests/jsonfiles/63-set.json | 2 +- tests/nft-parsing-test.c | 1 + 5 files changed, 110 insertions(+), 97 deletions(-) diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c index 8812daf..a755948 100644 --- a/src/expr/data_reg.c +++ b/src/expr/data_reg.c @@ -32,10 +32,11 @@ static int nft_data_reg_verdict_json_parse(union nft_data_reg *reg, json_t *data { int verdict; const char *verdict_str; + const char *chain; verdict_str = nft_jansson_parse_str(data, "verdict", err); if (verdict_str == NULL) - return -1; + return DATA_NONE; if (nft_str2verdict(verdict_str, &verdict) != 0) { err->node_name = "verdict"; @@ -46,18 +47,15 @@ static int nft_data_reg_verdict_json_parse(union nft_data_reg *reg, json_t *data reg->verdict = (uint32_t)verdict; - return 0; -} + if (nft_jansson_node_exist(data, "chain")) { + chain = nft_jansson_parse_str(data, "chain", err); + if (chain == NULL) + return DATA_NONE; -static int nft_data_reg_chain_json_parse(union nft_data_reg *reg, json_t *data, - struct nft_parse_err *err) -{ - reg->chain = strdup(nft_jansson_parse_str(data, "chain", err)); - if (reg->chain == NULL) { - return -1; + reg->chain = strdup(chain); } - return 0; + return DATA_VERDICT; } static int nft_data_reg_value_json_parse(union nft_data_reg *reg, json_t *data, @@ -67,17 +65,17 @@ static int nft_data_reg_value_json_parse(union nft_data_reg *reg, json_t *data, char node_name[6]; if (nft_jansson_parse_val(data, "len", NFT_TYPE_U8, ®->len, err) < 0) - return -1; + return DATA_NONE; for (i = 0; i < div_round_up(reg->len, sizeof(uint32_t)); i++) { sprintf(node_name, "data%d", i); if (nft_jansson_str2num(data, node_name, BASE_HEX, ®->val[i], NFT_TYPE_U32, err) != 0) - return -1; + return DATA_NONE; } - return 0; + return DATA_VALUE; } #endif @@ -93,15 +91,12 @@ int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data, return -1; /* Select what type of parsing is needed */ - if (strcmp(type, "value") == 0) { + if (strcmp(type, "value") == 0) return nft_data_reg_value_json_parse(reg, data, err); - } else if (strcmp(type, "verdict") == 0) { + else if (strcmp(type, "verdict") == 0) return nft_data_reg_verdict_json_parse(reg, data, err); - } else if (strcmp(type, "chain") == 0) { - return nft_data_reg_chain_json_parse(reg, data, err); - } - return 0; + return DATA_NONE; #else errno = EOPNOTSUPP; return -1; @@ -115,6 +110,7 @@ static int nft_data_reg_verdict_xml_parse(union nft_data_reg *reg, { int verdict; const char *verdict_str; + const char *chain; verdict_str = nft_mxml_str_parse(tree, "verdict", MXML_DESCEND_FIRST, NFT_XML_MAND, err); @@ -130,25 +126,16 @@ static int nft_data_reg_verdict_xml_parse(union nft_data_reg *reg, reg->verdict = (uint32_t)verdict; - return DATA_VERDICT; -} - -static int nft_data_reg_chain_xml_parse(union nft_data_reg *reg, - mxml_node_t *tree, - struct nft_parse_err *err) -{ - const char *chain; - chain = nft_mxml_str_parse(tree, "chain", MXML_DESCEND_FIRST, - NFT_XML_MAND, err); - if (chain == NULL) - return DATA_NONE; + NFT_XML_OPT, err); + if (chain != NULL) { + if (reg->chain) + xfree(reg->chain); - if (reg->chain) - xfree(reg->chain); + reg->chain = strdup(chain); + } - reg->chain = strdup(chain); - return DATA_CHAIN; + return DATA_VERDICT; } static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, @@ -195,25 +182,24 @@ int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree, node = mxmlFindElement(tree, tree, "data_reg", "type", NULL, MXML_DESCEND_FIRST); - if (node == NULL) { - errno = EINVAL; - return DATA_NONE; - } + if (node == NULL) + goto err; type = mxmlElementGetAttr(node, "type"); - if (type == NULL) { - errno = EINVAL; - return DATA_NONE; - } + if (type == NULL) + goto err; if (strcmp(type, "value") == 0) return nft_data_reg_value_xml_parse(reg, node, err); else if (strcmp(type, "verdict") == 0) return nft_data_reg_verdict_xml_parse(reg, node, err); - else if (strcmp(type, "chain") == 0) - return nft_data_reg_chain_xml_parse(reg, node, err); + return DATA_NONE; +err: + errno = EINVAL; + err->node_name = "data_reg"; + err->error = NFT_PARSE_EMISSINGNODE; return DATA_NONE; #else errno = EOPNOTSUPP; @@ -308,6 +294,67 @@ nft_data_reg_value_snprintf_default(char *buf, size_t size, return offset; } +static int +nft_data_reg_verdict_snprintf_def(char *buf, size_t size, + union nft_data_reg *reg, uint32_t flags) +{ + int len = size, offset = 0, ret = 0; + + ret = snprintf(buf, size, "%s ", nft_verdict2str(reg->verdict)); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + if (reg->chain != NULL) { + ret = snprintf(buf+offset, size, "-> %s ", reg->chain); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + return offset; +} + +static int +nft_data_reg_verdict_snprintf_xml(char *buf, size_t size, + union nft_data_reg *reg, uint32_t flags) +{ + int len = size, offset = 0, ret = 0; + + ret = snprintf(buf, size, "" + "%s", nft_verdict2str(reg->verdict)); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + if (reg->chain != NULL) { + ret = snprintf(buf+offset, size, "%s", + reg->chain); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + ret = snprintf(buf+offset, size, ""); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + return offset; +} + +static int +nft_data_reg_verdict_snprintf_json(char *buf, size_t size, + union nft_data_reg *reg, uint32_t flags) +{ + int len = size, offset = 0, ret = 0; + + ret = snprintf(buf, size, "\"data_reg\":{\"type\":\"verdict\"," + "\"verdict\":\"%s\"", nft_verdict2str(reg->verdict)); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + if (reg->chain != NULL) { + ret = snprintf(buf+offset, size, ",\"chain\":\"%s\"", + reg->chain); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + ret = snprintf(buf+offset, size, "}"); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + return offset; +} + int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg, uint32_t output_format, uint32_t flags, int reg_type) { @@ -327,44 +374,24 @@ int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg, break; } case DATA_VERDICT: - switch(output_format) { - case NFT_OUTPUT_DEFAULT: - return snprintf(buf, size, "%d ", reg->verdict); - case NFT_OUTPUT_XML: - return snprintf(buf, size, - "" - "%s" - "", - nft_verdict2str(reg->verdict)); - case NFT_OUTPUT_JSON: - return snprintf(buf, size, - "\"data_reg\":{" - "\"type\":\"verdict\"," - "\"verdict\":\"%s\"" - "}", nft_verdict2str(reg->verdict)); - default: - break; - } case DATA_CHAIN: switch(output_format) { case NFT_OUTPUT_DEFAULT: - return snprintf(buf, size, "%s ", reg->chain); + return nft_data_reg_verdict_snprintf_def(buf, size, + reg, flags); case NFT_OUTPUT_XML: - return snprintf(buf, size, - "" - "%s" - "", reg->chain); + return nft_data_reg_verdict_snprintf_xml(buf, size, + reg, flags); case NFT_OUTPUT_JSON: - return snprintf(buf, size, - "\"data_reg\":{\"type\":\"chain\"," - "\"chain\":\"%s\"" - "}", reg->chain); + return nft_data_reg_verdict_snprintf_json(buf, size, + reg, flags); default: break; } default: break; } + return -1; } diff --git a/src/jansson.c b/src/jansson.c index f446e17..26bd700 100644 --- a/src/jansson.c +++ b/src/jansson.c @@ -213,7 +213,6 @@ int nft_jansson_data_reg_parse(json_t *root, const char *node_name, struct nft_parse_err *err) { json_t *data; - const char *type; int ret; data = json_object_get(root, node_name); @@ -233,27 +232,12 @@ int nft_jansson_data_reg_parse(json_t *root, const char *node_name, } ret = nft_data_reg_json_parse(data_reg, data, err); - if (ret < 0) { + if (ret == DATA_NONE) { errno = EINVAL; return -1; } - type = nft_jansson_parse_str(data, "type", err); - if (type == NULL) - return -1; - - if (strcmp(type, "value") == 0) - return DATA_VALUE; - else if (strcmp(type, "verdict") == 0) - return DATA_VERDICT; - else if (strcmp(type, "chain") == 0) - return DATA_CHAIN; - else { - err->error = NFT_PARSE_EBADTYPE; - err->node_name = "type"; - errno = EINVAL; - return -1; - } + return ret; } int nft_jansson_set_elem_parse(struct nft_set_elem *e, json_t *root, @@ -281,10 +265,11 @@ int nft_jansson_set_elem_parse(struct nft_set_elem *e, json_t *root, break; case DATA_VERDICT: e->flags |= (1 << NFT_SET_ELEM_ATTR_VERDICT); + if (e->data.chain != NULL) + e->flags |= (1 << NFT_SET_ELEM_ATTR_CHAIN); + break; - case DATA_CHAIN: - e->flags |= (1 << NFT_SET_ELEM_ATTR_CHAIN); - break; + case DATA_NONE: default: return -1; } diff --git a/src/set_elem.c b/src/set_elem.c index 2bbfb0e..26c11d0 100644 --- a/src/set_elem.c +++ b/src/set_elem.c @@ -384,9 +384,9 @@ int nft_mxml_set_elem_parse(mxml_node_t *tree, struct nft_set_elem *e, break; case DATA_VERDICT: e->flags |= (1 << NFT_SET_ELEM_ATTR_VERDICT); - break; - case DATA_CHAIN: - e->flags |= (1 << NFT_SET_ELEM_ATTR_CHAIN); + if (e->data.chain != NULL) + e->flags |= (1 << NFT_SET_ELEM_ATTR_CHAIN); + break; } diff --git a/tests/jsonfiles/63-set.json b/tests/jsonfiles/63-set.json index ea2fe3d..62ccd2f 100644 --- a/tests/jsonfiles/63-set.json +++ b/tests/jsonfiles/63-set.json @@ -1 +1 @@ -{"nftables":[{"set":{"name":"map0","table":"filter","flags":11,"family":"ip","key_type":12,"key_len":2,"data_type":4294967040,"data_len":16,"set_elem":[{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001700"}},"data":{"data_reg":{"type":"chain","chain":"forward"}}},{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001600"}},"data":{"data_reg":{"type":"chain","chain":"chain1"}}}]}}]} +{"nftables":[{"set":{"name":"map0","table":"f","flags":11,"family":"ip","key_type":12,"key_len":2,"data_type":4294967040,"data_len":16,"set_elem":[{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001700"}},"data":{"data_reg":{"type":"verdict","verdict":"goto","chain":"o"}}},{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001600"}},"data":{"data_reg":{"type":"verdict","verdict":"accept"}}}]}}]} diff --git a/tests/nft-parsing-test.c b/tests/nft-parsing-test.c index b2ad62e..df981ad 100644 --- a/tests/nft-parsing-test.c +++ b/tests/nft-parsing-test.c @@ -121,6 +121,7 @@ failparsing: fclose(fp); printf("parsing %s: ", filename); printf("\033[31mFAILED\e[0m (%s)\n", strerror(errno)); + nft_parse_perror("fail", err); return -1; } -- cgit v1.2.3 From a205a5022259f40aa3ad74017d39e64546d4155c Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Sat, 18 Jan 2014 20:01:32 +0100 Subject: ct: use a string with 'dir' attribute This patch implements a string to represent directions in the CT expression: * original (0) * reply (1) Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/expr/ct.c | 59 +++++++++++++++++++++++++++++++++-------- tests/xmlfiles/24-rule-ct.xml | 2 +- tests/xmlfiles/37-rule-real.xml | 2 +- tests/xmlfiles/39-rule-real.xml | 2 +- tests/xmlfiles/50-rule-real.xml | 2 +- tests/xmlfiles/51-rule-real.xml | 2 +- tests/xmlfiles/52-rule-real.xml | 2 +- tests/xmlfiles/53-rule-real.xml | 2 +- tests/xmlfiles/54-rule-real.xml | 2 +- tests/xmlfiles/55-rule-real.xml | 2 +- tests/xmlfiles/56-rule-real.xml | 2 +- tests/xmlfiles/57-rule-real.xml | 2 +- 12 files changed, 59 insertions(+), 22 deletions(-) diff --git a/src/expr/ct.c b/src/expr/ct.c index 3070795..a09976c 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -179,11 +179,38 @@ static inline int str2ctkey(const char *ctkey) return -1; } +static const char *ctdir2str(uint8_t ctdir) +{ + switch (ctdir) { + case IP_CT_DIR_ORIGINAL: + return "original"; + case IP_CT_DIR_REPLY: + return "reply"; + default: + return "unknow"; + } +} + +static int str2ctdir(const char *str, uint8_t *ctdir) +{ + if (strcmp(str, "original") == 0) { + *ctdir = IP_CT_DIR_ORIGINAL; + return 0; + } + + if (strcmp(str, "reply") == 0) { + *ctdir = IP_CT_DIR_REPLY; + return 0; + } + + return -1; +} + static int nft_rule_expr_ct_json_parse(struct nft_rule_expr *e, json_t *root, struct nft_parse_err *err) { #ifdef JSON_PARSING - const char *key_str; + const char *key_str, *dir_str; uint32_t reg; uint8_t dir; int key; @@ -207,12 +234,15 @@ static int nft_rule_expr_ct_json_parse(struct nft_rule_expr *e, json_t *root, } if (nft_jansson_node_exist(root, "dir")) { - if (nft_jansson_parse_val(root, "dir", NFT_TYPE_U8, &dir, - err) < 0) + dir_str = nft_jansson_parse_str(root, "dir", err); + if (dir_str == NULL) return -1; - if (dir != IP_CT_DIR_ORIGINAL && dir != IP_CT_DIR_REPLY) + if (str2ctdir(dir_str, &dir) != 0) { + err->node_name = "dir"; + err->error = NFT_PARSE_EBADTYPE; goto err; + } nft_rule_expr_set_u8(e, NFT_EXPR_CT_DIR, dir); } @@ -233,7 +263,7 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree { #ifdef XML_PARSING struct nft_expr_ct *ct = nft_expr_data(e); - const char *key_str; + const char *key_str, *dir_str; int key; uint8_t dir; uint32_t reg; @@ -257,10 +287,14 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree ct->key = key; e->flags |= (1 << NFT_EXPR_CT_KEY); - if (nft_mxml_num_parse(tree, "dir", MXML_DESCEND_FIRST, BASE_DEC, - &dir, NFT_TYPE_U8, NFT_XML_OPT, err) == 0) { - if (dir != IP_CT_DIR_ORIGINAL && dir != IP_CT_DIR_REPLY) + dir_str = nft_mxml_str_parse(tree, "dir", MXML_DESCEND_FIRST, + NFT_XML_OPT, err); + if (dir_str != NULL) { + if (str2ctdir(dir_str, &dir) != 0) { + err->node_name = "dir"; + err->error = NFT_PARSE_EBADTYPE; goto err; + } nft_rule_expr_set_u8(e, NFT_EXPR_CT_DIR, dir); } @@ -291,7 +325,8 @@ nft_expr_ct_snprintf_json(char *buf, size_t size, struct nft_rule_expr *e) } if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) { - ret = snprintf(buf+offset, len, ",\"dir\":%u", ct->dir); + ret = snprintf(buf+offset, len, ",\"dir\":\"%s\"", + ctdir2str(ct->dir)); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } @@ -312,7 +347,8 @@ nft_expr_ct_snprintf_xml(char *buf, size_t size, struct nft_rule_expr *e) SNPRINTF_BUFFER_SIZE(ret, size, len, offset); if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) { - ret = snprintf(buf+offset, len, "%u", ct->dir); + ret = snprintf(buf+offset, len, "%s", + ctdir2str(ct->dir)); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } @@ -330,7 +366,8 @@ nft_expr_ct_snprintf_default(char *buf, size_t size, struct nft_rule_expr *e) SNPRINTF_BUFFER_SIZE(ret, size, len, offset); if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) { - ret = snprintf(buf+offset, len, "dir %u ", ct->dir); + ret = snprintf(buf+offset, len, ", dir %s ", + ctdir2str(ct->dir)); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } diff --git a/tests/xmlfiles/24-rule-ct.xml b/tests/xmlfiles/24-rule-ct.xml index b3f4ad8..1939e43 100644 --- a/tests/xmlfiles/24-rule-ct.xml +++ b/tests/xmlfiles/24-rule-ct.xml @@ -1 +1 @@ -ipfilter
INPUT1001state0 +ipfilter
INPUT1001stateoriginal diff --git a/tests/xmlfiles/37-rule-real.xml b/tests/xmlfiles/37-rule-real.xml index 89b06b8..d9293f6 100644 --- a/tests/xmlfiles/37-rule-real.xml +++ b/tests/xmlfiles/37-rule-real.xml @@ -1 +1 @@ -ipfilter
INPUT251iifname1eq160x000000000x000000000x650000000x00306874191network1eq10x00000006122transport1eq20x000016001state011440x0000000a40x000000001neq40x0000000000testprefix100 +ipfilter
INPUT251iifname1eq160x000000000x000000000x650000000x00306874191network1eq10x00000006122transport1eq20x000016001stateoriginal11440x0000000a40x000000001neq40x0000000000testprefix100 diff --git a/tests/xmlfiles/39-rule-real.xml b/tests/xmlfiles/39-rule-real.xml index a307a2e..9a69a61 100644 --- a/tests/xmlfiles/39-rule-real.xml +++ b/tests/xmlfiles/39-rule-real.xml @@ -1 +1 @@ -ip6filter
test311iifname1eq160x000000000x000000000x6f6200000x0030646e1oifname1eq160x000000000x620000000x31646e6f0x0037322e1816network1eq160xc09a002a0x2700cac10x000000000x50010000161network1eq10x00000011122transport1eq20x000035001status01eq40x0000000100dns_drop2000drop +ip6filter
test311iifname1eq160x000000000x000000000x6f6200000x0030646e1oifname1eq160x000000000x620000000x31646e6f0x0037322e1816network1eq160xc09a002a0x2700cac10x000000000x50010000161network1eq10x00000011122transport1eq20x000035001statusoriginal1eq40x0000000100dns_drop2000drop diff --git a/tests/xmlfiles/50-rule-real.xml b/tests/xmlfiles/50-rule-real.xml index d15eff4..c52e00e 100644 --- a/tests/xmlfiles/50-rule-real.xml +++ b/tests/xmlfiles/50-rule-real.xml @@ -1 +1 @@ -ipfilter
output121state011440x0000000a40x000000001neq40x000000005511407 +ipfilter
output121stateoriginal11440x0000000a40x000000001neq40x000000005511407 diff --git a/tests/xmlfiles/51-rule-real.xml b/tests/xmlfiles/51-rule-real.xml index 471cd2b..93d6632 100644 --- a/tests/xmlfiles/51-rule-real.xml +++ b/tests/xmlfiles/51-rule-real.xml @@ -1 +1 @@ -ipfilter
output131direction01eq10x000000005160 +ipfilter
output131directionoriginal1eq10x000000005160 diff --git a/tests/xmlfiles/52-rule-real.xml b/tests/xmlfiles/52-rule-real.xml index 61a1269..c6ca9ec 100644 --- a/tests/xmlfiles/52-rule-real.xml +++ b/tests/xmlfiles/52-rule-real.xml @@ -1 +1 @@ -ipfilter
output141direction01eq10x000000015011247 +ipfilter
output141directionoriginal1eq10x000000015011247 diff --git a/tests/xmlfiles/53-rule-real.xml b/tests/xmlfiles/53-rule-real.xml index d835639..8cb0783 100644 --- a/tests/xmlfiles/53-rule-real.xml +++ b/tests/xmlfiles/53-rule-real.xml @@ -1 +1 @@ -ipfilter
output151status01eq40x0000000100 +ipfilter
output151statusoriginal1eq40x0000000100 diff --git a/tests/xmlfiles/54-rule-real.xml b/tests/xmlfiles/54-rule-real.xml index ed27e56..0c0dc9a 100644 --- a/tests/xmlfiles/54-rule-real.xml +++ b/tests/xmlfiles/54-rule-real.xml @@ -1 +1 @@ -ipfilter
output161mark01eq40x0000006400 +ipfilter
output161markoriginal1eq40x0000006400 diff --git a/tests/xmlfiles/55-rule-real.xml b/tests/xmlfiles/55-rule-real.xml index 2d2bf7f..fca8c99 100644 --- a/tests/xmlfiles/55-rule-real.xml +++ b/tests/xmlfiles/55-rule-real.xml @@ -1 +1 @@ -ipfilter
output171secmark01eq40x000000005511407 +ipfilter
output171secmarkoriginal1eq40x000000005511407 diff --git a/tests/xmlfiles/56-rule-real.xml b/tests/xmlfiles/56-rule-real.xml index 4596689..1ea7f0c 100644 --- a/tests/xmlfiles/56-rule-real.xml +++ b/tests/xmlfiles/56-rule-real.xml @@ -1 +1 @@ -ipfilter
output181expiration01eq40x0000001e00 +ipfilter
output181expirationoriginal1eq40x0000001e00 diff --git a/tests/xmlfiles/57-rule-real.xml b/tests/xmlfiles/57-rule-real.xml index 6a2ad52..6036973 100644 --- a/tests/xmlfiles/57-rule-real.xml +++ b/tests/xmlfiles/57-rule-real.xml @@ -1 +1 @@ -ipfilter
output191helper01eq40x0070746600 +ipfilter
output191helperoriginal1eq40x0070746600 -- cgit v1.2.3 From 8460aa61e7136973ea01c40098f348b13d9af26f Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 20 Jan 2014 10:18:03 +0100 Subject: expr: ct: fix compilation warning when json/xml support is missing CC expr/ct.lo expr/ct.c:194:12: warning: 'str2ctdir' defined but not used [-Wunused-function] Signed-off-by: Pablo Neira Ayuso --- src/expr/ct.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/expr/ct.c b/src/expr/ct.c index a09976c..584f7a6 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -191,7 +191,7 @@ static const char *ctdir2str(uint8_t ctdir) } } -static int str2ctdir(const char *str, uint8_t *ctdir) +static inline int str2ctdir(const char *str, uint8_t *ctdir) { if (strcmp(str, "original") == 0) { *ctdir = IP_CT_DIR_ORIGINAL; -- cgit v1.2.3 From 59e949294f4688bafe44b7def2972987224520c8 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 20 Jan 2014 10:26:57 +0100 Subject: rename library to libnftnl We plan to use this library name for the higher layer library. Signed-off-by: Pablo Neira Ayuso --- .gitignore | 2 +- Makefile.am | 2 +- configure.ac | 6 +- doxygen.cfg.in | 2 +- examples/Makefile.am | 52 +++++------ examples/nft-chain-add.c | 2 +- examples/nft-chain-del.c | 2 +- examples/nft-chain-get.c | 2 +- examples/nft-chain-json-add.c | 4 +- examples/nft-chain-xml-add.c | 4 +- examples/nft-events.c | 6 +- examples/nft-rule-add.c | 4 +- examples/nft-rule-del.c | 2 +- examples/nft-rule-get.c | 2 +- examples/nft-rule-insert.c | 4 +- examples/nft-rule-json-add.c | 2 +- examples/nft-rule-xml-add.c | 2 +- examples/nft-set-add.c | 4 +- examples/nft-set-del.c | 2 +- examples/nft-set-elem-add.c | 2 +- examples/nft-set-elem-del.c | 2 +- examples/nft-set-elem-get.c | 2 +- examples/nft-set-get.c | 2 +- examples/nft-set-json-add.c | 2 +- examples/nft-table-add.c | 2 +- examples/nft-table-del.c | 2 +- examples/nft-table-get.c | 2 +- examples/nft-table-json-add.c | 2 +- examples/nft-table-upd.c | 2 +- examples/nft-table-xml-add.c | 4 +- include/Makefile.am | 2 +- include/libnftables/Makefile.am | 7 -- include/libnftables/chain.h | 85 ----------------- include/libnftables/common.h | 31 ------- include/libnftables/expr.h | 150 ------------------------------ include/libnftables/rule.h | 91 ------------------ include/libnftables/ruleset.h | 44 --------- include/libnftables/set.h | 119 ------------------------ include/libnftables/table.h | 73 --------------- include/libnftnl/Makefile.am | 7 ++ include/libnftnl/chain.h | 85 +++++++++++++++++ include/libnftnl/common.h | 31 +++++++ include/libnftnl/expr.h | 150 ++++++++++++++++++++++++++++++ include/libnftnl/rule.h | 91 ++++++++++++++++++ include/libnftnl/ruleset.h | 44 +++++++++ include/libnftnl/set.h | 119 ++++++++++++++++++++++++ include/libnftnl/table.h | 73 +++++++++++++++ libnftables.pc.in | 15 --- libnftnl.pc.in | 15 +++ src/Makefile.am | 74 +++++++-------- src/chain.c | 2 +- src/common.c | 2 +- src/expr.c | 2 +- src/expr/bitwise.c | 4 +- src/expr/byteorder.c | 4 +- src/expr/cmp.c | 4 +- src/expr/counter.c | 4 +- src/expr/ct.c | 4 +- src/expr/data_reg.c | 4 +- src/expr/exthdr.c | 4 +- src/expr/immediate.c | 4 +- src/expr/limit.c | 4 +- src/expr/log.c | 4 +- src/expr/lookup.c | 4 +- src/expr/match.c | 4 +- src/expr/meta.c | 4 +- src/expr/nat.c | 4 +- src/expr/payload.c | 4 +- src/expr/reject.c | 4 +- src/expr/target.c | 4 +- src/internal.h | 2 +- src/jansson.c | 4 +- src/libnftables.map | 198 ---------------------------------------- src/libnftnl.map | 198 ++++++++++++++++++++++++++++++++++++++++ src/mxml.c | 10 +- src/rule.c | 4 +- src/ruleset.c | 10 +- src/set.c | 2 +- src/set_elem.c | 4 +- src/table.c | 2 +- tests/Makefile.am | 42 ++++----- tests/nft-chain-test.c | 2 +- tests/nft-expr_bitwise-test.c | 4 +- tests/nft-expr_byteorder-test.c | 4 +- tests/nft-expr_cmp-test.c | 4 +- tests/nft-expr_counter-test.c | 4 +- tests/nft-expr_ct-test.c | 4 +- tests/nft-expr_exthdr-test.c | 4 +- tests/nft-expr_immediate-test.c | 4 +- tests/nft-expr_limit-test.c | 4 +- tests/nft-expr_log-test.c | 4 +- tests/nft-expr_lookup-test.c | 4 +- tests/nft-expr_match-test.c | 4 +- tests/nft-expr_meta-test.c | 4 +- tests/nft-expr_nat-test.c | 4 +- tests/nft-expr_payload-test.c | 4 +- tests/nft-expr_reject-test.c | 4 +- tests/nft-expr_target-test.c | 4 +- tests/nft-parsing-test.c | 10 +- tests/nft-rule-test.c | 2 +- tests/nft-set-test.c | 2 +- tests/nft-table-test.c | 2 +- 102 files changed, 1034 insertions(+), 1034 deletions(-) delete mode 100644 include/libnftables/Makefile.am delete mode 100644 include/libnftables/chain.h delete mode 100644 include/libnftables/common.h delete mode 100644 include/libnftables/expr.h delete mode 100644 include/libnftables/rule.h delete mode 100644 include/libnftables/ruleset.h delete mode 100644 include/libnftables/set.h delete mode 100644 include/libnftables/table.h create mode 100644 include/libnftnl/Makefile.am create mode 100644 include/libnftnl/chain.h create mode 100644 include/libnftnl/common.h create mode 100644 include/libnftnl/expr.h create mode 100644 include/libnftnl/rule.h create mode 100644 include/libnftnl/ruleset.h create mode 100644 include/libnftnl/set.h create mode 100644 include/libnftnl/table.h delete mode 100644 libnftables.pc.in create mode 100644 libnftnl.pc.in delete mode 100644 src/libnftables.map create mode 100644 src/libnftnl.map diff --git a/.gitignore b/.gitignore index d8a55bf..5fada45 100644 --- a/.gitignore +++ b/.gitignore @@ -15,7 +15,7 @@ configure autom4te.cache stamp-h1 aclocal.m4 -libnftables.pc +libnftnl.pc libtool build-aux doxygen.cfg diff --git a/Makefile.am b/Makefile.am index 83f176d..4163829 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,4 +6,4 @@ SUBDIRS = src include examples tests DIST_SUBDIRS = src include examples tests pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = libnftables.pc +pkgconfig_DATA = libnftnl.pc diff --git a/configure.ac b/configure.ac index 6219737..54c66fe 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ dnl Process this file with autoconf to create configure. -AC_INIT([libnftables], [1.0.0]) +AC_INIT([libnftnl], [1.0.0]) AC_CONFIG_AUX_DIR([build-aux]) AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) @@ -50,10 +50,10 @@ regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \ -Wformat=2 -pipe" AC_SUBST([regular_CPPFLAGS]) AC_SUBST([regular_CFLAGS]) -AC_CONFIG_FILES([Makefile src/Makefile include/Makefile include/libnftables/Makefile include/linux/Makefile include/linux/netfilter/Makefile examples/Makefile tests/Makefile libnftables.pc doxygen.cfg]) +AC_CONFIG_FILES([Makefile src/Makefile include/Makefile include/libnftnl/Makefile include/linux/Makefile include/linux/netfilter/Makefile examples/Makefile tests/Makefile libnftnl.pc doxygen.cfg]) AC_OUTPUT echo " -libnftables configuration: +libnftnl configuration: XML support: ${with_xml_parsing} JSON support: ${with_json_parsing}" diff --git a/doxygen.cfg.in b/doxygen.cfg.in index 9582600..85e8d36 100644 --- a/doxygen.cfg.in +++ b/doxygen.cfg.in @@ -67,7 +67,7 @@ WARN_FORMAT = "$file:$line: $text" WARN_LOGFILE = INPUT = . INPUT_ENCODING = UTF-8 -FILE_PATTERNS = *.c libnftables.h +FILE_PATTERNS = *.c libnftnl.h RECURSIVE = YES EXCLUDE = EXCLUDE_SYMLINKS = NO diff --git a/examples/Makefile.am b/examples/Makefile.am index 9965387..13b7e79 100644 --- a/examples/Makefile.am +++ b/examples/Makefile.am @@ -28,79 +28,79 @@ check_PROGRAMS = nft-table-add \ nft-compat-get nft_table_add_SOURCES = nft-table-add.c -nft_table_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_table_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_table_xml_add_SOURCES = nft-table-xml-add.c -nft_table_xml_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_table_xml_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_table_json_add_SOURCES = nft-table-json-add.c -nft_table_json_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_table_json_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_table_upd_SOURCES = nft-table-upd.c -nft_table_upd_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_table_upd_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_table_del_SOURCES = nft-table-del.c -nft_table_del_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_table_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_table_get_SOURCES = nft-table-get.c -nft_table_get_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_table_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_chain_add_SOURCES = nft-chain-add.c -nft_chain_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_chain_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_chain_xml_add_SOURCES = nft-chain-xml-add.c -nft_chain_xml_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_chain_xml_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_chain_json_add_SOURCES = nft-chain-json-add.c -nft_chain_json_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} ${LIBXML_LIBS} ${LIBJSON_LIBS} +nft_chain_json_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} ${LIBXML_LIBS} ${LIBJSON_LIBS} nft_chain_del_SOURCES = nft-chain-del.c -nft_chain_del_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_chain_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_chain_get_SOURCES = nft-chain-get.c -nft_chain_get_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_chain_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_rule_add_SOURCES = nft-rule-add.c -nft_rule_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_rule_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_rule_insert_SOURCES = nft-rule-insert.c -nft_rule_insert_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} ${LIBXML_LIBS} +nft_rule_insert_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} ${LIBXML_LIBS} nft_rule_xml_add_SOURCES = nft-rule-xml-add.c -nft_rule_xml_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_rule_xml_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_rule_json_add_SOURCES = nft-rule-json-add.c -nft_rule_json_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_rule_json_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_rule_del_SOURCES = nft-rule-del.c -nft_rule_del_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_rule_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_rule_get_SOURCES = nft-rule-get.c -nft_rule_get_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_rule_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_events_SOURCES = nft-events.c -nft_events_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_events_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_set_add_SOURCES = nft-set-add.c -nft_set_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_set_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_set_json_add_SOURCES = nft-set-json-add.c -nft_set_json_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_set_json_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_set_del_SOURCES = nft-set-del.c -nft_set_del_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_set_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_set_get_SOURCES = nft-set-get.c -nft_set_get_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_set_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_set_elem_add_SOURCES = nft-set-elem-add.c -nft_set_elem_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_set_elem_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_set_elem_del_SOURCES = nft-set-elem-del.c -nft_set_elem_del_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_set_elem_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_set_elem_get_SOURCES = nft-set-elem-get.c -nft_set_elem_get_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_set_elem_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_compat_get_SOURCES = nft-compat-get.c -nft_compat_get_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_compat_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} diff --git a/examples/nft-chain-add.c b/examples/nft-chain-add.c index 22f9f3b..3edff86 100644 --- a/examples/nft-chain-add.c +++ b/examples/nft-chain-add.c @@ -18,7 +18,7 @@ #include #include -#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-chain-del.c b/examples/nft-chain-del.c index 95a1a7f..c87ab92 100644 --- a/examples/nft-chain-del.c +++ b/examples/nft-chain-del.c @@ -18,7 +18,7 @@ #include #include -#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-chain-get.c b/examples/nft-chain-get.c index 7e162f6..76fa5d9 100644 --- a/examples/nft-chain-get.c +++ b/examples/nft-chain-get.c @@ -18,7 +18,7 @@ #include #include -#include +#include static int table_cb(const struct nlmsghdr *nlh, void *data) { diff --git a/examples/nft-chain-json-add.c b/examples/nft-chain-json-add.c index 1802fb0..4fd0551 100644 --- a/examples/nft-chain-json-add.c +++ b/examples/nft-chain-json-add.c @@ -25,8 +25,8 @@ #include #include -#include -#include +#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-chain-xml-add.c b/examples/nft-chain-xml-add.c index 79b1541..5d26af6 100644 --- a/examples/nft-chain-xml-add.c +++ b/examples/nft-chain-xml-add.c @@ -23,8 +23,8 @@ #include #include -#include -#include +#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-events.c b/examples/nft-events.c index 29cb659..150346a 100644 --- a/examples/nft-events.c +++ b/examples/nft-events.c @@ -18,9 +18,9 @@ #include #include -#include -#include -#include +#include +#include +#include static int table_cb(const struct nlmsghdr *nlh, int type) { diff --git a/examples/nft-rule-add.c b/examples/nft-rule-add.c index 0534fa5..dbe93f5 100644 --- a/examples/nft-rule-add.c +++ b/examples/nft-rule-add.c @@ -26,8 +26,8 @@ #include #include -#include -#include +#include +#include static void add_payload(struct nft_rule *r, uint32_t base, uint32_t dreg, uint32_t offset, uint32_t len) diff --git a/examples/nft-rule-del.c b/examples/nft-rule-del.c index c2b1a70..6f665b0 100644 --- a/examples/nft-rule-del.c +++ b/examples/nft-rule-del.c @@ -19,7 +19,7 @@ #include #include -#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-rule-get.c b/examples/nft-rule-get.c index f17630b..5803143 100644 --- a/examples/nft-rule-get.c +++ b/examples/nft-rule-get.c @@ -18,7 +18,7 @@ #include #include -#include +#include static int table_cb(const struct nlmsghdr *nlh, void *data) { diff --git a/examples/nft-rule-insert.c b/examples/nft-rule-insert.c index 1418127..1b377de 100644 --- a/examples/nft-rule-insert.c +++ b/examples/nft-rule-insert.c @@ -20,8 +20,8 @@ #include #include -#include -#include +#include +#include #include #include diff --git a/examples/nft-rule-json-add.c b/examples/nft-rule-json-add.c index de1fb54..b33025b 100644 --- a/examples/nft-rule-json-add.c +++ b/examples/nft-rule-json-add.c @@ -25,7 +25,7 @@ #include #include -#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-rule-xml-add.c b/examples/nft-rule-xml-add.c index 8a7685d..dd16922 100644 --- a/examples/nft-rule-xml-add.c +++ b/examples/nft-rule-xml-add.c @@ -25,7 +25,7 @@ #include #include -#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-set-add.c b/examples/nft-set-add.c index 0d17c38..4e54c39 100644 --- a/examples/nft-set-add.c +++ b/examples/nft-set-add.c @@ -18,8 +18,8 @@ #include #include -#include -#include +#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-set-del.c b/examples/nft-set-del.c index 7828ae0..5abd3b1 100644 --- a/examples/nft-set-del.c +++ b/examples/nft-set-del.c @@ -18,7 +18,7 @@ #include #include -#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-set-elem-add.c b/examples/nft-set-elem-add.c index e2e278d..ffc025c 100644 --- a/examples/nft-set-elem-add.c +++ b/examples/nft-set-elem-add.c @@ -18,7 +18,7 @@ #include #include -#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-set-elem-del.c b/examples/nft-set-elem-del.c index 36f1016..af70cde 100644 --- a/examples/nft-set-elem-del.c +++ b/examples/nft-set-elem-del.c @@ -18,7 +18,7 @@ #include #include -#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-set-elem-get.c b/examples/nft-set-elem-get.c index 0b46f36..6908c2a 100644 --- a/examples/nft-set-elem-get.c +++ b/examples/nft-set-elem-get.c @@ -18,7 +18,7 @@ #include #include -#include +#include static int set_cb(const struct nlmsghdr *nlh, void *data) { diff --git a/examples/nft-set-get.c b/examples/nft-set-get.c index 6762032..7a94506 100644 --- a/examples/nft-set-get.c +++ b/examples/nft-set-get.c @@ -18,7 +18,7 @@ #include #include -#include +#include static int set_cb(const struct nlmsghdr *nlh, void *data) { diff --git a/examples/nft-set-json-add.c b/examples/nft-set-json-add.c index 9553ebf..a4535da 100644 --- a/examples/nft-set-json-add.c +++ b/examples/nft-set-json-add.c @@ -25,7 +25,7 @@ #include #include -#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-table-add.c b/examples/nft-table-add.c index e4d7db9..3b7572f 100644 --- a/examples/nft-table-add.c +++ b/examples/nft-table-add.c @@ -18,7 +18,7 @@ #include #include -#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-table-del.c b/examples/nft-table-del.c index 11762fe..ed1140d 100644 --- a/examples/nft-table-del.c +++ b/examples/nft-table-del.c @@ -18,7 +18,7 @@ #include #include -#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-table-get.c b/examples/nft-table-get.c index c5bc89d..6ac56d6 100644 --- a/examples/nft-table-get.c +++ b/examples/nft-table-get.c @@ -18,7 +18,7 @@ #include #include -#include +#include static int table_cb(const struct nlmsghdr *nlh, void *data) { diff --git a/examples/nft-table-json-add.c b/examples/nft-table-json-add.c index f3a57c0..a9bd217 100644 --- a/examples/nft-table-json-add.c +++ b/examples/nft-table-json-add.c @@ -26,7 +26,7 @@ #include #include -#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-table-upd.c b/examples/nft-table-upd.c index 1cf41a4..9f0e809 100644 --- a/examples/nft-table-upd.c +++ b/examples/nft-table-upd.c @@ -18,7 +18,7 @@ #include #include -#include +#include int main(int argc, char *argv[]) { diff --git a/examples/nft-table-xml-add.c b/examples/nft-table-xml-add.c index edef1d4..f36f0ab 100644 --- a/examples/nft-table-xml-add.c +++ b/examples/nft-table-xml-add.c @@ -22,8 +22,8 @@ #include #include -#include -#include +#include +#include int main(int argc, char *argv[]) { diff --git a/include/Makefile.am b/include/Makefile.am index 10332b7..5976bbd 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -1,3 +1,3 @@ -SUBDIRS = libnftables linux +SUBDIRS = libnftnl linux noinst_HEADERS = linux_list.h diff --git a/include/libnftables/Makefile.am b/include/libnftables/Makefile.am deleted file mode 100644 index a0841d2..0000000 --- a/include/libnftables/Makefile.am +++ /dev/null @@ -1,7 +0,0 @@ -pkginclude_HEADERS = table.h \ - chain.h \ - rule.h \ - expr.h \ - set.h \ - ruleset.h \ - common.h diff --git a/include/libnftables/chain.h b/include/libnftables/chain.h deleted file mode 100644 index d213bf1..0000000 --- a/include/libnftables/chain.h +++ /dev/null @@ -1,85 +0,0 @@ -#ifndef _LIBNFTABLES_CHAIN_H_ -#define _LIBNFTABLES_CHAIN_H_ - -#include -#include -#include -#include - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -struct nft_chain; - -struct nft_chain *nft_chain_alloc(void); -void nft_chain_free(struct nft_chain *); - -enum { - NFT_CHAIN_ATTR_NAME = 0, - NFT_CHAIN_ATTR_FAMILY, - NFT_CHAIN_ATTR_TABLE, - NFT_CHAIN_ATTR_HOOKNUM, - NFT_CHAIN_ATTR_PRIO = 4, - NFT_CHAIN_ATTR_POLICY, - NFT_CHAIN_ATTR_USE, - NFT_CHAIN_ATTR_BYTES, - NFT_CHAIN_ATTR_PACKETS = 8, - NFT_CHAIN_ATTR_HANDLE, - NFT_CHAIN_ATTR_TYPE, -}; - -bool nft_chain_attr_is_set(const struct nft_chain *c, uint16_t attr); -void nft_chain_attr_unset(struct nft_chain *c, uint16_t attr); -void nft_chain_attr_set(struct nft_chain *t, uint16_t attr, const void *data); -void nft_chain_attr_set_u8(struct nft_chain *t, uint16_t attr, uint8_t data); -void nft_chain_attr_set_u32(struct nft_chain *t, uint16_t attr, uint32_t data); -void nft_chain_attr_set_s32(struct nft_chain *t, uint16_t attr, int32_t data); -void nft_chain_attr_set_u64(struct nft_chain *t, uint16_t attr, uint64_t data); -void nft_chain_attr_set_str(struct nft_chain *t, uint16_t attr, const char *str); - -const void *nft_chain_attr_get(struct nft_chain *c, uint16_t attr); -const char *nft_chain_attr_get_str(struct nft_chain *c, uint16_t attr); -uint8_t nft_chain_attr_get_u8(struct nft_chain *c, uint16_t attr); -uint32_t nft_chain_attr_get_u32(struct nft_chain *c, uint16_t attr); -int32_t nft_chain_attr_get_s32(struct nft_chain *c, uint16_t attr); -uint64_t nft_chain_attr_get_u64(struct nft_chain *c, uint16_t attr); - -struct nlmsghdr; - -void nft_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_chain *t); - -int nft_chain_parse(struct nft_chain *c, enum nft_parse_type type, - const char *data, struct nft_parse_err *err); -int nft_chain_parse_file(struct nft_chain *c, enum nft_parse_type type, - FILE *fp, struct nft_parse_err *err); -int nft_chain_snprintf(char *buf, size_t size, struct nft_chain *t, uint32_t type, uint32_t flags); -int nft_chain_fprintf(FILE *fp, struct nft_chain *c, uint32_t type, uint32_t flags); - -#define nft_chain_nlmsg_build_hdr nft_nlmsg_build_hdr -int nft_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_chain *t); - -struct nft_chain_list; - -struct nft_chain_list *nft_chain_list_alloc(void); -void nft_chain_list_free(struct nft_chain_list *list); -int nft_chain_list_is_empty(struct nft_chain_list *list); -int nft_chain_list_foreach(struct nft_chain_list *chain_list, int (*cb)(struct nft_chain *t, void *data), void *data); - -void nft_chain_list_add(struct nft_chain *r, struct nft_chain_list *list); -void nft_chain_list_add_tail(struct nft_chain *r, struct nft_chain_list *list); -void nft_chain_list_del(struct nft_chain *c); - -struct nft_chain_list_iter; - -struct nft_chain_list_iter *nft_chain_list_iter_create(struct nft_chain_list *l); -struct nft_chain *nft_chain_list_iter_next(struct nft_chain_list_iter *iter); -void nft_chain_list_iter_destroy(struct nft_chain_list_iter *iter); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* _LIBNFTABLES_CHAIN_H_ */ diff --git a/include/libnftables/common.h b/include/libnftables/common.h deleted file mode 100644 index 1ef88ba..0000000 --- a/include/libnftables/common.h +++ /dev/null @@ -1,31 +0,0 @@ -#ifndef _LIBNFTABLES_COMMON_H_ -#define _LIBNFTABLES_COMMON_H_ - -enum { - NFT_PARSE_EBADINPUT = 0, - NFT_PARSE_EMISSINGNODE, - NFT_PARSE_EBADTYPE, -}; - -enum nft_output_type { - NFT_OUTPUT_DEFAULT = 0, - NFT_OUTPUT_XML, - NFT_OUTPUT_JSON, -}; - -enum nft_parse_type { - NFT_PARSE_NONE = 0, - NFT_PARSE_XML, - NFT_PARSE_JSON, - NFT_PARSE_MAX, -}; - -struct nft_parse_err; - -struct nlmsghdr *nft_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family, - uint16_t type, uint32_t seq); - -struct nft_parse_err *nft_parse_err_alloc(void); -void nft_parse_err_free(struct nft_parse_err *); -int nft_parse_perror(const char *str, struct nft_parse_err *err); -#endif diff --git a/include/libnftables/expr.h b/include/libnftables/expr.h deleted file mode 100644 index 54de186..0000000 --- a/include/libnftables/expr.h +++ /dev/null @@ -1,150 +0,0 @@ -#ifndef _LIBNFTABLES_RULE_EXPR_H_ -#define _LIBNFTABLES_RULE_EXPR_H_ - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -struct nft_rule_expr; - -enum { - NFT_RULE_EXPR_ATTR_NAME = 0, - NFT_RULE_EXPR_ATTR_BASE, -}; - -struct nft_rule_expr *nft_rule_expr_alloc(const char *name); -void nft_rule_expr_free(struct nft_rule_expr *expr); - -bool nft_rule_expr_is_set(const struct nft_rule_expr *expr, uint16_t type); -void nft_rule_expr_set(struct nft_rule_expr *expr, uint16_t type, const void *data, uint32_t data_len); -void nft_rule_expr_set_u8(struct nft_rule_expr *expr, uint16_t type, uint8_t data); -void nft_rule_expr_set_u16(struct nft_rule_expr *expr, uint16_t type, uint16_t data); -void nft_rule_expr_set_u32(struct nft_rule_expr *expr, uint16_t type, uint32_t data); -void nft_rule_expr_set_u64(struct nft_rule_expr *expr, uint16_t type, uint64_t data); -void nft_rule_expr_set_str(struct nft_rule_expr *expr, uint16_t type, const char *str); - -const void *nft_rule_expr_get(const struct nft_rule_expr *expr, uint16_t type, uint32_t *data_len); -uint8_t nft_rule_expr_get_u8(const struct nft_rule_expr *expr, uint16_t type); -uint16_t nft_rule_expr_get_u16(const struct nft_rule_expr *expr, uint16_t type); -uint32_t nft_rule_expr_get_u32(const struct nft_rule_expr *expr, uint16_t type); -uint64_t nft_rule_expr_get_u64(const struct nft_rule_expr *expr, uint16_t type); -const char *nft_rule_expr_get_str(const struct nft_rule_expr *expr, uint16_t type); - -struct nlmsghdr; - -void nft_rule_expr_build_payload(struct nlmsghdr *nlh, struct nft_rule_expr *expr); - -int nft_rule_expr_snprintf(char *buf, size_t buflen, struct nft_rule_expr *expr, uint32_t type, uint32_t flags); - -enum { - NFT_EXPR_PAYLOAD_DREG = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_PAYLOAD_BASE, - NFT_EXPR_PAYLOAD_OFFSET, - NFT_EXPR_PAYLOAD_LEN, -}; - -enum { - NFT_EXPR_META_KEY = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_META_DREG, -}; - -enum { - NFT_EXPR_CMP_SREG = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_CMP_OP, - NFT_EXPR_CMP_DATA, -}; - -enum { - NFT_EXPR_IMM_DREG = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_IMM_DATA, - NFT_EXPR_IMM_VERDICT, - NFT_EXPR_IMM_CHAIN, -}; - -enum { - NFT_EXPR_CTR_PACKETS = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_CTR_BYTES, -}; - -enum { - NFT_EXPR_BITWISE_SREG = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_BITWISE_DREG, - NFT_EXPR_BITWISE_LEN, - NFT_EXPR_BITWISE_MASK, - NFT_EXPR_BITWISE_XOR, -}; - -enum { - NFT_EXPR_TG_NAME = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_TG_REV, - NFT_EXPR_TG_INFO, -}; - -enum { - NFT_EXPR_MT_NAME = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_MT_REV, - NFT_EXPR_MT_INFO, -}; - -enum { - NFT_EXPR_NAT_TYPE = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_NAT_FAMILY, - NFT_EXPR_NAT_REG_ADDR_MIN, - NFT_EXPR_NAT_REG_ADDR_MAX, - NFT_EXPR_NAT_REG_PROTO_MIN, - NFT_EXPR_NAT_REG_PROTO_MAX, -}; - -enum { - NFT_EXPR_LOOKUP_SREG = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_LOOKUP_DREG, - NFT_EXPR_LOOKUP_SET, -}; - -enum { - NFT_EXPR_LOG_PREFIX = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_LOG_GROUP, - NFT_EXPR_LOG_SNAPLEN, - NFT_EXPR_LOG_QTHRESHOLD, -}; - -enum { - NFT_EXPR_EXTHDR_DREG = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_EXTHDR_TYPE, - NFT_EXPR_EXTHDR_OFFSET, - NFT_EXPR_EXTHDR_LEN, -}; - -enum { - NFT_EXPR_CT_DREG = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_CT_KEY, - NFT_EXPR_CT_DIR, -}; - -enum { - NFT_EXPR_BYTEORDER_DREG = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_BYTEORDER_SREG, - NFT_EXPR_BYTEORDER_OP, - NFT_EXPR_BYTEORDER_LEN, - NFT_EXPR_BYTEORDER_SIZE, -}; - -enum { - NFT_EXPR_LIMIT_RATE = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_LIMIT_UNIT, -}; - -enum { - NFT_EXPR_REJECT_TYPE = NFT_RULE_EXPR_ATTR_BASE, - NFT_EXPR_REJECT_CODE, -}; - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* _LIBNFTABLES_RULE_EXPR_H_ */ diff --git a/include/libnftables/rule.h b/include/libnftables/rule.h deleted file mode 100644 index 48b9974..0000000 --- a/include/libnftables/rule.h +++ /dev/null @@ -1,91 +0,0 @@ -#ifndef _LIBNFTABLES_RULE_H_ -#define _LIBNFTABLES_RULE_H_ - -#include -#include -#include -#include - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -struct nft_rule; -struct nft_rule_expr; - -struct nft_rule *nft_rule_alloc(void); -void nft_rule_free(struct nft_rule *); - -enum { - NFT_RULE_ATTR_FAMILY = 0, - NFT_RULE_ATTR_TABLE, - NFT_RULE_ATTR_CHAIN, - NFT_RULE_ATTR_HANDLE, - NFT_RULE_ATTR_COMPAT_PROTO, - NFT_RULE_ATTR_COMPAT_FLAGS, - NFT_RULE_ATTR_POSITION, -}; - -void nft_rule_attr_unset(struct nft_rule *r, uint16_t attr); -bool nft_rule_attr_is_set(const struct nft_rule *r, uint16_t attr); -void nft_rule_attr_set(struct nft_rule *r, uint16_t attr, const void *data); -void nft_rule_attr_set_u32(struct nft_rule *r, uint16_t attr, uint32_t val); -void nft_rule_attr_set_u64(struct nft_rule *r, uint16_t attr, uint64_t val); -void nft_rule_attr_set_str(struct nft_rule *r, uint16_t attr, const char *str); - -const void *nft_rule_attr_get(const struct nft_rule *r, uint16_t attr); -const char *nft_rule_attr_get_str(const struct nft_rule *r, uint16_t attr); -uint8_t nft_rule_attr_get_u8(const struct nft_rule *r, uint16_t attr); -uint32_t nft_rule_attr_get_u32(const struct nft_rule *r, uint16_t attr); -uint64_t nft_rule_attr_get_u64(const struct nft_rule *r, uint16_t attr); - -void nft_rule_add_expr(struct nft_rule *r, struct nft_rule_expr *expr); - -struct nlmsghdr; - -void nft_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_rule *t); - -int nft_rule_parse(struct nft_rule *r, enum nft_parse_type type, - const char *data, struct nft_parse_err *err); -int nft_rule_parse_file(struct nft_rule *r, enum nft_parse_type type, - FILE *fp, struct nft_parse_err *err); -int nft_rule_snprintf(char *buf, size_t size, struct nft_rule *t, uint32_t type, uint32_t flags); -int nft_rule_fprintf(FILE *fp, struct nft_rule *r, uint32_t type, uint32_t flags); - -#define nft_rule_nlmsg_build_hdr nft_nlmsg_build_hdr -int nft_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_rule *t); - -int nft_rule_expr_foreach(struct nft_rule *r, - int (*cb)(struct nft_rule_expr *e, void *data), - void *data); - -struct nft_rule_expr_iter; - -struct nft_rule_expr_iter *nft_rule_expr_iter_create(struct nft_rule *r); -struct nft_rule_expr *nft_rule_expr_iter_next(struct nft_rule_expr_iter *iter); -void nft_rule_expr_iter_destroy(struct nft_rule_expr_iter *iter); - -struct nft_rule_list; - -struct nft_rule_list *nft_rule_list_alloc(void); -void nft_rule_list_free(struct nft_rule_list *list); -int nft_rule_list_is_empty(struct nft_rule_list *list); -void nft_rule_list_add(struct nft_rule *r, struct nft_rule_list *list); -void nft_rule_list_add_tail(struct nft_rule *r, struct nft_rule_list *list); -void nft_rule_list_del(struct nft_rule *r); -int nft_rule_list_foreach(struct nft_rule_list *rule_list, int (*cb)(struct nft_rule *t, void *data), void *data); - -struct nft_rule_list_iter; - -struct nft_rule_list_iter *nft_rule_list_iter_create(struct nft_rule_list *l); -struct nft_rule *nft_rule_list_iter_cur(struct nft_rule_list_iter *iter); -struct nft_rule *nft_rule_list_iter_next(struct nft_rule_list_iter *iter); -void nft_rule_list_iter_destroy(struct nft_rule_list_iter *iter); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* _LIBNFTABLES_RULE_H_ */ diff --git a/include/libnftables/ruleset.h b/include/libnftables/ruleset.h deleted file mode 100644 index f916fba..0000000 --- a/include/libnftables/ruleset.h +++ /dev/null @@ -1,44 +0,0 @@ -#ifndef _LIBNFTABLES_RULESET_H_ -#define _LIBNFTABLES_RULESET_H_ - -#include - -#include -#include -#include - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -struct nft_ruleset; - -struct nft_ruleset *nft_ruleset_alloc(void); -void nft_ruleset_free(struct nft_ruleset *r); - -enum { - NFT_RULESET_ATTR_TABLELIST = 0, - NFT_RULESET_ATTR_CHAINLIST, - NFT_RULESET_ATTR_SETLIST, - NFT_RULESET_ATTR_RULELIST, -}; - -bool nft_ruleset_attr_is_set(const struct nft_ruleset *r, uint16_t attr); -void nft_ruleset_attr_unset(struct nft_ruleset *r, uint16_t attr); -void nft_ruleset_attr_set(struct nft_ruleset *r, uint16_t attr, void *data); -const void *nft_ruleset_attr_get(const struct nft_ruleset *r, uint16_t attr); - -int nft_ruleset_parse(struct nft_ruleset *rs, enum nft_parse_type type, - const char *data, struct nft_parse_err *err); -int nft_ruleset_parse_file(struct nft_ruleset *rs, enum nft_parse_type type, - FILE *fp, struct nft_parse_err *err); -int nft_ruleset_snprintf(char *buf, size_t size, const struct nft_ruleset *rs, uint32_t type, uint32_t flags); -int nft_ruleset_fprintf(FILE *fp, const struct nft_ruleset *rs, uint32_t type, uint32_t flags); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* _LIBNFTABLES_RULESET_H_ */ diff --git a/include/libnftables/set.h b/include/libnftables/set.h deleted file mode 100644 index c4b1ff6..0000000 --- a/include/libnftables/set.h +++ /dev/null @@ -1,119 +0,0 @@ -#ifndef _LIBNFTABLES_SET_H_ -#define _LIBNFTABLES_SET_H_ - -#include -#include -#include -#include - -#include - -enum { - NFT_SET_ATTR_TABLE, - NFT_SET_ATTR_NAME, - NFT_SET_ATTR_FLAGS, - NFT_SET_ATTR_KEY_TYPE, - NFT_SET_ATTR_KEY_LEN, - NFT_SET_ATTR_DATA_TYPE, - NFT_SET_ATTR_DATA_LEN, - NFT_SET_ATTR_FAMILY, -}; - -struct nft_set; - -struct nft_set *nft_set_alloc(void); -void nft_set_free(struct nft_set *s); - -bool nft_set_attr_is_set(const struct nft_set *s, uint16_t attr); -void nft_set_attr_unset(struct nft_set *s, uint16_t attr); -void nft_set_attr_set(struct nft_set *s, uint16_t attr, const void *data); -void nft_set_attr_set_u32(struct nft_set *s, uint16_t attr, uint32_t val); -void nft_set_attr_set_str(struct nft_set *s, uint16_t attr, const char *str); - -const void *nft_set_attr_get(struct nft_set *s, uint16_t attr); -const char *nft_set_attr_get_str(struct nft_set *s, uint16_t attr); -uint32_t nft_set_attr_get_u32(struct nft_set *s, uint16_t attr); - -struct nlmsghdr; - -#define nft_set_nlmsg_build_hdr nft_nlmsg_build_hdr -void nft_set_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_set *s); -int nft_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set *s); -int nft_set_elems_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set *s); - -int nft_set_snprintf(char *buf, size_t size, struct nft_set *s, uint32_t type, uint32_t flags); -int nft_set_fprintf(FILE *fp, struct nft_set *s, uint32_t type, uint32_t flags); - -struct nft_set_list; - -struct nft_set_list *nft_set_list_alloc(void); -void nft_set_list_free(struct nft_set_list *list); -int nft_set_list_is_empty(struct nft_set_list *list); -void nft_set_list_add(struct nft_set *s, struct nft_set_list *list); -void nft_set_list_add_tail(struct nft_set *s, struct nft_set_list *list); -void nft_set_list_del(struct nft_set *s); -int nft_set_list_foreach(struct nft_set_list *set_list, int (*cb)(struct nft_set *t, void *data), void *data); - -struct nft_set_list_iter; -struct nft_set_list_iter *nft_set_list_iter_create(struct nft_set_list *l); -struct nft_set *nft_set_list_iter_cur(struct nft_set_list_iter *iter); -struct nft_set *nft_set_list_iter_next(struct nft_set_list_iter *iter); -void nft_set_list_iter_destroy(struct nft_set_list_iter *iter); - -int nft_set_parse(struct nft_set *s, enum nft_parse_type type, - const char *data, struct nft_parse_err *err); -int nft_set_parse_file(struct nft_set *s, enum nft_parse_type type, - FILE *fp, struct nft_parse_err *err); - -/* - * Set elements - */ - -enum { - NFT_SET_ELEM_ATTR_FLAGS, - NFT_SET_ELEM_ATTR_KEY, - NFT_SET_ELEM_ATTR_VERDICT, - NFT_SET_ELEM_ATTR_CHAIN, - NFT_SET_ELEM_ATTR_DATA, -}; - -struct nft_set_elem; - -struct nft_set_elem *nft_set_elem_alloc(void); -void nft_set_elem_free(struct nft_set_elem *s); - -void nft_set_elem_add(struct nft_set *s, struct nft_set_elem *elem); - -void nft_set_elem_attr_unset(struct nft_set_elem *s, uint16_t attr); -void nft_set_elem_attr_set(struct nft_set_elem *s, uint16_t attr, const void *data, uint32_t data_len); -void nft_set_elem_attr_set_u32(struct nft_set_elem *s, uint16_t attr, uint32_t val); -void nft_set_elem_attr_set_str(struct nft_set_elem *s, uint16_t attr, const char *str); - -const void *nft_set_elem_attr_get(struct nft_set_elem *s, uint16_t attr, uint32_t *data_len); -const char *nft_set_elem_attr_get_str(struct nft_set_elem *s, uint16_t attr); -uint32_t nft_set_elem_attr_get_u32(struct nft_set_elem *s, uint16_t attr); - -bool nft_set_elem_attr_is_set(const struct nft_set_elem *s, uint16_t attr); - -#define nft_set_elem_nlmsg_build_hdr nft_nlmsg_build_hdr -void nft_set_elems_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_set *s); -void nft_set_elem_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_set_elem *e); - -int nft_set_elem_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set_elem *s); - -int nft_set_elem_parse(struct nft_set_elem *e, enum nft_parse_type type, - const char *data, struct nft_parse_err *err); -int nft_set_elem_parse_file(struct nft_set_elem *e, enum nft_parse_type type, - FILE *fp, struct nft_parse_err *err); -int nft_set_elem_snprintf(char *buf, size_t size, struct nft_set_elem *s, uint32_t type, uint32_t flags); -int nft_set_elem_fprintf(FILE *fp, struct nft_set_elem *se, uint32_t type, uint32_t flags); - -int nft_set_elem_foreach(struct nft_set *s, int (*cb)(struct nft_set_elem *e, void *data), void *data); - -struct nft_set_elems_iter; -struct nft_set_elems_iter *nft_set_elems_iter_create(struct nft_set *s); -struct nft_set_elem *nft_set_elems_iter_cur(struct nft_set_elems_iter *iter); -struct nft_set_elem *nft_set_elems_iter_next(struct nft_set_elems_iter *iter); -void nft_set_elems_iter_destroy(struct nft_set_elems_iter *iter); - -#endif /* _LIBNFTABLES_SET_H_ */ diff --git a/include/libnftables/table.h b/include/libnftables/table.h deleted file mode 100644 index 64fbf88..0000000 --- a/include/libnftables/table.h +++ /dev/null @@ -1,73 +0,0 @@ -#ifndef _LIBNFTABLES_TABLE_H_ -#define _LIBNFTABLES_TABLE_H_ - -#include -#include -#include -#include - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -struct nft_table; - -struct nft_table *nft_table_alloc(void); -void nft_table_free(struct nft_table *); - -enum { - NFT_TABLE_ATTR_NAME = 0, - NFT_TABLE_ATTR_FAMILY, - NFT_TABLE_ATTR_FLAGS, -}; - -bool nft_table_attr_is_set(const struct nft_table *t, uint16_t attr); -void nft_table_attr_unset(struct nft_table *t, uint16_t attr); -void nft_table_attr_set(struct nft_table *t, uint16_t attr, const void *data); -const void *nft_table_attr_get(struct nft_table *t, uint16_t attr); - -void nft_table_attr_set_u8(struct nft_table *t, uint16_t attr, uint8_t data); -void nft_table_attr_set_u32(struct nft_table *t, uint16_t attr, uint32_t data); -void nft_table_attr_set_str(struct nft_table *t, uint16_t attr, const char *str); -uint8_t nft_table_attr_get_u8(struct nft_table *t, uint16_t attr); -uint32_t nft_table_attr_get_u32(struct nft_table *t, uint16_t attr); -const char *nft_table_attr_get_str(struct nft_table *t, uint16_t attr); - -struct nlmsghdr; - -void nft_table_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_table *t); - -int nft_table_parse(struct nft_table *t, enum nft_parse_type type, - const char *data, struct nft_parse_err *err); -int nft_table_parse_file(struct nft_table *t, enum nft_parse_type type, - FILE *fp, struct nft_parse_err *err); -int nft_table_snprintf(char *buf, size_t size, struct nft_table *t, uint32_t type, uint32_t flags); -int nft_table_fprintf(FILE *fp, struct nft_table *t, uint32_t type, uint32_t flags); - -#define nft_table_nlmsg_build_hdr nft_nlmsg_build_hdr -int nft_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_table *t); - -struct nft_table_list; - -struct nft_table_list *nft_table_list_alloc(void); -void nft_table_list_free(struct nft_table_list *list); -int nft_table_list_is_empty(struct nft_table_list *list); -int nft_table_list_foreach(struct nft_table_list *table_list, int (*cb)(struct nft_table *t, void *data), void *data); - -void nft_table_list_add(struct nft_table *r, struct nft_table_list *list); -void nft_table_list_add_tail(struct nft_table *r, struct nft_table_list *list); -void nft_table_list_del(struct nft_table *r); - -struct nft_table_list_iter; - -struct nft_table_list_iter *nft_table_list_iter_create(struct nft_table_list *l); -struct nft_table *nft_table_list_iter_next(struct nft_table_list_iter *iter); -void nft_table_list_iter_destroy(struct nft_table_list_iter *iter); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* _LIBNFTABLES_TABLE_H_ */ diff --git a/include/libnftnl/Makefile.am b/include/libnftnl/Makefile.am new file mode 100644 index 0000000..a0841d2 --- /dev/null +++ b/include/libnftnl/Makefile.am @@ -0,0 +1,7 @@ +pkginclude_HEADERS = table.h \ + chain.h \ + rule.h \ + expr.h \ + set.h \ + ruleset.h \ + common.h diff --git a/include/libnftnl/chain.h b/include/libnftnl/chain.h new file mode 100644 index 0000000..66626d8 --- /dev/null +++ b/include/libnftnl/chain.h @@ -0,0 +1,85 @@ +#ifndef _LIBNFTNL_CHAIN_H_ +#define _LIBNFTNL_CHAIN_H_ + +#include +#include +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +struct nft_chain; + +struct nft_chain *nft_chain_alloc(void); +void nft_chain_free(struct nft_chain *); + +enum { + NFT_CHAIN_ATTR_NAME = 0, + NFT_CHAIN_ATTR_FAMILY, + NFT_CHAIN_ATTR_TABLE, + NFT_CHAIN_ATTR_HOOKNUM, + NFT_CHAIN_ATTR_PRIO = 4, + NFT_CHAIN_ATTR_POLICY, + NFT_CHAIN_ATTR_USE, + NFT_CHAIN_ATTR_BYTES, + NFT_CHAIN_ATTR_PACKETS = 8, + NFT_CHAIN_ATTR_HANDLE, + NFT_CHAIN_ATTR_TYPE, +}; + +bool nft_chain_attr_is_set(const struct nft_chain *c, uint16_t attr); +void nft_chain_attr_unset(struct nft_chain *c, uint16_t attr); +void nft_chain_attr_set(struct nft_chain *t, uint16_t attr, const void *data); +void nft_chain_attr_set_u8(struct nft_chain *t, uint16_t attr, uint8_t data); +void nft_chain_attr_set_u32(struct nft_chain *t, uint16_t attr, uint32_t data); +void nft_chain_attr_set_s32(struct nft_chain *t, uint16_t attr, int32_t data); +void nft_chain_attr_set_u64(struct nft_chain *t, uint16_t attr, uint64_t data); +void nft_chain_attr_set_str(struct nft_chain *t, uint16_t attr, const char *str); + +const void *nft_chain_attr_get(struct nft_chain *c, uint16_t attr); +const char *nft_chain_attr_get_str(struct nft_chain *c, uint16_t attr); +uint8_t nft_chain_attr_get_u8(struct nft_chain *c, uint16_t attr); +uint32_t nft_chain_attr_get_u32(struct nft_chain *c, uint16_t attr); +int32_t nft_chain_attr_get_s32(struct nft_chain *c, uint16_t attr); +uint64_t nft_chain_attr_get_u64(struct nft_chain *c, uint16_t attr); + +struct nlmsghdr; + +void nft_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_chain *t); + +int nft_chain_parse(struct nft_chain *c, enum nft_parse_type type, + const char *data, struct nft_parse_err *err); +int nft_chain_parse_file(struct nft_chain *c, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err); +int nft_chain_snprintf(char *buf, size_t size, struct nft_chain *t, uint32_t type, uint32_t flags); +int nft_chain_fprintf(FILE *fp, struct nft_chain *c, uint32_t type, uint32_t flags); + +#define nft_chain_nlmsg_build_hdr nft_nlmsg_build_hdr +int nft_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_chain *t); + +struct nft_chain_list; + +struct nft_chain_list *nft_chain_list_alloc(void); +void nft_chain_list_free(struct nft_chain_list *list); +int nft_chain_list_is_empty(struct nft_chain_list *list); +int nft_chain_list_foreach(struct nft_chain_list *chain_list, int (*cb)(struct nft_chain *t, void *data), void *data); + +void nft_chain_list_add(struct nft_chain *r, struct nft_chain_list *list); +void nft_chain_list_add_tail(struct nft_chain *r, struct nft_chain_list *list); +void nft_chain_list_del(struct nft_chain *c); + +struct nft_chain_list_iter; + +struct nft_chain_list_iter *nft_chain_list_iter_create(struct nft_chain_list *l); +struct nft_chain *nft_chain_list_iter_next(struct nft_chain_list_iter *iter); +void nft_chain_list_iter_destroy(struct nft_chain_list_iter *iter); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* _LIBNFTNL_CHAIN_H_ */ diff --git a/include/libnftnl/common.h b/include/libnftnl/common.h new file mode 100644 index 0000000..9d18b2b --- /dev/null +++ b/include/libnftnl/common.h @@ -0,0 +1,31 @@ +#ifndef _LIBNFTNL_COMMON_H_ +#define _LIBNFTNL_COMMON_H_ + +enum { + NFT_PARSE_EBADINPUT = 0, + NFT_PARSE_EMISSINGNODE, + NFT_PARSE_EBADTYPE, +}; + +enum nft_output_type { + NFT_OUTPUT_DEFAULT = 0, + NFT_OUTPUT_XML, + NFT_OUTPUT_JSON, +}; + +enum nft_parse_type { + NFT_PARSE_NONE = 0, + NFT_PARSE_XML, + NFT_PARSE_JSON, + NFT_PARSE_MAX, +}; + +struct nft_parse_err; + +struct nlmsghdr *nft_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family, + uint16_t type, uint32_t seq); + +struct nft_parse_err *nft_parse_err_alloc(void); +void nft_parse_err_free(struct nft_parse_err *); +int nft_parse_perror(const char *str, struct nft_parse_err *err); +#endif diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h new file mode 100644 index 0000000..a2f44df --- /dev/null +++ b/include/libnftnl/expr.h @@ -0,0 +1,150 @@ +#ifndef _LIBNFTNL_RULE_EXPR_H_ +#define _LIBNFTNL_RULE_EXPR_H_ + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +struct nft_rule_expr; + +enum { + NFT_RULE_EXPR_ATTR_NAME = 0, + NFT_RULE_EXPR_ATTR_BASE, +}; + +struct nft_rule_expr *nft_rule_expr_alloc(const char *name); +void nft_rule_expr_free(struct nft_rule_expr *expr); + +bool nft_rule_expr_is_set(const struct nft_rule_expr *expr, uint16_t type); +void nft_rule_expr_set(struct nft_rule_expr *expr, uint16_t type, const void *data, uint32_t data_len); +void nft_rule_expr_set_u8(struct nft_rule_expr *expr, uint16_t type, uint8_t data); +void nft_rule_expr_set_u16(struct nft_rule_expr *expr, uint16_t type, uint16_t data); +void nft_rule_expr_set_u32(struct nft_rule_expr *expr, uint16_t type, uint32_t data); +void nft_rule_expr_set_u64(struct nft_rule_expr *expr, uint16_t type, uint64_t data); +void nft_rule_expr_set_str(struct nft_rule_expr *expr, uint16_t type, const char *str); + +const void *nft_rule_expr_get(const struct nft_rule_expr *expr, uint16_t type, uint32_t *data_len); +uint8_t nft_rule_expr_get_u8(const struct nft_rule_expr *expr, uint16_t type); +uint16_t nft_rule_expr_get_u16(const struct nft_rule_expr *expr, uint16_t type); +uint32_t nft_rule_expr_get_u32(const struct nft_rule_expr *expr, uint16_t type); +uint64_t nft_rule_expr_get_u64(const struct nft_rule_expr *expr, uint16_t type); +const char *nft_rule_expr_get_str(const struct nft_rule_expr *expr, uint16_t type); + +struct nlmsghdr; + +void nft_rule_expr_build_payload(struct nlmsghdr *nlh, struct nft_rule_expr *expr); + +int nft_rule_expr_snprintf(char *buf, size_t buflen, struct nft_rule_expr *expr, uint32_t type, uint32_t flags); + +enum { + NFT_EXPR_PAYLOAD_DREG = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_PAYLOAD_BASE, + NFT_EXPR_PAYLOAD_OFFSET, + NFT_EXPR_PAYLOAD_LEN, +}; + +enum { + NFT_EXPR_META_KEY = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_META_DREG, +}; + +enum { + NFT_EXPR_CMP_SREG = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_CMP_OP, + NFT_EXPR_CMP_DATA, +}; + +enum { + NFT_EXPR_IMM_DREG = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_IMM_DATA, + NFT_EXPR_IMM_VERDICT, + NFT_EXPR_IMM_CHAIN, +}; + +enum { + NFT_EXPR_CTR_PACKETS = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_CTR_BYTES, +}; + +enum { + NFT_EXPR_BITWISE_SREG = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_BITWISE_DREG, + NFT_EXPR_BITWISE_LEN, + NFT_EXPR_BITWISE_MASK, + NFT_EXPR_BITWISE_XOR, +}; + +enum { + NFT_EXPR_TG_NAME = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_TG_REV, + NFT_EXPR_TG_INFO, +}; + +enum { + NFT_EXPR_MT_NAME = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_MT_REV, + NFT_EXPR_MT_INFO, +}; + +enum { + NFT_EXPR_NAT_TYPE = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_NAT_FAMILY, + NFT_EXPR_NAT_REG_ADDR_MIN, + NFT_EXPR_NAT_REG_ADDR_MAX, + NFT_EXPR_NAT_REG_PROTO_MIN, + NFT_EXPR_NAT_REG_PROTO_MAX, +}; + +enum { + NFT_EXPR_LOOKUP_SREG = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_LOOKUP_DREG, + NFT_EXPR_LOOKUP_SET, +}; + +enum { + NFT_EXPR_LOG_PREFIX = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_LOG_GROUP, + NFT_EXPR_LOG_SNAPLEN, + NFT_EXPR_LOG_QTHRESHOLD, +}; + +enum { + NFT_EXPR_EXTHDR_DREG = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_EXTHDR_TYPE, + NFT_EXPR_EXTHDR_OFFSET, + NFT_EXPR_EXTHDR_LEN, +}; + +enum { + NFT_EXPR_CT_DREG = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_CT_KEY, + NFT_EXPR_CT_DIR, +}; + +enum { + NFT_EXPR_BYTEORDER_DREG = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_BYTEORDER_SREG, + NFT_EXPR_BYTEORDER_OP, + NFT_EXPR_BYTEORDER_LEN, + NFT_EXPR_BYTEORDER_SIZE, +}; + +enum { + NFT_EXPR_LIMIT_RATE = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_LIMIT_UNIT, +}; + +enum { + NFT_EXPR_REJECT_TYPE = NFT_RULE_EXPR_ATTR_BASE, + NFT_EXPR_REJECT_CODE, +}; + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* _LIBNFTNL_RULE_EXPR_H_ */ diff --git a/include/libnftnl/rule.h b/include/libnftnl/rule.h new file mode 100644 index 0000000..4033d3c --- /dev/null +++ b/include/libnftnl/rule.h @@ -0,0 +1,91 @@ +#ifndef _LIBNFTNL_RULE_H_ +#define _LIBNFTNL_RULE_H_ + +#include +#include +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +struct nft_rule; +struct nft_rule_expr; + +struct nft_rule *nft_rule_alloc(void); +void nft_rule_free(struct nft_rule *); + +enum { + NFT_RULE_ATTR_FAMILY = 0, + NFT_RULE_ATTR_TABLE, + NFT_RULE_ATTR_CHAIN, + NFT_RULE_ATTR_HANDLE, + NFT_RULE_ATTR_COMPAT_PROTO, + NFT_RULE_ATTR_COMPAT_FLAGS, + NFT_RULE_ATTR_POSITION, +}; + +void nft_rule_attr_unset(struct nft_rule *r, uint16_t attr); +bool nft_rule_attr_is_set(const struct nft_rule *r, uint16_t attr); +void nft_rule_attr_set(struct nft_rule *r, uint16_t attr, const void *data); +void nft_rule_attr_set_u32(struct nft_rule *r, uint16_t attr, uint32_t val); +void nft_rule_attr_set_u64(struct nft_rule *r, uint16_t attr, uint64_t val); +void nft_rule_attr_set_str(struct nft_rule *r, uint16_t attr, const char *str); + +const void *nft_rule_attr_get(const struct nft_rule *r, uint16_t attr); +const char *nft_rule_attr_get_str(const struct nft_rule *r, uint16_t attr); +uint8_t nft_rule_attr_get_u8(const struct nft_rule *r, uint16_t attr); +uint32_t nft_rule_attr_get_u32(const struct nft_rule *r, uint16_t attr); +uint64_t nft_rule_attr_get_u64(const struct nft_rule *r, uint16_t attr); + +void nft_rule_add_expr(struct nft_rule *r, struct nft_rule_expr *expr); + +struct nlmsghdr; + +void nft_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_rule *t); + +int nft_rule_parse(struct nft_rule *r, enum nft_parse_type type, + const char *data, struct nft_parse_err *err); +int nft_rule_parse_file(struct nft_rule *r, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err); +int nft_rule_snprintf(char *buf, size_t size, struct nft_rule *t, uint32_t type, uint32_t flags); +int nft_rule_fprintf(FILE *fp, struct nft_rule *r, uint32_t type, uint32_t flags); + +#define nft_rule_nlmsg_build_hdr nft_nlmsg_build_hdr +int nft_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_rule *t); + +int nft_rule_expr_foreach(struct nft_rule *r, + int (*cb)(struct nft_rule_expr *e, void *data), + void *data); + +struct nft_rule_expr_iter; + +struct nft_rule_expr_iter *nft_rule_expr_iter_create(struct nft_rule *r); +struct nft_rule_expr *nft_rule_expr_iter_next(struct nft_rule_expr_iter *iter); +void nft_rule_expr_iter_destroy(struct nft_rule_expr_iter *iter); + +struct nft_rule_list; + +struct nft_rule_list *nft_rule_list_alloc(void); +void nft_rule_list_free(struct nft_rule_list *list); +int nft_rule_list_is_empty(struct nft_rule_list *list); +void nft_rule_list_add(struct nft_rule *r, struct nft_rule_list *list); +void nft_rule_list_add_tail(struct nft_rule *r, struct nft_rule_list *list); +void nft_rule_list_del(struct nft_rule *r); +int nft_rule_list_foreach(struct nft_rule_list *rule_list, int (*cb)(struct nft_rule *t, void *data), void *data); + +struct nft_rule_list_iter; + +struct nft_rule_list_iter *nft_rule_list_iter_create(struct nft_rule_list *l); +struct nft_rule *nft_rule_list_iter_cur(struct nft_rule_list_iter *iter); +struct nft_rule *nft_rule_list_iter_next(struct nft_rule_list_iter *iter); +void nft_rule_list_iter_destroy(struct nft_rule_list_iter *iter); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* _LIBNFTNL_RULE_H_ */ diff --git a/include/libnftnl/ruleset.h b/include/libnftnl/ruleset.h new file mode 100644 index 0000000..6f89110 --- /dev/null +++ b/include/libnftnl/ruleset.h @@ -0,0 +1,44 @@ +#ifndef _LIBNFTNL_RULESET_H_ +#define _LIBNFTNL_RULESET_H_ + +#include + +#include +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +struct nft_ruleset; + +struct nft_ruleset *nft_ruleset_alloc(void); +void nft_ruleset_free(struct nft_ruleset *r); + +enum { + NFT_RULESET_ATTR_TABLELIST = 0, + NFT_RULESET_ATTR_CHAINLIST, + NFT_RULESET_ATTR_SETLIST, + NFT_RULESET_ATTR_RULELIST, +}; + +bool nft_ruleset_attr_is_set(const struct nft_ruleset *r, uint16_t attr); +void nft_ruleset_attr_unset(struct nft_ruleset *r, uint16_t attr); +void nft_ruleset_attr_set(struct nft_ruleset *r, uint16_t attr, void *data); +const void *nft_ruleset_attr_get(const struct nft_ruleset *r, uint16_t attr); + +int nft_ruleset_parse(struct nft_ruleset *rs, enum nft_parse_type type, + const char *data, struct nft_parse_err *err); +int nft_ruleset_parse_file(struct nft_ruleset *rs, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err); +int nft_ruleset_snprintf(char *buf, size_t size, const struct nft_ruleset *rs, uint32_t type, uint32_t flags); +int nft_ruleset_fprintf(FILE *fp, const struct nft_ruleset *rs, uint32_t type, uint32_t flags); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* _LIBNFTNL_RULESET_H_ */ diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h new file mode 100644 index 0000000..7fa9fb2 --- /dev/null +++ b/include/libnftnl/set.h @@ -0,0 +1,119 @@ +#ifndef _LIBNFTNL_SET_H_ +#define _LIBNFTNL_SET_H_ + +#include +#include +#include +#include + +#include + +enum { + NFT_SET_ATTR_TABLE, + NFT_SET_ATTR_NAME, + NFT_SET_ATTR_FLAGS, + NFT_SET_ATTR_KEY_TYPE, + NFT_SET_ATTR_KEY_LEN, + NFT_SET_ATTR_DATA_TYPE, + NFT_SET_ATTR_DATA_LEN, + NFT_SET_ATTR_FAMILY, +}; + +struct nft_set; + +struct nft_set *nft_set_alloc(void); +void nft_set_free(struct nft_set *s); + +bool nft_set_attr_is_set(const struct nft_set *s, uint16_t attr); +void nft_set_attr_unset(struct nft_set *s, uint16_t attr); +void nft_set_attr_set(struct nft_set *s, uint16_t attr, const void *data); +void nft_set_attr_set_u32(struct nft_set *s, uint16_t attr, uint32_t val); +void nft_set_attr_set_str(struct nft_set *s, uint16_t attr, const char *str); + +const void *nft_set_attr_get(struct nft_set *s, uint16_t attr); +const char *nft_set_attr_get_str(struct nft_set *s, uint16_t attr); +uint32_t nft_set_attr_get_u32(struct nft_set *s, uint16_t attr); + +struct nlmsghdr; + +#define nft_set_nlmsg_build_hdr nft_nlmsg_build_hdr +void nft_set_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_set *s); +int nft_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set *s); +int nft_set_elems_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set *s); + +int nft_set_snprintf(char *buf, size_t size, struct nft_set *s, uint32_t type, uint32_t flags); +int nft_set_fprintf(FILE *fp, struct nft_set *s, uint32_t type, uint32_t flags); + +struct nft_set_list; + +struct nft_set_list *nft_set_list_alloc(void); +void nft_set_list_free(struct nft_set_list *list); +int nft_set_list_is_empty(struct nft_set_list *list); +void nft_set_list_add(struct nft_set *s, struct nft_set_list *list); +void nft_set_list_add_tail(struct nft_set *s, struct nft_set_list *list); +void nft_set_list_del(struct nft_set *s); +int nft_set_list_foreach(struct nft_set_list *set_list, int (*cb)(struct nft_set *t, void *data), void *data); + +struct nft_set_list_iter; +struct nft_set_list_iter *nft_set_list_iter_create(struct nft_set_list *l); +struct nft_set *nft_set_list_iter_cur(struct nft_set_list_iter *iter); +struct nft_set *nft_set_list_iter_next(struct nft_set_list_iter *iter); +void nft_set_list_iter_destroy(struct nft_set_list_iter *iter); + +int nft_set_parse(struct nft_set *s, enum nft_parse_type type, + const char *data, struct nft_parse_err *err); +int nft_set_parse_file(struct nft_set *s, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err); + +/* + * Set elements + */ + +enum { + NFT_SET_ELEM_ATTR_FLAGS, + NFT_SET_ELEM_ATTR_KEY, + NFT_SET_ELEM_ATTR_VERDICT, + NFT_SET_ELEM_ATTR_CHAIN, + NFT_SET_ELEM_ATTR_DATA, +}; + +struct nft_set_elem; + +struct nft_set_elem *nft_set_elem_alloc(void); +void nft_set_elem_free(struct nft_set_elem *s); + +void nft_set_elem_add(struct nft_set *s, struct nft_set_elem *elem); + +void nft_set_elem_attr_unset(struct nft_set_elem *s, uint16_t attr); +void nft_set_elem_attr_set(struct nft_set_elem *s, uint16_t attr, const void *data, uint32_t data_len); +void nft_set_elem_attr_set_u32(struct nft_set_elem *s, uint16_t attr, uint32_t val); +void nft_set_elem_attr_set_str(struct nft_set_elem *s, uint16_t attr, const char *str); + +const void *nft_set_elem_attr_get(struct nft_set_elem *s, uint16_t attr, uint32_t *data_len); +const char *nft_set_elem_attr_get_str(struct nft_set_elem *s, uint16_t attr); +uint32_t nft_set_elem_attr_get_u32(struct nft_set_elem *s, uint16_t attr); + +bool nft_set_elem_attr_is_set(const struct nft_set_elem *s, uint16_t attr); + +#define nft_set_elem_nlmsg_build_hdr nft_nlmsg_build_hdr +void nft_set_elems_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_set *s); +void nft_set_elem_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_set_elem *e); + +int nft_set_elem_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set_elem *s); + +int nft_set_elem_parse(struct nft_set_elem *e, enum nft_parse_type type, + const char *data, struct nft_parse_err *err); +int nft_set_elem_parse_file(struct nft_set_elem *e, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err); +int nft_set_elem_snprintf(char *buf, size_t size, struct nft_set_elem *s, uint32_t type, uint32_t flags); +int nft_set_elem_fprintf(FILE *fp, struct nft_set_elem *se, uint32_t type, uint32_t flags); + +int nft_set_elem_foreach(struct nft_set *s, int (*cb)(struct nft_set_elem *e, void *data), void *data); + +struct nft_set_elems_iter; +struct nft_set_elems_iter *nft_set_elems_iter_create(struct nft_set *s); +struct nft_set_elem *nft_set_elems_iter_cur(struct nft_set_elems_iter *iter); +struct nft_set_elem *nft_set_elems_iter_next(struct nft_set_elems_iter *iter); +void nft_set_elems_iter_destroy(struct nft_set_elems_iter *iter); + +#endif /* _LIBNFTNL_SET_H_ */ diff --git a/include/libnftnl/table.h b/include/libnftnl/table.h new file mode 100644 index 0000000..22a8c1b --- /dev/null +++ b/include/libnftnl/table.h @@ -0,0 +1,73 @@ +#ifndef _LIBNFTNL_TABLE_H_ +#define _LIBNFTNL_TABLE_H_ + +#include +#include +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +struct nft_table; + +struct nft_table *nft_table_alloc(void); +void nft_table_free(struct nft_table *); + +enum { + NFT_TABLE_ATTR_NAME = 0, + NFT_TABLE_ATTR_FAMILY, + NFT_TABLE_ATTR_FLAGS, +}; + +bool nft_table_attr_is_set(const struct nft_table *t, uint16_t attr); +void nft_table_attr_unset(struct nft_table *t, uint16_t attr); +void nft_table_attr_set(struct nft_table *t, uint16_t attr, const void *data); +const void *nft_table_attr_get(struct nft_table *t, uint16_t attr); + +void nft_table_attr_set_u8(struct nft_table *t, uint16_t attr, uint8_t data); +void nft_table_attr_set_u32(struct nft_table *t, uint16_t attr, uint32_t data); +void nft_table_attr_set_str(struct nft_table *t, uint16_t attr, const char *str); +uint8_t nft_table_attr_get_u8(struct nft_table *t, uint16_t attr); +uint32_t nft_table_attr_get_u32(struct nft_table *t, uint16_t attr); +const char *nft_table_attr_get_str(struct nft_table *t, uint16_t attr); + +struct nlmsghdr; + +void nft_table_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_table *t); + +int nft_table_parse(struct nft_table *t, enum nft_parse_type type, + const char *data, struct nft_parse_err *err); +int nft_table_parse_file(struct nft_table *t, enum nft_parse_type type, + FILE *fp, struct nft_parse_err *err); +int nft_table_snprintf(char *buf, size_t size, struct nft_table *t, uint32_t type, uint32_t flags); +int nft_table_fprintf(FILE *fp, struct nft_table *t, uint32_t type, uint32_t flags); + +#define nft_table_nlmsg_build_hdr nft_nlmsg_build_hdr +int nft_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_table *t); + +struct nft_table_list; + +struct nft_table_list *nft_table_list_alloc(void); +void nft_table_list_free(struct nft_table_list *list); +int nft_table_list_is_empty(struct nft_table_list *list); +int nft_table_list_foreach(struct nft_table_list *table_list, int (*cb)(struct nft_table *t, void *data), void *data); + +void nft_table_list_add(struct nft_table *r, struct nft_table_list *list); +void nft_table_list_add_tail(struct nft_table *r, struct nft_table_list *list); +void nft_table_list_del(struct nft_table *r); + +struct nft_table_list_iter; + +struct nft_table_list_iter *nft_table_list_iter_create(struct nft_table_list *l); +struct nft_table *nft_table_list_iter_next(struct nft_table_list_iter *iter); +void nft_table_list_iter_destroy(struct nft_table_list_iter *iter); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* _LIBNFTNL_TABLE_H_ */ diff --git a/libnftables.pc.in b/libnftables.pc.in deleted file mode 100644 index 0c6d57e..0000000 --- a/libnftables.pc.in +++ /dev/null @@ -1,15 +0,0 @@ -# libnftables pkg-config file - -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: libnftables -Description: Netfilter nf_tables infrastructure library -URL: http://netfilter.org/projects/libnftables/ -Version: @VERSION@ -Requires: -Conflicts: -Libs: -L${libdir} -lnftables -Cflags: -I${includedir} diff --git a/libnftnl.pc.in b/libnftnl.pc.in new file mode 100644 index 0000000..0c6d57e --- /dev/null +++ b/libnftnl.pc.in @@ -0,0 +1,15 @@ +# libnftables pkg-config file + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: libnftables +Description: Netfilter nf_tables infrastructure library +URL: http://netfilter.org/projects/libnftables/ +Version: @VERSION@ +Requires: +Conflicts: +Libs: -L${libdir} -lnftables +Cflags: -I${includedir} diff --git a/src/Makefile.am b/src/Makefile.am index fc13e46..450279f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,40 +1,40 @@ include $(top_srcdir)/Make_global.am -lib_LTLIBRARIES = libnftables.la +lib_LTLIBRARIES = libnftnl.la -libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBXML_LIBS} ${LIBJSON_LIBS} -libnftables_la_LDFLAGS = -Wl,--version-script=$(srcdir)/libnftables.map \ - -version-info $(LIBVERSION) +libnftnl_la_LIBADD = ${LIBMNL_LIBS} ${LIBXML_LIBS} ${LIBJSON_LIBS} +libnftnl_la_LDFLAGS = -Wl,--version-script=$(srcdir)/libnftnl.map \ + -version-info $(LIBVERSION) -libnftables_la_SOURCES = utils.c \ - common.c \ - table.c \ - chain.c \ - rule.c \ - set.c \ - set_elem.c \ - ruleset.c \ - mxml.c \ - jansson.c \ - expr.c \ - expr_ops.c \ - expr/bitwise.c \ - expr/byteorder.c \ - expr/cmp.c \ - expr/counter.c \ - expr/ct.c \ - expr/data_reg.c \ - expr/exthdr.c \ - expr/limit.c \ - expr/log.c \ - expr/lookup.c \ - expr/immediate.c \ - expr/match.c \ - expr/meta.c \ - expr/nat.c \ - expr/payload.c \ - expr/reject.c \ - expr/target.c \ - expr/data_reg.h \ - libnftables.map \ - expr_ops.h \ - internal.h +libnftnl_la_SOURCES = utils.c \ + common.c \ + table.c \ + chain.c \ + rule.c \ + set.c \ + set_elem.c \ + ruleset.c \ + mxml.c \ + jansson.c \ + expr.c \ + expr_ops.c \ + expr/bitwise.c \ + expr/byteorder.c \ + expr/cmp.c \ + expr/counter.c \ + expr/ct.c \ + expr/data_reg.c \ + expr/exthdr.c \ + expr/limit.c \ + expr/log.c \ + expr/lookup.c \ + expr/immediate.c \ + expr/match.c \ + expr/meta.c \ + expr/nat.c \ + expr/payload.c \ + expr/reject.c \ + expr/target.c \ + expr/data_reg.h \ + libnftnl.map \ + expr_ops.h \ + internal.h diff --git a/src/chain.c b/src/chain.c index 37515bb..e26200d 100644 --- a/src/chain.c +++ b/src/chain.c @@ -26,7 +26,7 @@ #include #include -#include +#include struct nft_chain { struct list_head head; diff --git a/src/common.c b/src/common.c index 5c6ddbf..b9598bf 100644 --- a/src/common.c +++ b/src/common.c @@ -11,7 +11,7 @@ #include #include -#include +#include #include "internal.h" #include diff --git a/src/expr.c b/src/expr.c index aeb717e..55557da 100644 --- a/src/expr.c +++ b/src/expr.c @@ -22,7 +22,7 @@ #include #include -#include +#include #include "linux_list.h" diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c index e57c244..c8fd0ec 100644 --- a/src/expr/bitwise.c +++ b/src/expr/bitwise.c @@ -18,8 +18,8 @@ #include #include #include -#include -#include +#include +#include #include "data_reg.h" #include "expr_ops.h" diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c index 49ae38f..4889e80 100644 --- a/src/expr/byteorder.c +++ b/src/expr/byteorder.c @@ -18,8 +18,8 @@ #include #include #include -#include -#include +#include +#include #include "data_reg.h" #include "expr_ops.h" diff --git a/src/expr/cmp.c b/src/expr/cmp.c index ebd3e5c..63250f3 100644 --- a/src/expr/cmp.c +++ b/src/expr/cmp.c @@ -19,8 +19,8 @@ #include #include -#include -#include +#include +#include #include "expr_ops.h" #include "data_reg.h" diff --git a/src/expr/counter.c b/src/expr/counter.c index 11afb83..4bb7f1b 100644 --- a/src/expr/counter.c +++ b/src/expr/counter.c @@ -19,8 +19,8 @@ #include "internal.h" #include -#include -#include +#include +#include #include "expr_ops.h" struct nft_expr_counter { diff --git a/src/expr/ct.c b/src/expr/ct.c index 584f7a6..051a1c5 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -18,8 +18,8 @@ #include "internal.h" #include -#include -#include +#include +#include #include "expr_ops.h" struct nft_expr_ct { diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c index a755948..0523cb7 100644 --- a/src/expr/data_reg.c +++ b/src/expr/data_reg.c @@ -20,8 +20,8 @@ #include #include #include -#include -#include +#include +#include #include "expr_ops.h" #include "data_reg.h" #include "internal.h" diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c index 0bf1de3..66a6cf5 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c @@ -21,8 +21,8 @@ #include -#include -#include +#include +#include #include "expr_ops.h" diff --git a/src/expr/immediate.c b/src/expr/immediate.c index db7b958..b3c52b8 100644 --- a/src/expr/immediate.c +++ b/src/expr/immediate.c @@ -17,8 +17,8 @@ #include "internal.h" #include #include -#include -#include +#include +#include #include "expr_ops.h" #include "data_reg.h" diff --git a/src/expr/limit.c b/src/expr/limit.c index e6b0492..7d10340 100644 --- a/src/expr/limit.c +++ b/src/expr/limit.c @@ -19,8 +19,8 @@ #include "internal.h" #include -#include -#include +#include +#include #include "expr_ops.h" struct nft_expr_limit { diff --git a/src/expr/log.c b/src/expr/log.c index c62a8b4..5119c20 100644 --- a/src/expr/log.c +++ b/src/expr/log.c @@ -18,8 +18,8 @@ #include "internal.h" #include -#include -#include +#include +#include #include "expr_ops.h" struct nft_expr_log { diff --git a/src/expr/lookup.c b/src/expr/lookup.c index 0e53f58..5e0bf75 100644 --- a/src/expr/lookup.c +++ b/src/expr/lookup.c @@ -18,8 +18,8 @@ #include #include #include -#include -#include +#include +#include #include "data_reg.h" #include "expr_ops.h" diff --git a/src/expr/match.c b/src/expr/match.c index 5487050..9f2fa03 100644 --- a/src/expr/match.c +++ b/src/expr/match.c @@ -22,8 +22,8 @@ #include #include -#include -#include +#include +#include #include "expr_ops.h" diff --git a/src/expr/meta.c b/src/expr/meta.c index 6c3e20e..e2a198a 100644 --- a/src/expr/meta.c +++ b/src/expr/meta.c @@ -18,8 +18,8 @@ #include "internal.h" #include -#include -#include +#include +#include #include "expr_ops.h" #ifndef NFT_META_MAX diff --git a/src/expr/nat.c b/src/expr/nat.c index 65b35ea..42f2b49 100644 --- a/src/expr/nat.c +++ b/src/expr/nat.c @@ -20,8 +20,8 @@ #include #include #include -#include -#include +#include +#include #include "expr_ops.h" struct nft_expr_nat { diff --git a/src/expr/payload.c b/src/expr/payload.c index d64b097..ad82015 100644 --- a/src/expr/payload.c +++ b/src/expr/payload.c @@ -21,8 +21,8 @@ #include -#include -#include +#include +#include #include "expr_ops.h" diff --git a/src/expr/reject.c b/src/expr/reject.c index c06b070..62346e9 100644 --- a/src/expr/reject.c +++ b/src/expr/reject.c @@ -18,8 +18,8 @@ #include "internal.h" #include -#include -#include +#include +#include #include "expr_ops.h" struct nft_expr_reject { diff --git a/src/expr/target.c b/src/expr/target.c index 071fb07..36e37de 100644 --- a/src/expr/target.c +++ b/src/expr/target.c @@ -22,8 +22,8 @@ #include #include -#include -#include +#include +#include #include "expr_ops.h" diff --git a/src/internal.h b/src/internal.h index 256dd3d..a3fc46f 100644 --- a/src/internal.h +++ b/src/internal.h @@ -13,7 +13,7 @@ #include #include -#include +#include #define BASE_DEC 10 #define BASE_HEX 16 diff --git a/src/jansson.c b/src/jansson.c index 26bd700..5107eb5 100644 --- a/src/jansson.c +++ b/src/jansson.c @@ -16,9 +16,9 @@ #include #include #include "expr_ops.h" -#include +#include -#include +#include #include #ifdef JSON_PARSING diff --git a/src/libnftables.map b/src/libnftables.map deleted file mode 100644 index faf0913..0000000 --- a/src/libnftables.map +++ /dev/null @@ -1,198 +0,0 @@ -LIBNFTABLES_1.0 { -global: - nft_table_alloc; - nft_table_free; - nft_table_attr_is_set; - nft_table_attr_unset; - nft_table_attr_set; - nft_table_attr_get; - nft_table_attr_set_u8; - nft_table_attr_set_u32; - nft_table_attr_set_str; - nft_table_attr_get_u8; - nft_table_attr_get_u32; - nft_table_attr_get_str; - nft_table_parse; - nft_table_parse_file; - nft_table_snprintf; - nft_table_fprintf; - nft_table_nlmsg_build_payload; - nft_table_nlmsg_parse; - nft_table_list_alloc; - nft_table_list_free; - nft_table_list_is_empty; - nft_table_list_foreach; - nft_table_list_add; - nft_table_list_add_tail; - nft_table_list_del; - nft_table_list_iter_create; - nft_table_list_iter_next; - nft_table_list_iter_destroy; - - nft_chain_alloc; - nft_chain_free; - nft_chain_attr_is_set; - nft_chain_attr_unset; - nft_chain_attr_set; - nft_chain_attr_set_u8; - nft_chain_attr_set_u32; - nft_chain_attr_set_s32; - nft_chain_attr_set_u64; - nft_chain_attr_set_str; - nft_chain_attr_get; - nft_chain_attr_get_u8; - nft_chain_attr_get_u32; - nft_chain_attr_get_s32; - nft_chain_attr_get_u64; - nft_chain_attr_get_str; - nft_chain_parse; - nft_chain_parse_file; - nft_chain_snprintf; - nft_chain_fprintf; - nft_chain_nlmsg_build_payload; - nft_chain_nlmsg_parse; - nft_chain_list_alloc; - nft_chain_list_free; - nft_chain_list_is_empty; - nft_chain_list_add; - nft_chain_list_add_tail; - nft_chain_list_del; - nft_chain_list_foreach; - nft_chain_list_iter_create; - nft_chain_list_iter_next; - nft_chain_list_iter_destroy; - - nft_rule_alloc; - nft_rule_free; - nft_rule_attr_is_set; - nft_rule_attr_unset; - nft_rule_attr_set; - nft_rule_attr_set_u32; - nft_rule_attr_set_u64; - nft_rule_attr_set_str; - nft_rule_attr_get; - nft_rule_attr_get_u8; - nft_rule_attr_get_u32; - nft_rule_attr_get_u64; - nft_rule_attr_get_str; - nft_rule_parse; - nft_rule_parse_file; - nft_rule_snprintf; - nft_rule_fprintf; - nft_rule_nlmsg_build_payload; - nft_rule_nlmsg_parse; - nft_rule_add_expr; - - nft_rule_expr_foreach; - nft_rule_expr_iter_create; - nft_rule_expr_iter_next; - nft_rule_expr_iter_destroy; - - nft_rule_expr_alloc; - nft_rule_expr_is_set; - nft_rule_expr_set; - nft_rule_expr_set_u8; - nft_rule_expr_set_u16; - nft_rule_expr_set_u32; - nft_rule_expr_set_u64; - nft_rule_expr_set_str; - nft_rule_expr_get; - nft_rule_expr_get_u8; - nft_rule_expr_get_u16; - nft_rule_expr_get_u32; - nft_rule_expr_get_u64; - nft_rule_expr_get_str; - nft_rule_expr_build_payload; - nft_rule_expr_snprintf; - nft_rule_expr_free; - - nft_rule_list_alloc; - nft_rule_list_free; - nft_rule_list_is_empty; - nft_rule_list_add; - nft_rule_list_add_tail; - nft_rule_list_del; - nft_rule_list_foreach; - nft_rule_list_iter_create; - nft_rule_list_iter_cur; - nft_rule_list_iter_next; - nft_rule_list_iter_destroy; - - nft_set_alloc; - nft_set_free; - nft_set_attr_unset; - nft_set_attr_is_set; - nft_set_attr_set; - nft_set_attr_set_u32; - nft_set_attr_set_str; - nft_set_attr_get; - nft_set_attr_get_str; - nft_set_attr_get_u32; - nft_set_nlmsg_build_payload; - nft_set_nlmsg_parse; - nft_set_parse; - nft_set_parse_file; - nft_set_snprintf; - nft_set_fprintf; - - nft_set_list_alloc; - nft_set_list_free; - nft_set_list_add; - nft_set_list_add_tail; - nft_set_list_del; - nft_set_list_is_empty; - nft_set_list_foreach; - - nft_set_list_iter_create; - nft_set_list_iter_cur; - nft_set_list_iter_next; - nft_set_list_iter_destroy; - - nft_set_elem_alloc; - nft_set_elem_free; - nft_set_elem_add; - nft_set_elem_foreach; - nft_set_elem_attr_is_set; - nft_set_elem_attr_unset; - nft_set_elem_attr_set; - nft_set_elem_attr_set_u32; - nft_set_elem_attr_set_str; - nft_set_elem_attr_get; - nft_set_elem_attr_get_str; - nft_set_elem_attr_get_u32; - nft_set_elem_nlmsg_build_payload; - nft_set_elem_nlmsg_parse; - nft_set_elem_parse; - nft_set_elem_parse_file; - nft_set_elem_snprintf; - nft_set_elem_fprinf; - - nft_set_elems_nlmsg_build_payload; - nft_set_elems_nlmsg_parse; - - nft_set_elems_foreach; - - nft_set_elems_iter_create; - nft_set_elems_iter_cur; - nft_set_elems_iter_next; - nft_set_elems_iter_destroy; - - nft_ruleset_alloc; - nft_ruleset_free; - nft_ruleset_attr_is_set; - nft_ruleset_attr_unset; - nft_ruleset_attr_set; - nft_ruleset_attr_get; - nft_ruleset_parse; - nft_ruleset_parse_file; - nft_ruleset_snprintf; - nft_ruleset_fprintf; - - nft_nlmsg_build_hdr; - - nft_parse_err_alloc; - nft_parse_err_free; - nft_parse_perror; - -local: *; -}; diff --git a/src/libnftnl.map b/src/libnftnl.map new file mode 100644 index 0000000..43378ed --- /dev/null +++ b/src/libnftnl.map @@ -0,0 +1,198 @@ +LIBNFTNL_1.0 { +global: + nft_table_alloc; + nft_table_free; + nft_table_attr_is_set; + nft_table_attr_unset; + nft_table_attr_set; + nft_table_attr_get; + nft_table_attr_set_u8; + nft_table_attr_set_u32; + nft_table_attr_set_str; + nft_table_attr_get_u8; + nft_table_attr_get_u32; + nft_table_attr_get_str; + nft_table_parse; + nft_table_parse_file; + nft_table_snprintf; + nft_table_fprintf; + nft_table_nlmsg_build_payload; + nft_table_nlmsg_parse; + nft_table_list_alloc; + nft_table_list_free; + nft_table_list_is_empty; + nft_table_list_foreach; + nft_table_list_add; + nft_table_list_add_tail; + nft_table_list_del; + nft_table_list_iter_create; + nft_table_list_iter_next; + nft_table_list_iter_destroy; + + nft_chain_alloc; + nft_chain_free; + nft_chain_attr_is_set; + nft_chain_attr_unset; + nft_chain_attr_set; + nft_chain_attr_set_u8; + nft_chain_attr_set_u32; + nft_chain_attr_set_s32; + nft_chain_attr_set_u64; + nft_chain_attr_set_str; + nft_chain_attr_get; + nft_chain_attr_get_u8; + nft_chain_attr_get_u32; + nft_chain_attr_get_s32; + nft_chain_attr_get_u64; + nft_chain_attr_get_str; + nft_chain_parse; + nft_chain_parse_file; + nft_chain_snprintf; + nft_chain_fprintf; + nft_chain_nlmsg_build_payload; + nft_chain_nlmsg_parse; + nft_chain_list_alloc; + nft_chain_list_free; + nft_chain_list_is_empty; + nft_chain_list_add; + nft_chain_list_add_tail; + nft_chain_list_del; + nft_chain_list_foreach; + nft_chain_list_iter_create; + nft_chain_list_iter_next; + nft_chain_list_iter_destroy; + + nft_rule_alloc; + nft_rule_free; + nft_rule_attr_is_set; + nft_rule_attr_unset; + nft_rule_attr_set; + nft_rule_attr_set_u32; + nft_rule_attr_set_u64; + nft_rule_attr_set_str; + nft_rule_attr_get; + nft_rule_attr_get_u8; + nft_rule_attr_get_u32; + nft_rule_attr_get_u64; + nft_rule_attr_get_str; + nft_rule_parse; + nft_rule_parse_file; + nft_rule_snprintf; + nft_rule_fprintf; + nft_rule_nlmsg_build_payload; + nft_rule_nlmsg_parse; + nft_rule_add_expr; + + nft_rule_expr_foreach; + nft_rule_expr_iter_create; + nft_rule_expr_iter_next; + nft_rule_expr_iter_destroy; + + nft_rule_expr_alloc; + nft_rule_expr_is_set; + nft_rule_expr_set; + nft_rule_expr_set_u8; + nft_rule_expr_set_u16; + nft_rule_expr_set_u32; + nft_rule_expr_set_u64; + nft_rule_expr_set_str; + nft_rule_expr_get; + nft_rule_expr_get_u8; + nft_rule_expr_get_u16; + nft_rule_expr_get_u32; + nft_rule_expr_get_u64; + nft_rule_expr_get_str; + nft_rule_expr_build_payload; + nft_rule_expr_snprintf; + nft_rule_expr_free; + + nft_rule_list_alloc; + nft_rule_list_free; + nft_rule_list_is_empty; + nft_rule_list_add; + nft_rule_list_add_tail; + nft_rule_list_del; + nft_rule_list_foreach; + nft_rule_list_iter_create; + nft_rule_list_iter_cur; + nft_rule_list_iter_next; + nft_rule_list_iter_destroy; + + nft_set_alloc; + nft_set_free; + nft_set_attr_unset; + nft_set_attr_is_set; + nft_set_attr_set; + nft_set_attr_set_u32; + nft_set_attr_set_str; + nft_set_attr_get; + nft_set_attr_get_str; + nft_set_attr_get_u32; + nft_set_nlmsg_build_payload; + nft_set_nlmsg_parse; + nft_set_parse; + nft_set_parse_file; + nft_set_snprintf; + nft_set_fprintf; + + nft_set_list_alloc; + nft_set_list_free; + nft_set_list_add; + nft_set_list_add_tail; + nft_set_list_del; + nft_set_list_is_empty; + nft_set_list_foreach; + + nft_set_list_iter_create; + nft_set_list_iter_cur; + nft_set_list_iter_next; + nft_set_list_iter_destroy; + + nft_set_elem_alloc; + nft_set_elem_free; + nft_set_elem_add; + nft_set_elem_foreach; + nft_set_elem_attr_is_set; + nft_set_elem_attr_unset; + nft_set_elem_attr_set; + nft_set_elem_attr_set_u32; + nft_set_elem_attr_set_str; + nft_set_elem_attr_get; + nft_set_elem_attr_get_str; + nft_set_elem_attr_get_u32; + nft_set_elem_nlmsg_build_payload; + nft_set_elem_nlmsg_parse; + nft_set_elem_parse; + nft_set_elem_parse_file; + nft_set_elem_snprintf; + nft_set_elem_fprinf; + + nft_set_elems_nlmsg_build_payload; + nft_set_elems_nlmsg_parse; + + nft_set_elems_foreach; + + nft_set_elems_iter_create; + nft_set_elems_iter_cur; + nft_set_elems_iter_next; + nft_set_elems_iter_destroy; + + nft_ruleset_alloc; + nft_ruleset_free; + nft_ruleset_attr_is_set; + nft_ruleset_attr_unset; + nft_ruleset_attr_set; + nft_ruleset_attr_get; + nft_ruleset_parse; + nft_ruleset_parse_file; + nft_ruleset_snprintf; + nft_ruleset_fprintf; + + nft_nlmsg_build_hdr; + + nft_parse_err_alloc; + nft_parse_err_free; + nft_parse_perror; + +local: *; +}; diff --git a/src/mxml.c b/src/mxml.c index 4988502..b2cb95e 100644 --- a/src/mxml.c +++ b/src/mxml.c @@ -15,11 +15,11 @@ #include #include -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include #ifdef XML_PARSING mxml_node_t *nft_mxml_build_tree(const void *data, const char *treename, diff --git a/src/rule.c b/src/rule.c index 9b4b01f..53d2ebf 100644 --- a/src/rule.c +++ b/src/rule.c @@ -24,8 +24,8 @@ #include #include -#include -#include +#include +#include #include "linux_list.h" #include "expr_ops.h" diff --git a/src/ruleset.c b/src/ruleset.c index f5e1157..3cbec09 100644 --- a/src/ruleset.c +++ b/src/ruleset.c @@ -17,11 +17,11 @@ #include #include -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include struct nft_ruleset { struct nft_table_list *table_list; diff --git a/src/set.c b/src/set.c index bee9540..c3a7fae 100644 --- a/src/set.c +++ b/src/set.c @@ -23,7 +23,7 @@ #include #include -#include +#include #include "linux_list.h" #include "expr/data_reg.h" diff --git a/src/set_elem.c b/src/set_elem.c index 26c11d0..79fc641 100644 --- a/src/set_elem.c +++ b/src/set_elem.c @@ -22,8 +22,8 @@ #include #include -#include -#include +#include +#include #include "linux_list.h" #include "expr/data_reg.h" diff --git a/src/table.c b/src/table.c index ad3570f..f50a968 100644 --- a/src/table.c +++ b/src/table.c @@ -23,7 +23,7 @@ #include #include -#include +#include struct nft_table { struct list_head head; diff --git a/tests/Makefile.am b/tests/Makefile.am index 362eeac..e82ebf4 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -23,64 +23,64 @@ check_PROGRAMS = nft-parsing-test \ nft-expr_target-test nft_parsing_test_SOURCES = nft-parsing-test.c -nft_parsing_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} ${LIBXML_LIBS} ${LIBJSON_LIBS} +nft_parsing_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} ${LIBXML_LIBS} ${LIBJSON_LIBS} nft_table_test_SOURCES = nft-table-test.c -nft_table_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_table_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_chain_test_SOURCES = nft-chain-test.c -nft_chain_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_chain_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_rule_test_SOURCES = nft-rule-test.c -nft_rule_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_rule_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_set_test_SOURCES = nft-set-test.c -nft_set_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_set_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_bitwise_test_SOURCES = nft-expr_bitwise-test.c -nft_expr_bitwise_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_bitwise_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_byteorder_test_SOURCES = nft-expr_byteorder-test.c -nft_expr_byteorder_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_byteorder_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_cmp_test_SOURCES = nft-expr_cmp-test.c -nft_expr_cmp_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_cmp_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_counter_test_SOURCES = nft-expr_counter-test.c -nft_expr_counter_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_counter_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_exthdr_test_SOURCES = nft-expr_exthdr-test.c -nft_expr_exthdr_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_exthdr_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_ct_test_SOURCES = nft-expr_ct-test.c -nft_expr_ct_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_ct_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_immediate_test_SOURCES = nft-expr_counter-test.c -nft_expr_immediate_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_immediate_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_limit_test_SOURCES = nft-expr_limit-test.c -nft_expr_limit_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_limit_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_lookup_test_SOURCES = nft-expr_limit-test.c -nft_expr_lookup_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_lookup_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_log_test_SOURCES = nft-expr_log-test.c -nft_expr_log_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_log_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_match_test_SOURCES = nft-expr_match-test.c -nft_expr_match_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_match_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_meta_test_SOURCES = nft-expr_meta-test.c -nft_expr_meta_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_meta_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_nat_test_SOURCES = nft-expr_nat-test.c -nft_expr_nat_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_nat_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_payload_test_SOURCES = nft-expr_payload-test.c -nft_expr_payload_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_payload_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_reject_test_SOURCES = nft-expr_reject-test.c -nft_expr_reject_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_reject_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_expr_target_test_SOURCES = nft-expr_target-test.c -nft_expr_target_test_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} +nft_expr_target_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} diff --git a/tests/nft-chain-test.c b/tests/nft-chain-test.c index 80c1981..125562a 100644 --- a/tests/nft-chain-test.c +++ b/tests/nft-chain-test.c @@ -13,7 +13,7 @@ #include #include #include -#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_bitwise-test.c b/tests/nft-expr_bitwise-test.c index d755c75..0fe5329 100644 --- a/tests/nft-expr_bitwise-test.c +++ b/tests/nft-expr_bitwise-test.c @@ -16,8 +16,8 @@ #include #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_byteorder-test.c b/tests/nft-expr_byteorder-test.c index 5e50da1..456d508 100644 --- a/tests/nft-expr_byteorder-test.c +++ b/tests/nft-expr_byteorder-test.c @@ -16,8 +16,8 @@ #include #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_cmp-test.c b/tests/nft-expr_cmp-test.c index f435bbe..f411770 100644 --- a/tests/nft-expr_cmp-test.c +++ b/tests/nft-expr_cmp-test.c @@ -16,8 +16,8 @@ #include #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_counter-test.c b/tests/nft-expr_counter-test.c index 70cac2b..e27d20a 100644 --- a/tests/nft-expr_counter-test.c +++ b/tests/nft-expr_counter-test.c @@ -16,8 +16,8 @@ #include #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_ct-test.c b/tests/nft-expr_ct-test.c index f8bd13d..341d9e6 100644 --- a/tests/nft-expr_ct-test.c +++ b/tests/nft-expr_ct-test.c @@ -16,8 +16,8 @@ #include #include -#include -#include +#include +#include static int test_ok = 1; static void print_err(const char *msg) diff --git a/tests/nft-expr_exthdr-test.c b/tests/nft-expr_exthdr-test.c index 64c364c..a712903 100644 --- a/tests/nft-expr_exthdr-test.c +++ b/tests/nft-expr_exthdr-test.c @@ -16,8 +16,8 @@ #include #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_immediate-test.c b/tests/nft-expr_immediate-test.c index 91e8a3d..c45cefa 100644 --- a/tests/nft-expr_immediate-test.c +++ b/tests/nft-expr_immediate-test.c @@ -16,8 +16,8 @@ #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_limit-test.c b/tests/nft-expr_limit-test.c index c5730cc..38c3e5b 100644 --- a/tests/nft-expr_limit-test.c +++ b/tests/nft-expr_limit-test.c @@ -17,8 +17,8 @@ #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_log-test.c b/tests/nft-expr_log-test.c index 7590548..7e257ab 100644 --- a/tests/nft-expr_log-test.c +++ b/tests/nft-expr_log-test.c @@ -16,8 +16,8 @@ #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_lookup-test.c b/tests/nft-expr_lookup-test.c index 760e69c..38a2a46 100644 --- a/tests/nft-expr_lookup-test.c +++ b/tests/nft-expr_lookup-test.c @@ -16,8 +16,8 @@ #include #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_match-test.c b/tests/nft-expr_match-test.c index dcb9f74..96b063a 100644 --- a/tests/nft-expr_match-test.c +++ b/tests/nft-expr_match-test.c @@ -18,8 +18,8 @@ #include #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_meta-test.c b/tests/nft-expr_meta-test.c index 879f2e7..9196f9c 100644 --- a/tests/nft-expr_meta-test.c +++ b/tests/nft-expr_meta-test.c @@ -16,8 +16,8 @@ #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_nat-test.c b/tests/nft-expr_nat-test.c index 35b6479..64966b2 100644 --- a/tests/nft-expr_nat-test.c +++ b/tests/nft-expr_nat-test.c @@ -17,8 +17,8 @@ #include #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_payload-test.c b/tests/nft-expr_payload-test.c index d6f4e05..3ce59f9 100644 --- a/tests/nft-expr_payload-test.c +++ b/tests/nft-expr_payload-test.c @@ -17,8 +17,8 @@ #include #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_reject-test.c b/tests/nft-expr_reject-test.c index 23784e9..0678081 100644 --- a/tests/nft-expr_reject-test.c +++ b/tests/nft-expr_reject-test.c @@ -17,8 +17,8 @@ #include #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-expr_target-test.c b/tests/nft-expr_target-test.c index 7bde348..9387779 100644 --- a/tests/nft-expr_target-test.c +++ b/tests/nft-expr_target-test.c @@ -18,8 +18,8 @@ #include #include #include -#include -#include +#include +#include static int test_ok = 1; diff --git a/tests/nft-parsing-test.c b/tests/nft-parsing-test.c index df981ad..1786cb6 100644 --- a/tests/nft-parsing-test.c +++ b/tests/nft-parsing-test.c @@ -6,11 +6,11 @@ #include #include /*nlmsghdr*/ -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include enum { TEST_XML_RULESET, diff --git a/tests/nft-rule-test.c b/tests/nft-rule-test.c index 5b99003..80338d0 100644 --- a/tests/nft-rule-test.c +++ b/tests/nft-rule-test.c @@ -14,7 +14,7 @@ #include #include -#include +#include static int test_ok = 1; diff --git a/tests/nft-set-test.c b/tests/nft-set-test.c index 5930af3..141dfd3 100644 --- a/tests/nft-set-test.c +++ b/tests/nft-set-test.c @@ -14,7 +14,7 @@ #include #include -#include +#include static int test_ok = 1; diff --git a/tests/nft-table-test.c b/tests/nft-table-test.c index fd85f42..051163b 100644 --- a/tests/nft-table-test.c +++ b/tests/nft-table-test.c @@ -14,7 +14,7 @@ #include #include -#include +#include static int test_ok = 1; -- cgit v1.2.3 From 91264d8b8b746f7eee8a3e1ee9b5e57758441cfc Mon Sep 17 00:00:00 2001 From: Tomasz Bursztyka Date: Mon, 20 Jan 2014 17:56:21 +0200 Subject: build: Ensure pkg-config file provides the right informations It's not -lnftables anymore but -lnftnl (among other details) Signed-off-by: Tomasz Bursztyka Signed-off-by: Pablo Neira Ayuso --- libnftnl.pc.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libnftnl.pc.in b/libnftnl.pc.in index 0c6d57e..fd5cc6a 100644 --- a/libnftnl.pc.in +++ b/libnftnl.pc.in @@ -1,15 +1,15 @@ -# libnftables pkg-config file +# libnftnl pkg-config file prefix=@prefix@ exec_prefix=@exec_prefix@ libdir=@libdir@ includedir=@includedir@ -Name: libnftables +Name: libnftnl Description: Netfilter nf_tables infrastructure library -URL: http://netfilter.org/projects/libnftables/ +URL: http://netfilter.org/projects/libnftnl/ Version: @VERSION@ Requires: Conflicts: -Libs: -L${libdir} -lnftables +Libs: -L${libdir} -lnftnl Cflags: -I${includedir} -- cgit v1.2.3 From fa03299885df953078b69182097a14d7fd447ce0 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 21 Jan 2014 00:52:01 +0100 Subject: build: resolve build failure involving linux/netlink.h This was seen with a sufficiently-old /usr/include/linux (from Linux 2.6.32). In file included from common.c:10: /usr/include/linux/netlink.h:34: error: expected specifier-qualifier-list before 'sa_family_t' The solution is to include last of all system headers. Signed-off-by: Jan Engelhardt Signed-off-by: Pablo Neira Ayuso --- src/common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/common.c b/src/common.c index b9598bf..336d2b4 100644 --- a/src/common.c +++ b/src/common.c @@ -7,6 +7,8 @@ * (at your option) any later version. */ +#include +#include #include #include @@ -14,7 +16,6 @@ #include #include "internal.h" -#include struct nlmsghdr *nft_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family, uint16_t type, uint32_t seq) -- cgit v1.2.3 From 058c5a728fbaae840be96d4450cd9e1eea51ca52 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 21 Jan 2014 00:52:02 +0100 Subject: build: resolve compile error involving XT_EXTENSION_MAXNAMELEN 2.6.32 headers in /usr/include/linux again. Ship a copy of x_tables.h from Linux 3.11. Signed-off-by: Jan Engelhardt Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter/x_tables.h | 185 +++++++++++++++++++++++++++++++++++++ 1 file changed, 185 insertions(+) create mode 100644 include/linux/netfilter/x_tables.h diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h new file mode 100644 index 0000000..4120970 --- /dev/null +++ b/include/linux/netfilter/x_tables.h @@ -0,0 +1,185 @@ +#ifndef _X_TABLES_H +#define _X_TABLES_H +#include +#include + +#define XT_FUNCTION_MAXNAMELEN 30 +#define XT_EXTENSION_MAXNAMELEN 29 +#define XT_TABLE_MAXNAMELEN 32 + +struct xt_entry_match { + union { + struct { + __u16 match_size; + + /* Used by userspace */ + char name[XT_EXTENSION_MAXNAMELEN]; + __u8 revision; + } user; + struct { + __u16 match_size; + + /* Used inside the kernel */ + struct xt_match *match; + } kernel; + + /* Total length */ + __u16 match_size; + } u; + + unsigned char data[0]; +}; + +struct xt_entry_target { + union { + struct { + __u16 target_size; + + /* Used by userspace */ + char name[XT_EXTENSION_MAXNAMELEN]; + __u8 revision; + } user; + struct { + __u16 target_size; + + /* Used inside the kernel */ + struct xt_target *target; + } kernel; + + /* Total length */ + __u16 target_size; + } u; + + unsigned char data[0]; +}; + +#define XT_TARGET_INIT(__name, __size) \ +{ \ + .target.u.user = { \ + .target_size = XT_ALIGN(__size), \ + .name = __name, \ + }, \ +} + +struct xt_standard_target { + struct xt_entry_target target; + int verdict; +}; + +struct xt_error_target { + struct xt_entry_target target; + char errorname[XT_FUNCTION_MAXNAMELEN]; +}; + +/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision + * kernel supports, if >= revision. */ +struct xt_get_revision { + char name[XT_EXTENSION_MAXNAMELEN]; + __u8 revision; +}; + +/* CONTINUE verdict for targets */ +#define XT_CONTINUE 0xFFFFFFFF + +/* For standard target */ +#define XT_RETURN (-NF_REPEAT - 1) + +/* this is a dummy structure to find out the alignment requirement for a struct + * containing all the fundamental data types that are used in ipt_entry, + * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my + * personal pleasure to remove it -HW + */ +struct _xt_align { + __u8 u8; + __u16 u16; + __u32 u32; + __u64 u64; +}; + +#define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align)) + +/* Standard return verdict, or do jump. */ +#define XT_STANDARD_TARGET "" +/* Error verdict. */ +#define XT_ERROR_TARGET "ERROR" + +#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) +#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) + +struct xt_counters { + __u64 pcnt, bcnt; /* Packet and byte counters */ +}; + +/* The argument to IPT_SO_ADD_COUNTERS. */ +struct xt_counters_info { + /* Which table. */ + char name[XT_TABLE_MAXNAMELEN]; + + unsigned int num_counters; + + /* The counters (actually `number' of these). */ + struct xt_counters counters[0]; +}; + +#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ + +/* fn returns 0 to continue iteration */ +#define XT_MATCH_ITERATE(type, e, fn, args...) \ +({ \ + unsigned int __i; \ + int __ret = 0; \ + struct xt_entry_match *__m; \ + \ + for (__i = sizeof(type); \ + __i < (e)->target_offset; \ + __i += __m->u.match_size) { \ + __m = (void *)e + __i; \ + \ + __ret = fn(__m , ## args); \ + if (__ret != 0) \ + break; \ + } \ + __ret; \ +}) + +/* fn returns 0 to continue iteration */ +#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \ +({ \ + unsigned int __i, __n; \ + int __ret = 0; \ + type *__entry; \ + \ + for (__i = 0, __n = 0; __i < (size); \ + __i += __entry->next_offset, __n++) { \ + __entry = (void *)(entries) + __i; \ + if (__n < n) \ + continue; \ + \ + __ret = fn(__entry , ## args); \ + if (__ret != 0) \ + break; \ + } \ + __ret; \ +}) + +/* fn returns 0 to continue iteration */ +#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \ + XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args) + + +/* pos is normally a struct ipt_entry/ip6t_entry/etc. */ +#define xt_entry_foreach(pos, ehead, esize) \ + for ((pos) = (typeof(pos))(ehead); \ + (pos) < (typeof(pos))((char *)(ehead) + (esize)); \ + (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset)) + +/* can only be xt_entry_match, so no use of typeof here */ +#define xt_ematch_foreach(pos, entry) \ + for ((pos) = (struct xt_entry_match *)entry->elems; \ + (pos) < (struct xt_entry_match *)((char *)(entry) + \ + (entry)->target_offset); \ + (pos) = (struct xt_entry_match *)((char *)(pos) + \ + (pos)->u.match_size)) + + +#endif /* _X_TABLES_H */ -- cgit v1.2.3 From 28ce974d9194d8fffda6c4e00c29a42bfe4df6a3 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 21 Jan 2014 10:39:18 +0100 Subject: build: fix final report after configuration If no xml/json support is explicitly enabled, the final report does not show "no". This patch fixes this: libnftnl configuration: XML support: no JSON support: no Signed-off-by: Pablo Neira Ayuso --- configure.ac | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index 54c66fe..f95b268 100644 --- a/configure.ac +++ b/configure.ac @@ -20,12 +20,14 @@ AC_ARG_WITH([xml-parsing], AC_ARG_WITH([json-parsing], AS_HELP_STRING([--with-json-parsing], [JSON parsing support])) -AS_IF([test "x$with_xml_parsing" = "xyes"], [ - PKG_CHECK_MODULES([LIBXML], [mxml >= 2.6]) -]) -AS_IF([test "x$with_json_parsing" = "xyes"], [ - PKG_CHECK_MODULES([LIBJSON], [jansson >= 2.3]) -]) +AS_IF([test "x$with_xml_parsing" = "xyes"], + [PKG_CHECK_MODULES([LIBXML], [mxml >= 2.6])], + [with_xml_parsing="no"] +) +AS_IF([test "x$with_json_parsing" = "xyes"], + [PKG_CHECK_MODULES([LIBJSON], [jansson >= 2.3])], + [with_json_parsing="no"] +) AC_PROG_CC AM_PROG_CC_C_O AC_EXEEXT -- cgit v1.2.3 From a4a59b37ffce3b351ce6ddcfa3d964f23e4fb891 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Tue, 21 Jan 2014 13:08:32 +0100 Subject: include: add stdint.h to common.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes: /usr/local/include/libnftnl/common.h:25:49: error: unknown type name ‘uint16_t’ /usr/local/include/libnftnl/common.h:25:63: error: unknown type name ‘uint16_t’ /usr/local/include/libnftnl/common.h:26:10: error: unknown type name ‘uint16_t’ /usr/local/include/libnftnl/common.h:26:25: error: unknown type name ‘uint32_t’ Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- include/libnftnl/common.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/libnftnl/common.h b/include/libnftnl/common.h index 9d18b2b..f0c20f0 100644 --- a/include/libnftnl/common.h +++ b/include/libnftnl/common.h @@ -1,6 +1,8 @@ #ifndef _LIBNFTNL_COMMON_H_ #define _LIBNFTNL_COMMON_H_ +#include + enum { NFT_PARSE_EBADINPUT = 0, NFT_PARSE_EMISSINGNODE, -- cgit v1.2.3 From 076fd1e66e7f1bc3b2bd91f3efb84080da26fb9c Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 22 Jan 2014 12:55:04 +0100 Subject: include: add cached copy of linux/kernel.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes the following compilation warning when compiling with old kernel headers. CC expr/target.lo expr/target.c: In function ‘nft_rule_expr_target_build’: expr/target.c:127: warning: implicit declaration of function ‘__ALIGN_KERNEL’ Signed-off-by: Pablo Neira Ayuso --- include/linux/kernel.h | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 include/linux/kernel.h diff --git a/include/linux/kernel.h b/include/linux/kernel.h new file mode 100644 index 0000000..d4c59f6 --- /dev/null +++ b/include/linux/kernel.h @@ -0,0 +1,29 @@ +#ifndef _LINUX_KERNEL_H +#define _LINUX_KERNEL_H + +/* + * 'kernel.h' contains some often-used function prototypes etc + */ +#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1) +#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask)) + + +#define SI_LOAD_SHIFT 16 +struct sysinfo { + long uptime; /* Seconds since boot */ + unsigned long loads[3]; /* 1, 5, and 15 minute load averages */ + unsigned long totalram; /* Total usable main memory size */ + unsigned long freeram; /* Available memory size */ + unsigned long sharedram; /* Amount of shared memory */ + unsigned long bufferram; /* Memory used by buffers */ + unsigned long totalswap; /* Total swap space size */ + unsigned long freeswap; /* swap space still available */ + unsigned short procs; /* Number of current processes */ + unsigned short pad; /* explicit padding for m68k */ + unsigned long totalhigh; /* Total high memory size */ + unsigned long freehigh; /* Available high memory size */ + unsigned int mem_unit; /* Memory unit size in bytes */ + char _f[20-2*sizeof(long)-sizeof(int)]; /* Padding: libc5 uses this.. */ +}; + +#endif -- cgit v1.2.3