From c04175e392335fb22b52f234171b5042e0b8f6bd Mon Sep 17 00:00:00 2001
From: Alvaro Neira <alvaroneay@gmail.com>
Date: Fri, 3 Oct 2014 20:02:40 +0200
Subject: src: internal set id allocation from nft_ruleset_parse*()

Extends this function to attach the set to the rule through the set_idi.
If it doesn't exist in the list, maybe the set already exists in the
kernel. In that case, we don't set any id.

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/rule.c | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

(limited to 'src/rule.c')

diff --git a/src/rule.c b/src/rule.c
index ec5f9a8..c974f8b 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -26,6 +26,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libnftnl/rule.h>
+#include <libnftnl/set.h>
 #include <libnftnl/expr.h>
 
 #include "linux_list.h"
@@ -511,7 +512,8 @@ EXPORT_SYMBOL(nft_rule_nlmsg_parse);
 
 #ifdef JSON_PARSING
 int nft_jansson_parse_rule(struct nft_rule *r, json_t *tree,
-			   struct nft_parse_err *err)
+			   struct nft_parse_err *err,
+			   struct nft_set_list *set_list)
 {
 	json_t *root, *array;
 	struct nft_rule_expr *e;
@@ -587,7 +589,8 @@ int nft_jansson_parse_rule(struct nft_rule *r, json_t *tree,
 
 	for (i = 0; i < json_array_size(array); ++i) {
 
-		e = nft_jansson_expr_parse(json_array_get(array, i), err);
+		e = nft_jansson_expr_parse(json_array_get(array, i), err,
+					   set_list);
 		if (e == NULL)
 			goto err;
 
@@ -604,7 +607,8 @@ err:
 
 static int nft_rule_json_parse(struct nft_rule *r, const void *json,
 			       struct nft_parse_err *err,
-			       enum nft_parse_input input)
+			       enum nft_parse_input input,
+			       struct nft_set_list *set_list)
 {
 #ifdef JSON_PARSING
 	json_t *tree;
@@ -614,7 +618,7 @@ static int nft_rule_json_parse(struct nft_rule *r, const void *json,
 	if (tree == NULL)
 		return -1;
 
-	return nft_jansson_parse_rule(r, tree, err);
+	return nft_jansson_parse_rule(r, tree, err, set_list);
 #else
 	errno = EOPNOTSUPP;
 	return -1;
@@ -623,7 +627,8 @@ static int nft_rule_json_parse(struct nft_rule *r, const void *json,
 
 #ifdef XML_PARSING
 int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r,
-			struct nft_parse_err *err)
+			struct nft_parse_err *err,
+			struct nft_set_list *set_list)
 {
 	mxml_node_t *node;
 	struct nft_rule_expr *e;
@@ -675,7 +680,7 @@ int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r,
 		node != NULL;
 		node = mxmlFindElement(node, tree, "expr", "type",
 				       NULL, MXML_DESCEND)) {
-		e = nft_mxml_expr_parse(node, err);
+		e = nft_mxml_expr_parse(node, err, set_list);
 		if (e == NULL)
 			return -1;
 
@@ -688,7 +693,8 @@ int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r,
 
 static int nft_rule_xml_parse(struct nft_rule *r, const void *xml,
 			      struct nft_parse_err *err,
-			      enum nft_parse_input input)
+			      enum nft_parse_input input,
+			      struct nft_set_list *set_list)
 {
 #ifdef XML_PARSING
 	int ret;
@@ -696,7 +702,7 @@ static int nft_rule_xml_parse(struct nft_rule *r, const void *xml,
 	if (tree == NULL)
 		return -1;
 
-	ret = nft_mxml_rule_parse(tree, r, err);
+	ret = nft_mxml_rule_parse(tree, r, err, set_list);
 	mxmlDelete(tree);
 	return ret;
 #else
@@ -714,10 +720,10 @@ static int nft_rule_do_parse(struct nft_rule *r, enum nft_parse_type type,
 
 	switch (type) {
 	case NFT_PARSE_XML:
-		ret = nft_rule_xml_parse(r, data, &perr, input);
+		ret = nft_rule_xml_parse(r, data, &perr, input, NULL);
 		break;
 	case NFT_PARSE_JSON:
-		ret = nft_rule_json_parse(r, data, &perr, input);
+		ret = nft_rule_json_parse(r, data, &perr, input, NULL);
 		break;
 	default:
 		ret = -1;
-- 
cgit v1.2.3