From 29a89694181f8eaa8b9dcd8c95224ced6199ad94 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 5 Sep 2013 21:54:56 +0200 Subject: chain: use human readable netfilter hook Since (108d9f6 src: Wrap netfilter hooks around human readable strings) in nft, we have to use human readable netfilter hooks. This patch also adapts the XML and JSON tests. Signed-off-by: Pablo Neira Ayuso --- src/chain.c | 60 +++++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 43 insertions(+), 17 deletions(-) (limited to 'src') diff --git a/src/chain.c b/src/chain.c index 1761772..b196cd6 100644 --- a/src/chain.c +++ b/src/chain.c @@ -24,6 +24,7 @@ #include #include #include +#include #include @@ -44,13 +45,38 @@ struct nft_chain { uint32_t flags; }; -static const char *hooknum2str_array[NF_INET_NUMHOOKS] = { - [NF_INET_PRE_ROUTING] = "NF_INET_PRE_ROUTING", - [NF_INET_LOCAL_IN] = "NF_INET_LOCAL_IN", - [NF_INET_FORWARD] = "NF_INET_FORWARD", - [NF_INET_LOCAL_OUT] = "NF_INET_LOCAL_OUT", - [NF_INET_POST_ROUTING] = "NF_INET_POST_ROUTING", -}; +static const char *nft_hooknum2str(int family, int hooknum) +{ + switch (family) { + case NFPROTO_IPV4: + case NFPROTO_IPV6: + case NFPROTO_BRIDGE: + switch (hooknum) { + case NF_INET_PRE_ROUTING: + return "prerouting"; + case NF_INET_LOCAL_IN: + return "input"; + case NF_INET_FORWARD: + return "forward"; + case NF_INET_LOCAL_OUT: + return "output"; + case NF_INET_POST_ROUTING: + return "postrouting"; + } + break; + case NFPROTO_ARP: + switch (hooknum) { + case NF_ARP_IN: + return "input"; + case NF_ARP_OUT: + return "output"; + case NF_ARP_FORWARD: + return "forward"; + } + break; + } + return "unknown"; +} struct nft_chain *nft_chain_alloc(void) { @@ -468,12 +494,12 @@ int nft_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_chain *c) } EXPORT_SYMBOL(nft_chain_nlmsg_parse); -static inline int nft_str2hooknum(const char *hook) +static inline int nft_str2hooknum(int family, const char *hook) { int hooknum; for (hooknum = 0; hooknum < NF_INET_NUMHOOKS; hooknum++) { - if (strcmp(hook, hooknum2str_array[hooknum]) == 0) + if (strcmp(hook, nft_hooknum2str(family, hooknum)) == 0) return hooknum; } return -1; @@ -548,7 +574,7 @@ static int nft_chain_json_parse(struct nft_chain *c, const char *json) if (valstr == NULL) goto err; - val32 = nft_str2hooknum(valstr); + val32 = nft_str2hooknum(c->family, valstr); if (val32 == -1) goto err; @@ -635,7 +661,7 @@ static int nft_chain_xml_parse(struct nft_chain *c, const char *xml) hooknum_str = nft_mxml_str_parse(tree, "hooknum", MXML_DESCEND_FIRST); if (hooknum_str != NULL) { - hooknum = nft_str2hooknum(hooknum_str); + hooknum = nft_str2hooknum(c->family, hooknum_str); if (hooknum < 0) goto err; @@ -728,8 +754,8 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c) "\"hooknum\": \"%s\"," "\"prio\": %d," "\"policy\": \"%s\"", - c->type, hooknum2str_array[c->hooknum], c->prio, - nft_verdict2str(c->policy)); + c->type, nft_hooknum2str(c->family, c->hooknum), + c->prio, nft_verdict2str(c->policy)); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } @@ -757,8 +783,8 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c) "%s" "%d" "%s", - c->type, hooknum2str_array[c->hooknum], c->prio, - nft_verdict2str(c->policy)); + c->type, nft_hooknum2str(c->family, c->hooknum), + c->prio, nft_verdict2str(c->policy)); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } @@ -782,8 +808,8 @@ static int nft_chain_snprintf_default(char *buf, size_t size, ret = snprintf(buf+offset, size, " type %s hook %s prio %d policy %s use %d " "packets %"PRIu64" bytes %"PRIu64"", - c->type, hooknum2str_array[c->hooknum], c->prio, - nft_verdict2str(c->policy), c->use, + c->type, nft_hooknum2str(c->family, c->hooknum), + c->prio, nft_verdict2str(c->policy), c->use, c->packets, c->bytes); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } -- cgit v1.2.3