From dec687412e31118a3add7bad8de6ac496f7c1c65 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Sat, 18 Jan 2014 17:56:45 +0100 Subject: data_reg: fix verdict format approach Patrick reports that the XML/JSON formats of the data_reg object are not accuarate. This patch updates these formats, so they are now as follow: * with raw data (this doesn't change). * with a concrete verdict (eg drop accept) and an optional , with destination. In XML: goto output In JSON: "data_reg" : { "type" : "verdict", "verdict" : "goto" "chain" : "output", } The default output format is updated to reflect these changes (minor collateral thing). When parsing set_elems, to know if we need to add the NFT_SET_ELEM_ATTR_CHAIN flag, a basic check for the chain not being NULL is done, instead of evaluating if the result of the parsing was DATA_CHAIN. The DATA_CHAIN symbol is no longer used in the data_reg XML/JSON parsing zone. While at it, I updated the error reporting stuff regarding data_reg/verdict, in order to leave a consistent state in the library. A JSON testfile is updated as well. Reported-by: Patrick McHardy Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- tests/jsonfiles/63-set.json | 2 +- tests/nft-parsing-test.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/jsonfiles/63-set.json b/tests/jsonfiles/63-set.json index ea2fe3d..62ccd2f 100644 --- a/tests/jsonfiles/63-set.json +++ b/tests/jsonfiles/63-set.json @@ -1 +1 @@ -{"nftables":[{"set":{"name":"map0","table":"filter","flags":11,"family":"ip","key_type":12,"key_len":2,"data_type":4294967040,"data_len":16,"set_elem":[{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001700"}},"data":{"data_reg":{"type":"chain","chain":"forward"}}},{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001600"}},"data":{"data_reg":{"type":"chain","chain":"chain1"}}}]}}]} +{"nftables":[{"set":{"name":"map0","table":"f","flags":11,"family":"ip","key_type":12,"key_len":2,"data_type":4294967040,"data_len":16,"set_elem":[{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001700"}},"data":{"data_reg":{"type":"verdict","verdict":"goto","chain":"o"}}},{"flags":0,"key":{"data_reg":{"type":"value","len":2,"data0":"0x00001600"}},"data":{"data_reg":{"type":"verdict","verdict":"accept"}}}]}}]} diff --git a/tests/nft-parsing-test.c b/tests/nft-parsing-test.c index b2ad62e..df981ad 100644 --- a/tests/nft-parsing-test.c +++ b/tests/nft-parsing-test.c @@ -121,6 +121,7 @@ failparsing: fclose(fp); printf("parsing %s: ", filename); printf("\033[31mFAILED\e[0m (%s)\n", strerror(errno)); + nft_parse_perror("fail", err); return -1; } -- cgit v1.2.3