diff options
author | Thomas Haller <thaller@redhat.com> | 2023-08-18 11:40:38 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-08-24 09:01:45 +0200 |
commit | 2034d8c60ed91c36b74e86e0c195eb6f2c27f9fa (patch) | |
tree | ed75840f9cca338ed6ebc5e9bd5d7080a83c6396 /doc | |
parent | 3684a1b69c255d5268dd2b1590c1dc039e48052d (diff) |
src: add input flag NFT_CTX_INPUT_JSON to enable JSON parsing
By default, the input is parsed using the nftables grammar. When setting
NFT_CTX_OUTPUT_JSON flag, nftables will first try to parse the input as
JSON before falling back to the nftables grammar.
But NFT_CTX_OUTPUT_JSON flag also turns on JSON for the output. Add a
flag NFT_CTX_INPUT_JSON which allows to treat only the input as JSON,
but keep the output mode unchanged.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Reviewed-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/libnftables.adoc | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc index 62de75f3..2cf78d7a 100644 --- a/doc/libnftables.adoc +++ b/doc/libnftables.adoc @@ -87,6 +87,7 @@ The flags setting controls the input format. ---- enum { NFT_CTX_INPUT_NO_DNS = (1 << 0), + NFT_CTX_INPUT_JSON = (1 << 1), }; ---- @@ -94,6 +95,11 @@ NFT_CTX_INPUT_NO_DNS:: Avoid resolving IP addresses with blocking getaddrinfo(). In that case, only plain IP addresses are accepted. +NFT_CTX_INPUT_JSON: + When parsing the input, first try to interpret the input as JSON before + falling back to the nftables format. This behavior is implied when setting + the NFT_CTX_OUTPUT_JSON flag. + The *nft_ctx_input_get_flags*() function returns the input flags setting's value in 'ctx'. The *nft_ctx_input_set_flags*() function sets the input flags setting in 'ctx' to the value of 'val' @@ -139,7 +145,8 @@ NFT_CTX_OUTPUT_HANDLE:: NFT_CTX_OUTPUT_JSON:: If enabled at compile-time, libnftables accepts input in JSON format and is able to print output in JSON format as well. See *libnftables-json*(5) for a description of the supported schema. - This flag controls JSON output format, input is auto-detected. + This flag enables JSON output format. If the flag is set, the input will first be tried as JSON format, + before falling back to nftables format. This flag implies NFT_CTX_INPUT_JSON. NFT_CTX_OUTPUT_ECHO:: The echo setting makes libnftables print the changes once they are committed to the kernel, just like a running instance of *nft monitor* would. Amongst other things, this allows one to retrieve an added rule's handle atomically. |