diff options
author | Shyam Saini <mayhs11saini@gmail.com> | 2017-12-05 19:37:34 +0530 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-01-17 13:46:30 +0100 |
commit | 2fa54d8a49352bda44d3e25d1d7ba3531faf3303 (patch) | |
tree | 55182570ad839f401ed4e4e3c39a28884652cd80 /src/rule.c | |
parent | 9afd72a883e391e366a1d75bb4e1705357e078e9 (diff) |
src: Add import command for low level json
This new operation allows to import low level virtual machine ruleset in
json to make incremental changes using the parse functions of libnftnl.
A basic way to test this new functionality is:
$ cat file.json | nft import vm json
where the file.json is a ruleset exported in low level json format.
To export json rules in low level virtual machine format
we need to specify "vm" token before json. See below
$ nft export vm json
and
$ nft export/import json
will do no operations.
Same goes with "$nft monitor"
Highly based on work from Alvaro Neira <alvaroneay@gmail.com>
and Arturo Borrero <arturo@netfilter.org>
Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Shyam Saini <mayhs11saini@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
-rw-r--r-- | src/rule.c | 45 |
1 files changed, 35 insertions, 10 deletions
@@ -898,19 +898,19 @@ void nft_cmd_expand(struct cmd *cmd) } } -struct export *export_alloc(uint32_t format) +struct markup *markup_alloc(uint32_t format) { - struct export *export; + struct markup *markup; - export = xmalloc(sizeof(struct export)); - export->format = format; + markup = xmalloc(sizeof(struct markup)); + markup->format = format; - return export; + return markup; } -void export_free(struct export *e) +void markup_free(struct markup *m) { - xfree(e); + xfree(m); } struct monitor *monitor_alloc(uint32_t format, uint32_t type, const char *event) @@ -958,8 +958,8 @@ void cmd_free(struct cmd *cmd) case CMD_OBJ_MONITOR: monitor_free(cmd->monitor); break; - case CMD_OBJ_EXPORT: - export_free(cmd->export); + case CMD_OBJ_MARKUP: + markup_free(cmd->markup); break; case CMD_OBJ_COUNTER: case CMD_OBJ_QUOTA: @@ -1161,13 +1161,36 @@ static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd) return -1; } while (rs == NULL); - nftnl_ruleset_fprintf(fp, rs, cmd->export->format, 0); + nftnl_ruleset_fprintf(fp, rs, cmd->markup->format, NFTNL_OF_EVENT_NEW); + nft_print(ctx->octx, "\n"); nftnl_ruleset_free(rs); return 0; } +static int do_command_import(struct netlink_ctx *ctx, struct cmd *cmd) +{ + int ret; + struct nftnl_parse_err *err; + struct ruleset_parse rp = { + .nl_ctx = ctx, + .cmd = cmd + }; + + err = nftnl_parse_err_alloc(); + if (err == NULL) + return -1; + + ret = nftnl_ruleset_parse_file_cb(cmd->markup->format, stdin, err, &rp, + netlink_markup_parse_cb); + if (ret < 0) + nftnl_parse_perror("unable to import: parsing failed", err); + + nftnl_parse_err_free(err); + return ret; +} + static int do_list_table(struct netlink_ctx *ctx, struct cmd *cmd, struct table *table) { @@ -1793,6 +1816,8 @@ int do_command(struct netlink_ctx *ctx, struct cmd *cmd) return do_command_flush(ctx, cmd); case CMD_RENAME: return do_command_rename(ctx, cmd); + case CMD_IMPORT: + return do_command_import(ctx, cmd); case CMD_EXPORT: return do_command_export(ctx, cmd); case CMD_MONITOR: |