summaryrefslogtreecommitdiffstats
path: root/src/rule.c
diff options
context:
space:
mode:
authorShyam Saini <mayhs11saini@gmail.com>2017-12-05 19:37:34 +0530
committerPablo Neira Ayuso <pablo@netfilter.org>2018-01-17 13:46:30 +0100
commit2fa54d8a49352bda44d3e25d1d7ba3531faf3303 (patch)
tree55182570ad839f401ed4e4e3c39a28884652cd80 /src/rule.c
parent9afd72a883e391e366a1d75bb4e1705357e078e9 (diff)
src: Add import command for low level json
This new operation allows to import low level virtual machine ruleset in json to make incremental changes using the parse functions of libnftnl. A basic way to test this new functionality is: $ cat file.json | nft import vm json where the file.json is a ruleset exported in low level json format. To export json rules in low level virtual machine format we need to specify "vm" token before json. See below $ nft export vm json and $ nft export/import json will do no operations. Same goes with "$nft monitor" Highly based on work from Alvaro Neira <alvaroneay@gmail.com> and Arturo Borrero <arturo@netfilter.org> Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Shyam Saini <mayhs11saini@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
-rw-r--r--src/rule.c45
1 files changed, 35 insertions, 10 deletions
diff --git a/src/rule.c b/src/rule.c
index edd0ff6f..f19197fe 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -898,19 +898,19 @@ void nft_cmd_expand(struct cmd *cmd)
}
}
-struct export *export_alloc(uint32_t format)
+struct markup *markup_alloc(uint32_t format)
{
- struct export *export;
+ struct markup *markup;
- export = xmalloc(sizeof(struct export));
- export->format = format;
+ markup = xmalloc(sizeof(struct markup));
+ markup->format = format;
- return export;
+ return markup;
}
-void export_free(struct export *e)
+void markup_free(struct markup *m)
{
- xfree(e);
+ xfree(m);
}
struct monitor *monitor_alloc(uint32_t format, uint32_t type, const char *event)
@@ -958,8 +958,8 @@ void cmd_free(struct cmd *cmd)
case CMD_OBJ_MONITOR:
monitor_free(cmd->monitor);
break;
- case CMD_OBJ_EXPORT:
- export_free(cmd->export);
+ case CMD_OBJ_MARKUP:
+ markup_free(cmd->markup);
break;
case CMD_OBJ_COUNTER:
case CMD_OBJ_QUOTA:
@@ -1161,13 +1161,36 @@ static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd)
return -1;
} while (rs == NULL);
- nftnl_ruleset_fprintf(fp, rs, cmd->export->format, 0);
+ nftnl_ruleset_fprintf(fp, rs, cmd->markup->format, NFTNL_OF_EVENT_NEW);
+
nft_print(ctx->octx, "\n");
nftnl_ruleset_free(rs);
return 0;
}
+static int do_command_import(struct netlink_ctx *ctx, struct cmd *cmd)
+{
+ int ret;
+ struct nftnl_parse_err *err;
+ struct ruleset_parse rp = {
+ .nl_ctx = ctx,
+ .cmd = cmd
+ };
+
+ err = nftnl_parse_err_alloc();
+ if (err == NULL)
+ return -1;
+
+ ret = nftnl_ruleset_parse_file_cb(cmd->markup->format, stdin, err, &rp,
+ netlink_markup_parse_cb);
+ if (ret < 0)
+ nftnl_parse_perror("unable to import: parsing failed", err);
+
+ nftnl_parse_err_free(err);
+ return ret;
+}
+
static int do_list_table(struct netlink_ctx *ctx, struct cmd *cmd,
struct table *table)
{
@@ -1793,6 +1816,8 @@ int do_command(struct netlink_ctx *ctx, struct cmd *cmd)
return do_command_flush(ctx, cmd);
case CMD_RENAME:
return do_command_rename(ctx, cmd);
+ case CMD_IMPORT:
+ return do_command_import(ctx, cmd);
case CMD_EXPORT:
return do_command_export(ctx, cmd);
case CMD_MONITOR: