summaryrefslogtreecommitdiffstats
path: root/src/parser_json.c
Commit message (Collapse)AuthorAgeFilesLines
* expr: extend fwd statement to support address and familyPablo Neira Ayuso2018-06-061-1/+1
| | | | | | | | Allow to forward packets through to explicit destination and interface. nft add rule netdev x y fwd ip to 192.168.2.200 device eth0 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Review large number parsing/printingPhil Sutter2018-06-031-14/+14
| | | | | | | | | When parsing large (uint64_t) values, capital 'I' has to be used in format string. While being at it, make sure JSON output code handles those variables correctly, too. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Fix replace command parserPhil Sutter2018-06-031-1/+2
| | | | | | | | This was completely broken. Yet another indicator the JSON API part of testsuite is insufficient. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Fix add rule with indexPhil Sutter2018-06-031-1/+1
| | | | | | | | | This was missed by commit fb557b5546084 ("JSON: Sort out rule position and handles in general"): When adding a rule, the parser would still expect "pos" property instead of "index". Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Simplify verdict statement parsingPhil Sutter2018-06-031-36/+3
| | | | | | | | Reuse verdict expression parsing routine. Since the statement simply wraps an expression, this change is an obvious one. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Simplify wildcard expressionPhil Sutter2018-06-031-12/+11
| | | | | | | | Instead of dedicating an object for it ('{ "*": null }'), just use a string consisting of an asterisk as sole character. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Simplify immediate value parsingPhil Sutter2018-06-011-45/+31
| | | | | | | | | | | | | | | Since an explicit "immediate" expression doesn't exist in JSON (the values are represented as plain JSON string/integer/boolean types), there is no need for json_parse_immediate_expr() to comply to the common expression parser parameter format. Apart from that: * Drop CTX_F_RHS checks - caller assures sane context already. * Improve error message a bit for denied JSON types. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Fix parsing of meter statement keyPhil Sutter2018-06-011-2/+2
| | | | | | | | | The key must be a set elem expression, but if a "regular" expression was provided (which should be commonly accepted in case no set elem specific properties are required), the resulting object tree crashed libnftables. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Improve prefix expression parsing error message a bitPhil Sutter2018-06-011-1/+1
| | | | | Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Simplify tcp option expression parsing a bitPhil Sutter2018-06-011-3/+2
| | | | | | | | When parsing the optional "field" property, use return code of json_unpack() directly to check if it was present or not. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Fix parsing and printing of limit objectsPhil Sutter2018-06-011-22/+27
| | | | | | | | Fix parsing and printing of named limit objects by aligning the code with parser/printer of anonymous ones. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Review set elem expressionsPhil Sutter2018-06-011-11/+4
| | | | | | | | | | | | * There is no need to prefix element-specific properties with 'elem_', they can't conflict. * In json_parse_set_stmt(), searching for above properties is pointless since that's already done by called function. * Fix potential NULL-pointer deref in json_parse_set_elem_expr_stmt(): json_parse_flagged_expr() may return NULL. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Review meter statement supportPhil Sutter2018-06-011-5/+6
| | | | | | | | | Meter name being optional seems to come from old flow statement, so don't support this. Also add size support as was recently added to standard syntax. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Sort out rule position and handles in generalPhil Sutter2018-06-011-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | First of all, don't print the position property when listing rules. This was there only because libnftnl JSON output has it too, but since the preferred way to *add* a rule at some location is via 'handle' keyword, keeping "position" in output would be non-intuitive. Changing "position" property name to "handle" instead is also a no-go since that would clash with the real rule handle. Secondly, turn all handle output on regardless of octx->handle setting. For a programmatic API like JSON, this should be fine. Thirdly, fix rule locations when parsing JSON: Respect "handle" property for CMD_INSERT and CMD_ADD and ignore "pos" at all (actually even a typo, should have read "position"). Also support "index" property recently added to standard syntax. Finally, adjust nft-test.py for the above changes: There is no "position" property to drop from rule output, and "handle" property will always be present. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Disallow non-array concat expression valuesPhil Sutter2018-06-011-3/+1
| | | | | | | | Concat expressions with just a single element don't make sense, so there's no point in supporting a shorter syntax for this. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Use "type" for CT helper objectPhil Sutter2018-06-011-2/+2
| | | | | | | Property name "helper" was a bit unclear, "type" is better. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* objref: Use "ct helper" for NFT_OBJECT_CT_HELPERPhil Sutter2018-06-011-1/+1
| | | | | | | | | Change name of NFT_OBJECT_CT_HELPER in objref_type table to "ct helper" for consistency. Note that this is not used in regular nft output since objref_stmt_print() treats this object type separately. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnftables: Implement JSON parserPhil Sutter2018-05-111-0/+3141
If JSON output setting is active in current context, try parsing any input as JSON. If the initial loading of the buffer or filename by libjansson fails, fall back to regular syntax parser. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>