From e77b31f53a61a8995cd6baf91a6e557260f401bd Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 8 May 2018 13:08:36 +0200 Subject: libnftables: Introduce a few helper functions This adds a bunch of functions for conversion of different values into string (and vice-versa). * log_level_parse(): A simple helper to turn log level string representation into log level value. * nat_etype2str(): Translate nat statement type into string representation. * ct_dir2str(): Convert IP_CT_DIR_* values into string representation. * ct_label2str(): Convert ct_label values into string representation. Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- src/ct.c | 44 +++++++++++++++++++++++++++++++------------- src/statement.c | 21 +++++++++++++++++++-- 2 files changed, 50 insertions(+), 15 deletions(-) (limited to 'src') diff --git a/src/ct.c b/src/ct.c index 2abaa0d5..a1a91f3a 100644 --- a/src/ct.c +++ b/src/ct.c @@ -64,6 +64,18 @@ static const struct symbol_table ct_dir_tbl = { } }; +const char *ct_dir2str(int dir) +{ + const struct symbolic_constant *s; + + for (s = ct_dir_tbl.symbols; s->identifier != NULL; s++) { + if (dir == (int)s->value) + return s->identifier; + } + + return NULL; +} + const struct datatype ct_dir_type = { .type = TYPE_CT_DIR, .name = "ct_dir", @@ -133,20 +145,30 @@ static struct symbol_table *ct_label_tbl; #define CT_LABEL_BIT_SIZE 128 +const char *ct_label2str(unsigned long value) +{ + const struct symbolic_constant *s; + + for (s = ct_label_tbl->symbols; s->identifier; s++) { + if (value == s->value) + return s->identifier; + } + + return NULL; +} + static void ct_label_type_print(const struct expr *expr, struct output_ctx *octx) { unsigned long bit = mpz_scan1(expr->value, 0); - const struct symbolic_constant *s; + const char *labelstr = ct_label2str(bit); - for (s = ct_label_tbl->symbols; s->identifier != NULL; s++) { - if (bit != s->value) - continue; - nft_print(octx, "\"%s\"", s->identifier); + if (labelstr) { + nft_print(octx, "\"%s\"", labelstr); return; } /* can happen when connlabel.conf is altered after rules were added */ - nft_print(octx, "%ld", (long)mpz_scan1(expr->value, 0)); + nft_print(octx, "%lu", bit); } static struct error_record *ct_label_type_parse(const struct expr *sym, @@ -273,19 +295,15 @@ const struct ct_template ct_templates[__NFT_CT_MAX] = { static void ct_print(enum nft_ct_keys key, int8_t dir, uint8_t nfproto, struct output_ctx *octx) { - const struct symbolic_constant *s; + const char *dirstr = ct_dir2str(dir); const struct proto_desc *desc; nft_print(octx, "ct "); if (dir < 0) goto done; - for (s = ct_dir_tbl.symbols; s->identifier != NULL; s++) { - if (dir == (int)s->value) { - nft_print(octx, "%s ", s->identifier); - break; - } - } + if (dirstr) + nft_print(octx, "%s ", dirstr); switch (key) { case NFT_CT_SRC: diff --git a/src/statement.c b/src/statement.c index 6537bbbd..8160e0ad 100644 --- a/src/statement.c +++ b/src/statement.c @@ -233,6 +233,18 @@ const char *log_level(uint32_t level) return syslog_level[level]; } +int log_level_parse(const char *level) +{ + int i; + + for (i = 0; i <= LOG_DEBUG; i++) { + if (syslog_level[i] && + !strcmp(level, syslog_level[i])) + return i; + } + return -1; +} + static void log_stmt_print(const struct stmt *stmt, struct output_ctx *octx) { nft_print(octx, "log"); @@ -499,7 +511,7 @@ static void print_nf_nat_flags(uint32_t flags, struct output_ctx *octx) nft_print(octx, "%spersistent", delim); } -static void nat_stmt_print(const struct stmt *stmt, struct output_ctx *octx) +const char *nat_etype2str(enum nft_nat_etypes type) { static const char * const nat_types[] = { [NFT_NAT_SNAT] = "snat", @@ -508,7 +520,12 @@ static void nat_stmt_print(const struct stmt *stmt, struct output_ctx *octx) [NFT_NAT_REDIR] = "redirect", }; - nft_print(octx, "%s", nat_types[stmt->nat.type]); + return nat_types[type]; +} + +static void nat_stmt_print(const struct stmt *stmt, struct output_ctx *octx) +{ + nft_print(octx, "%s", nat_etype2str(stmt->nat.type)); if (stmt->nat.addr || stmt->nat.proto) nft_print(octx, " to"); -- cgit v1.2.3