summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorÁlvaro Neira Ayuso <alvaroneay@gmail.com>2013-07-05 14:41:28 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-07-06 00:00:45 +0200
commitbf39c53f4c5499e359aa86ccca16c996456bdc9e (patch)
treedca0500e0117491dfd40957a8bd6cb5992deda78
parent485d38ca136e2411cd25b542f63c17445a8deeea (diff)
set: add json output
This patch allows you to dump set and their content in json format. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--examples/nft-set-elem-get.c15
-rw-r--r--examples/nft-set-get.c15
-rw-r--r--include/libnftables/set.h5
-rw-r--r--src/set.c56
-rw-r--r--src/set_elem.c51
5 files changed, 128 insertions, 14 deletions
diff --git a/examples/nft-set-elem-get.c b/examples/nft-set-elem-get.c
index 34dfca2..353a752 100644
--- a/examples/nft-set-elem-get.c
+++ b/examples/nft-set-elem-get.c
@@ -23,6 +23,7 @@ static int set_cb(const struct nlmsghdr *nlh, void *data)
{
struct nft_set *t;
char buf[4096];
+ uint32_t *type = data;
t = nft_set_alloc();
if (t == NULL) {
@@ -35,7 +36,7 @@ static int set_cb(const struct nlmsghdr *nlh, void *data)
goto err_free;
}
- nft_set_snprintf(buf, sizeof(buf), t, 0, 0);
+ nft_set_snprintf(buf, sizeof(buf), t, *type, 0);
printf("%s\n", buf);
err_free:
@@ -50,11 +51,12 @@ int main(int argc, char *argv[])
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
uint32_t portid, seq, family;
+ uint32_t type = NFT_SET_O_DEFAULT;
struct nft_set *t = NULL;
int ret;
- if (argc != 4) {
- fprintf(stderr, "%s <family> <table> <set>\n", argv[0]);
+ if (argc < 4 || argc > 5) {
+ fprintf(stderr, "%s <family> <table> <set> [default|json]\n", argv[0]);
return EXIT_FAILURE;
}
t = nft_set_alloc();
@@ -67,13 +69,16 @@ int main(int argc, char *argv[])
family = AF_INET;
else if (strcmp(argv[1], "ip6") == 0)
family = AF_INET6;
- else if (strcmp(argv[2], "bridge") == 0)
+ else if (strcmp(argv[1], "bridge") == 0)
family = AF_BRIDGE;
else {
fprintf(stderr, "Unknown family: ip, ip6, bridge\n");
exit(EXIT_FAILURE);
}
+ if (argc == 5 && strcmp(argv[4], "json") == 0 )
+ type = NFT_SET_O_JSON;
+
nlh = nft_set_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, family,
NLM_F_DUMP|NLM_F_ACK, seq);
nft_set_attr_set(t, NFT_SET_ATTR_NAME, argv[3]);
@@ -100,7 +105,7 @@ int main(int argc, char *argv[])
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
while (ret > 0) {
- ret = mnl_cb_run(buf, ret, seq, portid, set_cb, NULL);
+ ret = mnl_cb_run(buf, ret, seq, portid, set_cb, &type);
if (ret <= 0)
break;
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
diff --git a/examples/nft-set-get.c b/examples/nft-set-get.c
index d4588ba..5ef654c 100644
--- a/examples/nft-set-get.c
+++ b/examples/nft-set-get.c
@@ -23,6 +23,7 @@ static int set_cb(const struct nlmsghdr *nlh, void *data)
{
struct nft_set *t;
char buf[4096];
+ uint32_t *type = data;
t = nft_set_alloc();
if (t == NULL) {
@@ -35,7 +36,7 @@ static int set_cb(const struct nlmsghdr *nlh, void *data)
goto err_free;
}
- nft_set_snprintf(buf, sizeof(buf), t, 0, 0);
+ nft_set_snprintf(buf, sizeof(buf), t, *type, 0);
printf("%s\n", buf);
err_free:
@@ -50,11 +51,12 @@ int main(int argc, char *argv[])
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
uint32_t portid, seq, family;
+ uint32_t type = NFT_SET_O_DEFAULT;
struct nft_set *t = NULL;
int ret;
- if (argc != 3) {
- fprintf(stderr, "%s <family> <table>\n", argv[0]);
+ if (argc < 3 || argc > 4) {
+ fprintf(stderr, "%s <family> <table> [default|json]\n", argv[0]);
return EXIT_FAILURE;
}
t = nft_set_alloc();
@@ -67,13 +69,16 @@ int main(int argc, char *argv[])
family = AF_INET;
else if (strcmp(argv[1], "ip6") == 0)
family = AF_INET6;
- else if (strcmp(argv[2], "bridge") == 0)
+ else if (strcmp(argv[1], "bridge") == 0)
family = AF_BRIDGE;
else {
fprintf(stderr, "Unknown family: ip, ip6, bridge\n");
exit(EXIT_FAILURE);
}
+ if (argc == 4 && strcmp(argv[3], "json") == 0)
+ type = NFT_SET_O_JSON;
+
nlh = nft_set_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family,
NLM_F_DUMP|NLM_F_ACK, seq);
nft_set_attr_set(t, NFT_SET_ATTR_TABLE, argv[2]);
@@ -99,7 +104,7 @@ int main(int argc, char *argv[])
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
while (ret > 0) {
- ret = mnl_cb_run(buf, ret, seq, portid, set_cb, NULL);
+ ret = mnl_cb_run(buf, ret, seq, portid, set_cb, &type);
if (ret <= 0)
break;
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
diff --git a/include/libnftables/set.h b/include/libnftables/set.h
index 63b30fc..2d41c8e 100644
--- a/include/libnftables/set.h
+++ b/include/libnftables/set.h
@@ -62,6 +62,11 @@ enum {
NFT_SET_ELEM_ATTR_DATA,
};
+enum {
+ NFT_SET_O_DEFAULT = 0,
+ NFT_SET_O_JSON,
+};
+
struct nft_set_elem;
struct nft_set_elem *nft_set_elem_alloc(void);
diff --git a/src/set.c b/src/set.c
index 69f25ac..4f2e8a5 100644
--- a/src/set.c
+++ b/src/set.c
@@ -316,8 +316,46 @@ int nft_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set *s)
}
EXPORT_SYMBOL(nft_set_nlmsg_parse);
-int nft_set_snprintf(char *buf, size_t size, struct nft_set *s,
- uint32_t type, uint32_t flags)
+static int nft_set_snprintf_json(char *buf, size_t size, struct nft_set *s,
+ uint32_t type, uint32_t flags)
+{
+ int ret;
+ int len = size, offset = 0;
+ struct nft_set_elem *elem;
+
+ ret = snprintf(buf, size, "{ \"set\" : { \"name\" : \"%s\", \"table\" : \"%s\", \"flags\" : %u",
+ s->name, s->table, s->set_flags);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ /* Empty set? Skip printinf of elements */
+ if (list_empty(&s->element_list)){
+ ret = snprintf(buf+offset, size, "}}");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ return offset;
+ }
+
+ ret = snprintf(buf+offset, size, ", \"set_elem\" : [");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ list_for_each_entry(elem, &s->element_list, head) {
+ ret = snprintf(buf+offset, size, "{");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = nft_set_elem_snprintf(buf+offset, size, elem, type, flags);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = snprintf(buf+offset, size, "}, ");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ ret = snprintf(buf+offset-2, size, "]}}");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
+static int nft_set_snprintf_default(char *buf, size_t size, struct nft_set *s,
+ uint32_t type, uint32_t flags)
{
int ret;
int len = size, offset = 0;
@@ -344,6 +382,20 @@ int nft_set_snprintf(char *buf, size_t size, struct nft_set *s,
return offset;
}
+
+int nft_set_snprintf(char *buf, size_t size, struct nft_set *s,
+ uint32_t type, uint32_t flags)
+{
+ switch(type) {
+ case NFT_SET_O_DEFAULT:
+ return nft_set_snprintf_default(buf, size, s, type, flags);
+ case NFT_SET_O_JSON:
+ return nft_set_snprintf_json(buf, size, s, type, flags);
+ default:
+ break;
+ }
+ return -1;
+}
EXPORT_SYMBOL(nft_set_snprintf);
void nft_set_elem_add(struct nft_set *s, struct nft_set_elem *elem)
diff --git a/src/set_elem.c b/src/set_elem.c
index 9691895..c5c3de4 100644
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -384,8 +384,41 @@ int nft_set_elems_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set *s)
}
EXPORT_SYMBOL(nft_set_elems_nlmsg_parse);
-int nft_set_elem_snprintf(char *buf, size_t size, struct nft_set_elem *e,
- uint32_t type, uint32_t flags)
+static int nft_set_elem_snprintf_json(char *buf, size_t size, struct nft_set_elem *e)
+{
+ int ret, len = size, offset = 0, i, numregs;
+
+ ret = snprintf(buf, size, "\"flags\" : %u", e->set_elem_flags);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ numregs = div_round_up(e->key.len, sizeof(uint32_t));
+ if (numregs != 0) {
+ ret = snprintf(buf+offset, len, ", \"key\" : \"0x");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ for (i = 0; i < numregs; i++) {
+ ret = snprintf(buf+offset, len, "%.8x", e->key.val[i]);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+ ret = snprintf(buf+offset, len, "\"");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ numregs = div_round_up(e->data.len, sizeof(uint32_t));
+ if (numregs != 0) {
+ ret = snprintf(buf+offset, size, " ,\"data\" : \"0x");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ for (i = 0; i < numregs; i++) {
+ ret = snprintf(buf+offset, len, "%.8x", e->data.val[i]);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+ ret = snprintf(buf+offset, len, "\"");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ return offset;
+}
+
+static int nft_set_elem_snprintf_default(char *buf, size_t size, struct nft_set_elem *e)
{
int ret, len = size, offset = 0, i;
@@ -410,6 +443,20 @@ int nft_set_elem_snprintf(char *buf, size_t size, struct nft_set_elem *e,
return offset;
}
+
+int nft_set_elem_snprintf(char *buf, size_t size, struct nft_set_elem *e,
+ uint32_t type, uint32_t flags)
+{
+ switch(type) {
+ case NFT_SET_O_DEFAULT:
+ return nft_set_elem_snprintf_default(buf, size, e);
+ case NFT_SET_O_JSON:
+ return nft_set_elem_snprintf_json(buf, size, e);
+ default:
+ break;
+ }
+ return -1;
+}
EXPORT_SYMBOL(nft_set_elem_snprintf);
int nft_set_elem_foreach(struct nft_set *s,