diff options
| author | Alvaro Neira Ayuso <alvaroneay@gmail.com> | 2015-02-09 21:09:54 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-02-10 12:29:31 +0100 |
| commit | 64279008234c2367e1b6ffa84c6b3dff5a04a779 (patch) | |
| tree | eaef66284c0d7fce2f7e5dbaf2ec7c7423e7fb1b /include | |
| parent | 15ad64734a544a9af033e54d232f112971072c15 (diff) | |
src: add support to import JSON/XML with the new command tag
This patch adds support to parse the new command tag in XML/JSON. This
patch adds two new functions:
* nft_ruleset_parse_file_cb
* nft_ruleset_parse_buffer_cb
The idea is to invoke the callback function that is passed as parameter is
called for each object that is parsed from the corresponding input. Each
callback has access to the nft_parse_ctx structure that provides the necessary
context such as the command, the object type and the object itself.
This change also adds support to update the content of a set incrementally.
{"nftables":[{"add":[{"element":{"name":"blackhole","table":"filter",
"family":"ip","key_type":7,"key_len":4,"set_elem":[{"key":{
"reg":{"type":"value","len":4,"data0":"0x0403a8c0"}}}]}}]}]}
This also patch consolidates the xml/json ruleset import path.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/libnftnl/ruleset.h | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/include/libnftnl/ruleset.h b/include/libnftnl/ruleset.h index 1a3e22f..aa1d92d 100644 --- a/include/libnftnl/ruleset.h +++ b/include/libnftnl/ruleset.h @@ -25,11 +25,43 @@ enum { NFT_RULESET_ATTR_RULELIST, }; +enum nft_ruleset_type { + NFT_RULESET_UNSPEC = 0, + NFT_RULESET_RULESET, + NFT_RULESET_TABLE, + NFT_RULESET_CHAIN, + NFT_RULESET_RULE, + NFT_RULESET_SET, + NFT_RULESET_SET_ELEMS, +}; + bool nft_ruleset_attr_is_set(const struct nft_ruleset *r, uint16_t attr); void nft_ruleset_attr_unset(struct nft_ruleset *r, uint16_t attr); void nft_ruleset_attr_set(struct nft_ruleset *r, uint16_t attr, void *data); void *nft_ruleset_attr_get(const struct nft_ruleset *r, uint16_t attr); +enum { + NFT_RULESET_CTX_CMD = 0, + NFT_RULESET_CTX_TYPE, + NFT_RULESET_CTX_TABLE, + NFT_RULESET_CTX_CHAIN, + NFT_RULESET_CTX_RULE, + NFT_RULESET_CTX_SET, + NFT_RULESET_CTX_DATA, +}; + +struct nft_parse_ctx; +bool nft_ruleset_ctx_is_set(const struct nft_parse_ctx *ctx, uint16_t attr); +void *nft_ruleset_ctx_get(const struct nft_parse_ctx *ctx, uint16_t attr); +uint32_t nft_ruleset_ctx_get_u32(const struct nft_parse_ctx *ctx, + uint16_t attr); + +int nft_ruleset_parse_file_cb(enum nft_parse_type type, FILE *fp, + struct nft_parse_err *err, void *data, + int (*cb)(const struct nft_parse_ctx *ctx)); +int nft_ruleset_parse_buffer_cb(enum nft_parse_type type, const char *buffer, + struct nft_parse_err *err, void *data, + int (*cb)(const struct nft_parse_ctx *ctx)); int nft_ruleset_parse(struct nft_ruleset *rs, enum nft_parse_type type, const char *data, struct nft_parse_err *err); int nft_ruleset_parse_file(struct nft_ruleset *rs, enum nft_parse_type type, |