diff options
| author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2014-01-18 17:56:45 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-01-18 21:50:27 +0100 |
| commit | dec687412e31118a3add7bad8de6ac496f7c1c65 (patch) | |
| tree | 2c45e84f99cf2bede27f7e2854cb15ebc514b2cf /src/jansson.c | |
| parent | 871c7fd0204325b947a5fde3ab8617ef89b9168f (diff) | |
data_reg: fix verdict format approach
Patrick reports that the XML/JSON formats of the data_reg object
are not accuarate.
This patch updates these formats, so they are now as follow:
* <data_reg type=value> with raw data (this doesn't change).
* <data_reg type=verdict> with a concrete verdict (eg drop accept) and an
optional <chain>, with destination.
In XML:
<data_reg type="verdict">
<verdict>goto</verdict>
<chain>output</chain>
</data_reg>
In JSON:
"data_reg" : {
"type" : "verdict",
"verdict" : "goto"
"chain" : "output",
}
The default output format is updated to reflect these changes (minor collateral
thing).
When parsing set_elems, to know if we need to add the NFT_SET_ELEM_ATTR_CHAIN
flag, a basic check for the chain not being NULL is done, instead of evaluating
if the result of the parsing was DATA_CHAIN. The DATA_CHAIN symbol is no longer
used in the data_reg XML/JSON parsing zone.
While at it, I updated the error reporting stuff regarding data_reg/verdict, in
order to leave a consistent state in the library.
A JSON testfile is updated as well.
Reported-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/jansson.c')
| -rw-r--r-- | src/jansson.c | 27 |
1 files changed, 6 insertions, 21 deletions
diff --git a/src/jansson.c b/src/jansson.c index f446e17..26bd700 100644 --- a/src/jansson.c +++ b/src/jansson.c @@ -213,7 +213,6 @@ int nft_jansson_data_reg_parse(json_t *root, const char *node_name, struct nft_parse_err *err) { json_t *data; - const char *type; int ret; data = json_object_get(root, node_name); @@ -233,27 +232,12 @@ int nft_jansson_data_reg_parse(json_t *root, const char *node_name, } ret = nft_data_reg_json_parse(data_reg, data, err); - if (ret < 0) { + if (ret == DATA_NONE) { errno = EINVAL; return -1; } - type = nft_jansson_parse_str(data, "type", err); - if (type == NULL) - return -1; - - if (strcmp(type, "value") == 0) - return DATA_VALUE; - else if (strcmp(type, "verdict") == 0) - return DATA_VERDICT; - else if (strcmp(type, "chain") == 0) - return DATA_CHAIN; - else { - err->error = NFT_PARSE_EBADTYPE; - err->node_name = "type"; - errno = EINVAL; - return -1; - } + return ret; } int nft_jansson_set_elem_parse(struct nft_set_elem *e, json_t *root, @@ -281,10 +265,11 @@ int nft_jansson_set_elem_parse(struct nft_set_elem *e, json_t *root, break; case DATA_VERDICT: e->flags |= (1 << NFT_SET_ELEM_ATTR_VERDICT); + if (e->data.chain != NULL) + e->flags |= (1 << NFT_SET_ELEM_ATTR_CHAIN); + break; - case DATA_CHAIN: - e->flags |= (1 << NFT_SET_ELEM_ATTR_CHAIN); - break; + case DATA_NONE: default: return -1; } |