diff options
author | Alvaro Neira <alvaroneay@gmail.com> | 2014-10-03 20:02:40 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-10-09 18:50:41 +0200 |
commit | c04175e392335fb22b52f234171b5042e0b8f6bd (patch) | |
tree | 63f6fb4885a8d841b0b396c56d7574ffb27e8fc1 /src/rule.c | |
parent | 96b8b69b9ad943b4b7147aa3a9b63d4974cdfb73 (diff) |
src: internal set id allocation from nft_ruleset_parse*()
Extends this function to attach the set to the rule through the set_idi.
If it doesn't exist in the list, maybe the set already exists in the
kernel. In that case, we don't set any id.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
-rw-r--r-- | src/rule.c | 26 |
1 files changed, 16 insertions, 10 deletions
@@ -26,6 +26,7 @@ #include <linux/netfilter/nf_tables.h> #include <libnftnl/rule.h> +#include <libnftnl/set.h> #include <libnftnl/expr.h> #include "linux_list.h" @@ -511,7 +512,8 @@ EXPORT_SYMBOL(nft_rule_nlmsg_parse); #ifdef JSON_PARSING int nft_jansson_parse_rule(struct nft_rule *r, json_t *tree, - struct nft_parse_err *err) + struct nft_parse_err *err, + struct nft_set_list *set_list) { json_t *root, *array; struct nft_rule_expr *e; @@ -587,7 +589,8 @@ int nft_jansson_parse_rule(struct nft_rule *r, json_t *tree, for (i = 0; i < json_array_size(array); ++i) { - e = nft_jansson_expr_parse(json_array_get(array, i), err); + e = nft_jansson_expr_parse(json_array_get(array, i), err, + set_list); if (e == NULL) goto err; @@ -604,7 +607,8 @@ err: static int nft_rule_json_parse(struct nft_rule *r, const void *json, struct nft_parse_err *err, - enum nft_parse_input input) + enum nft_parse_input input, + struct nft_set_list *set_list) { #ifdef JSON_PARSING json_t *tree; @@ -614,7 +618,7 @@ static int nft_rule_json_parse(struct nft_rule *r, const void *json, if (tree == NULL) return -1; - return nft_jansson_parse_rule(r, tree, err); + return nft_jansson_parse_rule(r, tree, err, set_list); #else errno = EOPNOTSUPP; return -1; @@ -623,7 +627,8 @@ static int nft_rule_json_parse(struct nft_rule *r, const void *json, #ifdef XML_PARSING int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r, - struct nft_parse_err *err) + struct nft_parse_err *err, + struct nft_set_list *set_list) { mxml_node_t *node; struct nft_rule_expr *e; @@ -675,7 +680,7 @@ int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r, node != NULL; node = mxmlFindElement(node, tree, "expr", "type", NULL, MXML_DESCEND)) { - e = nft_mxml_expr_parse(node, err); + e = nft_mxml_expr_parse(node, err, set_list); if (e == NULL) return -1; @@ -688,7 +693,8 @@ int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r, static int nft_rule_xml_parse(struct nft_rule *r, const void *xml, struct nft_parse_err *err, - enum nft_parse_input input) + enum nft_parse_input input, + struct nft_set_list *set_list) { #ifdef XML_PARSING int ret; @@ -696,7 +702,7 @@ static int nft_rule_xml_parse(struct nft_rule *r, const void *xml, if (tree == NULL) return -1; - ret = nft_mxml_rule_parse(tree, r, err); + ret = nft_mxml_rule_parse(tree, r, err, set_list); mxmlDelete(tree); return ret; #else @@ -714,10 +720,10 @@ static int nft_rule_do_parse(struct nft_rule *r, enum nft_parse_type type, switch (type) { case NFT_PARSE_XML: - ret = nft_rule_xml_parse(r, data, &perr, input); + ret = nft_rule_xml_parse(r, data, &perr, input, NULL); break; case NFT_PARSE_JSON: - ret = nft_rule_json_parse(r, data, &perr, input); + ret = nft_rule_json_parse(r, data, &perr, input, NULL); break; default: ret = -1; |