diff options
author | Alvaro Neira Ayuso <alvaroneay@gmail.com> | 2015-02-09 21:09:53 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-02-10 12:23:42 +0100 |
commit | 15ad64734a544a9af033e54d232f112971072c15 (patch) | |
tree | 151c7529eec0b969287db0492e5abb65aae8e013 /src/utils.c | |
parent | 8875d20e4d9aaa3feee27a164ad2d8b033749a2f (diff) |
src: add command tag in JSON/XML export support
Currently, we can't do incremental updates via JSON/XML.
This patch enriches the existing output to indicate the kind of
update that you want to perform.
So, if we have a ruleset like:
table ip filter {
chain input {
type filter hook input priority 0;
}
}
The new output looks like:
{"nftables":[{"add":[{"table":{"name":"filter",...}}]}]}
^^^^^
Where we explicitly indicate that we want to add a table.
We support all the actions that we can do with nft, they are:
- Add, delete and flush tables and chains.
- Add, delete, replace and insert rules.
- Add and delete sets.
- Add and delete set elements.
- Flush ruleset.
You only need to add the command tag:
{"nftables":[{"delete":[{...}, {...},...}]}]}
^^^^^^^^
The possible command tags that you can use are "add", "delete", "insert",
"replace" and "flush".
- Flush table or chain, eg.:
{"nftables":[{"flush":[{"table":{"name":...}}]}]}
- Delete table, chain, set or rule:
{"nftables":[{"delete":[{"chain":{"name":...}]}]}
- Replace a rule (you have to specify the handle):
{"nftables":[{"replace":[{"rule":{...}}]}]}
- Insert a rule:
{"nftables":[{"insert":[{"rule":{...}}]}]}
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/utils.c')
-rw-r--r-- | src/utils.c | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/src/utils.c b/src/utils.c index 9013b68..1868a06 100644 --- a/src/utils.c +++ b/src/utils.c @@ -177,16 +177,42 @@ int nft_str2verdict(const char *verdict, int *verdict_num) return -1; } -int nft_fprintf(FILE *fp, void *obj, uint32_t type, uint32_t flags, +enum nft_cmd_type nft_flag2cmd(uint32_t flags) +{ + if (flags & NFT_OF_EVENT_NEW) + return NFT_CMD_ADD; + else if (flags & NFT_OF_EVENT_DEL) + return NFT_CMD_DELETE; + + return NFT_CMD_UNSPEC; +} + +const char *cmd2tag[NFT_CMD_MAX] = { + [NFT_CMD_ADD] = ADD, + [NFT_CMD_INSERT] = INSERT, + [NFT_CMD_DELETE] = DELETE, + [NFT_CMD_REPLACE] = REPLACE, + [NFT_CMD_FLUSH] = FLUSH, +}; + +const char *nft_cmd2tag(enum nft_cmd_type cmd) +{ + if (cmd >= NFT_CMD_MAX) + return "unknown"; + + return cmd2tag[cmd]; +} + +int nft_fprintf(FILE *fp, void *obj, uint32_t cmd, uint32_t type, uint32_t flags, int (*snprintf_cb)(char *buf, size_t bufsiz, void *obj, - uint32_t type, uint32_t flags)) + uint32_t cmd, uint32_t type, uint32_t flags)) { char _buf[NFT_SNPRINTF_BUFSIZ]; char *buf = _buf; size_t bufsiz = sizeof(_buf); int ret; - ret = snprintf_cb(buf, bufsiz, obj, type, flags); + ret = snprintf_cb(buf, bufsiz, obj, cmd, type, flags); if (ret <= 0) goto out; @@ -197,7 +223,7 @@ int nft_fprintf(FILE *fp, void *obj, uint32_t type, uint32_t flags, if (buf == NULL) return -1; - ret = snprintf_cb(buf, bufsiz, obj, type, flags); + ret = snprintf_cb(buf, bufsiz, obj, cmd, type, flags); if (ret <= 0) goto out; } |