diff options
author | Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> | 2013-06-26 13:37:08 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-06-27 19:36:33 +0200 |
commit | 977b7a1dbe1bdd949bb156ca85c7ce4f9f88ceb6 (patch) | |
tree | cdd6d25fe34f384e53475acd94d54f8eb835d7a9 /src | |
parent | a88ee46645f4c5db0bf5653c5f2df8eff573e534 (diff) |
ct: xml: use key names instead of numbers
ct expr uses a string instead of a numerical one in the <key> node.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/expr/ct.c | 55 |
1 files changed, 48 insertions, 7 deletions
diff --git a/src/expr/ct.c b/src/expr/ct.c index c6d11c9..e4ab3ed 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -10,6 +10,7 @@ */ #include <stdio.h> +#include <string.h> #include <stdint.h> #include <arpa/inet.h> #include <errno.h> @@ -30,6 +31,10 @@ struct nft_expr_ct { #define IP_CT_DIR_ORIGINAL 0 #define IP_CT_DIR_REPLY 1 +#ifndef NFT_CT_MAX +#define NFT_CT_MAX (NFT_CT_PROTO_DST + 1) +#endif + static int nft_rule_expr_ct_set(struct nft_rule_expr *e, uint16_t type, const void *data, size_t data_len) @@ -152,6 +157,41 @@ nft_rule_expr_ct_parse(struct nft_rule_expr *e, struct nlattr *attr) return 0; } +const char *ctkey2str_array[NFT_CT_MAX] = { + [NFT_CT_STATE] = "state", + [NFT_CT_DIRECTION] = "direction", + [NFT_CT_STATUS] = "status", + [NFT_CT_MARK] = "mark", + [NFT_CT_SECMARK] = "secmark", + [NFT_CT_EXPIRATION] = "expiration", + [NFT_CT_HELPER] = "helper", + [NFT_CT_PROTOCOL] = "protocol", + [NFT_CT_SRC] = "src", + [NFT_CT_DST] = "dst", + [NFT_CT_PROTO_SRC] = "proto_src", + [NFT_CT_PROTO_DST] = "proto_dst" +}; + +static const char *ctkey2str(uint32_t ctkey) +{ + if (ctkey > NFT_CT_MAX) + return "unknown"; + + return ctkey2str_array[ctkey]; +} + +static inline int str2ctkey(const char *ctkey) +{ + int i; + + for (i = 0; i < NFT_CT_MAX; i++) { + if (strcmp(ctkey2str_array[i], ctkey) == 0) + return i; + } + + return -1; +} + static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml) { #ifdef XML_PARSING @@ -160,6 +200,7 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml) mxml_node_t *node = NULL; uint64_t tmp; char *endptr; + int key; tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK); if (tree == NULL) @@ -190,11 +231,11 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml) if (node == NULL) goto err; - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT8_MAX || tmp < 0 || *endptr) + key = str2ctkey(node->child->value.opaque); + if (key < 0) goto err; - ct->key = tmp; + ct->key = key; e->flags |= (1 << NFT_EXPR_CT_KEY); node = mxmlFindElement(tree, tree, "dir", NULL, NULL, MXML_DESCEND); @@ -231,13 +272,13 @@ nft_rule_expr_ct_snprintf(char *buf, size_t len, uint32_t type, switch(type) { case NFT_RULE_O_DEFAULT: - return snprintf(buf, len, "dreg=%u key=%u dir=%u ", - ct->dreg, ct->key, ct->dir); + return snprintf(buf, len, "dreg=%u key=%s dir=%u ", + ct->dreg, ctkey2str(ct->key), ct->dir); case NFT_RULE_O_XML: return snprintf(buf, len, "<dreg>%u</dreg>" - "<key>%u</key>" + "<key>%s</key>" "<dir>%u</dir>", - ct->dreg, ct->key, ct->dir); + ct->dreg, ctkey2str(ct->key), ct->dir); default: break; } |