set: add XML parsing

Sets are now parsed, following this previous snprintf pattern:

<set>
	<set_name>string</set_name>
	<set_table>table</set_table>
	<set_xml_version>int</set_xml_version>
	<set_flags>uint32_t</set_flags>
	<key_type>uint32_t</key_type>
	<key_len>size_t</key_len>
	<data_type>uint32_t</data_type>
	<data_len>size_t</data_len>
	<set_elem>
		<set_elem_flags>uint32_t</set_elem_flags>
		<set_elem_key>
			<data_reg type="value">
				<len></len>
				<dataN></dataN>
			</data_reg>
		</set_elem_key>
		<set_elem_data>
			<data_reg type="xx">
				[...]
			</data_reg>
		</set_elem_data>
	</set_elem>
</set>

Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

3 files changed, 85 insertions, 0 deletions

diff --git a/tests/nft-parsing-test.c b/tests/nft-parsing-test.c
index 83a627c..0734f07 100644
--- a/tests/nft-parsing-test.c
+++ b/tests/nft-parsing-test.c
@@ -9,6 +9,7 @@
 #include <libnftables/table.h>
 #include <libnftables/chain.h>
 #include <libnftables/rule.h>
+#include <libnftables/set.h>
 
 #ifdef XML_PARSING
 #include <mxml.h>
@@ -62,6 +63,7 @@ static int test_xml(const char *filename)
 	struct nft_table *t = NULL;
 	struct nft_chain *c = NULL;
 	struct nft_rule *r = NULL;
+	struct nft_set *s = NULL;
 	FILE *fp;
 	mxml_node_t *tree = NULL;;
 	char *xml = NULL;
@@ -102,6 +104,14 @@ static int test_xml(const char *filename)
 
 			nft_rule_free(r);
 		}
+	} else if (strcmp(tree->value.opaque, "set") == 0) {
+		s = nft_set_alloc();
+		if (s != NULL) {
+			if (nft_set_parse(s, NFT_SET_PARSE_XML, xml) == 0)
+				ret = 0;
+
+			nft_set_free(s);
+		}
 	}
 
 	return ret;
diff --git a/tests/xmlfiles/73-set.xml b/tests/xmlfiles/73-set.xml
new file mode 100644
index 0000000..6807ea7
--- /dev/null
+++ b/tests/xmlfiles/73-set.xml
@@ -0,0 +1,39 @@
+<set>
+	<set_name>set0</set_name>
+	<set_table>filter</set_table>
+	<set_xml_version>0</set_xml_version>
+	<family>ip</family>
+	<set_flags>0</set_flags>
+	<key_type>0</key_type>
+	<key_len>0</key_len>
+	<data_type>0</data_type>
+	<data_len>0</data_len>
+	<set_elem>
+		<set_elem_flags>0</set_elem_flags>
+		<set_elem_key>
+			<data_reg type="value">
+				<len>4</len>
+				<data0>0x0300a8c0</data0>
+			</data_reg>
+		</set_elem_key>
+	</set_elem>
+	<set_elem>
+		<set_elem_flags>0</set_elem_flags>
+		<set_elem_key>
+			<data_reg type="value">
+				<len>4</len>
+				<data0>0x0200a8c0</data0>
+			</data_reg>
+		</set_elem_key>
+	</set_elem>
+	<set_elem>
+		<set_elem_flags>0</set_elem_flags>
+		<set_elem_key>
+			<data_reg type="value">
+				<len>4</len>
+				<data0>0x0100a8c0</data0>
+			</data_reg>
+		</set_elem_key>
+	</set_elem>
+</set>
+<!-- nft add rule ip filter test ip daddr { 192.168.0.1, 192.168.0.2, 192.168.0.3 } tcp dport 443 counter accept -->
diff --git a/tests/xmlfiles/74-set.xml b/tests/xmlfiles/74-set.xml
new file mode 100644
index 0000000..dd65703
--- /dev/null
+++ b/tests/xmlfiles/74-set.xml
@@ -0,0 +1,36 @@
+<set>
+	<set_name>set0</set_name>
+	<set_table>filter</set_table>
+	<set_xml_version>0</set_xml_version>
+	<family>ip6</family>
+	<set_flags>0</set_flags>
+	<key_type>0</key_type>
+	<key_len>0</key_len>
+	<data_type>0</data_type>
+	<data_len>0</data_len>
+	<set_elem>
+		<set_elem_flags>0</set_elem_flags>
+		<set_elem_key>
+			<data_reg type="value">
+				<len>16</len>
+				<data0>0xc09a002a</data0>
+				<data1>0x2700cac1</data1>
+				<data2>0x00000000</data2>
+				<data3>0x70010000</data3>
+			</data_reg>
+		</set_elem_key>
+	</set_elem>
+	<set_elem>
+		<set_elem_flags>0</set_elem_flags>
+		<set_elem_key>
+			<data_reg type="value">
+				<len>16</len>
+				<data0>0xc09a002a</data0>
+				<data1>0x2700cac1</data1>
+				<data2>0x00000000</data2>
+				<data3>0x50010000</data3>
+			</data_reg>
+		</set_elem_key>
+	</set_elem>
+</set>
+<!-- nft add rule ip6 filter test ip6 daddr { 2a00:9ac0:c1ca:27::150, 2a00:9ac0:c1ca:27::170, } counter accept -->