diff options
-rw-r--r-- | src/chain.c | 60 | ||||
-rw-r--r-- | tests/jsonfiles/11-chain.json | 2 | ||||
-rw-r--r-- | tests/jsonfiles/12-chain.json | 2 | ||||
-rw-r--r-- | tests/jsonfiles/13-chain.json | 2 | ||||
-rw-r--r-- | tests/xmlfiles/10-chain.xml | 2 | ||||
-rw-r--r-- | tests/xmlfiles/11-chain.xml | 2 | ||||
-rw-r--r-- | tests/xmlfiles/12-chain.xml | 2 |
7 files changed, 49 insertions, 23 deletions
diff --git a/src/chain.c b/src/chain.c index 1761772..b196cd6 100644 --- a/src/chain.c +++ b/src/chain.c @@ -24,6 +24,7 @@ #include <linux/netfilter/nfnetlink.h> #include <linux/netfilter/nf_tables.h> #include <linux/netfilter.h> +#include <linux/netfilter_arp.h> #include <libnftables/chain.h> @@ -44,13 +45,38 @@ struct nft_chain { uint32_t flags; }; -static const char *hooknum2str_array[NF_INET_NUMHOOKS] = { - [NF_INET_PRE_ROUTING] = "NF_INET_PRE_ROUTING", - [NF_INET_LOCAL_IN] = "NF_INET_LOCAL_IN", - [NF_INET_FORWARD] = "NF_INET_FORWARD", - [NF_INET_LOCAL_OUT] = "NF_INET_LOCAL_OUT", - [NF_INET_POST_ROUTING] = "NF_INET_POST_ROUTING", -}; +static const char *nft_hooknum2str(int family, int hooknum) +{ + switch (family) { + case NFPROTO_IPV4: + case NFPROTO_IPV6: + case NFPROTO_BRIDGE: + switch (hooknum) { + case NF_INET_PRE_ROUTING: + return "prerouting"; + case NF_INET_LOCAL_IN: + return "input"; + case NF_INET_FORWARD: + return "forward"; + case NF_INET_LOCAL_OUT: + return "output"; + case NF_INET_POST_ROUTING: + return "postrouting"; + } + break; + case NFPROTO_ARP: + switch (hooknum) { + case NF_ARP_IN: + return "input"; + case NF_ARP_OUT: + return "output"; + case NF_ARP_FORWARD: + return "forward"; + } + break; + } + return "unknown"; +} struct nft_chain *nft_chain_alloc(void) { @@ -468,12 +494,12 @@ int nft_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_chain *c) } EXPORT_SYMBOL(nft_chain_nlmsg_parse); -static inline int nft_str2hooknum(const char *hook) +static inline int nft_str2hooknum(int family, const char *hook) { int hooknum; for (hooknum = 0; hooknum < NF_INET_NUMHOOKS; hooknum++) { - if (strcmp(hook, hooknum2str_array[hooknum]) == 0) + if (strcmp(hook, nft_hooknum2str(family, hooknum)) == 0) return hooknum; } return -1; @@ -548,7 +574,7 @@ static int nft_chain_json_parse(struct nft_chain *c, const char *json) if (valstr == NULL) goto err; - val32 = nft_str2hooknum(valstr); + val32 = nft_str2hooknum(c->family, valstr); if (val32 == -1) goto err; @@ -635,7 +661,7 @@ static int nft_chain_xml_parse(struct nft_chain *c, const char *xml) hooknum_str = nft_mxml_str_parse(tree, "hooknum", MXML_DESCEND_FIRST); if (hooknum_str != NULL) { - hooknum = nft_str2hooknum(hooknum_str); + hooknum = nft_str2hooknum(c->family, hooknum_str); if (hooknum < 0) goto err; @@ -728,8 +754,8 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c) "\"hooknum\": \"%s\"," "\"prio\": %d," "\"policy\": \"%s\"", - c->type, hooknum2str_array[c->hooknum], c->prio, - nft_verdict2str(c->policy)); + c->type, nft_hooknum2str(c->family, c->hooknum), + c->prio, nft_verdict2str(c->policy)); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } @@ -757,8 +783,8 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c) "<hooknum>%s</hooknum>" "<prio>%d</prio>" "<policy>%s</policy>", - c->type, hooknum2str_array[c->hooknum], c->prio, - nft_verdict2str(c->policy)); + c->type, nft_hooknum2str(c->family, c->hooknum), + c->prio, nft_verdict2str(c->policy)); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } @@ -782,8 +808,8 @@ static int nft_chain_snprintf_default(char *buf, size_t size, ret = snprintf(buf+offset, size, " type %s hook %s prio %d policy %s use %d " "packets %"PRIu64" bytes %"PRIu64"", - c->type, hooknum2str_array[c->hooknum], c->prio, - nft_verdict2str(c->policy), c->use, + c->type, nft_hooknum2str(c->family, c->hooknum), + c->prio, nft_verdict2str(c->policy), c->use, c->packets, c->bytes); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } diff --git a/tests/jsonfiles/11-chain.json b/tests/jsonfiles/11-chain.json index 0e71e8f..2381eb6 100644 --- a/tests/jsonfiles/11-chain.json +++ b/tests/jsonfiles/11-chain.json @@ -1 +1 @@ -{ "chain": {"name": "input","handle": 1,"bytes": 1375696,"packets": 4136,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "NF_INET_LOCAL_IN","prio": 0,"policy": "accept"}} +{ "chain": {"name": "input","handle": 1,"bytes": 1375696,"packets": 4136,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "input","prio": 0,"policy": "accept"}} diff --git a/tests/jsonfiles/12-chain.json b/tests/jsonfiles/12-chain.json index e841032..d20cb1d 100644 --- a/tests/jsonfiles/12-chain.json +++ b/tests/jsonfiles/12-chain.json @@ -1 +1 @@ -{ "chain": {"name": "forward","handle": 2,"bytes": 0,"packets": 0,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "NF_INET_FORWARD","prio": 0,"policy": "accept"}} +{ "chain": {"name": "forward","handle": 2,"bytes": 0,"packets": 0,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "forward","prio": 0,"policy": "accept"}} diff --git a/tests/jsonfiles/13-chain.json b/tests/jsonfiles/13-chain.json index 9967233..69f8750 100644 --- a/tests/jsonfiles/13-chain.json +++ b/tests/jsonfiles/13-chain.json @@ -1 +1 @@ -{ "chain": {"name": "output","handle": 3,"bytes": 454786,"packets": 2681,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "NF_INET_LOCAL_OUT","prio": 0,"policy": "accept"}} +{ "chain": {"name": "output","handle": 3,"bytes": 454786,"packets": 2681,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "output","prio": 0,"policy": "accept"}} diff --git a/tests/xmlfiles/10-chain.xml b/tests/xmlfiles/10-chain.xml index f0d9da9..c6aa156 100644 --- a/tests/xmlfiles/10-chain.xml +++ b/tests/xmlfiles/10-chain.xml @@ -1 +1 @@ -<chain><name>test</name><handle>0</handle><bytes>0</bytes><packets>0</packets><table>filter</table><type>filter</type><hooknum>NF_INET_LOCAL_IN</hooknum><prio>0</prio><policy>accept</policy><family>ip</family></chain> +<chain><name>test</name><handle>0</handle><bytes>0</bytes><packets>0</packets><table>filter</table><type>filter</type><hooknum>input</hooknum><prio>0</prio><policy>accept</policy><family>ip</family></chain> diff --git a/tests/xmlfiles/11-chain.xml b/tests/xmlfiles/11-chain.xml index 1e04d0f..3423078 100644 --- a/tests/xmlfiles/11-chain.xml +++ b/tests/xmlfiles/11-chain.xml @@ -1 +1 @@ -<chain><name>test</name><handle>0</handle><bytes>59</bytes><packets>1</packets><table>filter</table><type>filter</type><hooknum>NF_INET_FORWARD</hooknum><prio>0</prio><policy>drop</policy><family>ip6</family></chain> +<chain><name>test</name><handle>0</handle><bytes>59</bytes><packets>1</packets><table>filter</table><type>filter</type><hooknum>forward</hooknum><prio>0</prio><policy>drop</policy><family>ip6</family></chain> diff --git a/tests/xmlfiles/12-chain.xml b/tests/xmlfiles/12-chain.xml index 5903760..6afcd00 100644 --- a/tests/xmlfiles/12-chain.xml +++ b/tests/xmlfiles/12-chain.xml @@ -1 +1 @@ -<chain><name>foo</name><handle>100</handle><bytes>59264154979</bytes><packets>2548796325</packets><table>nat</table><type>nat</type><hooknum>NF_INET_POST_ROUTING</hooknum><prio>0</prio><policy>accept</policy><family>ip</family></chain> +<chain><name>foo</name><handle>100</handle><bytes>59264154979</bytes><packets>2548796325</packets><table>nat</table><type>nat</type><hooknum>postrouting</hooknum><prio>0</prio><policy>accept</policy><family>ip</family></chain> |