diff options
| -rw-r--r-- | src/expr/payload.c | 55 | ||||
| -rwxr-xr-x | test/nft-rule-xml-add.sh | 6 |
2 files changed, 49 insertions, 12 deletions
diff --git a/src/expr/payload.c b/src/expr/payload.c index dc42918..ae72fa2 100644 --- a/src/expr/payload.c +++ b/src/expr/payload.c @@ -212,13 +212,19 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, char *xml) /* Get and set <base>. Not mandatory */ node = mxmlFindElement(tree, tree, "base", NULL, NULL, MXML_DESCEND); if (node != NULL) { - tmp = strtoull(node->child->value.opaque, &endptr, 10); - if (tmp > UINT32_MAX || tmp < 0 || *endptr) { + + if (strcmp(node->child->value.opaque, "link") == 0) { + payload->base = NFT_PAYLOAD_LL_HEADER; + } else if (strcmp(node->child->value.opaque, "network") == 0) { + payload->base = NFT_PAYLOAD_NETWORK_HEADER; + } else if (strcmp(node->child->value.opaque, + "transport") == 0) { + payload->base = NFT_PAYLOAD_TRANSPORT_HEADER; + } else { mxmlDelete(tree); return -1; } - payload->base = (uint32_t)tmp; e->flags |= (1 << NFT_EXPR_PAYLOAD_BASE); } @@ -257,6 +263,41 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, char *xml) } static int +nft_rule_expr_payload_snprintf_xml(char *buf, size_t len, uint32_t flags, + struct nft_expr_payload *p) +{ + int size = len, offset = 0, ret; + + ret = snprintf(buf, len, "<dreg>%u</dreg><offset>%u</offset>" + "<len>%u</len>", p->dreg, p->offset, p->len); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + /* A default option is not provided. + * The <base> node will be missing; Is not mandatory. + */ + + switch (p->base) { + case NFT_PAYLOAD_LL_HEADER: + ret = snprintf(buf+offset, len, "<base>link</base>"); + break; + case NFT_PAYLOAD_NETWORK_HEADER: + ret = snprintf(buf+offset, len, "<base>network</base>"); + break; + case NFT_PAYLOAD_TRANSPORT_HEADER: + ret = snprintf(buf+offset, len, "<base>transport</base>"); + break; + default: + ret = snprintf(buf+offset, len, "<base>unknown</base>"); + break; + } + + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + return offset; +} + + +static int nft_rule_expr_payload_snprintf(char *buf, size_t len, uint32_t type, uint32_t flags, struct nft_rule_expr *e) { @@ -264,12 +305,8 @@ nft_rule_expr_payload_snprintf(char *buf, size_t len, uint32_t type, switch(type) { case NFT_RULE_O_XML: - return snprintf(buf, len, "<dreg>%u</dreg>" - "<base>%u</base><offset>%u</offset>" - "<len>%u</len>", - payload->dreg, payload->base, - payload->offset, payload->len); - + return nft_rule_expr_payload_snprintf_xml(buf, len, flags, + payload); case NFT_RULE_O_DEFAULT: return snprintf(buf, len, "dreg=%u base=%u offset=%u len=%u ", payload->dreg, payload->base, diff --git a/test/nft-rule-xml-add.sh b/test/nft-rule-xml-add.sh index 322e70c..e1e35d9 100755 --- a/test/nft-rule-xml-add.sh +++ b/test/nft-rule-xml-add.sh @@ -53,7 +53,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version </expr> <expr type=\"payload\"> <dreg>1</dreg> - <base>1</base> + <base>transport</base> <offset>12</offset> <len>4</len> </expr> @@ -69,7 +69,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version </expr> <expr type=\"payload\"> <dreg>1</dreg> - <base>1</base> + <base>link</base> <offset>16</offset> <len>4</len> </expr> @@ -85,7 +85,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version </expr> <expr type=\"payload\"> <dreg>1</dreg> - <base>1</base> + <base>network</base> <offset>9</offset> <len>1</len> </expr> |