summaryrefslogtreecommitdiffstats
path: root/src/expr
diff options
context:
space:
mode:
Diffstat (limited to 'src/expr')
-rw-r--r--src/expr/bitwise.c36
-rw-r--r--src/expr/byteorder.c38
-rw-r--r--src/expr/cmp.c33
-rw-r--r--src/expr/counter.c20
-rw-r--r--src/expr/ct.c167
-rw-r--r--src/expr/data_reg.c232
-rw-r--r--src/expr/data_reg.h6
-rw-r--r--src/expr/exthdr.c39
-rw-r--r--src/expr/immediate.c22
-rw-r--r--src/expr/limit.c21
-rw-r--r--src/expr/log.c31
-rw-r--r--src/expr/lookup.c78
-rw-r--r--src/expr/match.c14
-rw-r--r--src/expr/meta.c80
-rw-r--r--src/expr/nat.c44
-rw-r--r--src/expr/payload.c37
-rw-r--r--src/expr/queue.c4
-rw-r--r--src/expr/reject.c20
-rw-r--r--src/expr/target.c14
19 files changed, 551 insertions, 385 deletions
diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
index bcec516..c8fd0ec 100644
--- a/src/expr/bitwise.c
+++ b/src/expr/bitwise.c
@@ -18,8 +18,8 @@
#include <errno.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "data_reg.h"
#include "expr_ops.h"
@@ -181,35 +181,36 @@ nft_rule_expr_bitwise_parse(struct nft_rule_expr *e, struct nlattr *attr)
}
static int
-nft_rule_expr_bitwise_json_parse(struct nft_rule_expr *e, json_t *root)
+nft_rule_expr_bitwise_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
struct nft_expr_bitwise *bitwise = nft_expr_data(e);
uint32_t reg, len;
- if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, &reg) < 0)
+ if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, &reg, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_SREG, reg);
- if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &reg) < 0)
+ if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &reg, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_DREG, reg);
- if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &len) < 0)
+ if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &len, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_LEN, len);
if (nft_jansson_data_reg_parse(root, "mask",
- &bitwise->mask) != DATA_VALUE)
+ &bitwise->mask, err) != DATA_VALUE)
return -1;
e->flags |= (1 << NFT_EXPR_BITWISE_MASK);
if (nft_jansson_data_reg_parse(root, "xor",
- &bitwise->xor) != DATA_VALUE)
+ &bitwise->xor, err) != DATA_VALUE)
return -1;
e->flags |= (1 << NFT_EXPR_BITWISE_XOR);
@@ -225,21 +226,22 @@ nft_rule_expr_bitwise_json_parse(struct nft_rule_expr *e, json_t *root)
}
static int
-nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_bitwise *bitwise = nft_expr_data(e);
- int32_t reg;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg", &reg, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
bitwise->sreg = reg;
e->flags |= (1 << NFT_EXPR_BITWISE_SREG);
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "dreg", &reg, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
bitwise->dreg = reg;
@@ -247,19 +249,19 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST,
BASE_DEC, &bitwise->len, NFT_TYPE_U8,
- NFT_XML_MAND) != 0)
+ NFT_XML_MAND, err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_BITWISE_LEN);
if (nft_mxml_data_reg_parse(tree, "mask", &bitwise->mask,
- NFT_XML_MAND) != DATA_VALUE)
+ NFT_XML_MAND, err) != DATA_VALUE)
return -1;
e->flags |= (1 << NFT_EXPR_BITWISE_MASK);
if (nft_mxml_data_reg_parse(tree, "xor", &bitwise->xor,
- NFT_XML_MAND) != DATA_VALUE)
+ NFT_XML_MAND, err) != DATA_VALUE)
return -1;
e->flags |= (1 << NFT_EXPR_BITWISE_XOR);
diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c
index 7224c82..4889e80 100644
--- a/src/expr/byteorder.c
+++ b/src/expr/byteorder.c
@@ -18,8 +18,8 @@
#include <errno.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "data_reg.h"
#include "expr_ops.h"
@@ -194,24 +194,25 @@ static inline int nft_str2ntoh(const char *op)
}
static int
-nft_rule_expr_byteorder_json_parse(struct nft_rule_expr *e, json_t *root)
+nft_rule_expr_byteorder_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
const char *op;
uint32_t uval32;
int ntoh;
- if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, &uval32) < 0)
+ if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, &uval32, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_SREG, uval32);
- if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &uval32) < 0)
+ if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &uval32, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_DREG, uval32);
- op = nft_jansson_parse_str(root, "op");
+ op = nft_jansson_parse_str(root, "op", err);
if (op == NULL)
return -1;
@@ -221,12 +222,12 @@ nft_rule_expr_byteorder_json_parse(struct nft_rule_expr *e, json_t *root)
nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_OP, ntoh);
- if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32) < 0)
+ if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_LEN, uval32);
- if (nft_jansson_parse_val(root, "size", NFT_TYPE_U32, &uval32) < 0)
+ if (nft_jansson_parse_val(root, "size", NFT_TYPE_U32, &uval32, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_BYTEORDER_SIZE, uval32);
@@ -239,28 +240,31 @@ nft_rule_expr_byteorder_json_parse(struct nft_rule_expr *e, json_t *root)
}
static int
-nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_byteorder *byteorder = nft_expr_data(e);
const char *op;
- int32_t reg, ntoh;
+ int32_t ntoh;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg", &reg, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
byteorder->sreg = reg;
e->flags |= (1 << NFT_EXPR_BYTEORDER_SREG);
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "dreg", &reg, MXML_DESCEND, NFT_XML_MAND,
+ err) != 0)
return -1;
byteorder->dreg = reg;
e->flags |= (1 << NFT_EXPR_BYTEORDER_DREG);
- op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND);
+ op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND,
+ err);
if (op == NULL)
return -1;
@@ -273,14 +277,14 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC,
&byteorder->len, NFT_TYPE_U8,
- NFT_XML_MAND) != 0)
+ NFT_XML_MAND, err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_BYTEORDER_LEN);
if (nft_mxml_num_parse(tree, "size", MXML_DESCEND_FIRST, BASE_DEC,
&byteorder->size, NFT_TYPE_U8,
- NFT_XML_MAND) != 0)
+ NFT_XML_MAND, err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_BYTEORDER_SIZE);
diff --git a/src/expr/cmp.c b/src/expr/cmp.c
index 1c5787e..63250f3 100644
--- a/src/expr/cmp.c
+++ b/src/expr/cmp.c
@@ -19,15 +19,15 @@
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
#include "data_reg.h"
struct nft_expr_cmp {
union nft_data_reg data;
- uint32_t sreg; /* enum nft_registers */
- uint32_t op; /* enum nft_cmp_ops */
+ enum nft_registers sreg;
+ enum nft_cmp_ops op;
};
static int
@@ -174,7 +174,8 @@ static inline int nft_str2cmp(const char *op)
}
}
-static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root)
+static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
struct nft_expr_cmp *cmp = nft_expr_data(e);
@@ -182,12 +183,12 @@ static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root)
uint32_t uval32;
int base;
- if (nft_jansson_parse_val(root, "sreg", NFT_TYPE_U32, &uval32) < 0)
+ if (nft_jansson_parse_val(root, "sreg", NFT_TYPE_U32, &uval32, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_CMP_SREG, uval32);
- op = nft_jansson_parse_str(root, "op");
+ op = nft_jansson_parse_str(root, "op", err);
if (op == NULL)
return -1;
@@ -198,7 +199,7 @@ static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root)
nft_rule_expr_set_u32(e, NFT_EXPR_CMP_OP, base);
if (nft_jansson_data_reg_parse(root, "cmpdata",
- &cmp->data) != DATA_VALUE)
+ &cmp->data, err) != DATA_VALUE)
return -1;
e->flags |= (1 << NFT_EXPR_CMP_DATA);
@@ -210,21 +211,24 @@ static int nft_rule_expr_cmp_json_parse(struct nft_rule_expr *e, json_t *root)
#endif
}
-static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_cmp *cmp = nft_expr_data(e);
const char *op;
- int32_t reg, op_value;
+ int32_t op_value;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg", &reg, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
cmp->sreg = reg;
e->flags |= (1 << NFT_EXPR_CMP_SREG);
- op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND);
+ op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND,
+ err);
if (op == NULL)
return -1;
@@ -236,7 +240,8 @@ static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre
e->flags |= (1 << NFT_EXPR_CMP_OP);
if (nft_mxml_data_reg_parse(tree, "cmpdata",
- &cmp->data, NFT_XML_MAND) != DATA_VALUE)
+ &cmp->data, NFT_XML_MAND,
+ err) != DATA_VALUE)
return -1;
e->flags |= (1 << NFT_EXPR_CMP_DATA);
diff --git a/src/expr/counter.c b/src/expr/counter.c
index 4919a69..4bb7f1b 100644
--- a/src/expr/counter.c
+++ b/src/expr/counter.c
@@ -19,8 +19,8 @@
#include "internal.h"
#include <libmnl/libmnl.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
struct nft_expr_counter {
@@ -119,17 +119,18 @@ nft_rule_expr_counter_parse(struct nft_rule_expr *e, struct nlattr *attr)
}
static int
-nft_rule_expr_counter_json_parse(struct nft_rule_expr *e, json_t *root)
+nft_rule_expr_counter_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
uint64_t uval64;
- if (nft_jansson_parse_val(root, "pkts", NFT_TYPE_U64, &uval64) < 0)
+ if (nft_jansson_parse_val(root, "pkts", NFT_TYPE_U64, &uval64, err) < 0)
return -1;
nft_rule_expr_set_u64(e, NFT_EXPR_CTR_PACKETS, uval64);
- if (nft_jansson_parse_val(root, "bytes", NFT_TYPE_U64, &uval64) < 0)
+ if (nft_jansson_parse_val(root, "bytes", NFT_TYPE_U64, &uval64, err) < 0)
return -1;
nft_rule_expr_set_u64(e, NFT_EXPR_CTR_BYTES, uval64);
@@ -142,19 +143,22 @@ nft_rule_expr_counter_json_parse(struct nft_rule_expr *e, json_t *root)
}
static int
-nft_rule_expr_counter_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+nft_rule_expr_counter_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_counter *ctr = nft_expr_data(e);
if (nft_mxml_num_parse(tree, "pkts", MXML_DESCEND_FIRST, BASE_DEC,
- &ctr->pkts, NFT_TYPE_U64, NFT_XML_MAND) != 0)
+ &ctr->pkts, NFT_TYPE_U64, NFT_XML_MAND,
+ err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_CTR_PACKETS);
if (nft_mxml_num_parse(tree, "bytes", MXML_DESCEND_FIRST, BASE_DEC,
- &ctr->bytes, NFT_TYPE_U64, NFT_XML_MAND) != 0)
+ &ctr->bytes, NFT_TYPE_U64, NFT_XML_MAND,
+ err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_CTR_BYTES);
diff --git a/src/expr/ct.c b/src/expr/ct.c
index 49d8495..2df761c 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -18,8 +18,8 @@
#include "internal.h"
#include <libmnl/libmnl.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
struct nft_expr_ct {
@@ -141,10 +141,6 @@ nft_rule_expr_ct_parse(struct nft_rule_expr *e, struct nlattr *attr)
ct->key = ntohl(mnl_attr_get_u32(tb[NFTA_CT_KEY]));
e->flags |= (1 << NFT_EXPR_CT_KEY);
}
- if (tb[NFTA_CT_DIRECTION]) {
- ct->dir = mnl_attr_get_u8(tb[NFTA_CT_DIRECTION]);
- e->flags |= (1 << NFT_EXPR_CT_DIR);
- }
if (tb[NFTA_CT_DREG]) {
ct->dreg = ntohl(mnl_attr_get_u32(tb[NFTA_CT_DREG]));
e->flags |= (1 << NFT_EXPR_CT_DREG);
@@ -153,6 +149,10 @@ nft_rule_expr_ct_parse(struct nft_rule_expr *e, struct nlattr *attr)
ct->sreg = ntohl(mnl_attr_get_u32(tb[NFTA_CT_SREG]));
e->flags |= (1 << NFT_EXPR_CT_SREG);
}
+ if (tb[NFTA_CT_DIRECTION]) {
+ ct->dir = mnl_attr_get_u8(tb[NFTA_CT_DIRECTION]);
+ e->flags |= (1 << NFT_EXPR_CT_DIR);
+ }
return 0;
}
@@ -165,6 +165,7 @@ const char *ctkey2str_array[NFT_CT_MAX] = {
[NFT_CT_SECMARK] = "secmark",
[NFT_CT_EXPIRATION] = "expiration",
[NFT_CT_HELPER] = "helper",
+ [NFT_CT_L3PROTOCOL] = "l3protocol",
[NFT_CT_PROTOCOL] = "protocol",
[NFT_CT_SRC] = "src",
[NFT_CT_DST] = "dst",
@@ -192,30 +193,58 @@ static inline int str2ctkey(const char *ctkey)
return -1;
}
-static int nft_rule_expr_ct_json_parse(struct nft_rule_expr *e, json_t *root)
+static const char *ctdir2str(uint8_t ctdir)
+{
+ switch (ctdir) {
+ case IP_CT_DIR_ORIGINAL:
+ return "original";
+ case IP_CT_DIR_REPLY:
+ return "reply";
+ default:
+ return "unknow";
+ }
+}
+
+static inline int str2ctdir(const char *str, uint8_t *ctdir)
+{
+ if (strcmp(str, "original") == 0) {
+ *ctdir = IP_CT_DIR_ORIGINAL;
+ return 0;
+ }
+
+ if (strcmp(str, "reply") == 0) {
+ *ctdir = IP_CT_DIR_REPLY;
+ return 0;
+ }
+
+ return -1;
+}
+
+static int nft_rule_expr_ct_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
- const char *key_str;
+ const char *key_str, *dir_str;
uint32_t reg;
uint8_t dir;
int key;
if (nft_jansson_node_exist(root, "dreg")) {
- if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &reg) < 0)
+ if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &reg, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_CT_DREG, reg);
}
if (nft_jansson_node_exist(root, "sreg")) {
- if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, &reg) < 0)
+ if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, &reg, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_CT_SREG, reg);
}
if (nft_jansson_node_exist(root, "key")) {
- key_str = nft_jansson_parse_str(root, "key");
+ key_str = nft_jansson_parse_str(root, "key", err);
if (key_str == NULL)
return -1;
@@ -228,11 +257,15 @@ static int nft_rule_expr_ct_json_parse(struct nft_rule_expr *e, json_t *root)
}
if (nft_jansson_node_exist(root, "dir")) {
- if (nft_jansson_parse_val(root, "dir", NFT_TYPE_U8, &dir) < 0)
+ dir_str = nft_jansson_parse_str(root, "dir", err);
+ if (dir_str == NULL)
return -1;
- if (dir != IP_CT_DIR_ORIGINAL && dir != IP_CT_DIR_REPLY)
+ if (str2ctdir(dir_str, &dir) != 0) {
+ err->node_name = "dir";
+ err->error = NFT_PARSE_EBADTYPE;
goto err;
+ }
nft_rule_expr_set_u8(e, NFT_EXPR_CT_DIR, dir);
}
@@ -248,29 +281,30 @@ err:
}
-static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_ct *ct = nft_expr_data(e);
- const char *key_str;
- int32_t reg;
+ const char *key_str, *dir_str;
int key;
uint8_t dir;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST);
- if (reg >= 0) {
+ if (nft_mxml_reg_parse(tree, "dreg", &reg, MXML_DESCEND_FIRST,
+ NFT_XML_OPT, err) >= 0) {
ct->dreg = reg;
e->flags |= (1 << NFT_EXPR_CT_DREG);
}
- reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST);
- if (reg >= 0) {
+ if (nft_mxml_reg_parse(tree, "sreg", &reg, MXML_DESCEND_FIRST,
+ NFT_XML_OPT, err) >= 0) {
ct->sreg = reg;
e->flags |= (1 << NFT_EXPR_CT_SREG);
}
key_str = nft_mxml_str_parse(tree, "key", MXML_DESCEND_FIRST,
- NFT_XML_MAND);
+ NFT_XML_MAND, err);
if (key_str == NULL)
return -1;
@@ -281,15 +315,17 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree
ct->key = key;
e->flags |= (1 << NFT_EXPR_CT_KEY);
- if (nft_mxml_num_parse(tree, "dir", MXML_DESCEND_FIRST, BASE_DEC,
- &dir, NFT_TYPE_U8, NFT_XML_MAND) != 0)
- return -1;
-
- if (dir != IP_CT_DIR_ORIGINAL && dir != IP_CT_DIR_REPLY)
- goto err;
+ dir_str = nft_mxml_str_parse(tree, "dir", MXML_DESCEND_FIRST,
+ NFT_XML_OPT, err);
+ if (dir_str != NULL) {
+ if (str2ctdir(dir_str, &dir) != 0) {
+ err->node_name = "dir";
+ err->error = NFT_PARSE_EBADTYPE;
+ goto err;
+ }
- ct->dir = dir;
- e->flags |= (1 << NFT_EXPR_CT_DIR);
+ nft_rule_expr_set_u8(e, NFT_EXPR_CT_DIR, dir);
+ }
return 0;
err:
@@ -302,21 +338,41 @@ err:
}
static int
-nft_rule_expr_ct_snprintf_default(char *buf, size_t size,
- struct nft_rule_expr *e)
+nft_expr_ct_snprintf_json(char *buf, size_t size, struct nft_rule_expr *e)
{
+ int ret, len = size, offset = 0;
struct nft_expr_ct *ct = nft_expr_data(e);
- if (e->flags & (1 << NFT_EXPR_CT_SREG))
- return snprintf(buf, size, "set %s with reg %u ",
- ctkey2str(ct->key), ct->sreg);
+ if (e->flags & (1 << NFT_EXPR_CT_DREG)) {
+ ret = snprintf(buf+offset, len, "\"dreg\":%u,", ct->dreg);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ if (e->flags & (1 << NFT_EXPR_CT_SREG)) {
+ ret = snprintf(buf+offset, len, "\"sreg:\":%u,", ct->sreg);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ if (e->flags & (1 << NFT_EXPR_CT_KEY)) {
+ ret = snprintf(buf+offset, len, "\"key\":\"%s\",",
+ ctkey2str(ct->key));
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) {
+ ret = snprintf(buf+offset, len, "\"dir\":\"%s\",",
+ ctdir2str(ct->dir));
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ /* Remove the last separator characther */
+ buf[offset-1] = '\0';
- return snprintf(buf, size, "load %s => reg %u dir %u ",
- ctkey2str(ct->key), ct->dreg, ct->dir);
+ return offset-1;
}
static int
-nft_rule_expr_ct_snprintf_xml(char *buf, size_t size, struct nft_rule_expr *e)
+nft_expr_ct_snprintf_xml(char *buf, size_t size, struct nft_rule_expr *e)
{
int ret, len = size, offset = 0;
struct nft_expr_ct *ct = nft_expr_data(e);
@@ -337,8 +393,9 @@ nft_rule_expr_ct_snprintf_xml(char *buf, size_t size, struct nft_rule_expr *e)
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
- if (e->flags & (1 << NFT_EXPR_CT_DIR)) {
- ret = snprintf(buf+offset, len, "<dir>%u</dir>", ct->dir);
+ if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) {
+ ret = snprintf(buf+offset, len, "<dir>%s</dir>",
+ ctdir2str(ct->dir));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
@@ -346,36 +403,30 @@ nft_rule_expr_ct_snprintf_xml(char *buf, size_t size, struct nft_rule_expr *e)
}
static int
-nft_rule_expr_ct_snprintf_json(char *buf, size_t size, struct nft_rule_expr *e)
+nft_expr_ct_snprintf_default(char *buf, size_t size, struct nft_rule_expr *e)
{
int ret, len = size, offset = 0;
struct nft_expr_ct *ct = nft_expr_data(e);
- if (e->flags & (1 << NFT_EXPR_CT_DREG)) {
- ret = snprintf(buf+offset, len, "\"dreg\":%u,", ct->dreg);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
if (e->flags & (1 << NFT_EXPR_CT_SREG)) {
- ret = snprintf(buf+offset, len, "\"sreg:\":%u,", ct->sreg);
+ ret = snprintf(buf, size, "set %s with reg %u ",
+ ctkey2str(ct->key), ct->sreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
- if (e->flags & (1 << NFT_EXPR_CT_KEY)) {
- ret = snprintf(buf+offset, len, "\"key\":\"%s\",",
- ctkey2str(ct->key));
+ if (e->flags & (1 << NFT_EXPR_CT_DREG)) {
+ ret = snprintf(buf, len, "load %s => reg %u ",
+ ctkey2str(ct->key), ct->dreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
- if (e->flags & (1 << NFT_EXPR_CT_DIR)) {
- ret = snprintf(buf+offset, len, "\"dir\":%u,", ct->dir);
+ if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) {
+ ret = snprintf(buf+offset, len, ", dir %s ",
+ ctdir2str(ct->dir));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
- /* Remove the last separator characther */
- buf[offset-1] = '\0';
-
- return offset-1;
+ return offset;
}
static int
@@ -384,11 +435,11 @@ nft_rule_expr_ct_snprintf(char *buf, size_t len, uint32_t type,
{
switch(type) {
case NFT_OUTPUT_DEFAULT:
- return nft_rule_expr_ct_snprintf_default(buf, len, e);
+ return nft_expr_ct_snprintf_default(buf, len, e);
case NFT_OUTPUT_XML:
- return nft_rule_expr_ct_snprintf_xml(buf, len, e);
+ return nft_expr_ct_snprintf_xml(buf, len, e);
case NFT_OUTPUT_JSON:
- return nft_rule_expr_ct_snprintf_json(buf, len, e);
+ return nft_expr_ct_snprintf_json(buf, len, e);
default:
break;
}
diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
index a198c67..0523cb7 100644
--- a/src/expr/data_reg.c
+++ b/src/expr/data_reg.c
@@ -18,82 +18,85 @@
#include <netinet/in.h>
#include <libmnl/libmnl.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
-#include "internal.h"
-
#include <linux/netfilter.h>
#include <linux/netfilter/nf_tables.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
+#include "expr_ops.h"
+#include "data_reg.h"
+#include "internal.h"
#ifdef JSON_PARSING
-static int nft_data_reg_verdict_json_parse(union nft_data_reg *reg, json_t *data)
+static int nft_data_reg_verdict_json_parse(union nft_data_reg *reg, json_t *data,
+ struct nft_parse_err *err)
{
int verdict;
const char *verdict_str;
+ const char *chain;
- verdict_str = nft_jansson_parse_str(data, "verdict");
+ verdict_str = nft_jansson_parse_str(data, "verdict", err);
if (verdict_str == NULL)
- return -1;
+ return DATA_NONE;
- verdict = nft_str2verdict(verdict_str);
- if (verdict < 0)
+ if (nft_str2verdict(verdict_str, &verdict) != 0) {
+ err->node_name = "verdict";
+ err->error = NFT_PARSE_EBADTYPE;
+ errno = EINVAL;
return -1;
+ }
reg->verdict = (uint32_t)verdict;
- return 0;
-}
+ if (nft_jansson_node_exist(data, "chain")) {
+ chain = nft_jansson_parse_str(data, "chain", err);
+ if (chain == NULL)
+ return DATA_NONE;
-static int nft_data_reg_chain_json_parse(union nft_data_reg *reg, json_t *data)
-{
- reg->chain = strdup(nft_jansson_parse_str(data, "chain"));
- if (reg->chain == NULL) {
- return -1;
+ reg->chain = strdup(chain);
}
- return 0;
+ return DATA_VERDICT;
}
-static int nft_data_reg_value_json_parse(union nft_data_reg *reg, json_t *data)
+static int nft_data_reg_value_json_parse(union nft_data_reg *reg, json_t *data,
+ struct nft_parse_err *err)
{
int i;
char node_name[6];
- if (nft_jansson_parse_val(data, "len", NFT_TYPE_U8, &reg->len) < 0)
- return -1;
+ if (nft_jansson_parse_val(data, "len", NFT_TYPE_U8, &reg->len, err) < 0)
+ return DATA_NONE;
for (i = 0; i < div_round_up(reg->len, sizeof(uint32_t)); i++) {
sprintf(node_name, "data%d", i);
if (nft_jansson_str2num(data, node_name, BASE_HEX,
- &reg->val[i], NFT_TYPE_U32) != 0)
- return -1;
+ &reg->val[i], NFT_TYPE_U32, err) != 0)
+ return DATA_NONE;
}
- return 0;
+ return DATA_VALUE;
}
#endif
-int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data)
+int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
const char *type;
- type = nft_jansson_parse_str(data, "type");
+ type = nft_jansson_parse_str(data, "type", err);
if (type == NULL)
return -1;
/* Select what type of parsing is needed */
- if (strcmp(type, "value") == 0) {
- return nft_data_reg_value_json_parse(reg, data);
- } else if (strcmp(type, "verdict") == 0) {
- return nft_data_reg_verdict_json_parse(reg, data);
- } else if (strcmp(type, "chain") == 0) {
- return nft_data_reg_chain_json_parse(reg, data);
- }
+ if (strcmp(type, "value") == 0)
+ return nft_data_reg_value_json_parse(reg, data, err);
+ else if (strcmp(type, "verdict") == 0)
+ return nft_data_reg_verdict_json_parse(reg, data, err);
- return 0;
+ return DATA_NONE;
#else
errno = EOPNOTSUPP;
return -1;
@@ -102,44 +105,42 @@ int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data)
#ifdef XML_PARSING
static int nft_data_reg_verdict_xml_parse(union nft_data_reg *reg,
- mxml_node_t *tree)
+ mxml_node_t *tree,
+ struct nft_parse_err *err)
{
int verdict;
const char *verdict_str;
+ const char *chain;
verdict_str = nft_mxml_str_parse(tree, "verdict", MXML_DESCEND_FIRST,
- NFT_XML_MAND);
+ NFT_XML_MAND, err);
if (verdict_str == NULL)
return DATA_NONE;
- verdict = nft_str2verdict(verdict_str);
- if (verdict < 0)
+ if (nft_str2verdict(verdict_str, &verdict) != 0) {
+ err->node_name = "verdict";
+ err->error = NFT_PARSE_EBADTYPE;
+ errno = EINVAL;
return DATA_NONE;
+ }
reg->verdict = (uint32_t)verdict;
- return DATA_VERDICT;
-}
-
-static int nft_data_reg_chain_xml_parse(union nft_data_reg *reg,
- mxml_node_t *tree)
-{
- const char *chain;
-
chain = nft_mxml_str_parse(tree, "chain", MXML_DESCEND_FIRST,
- NFT_XML_MAND);
- if (chain == NULL)
- return DATA_NONE;
+ NFT_XML_OPT, err);
+ if (chain != NULL) {
+ if (reg->chain)
+ xfree(reg->chain);
- if (reg->chain)
- xfree(reg->chain);
+ reg->chain = strdup(chain);
+ }
- reg->chain = strdup(chain);
- return DATA_CHAIN;
+ return DATA_VERDICT;
}
static int nft_data_reg_value_xml_parse(union nft_data_reg *reg,
- mxml_node_t *tree)
+ mxml_node_t *tree,
+ struct nft_parse_err *err)
{
int i;
char node_name[6];
@@ -155,7 +156,7 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg,
*/
if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC,
- &reg->len, NFT_TYPE_U8, NFT_XML_MAND) != 0)
+ &reg->len, NFT_TYPE_U8, NFT_XML_MAND, err) != 0)
return DATA_NONE;
/* Get and set <dataN> */
@@ -164,7 +165,7 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg,
if (nft_mxml_num_parse(tree, node_name, MXML_DESCEND_FIRST,
BASE_HEX, &reg->val[i], NFT_TYPE_U32,
- NFT_XML_MAND) != 0)
+ NFT_XML_MAND, err) != 0)
return DATA_NONE;
}
@@ -172,7 +173,8 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg,
}
#endif
-int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree)
+int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
const char *type;
@@ -180,26 +182,25 @@ int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree)
node = mxmlFindElement(tree, tree, "data_reg", "type", NULL,
MXML_DESCEND_FIRST);
- if (node == NULL) {
- errno = EINVAL;
- return DATA_NONE;
- }
+ if (node == NULL)
+ goto err;
type = mxmlElementGetAttr(node, "type");
- if (type == NULL) {
- errno = EINVAL;
- return DATA_NONE;
- }
+ if (type == NULL)
+ goto err;
if (strcmp(type, "value") == 0)
- return nft_data_reg_value_xml_parse(reg, node);
+ return nft_data_reg_value_xml_parse(reg, node, err);
else if (strcmp(type, "verdict") == 0)
- return nft_data_reg_verdict_xml_parse(reg, node);
- else if (strcmp(type, "chain") == 0)
- return nft_data_reg_chain_xml_parse(reg, node);
+ return nft_data_reg_verdict_xml_parse(reg, node, err);
return DATA_NONE;
+err:
+ errno = EINVAL;
+ err->node_name = "data_reg";
+ err->error = NFT_PARSE_EMISSINGNODE;
+ return DATA_NONE;
#else
errno = EOPNOTSUPP;
return -1;
@@ -293,6 +294,67 @@ nft_data_reg_value_snprintf_default(char *buf, size_t size,
return offset;
}
+static int
+nft_data_reg_verdict_snprintf_def(char *buf, size_t size,
+ union nft_data_reg *reg, uint32_t flags)
+{
+ int len = size, offset = 0, ret = 0;
+
+ ret = snprintf(buf, size, "%s ", nft_verdict2str(reg->verdict));
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ if (reg->chain != NULL) {
+ ret = snprintf(buf+offset, size, "-> %s ", reg->chain);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ return offset;
+}
+
+static int
+nft_data_reg_verdict_snprintf_xml(char *buf, size_t size,
+ union nft_data_reg *reg, uint32_t flags)
+{
+ int len = size, offset = 0, ret = 0;
+
+ ret = snprintf(buf, size, "<data_reg type=\"verdict\">"
+ "<verdict>%s</verdict>", nft_verdict2str(reg->verdict));
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ if (reg->chain != NULL) {
+ ret = snprintf(buf+offset, size, "<chain>%s</chain>",
+ reg->chain);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ ret = snprintf(buf+offset, size, "</data_reg>");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
+static int
+nft_data_reg_verdict_snprintf_json(char *buf, size_t size,
+ union nft_data_reg *reg, uint32_t flags)
+{
+ int len = size, offset = 0, ret = 0;
+
+ ret = snprintf(buf, size, "\"data_reg\":{\"type\":\"verdict\","
+ "\"verdict\":\"%s\"", nft_verdict2str(reg->verdict));
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ if (reg->chain != NULL) {
+ ret = snprintf(buf+offset, size, ",\"chain\":\"%s\"",
+ reg->chain);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ ret = snprintf(buf+offset, size, "}");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg,
uint32_t output_format, uint32_t flags, int reg_type)
{
@@ -312,44 +374,24 @@ int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg,
break;
}
case DATA_VERDICT:
- switch(output_format) {
- case NFT_OUTPUT_DEFAULT:
- return snprintf(buf, size, "%d ", reg->verdict);
- case NFT_OUTPUT_XML:
- return snprintf(buf, size,
- "<data_reg type=\"verdict\">"
- "<verdict>%s</verdict>"
- "</data_reg>",
- nft_verdict2str(reg->verdict));
- case NFT_OUTPUT_JSON:
- return snprintf(buf, size,
- "\"data_reg\":{"
- "\"type\":\"verdict\","
- "\"verdict\":\"%s\""
- "}", nft_verdict2str(reg->verdict));
- default:
- break;
- }
case DATA_CHAIN:
switch(output_format) {
case NFT_OUTPUT_DEFAULT:
- return snprintf(buf, size, "%s ", reg->chain);
+ return nft_data_reg_verdict_snprintf_def(buf, size,
+ reg, flags);
case NFT_OUTPUT_XML:
- return snprintf(buf, size,
- "<data_reg type=\"chain\">"
- "<chain>%s</chain>"
- "</data_reg>", reg->chain);
+ return nft_data_reg_verdict_snprintf_xml(buf, size,
+ reg, flags);
case NFT_OUTPUT_JSON:
- return snprintf(buf, size,
- "\"data_reg\":{\"type\":\"chain\","
- "\"chain\":\"%s\""
- "}", reg->chain);
+ return nft_data_reg_verdict_snprintf_json(buf, size,
+ reg, flags);
default:
break;
}
default:
break;
}
+
return -1;
}
diff --git a/src/expr/data_reg.h b/src/expr/data_reg.h
index 8a6a235..5258051 100644
--- a/src/expr/data_reg.h
+++ b/src/expr/data_reg.h
@@ -29,8 +29,10 @@ union nft_data_reg {
int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg,
uint32_t output_format, uint32_t flags, int reg_type);
-int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree);
+int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree,
+ struct nft_parse_err *err);
int nft_parse_data(union nft_data_reg *data, struct nlattr *attr, int *type);
-int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data);
+int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data,
+ struct nft_parse_err *err);
#endif
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 6841ac1..66a6cf5 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -21,8 +21,8 @@
#include <linux/netfilter/nf_tables.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
@@ -32,9 +32,9 @@
struct nft_expr_exthdr {
enum nft_registers dreg;
+ uint32_t offset;
+ uint32_t len;
uint8_t type;
- unsigned int offset;
- unsigned int len;
};
static int
@@ -51,10 +51,10 @@ nft_rule_expr_exthdr_set(struct nft_rule_expr *e, uint16_t type,
exthdr->type = *((uint8_t *)data);
break;
case NFT_EXPR_EXTHDR_OFFSET:
- exthdr->offset = *((unsigned int *)data);
+ exthdr->offset = *((uint32_t *)data);
break;
case NFT_EXPR_EXTHDR_LEN:
- exthdr->len = *((unsigned int *)data);
+ exthdr->len = *((uint32_t *)data);
break;
default:
return -1;
@@ -193,19 +193,20 @@ static inline int str2exthdr_type(const char *str)
}
static int
-nft_rule_expr_exthdr_json_parse(struct nft_rule_expr *e, json_t *root)
+nft_rule_expr_exthdr_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
const char *exthdr_type;
uint32_t uval32;
int type;
- if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &uval32) < 0)
+ if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &uval32, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_EXTHDR_DREG, uval32);
- exthdr_type = nft_jansson_parse_str(root, "exthdr_type");
+ exthdr_type = nft_jansson_parse_str(root, "exthdr_type", err);
if (exthdr_type == NULL)
return -1;
@@ -215,12 +216,12 @@ nft_rule_expr_exthdr_json_parse(struct nft_rule_expr *e, json_t *root)
nft_rule_expr_set_u32(e, NFT_EXPR_EXTHDR_TYPE, type);
- if (nft_jansson_parse_val(root, "offset", NFT_TYPE_U32, &uval32) < 0)
+ if (nft_jansson_parse_val(root, "offset", NFT_TYPE_U32, &uval32, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_EXTHDR_OFFSET, uval32);
- if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32) < 0)
+ if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_EXTHDR_LEN, uval32);
@@ -233,23 +234,24 @@ nft_rule_expr_exthdr_json_parse(struct nft_rule_expr *e, json_t *root)
}
static int
-nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_exthdr *exthdr = nft_expr_data(e);
const char *exthdr_type;
- int32_t reg;
int type;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "dreg", &reg, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
exthdr->dreg = reg;
e->flags |= (1 << NFT_EXPR_EXTHDR_DREG);
exthdr_type = nft_mxml_str_parse(tree, "exthdr_type",
- MXML_DESCEND_FIRST, NFT_XML_MAND);
+ MXML_DESCEND_FIRST, NFT_XML_MAND, err);
if (exthdr_type == NULL)
return -1;
@@ -263,14 +265,15 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
/* Get and set <offset> */
if (nft_mxml_num_parse(tree, "offset", MXML_DESCEND_FIRST, BASE_DEC,
&exthdr->offset, NFT_TYPE_U32,
- NFT_XML_MAND) != 0)
+ NFT_XML_MAND, err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET);
/* Get and set <len> */
if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC,
- &exthdr->len, NFT_TYPE_U32, NFT_XML_MAND) != 0)
+ &exthdr->len, NFT_TYPE_U32, NFT_XML_MAND,
+ err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_EXTHDR_LEN);
diff --git a/src/expr/immediate.c b/src/expr/immediate.c
index a96d3de..b3c52b8 100644
--- a/src/expr/immediate.c
+++ b/src/expr/immediate.c
@@ -17,8 +17,8 @@
#include "internal.h"
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
#include "data_reg.h"
@@ -178,20 +178,21 @@ nft_rule_expr_immediate_parse(struct nft_rule_expr *e, struct nlattr *attr)
}
static int
-nft_rule_expr_immediate_json_parse(struct nft_rule_expr *e, json_t *root)
+nft_rule_expr_immediate_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
struct nft_expr_immediate *imm = nft_expr_data(e);
int datareg_type;
uint32_t reg;
- if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &reg) < 0)
+ if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &reg, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_IMM_DREG, reg);
datareg_type = nft_jansson_data_reg_parse(root, "immediatedata",
- &imm->data);
+ &imm->data, err);
if (datareg_type < 0)
return -1;
@@ -217,22 +218,23 @@ nft_rule_expr_immediate_json_parse(struct nft_rule_expr *e, json_t *root)
}
static int
-nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_immediate *imm = nft_expr_data(e);
int datareg_type;
- int32_t reg;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "dreg", &reg, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
imm->dreg = reg;
e->flags |= (1 << NFT_EXPR_IMM_DREG);
datareg_type = nft_mxml_data_reg_parse(tree, "immediatedata",
- &imm->data, NFT_XML_MAND);
+ &imm->data, NFT_XML_MAND, err);
switch (datareg_type) {
case DATA_VALUE:
e->flags |= (1 << NFT_EXPR_IMM_DATA);
diff --git a/src/expr/limit.c b/src/expr/limit.c
index 4854a77..7d10340 100644
--- a/src/expr/limit.c
+++ b/src/expr/limit.c
@@ -19,8 +19,8 @@
#include "internal.h"
#include <libmnl/libmnl.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
struct nft_expr_limit {
@@ -118,17 +118,18 @@ nft_rule_expr_limit_parse(struct nft_rule_expr *e, struct nlattr *attr)
return 0;
}
-static int nft_rule_expr_limit_json_parse(struct nft_rule_expr *e, json_t *root)
+static int nft_rule_expr_limit_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
uint64_t uval64;
- if (nft_jansson_parse_val(root, "rate", NFT_TYPE_U64, &uval64) < 0)
+ if (nft_jansson_parse_val(root, "rate", NFT_TYPE_U64, &uval64, err) < 0)
return -1;
nft_rule_expr_set_u64(e, NFT_EXPR_LIMIT_RATE, uval64);
- if (nft_jansson_parse_val(root, "unit", NFT_TYPE_U64, &uval64) < 0)
+ if (nft_jansson_parse_val(root, "unit", NFT_TYPE_U64, &uval64, err) < 0)
return -1;
nft_rule_expr_set_u64(e, NFT_EXPR_LIMIT_UNIT, uval64);
@@ -140,19 +141,23 @@ static int nft_rule_expr_limit_json_parse(struct nft_rule_expr *e, json_t *root)
#endif
}
-static int nft_rule_expr_limit_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+static int nft_rule_expr_limit_xml_parse(struct nft_rule_expr *e,
+ mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_limit *limit = nft_expr_data(e);
if (nft_mxml_num_parse(tree, "rate", MXML_DESCEND_FIRST, BASE_DEC,
- &limit->rate, NFT_TYPE_U64, NFT_XML_MAND) != 0)
+ &limit->rate, NFT_TYPE_U64, NFT_XML_MAND,
+ err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_LIMIT_RATE);
if (nft_mxml_num_parse(tree, "unit", MXML_DESCEND_FIRST, BASE_DEC,
- &limit->unit, NFT_TYPE_U64, NFT_XML_MAND) != 0)
+ &limit->unit, NFT_TYPE_U64, NFT_XML_MAND,
+ err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_LIMIT_UNIT);
diff --git a/src/expr/log.c b/src/expr/log.c
index 76657a9..5119c20 100644
--- a/src/expr/log.c
+++ b/src/expr/log.c
@@ -18,8 +18,8 @@
#include "internal.h"
#include <libmnl/libmnl.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
struct nft_expr_log {
@@ -160,31 +160,34 @@ nft_rule_expr_log_parse(struct nft_rule_expr *e, struct nlattr *attr)
return 0;
}
-static int nft_rule_expr_log_json_parse(struct nft_rule_expr *e, json_t *root)
+static int nft_rule_expr_log_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
const char *prefix;
uint32_t snaplen;
uint16_t uval16;
- prefix = nft_jansson_parse_str(root, "prefix");
+ prefix = nft_jansson_parse_str(root, "prefix", err);
if (prefix == NULL)
return -1;
nft_rule_expr_set_str(e, NFT_EXPR_LOG_PREFIX, prefix);
- if (nft_jansson_parse_val(root, "group", NFT_TYPE_U16, &uval16) < 0)
+ if (nft_jansson_parse_val(root, "group", NFT_TYPE_U16, &uval16,
+ err) < 0)
return -1;
nft_rule_expr_set_u16(e, NFT_EXPR_LOG_GROUP, uval16);
- if (nft_jansson_parse_val(root, "snaplen", NFT_TYPE_U32, &snaplen) < 0)
+ if (nft_jansson_parse_val(root, "snaplen", NFT_TYPE_U32, &snaplen,
+ err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_LOG_SNAPLEN, snaplen);
if (nft_jansson_parse_val(root, "qthreshold", NFT_TYPE_U16,
- &uval16) < 0)
+ &uval16, err) < 0)
return -1;
nft_rule_expr_set_u16(e, NFT_EXPR_LOG_QTHRESHOLD, uval16);
@@ -196,14 +199,16 @@ static int nft_rule_expr_log_json_parse(struct nft_rule_expr *e, json_t *root)
#endif
}
-static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e,
+ mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_log *log = nft_expr_data(e);
const char *prefix;
prefix = nft_mxml_str_parse(tree, "prefix", MXML_DESCEND_FIRST,
- NFT_XML_MAND);
+ NFT_XML_MAND, err);
if (prefix == NULL)
return -1;
@@ -211,20 +216,22 @@ static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre
e->flags |= (1 << NFT_EXPR_LOG_PREFIX);
if (nft_mxml_num_parse(tree, "group", MXML_DESCEND_FIRST, BASE_DEC,
- &log->group, NFT_TYPE_U16, NFT_XML_MAND) != 0)
+ &log->group, NFT_TYPE_U16, NFT_XML_MAND,
+ err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_LOG_GROUP);
if (nft_mxml_num_parse(tree, "snaplen", MXML_DESCEND_FIRST, BASE_DEC,
- &log->snaplen, NFT_TYPE_U32, NFT_XML_MAND) != 0)
+ &log->snaplen, NFT_TYPE_U32, NFT_XML_MAND,
+ err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_LOG_SNAPLEN);
if (nft_mxml_num_parse(tree, "qthreshold", MXML_DESCEND_FIRST,
BASE_DEC, &log->qthreshold,
- NFT_TYPE_U16, NFT_XML_MAND) != 0)
+ NFT_TYPE_U16, NFT_XML_MAND, err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_LOG_QTHRESHOLD);
diff --git a/src/expr/lookup.c b/src/expr/lookup.c
index 4e91cfb..5e0bf75 100644
--- a/src/expr/lookup.c
+++ b/src/expr/lookup.c
@@ -18,8 +18,8 @@
#include <errno.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
-#include <libnftables/rule.h>
-#include <libnftables/expr.h>
+#include <libnftnl/rule.h>
+#include <libnftnl/expr.h>
#include "data_reg.h"
#include "expr_ops.h"
@@ -143,24 +143,25 @@ nft_rule_expr_lookup_parse(struct nft_rule_expr *e, struct nlattr *attr)
}
static int
-nft_rule_expr_lookup_json_parse(struct nft_rule_expr *e, json_t *root)
+nft_rule_expr_lookup_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
const char *set_name;
int32_t reg;
- set_name = nft_jansson_parse_str(root, "set");
+ set_name = nft_jansson_parse_str(root, "set", err);
if (set_name == NULL)
return -1;
nft_rule_expr_set_str(e, NFT_EXPR_LOOKUP_SET, set_name);
- if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, &reg) < 0)
+ if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, &reg, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_LOOKUP_SREG, reg);
- if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &reg) < 0)
+ if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &reg, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_LOOKUP_DREG, reg);
@@ -173,15 +174,16 @@ nft_rule_expr_lookup_json_parse(struct nft_rule_expr *e, json_t *root)
}
static int
-nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_lookup *lookup = nft_expr_data(e);
const char *set_name;
- int32_t reg;
+ uint32_t reg;
set_name = nft_mxml_str_parse(tree, "set", MXML_DESCEND_FIRST,
- NFT_XML_MAND);
+ NFT_XML_MAND, err);
if (set_name == NULL)
return -1;
@@ -189,19 +191,18 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
lookup->set_name[IFNAMSIZ-1] = '\0';
e->flags |= (1 << NFT_EXPR_LOOKUP_SET);
- reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg", &reg, MXML_DESCEND,
+ NFT_XML_MAND, err) != 0)
return -1;
lookup->sreg = reg;
e->flags |= (1 << NFT_EXPR_LOOKUP_SREG);
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND);
- if (reg < 0)
- return -1;
-
- lookup->dreg = reg;
- e->flags |= (1 << NFT_EXPR_LOOKUP_DREG);
+ if (nft_mxml_reg_parse(tree, "dreg", &reg, MXML_DESCEND,
+ NFT_XML_OPT, err) == 0) {
+ lookup->dreg = reg;
+ e->flags |= (1 << NFT_EXPR_LOOKUP_DREG);
+ }
return 0;
#else
@@ -212,41 +213,59 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
static int
nft_rule_expr_lookup_snprintf_json(char *buf, size_t size,
- struct nft_expr_lookup *l)
+ struct nft_rule_expr *e)
{
int len = size, offset = 0, ret;
+ struct nft_expr_lookup *l = nft_expr_data(e);
- ret = snprintf(buf, len, "\"set\":\"%s\",\"sreg\":%u,\"dreg\":%u",
- l->set_name, l->sreg, l->dreg);
+ ret = snprintf(buf, len, "\"set\":\"%s\",\"sreg\":%u",
+ l->set_name, l->sreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ if (e->flags & (1 << NFT_EXPR_LOOKUP_DREG)) {
+ ret = snprintf(buf+offset, len, ",\"dreg\":%u", l->dreg);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
return offset;
}
static int
nft_rule_expr_lookup_snprintf_xml(char *buf, size_t size,
- struct nft_expr_lookup *l)
+ struct nft_rule_expr *e)
{
int len = size, offset = 0, ret;
+ struct nft_expr_lookup *l = nft_expr_data(e);
- ret = snprintf(buf, len, "<set>%s</set><sreg>%u</sreg><dreg>%u</dreg>",
- l->set_name, l->sreg, l->dreg);
+ ret = snprintf(buf, len, "<set>%s</set><sreg>%u</sreg>",
+ l->set_name, l->sreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ if (e->flags & (1 << NFT_EXPR_LOOKUP_DREG)) {
+ ret = snprintf(buf+offset, len, "<dreg>%u</dreg>", l->dreg);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
return offset;
}
static int
nft_rule_expr_lookup_snprintf_default(char *buf, size_t size,
- struct nft_expr_lookup *l)
+ struct nft_rule_expr *e)
{
int len = size, offset = 0, ret;
+ struct nft_expr_lookup *l = nft_expr_data(e);
- ret = snprintf(buf, len, "reg %u set %s dreg %u ",
- l->sreg, l->set_name, l->dreg);
+ ret = snprintf(buf, len, "reg %u set %s ", l->sreg, l->set_name);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ if (e->flags & (1 << NFT_EXPR_LOOKUP_DREG)) {
+ ret = snprintf(buf+offset, len, "dreg %u ", l->dreg);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
return offset;
}
@@ -254,15 +273,14 @@ static int
nft_rule_expr_lookup_snprintf(char *buf, size_t size, uint32_t type,
uint32_t flags, struct nft_rule_expr *e)
{
- struct nft_expr_lookup *lookup = nft_expr_data(e);
switch(type) {
case NFT_OUTPUT_DEFAULT:
- return nft_rule_expr_lookup_snprintf_default(buf, size, lookup);
+ return nft_rule_expr_lookup_snprintf_default(buf, size, e);
case NFT_OUTPUT_XML:
- return nft_rule_expr_lookup_snprintf_xml(buf, size, lookup);
+ return nft_rule_expr_lookup_snprintf_xml(buf, size, e);
case NFT_OUTPUT_JSON:
- return nft_rule_expr_lookup_snprintf_json(buf, size, lookup);
+ return nft_rule_expr_lookup_snprintf_json(buf, size, e);
default:
break;
}
diff --git a/src/expr/match.c b/src/expr/match.c
index c7863b8..9f2fa03 100644
--- a/src/expr/match.c
+++ b/src/expr/match.c
@@ -22,8 +22,8 @@
#include <linux/netfilter/nf_tables_compat.h>
#include <linux/netfilter/x_tables.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
@@ -170,12 +170,13 @@ static int nft_rule_expr_match_parse(struct nft_rule_expr *e, struct nlattr *att
return 0;
}
-static int nft_rule_expr_match_json_parse(struct nft_rule_expr *e, json_t *root)
+static int nft_rule_expr_match_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
const char *name;
- name = nft_jansson_parse_str(root, "name");
+ name = nft_jansson_parse_str(root, "name", err);
if (name == NULL)
return -1;
@@ -189,14 +190,15 @@ static int nft_rule_expr_match_json_parse(struct nft_rule_expr *e, json_t *root)
}
-static int nft_rule_expr_match_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+static int nft_rule_expr_match_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_match *mt = nft_expr_data(e);
const char *name;
name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST,
- NFT_XML_MAND);
+ NFT_XML_MAND, err);
if (name == NULL)
return -1;
diff --git a/src/expr/meta.c b/src/expr/meta.c
index f96b081..bee2f4c 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -18,8 +18,8 @@
#include "internal.h"
#include <libmnl/libmnl.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
#ifndef NFT_META_MAX
@@ -27,9 +27,9 @@
#endif
struct nft_expr_meta {
- uint32_t key; /* enum nft_meta_keys */
- uint32_t dreg; /* enum nft_registers */
- uint32_t sreg; /* enum nft_registers */
+ enum nft_meta_keys key;
+ enum nft_registers dreg;
+ enum nft_registers sreg;
};
static int
@@ -135,7 +135,7 @@ nft_rule_expr_meta_parse(struct nft_rule_expr *e, struct nlattr *attr)
return 0;
}
-const char *meta_key2str_array[NFT_META_MAX] = {
+static const char *meta_key2str_array[NFT_META_MAX] = {
[NFT_META_LEN] = "len",
[NFT_META_PROTOCOL] = "protocol",
[NFT_META_NFPROTO] = "nfproto",
@@ -176,14 +176,15 @@ static inline int str2meta_key(const char *str)
return -1;
}
-static int nft_rule_expr_meta_json_parse(struct nft_rule_expr *e, json_t *root)
+static int nft_rule_expr_meta_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
const char *key_str;
- uint32_t reg, sreg;
+ uint32_t reg;
int key;
- key_str = nft_jansson_parse_str(root, "key");
+ key_str = nft_jansson_parse_str(root, "key", err);
if (key_str == NULL)
return -1;
@@ -194,18 +195,19 @@ static int nft_rule_expr_meta_json_parse(struct nft_rule_expr *e, json_t *root)
nft_rule_expr_set_u32(e, NFT_EXPR_META_KEY, key);
if (nft_jansson_node_exist(root, "dreg")) {
- if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &reg) < 0)
+ if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &reg,
+ err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_META_DREG, reg);
}
if (nft_jansson_node_exist(root, "sreg")) {
- if (nft_jansson_parse_reg(root, "sreg",
- NFT_TYPE_U32, &sreg) < 0)
+ if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, &reg,
+ err) < 0)
return -1;
- nft_rule_expr_set_u32(e, NFT_EXPR_META_SREG, sreg);
+ nft_rule_expr_set_u32(e, NFT_EXPR_META_SREG, reg);
}
return 0;
@@ -216,16 +218,17 @@ static int nft_rule_expr_meta_json_parse(struct nft_rule_expr *e, json_t *root)
}
-static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_meta *meta = nft_expr_data(e);
const char *key_str;
- int32_t reg;
int key;
+ uint32_t reg;
key_str = nft_mxml_str_parse(tree, "key", MXML_DESCEND_FIRST,
- NFT_XML_MAND);
+ NFT_XML_MAND, err);
if (key_str == NULL)
return -1;
@@ -236,14 +239,14 @@ static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, mxml_node_t *tr
meta->key = key;
e->flags |= (1 << NFT_EXPR_META_KEY);
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST);
- if (reg >= 0) {
+ if (nft_mxml_reg_parse(tree, "dreg", &reg, MXML_DESCEND_FIRST,
+ NFT_XML_OPT, err) >= 0) {
meta->dreg = reg;
e->flags |= (1 << NFT_EXPR_META_DREG);
}
- reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST);
- if (reg >= 0) {
+ if (nft_mxml_reg_parse(tree, "sreg", &reg, MXML_DESCEND_FIRST,
+ NFT_XML_OPT, err) >= 0) {
meta->sreg = reg;
e->flags |= (1 << NFT_EXPR_META_SREG);
}
@@ -261,12 +264,15 @@ nft_rule_expr_meta_snprintf_default(char *buf, size_t len,
{
struct nft_expr_meta *meta = nft_expr_data(e);
- if (e->flags & (1 << NFT_EXPR_META_SREG))
+ if (e->flags & (1 << NFT_EXPR_META_SREG)) {
return snprintf(buf, len, "set %s with reg %u ",
meta_key2str(meta->key), meta->sreg);
-
- return snprintf(buf, len, "load %s => reg %u ",
- meta_key2str(meta->key), meta->dreg);
+ }
+ if (e->flags & (1 << NFT_EXPR_META_DREG)) {
+ return snprintf(buf, len, "load %s => reg %u ",
+ meta_key2str(meta->key), meta->dreg);
+ }
+ return 0;
}
static int
@@ -276,6 +282,12 @@ nft_rule_expr_meta_snprintf_xml(char *buf, size_t size,
int ret, len = size, offset = 0;
struct nft_expr_meta *meta = nft_expr_data(e);
+ if (e->flags & (1 << NFT_EXPR_META_DREG)) {
+ ret = snprintf(buf+offset, len, "<dreg>%u</dreg>",
+ meta->dreg);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
if (e->flags & (1 << NFT_EXPR_META_KEY)) {
ret = snprintf(buf+offset, len, "<key>%s</key>",
meta_key2str(meta->key));
@@ -288,12 +300,6 @@ nft_rule_expr_meta_snprintf_xml(char *buf, size_t size,
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
- if (e->flags & (1 << NFT_EXPR_META_DREG)) {
- ret = snprintf(buf+offset, len, "<dreg>%u</dreg>",
- meta->dreg);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
return offset;
}
@@ -304,6 +310,12 @@ nft_rule_expr_meta_snprintf_json(char *buf, size_t size,
int ret, len = size, offset = 0;
struct nft_expr_meta *meta = nft_expr_data(e);
+ if (e->flags & (1 << NFT_EXPR_META_DREG)) {
+ ret = snprintf(buf+offset, len, "\"dreg\":%u,",
+ meta->dreg);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
if (e->flags & (1 << NFT_EXPR_META_KEY)) {
ret = snprintf(buf+offset, len, "\"key\":\"%s\",",
meta_key2str(meta->key));
@@ -311,17 +323,11 @@ nft_rule_expr_meta_snprintf_json(char *buf, size_t size,
}
if (e->flags & (1 << NFT_EXPR_META_SREG)) {
- ret = snprintf(buf+offset, len, "\"sreg\":%u\",",
+ ret = snprintf(buf+offset, len, "\"sreg\":%u,",
meta->sreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
- if (e->flags & (1 << NFT_EXPR_META_DREG)) {
- ret = snprintf(buf+offset, len, "\"dreg\":%u\",",
- meta->dreg);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
/* Remove the last separator characther */
buf[offset-1] = '\0';
diff --git a/src/expr/nat.c b/src/expr/nat.c
index 30b02ec..42f2b49 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -20,8 +20,8 @@
#include <arpa/inet.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
struct nft_expr_nat {
@@ -196,14 +196,15 @@ static inline int nft_str2nat(const char *nat)
}
}
-static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root)
+static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
const char *nat_type, *family_str;
uint32_t reg;
int val32;
- nat_type = nft_jansson_parse_str(root, "nat_type");
+ nat_type = nft_jansson_parse_str(root, "nat_type", err);
if (nat_type == NULL)
return -1;
@@ -213,7 +214,7 @@ static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root)
nft_rule_expr_set_u32(e, NFT_EXPR_NAT_TYPE, val32);
- family_str = nft_jansson_parse_str(root, "family");
+ family_str = nft_jansson_parse_str(root, "family", err);
if (family_str == NULL)
return -1;
@@ -224,25 +225,25 @@ static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root)
nft_rule_expr_set_u32(e, NFT_EXPR_NAT_FAMILY, val32);
if (nft_jansson_parse_reg(root, "sreg_addr_min", NFT_TYPE_U32,
- &reg) < 0)
+ &reg, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_ADDR_MIN, reg);
if (nft_jansson_parse_reg(root, "sreg_addr_max", NFT_TYPE_U32,
- &reg) < 0)
+ &reg, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_ADDR_MAX, reg);
if (nft_jansson_parse_reg(root, "sreg_proto_min", NFT_TYPE_U32,
- &reg) < 0)
+ &reg, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_PROTO_MIN, reg);
if (nft_jansson_parse_reg(root, "sreg_proto_max", NFT_TYPE_U32,
- &reg) < 0)
+ &reg, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_NAT_REG_PROTO_MAX, reg);
@@ -254,16 +255,17 @@ static int nft_rule_expr_nat_json_parse(struct nft_rule_expr *e, json_t *root)
#endif
}
-static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_nat *nat = nft_expr_data(e);
const char *nat_type;
- int32_t reg;
int family, nat_type_value;
+ uint32_t reg;
nat_type = nft_mxml_str_parse(tree, "type", MXML_DESCEND_FIRST,
- NFT_XML_MAND);
+ NFT_XML_MAND, err);
if (nat_type == NULL)
return -1;
@@ -275,7 +277,7 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre
e->flags |= (1 << NFT_EXPR_NAT_TYPE);
family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST,
- NFT_XML_MAND);
+ NFT_XML_MAND, err);
if (family < 0) {
mxmlDelete(tree);
return -1;
@@ -284,29 +286,29 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre
nat->family = family;
e->flags |= (1 << NFT_EXPR_NAT_FAMILY);
- reg = nft_mxml_reg_parse(tree, "sreg_addr_min", MXML_DESCEND);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg_addr_min", &reg,
+ MXML_DESCEND, NFT_XML_MAND, err) != 0)
return -1;
nat->sreg_addr_min = reg;
e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MIN);
- reg = nft_mxml_reg_parse(tree, "sreg_addr_max", MXML_DESCEND);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg_addr_max", &reg,
+ MXML_DESCEND, NFT_XML_MAND, err) != 0)
return -1;
nat->sreg_addr_max = reg;
e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MAX);
- reg = nft_mxml_reg_parse(tree, "sreg_proto_min", MXML_DESCEND);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg_proto_min", &reg,
+ MXML_DESCEND, NFT_XML_MAND, err) != 0)
return -1;
nat->sreg_proto_min = reg;
e->flags |= (1 << NFT_EXPR_NAT_REG_PROTO_MIN);
- reg = nft_mxml_reg_parse(tree, "sreg_proto_max", MXML_DESCEND);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg_proto_max", &reg,
+ MXML_DESCEND, NFT_XML_MAND, err) != 0)
return -1;
nat->sreg_proto_max = reg;
diff --git a/src/expr/payload.c b/src/expr/payload.c
index fc32ff2..ad82015 100644
--- a/src/expr/payload.c
+++ b/src/expr/payload.c
@@ -21,16 +21,16 @@
#include <linux/netfilter/nf_tables.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
struct nft_expr_payload {
enum nft_registers dreg;
enum nft_payload_bases base;
- unsigned int offset;
- unsigned int len;
+ uint32_t offset;
+ uint32_t len;
};
static int
@@ -194,19 +194,20 @@ static inline int nft_str2base(const char *base)
}
static int
-nft_rule_expr_payload_json_parse(struct nft_rule_expr *e, json_t *root)
+nft_rule_expr_payload_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
const char *base_str;
uint32_t reg, uval32;
int base;
- if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &reg) < 0)
+ if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &reg, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_DREG, reg);
- base_str = nft_jansson_parse_str(root, "base");
+ base_str = nft_jansson_parse_str(root, "base", err);
if (base_str == NULL)
return -1;
@@ -216,12 +217,13 @@ nft_rule_expr_payload_json_parse(struct nft_rule_expr *e, json_t *root)
nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_BASE, base);
- if (nft_jansson_parse_val(root, "offset", NFT_TYPE_U32, &uval32) < 0)
+ if (nft_jansson_parse_val(root, "offset", NFT_TYPE_U32, &uval32,
+ err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_OFFSET, uval32);
- if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32) < 0)
+ if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &uval32, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_LEN, uval32);
@@ -234,22 +236,24 @@ nft_rule_expr_payload_json_parse(struct nft_rule_expr *e, json_t *root)
}
static int
-nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_payload *payload = nft_expr_data(e);
const char *base_str;
- int32_t reg, base;
+ int32_t base;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "dreg", &reg, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
payload->dreg = reg;
e->flags |= (1 << NFT_EXPR_PAYLOAD_DREG);
base_str = nft_mxml_str_parse(tree, "base", MXML_DESCEND_FIRST,
- NFT_XML_MAND);
+ NFT_XML_MAND, err);
if (base_str == NULL)
return -1;
@@ -262,13 +266,14 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
if (nft_mxml_num_parse(tree, "offset", MXML_DESCEND_FIRST, BASE_DEC,
&payload->offset, NFT_TYPE_U8,
- NFT_XML_MAND) != 0)
+ NFT_XML_MAND, err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_PAYLOAD_OFFSET);
if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC,
- &payload->len, NFT_TYPE_U8, NFT_XML_MAND) != 0)
+ &payload->len, NFT_TYPE_U8,
+ NFT_XML_MAND, err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_PAYLOAD_LEN);
diff --git a/src/expr/queue.c b/src/expr/queue.c
index 4c1c8a7..c3d0e19 100644
--- a/src/expr/queue.c
+++ b/src/expr/queue.c
@@ -17,8 +17,8 @@
#include "internal.h"
#include <libmnl/libmnl.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
struct nft_expr_queue {
diff --git a/src/expr/reject.c b/src/expr/reject.c
index 848f004..62346e9 100644
--- a/src/expr/reject.c
+++ b/src/expr/reject.c
@@ -18,8 +18,8 @@
#include "internal.h"
#include <libmnl/libmnl.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
struct nft_expr_reject {
@@ -122,18 +122,19 @@ nft_rule_expr_reject_parse(struct nft_rule_expr *e, struct nlattr *attr)
}
static int
-nft_rule_expr_reject_json_parse(struct nft_rule_expr *e, json_t *root)
+nft_rule_expr_reject_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
uint32_t type;
uint16_t code;
- if (nft_jansson_parse_val(root, "type", NFT_TYPE_U32, &type) < 0)
+ if (nft_jansson_parse_val(root, "type", NFT_TYPE_U32, &type, err) < 0)
return -1;
nft_rule_expr_set_u32(e, NFT_EXPR_REJECT_TYPE, type);
- if (nft_jansson_parse_val(root, "code", NFT_TYPE_U8, &code) < 0)
+ if (nft_jansson_parse_val(root, "code", NFT_TYPE_U8, &code, err) < 0)
return -1;
nft_rule_expr_set_u8(e, NFT_EXPR_REJECT_CODE, code);
@@ -146,19 +147,22 @@ nft_rule_expr_reject_json_parse(struct nft_rule_expr *e, json_t *root)
}
static int
-nft_rule_expr_reject_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+nft_rule_expr_reject_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_reject *reject = nft_expr_data(e);
if (nft_mxml_num_parse(tree, "type", MXML_DESCEND_FIRST, BASE_DEC,
- &reject->type, NFT_TYPE_U32, NFT_XML_MAND) != 0)
+ &reject->type, NFT_TYPE_U32, NFT_XML_MAND,
+ err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_REJECT_TYPE);
if (nft_mxml_num_parse(tree, "code", MXML_DESCEND_FIRST, BASE_DEC,
- &reject->icmp_code, NFT_TYPE_U8, NFT_XML_MAND) != 0)
+ &reject->icmp_code, NFT_TYPE_U8, NFT_XML_MAND,
+ err) != 0)
return -1;
e->flags |= (1 << NFT_EXPR_REJECT_CODE);
diff --git a/src/expr/target.c b/src/expr/target.c
index 23dff3a..36e37de 100644
--- a/src/expr/target.c
+++ b/src/expr/target.c
@@ -22,8 +22,8 @@
#include <linux/netfilter/nf_tables_compat.h>
#include <linux/netfilter/x_tables.h>
-#include <libnftables/expr.h>
-#include <libnftables/rule.h>
+#include <libnftnl/expr.h>
+#include <libnftnl/rule.h>
#include "expr_ops.h"
@@ -171,12 +171,13 @@ static int nft_rule_expr_target_parse(struct nft_rule_expr *e, struct nlattr *at
}
static int
-nft_rule_expr_target_json_parse(struct nft_rule_expr *e, json_t *root)
+nft_rule_expr_target_json_parse(struct nft_rule_expr *e, json_t *root,
+ struct nft_parse_err *err)
{
#ifdef JSON_PARSING
const char *name;
- name = nft_jansson_parse_str(root, "name");
+ name = nft_jansson_parse_str(root, "name", err);
if (name == NULL)
return -1;
@@ -190,14 +191,15 @@ nft_rule_expr_target_json_parse(struct nft_rule_expr *e, json_t *root)
}
static int
-nft_rule_expr_target_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree)
+nft_rule_expr_target_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
+ struct nft_parse_err *err)
{
#ifdef XML_PARSING
struct nft_expr_target *tg = nft_expr_data(e);
const char *name;
name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST,
- NFT_XML_MAND);
+ NFT_XML_MAND, err);
if (name == NULL)
return -1;