summaryrefslogtreecommitdiffstats
path: root/src/expr/immediate.c
Commit message (Collapse)AuthorAgeFilesLines
* expr: immediate: Do not print unset values in xml fileAna Rey2014-06-231-22/+23
| | | | | | | It changes the parse functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: immediate: Do not print unset values in json fileAna Rey2014-06-231-27/+23
| | | | | | | It changes the parse functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: immediate: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-231-3/+1
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* xml, json: Delete an immediatedate label in xml and json fileAna Rey2014-04-141-10/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It deletes the immediatedata label in the structure of json and xml file. Example of the old structure of xmlfile: <nftables> <rule> <family>ip</family> <table>filter</table> <chain>input</chain> <handle>32</handle> <expr type="immediate"> <dreg>0</dreg> <immediatedata> <data_reg type="verdict"> <verdict>accept</verdict> </data_reg> </immediatedata> </expr> </rule> </nftables> Example of the new structure of xmlfile: <nftables> <rule> <family>ip</family> <table>filter</table> <chain>input</chain> <handle>32</handle> <expr type="immediate"> <dreg>0</dreg> <data_reg type="verdict"> <verdict>accept</verdict> </data_reg> </expr> </rule> </nftables> To generate the new testfiles, It use the option -u of nft-parsing-test script. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rename library to libnftnllibnftnl-1.0.0Pablo Neira Ayuso2014-01-201-2/+2
| | | | | | We plan to use this library name for the higher layer library. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* mxml: add optional/mandatory flag to nft_mxml_reg_parseArturo Borrero2014-01-151-3/+3
| | | | | | | | | | | | | | | There are some cases where a reg is not mandatory, for example: * dreg in lookup * dreg/sreg in meta (last version) So, lets change the function nft_mxml_reg_parse() to add an optional/mandatory flag. dreg in lookup is optional as stated at: net/netfilter/nft_lookup.c:nft_lookup_init() Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: new error reporting approach for XML/JSON parsersÁlvaro Neira Ayuso2014-01-061-6/+8
| | | | | | | | | | | | | | I have added a new structure for reporting some errors in parser that we can't cover with errno. In this patch, we have three errors that we can't cover with errno: NFT_PARSE_EBADINPUT : Bad XML/JSON format in the input NFT_PARSE_EMISSINGNODE : Missing node in our input NFT_PARSE_EBADTYPE : Wrong type value in a node Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: unify parse and output typesÁlvaro Neira Ayuso2013-11-141-12/+12
| | | | | | | | | Unify parse and output types that are redundant to all existing nftables objects. Thus, all NFT_*_O_[XML|JSON|DEFAULT] are merged into NFT_OUTPUT_[JSON|XML] and NFT_PARSE_[JSON|XML]. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: json: remove spacesÁlvaro Neira Ayuso2013-10-171-2/+2
| | | | | | | | | | | | Remove all the spaces from the JSON output to reduce the size of the output string, this also provides a consistent output in table, chain, rule and set. As Stephen Hemminger suggested, better to squash the output to consume as less bytes as possible. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: replace size_t by uint32_t in set/get interfacesPablo Neira Ayuso2013-09-191-2/+2
| | | | | | | | | | | | This patch breaks the ABI to shrink the size parameter from 8 to 4 bytes in x86_64. The maximum length of netlink attributes is 2 bytes, so 4 bytes as attribute payload length should be enough. After this patch, size_t is only used in the nft_*_snprintf interfaces. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: add parsing optional/mandatory flagArturo Borrero Gonzalez2013-09-161-4/+1
| | | | | | | | | | | Add an optional/mandatory flag to XML parsing. In some elements (ie regs), no flag is used because is always mandatory. DATA_NONE is created to indicate a non-parsed data_reg. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: json: s/nft_jansson_value_parse_reg/nft_jansson_parse_reg/gPablo Neira Ayuso2013-08-241-1/+1
| | | | | | | | This patch is a cleanup to save LOC. I have also changed it to use < 0 to check for error conditions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: Add json parser supportÁlvaro Neira Ayuso2013-08-201-0/+40
| | | | | | | Add function for parsing rules in JSON format Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add xfree and use itPablo Neira Ayuso2013-08-061-1/+1
| | | | | | | | This patch adds xfree, a replacement of free that accepts const pointers. This helps to remove ugly castings that you usually need to calm down gcc. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* immediate: xml: fix name inconsistencyArturo Borrero2013-07-251-1/+2
| | | | | | | | | | <immdata> should be <immediatedata> instead. This bug was introduced at (1e8e5d4 src: xml: consolidate parsing of data_reg via nft_mxml_data_reg_parse). Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: simplify getter logicPablo Neira Ayuso2013-07-181-26/+8
| | | | | | | | This patch refactors the getter code to simplify it. The default cases have been removed so gcc will spot a warning if an attribute is not handled appropriately. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add nft_expr_data to replace explicit casting to obtain expression dataPablo Neira Ayuso2013-07-131-8/+8
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: use __attribute__((constructor)) to register expressionPablo Neira Ayuso2013-07-131-0/+5
| | | | | | Instead of manual array registration. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: consolidate parsing of data_reg via nft_mxml_data_reg_parseArturo Borrero2013-07-061-35/+12
| | | | | | | | Move common code for XML parsing of data_reg to the new nft_mxml_data_reg_parse function. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: improve default text outputGiuseppe Longo2013-07-051-1/+1
| | | | | | | | | | | | | This patch improves default plain text output by mimicing the default output of libnl-nft. While at it, several %lu has been translated to use %"PRIu64" for correctness. [ I have added the policy to string translation --pablo ] Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: consolidate XML parsing of expressions via nft_mxml_reg_parsePablo Neira Ayuso2013-07-041-14/+4
| | | | This patch reduces the XML code in 100 LOC.
* src: consolidate XML parsing of expressions via nft_mxml_expr_parsePablo Neira Ayuso2013-07-041-39/+8
| | | | | | | | | Move common code for XML parsing of expressions to the new nft_mxml_expr_parse function. This patch reduces the XML parsing code in 300 LOC. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: support JSON format in chain, rule and expressionsÁlvaro Neira Ayuso2013-06-291-2/+38
| | | | | | | While at it, order possible switch cases of _snprintf. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: xml: registers must be <= NFT_REG_MAXArturo Borrero Gonzalez2013-06-271-0/+5
| | | | | | | With this patch, all expressions validate that registers are <= NFT_REG_MAX. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: constify first parameter of all nft_*_getPablo Neira Ayuso2013-06-171-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: immediate: fix display of dreg expressionEric Leblond2013-06-051-1/+1
| | | | | Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add support for XML parsingArturo Borrero Gonzalez2013-05-231-1/+101
| | | | | | | | | | | | | | | | | | | This patch adds capabilities for parsing a XML table/chain/rule. Some comments: * The XML data is case sensitive (so <chain>asd</chain> != <chain>ASD</chain> != <CHAIN>asd</CHAIN>) * All exported functions receive XML and return an object (table|chain|rule). * To compile the lib with XML parsing support, run './configure --with-xml-parsing' * XML parsing is done with libmxml (http://minixml.org). XML parsing depends on this external lib, this dependency is optional at compile time. NOTE: expr/target and expr/match binary data are exported. [ Fixed to compile without --with-xml-parsing --pablo ] Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com>
* src: remove trailing newlines, tabs and spaces from XML formatArturo Borrero Gonzalez2013-04-191-2/+2
| | | | | | | | Delete all \n and \t from XML output, any reasonable XML viewer already does the nifty formatting for us. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: basic support for printing nft_data_reg in XML formatArturo Borrero Gonzalez2013-04-191-7/+65
| | | | | | | | | | | | | | | | | | | | | | | | nft_data_reg now is printed in XML according to what it contains <data> nodes have been also renamed. Arturo Borrero Gonzalez says: ==================== cmp is using <cmpdata> <cmpdata> has <data_reg></data_reg> which can also be redundant. But all around the XML printing (including sets, an incoming patch) i've been nesting the data_reg into another XML node, so you could easily see (also the XML parser) the difference between (for example. in set) nft_set_elem->key and nft_set_elem->data. As I needed to nest in nft_set_elem I decided to follow a constant line and do nest all data_reg. ==================== Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add XML output supportArturo Borrero Gonzalez2013-02-081-2/+13
| | | | | Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add type and flags to snprintf interfacePablo Neira Ayuso2013-01-151-1/+2
| | | | | | | Propagate the type and flags parameter to the expressions, so we can implement outputs in different formats. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* initial version of libnftablesPablo Neira Ayuso2012-10-111-0/+215
It adds support for table, chain and rule handling. This also includes expression handling for each rule. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>