summaryrefslogtreecommitdiffstats
path: root/src/expr
Commit message (Collapse)AuthorAgeFilesLines
* src: consolidate XML parsing of expressions via nft_mxml_reg_parsePablo Neira Ayuso2013-07-0410-202/+80
| | | | This patch reduces the XML code in 100 LOC.
* src: consolidate XML parsing of expressions via nft_mxml_expr_parsePablo Neira Ayuso2013-07-0415-409/+68
| | | | | | | | | Move common code for XML parsing of expressions to the new nft_mxml_expr_parse function. This patch reduces the XML parsing code in 300 LOC. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: ct: fix setting of NFT_EXPR_CT_DIRArturo Borrero Gonzalez2013-07-041-1/+1
| | | | | Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: support JSON format in chain, rule and expressionsÁlvaro Neira Ayuso2013-06-2916-34/+344
| | | | | | | While at it, order possible switch cases of _snprintf. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* exthdr: xml: rename type node to exthdr_typeArturo Borrero Gonzalez2013-06-271-3/+5
| | | | | | | This patch renames the <type> node in the exthdr expr to <exthdr_type>. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nat: xml: rename node type to nat_typeArturo Borrero Gonzalez2013-06-271-4/+4
| | | | | | | | | This patch renames the node <type> to a more explicit <nat_type>. This will prevent in the future from confusing other <type> nodes from other exprs. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nat: snprintf: fix buffer offsetArturo Borrero Gonzalez2013-06-271-3/+3
| | | | | | | This patch fix the buffer offset necesary to print correctly the nat expr in a default output mode. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* meta: xml: use string to represent key attributeArturo Borrero Gonzalez2013-06-271-5/+49
| | | | | | | Use a string for <key> node instead of a number. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* exthdr: xml: use string for type nodeArturo Borrero Gonzalez2013-06-271-5/+47
| | | | | | | This patch implements using a string for the <type> node. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* payload: xml: use string for base attributeArturo Borrero Gonzalez2013-06-271-9/+46
| | | | | | | This patch implements using a string instead of a number for the <base> node. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* target&match: xml: don't print rev numberArturo Borrero Gonzalez2013-06-272-36/+2
| | | | | | | | The <rev> node is not printed/parsed anymore. It should not be exported, this is negotiated with the kernel. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* data_reg: xml: display register in big endianArturo Borrero Gonzalez2013-06-271-3/+5
| | | | | | | | | | Display registers in big endian, so the output will be the same in different endianness CPU. <data>0xaabbccdd</data> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* data_reg: xml: fix len node, it should show byte lengthArturo Borrero Gonzalez2013-06-271-7/+6
| | | | | | | | Previous to this patch, the <len> node was 'how many <dataN> nodes we have'. However, the <len> node means 'how many bytes are in <dataN> nodes'. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* exthdr: xml: fix mandatory elementsArturo Borrero Gonzalez2013-06-271-40/+55
| | | | | | | | | | | | | | | | According to net/netfilter/nft_exthdr.c: nft_exthdr_init(), all of dreg, type, offset and len are mandatory: if (tb[NFTA_EXTHDR_DREG] == NULL || tb[NFTA_EXTHDR_TYPE] == NULL || tb[NFTA_EXTHDR_OFFSET] == NULL || tb[NFTA_EXTHDR_LEN] == NULL) return -EINVAL; So the XML parser must make sure the equivalent nodes exists. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ct: xml: use key names instead of numbersArturo Borrero Gonzalez2013-06-271-7/+48
| | | | | | | ct expr uses a string instead of a numerical one in the <key> node. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ct: xml: add extra dir checkArturo Borrero Gonzalez2013-06-271-0/+6
| | | | | | | | | | | | | This patch adds an extra dir check. 0 means original. 1 means a reply. Pablo decided not to include nf_conntrack_tuple_common.h, instead internally defined them. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nat: xml: fix node names for sreg_addr_{min|max}Arturo Borrero Gonzalez2013-06-271-6/+6
| | | | | | | | | This patch changes the name of XML nodes from <sreg_addr_min_v4> to <sreg_addr_min>, and <sreg_addr_max_v4> to <sreg_addr_max>, as they are register numbers, not addresses, so they are protocol independent. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nat: xml: change nat types string to dnat/snatArturo Borrero Gonzalez2013-06-271-14/+11
| | | | | | | | This patch replaces the string NFT_NAT_{S|D}NAT with {s|d}nat in the <type> node. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: convert family values to stringArturo Borrero2013-06-271-8/+6
| | | | | | | | | | | | This patch translates family values to display a string: * ip if AF_INET * ip6 if AF_INET6 * bridge if AF_BRIDGE * arp if 0 Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* byteorder: xml: op as stringArturo Borrero2013-06-271-7/+16
| | | | | | This patch changes the numerical value of the XML byteorder's <op> node to a string representation. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
* expr: xml: registers must be <= NFT_REG_MAXArturo Borrero Gonzalez2013-06-279-0/+54
| | | | | | | With this patch, all expressions validate that registers are <= NFT_REG_MAX. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bitwise: xml: mask and xor use same number of data registersArturo Borrero Gonzalez2013-06-271-0/+8
| | | | | | | The mask and xor must use the same number of data registers. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: xml: don't print target and match infoArturo Borrero2013-06-182-22/+2
| | | | | | | | This is binary layout of the iptables target/match, we can do nothing with it at this moment. Let's get rid of it. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nat: xml: fix crash during parsing if non-mandatory element is not presentArturo Borrero Gonzalez2013-06-171-4/+4
| | | | | Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nat: xml: fix wrong offset in snprintfArturo Borrero2013-06-171-4/+6
| | | | | | | | This patch fixes the buffer offset of the nat snprintf function so elements are properly printed. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: bitwise: xml: fix wrong castingArturo Borrero2013-06-171-1/+1
| | | | | | | Introduced in (51370f0 src: add support for XML parsing) Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: constify first parameter of all nft_*_getPablo Neira Ayuso2013-06-1715-15/+26
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add limitPablo Neira Ayuso2013-06-131-0/+213
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add byteorderPablo Neira Ayuso2013-06-121-0/+348
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add ctPablo Neira Ayuso2013-06-121-0/+247
| | | | | | This patch adds the ct expression. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add exthdrPablo Neira Ayuso2013-06-111-0/+292
| | | | | | | This patch adds support for the exthdr expression of nftables that is implemented in linux/net/netfilter/nft_exthdr.c Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add log expressionPablo Neira Ayuso2013-06-101-0/+281
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* data_reg: xml: delete unreachable code in _veredict_xml_parse()Arturo Borrero Gonzalez2013-06-081-2/+0
| | | | | | | Similar to commit 414ac29. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: immediate: fix display of dreg expressionEric Leblond2013-06-051-1/+1
| | | | | Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* data_reg: xml: delete unreachable codeArturo Borrero Gonzalez2013-06-051-2/+0
| | | | | Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* data_reg: xml: fix using bad temp variableArturo Borrero Gonzalez2013-06-051-1/+1
| | | | | | | It should use 'utmp' instead of 'tmp'. Signed-off-by: Arturo Borero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* data_reg: remove conditional XML printing if parsing is disabledArturo Borrero Gonzalez2013-05-291-5/+0
| | | | | | | XML printing is supported even if XML parsing is not enabled. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* data_reg: Delete trailing space in snprintf_xmlArturo Borrero Gonzalez2013-05-291-3/+3
| | | | | | | A minor cosmetic change. Delete the space before '>'. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: delete useless castingsArturo Borrero2013-05-261-2/+2
| | | | | | | These casting were useless. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add support for XML parsingArturo Borrero Gonzalez2013-05-2311-8/+1091
| | | | | | | | | | | | | | | | | | | This patch adds capabilities for parsing a XML table/chain/rule. Some comments: * The XML data is case sensitive (so <chain>asd</chain> != <chain>ASD</chain> != <CHAIN>asd</CHAIN>) * All exported functions receive XML and return an object (table|chain|rule). * To compile the lib with XML parsing support, run './configure --with-xml-parsing' * XML parsing is done with libmxml (http://minixml.org). XML parsing depends on this external lib, this dependency is optional at compile time. NOTE: expr/target and expr/match binary data are exported. [ Fixed to compile without --with-xml-parsing --pablo ] Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com>
* src: remove trailing \n from all nft_*_snprintf functionsPablo Neira Ayuso2013-04-191-1/+1
| | | | | | The caller should add it in case it needs it. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove trailing newlines, tabs and spaces from XML formatArturo Borrero Gonzalez2013-04-1910-25/+24
| | | | | | | | Delete all \n and \t from XML output, any reasonable XML viewer already does the nifty formatting for us. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: basic support for printing nft_data_reg in XML formatArturo Borrero Gonzalez2013-04-195-43/+193
| | | | | | | | | | | | | | | | | | | | | | | | nft_data_reg now is printed in XML according to what it contains <data> nodes have been also renamed. Arturo Borrero Gonzalez says: ==================== cmp is using <cmpdata> <cmpdata> has <data_reg></data_reg> which can also be redundant. But all around the XML printing (including sets, an incoming patch) i've been nesting the data_reg into another XML node, so you could easily see (also the XML parser) the difference between (for example. in set) nft_set_elem->key and nft_set_elem->data. As I needed to nest in nft_set_elem I decided to follow a constant line and do nest all data_reg. ==================== Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: match: Fix a typoArturo Borrero Gonzalez2013-04-021-2/+2
| | | | | Signed-off-by: Arturo Borrero <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: match: Delete unused includesArturo Borrero Gonzalez2013-02-131-2/+0
| | | | | Signed-off-by: Arturo Borrero <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add XML output supportArturo Borrero Gonzalez2013-02-0810-28/+319
| | | | | Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add lookup expression for set-based lookupsPablo Neira Ayuso2013-02-071-0/+175
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add type and flags to snprintf interfacePablo Neira Ayuso2013-01-159-9/+18
| | | | | | | Propagate the type and flags parameter to the expressions, so we can implement outputs in different formats. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* include: update internal copy of headersPablo Neira Ayuso2012-12-302-0/+2
| | | | | | To get it in sync with the existing kernel code. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: Add support for NAT expressionsTomasz Bursztyka2012-11-161-0/+250
| | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>