summaryrefslogtreecommitdiffstats
path: root/src/internal.h
Commit message (Collapse)AuthorAgeFilesLines
* src: xml: refactor XML parsing codeArturo Borrero Gonzalez2013-09-161-0/+9
| | | | | | | | | | | This patch refactors nft_*_xml_parse to provide a new intermediate function nft_mxml_parse_* which will allow us to navigate an entire XML tree containing a ruleset without xml2text2xml conversions. While at it, I added a helper to build the XML tree and validate the top node name. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
* src: xml: add parsing optional/mandatory flagArturo Borrero Gonzalez2013-09-161-4/+6
| | | | | | | | | | | Add an optional/mandatory flag to XML parsing. In some elements (ie regs), no flag is used because is always mandatory. DATA_NONE is created to indicate a non-parsed data_reg. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: fix compilation warningÁlvaro Neira Ayuso2013-09-151-0/+1
| | | | | Signed-off-by: Álvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: Add json parser supportÁlvaro Neira Ayuso2013-08-281-0/+1
| | | | | | | Add function for parsing set in format JSON. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: json: s/nft_jansson_value_parse_reg/nft_jansson_parse_reg/gPablo Neira Ayuso2013-08-241-2/+1
| | | | | | | | This patch is a cleanup to save LOC. I have also changed it to use < 0 to check for error conditions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: json: s/nft_jansson_value_parse_val/nft_jansson_parse_val/gPablo Neira Ayuso2013-08-241-2/+1
| | | | | | | | This patch is a cleanup to save LOC. I have also changed it to use < 0 to check for error conditions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: json: s/nft_jansson_value_parse_str/nft_jansson_parse_str/gPablo Neira Ayuso2013-08-241-1/+1
| | | | | | Remove _value_ infix to make the function name smaller. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: constify nft_*_parse input dataArturo Borrero Gonzalez2013-08-221-1/+1
| | | | | | | Since the input string is not changing, let's make it constant. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: Add json parser supportÁlvaro Neira Ayuso2013-08-201-0/+8
| | | | | | | Add function for parsing rules in JSON format Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* json: fixed some leaks in the json parsing functionÁlvaro Neira Ayuso2013-08-171-1/+3
| | | | | | | | | This patch fixes some leaks in the json parsing function. After this patch, we use nft_jansson_free_root. This function uses json_decref and it decrements the reference count and it releases the node if needed. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* jansson: Add nft_jansson_family functionÁlvaro Neira Ayuso2013-08-091-0/+1
| | | | | | | Refactor some existing code with the new function nft_jansson_family. Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: cleanup set element parsingPablo Neira Ayuso2013-08-071-1/+3
| | | | | | | | | | | | Move nft_mxml_set_elem_parse to set_elem.c to improve readability, thus, we don't need to jump from set_elem.c to mxml.c to see how the parsing is done. I have also refactored some common parsing code in the new helper function nft_mxml_set_elem_parse, that avoids conversions from XML tree to text and then again back to tree. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: use nodes instead of attributesArturo Borrero Gonzalez2013-08-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When working with XML, it's desirable to work with nodes better than attributes. Table/chain/rules had attributes in their XML representation, and this patch transform those to nodes, ie: Before: <table name="filter"> <family>ip</family> <table_flags>0</table_flags> </table> After: <table> <name>filter</name> <family>ip</family> <table_flags>0</table_flags> </table> While at it: * There was a lot of redundant code that is now collapsed with the new nft_mxml_family_parse() helper function. * I've added a small fix: additional validation for the name of the current XML object, and also replace raw strtol calls to nft_strtoi. * Also, all XML testfiles are updated to keep passing the parsing tests and mantain the repo in consisten state. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: fully constify nft_*_get functionsPablo Neira Ayuso2013-08-061-2/+2
| | | | | | | | | We have several char * field that were not constify to avoid gcc compilation warnings when calling free. Since (99d2574 src: add xfree and use it), we can fully constify these objects fields without trouble. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add xfree and use itPablo Neira Ayuso2013-08-061-0/+2
| | | | | | | | This patch adds xfree, a replacement of free that accepts const pointers. This helps to remove ugly castings that you usually need to calm down gcc. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* jansson: Add helper function for building the tree and use itÁlvaro Neira Ayuso2013-07-311-0/+1
| | | | | | | | Add a helper function that parses and returns the jansson tree, use it in the table parser. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove version from XML and JSON representationsPablo Neira Ayuso2013-07-261-9/+0
| | | | | | | | | | | | | | | | | | | | | | This patch removes the version XML node and the version JSON field in all our existing objects. The current versioning approach consists of adding a version field to every object representation in XML and JSON. While listing my entire rule-set, one can notice that this approach is too bloated. Once the library enters stable stage, if we need to obsolete a XML node and a JSON field, we can follow this procedure: 1) Remove the XML node and the JSON field from the output, so fresh outputs will not contain the old ones anymore. 2) Do not remove the parsing of the old XML node and the JSON field inmediately. We have to keep supporting the parsing for a while to avoid breaking the interpretion of old XML/JSON files. We can spot a warning to warn about it, so users generate a fresh output again. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add XML parsingArturo Borrero2013-07-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sets are now parsed, following this previous snprintf pattern: <set> <set_name>string</set_name> <set_table>table</set_table> <set_xml_version>int</set_xml_version> <set_flags>uint32_t</set_flags> <key_type>uint32_t</key_type> <key_len>size_t</key_len> <data_type>uint32_t</data_type> <data_len>size_t</data_len> <set_elem> <set_elem_flags>uint32_t</set_elem_flags> <set_elem_key> <data_reg type="value"> <len></len> <dataN></dataN> </data_reg> </set_elem_key> <set_elem_data> <data_reg type="xx"> [...] </data_reg> </set_elem_data> </set_elem> </set> Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: Add json parser supportÁlvaro Neira Ayuso2013-07-251-0/+10
| | | | | | | Add function for parsing tables in format JSON Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: utils: add verdict2str and use itArturo Borrero2013-07-251-0/+2
| | | | | | | | | | | | Add verdict2str() and str2verdict() helper functions and use in XML. While at it, I've fixed a small style issue in the data_reg JSON output and a bug in the data_reg XML parser: The parser walked the top level tree, instead of single <data_reg> node. Introduced in (51370f0 src: add support for XML parsing). Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: consolidate common XML code via nft_mxml_str_parsePablo Neira Ayuso2013-07-251-0/+1
| | | | | | This patch moves common XML string parsing code to nft_mxml_str_parse(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: consolidate common XML code via nft_mxml_num_parseArturo Borrero2013-07-251-0/+16
| | | | | | | | | | | This patch moves common XML parsing code to nft_mxml_num_parse(). To handle this, the nft_strtoi() helper fuction is included. I've changed some MXML_DESCEND[_FIRST] flags to avoid match a nested node under some circumstances, ie, matching two nodes with the same name that are descendant. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: json: fix incomplete outputÁlvaro Neira Ayuso2013-07-161-0/+1
| | | | | | | | | | | In (bf39c53 set: add json output), the json support for sets was incomplete: * version, family, key_type, key_len, data_type, data_len were not included. * Now I use nft_data_reg_snprintf for printing the key and data Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: use __attribute__((constructor)) to register expressionPablo Neira Ayuso2013-07-131-0/+2
| | | | | | Instead of manual array registration. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add xml outputArturo Borrero2013-07-061-0/+1
| | | | | | | This patch adds XML output for sets. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: consolidate parsing of data_reg via nft_mxml_data_reg_parseArturo Borrero2013-07-061-0/+2
| | | | | | | | Move common code for XML parsing of data_reg to the new nft_mxml_data_reg_parse function. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: expr: data_reg: fix printing data register contentPablo Neira Ayuso2013-07-051-0/+2
| | | | | | | | | | | | | | | | | Before: ip filter output 41 [ payload load 1b @ network header + 9 => reg 1 ] [ cmp eq reg 1 ] Now: ip filter output 41 [ payload load 1b @ network header + 9 => reg 1 ] [ cmp eq reg 1 0x00000006 ] ^^^^^^^^^^ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: consolidate XML parsing of expressions via nft_mxml_expr_parsePablo Neira Ayuso2013-07-041-0/+2
| | | | | | | | | Move common code for XML parsing of expressions to the new nft_mxml_expr_parse function. This patch reduces the XML parsing code in 300 LOC. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: support JSON format in chain, rule and expressionsÁlvaro Neira Ayuso2013-06-291-0/+1
| | | | | | | While at it, order possible switch cases of _snprintf. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: convert family values to stringArturo Borrero2013-06-271-0/+3
| | | | | | | | | | | | This patch translates family values to display a string: * ip if AF_INET * ip6 if AF_INET6 * bridge if AF_BRIDGE * arp if 0 Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add missing set/unset support for NFT_SET_ATTR_DATA_[TYPE|LEN]Pablo Neira Ayuso2013-06-191-2/+2
| | | | | | While at it, use fixed length uint32_t instead of size_t. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add NFT_SET_ATTR_FAMILYPablo Neira Ayuso2013-06-171-0/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: add function to export tables in JSON formatAlvaro Neira Ayuso2013-06-081-0/+1
| | | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: add function to export tables in JSON formatAlvaro Neira Ayuso2013-06-071-0/+1
| | | | | Signed-off-by: Alvaro Neira <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: add versioningArturo Borrero Gonzalez2013-06-061-0/+4
| | | | | | | Add version to XML chunks in case of future changes. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add support for XML parsingArturo Borrero Gonzalez2013-05-231-0/+4
| | | | | | | | | | | | | | | | | | | This patch adds capabilities for parsing a XML table/chain/rule. Some comments: * The XML data is case sensitive (so <chain>asd</chain> != <chain>ASD</chain> != <CHAIN>asd</CHAIN>) * All exported functions receive XML and return an object (table|chain|rule). * To compile the lib with XML parsing support, run './configure --with-xml-parsing' * XML parsing is done with libmxml (http://minixml.org). XML parsing depends on this external lib, this dependency is optional at compile time. NOTE: expr/target and expr/match binary data are exported. [ Fixed to compile without --with-xml-parsing --pablo ] Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com>
* set: add support to add elements to setsPablo Neira Ayuso2013-02-051-0/+27
| | | | | | This patch includes iterators and several examples. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* initial version of libnftablesPablo Neira Ayuso2012-10-111-0/+32
It adds support for table, chain and rule handling. This also includes expression handling for each rule. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>