From 977b7a1dbe1bdd949bb156ca85c7ce4f9f88ceb6 Mon Sep 17 00:00:00 2001
From: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Date: Wed, 26 Jun 2013 13:37:08 +0200
Subject: ct: xml: use key names instead of numbers

ct expr uses a string instead of a numerical one in the <key> node.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/expr/ct.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 48 insertions(+), 7 deletions(-)

diff --git a/src/expr/ct.c b/src/expr/ct.c
index c6d11c9..e4ab3ed 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -10,6 +10,7 @@
  */
 
 #include <stdio.h>
+#include <string.h>
 #include <stdint.h>
 #include <arpa/inet.h>
 #include <errno.h>
@@ -30,6 +31,10 @@ struct nft_expr_ct {
 #define IP_CT_DIR_ORIGINAL	0
 #define IP_CT_DIR_REPLY		1
 
+#ifndef NFT_CT_MAX
+#define NFT_CT_MAX (NFT_CT_PROTO_DST + 1)
+#endif
+
 static int
 nft_rule_expr_ct_set(struct nft_rule_expr *e, uint16_t type,
 		       const void *data, size_t data_len)
@@ -152,6 +157,41 @@ nft_rule_expr_ct_parse(struct nft_rule_expr *e, struct nlattr *attr)
 	return 0;
 }
 
+const char *ctkey2str_array[NFT_CT_MAX] = {
+	[NFT_CT_STATE]		= "state",
+	[NFT_CT_DIRECTION]	= "direction",
+	[NFT_CT_STATUS]		= "status",
+	[NFT_CT_MARK]		= "mark",
+	[NFT_CT_SECMARK]	= "secmark",
+	[NFT_CT_EXPIRATION]	= "expiration",
+	[NFT_CT_HELPER]		= "helper",
+	[NFT_CT_PROTOCOL]	= "protocol",
+	[NFT_CT_SRC]		= "src",
+	[NFT_CT_DST]		= "dst",
+	[NFT_CT_PROTO_SRC]	= "proto_src",
+	[NFT_CT_PROTO_DST]	= "proto_dst"
+};
+
+static const char *ctkey2str(uint32_t ctkey)
+{
+	if (ctkey > NFT_CT_MAX)
+		return "unknown";
+
+	return ctkey2str_array[ctkey];
+}
+
+static inline int str2ctkey(const char *ctkey)
+{
+	int i;
+
+	for (i = 0; i < NFT_CT_MAX; i++) {
+		if (strcmp(ctkey2str_array[i], ctkey) == 0)
+			return i;
+	}
+
+	return -1;
+}
+
 static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml)
 {
 #ifdef XML_PARSING
@@ -160,6 +200,7 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml)
 	mxml_node_t *node = NULL;
 	uint64_t tmp;
 	char *endptr;
+	int key;
 
 	tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
 	if (tree == NULL)
@@ -190,11 +231,11 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml)
 	if (node == NULL)
 		goto err;
 
-	tmp = strtoull(node->child->value.opaque, &endptr, 10);
-	if (tmp > UINT8_MAX || tmp < 0 || *endptr)
+	key = str2ctkey(node->child->value.opaque);
+	if (key < 0)
 		goto err;
 
-	ct->key = tmp;
+	ct->key = key;
 	e->flags |= (1 << NFT_EXPR_CT_KEY);
 
 	node = mxmlFindElement(tree, tree, "dir", NULL, NULL, MXML_DESCEND);
@@ -231,13 +272,13 @@ nft_rule_expr_ct_snprintf(char *buf, size_t len, uint32_t type,
 
 	switch(type) {
 	case NFT_RULE_O_DEFAULT:
-		return snprintf(buf, len, "dreg=%u key=%u dir=%u ",
-				ct->dreg, ct->key, ct->dir);
+		return snprintf(buf, len, "dreg=%u key=%s dir=%u ",
+				ct->dreg, ctkey2str(ct->key), ct->dir);
 	case NFT_RULE_O_XML:
 		return snprintf(buf, len, "<dreg>%u</dreg>"
-					  "<key>%u</key>"
+					  "<key>%s</key>"
 					  "<dir>%u</dir>",
-				ct->dreg, ct->key, ct->dir);
+				ct->dreg, ctkey2str(ct->key), ct->dir);
 	default:
 		break;
 	}
-- 
cgit v1.2.3