From f4befc129827632209779c71d804f6139ac03541 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Gonzalez Date: Fri, 13 Sep 2013 14:05:51 +0200 Subject: src: xml: add parsing optional/mandatory flag Add an optional/mandatory flag to XML parsing. In some elements (ie regs), no flag is used because is always mandatory. DATA_NONE is created to indicate a non-parsed data_reg. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/chain.c | 28 ++++++++++++++++++---------- src/expr/bitwise.c | 10 ++++++---- src/expr/byteorder.c | 8 +++++--- src/expr/cmp.c | 6 +++--- src/expr/counter.c | 4 ++-- src/expr/ct.c | 7 ++++--- src/expr/data_reg.c | 11 +++++++---- src/expr/data_reg.h | 1 + src/expr/exthdr.c | 7 ++++--- src/expr/immediate.c | 5 +---- src/expr/limit.c | 4 ++-- src/expr/log.c | 10 ++++++---- src/expr/lookup.c | 3 ++- src/expr/match.c | 3 ++- src/expr/meta.c | 3 ++- src/expr/nat.c | 6 ++++-- src/expr/payload.c | 8 +++++--- src/expr/target.c | 3 ++- src/internal.h | 10 ++++++---- src/mxml.c | 38 ++++++++++++++++++++++++++++---------- src/rule.c | 51 +++++++++++++++++++++++---------------------------- src/set.c | 29 ++++++++++++++++------------- src/set_elem.c | 37 ++++++++++++++++--------------------- src/table.c | 9 ++++++--- 24 files changed, 171 insertions(+), 130 deletions(-) diff --git a/src/chain.c b/src/chain.c index 94e0c69..09ab5e3 100644 --- a/src/chain.c +++ b/src/chain.c @@ -626,7 +626,8 @@ static int nft_chain_xml_parse(struct nft_chain *c, const char *xml) if (strcmp(tree->value.opaque, "chain") != 0) goto err; - name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST); + name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (name == NULL) goto err; @@ -634,24 +635,25 @@ static int nft_chain_xml_parse(struct nft_chain *c, const char *xml) c->flags |= (1 << NFT_CHAIN_ATTR_NAME); if (nft_mxml_num_parse(tree, "handle", MXML_DESCEND_FIRST, BASE_DEC, - &c->handle, NFT_TYPE_U64) != 0) + &c->handle, NFT_TYPE_U64, NFT_XML_MAND) != 0) goto err; c->flags |= (1 << NFT_CHAIN_ATTR_HANDLE); if (nft_mxml_num_parse(tree, "bytes", MXML_DESCEND_FIRST, BASE_DEC, - &c->bytes, NFT_TYPE_U64) != 0) + &c->bytes, NFT_TYPE_U64, NFT_XML_MAND) != 0) goto err; c->flags |= (1 << NFT_CHAIN_ATTR_BYTES); if (nft_mxml_num_parse(tree, "packets", MXML_DESCEND_FIRST, BASE_DEC, - &c->packets, NFT_TYPE_U64) != 0) + &c->packets, NFT_TYPE_U64, NFT_XML_MAND) != 0) goto err; c->flags |= (1 << NFT_CHAIN_ATTR_PACKETS); - table = nft_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST); + table = nft_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (table == NULL) goto err; @@ -661,14 +663,16 @@ static int nft_chain_xml_parse(struct nft_chain *c, const char *xml) c->table = strdup(table); c->flags |= (1 << NFT_CHAIN_ATTR_TABLE); - family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST); + family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (family < 0) goto err; c->family = family; c->flags |= (1 << NFT_CHAIN_ATTR_FAMILY); - hooknum_str = nft_mxml_str_parse(tree, "hooknum", MXML_DESCEND_FIRST); + hooknum_str = nft_mxml_str_parse(tree, "hooknum", MXML_DESCEND_FIRST, + NFT_XML_OPT); if (hooknum_str != NULL) { hooknum = nft_str2hooknum(c->family, hooknum_str); if (hooknum < 0) @@ -677,7 +681,8 @@ static int nft_chain_xml_parse(struct nft_chain *c, const char *xml) c->hooknum = hooknum; c->flags |= (1 << NFT_CHAIN_ATTR_HOOKNUM); - type = nft_mxml_str_parse(tree, "type", MXML_DESCEND_FIRST); + type = nft_mxml_str_parse(tree, "type", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (type == NULL) goto err; @@ -689,12 +694,15 @@ static int nft_chain_xml_parse(struct nft_chain *c, const char *xml) if (nft_mxml_num_parse(tree, "prio", MXML_DESCEND, BASE_DEC, - &c->prio, NFT_TYPE_S32) != 0) + &c->prio, NFT_TYPE_S32, + NFT_XML_MAND) != 0) goto err; c->flags |= (1 << NFT_CHAIN_ATTR_PRIO); - policy_str = nft_mxml_str_parse(tree, "policy", MXML_DESCEND); + policy_str = nft_mxml_str_parse(tree, "policy", + MXML_DESCEND_FIRST, + NFT_XML_MAND); if (policy_str == NULL) goto err; diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c index 11738a7..9d521b1 100644 --- a/src/expr/bitwise.c +++ b/src/expr/bitwise.c @@ -246,18 +246,20 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) e->flags |= (1 << NFT_EXPR_BITWISE_DREG); if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, - BASE_DEC, &bitwise->len, NFT_TYPE_U8) != 0) + BASE_DEC, &bitwise->len, NFT_TYPE_U8, + NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_BITWISE_LEN); - if (nft_mxml_data_reg_parse(tree, "mask", - &bitwise->mask) != DATA_VALUE) + if (nft_mxml_data_reg_parse(tree, "mask", &bitwise->mask, + NFT_XML_MAND) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_BITWISE_MASK); - if (nft_mxml_data_reg_parse(tree, "xor", &bitwise->xor) != DATA_VALUE) + if (nft_mxml_data_reg_parse(tree, "xor", &bitwise->xor, + NFT_XML_MAND) != DATA_VALUE) return -1; e->flags |= (1 << NFT_EXPR_BITWISE_XOR); diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c index 0277812..1034a31 100644 --- a/src/expr/byteorder.c +++ b/src/expr/byteorder.c @@ -260,7 +260,7 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) byteorder->dreg = reg; e->flags |= (1 << NFT_EXPR_BYTEORDER_DREG); - op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST); + op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND); if (op == NULL) return -1; @@ -272,13 +272,15 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) e->flags |= (1 << NFT_EXPR_BYTEORDER_OP); if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, - &byteorder->len, NFT_TYPE_U8) != 0) + &byteorder->len, NFT_TYPE_U8, + NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_BYTEORDER_LEN); if (nft_mxml_num_parse(tree, "size", MXML_DESCEND_FIRST, BASE_DEC, - &byteorder->size, NFT_TYPE_U8) != 0) + &byteorder->size, NFT_TYPE_U8, + NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_BYTEORDER_SIZE); diff --git a/src/expr/cmp.c b/src/expr/cmp.c index 543f774..b9f0f6a 100644 --- a/src/expr/cmp.c +++ b/src/expr/cmp.c @@ -224,7 +224,7 @@ static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre cmp->sreg = reg; e->flags |= (1 << NFT_EXPR_CMP_SREG); - op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST); + op = nft_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFT_XML_MAND); if (op == NULL) return -1; @@ -236,9 +236,9 @@ static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre e->flags |= (1 << NFT_EXPR_CMP_OP); if (nft_mxml_data_reg_parse(tree, "cmpdata", - &cmp->data) != DATA_VALUE) { + &cmp->data, NFT_XML_MAND) != DATA_VALUE) return -1; - } + e->flags |= (1 << NFT_EXPR_CMP_DATA); return 0; diff --git a/src/expr/counter.c b/src/expr/counter.c index 53dc526..971b5b1 100644 --- a/src/expr/counter.c +++ b/src/expr/counter.c @@ -148,13 +148,13 @@ nft_rule_expr_counter_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) struct nft_expr_counter *ctr = nft_expr_data(e); if (nft_mxml_num_parse(tree, "pkts", MXML_DESCEND_FIRST, BASE_DEC, - &ctr->pkts, NFT_TYPE_U64) != 0) + &ctr->pkts, NFT_TYPE_U64, NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_CTR_PACKETS); if (nft_mxml_num_parse(tree, "bytes", MXML_DESCEND_FIRST, BASE_DEC, - &ctr->bytes, NFT_TYPE_U64) != 0) + &ctr->bytes, NFT_TYPE_U64, NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_CTR_BYTES); diff --git a/src/expr/ct.c b/src/expr/ct.c index 4655a96..2fc6629 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -241,7 +241,8 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree ct->dreg = reg; e->flags |= (1 << NFT_EXPR_CT_DREG); - key_str = nft_mxml_str_parse(tree, "key", MXML_DESCEND_FIRST); + key_str = nft_mxml_str_parse(tree, "key", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (key_str == NULL) return -1; @@ -252,8 +253,8 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree ct->key = key; e->flags |= (1 << NFT_EXPR_CT_KEY); - if (nft_mxml_num_parse(tree, "dir", MXML_DESCEND_FIRST, BASE_DEC, &dir, - NFT_TYPE_U8) != 0) + if (nft_mxml_num_parse(tree, "dir", MXML_DESCEND_FIRST, BASE_DEC, + &dir, NFT_TYPE_U8, NFT_XML_MAND) != 0) return -1; if (dir != IP_CT_DIR_ORIGINAL && dir != IP_CT_DIR_REPLY) diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c index 34537a7..fd1dd2e 100644 --- a/src/expr/data_reg.c +++ b/src/expr/data_reg.c @@ -133,7 +133,8 @@ static int nft_data_reg_verdict_xml_parse(union nft_data_reg *reg, char *xml) } /* Get and set */ - verdict_str = nft_mxml_str_parse(tree, "verdict", MXML_DESCEND); + verdict_str = nft_mxml_str_parse(tree, "verdict", MXML_DESCEND, + NFT_XML_MAND); if (verdict_str == NULL) { mxmlDelete(tree); return -1; @@ -183,7 +184,8 @@ static int nft_data_reg_chain_xml_parse(union nft_data_reg *reg, char *xml) if (reg->chain) xfree(reg->chain); - reg->chain = nft_mxml_str_parse(tree, "chain", MXML_DESCEND); + reg->chain = nft_mxml_str_parse(tree, "chain", MXML_DESCEND, + NFT_XML_MAND); if (reg->chain == NULL) { mxmlDelete(tree); return -1; @@ -234,7 +236,7 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml) } if (nft_mxml_num_parse(tree, "len", MXML_DESCEND, BASE_DEC, ®->len, - NFT_TYPE_U8) != 0) { + NFT_TYPE_U8, NFT_XML_MAND) != 0) { mxmlDelete(tree); return -1; } @@ -244,7 +246,8 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml) sprintf(node_name, "data%d", i); if (nft_mxml_num_parse(tree, node_name, MXML_DESCEND, BASE_HEX, - ®->val[i], NFT_TYPE_U32) != 0) { + ®->val[i], NFT_TYPE_U32, + NFT_XML_MAND) != 0) { mxmlDelete(tree); return -1; } diff --git a/src/expr/data_reg.h b/src/expr/data_reg.h index 7819919..3e0217d 100644 --- a/src/expr/data_reg.h +++ b/src/expr/data_reg.h @@ -2,6 +2,7 @@ #define _DATA_H_ enum { + DATA_NONE, DATA_VALUE, DATA_VERDICT, DATA_CHAIN, diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c index af9d6bf..9ca66e5 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c @@ -249,7 +249,7 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) e->flags |= (1 << NFT_EXPR_EXTHDR_DREG); exthdr_type = nft_mxml_str_parse(tree, "exthdr_type", - MXML_DESCEND_FIRST); + MXML_DESCEND_FIRST, NFT_XML_MAND); if (exthdr_type == NULL) return -1; @@ -262,14 +262,15 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) /* Get and set */ if (nft_mxml_num_parse(tree, "offset", MXML_DESCEND_FIRST, BASE_DEC, - &exthdr->offset, NFT_TYPE_U32) != 0) + &exthdr->offset, NFT_TYPE_U32, + NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET); /* Get and set */ if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, - &exthdr->len, NFT_TYPE_U32) != 0) + &exthdr->len, NFT_TYPE_U32, NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_EXTHDR_LEN); diff --git a/src/expr/immediate.c b/src/expr/immediate.c index 0556999..facb8f5 100644 --- a/src/expr/immediate.c +++ b/src/expr/immediate.c @@ -232,10 +232,7 @@ nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) e->flags |= (1 << NFT_EXPR_IMM_DREG); datareg_type = nft_mxml_data_reg_parse(tree, "immediatedata", - &imm->data); - if (datareg_type < 0) - return -1; - + &imm->data, NFT_XML_MAND); switch (datareg_type) { case DATA_VALUE: e->flags |= (1 << NFT_EXPR_IMM_DATA); diff --git a/src/expr/limit.c b/src/expr/limit.c index bd92cd1..6c06ce5 100644 --- a/src/expr/limit.c +++ b/src/expr/limit.c @@ -146,13 +146,13 @@ static int nft_rule_expr_limit_xml_parse(struct nft_rule_expr *e, mxml_node_t *t struct nft_expr_limit *limit = nft_expr_data(e); if (nft_mxml_num_parse(tree, "rate", MXML_DESCEND_FIRST, BASE_DEC, - &limit->rate, NFT_TYPE_U64) != 0) + &limit->rate, NFT_TYPE_U64, NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_LIMIT_RATE); if (nft_mxml_num_parse(tree, "depth", MXML_DESCEND_FIRST, BASE_DEC, - &limit->depth, NFT_TYPE_U64) != 0) + &limit->depth, NFT_TYPE_U64, NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_LIMIT_DEPTH); diff --git a/src/expr/log.c b/src/expr/log.c index 90fb32e..feb4184 100644 --- a/src/expr/log.c +++ b/src/expr/log.c @@ -202,7 +202,8 @@ static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre struct nft_expr_log *log = nft_expr_data(e); const char *prefix; - prefix = nft_mxml_str_parse(tree, "prefix", MXML_DESCEND_FIRST); + prefix = nft_mxml_str_parse(tree, "prefix", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (prefix == NULL) return -1; @@ -210,19 +211,20 @@ static int nft_rule_expr_log_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre e->flags |= (1 << NFT_EXPR_LOG_PREFIX); if (nft_mxml_num_parse(tree, "group", MXML_DESCEND_FIRST, BASE_DEC, - &log->group, NFT_TYPE_U16) != 0) + &log->group, NFT_TYPE_U16, NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_LOG_GROUP); if (nft_mxml_num_parse(tree, "snaplen", MXML_DESCEND_FIRST, BASE_DEC, - &log->snaplen, NFT_TYPE_U32) != 0) + &log->snaplen, NFT_TYPE_U32, NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_LOG_SNAPLEN); if (nft_mxml_num_parse(tree, "qthreshold", MXML_DESCEND_FIRST, - BASE_DEC, &log->qthreshold, NFT_TYPE_U16) != 0) + BASE_DEC, &log->qthreshold, + NFT_TYPE_U16, NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_LOG_QTHRESHOLD); diff --git a/src/expr/lookup.c b/src/expr/lookup.c index 56ab253..b9b0229 100644 --- a/src/expr/lookup.c +++ b/src/expr/lookup.c @@ -180,7 +180,8 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) const char *set_name; int32_t reg; - set_name = nft_mxml_str_parse(tree, "set", MXML_DESCEND_FIRST); + set_name = nft_mxml_str_parse(tree, "set", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (set_name == NULL) return -1; diff --git a/src/expr/match.c b/src/expr/match.c index b18d594..9f98462 100644 --- a/src/expr/match.c +++ b/src/expr/match.c @@ -195,7 +195,8 @@ static int nft_rule_expr_match_xml_parse(struct nft_rule_expr *e, mxml_node_t *t struct nft_expr_match *mt = nft_expr_data(e); const char *name; - name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST); + name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (name == NULL) return -1; diff --git a/src/expr/meta.c b/src/expr/meta.c index d914569..91a689e 100644 --- a/src/expr/meta.c +++ b/src/expr/meta.c @@ -205,7 +205,8 @@ static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, mxml_node_t *tr meta->dreg = reg; e->flags |= (1 << NFT_EXPR_META_DREG); - key_str = nft_mxml_str_parse(tree, "key", MXML_DESCEND_FIRST); + key_str = nft_mxml_str_parse(tree, "key", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (key_str == NULL) return -1; diff --git a/src/expr/nat.c b/src/expr/nat.c index 1ebecda..da28ede 100644 --- a/src/expr/nat.c +++ b/src/expr/nat.c @@ -262,7 +262,8 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre int32_t reg; int family, nat_type_value; - nat_type = nft_mxml_str_parse(tree, "type", MXML_DESCEND_FIRST); + nat_type = nft_mxml_str_parse(tree, "type", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (nat_type == NULL) return -1; @@ -273,7 +274,8 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre nat->type = nat_type_value; e->flags |= (1 << NFT_EXPR_NAT_TYPE); - family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST); + family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (family < 0) { mxmlDelete(tree); return -1; diff --git a/src/expr/payload.c b/src/expr/payload.c index 38362c4..2b9f5e0 100644 --- a/src/expr/payload.c +++ b/src/expr/payload.c @@ -248,7 +248,8 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) payload->dreg = reg; e->flags |= (1 << NFT_EXPR_PAYLOAD_DREG); - base_str = nft_mxml_str_parse(tree, "base", MXML_DESCEND_FIRST); + base_str = nft_mxml_str_parse(tree, "base", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (base_str == NULL) return -1; @@ -260,13 +261,14 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) e->flags |= (1 << NFT_EXPR_PAYLOAD_BASE); if (nft_mxml_num_parse(tree, "offset", MXML_DESCEND_FIRST, BASE_DEC, - &payload->offset, NFT_TYPE_U8) != 0) + &payload->offset, NFT_TYPE_U8, + NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_PAYLOAD_OFFSET); if (nft_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC, - &payload->len, NFT_TYPE_U8) != 0) + &payload->len, NFT_TYPE_U8, NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_EXPR_PAYLOAD_LEN); diff --git a/src/expr/target.c b/src/expr/target.c index a6645ff..8dc752a 100644 --- a/src/expr/target.c +++ b/src/expr/target.c @@ -196,7 +196,8 @@ nft_rule_expr_target_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree) struct nft_expr_target *tg = nft_expr_data(e); const char *name; - name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST); + name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (name == NULL) return -1; diff --git a/src/internal.h b/src/internal.h index f93cbc5..3d749b3 100644 --- a/src/internal.h +++ b/src/internal.h @@ -30,13 +30,15 @@ enum nft_type { #ifdef XML_PARSING #include +#define NFT_XML_MAND 0 +#define NFT_XML_OPT (1 << 0) struct nft_rule_expr *nft_mxml_expr_parse(mxml_node_t *node); int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags); union nft_data_reg; -int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, union nft_data_reg *data_reg); -int nft_mxml_num_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags, int base, void *number, enum nft_type type); -const char *nft_mxml_str_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags); -int nft_mxml_family_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags); +int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, union nft_data_reg *data_reg, uint16_t flags); +int nft_mxml_num_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags, int base, void *number, enum nft_type type, uint16_t flags); +const char *nft_mxml_str_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags, uint16_t flags); +int nft_mxml_family_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags, uint16_t flags); struct nft_set_elem; int nft_mxml_set_elem_parse(mxml_node_t *node, struct nft_set_elem *e); diff --git a/src/mxml.c b/src/mxml.c index b77936a..94d26e4 100644 --- a/src/mxml.c +++ b/src/mxml.c @@ -83,7 +83,7 @@ err: } int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, - union nft_data_reg *data_reg) + union nft_data_reg *data_reg, uint16_t flags) { mxml_node_t *node; const char *type; @@ -93,6 +93,9 @@ int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, node = mxmlFindElement(tree, tree, node_name, NULL, NULL, MXML_DESCEND_FIRST); if (node == NULL || node->child == NULL) { + if (flags & NFT_XML_OPT) + return 0; + errno = EINVAL; goto err; } @@ -107,6 +110,9 @@ int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, xfree(tmpstr); if (ret < 0) { + if (flags & NFT_XML_OPT) + return 0; + errno = EINVAL; goto err; } @@ -114,12 +120,18 @@ int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, node = mxmlFindElement(node, node, "data_reg", NULL, NULL, MXML_DESCEND); if (node == NULL || node->child == NULL) { + if (flags & NFT_XML_OPT) + return 0; + errno = EINVAL; goto err; } type = mxmlElementGetAttr(node, "type"); if (type == NULL) { + if (flags & NFT_XML_OPT) + return DATA_NONE; + errno = EINVAL; goto err; } @@ -130,8 +142,10 @@ int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, return DATA_VERDICT; else if (strcmp(type, "chain") == 0) return DATA_CHAIN; - else - errno = EINVAL; + else if (flags & NFT_XML_OPT) + return DATA_NONE; + + errno = EINVAL; err: return -1; } @@ -139,27 +153,30 @@ err: int nft_mxml_num_parse(mxml_node_t *tree, const char *node_name, uint32_t mxml_flags, int base, void *number, - enum nft_type type) + enum nft_type type, uint16_t flags) { mxml_node_t *node = NULL; node = mxmlFindElement(tree, tree, node_name, NULL, NULL, mxml_flags); if (node == NULL || node->child == NULL) { - errno = EINVAL; + if (!(flags & NFT_XML_OPT)) + errno = EINVAL; + return -1; } - return nft_strtoi(node->child->value.opaque, base, number, type); } const char *nft_mxml_str_parse(mxml_node_t *tree, const char *node_name, - uint32_t mxml_flags) + uint32_t mxml_flags, uint16_t flags) { mxml_node_t *node; node = mxmlFindElement(tree, tree, node_name, NULL, NULL, mxml_flags); if (node == NULL || node->child == NULL) { - errno = EINVAL; + if (!(flags & NFT_XML_OPT)) + errno = EINVAL; + return NULL; } @@ -167,12 +184,13 @@ const char *nft_mxml_str_parse(mxml_node_t *tree, const char *node_name, } int nft_mxml_family_parse(mxml_node_t *tree, const char *node_name, - uint32_t mxml_flags) + uint32_t mxml_flags, uint16_t flags) { const char *family_str; int family; - family_str = nft_mxml_str_parse(tree, node_name, mxml_flags); + family_str = nft_mxml_str_parse(tree, node_name, mxml_flags, + flags); if (family_str == NULL) return -1; diff --git a/src/rule.c b/src/rule.c index 2f92e7d..a381469 100644 --- a/src/rule.c +++ b/src/rule.c @@ -592,14 +592,16 @@ static int nft_rule_xml_parse(struct nft_rule *r, const char *xml) if (strcmp(tree->value.opaque, "rule") != 0) goto err; - family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST); + family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (family < 0) goto err; r->family = family; r->flags |= (1 << NFT_RULE_ATTR_FAMILY); - table = nft_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST); + table = nft_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (table == NULL) goto err; @@ -609,7 +611,8 @@ static int nft_rule_xml_parse(struct nft_rule *r, const char *xml) r->table = strdup(table); r->flags |= (1 << NFT_RULE_ATTR_TABLE); - chain = nft_mxml_str_parse(tree, "chain", MXML_DESCEND_FIRST); + chain = nft_mxml_str_parse(tree, "chain", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (chain == NULL) goto err; @@ -620,46 +623,38 @@ static int nft_rule_xml_parse(struct nft_rule *r, const char *xml) r->flags |= (1 << NFT_RULE_ATTR_CHAIN); if (nft_mxml_num_parse(tree, "handle", MXML_DESCEND_FIRST, BASE_DEC, - &r->handle, NFT_TYPE_U64) != 0) + &r->handle, NFT_TYPE_U64, NFT_XML_MAND) != 0) goto err; r->flags |= (1 << NFT_RULE_ATTR_HANDLE); if (nft_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, - BASE_DEC, &r->rule_flags, NFT_TYPE_U32) != 0) + BASE_DEC, &r->rule_flags, NFT_TYPE_U32, + NFT_XML_MAND) != 0) goto err; r->flags |= (1 << NFT_RULE_ATTR_FLAGS); - node = mxmlFindElement(tree, tree, "compat_proto", NULL, NULL, - MXML_DESCEND); - if (node != NULL && node->child != NULL) { - if (nft_strtoi(node->child->value.opaque, BASE_DEC, - &r->compat.proto, NFT_TYPE_U32) != 0) - goto err; - + if (nft_mxml_num_parse(tree, "compat_proto", MXML_DESCEND_FIRST, + BASE_DEC, &r->compat.proto, NFT_TYPE_U32, + NFT_XML_OPT) >= 0) r->flags |= (1 << NFT_RULE_ATTR_COMPAT_PROTO); - } - - node = mxmlFindElement(tree, tree, "compat_flags", NULL, NULL, - MXML_DESCEND); - if (node != NULL && node->child != NULL) { - if (nft_strtoi(node->child->value.opaque, BASE_DEC, - &r->compat.flags, NFT_TYPE_U32) != 0) - goto err; + if (nft_mxml_num_parse(tree, "compat_flags", MXML_DESCEND_FIRST, + BASE_DEC, &r->compat.flags, NFT_TYPE_U32, + NFT_XML_OPT) >= 0) r->flags |= (1 << NFT_RULE_ATTR_COMPAT_FLAGS); - } - node = mxmlFindElement(tree, tree, "position", NULL, NULL, - MXML_DESCEND_FIRST); - if (node != NULL && node->child != NULL) { - if (nft_strtoi(node->child->value.opaque, BASE_DEC, - &r->position, NFT_TYPE_U64) != 0) - goto err; + if (nft_rule_attr_is_set(r, NFT_RULE_ATTR_COMPAT_PROTO) != + nft_rule_attr_is_set(r, NFT_RULE_ATTR_COMPAT_FLAGS)) { + errno = EINVAL; + goto err; + } + if (nft_mxml_num_parse(tree, "position", MXML_DESCEND_FIRST, + BASE_DEC, &r->position, NFT_TYPE_U64, + NFT_XML_OPT) >= 0) r->flags |= (1 << NFT_RULE_ATTR_POSITION); - } /* Iterating over */ for (node = mxmlFindElement(tree, tree, "expr", "type", diff --git a/src/set.c b/src/set.c index a4b644a..7f2ee57 100644 --- a/src/set.c +++ b/src/set.c @@ -427,7 +427,8 @@ static int nft_set_xml_parse(struct nft_set *s, const char *xml) if (strcmp(tree->value.opaque, "set") != 0) goto err; - name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST); + name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (name == NULL) goto err; @@ -437,7 +438,8 @@ static int nft_set_xml_parse(struct nft_set *s, const char *xml) s->name = strdup(name); s->flags |= (1 << NFT_SET_ATTR_NAME); - table = nft_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST); + table = nft_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (table == NULL) goto err; @@ -447,7 +449,8 @@ static int nft_set_xml_parse(struct nft_set *s, const char *xml) s->table = strdup(table); s->flags |= (1 << NFT_SET_ATTR_TABLE); - family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST); + family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (family < 0) goto err; @@ -455,32 +458,32 @@ static int nft_set_xml_parse(struct nft_set *s, const char *xml) s->flags |= (1 << NFT_SET_ATTR_FAMILY); - if (nft_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, - BASE_DEC, &s->set_flags, NFT_TYPE_U32) != 0) + if (nft_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, BASE_DEC, + &s->set_flags, NFT_TYPE_U32, NFT_XML_MAND) != 0) goto err; s->flags |= (1 << NFT_SET_ATTR_FLAGS); - if (nft_mxml_num_parse(tree, "key_type", MXML_DESCEND_FIRST, - BASE_DEC, &s->key_type, NFT_TYPE_U32) != 0) + if (nft_mxml_num_parse(tree, "key_type", MXML_DESCEND_FIRST, BASE_DEC, + &s->key_type, NFT_TYPE_U32, NFT_XML_MAND) != 0) goto err; s->flags |= (1 << NFT_SET_ATTR_KEY_TYPE); - if (nft_mxml_num_parse(tree, "key_len", MXML_DESCEND_FIRST, - BASE_DEC, &s->key_len, NFT_TYPE_U32) != 0) + if (nft_mxml_num_parse(tree, "key_len", MXML_DESCEND_FIRST, BASE_DEC, + &s->key_len, NFT_TYPE_U32, NFT_XML_MAND) != 0) goto err; s->flags |= (1 << NFT_SET_ATTR_KEY_LEN); - if (nft_mxml_num_parse(tree, "data_type", MXML_DESCEND_FIRST, - BASE_DEC, &s->data_type, NFT_TYPE_U32) != 0) + if (nft_mxml_num_parse(tree, "data_type", MXML_DESCEND_FIRST, BASE_DEC, + &s->data_type, NFT_TYPE_U32, NFT_XML_MAND) != 0) goto err; s->flags |= (1 << NFT_SET_ATTR_DATA_TYPE); - if (nft_mxml_num_parse(tree, "data_len", MXML_DESCEND_FIRST, - BASE_DEC, &s->data_len, NFT_TYPE_U32) != 0) + if (nft_mxml_num_parse(tree, "data_len", MXML_DESCEND_FIRST, BASE_DEC, + &s->data_len, NFT_TYPE_U32, NFT_XML_MAND) != 0) goto err; s->flags |= (1 << NFT_SET_ATTR_DATA_LEN); diff --git a/src/set_elem.c b/src/set_elem.c index 2b2e414..9ad482b 100644 --- a/src/set_elem.c +++ b/src/set_elem.c @@ -378,41 +378,36 @@ EXPORT_SYMBOL(nft_set_elems_nlmsg_parse); #ifdef XML_PARSING int nft_mxml_set_elem_parse(mxml_node_t *tree, struct nft_set_elem *e) { - mxml_node_t *node; int set_elem_data; if (nft_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, BASE_DEC, &e->set_elem_flags, - NFT_TYPE_U32) != 0) + NFT_TYPE_U32, NFT_XML_MAND) != 0) return -1; e->flags |= (1 << NFT_SET_ELEM_ATTR_FLAGS); - if (nft_mxml_data_reg_parse(tree, "key", &e->key) != DATA_VALUE) + if (nft_mxml_data_reg_parse(tree, "key", &e->key, + NFT_XML_MAND) != DATA_VALUE) return -1; e->flags |= (1 << NFT_SET_ELEM_ATTR_KEY); /* is not mandatory */ - node = mxmlFindElement(tree, tree, "data", NULL, NULL, - MXML_DESCEND_FIRST); - if (node != NULL && node->child != NULL) { - set_elem_data = nft_mxml_data_reg_parse(tree, "data", - &e->data); - switch (set_elem_data) { - case DATA_VALUE: - e->flags |= (1 << NFT_SET_ELEM_ATTR_DATA); - break; - case DATA_VERDICT: - e->flags |= (1 << NFT_SET_ELEM_ATTR_VERDICT); - break; - case DATA_CHAIN: - e->flags |= (1 << NFT_SET_ELEM_ATTR_CHAIN); - break; - default: - return -1; - } + set_elem_data = nft_mxml_data_reg_parse(tree, "data", + &e->data, NFT_XML_OPT); + switch (set_elem_data) { + case DATA_VALUE: + e->flags |= (1 << NFT_SET_ELEM_ATTR_DATA); + break; + case DATA_VERDICT: + e->flags |= (1 << NFT_SET_ELEM_ATTR_VERDICT); + break; + case DATA_CHAIN: + e->flags |= (1 << NFT_SET_ELEM_ATTR_CHAIN); + break; } + return 0; } #endif diff --git a/src/table.c b/src/table.c index 838c5ee..0b51d15 100644 --- a/src/table.c +++ b/src/table.c @@ -232,7 +232,8 @@ static int nft_table_xml_parse(struct nft_table *t, const char *xml) if (strcmp(tree->value.opaque, "table") != 0) goto err; - name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST); + name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (name == NULL) goto err; @@ -242,7 +243,8 @@ static int nft_table_xml_parse(struct nft_table *t, const char *xml) t->name = strdup(name); t->flags |= (1 << NFT_TABLE_ATTR_NAME); - family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST); + family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST, + NFT_XML_MAND); if (family < 0) goto err; @@ -250,7 +252,8 @@ static int nft_table_xml_parse(struct nft_table *t, const char *xml) t->flags |= (1 << NFT_TABLE_ATTR_FAMILY); if (nft_mxml_num_parse(tree, "flags", MXML_DESCEND, BASE_DEC, - &t->table_flags, NFT_TYPE_U32) != 0) + &t->table_flags, NFT_TYPE_U32, + NFT_XML_MAND) != 0) goto err; t->flags |= (1 << NFT_TABLE_ATTR_FLAGS); -- cgit v1.2.3