From 15ad64734a544a9af033e54d232f112971072c15 Mon Sep 17 00:00:00 2001 From: Alvaro Neira Ayuso Date: Mon, 9 Feb 2015 21:09:53 +0100 Subject: src: add command tag in JSON/XML export support Currently, we can't do incremental updates via JSON/XML. This patch enriches the existing output to indicate the kind of update that you want to perform. So, if we have a ruleset like: table ip filter { chain input { type filter hook input priority 0; } } The new output looks like: {"nftables":[{"add":[{"table":{"name":"filter",...}}]}]} ^^^^^ Where we explicitly indicate that we want to add a table. We support all the actions that we can do with nft, they are: - Add, delete and flush tables and chains. - Add, delete, replace and insert rules. - Add and delete sets. - Add and delete set elements. - Flush ruleset. You only need to add the command tag: {"nftables":[{"delete":[{...}, {...},...}]}]} ^^^^^^^^ The possible command tags that you can use are "add", "delete", "insert", "replace" and "flush". - Flush table or chain, eg.: {"nftables":[{"flush":[{"table":{"name":...}}]}]} - Delete table, chain, set or rule: {"nftables":[{"delete":[{"chain":{"name":...}]}]} - Replace a rule (you have to specify the handle): {"nftables":[{"replace":[{"rule":{...}}]}]} - Insert a rule: {"nftables":[{"insert":[{"rule":{...}}]}]} Signed-off-by: Alvaro Neira Ayuso Signed-off-by: Pablo Neira Ayuso --- include/buffer.h | 8 ++++++++ include/libnftnl/common.h | 10 ++++++++++ 2 files changed, 18 insertions(+) (limited to 'include') diff --git a/include/buffer.h b/include/buffer.h index 2b497f2..9d1cb8b 100644 --- a/include/buffer.h +++ b/include/buffer.h @@ -26,6 +26,9 @@ union nft_data_reg; int nft_buf_open(struct nft_buf *b, int type, const char *tag); int nft_buf_close(struct nft_buf *b, int type, const char *tag); +int nft_buf_open_array(struct nft_buf *b, int type, const char *tag); +int nft_buf_close_array(struct nft_buf *b, int type, const char *tag); + int nft_buf_u32(struct nft_buf *b, int type, uint32_t value, const char *tag); int nft_buf_s32(struct nft_buf *b, int type, uint32_t value, const char *tag); int nft_buf_u64(struct nft_buf *b, int type, uint64_t value, const char *tag); @@ -76,5 +79,10 @@ int nft_buf_reg(struct nft_buf *b, int type, union nft_data_reg *reg, #define UNIT "unit" #define USE "use" #define XOR "xor" +#define ADD "add" +#define INSERT "insert" +#define DELETE "delete" +#define REPLACE "replace" +#define FLUSH "flush" #endif diff --git a/include/libnftnl/common.h b/include/libnftnl/common.h index fa3ab60..f8f1304 100644 --- a/include/libnftnl/common.h +++ b/include/libnftnl/common.h @@ -21,6 +21,16 @@ enum nft_output_flags { NFT_OF_EVENT_ANY = (NFT_OF_EVENT_NEW | NFT_OF_EVENT_DEL), }; +enum nft_cmd_type { + NFT_CMD_UNSPEC = 0, + NFT_CMD_ADD, + NFT_CMD_INSERT, + NFT_CMD_DELETE, + NFT_CMD_REPLACE, + NFT_CMD_FLUSH, + NFT_CMD_MAX, +}; + enum nft_parse_type { NFT_PARSE_NONE = 0, NFT_PARSE_XML, -- cgit v1.2.3