From 26e06d838d6471f5233c1da3fee012bf113564a5 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Gonzalez Date: Fri, 8 Feb 2013 17:51:56 +0100 Subject: src: add XML output support Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- src/expr/bitwise.c | 58 ++++++++++++++++++++++++++++++++++++++++--- src/expr/cmp.c | 42 +++++++++++++++++++++++++++++--- src/expr/counter.c | 14 +++++++++-- src/expr/immediate.c | 15 ++++++++++-- src/expr/lookup.c | 38 ++++++++++++++++++++++++++--- src/expr/match.c | 40 ++++++++++++++++++++++++++++-- src/expr/meta.c | 14 ++++++++++- src/expr/nat.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++----- src/expr/payload.c | 20 ++++++++++++--- src/expr/target.c | 37 ++++++++++++++++++++++++++-- 10 files changed, 319 insertions(+), 28 deletions(-) (limited to 'src/expr') diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c index fdab8e6..ac89cba 100644 --- a/src/expr/bitwise.c +++ b/src/expr/bitwise.c @@ -18,6 +18,7 @@ #include #include #include +#include #include "data_reg.h" #include "expr_ops.h" @@ -195,10 +196,43 @@ nft_rule_expr_bitwise_parse(struct nft_rule_expr *e, struct nlattr *attr) } static int -nft_rule_expr_bitwise_snprintf(char *buf, size_t size, uint32_t type, - uint32_t flags, struct nft_rule_expr *e) +nft_rule_expr_bitwise_snprintf_xml(char *buf, size_t size, + struct nft_expr_bitwise *bitwise) +{ + int len = size, offset = 0, ret, i; + + ret = snprintf(buf, len, "\t\t%u " + "%u ", + bitwise->sreg, bitwise->dreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + ret = snprintf(buf+offset, len, ""); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + for (i=0; imask.len/sizeof(uint32_t); i++) { + ret = snprintf(buf+offset, len, "%.8x ", + bitwise->mask.val[i]); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + ret = snprintf(buf+offset, len, " "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + for (i=0; ixor.len/sizeof(uint32_t); i++) { + ret = snprintf(buf+offset, len, "%.8x ", bitwise->xor.val[i]); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + ret = snprintf(buf+offset, len, " "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + return offset; +} + +static int +nft_rule_expr_bitwise_snprintf_default(char *buf, size_t size, + struct nft_expr_bitwise *bitwise) { - struct nft_expr_bitwise *bitwise = (struct nft_expr_bitwise *)e->data; int len = size, offset = 0, ret, i; ret = snprintf(buf, len, "sreg=%u dreg=%u ", @@ -224,6 +258,24 @@ nft_rule_expr_bitwise_snprintf(char *buf, size_t size, uint32_t type, return offset; } +static int +nft_rule_expr_bitwise_snprintf(char *buf, size_t size, uint32_t type, + uint32_t flags, struct nft_rule_expr *e) +{ + struct nft_expr_bitwise *bitwise = (struct nft_expr_bitwise *)e->data; + + switch(type) { + case NFT_RULE_O_XML: + return nft_rule_expr_bitwise_snprintf_xml(buf, size, bitwise); + case NFT_RULE_O_DEFAULT: + return nft_rule_expr_bitwise_snprintf_default(buf, size, + bitwise); + default: + break; + } + return -1; +} + struct expr_ops expr_ops_bitwise = { .name = "bitwise", .alloc_len = sizeof(struct nft_expr_bitwise), diff --git a/src/expr/cmp.c b/src/expr/cmp.c index 0849c49..429f024 100644 --- a/src/expr/cmp.c +++ b/src/expr/cmp.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "expr_ops.h" #include "data_reg.h" @@ -166,10 +167,29 @@ static char *expr_cmp_str[] = { }; static int -nft_rule_expr_cmp_snprintf(char *buf, size_t size, uint32_t type, - uint32_t flags, struct nft_rule_expr *e) +nft_rule_expr_cmp_snprintf_xml(char *buf, size_t size, struct nft_expr_cmp *cmp) +{ + int len = size, offset = 0, ret, i; + + ret = snprintf(buf, len, "\t\t%u %s ", + cmp->sreg, expr_cmp_str[cmp->op]); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + for (i=0; idata.len/sizeof(uint32_t); i++) { + ret = snprintf(buf+offset, len, "%.8x ", cmp->data.val[i]); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + ret = snprintf(buf+offset, len, " "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + return offset; +} + +static int +nft_rule_expr_cmp_snprintf_default(char *buf, size_t size, + struct nft_expr_cmp *cmp) { - struct nft_expr_cmp *cmp = (struct nft_expr_cmp *)e->data; int len = size, offset = 0, ret, i; ret = snprintf(buf, len, "sreg=%u op=%s data=", @@ -183,6 +203,22 @@ nft_rule_expr_cmp_snprintf(char *buf, size_t size, uint32_t type, return offset; } +static int +nft_rule_expr_cmp_snprintf(char *buf, size_t size, uint32_t type, + uint32_t flags, struct nft_rule_expr *e) +{ + struct nft_expr_cmp *cmp = (struct nft_expr_cmp *)e->data; + switch(type) { + case NFT_RULE_O_XML: + return nft_rule_expr_cmp_snprintf_xml(buf, size, cmp); + case NFT_RULE_O_DEFAULT: + return nft_rule_expr_cmp_snprintf_default(buf, size, cmp); + default: + break; + } + return -1; +} + struct expr_ops expr_ops_cmp = { .name = "cmp", .alloc_len = sizeof(struct nft_expr_cmp), diff --git a/src/expr/counter.c b/src/expr/counter.c index f0d7617..d2da9bf 100644 --- a/src/expr/counter.c +++ b/src/expr/counter.c @@ -18,6 +18,7 @@ #include "internal.h" #include #include +#include #include "expr_ops.h" struct nft_expr_counter { @@ -130,8 +131,17 @@ nft_rule_expr_counter_snprintf(char *buf, size_t len, uint32_t type, { struct nft_expr_counter *ctr = (struct nft_expr_counter *)e->data; - return snprintf(buf, len, "pkts=%lu bytes=%lu ", - ctr->pkts, ctr->bytes); + switch(type) { + case NFT_RULE_O_XML: + return snprintf(buf, len, "\t\t%lu %lu ", + ctr->pkts, ctr->bytes); + case NFT_RULE_O_DEFAULT: + return snprintf(buf, len, "pkts=%lu bytes=%lu ", + ctr->pkts, ctr->bytes); + default: + break; + } + return -1; } struct expr_ops expr_ops_counter = { diff --git a/src/expr/immediate.c b/src/expr/immediate.c index b5ac602..496cbfd 100644 --- a/src/expr/immediate.c +++ b/src/expr/immediate.c @@ -18,6 +18,7 @@ #include #include #include +#include #include "expr_ops.h" #include "data_reg.h" @@ -200,8 +201,18 @@ nft_rule_expr_immediate_snprintf(char *buf, size_t len, uint32_t type, { struct nft_expr_immediate *imm = (struct nft_expr_immediate *)e->data; - return snprintf(buf, len, "dreg=%u data=%u ", - imm->dreg, imm->data.val[0]); + switch(type) { + case NFT_RULE_O_XML: + return snprintf(buf, len, "\t\t%u" + " %u ", + imm->dreg, imm->data.val[0]); + case NFT_RULE_O_DEFAULT: + return snprintf(buf, len, "dreg=%u data=%u ", + imm->dreg, imm->data.val[0]); + default: + break; + } + return -1; } struct expr_ops expr_ops_immediate = { diff --git a/src/expr/lookup.c b/src/expr/lookup.c index 8e533c4..550c850 100644 --- a/src/expr/lookup.c +++ b/src/expr/lookup.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include "data_reg.h" #include "expr_ops.h" @@ -150,19 +151,48 @@ nft_rule_expr_lookup_parse(struct nft_rule_expr *e, struct nlattr *attr) } static int -nft_rule_expr_lookup_snprintf(char *buf, size_t size, uint32_t type, - uint32_t flags, struct nft_rule_expr *e) +nft_rule_expr_lookup_snprintf_xml(char *buf, size_t size, + struct nft_expr_lookup *l) +{ + int len = size, offset = 0, ret; + + ret = snprintf(buf, len, "%s%u%u\n", + l->set_name, l->sreg, l->dreg); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + return offset; +} + +static int +nft_rule_expr_lookup_snprintf_default(char *buf, size_t size, + struct nft_expr_lookup *l) { - struct nft_expr_lookup *lookup = (struct nft_expr_lookup *)e->data; int len = size, offset = 0, ret; ret = snprintf(buf, len, "set=%s sreg=%u dreg=%u\n", - lookup->set_name, lookup->sreg, lookup->dreg); + l->set_name, l->sreg, l->dreg); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); return offset; } +static int +nft_rule_expr_lookup_snprintf(char *buf, size_t size, uint32_t type, + uint32_t flags, struct nft_rule_expr *e) +{ + struct nft_expr_lookup *lookup = (struct nft_expr_lookup *)e->data; + + switch(type) { + case NFT_RULE_O_XML: + return nft_rule_expr_lookup_snprintf_xml(buf, size, lookup); + case NFT_RULE_O_DEFAULT: + return nft_rule_expr_lookup_snprintf_default(buf, size, lookup); + default: + break; + } + return -1; +} + struct expr_ops expr_ops_lookup = { .name = "lookup", .alloc_len = sizeof(struct nft_expr_lookup), diff --git a/src/expr/match.c b/src/expr/match.c index 855d210..0c7427d 100644 --- a/src/expr/match.c +++ b/src/expr/match.c @@ -15,6 +15,8 @@ #include #include /* for memcpy */ #include +#include /* bin to hex*/ +#include /* bin to hex*/ #include @@ -23,6 +25,7 @@ #include #include +#include #include "expr_ops.h" @@ -183,14 +186,47 @@ static int nft_rule_expr_match_parse(struct nft_rule_expr *e, struct nlattr *att return 0; } +static +int nft_rule_exp_match_snprintf_xml(char *buf, size_t len, + struct nft_expr_match *mt) +{ + int ret, size=len; + int i; + int offset = 0; + uint8_t *data = (uint8_t *)mt->data; + + ret = snprintf(buf, len, "\t\t%s %u 0x", + mt->name, mt->rev); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + for (i=0; i < mt->data_len; i++) { + ret = snprintf(buf+offset, len, "%x", data[i] & 0xff); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + ret = snprintf(buf+offset, len, "" ); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + return offset; +} + + static int nft_rule_expr_match_snprintf(char *buf, size_t len, uint32_t type, uint32_t flags, struct nft_rule_expr *e) { struct nft_expr_match *match = (struct nft_expr_match *)e->data; - return snprintf(buf, len, "name=%s rev=%u ", - match->name, match->rev); + switch(type) { + case NFT_RULE_O_XML: + return nft_rule_exp_match_snprintf_xml(buf, len, match); + case NFT_RULE_O_DEFAULT: + return snprintf(buf, len, "name=%s rev=%u ", + match->name, match->rev); + default: + break; + } + return -1; } struct expr_ops expr_ops_match = { diff --git a/src/expr/meta.c b/src/expr/meta.c index b7cd201..2095545 100644 --- a/src/expr/meta.c +++ b/src/expr/meta.c @@ -18,6 +18,7 @@ #include "internal.h" #include #include +#include #include "expr_ops.h" struct nft_expr_meta { @@ -130,7 +131,18 @@ nft_rule_expr_meta_snprintf(char *buf, size_t len, uint32_t type, { struct nft_expr_meta *meta = (struct nft_expr_meta *)e->data; - return snprintf(buf, len, "dreg=%u key=%u ", meta->dreg, meta->key); + switch(type) { + case NFT_RULE_O_XML: + return snprintf(buf, len, "\t\t%u" + " %u ", + meta->dreg, meta->key); + case NFT_RULE_O_DEFAULT: + return snprintf(buf, len, "dreg=%u key=%u ", + meta->dreg, meta->key); + default: + break; + } + return -1; } struct expr_ops expr_ops_meta = { diff --git a/src/expr/nat.c b/src/expr/nat.c index 17f4459..68217bd 100644 --- a/src/expr/nat.c +++ b/src/expr/nat.c @@ -18,6 +18,7 @@ #include #include #include +#include #include "expr_ops.h" struct nft_expr_nat { @@ -201,8 +202,49 @@ nft_rule_expr_nat_build(struct nlmsghdr *nlh, struct nft_rule_expr *e) } static int -nft_rule_expr_nat_snprintf(char *buf, size_t size, uint32_t type, - uint32_t flags, struct nft_rule_expr *e) +nft_rule_expr_nat_snprintf_xml(char *buf, size_t size, + struct nft_rule_expr *e) +{ + struct nft_expr_nat *nat = (struct nft_expr_nat *)e->data; + int len = size, offset = 0, ret = 0; + + switch (nat->type) { + case NFT_NAT_SNAT: + ret = snprintf(buf, len, + "\t\tNFT_NAT_SNAT "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + break; + case NFT_NAT_DNAT: + ret = snprintf(buf, len, + "\t\tNFT_NAT_DNAT "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + break; + } + + ret = snprintf(buf, len, "%s ", + nat->family == AF_INET ? "AF_INET" : "AF_INET6"); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) { + ret = snprintf(buf, len, "%u" + " %u ", + nat->sreg_addr_min, nat->sreg_addr_max); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + if (e->flags & (1 << NFT_EXPR_NAT_REG_PROTO_MIN)) { + ret = snprintf(buf, len, "%u" + " %u ", + nat->sreg_proto_min, nat->sreg_proto_max); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + return offset; +} + +static int +nft_rule_expr_nat_snprintf_default(char *buf, size_t size, + struct nft_rule_expr *e) { struct nft_expr_nat *nat = (struct nft_expr_nat *)e->data; int len = size, offset = 0, ret = 0; @@ -210,12 +252,13 @@ nft_rule_expr_nat_snprintf(char *buf, size_t size, uint32_t type, switch (nat->type) { case NFT_NAT_SNAT: ret = snprintf(buf, len, "type=NFT_NAT_SNAT "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); break; case NFT_NAT_DNAT: ret = snprintf(buf, len, "type=NFT_NAT_DNAT "); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); break; } - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); ret = snprintf(buf, len, "family=%s ", nat->family == AF_INET ? "AF_INET" : "AF_INET6"); @@ -225,20 +268,34 @@ nft_rule_expr_nat_snprintf(char *buf, size_t size, uint32_t type, ret = snprintf(buf, len, "sreg_addr_min_v4=%u sreg_addr_max_v4=%u ", nat->sreg_addr_min, nat->sreg_addr_max); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); - if (e->flags & (1 << NFT_EXPR_NAT_REG_PROTO_MIN)) { ret = snprintf(buf, len, "sreg_proto_min=%u sreg_proto_max=%u ", nat->sreg_proto_min, nat->sreg_proto_max); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); return offset; } +static int +nft_rule_expr_nat_snprintf(char *buf, size_t size, uint32_t type, + uint32_t flags, struct nft_rule_expr *e) +{ + switch (type) { + case NFT_RULE_O_XML: + return nft_rule_expr_nat_snprintf_xml(buf, size, e); + case NFT_RULE_O_DEFAULT: + return nft_rule_expr_nat_snprintf_default(buf, size, e); + default: + break; + } + return -1; +} + struct expr_ops expr_ops_nat = { .name = "nat", .alloc_len = sizeof(struct nft_expr_nat), diff --git a/src/expr/payload.c b/src/expr/payload.c index f571206..33fcef1 100644 --- a/src/expr/payload.c +++ b/src/expr/payload.c @@ -20,6 +20,7 @@ #include #include +#include #include "expr_ops.h" @@ -169,9 +170,22 @@ nft_rule_expr_payload_snprintf(char *buf, size_t len, uint32_t type, { struct nft_expr_payload *payload = (struct nft_expr_payload *)e->data; - return snprintf(buf, len, "dreg=%u base=%u offset=%u len=%u ", - payload->dreg, payload->base, - payload->offset, payload->len); + switch(type) { + case NFT_RULE_O_XML: + return snprintf(buf, len, "\t\t%u" + "%u %u" + "%u", + payload->dreg, payload->base, + payload->offset, payload->len); + + case NFT_RULE_O_DEFAULT: + return snprintf(buf, len, "dreg=%u base=%u offset=%u len=%u ", + payload->dreg, payload->base, + payload->offset, payload->len); + default: + break; + } + return -1; } struct expr_ops expr_ops_payload = { diff --git a/src/expr/target.c b/src/expr/target.c index 1ee7379..86c9bc8 100644 --- a/src/expr/target.c +++ b/src/expr/target.c @@ -23,6 +23,7 @@ #include #include +#include #include "expr_ops.h" @@ -183,14 +184,46 @@ static int nft_rule_expr_target_parse(struct nft_rule_expr *e, struct nlattr *at return 0; } +static +int nft_rule_exp_target_snprintf_xml(char *buf, size_t len, + struct nft_expr_target *tg) +{ + int ret, size=len; + int i; + int offset = 0; + uint8_t *data = (uint8_t *)tg->data; + + ret = snprintf(buf, len, "\t\t%s %u 0x", + tg->name, tg->rev); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + for (i=0; i < tg->data_len; i++) { + ret = snprintf(buf+offset, len, "%x", data[i] & 0xff); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + } + + ret = snprintf(buf+offset, len, "" ); + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + + return offset; +} + static int nft_rule_expr_target_snprintf(char *buf, size_t len, uint32_t type, uint32_t flags, struct nft_rule_expr *e) { struct nft_expr_target *target = (struct nft_expr_target *)e->data; - return snprintf(buf, len, "name=%s rev=%u ", - target->name, target->rev); + switch(type) { + case NFT_RULE_O_XML: + return nft_rule_exp_target_snprintf_xml(buf, len, target); + case NFT_RULE_O_DEFAULT: + return snprintf(buf, len, "name=%s rev=%u ", + target->name, target->rev); + default: + break; + } + return -1; } struct expr_ops expr_ops_target = { -- cgit v1.2.3