From 15ad64734a544a9af033e54d232f112971072c15 Mon Sep 17 00:00:00 2001 From: Alvaro Neira Ayuso Date: Mon, 9 Feb 2015 21:09:53 +0100 Subject: src: add command tag in JSON/XML export support Currently, we can't do incremental updates via JSON/XML. This patch enriches the existing output to indicate the kind of update that you want to perform. So, if we have a ruleset like: table ip filter { chain input { type filter hook input priority 0; } } The new output looks like: {"nftables":[{"add":[{"table":{"name":"filter",...}}]}]} ^^^^^ Where we explicitly indicate that we want to add a table. We support all the actions that we can do with nft, they are: - Add, delete and flush tables and chains. - Add, delete, replace and insert rules. - Add and delete sets. - Add and delete set elements. - Flush ruleset. You only need to add the command tag: {"nftables":[{"delete":[{...}, {...},...}]}]} ^^^^^^^^ The possible command tags that you can use are "add", "delete", "insert", "replace" and "flush". - Flush table or chain, eg.: {"nftables":[{"flush":[{"table":{"name":...}}]}]} - Delete table, chain, set or rule: {"nftables":[{"delete":[{"chain":{"name":...}]}]} - Replace a rule (you have to specify the handle): {"nftables":[{"replace":[{"rule":{...}}]}]} - Insert a rule: {"nftables":[{"insert":[{"rule":{...}}]}]} Signed-off-by: Alvaro Neira Ayuso Signed-off-by: Pablo Neira Ayuso --- src/gen.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) (limited to 'src/gen.c') diff --git a/src/gen.c b/src/gen.c index 21d3a49..10a647a 100644 --- a/src/gen.c +++ b/src/gen.c @@ -161,12 +161,12 @@ static int nft_gen_snprintf_default(char *buf, size_t size, struct nft_gen *gen) return snprintf(buf, size, "ruleset generation ID %u", gen->id); } -int nft_gen_snprintf(char *buf, size_t size, struct nft_gen *gen, - uint32_t type, uint32_t flags) +static int nft_gen_cmd_snprintf(char *buf, size_t size, struct nft_gen *gen, + uint32_t cmd, uint32_t type, uint32_t flags) { int ret, len = size, offset = 0; - ret = nft_event_header_snprintf(buf + offset, len, type, flags); + ret = nft_cmd_header_snprintf(buf + offset, len, cmd, type, flags); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); switch(type) { @@ -178,15 +178,23 @@ int nft_gen_snprintf(char *buf, size_t size, struct nft_gen *gen, } SNPRINTF_BUFFER_SIZE(ret, size, len, offset); - ret = nft_event_footer_snprintf(buf + offset, len, type, flags); + ret = nft_cmd_footer_snprintf(buf + offset, len, cmd, type, flags); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); return offset; } + +int nft_gen_snprintf(char *buf, size_t size, struct nft_gen *gen, uint32_t type, + uint32_t flags) +{; + return nft_gen_cmd_snprintf(buf, size, gen, nft_flag2cmd(flags), type, + flags); +} EXPORT_SYMBOL(nft_gen_snprintf); static inline int nft_gen_do_snprintf(char *buf, size_t size, void *gen, - uint32_t type, uint32_t flags) + uint32_t cmd, uint32_t type, + uint32_t flags) { return nft_gen_snprintf(buf, size, gen, type, flags); } @@ -194,6 +202,7 @@ static inline int nft_gen_do_snprintf(char *buf, size_t size, void *gen, int nft_gen_fprintf(FILE *fp, struct nft_gen *gen, uint32_t type, uint32_t flags) { - return nft_fprintf(fp, gen, type, flags, nft_gen_do_snprintf); + return nft_fprintf(fp, gen, NFT_CMD_UNSPEC, type, flags, + nft_gen_do_snprintf); } EXPORT_SYMBOL(nft_gen_fprintf); -- cgit v1.2.3