From e87d2f9ef8a4a298de5514b30ec2d43d3c90a644 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lvaro=20Neira=20Ayuso?= <alvaroneay@gmail.com>
Date: Mon, 6 Jan 2014 00:51:14 +0100
Subject: src: new error reporting approach for XML/JSON parsers

I have added a new structure for reporting some errors in parser
that we can't cover with errno.

In this patch, we have three errors that we can't cover with errno:

NFT_PARSE_EBADINPUT : Bad XML/JSON format in the input
NFT_PARSE_EMISSINGNODE : Missing node in our input
NFT_PARSE_EBADTYPE : Wrong type value in a node

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/table.c | 44 ++++++++++++++++++++++++++------------------
 1 file changed, 26 insertions(+), 18 deletions(-)

(limited to 'src/table.c')

diff --git a/src/table.c b/src/table.c
index 9e20768..9b5f5c9 100644
--- a/src/table.c
+++ b/src/table.c
@@ -211,13 +211,14 @@ int nft_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_table *t)
 EXPORT_SYMBOL(nft_table_nlmsg_parse);
 
 #ifdef XML_PARSING
-int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t)
+int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t,
+			 struct nft_parse_err *err)
 {
 	const char *name;
 	int family;
 
 	name = nft_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST,
-				  NFT_XML_MAND);
+				  NFT_XML_MAND, err);
 	if (name == NULL)
 		return -1;
 
@@ -228,7 +229,7 @@ int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t)
 	t->flags |= (1 << NFT_TABLE_ATTR_NAME);
 
 	family = nft_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST,
-				       NFT_XML_MAND);
+				       NFT_XML_MAND, err);
 	if (family < 0)
 		return -1;
 
@@ -237,7 +238,7 @@ int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t)
 
 	if (nft_mxml_num_parse(tree, "flags", MXML_DESCEND, BASE_DEC,
 			       &t->table_flags, NFT_TYPE_U32,
-			       NFT_XML_MAND) != 0)
+			       NFT_XML_MAND, err) != 0)
 		return -1;
 
 	t->flags |= (1 << NFT_TABLE_ATTR_FLAGS);
@@ -246,15 +247,16 @@ int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t)
 }
 #endif
 
-static int nft_table_xml_parse(struct nft_table *t, const char *xml)
+static int nft_table_xml_parse(struct nft_table *t, const char *xml,
+			       struct nft_parse_err *err)
 {
 #ifdef XML_PARSING
 	int ret;
-	mxml_node_t *tree = nft_mxml_build_tree(xml, "table");
+	mxml_node_t *tree = nft_mxml_build_tree(xml, "table", err);
 	if (tree == NULL)
 		return -1;
 
-	ret = nft_mxml_table_parse(tree, t);
+	ret = nft_mxml_table_parse(tree, t, err);
 	mxmlDelete(tree);
 	return ret;
 #else
@@ -264,29 +266,30 @@ static int nft_table_xml_parse(struct nft_table *t, const char *xml)
 }
 
 #ifdef JSON_PARSING
-int nft_jansson_parse_table(struct nft_table *t, json_t *tree)
+int nft_jansson_parse_table(struct nft_table *t, json_t *tree,
+			    struct nft_parse_err *err)
 {
 	json_t *root;
 	uint32_t flags;
 	const char *str;
 	int family;
 
-	root = nft_jansson_get_node(tree, "table");
+	root = nft_jansson_get_node(tree, "table", err);
 	if (root == NULL)
 		return -1;
 
-	str = nft_jansson_parse_str(root, "name");
+	str = nft_jansson_parse_str(root, "name", err);
 	if (str == NULL)
 		goto err;
 
 	nft_table_attr_set_str(t, NFT_TABLE_ATTR_NAME, str);
 
-	if (nft_jansson_parse_family(root, &family) != 0)
+	if (nft_jansson_parse_family(root, &family, err) != 0)
 		goto err;
 
 	nft_table_attr_set_u32(t, NFT_TABLE_ATTR_FAMILY, family);
 
-	if (nft_jansson_parse_val(root, "flags", NFT_TYPE_U32, &flags) < 0)
+	if (nft_jansson_parse_val(root, "flags", NFT_TYPE_U32, &flags, err) < 0)
 		goto err;
 
 	nft_table_attr_set_u32(t, NFT_TABLE_ATTR_FLAGS, flags);
@@ -299,17 +302,18 @@ err:
 }
 #endif
 
-static int nft_table_json_parse(struct nft_table *t, const char *json)
+static int nft_table_json_parse(struct nft_table *t, const char *json,
+				struct nft_parse_err *err)
 {
 #ifdef JSON_PARSING
 	json_t *tree;
 	json_error_t error;
 
-	tree = nft_jansson_create_root(json, &error);
+	tree = nft_jansson_create_root(json, &error, err);
 	if (tree == NULL)
 		return -1;
 
-	return nft_jansson_parse_table(t, tree);
+	return nft_jansson_parse_table(t, tree, err);
 #else
 	errno = EOPNOTSUPP;
 	return -1;
@@ -317,16 +321,17 @@ static int nft_table_json_parse(struct nft_table *t, const char *json)
 }
 
 int nft_table_parse(struct nft_table *t, enum nft_parse_type type,
-		    const char *data)
+		    const char *data, struct nft_parse_err *err)
 {
 	int ret;
+	struct nft_parse_err perr;
 
 	switch (type) {
 	case NFT_PARSE_XML:
-		ret = nft_table_xml_parse(t, data);
+		ret = nft_table_xml_parse(t, data, &perr);
 		break;
 	case NFT_PARSE_JSON:
-		ret = nft_table_json_parse(t, data);
+		ret = nft_table_json_parse(t, data, &perr);
 		break;
 	default:
 		ret = -1;
@@ -334,6 +339,9 @@ int nft_table_parse(struct nft_table *t, enum nft_parse_type type,
 		break;
 	}
 
+	if (err != NULL)
+		*err = perr;
+
 	return ret;
 }
 EXPORT_SYMBOL(nft_table_parse);
-- 
cgit v1.2.3


From fc423ae81487e906141f700c7b3515328ff62b7c Mon Sep 17 00:00:00 2001
From: Arturo Borrero <arturo.borrero.glez@gmail.com>
Date: Thu, 9 Jan 2014 12:19:06 +0100
Subject: src: rework and generalize the build/parse system

The intention behind this patch is to prepare the introduction of
the new API that will allow us to parse files that contain the rule-sets
expressed in XML/JSON format. This adds the NFT_PARSE_BUFFER that
indicates that the input is provided in a buffer, which is what we
currently support.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/table.c | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

(limited to 'src/table.c')

diff --git a/src/table.c b/src/table.c
index 9b5f5c9..4f2d5d2 100644
--- a/src/table.c
+++ b/src/table.c
@@ -247,12 +247,13 @@ int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t,
 }
 #endif
 
-static int nft_table_xml_parse(struct nft_table *t, const char *xml,
-			       struct nft_parse_err *err)
+static int nft_table_xml_parse(struct nft_table *t, const void *data,
+			       struct nft_parse_err *err,
+			       enum nft_parse_input input)
 {
 #ifdef XML_PARSING
 	int ret;
-	mxml_node_t *tree = nft_mxml_build_tree(xml, "table", err);
+	mxml_node_t *tree = nft_mxml_build_tree(data, "table", err, input);
 	if (tree == NULL)
 		return -1;
 
@@ -302,14 +303,15 @@ err:
 }
 #endif
 
-static int nft_table_json_parse(struct nft_table *t, const char *json,
-				struct nft_parse_err *err)
+static int nft_table_json_parse(struct nft_table *t, const void *json,
+				struct nft_parse_err *err,
+				enum nft_parse_input input)
 {
 #ifdef JSON_PARSING
 	json_t *tree;
 	json_error_t error;
 
-	tree = nft_jansson_create_root(json, &error, err);
+	tree = nft_jansson_create_root(json, &error, err, input);
 	if (tree == NULL)
 		return -1;
 
@@ -320,18 +322,19 @@ static int nft_table_json_parse(struct nft_table *t, const char *json,
 #endif
 }
 
-int nft_table_parse(struct nft_table *t, enum nft_parse_type type,
-		    const char *data, struct nft_parse_err *err)
+static int nft_table_do_parse(struct nft_table *t, enum nft_parse_type type,
+			      const void *data, struct nft_parse_err *err,
+			      enum nft_parse_input input)
 {
 	int ret;
 	struct nft_parse_err perr;
 
 	switch (type) {
 	case NFT_PARSE_XML:
-		ret = nft_table_xml_parse(t, data, &perr);
+		ret = nft_table_xml_parse(t, data, &perr, input);
 		break;
 	case NFT_PARSE_JSON:
-		ret = nft_table_json_parse(t, data, &perr);
+		ret = nft_table_json_parse(t, data, &perr, input);
 		break;
 	default:
 		ret = -1;
@@ -344,6 +347,12 @@ int nft_table_parse(struct nft_table *t, enum nft_parse_type type,
 
 	return ret;
 }
+
+int nft_table_parse(struct nft_table *t, enum nft_parse_type type,
+		    const char *data, struct nft_parse_err *err)
+{
+	return nft_table_do_parse(t, type, data, err, NFT_PARSE_BUFFER);
+}
 EXPORT_SYMBOL(nft_table_parse);
 
 static int nft_table_snprintf_json(char *buf, size_t size, struct nft_table *t)
-- 
cgit v1.2.3


From d34f0c0508f08a84f4351f2a9369e85ccccfe5a0 Mon Sep 17 00:00:00 2001
From: Arturo Borrero <arturo.borrero.glez@gmail.com>
Date: Thu, 9 Jan 2014 12:19:12 +0100
Subject: src: add interface to parse from file

This patch adds a new API to parse rule-set expressed in XML/JSON from
a file. A new enum nft_parse_input type is added for this purpose.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/table.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/table.c')

diff --git a/src/table.c b/src/table.c
index 4f2d5d2..ad3570f 100644
--- a/src/table.c
+++ b/src/table.c
@@ -355,6 +355,13 @@ int nft_table_parse(struct nft_table *t, enum nft_parse_type type,
 }
 EXPORT_SYMBOL(nft_table_parse);
 
+int nft_table_parse_file(struct nft_table *t, enum nft_parse_type type,
+			 FILE *fp, struct nft_parse_err *err)
+{
+	return nft_table_do_parse(t, type, fp, err, NFT_PARSE_FILE);
+}
+EXPORT_SYMBOL(nft_table_parse_file);
+
 static int nft_table_snprintf_json(char *buf, size_t size, struct nft_table *t)
 {
 	return snprintf(buf, size,
-- 
cgit v1.2.3


From 59e949294f4688bafe44b7def2972987224520c8 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 20 Jan 2014 10:26:57 +0100
Subject: rename library to libnftnl

We plan to use this library name for the higher layer library.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/table.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/table.c')

diff --git a/src/table.c b/src/table.c
index ad3570f..f50a968 100644
--- a/src/table.c
+++ b/src/table.c
@@ -23,7 +23,7 @@
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nf_tables.h>
 
-#include <libnftables/table.h>
+#include <libnftnl/table.h>
 
 struct nft_table {
 	struct list_head head;
-- 
cgit v1.2.3