summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorShyam Saini <mayhs11saini@gmail.com>2017-12-05 19:37:34 +0530
committerPablo Neira Ayuso <pablo@netfilter.org>2018-01-17 13:46:30 +0100
commit2fa54d8a49352bda44d3e25d1d7ba3531faf3303 (patch)
tree55182570ad839f401ed4e4e3c39a28884652cd80 /include
parent9afd72a883e391e366a1d75bb4e1705357e078e9 (diff)
src: Add import command for low level json
This new operation allows to import low level virtual machine ruleset in json to make incremental changes using the parse functions of libnftnl. A basic way to test this new functionality is: $ cat file.json | nft import vm json where the file.json is a ruleset exported in low level json format. To export json rules in low level virtual machine format we need to specify "vm" token before json. See below $ nft export vm json and $ nft export/import json will do no operations. Same goes with "$nft monitor" Highly based on work from Alvaro Neira <alvaroneay@gmail.com> and Arturo Borrero <arturo@netfilter.org> Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Shyam Saini <mayhs11saini@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/netlink.h9
-rw-r--r--include/rule.h14
2 files changed, 17 insertions, 6 deletions
diff --git a/include/netlink.h b/include/netlink.h
index 4ec215da..0d71a6b9 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -227,4 +227,13 @@ bool netlink_batch_supported(struct mnl_socket *nf_sock, uint32_t *seqnum);
int netlink_echo_callback(const struct nlmsghdr *nlh, void *data);
+struct ruleset_parse {
+ struct netlink_ctx *nl_ctx;
+ struct cmd *cmd;
+};
+
+struct nftnl_parse_ctx;
+
+int netlink_markup_parse_cb(const struct nftnl_parse_ctx *ctx);
+
#endif /* NFTABLES_NETLINK_H */
diff --git a/include/rule.h b/include/rule.h
index 4912aa16..4e5a349a 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -326,6 +326,7 @@ uint32_t obj_type_to_cmd(uint32_t type);
* @CMD_RESET: reset container
* @CMD_FLUSH: flush container
* @CMD_RENAME: rename object
+ * @CMD_IMPORT: import a ruleset in a given format
* @CMD_EXPORT: export the ruleset in a given format
* @CMD_MONITOR: event listener
* @CMD_DESCRIBE: describe an expression
@@ -341,6 +342,7 @@ enum cmd_ops {
CMD_RESET,
CMD_FLUSH,
CMD_RENAME,
+ CMD_IMPORT,
CMD_EXPORT,
CMD_MONITOR,
CMD_DESCRIBE,
@@ -360,7 +362,7 @@ enum cmd_ops {
* @CMD_OBJ_RULESET: ruleset
* @CMD_OBJ_EXPR: expression
* @CMD_OBJ_MONITOR: monitor
- * @CMD_OBJ_EXPORT: export
+ * @CMD_OBJ_MARKUP: import/export
* @CMD_OBJ_METER: meter
* @CMD_OBJ_METERS: meters
* @CMD_OBJ_COUNTER: counter
@@ -382,7 +384,7 @@ enum cmd_obj {
CMD_OBJ_RULESET,
CMD_OBJ_EXPR,
CMD_OBJ_MONITOR,
- CMD_OBJ_EXPORT,
+ CMD_OBJ_MARKUP,
CMD_OBJ_METER,
CMD_OBJ_METERS,
CMD_OBJ_MAP,
@@ -397,12 +399,12 @@ enum cmd_obj {
CMD_OBJ_LIMITS,
};
-struct export {
+struct markup {
uint32_t format;
};
-struct export *export_alloc(uint32_t format);
-void export_free(struct export *e);
+struct markup *markup_alloc(uint32_t format);
+void markup_free(struct markup *m);
enum {
CMD_MONITOR_OBJ_ANY,
@@ -454,7 +456,7 @@ struct cmd {
struct chain *chain;
struct table *table;
struct monitor *monitor;
- struct export *export;
+ struct markup *markup;
struct obj *object;
};
const void *arg;