path: root/include
diff options
authorPhil Sutter <>2018-10-26 15:01:38 +0200
committerPablo Neira Ayuso <>2018-10-29 11:15:08 +0100
commitbb32d8db9a125d9676f87866e48ffbf0221ec16a (patch)
treebfbeaf0ffb248aad38fab54b7630e2fe67e64ca7 /include
parent21d678639b28b99c301262c163128fdf67397ca6 (diff)
JSON: Add support for echo option
The basic principle is to not return a JSON object freshly created from netlink responses, but just update the existing user-provided one to make sure callers get back exactly what they expect. To achieve that, keep the parsed JSON object around in a global variable ('cur_root') and provide a custom callback to insert handles into it from received netlink messages. The tricky bit here is updating rules since unique identification is problematic. Therefore drop possibly present handles from input and later assume updates are received in order so the first rule not having a handle set is the right one. Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'include')
3 files changed, 22 insertions, 0 deletions
diff --git a/include/json.h b/include/json.h
index d2dc92d9..8d45c3c3 100644
--- a/include/json.h
+++ b/include/json.h
@@ -7,6 +7,7 @@ struct chain;
struct cmd;
struct expr;
struct netlink_ctx;
+struct nlmsghdr;
struct rule;
struct set;
struct obj;
@@ -103,6 +104,10 @@ void monitor_print_obj_json(struct netlink_mon_handler *monh,
void monitor_print_rule_json(struct netlink_mon_handler *monh,
const char *cmd, struct rule *r);
+int json_events_cb(const struct nlmsghdr *nlh,
+ struct netlink_mon_handler *monh);
+void json_print_echo(struct nft_ctx *ctx);
#else /* ! HAVE_LIBJANSSON */
typedef void json_t;
@@ -234,6 +239,16 @@ static inline void monitor_print_rule_json(struct netlink_mon_handler *monh,
/* empty */
+static inline int json_events_cb(const struct nlmsghdr *nlh)
+ return -1;
+static inline void json_print_echo(struct nft_ctx *ctx)
+ /* empty */
#endif /* HAVE_LIBJANSSON */
#endif /* NFTABLES_JSON_H */
diff --git a/include/netlink.h b/include/netlink.h
index 5ff129ed..a8528d59 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -55,6 +55,12 @@ struct netlink_ctx {
extern struct nftnl_expr *alloc_nft_expr(const char *name);
extern void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls);
+extern struct nftnl_table *netlink_table_alloc(const struct nlmsghdr *nlh);
+extern struct nftnl_chain *netlink_chain_alloc(const struct nlmsghdr *nlh);
+extern struct nftnl_set *netlink_set_alloc(const struct nlmsghdr *nlh);
+extern struct nftnl_obj *netlink_obj_alloc(const struct nlmsghdr *nlh);
+extern struct nftnl_rule *netlink_rule_alloc(const struct nlmsghdr *nlh);
struct nft_data_linearize {
uint32_t len;
uint32_t value[4];
diff --git a/include/nftables.h b/include/nftables.h
index 25e78c80..1009e266 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -53,6 +53,7 @@ struct nft_ctx {
uint32_t flags;
struct parser_state *state;
void *scanner;
+ void *json_root;
enum nftables_exit_codes {