summaryrefslogtreecommitdiffstats
path: root/include/json.h
Commit message (Collapse)AuthorAgeFilesLines
* json: fix json_events_cb() declaration when libjansson is not presentLaura Garcia Liebana2018-10-311-1/+2
| | | | | | | | | | | | | | | | | When nftables is configured without libjansson support, the following compilation error is shown: monitor.c: In function ‘netlink_echo_callback’: monitor.c:910:10: error: too many arguments to function ‘json_events_cb’ return json_events_cb(nlh, &echo_monh); ^~~~~~~~~~~~~~ This patch makes a declaration of the json_events_cb() function consistent. Fixes: bb32d8db9a12 ("JSON: Add support for echo option") Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Add support for echo optionPhil Sutter2018-10-291-0/+15
| | | | | | | | | | | | | | | | The basic principle is to not return a JSON object freshly created from netlink responses, but just update the existing user-provided one to make sure callers get back exactly what they expect. To achieve that, keep the parsed JSON object around in a global variable ('cur_root') and provide a custom callback to insert handles into it from received netlink messages. The tricky bit here is updating rules since unique identification is problematic. Therefore drop possibly present handles from input and later assume updates are received in order so the first rule not having a handle set is the right one. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* monitor: Use libnftables JSON outputPhil Sutter2018-10-151-0/+51
| | | | | | | | This switches 'nft monitor' JSON output from using libnftnl's to libnftables' implementation. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* json: Drop unused symbolic_constant_json() stubPhil Sutter2018-10-151-6/+0
| | | | | | | | | This seems like a left-over from day 1: Said function is static in json.c, so there is no point in providing a stub when compiling with JSON disabled. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add ipsec (xfrm) expressionMáté Eckl2018-09-211-0/+2
| | | | | | | | | | | | | | | | This allows matching on ipsec tunnel/beet addresses in xfrm state associated with a packet, ipsec request id and the SPI. Examples: ipsec in ip saddr 192.168.1.0/24 ipsec out ip6 daddr @endpoints ipsec in spi 1-65536 Joint work with Florian Westphal. Cc: Máté Eckl <ecklm94@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* JSON: Add metainfo object to all outputPhil Sutter2018-08-301-0/+2
| | | | | | | | | | | | | | Right now this object merely contains the nftables version and release name as well as a JSON schema version, but it could be extended arbitrarily. In the future, this will also allow for non-compatible schema changes should the need for this arise. Adjust the parser to accept metainfo objects and make it verify json_schema_version to be less than or equal to the one hard-coded in the library. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: tproxy: add json supportFlorian Westphal2018-08-291-0/+2
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* src: osf: add json supportFlorian Westphal2018-08-291-0/+2
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* libnftables: Simplify nft_run_cmd_from_buffer footprintPhil Sutter2018-06-181-2/+3
| | | | | | | | | | | | | | | | | | | | | | | With libnftables documentation being upstream and one confirmed external user (nftlb), time to break the API! First of all, the command buffer passed to nft_run_cmd_from_buffer may (and should) be const. One should consider it a bug if that function ever changed it's content. On the other hand, there is no point in passing the buffer's length as separate argument: NULL bytes are not expected to occur in the input, so it is safe to rely upon strlen(). Also, the actual parsers don't require a buffer length passed to them, either. The only use-case for it is when reallocating the buffer to append a final newline character, there strlen() is perfectly sufficient. Suggested-by: Harald Welte <laforge@gnumonks.org> Cc: Laura Garcia Liebana <nevola@gmail.com> Cc: Eric Leblond <eric@regit.org> Cc: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Add support for connlimit statementPhil Sutter2018-06-111-0/+2
| | | | | Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* JSON: Add support for socket expressionPhil Sutter2018-06-111-0/+2
| | | | | Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnftables: Implement JSON parserPhil Sutter2018-05-111-0/+20
| | | | | | | | | If JSON output setting is active in current context, try parsing any input as JSON. If the initial loading of the buffer or filename by libjansson fails, fall back to regular syntax parser. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnftables: Implement JSON output supportPhil Sutter2018-05-111-0/+161
Although technically there already is support for JSON output via 'nft export json' command, it is hardly useable since it exports all the gory details of nftables VM. Also, libnftables has no control over what is exported since the content comes directly from libnftnl. Instead, implement JSON format support for regular 'nft list' commands. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>