From 78f8d8127eac64abb14e1d4a4309b353ba03bdb6 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 8 Jun 2018 17:27:17 +0200 Subject: JSON: Add support for connlimit statement Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- include/json.h | 2 ++ src/json.c | 10 ++++++++++ src/parser_json.c | 19 +++++++++++++++++++ src/statement.c | 1 + 4 files changed, 32 insertions(+) diff --git a/include/json.h b/include/json.h index 1972bc84..0a93bca8 100644 --- a/include/json.h +++ b/include/json.h @@ -74,6 +74,7 @@ json_t *objref_stmt_json(const struct stmt *stmt, struct output_ctx *octx); json_t *meter_stmt_json(const struct stmt *stmt, struct output_ctx *octx); json_t *queue_stmt_json(const struct stmt *stmt, struct output_ctx *octx); json_t *verdict_stmt_json(const struct stmt *stmt, struct output_ctx *octx); +json_t *connlimit_stmt_json(const struct stmt *stmt, struct output_ctx *octx); int do_command_list_json(struct netlink_ctx *ctx, struct cmd *cmd); @@ -149,6 +150,7 @@ STMT_PRINT_STUB(objref) STMT_PRINT_STUB(meter) STMT_PRINT_STUB(queue) STMT_PRINT_STUB(verdict) +STMT_PRINT_STUB(connlimit) #undef STMT_PRINT_STUB #undef EXPR_PRINT_STUB diff --git a/src/json.c b/src/json.c index 83d438c6..a871c934 100644 --- a/src/json.c +++ b/src/json.c @@ -1276,6 +1276,16 @@ json_t *verdict_stmt_json(const struct stmt *stmt, struct output_ctx *octx) return expr_print_json(stmt->expr, octx); } +json_t *connlimit_stmt_json(const struct stmt *stmt, struct output_ctx *octx) +{ + json_t *root = json_pack("{s:i}", "val", stmt->connlimit.count); + + if (stmt->connlimit.flags & NFT_CONNLIMIT_F_INV) + json_object_set_new(root, "inv", json_true()); + + return json_pack("{s:o}", "ct count", root); +} + static json_t *table_print_json_full(struct netlink_ctx *ctx, struct table *table) { diff --git a/src/parser_json.c b/src/parser_json.c index d60cbad8..bc36136f 100644 --- a/src/parser_json.c +++ b/src/parser_json.c @@ -2048,6 +2048,24 @@ static struct stmt *json_parse_queue_stmt(struct json_ctx *ctx, return stmt; } +static struct stmt *json_parse_connlimit_stmt(struct json_ctx *ctx, + const char *key, json_t *value) +{ + struct stmt *stmt = connlimit_stmt_alloc(int_loc); + + if (json_unpack_err(ctx, value, "{s:i}", + "val", &stmt->connlimit.count)) { + stmt_free(stmt); + return NULL; + } + + json_unpack(value, "{s:b}", "inv", &stmt->connlimit.flags); + if (stmt->connlimit.flags) + stmt->connlimit.flags = NFT_CONNLIMIT_F_INV; + + return stmt; +} + static struct stmt *json_parse_stmt(struct json_ctx *ctx, json_t *root) { struct { @@ -2078,6 +2096,7 @@ static struct stmt *json_parse_stmt(struct json_ctx *ctx, json_t *root) { "ct helper", json_parse_cthelper_stmt }, { "meter", json_parse_meter_stmt }, { "queue", json_parse_queue_stmt }, + { "ct count", json_parse_connlimit_stmt }, }; const char *type; unsigned int i; diff --git a/src/statement.c b/src/statement.c index 58e86f21..6f5e6660 100644 --- a/src/statement.c +++ b/src/statement.c @@ -159,6 +159,7 @@ static const struct stmt_ops connlimit_stmt_ops = { .type = STMT_CONNLIMIT, .name = "connlimit", .print = connlimit_stmt_print, + .json = connlimit_stmt_json, }; struct stmt *connlimit_stmt_alloc(const struct location *loc) -- cgit v1.2.3