* [libnftables PATCH 00/21] Small fixes for XML
@ 2013-06-26 11:36 Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 01/21] chain: add hooknum2str Arturo Borrero Gonzalez
` (21 more replies)
0 siblings, 22 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:36 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
The following series implements a bunch of small fixes for the XML code in libnftables.
These are some of the changes Pablo requested me to make previous to the inclusion of the parsing test bench.
---
Arturo Borrero Gonzalez (21):
chain: add hooknum2str
src: xml: convert family values to string
rule: xml: conditional compat info
bitwise: xml: mask and xor use same number of data registers
expr: xml: validate registers < NFT_REG_MAX
nat: xml: change nat types string to dnat/snat
nat: xml: change IP range node names
byteorder: xml: op as string
ct: xml: add extra dir check
ct: xml: use key's name string instead of numbers
exthdr: xml: fix mandatory elements
chain: xml: use string for policy
data_reg: xml: len node shows byte length
data_reg: xml: fix bytes movements
target&match: xml: don't print rev number
payload: xml: use string for base attribute
exthdr: xml: use string for type node
meta: xml: use string to represent key attribute
nat: snprintf: fix buffer offset
nat: xml: rename node type to nat_type
exthdr: xml: rename type node to exthdr_type
src/Makefile.am | 3 +
src/chain.c | 100 +++++++++++++++++++++++---------
src/expr/bitwise.c | 20 ++++++
src/expr/byteorder.c | 29 +++++++--
src/expr/cmp.c | 5 ++
src/expr/ct.c | 58 +++++++++++++++++--
src/expr/data_reg.c | 21 ++++---
src/expr/exthdr.c | 139 ++++++++++++++++++++++++++++++++-------------
src/expr/immediate.c | 5 ++
src/expr/lookup.c | 10 +++
src/expr/match.c | 18 ------
src/expr/meta.c | 55 ++++++++++++++++--
src/expr/nat.c | 57 ++++++++----------
src/expr/payload.c | 57 ++++++++++++++++--
src/expr/target.c | 20 ------
src/internal.h | 3 +
src/rule.c | 72 ++++++++++++-----------
src/table.c | 24 ++++----
src/utils.c | 49 ++++++++++++++++
test/nft-chain-xml-add.sh | 18 +++---
test/nft-rule-xml-add.sh | 25 +++-----
test/nft-table-xml-add.sh | 4 +
22 files changed, 540 insertions(+), 252 deletions(-)
create mode 100644 src/utils.c
--
Signature
^ permalink raw reply [flat|nested] 23+ messages in thread
* [libnftables PATCH 01/21] chain: add hooknum2str
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
@ 2013-06-26 11:36 ` Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 02/21] src: xml: convert family values to string Arturo Borrero Gonzalez
` (20 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:36 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch translates the Netfilter hooknumber to a readable string.
Useful for printing and parsing in XML and JSON formats.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/chain.c | 36 +++++++++++++++++++++++++++---------
test/nft-chain-xml-add.sh | 6 +++---
2 files changed, 30 insertions(+), 12 deletions(-)
diff --git a/src/chain.c b/src/chain.c
index 6673b82..f3ba532 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -22,6 +22,7 @@
#include <libmnl/libmnl.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter.h>
#include <libnftables/chain.h>
@@ -42,6 +43,14 @@ struct nft_chain {
uint32_t flags;
};
+static const char *hooknum2str_array[NF_INET_NUMHOOKS] = {
+ [NF_INET_PRE_ROUTING] = "NF_INET_PRE_ROUTING",
+ [NF_INET_LOCAL_IN] = "NF_INET_LOCAL_IN",
+ [NF_INET_FORWARD] = "NF_INET_FORWARD",
+ [NF_INET_LOCAL_OUT] = "NF_INET_LOCAL_OUT",
+ [NF_INET_POST_ROUTING] = "NF_INET_POST_ROUTING",
+};
+
struct nft_chain *nft_chain_alloc(void)
{
return calloc(1, sizeof(struct nft_chain));
@@ -629,15 +638,22 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml)
mxmlDelete(tree);
return -1;
}
- utmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (utmp > UINT32_MAX || utmp < 0 || *endptr) {
+
+ /* iterate the list of hooks until a match is found */
+ for (utmp = 0; utmp < NF_INET_NUMHOOKS; utmp++) {
+ if (strcmp(node->child->value.opaque, hooknum2str_array[utmp]) == 0) {
+ c->hooknum = utmp;
+ c->flags |= (1 << NFT_CHAIN_ATTR_HOOKNUM);
+ break;
+ }
+ }
+
+ /* if no hook was found, error */
+ if (!(c->flags & (1 << NFT_CHAIN_ATTR_HOOKNUM))) {
mxmlDelete(tree);
return -1;
}
- memcpy(&c->hooknum, &utmp, sizeof(c->hooknum));
- c->flags |= (1 << NFT_CHAIN_ATTR_HOOKNUM);
-
/* Get and set <policy> */
node = mxmlFindElement(tree, tree, "policy", NULL, NULL, MXML_DESCEND);
if (node == NULL) {
@@ -709,7 +725,7 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
"\"table\" : \"%s\","
"\"prio\" : %d,"
"\"use\" : %d,"
- "\"hooknum\" : %d,"
+ "\"hooknum\" : %s,"
"\"policy\" : %d,"
"\"family\" : %d"
"}"
@@ -717,7 +733,8 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
"}",
c->name, c->handle, c->bytes, c->packets,
NFT_CHAIN_JSON_VERSION, c->type, c->table,
- c->prio, c->use, c->hooknum, c->policy, c->family);
+ c->prio, c->use, hooknum2str_array[c->hooknum],
+ c->policy, c->family);
}
static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
@@ -730,14 +747,15 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
"<table>%s</table>"
"<prio>%d</prio>"
"<use>%d</use>"
- "<hooknum>%d</hooknum>"
+ "<hooknum>%s</hooknum>"
"<policy>%d</policy>"
"<family>%d</family>"
"</properties>"
"</chain>",
c->name, c->handle, c->bytes, c->packets,
NFT_CHAIN_XML_VERSION, c->type, c->table,
- c->prio, c->use, c->hooknum, c->policy, c->family);
+ c->prio, c->use, hooknum2str_array[c->hooknum],
+ c->policy, c->family);
}
static int nft_chain_snprintf_default(char *buf, size_t size, struct nft_chain *c)
diff --git a/test/nft-chain-xml-add.sh b/test/nft-chain-xml-add.sh
index d1bd839..fda28cb 100755
--- a/test/nft-chain-xml-add.sh
+++ b/test/nft-chain-xml-add.sh
@@ -40,7 +40,7 @@ XML="<chain name=\"test1\" handle=\"100\" bytes=\"123\" packets=\"321\" version=
<table>filter</table>
<prio>0</prio>
<use>0</use>
- <hooknum>2</hooknum>
+ <hooknum>NF_INET_LOCAL_IN</hooknum>
<policy>1</policy>
<family>2</family>
</properties>
@@ -61,7 +61,7 @@ XML="<chain name=\"test2\" handle=\"101\" bytes=\"59\" packets=\"1\" version=\"0
<table>filter</table>
<prio>1</prio>
<use>0</use>
- <hooknum>4</hooknum>
+ <hooknum>NF_INET_POST_ROUTING</hooknum>
<policy>1</policy>
<family>10</family>
</properties>
@@ -83,7 +83,7 @@ XML="<chain name=\"test3\" handle=\"102\" bytes=\"51231239\" packets=\"112312312
<table>filter</table>
<prio>0</prio>
<use>0</use>
- <hooknum>4</hooknum>
+ <hooknum>NF_INET_FORWARD</hooknum>
<policy>1</policy>
<family>2</family>
</properties>
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 02/21] src: xml: convert family values to string
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 01/21] chain: add hooknum2str Arturo Borrero Gonzalez
@ 2013-06-26 11:36 ` Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 03/21] rule: xml: conditional compat info Arturo Borrero Gonzalez
` (19 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:36 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch translates all family values all around the code to show a string:
* ip if AF_INET
* ip6 if AF_INET6
* bridge if AF_BRIDGE
* arp if 0
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/Makefile.am | 3 ++-
src/chain.c | 24 ++++++++++++----------
src/expr/nat.c | 12 ++++-------
src/internal.h | 3 +++
src/rule.c | 13 ++++++------
src/table.c | 24 ++++++++++------------
src/utils.c | 49 +++++++++++++++++++++++++++++++++++++++++++++
test/nft-chain-xml-add.sh | 6 +++---
test/nft-rule-xml-add.sh | 3 +--
test/nft-table-xml-add.sh | 4 ++--
10 files changed, 94 insertions(+), 47 deletions(-)
create mode 100644 src/utils.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 4017720..4649646 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -4,7 +4,8 @@ lib_LTLIBRARIES = libnftables.la
libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBXML_LIBS}
libnftables_la_LDFLAGS = -Wl,--version-script=$(srcdir)/libnftables.map \
-version-info $(LIBVERSION)
-libnftables_la_SOURCES = table.c \
+libnftables_la_SOURCES = utils.c \
+ table.c \
chain.c \
rule.c \
set.c \
diff --git a/src/chain.c b/src/chain.c
index f3ba532..ce9bb1b 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -675,13 +675,13 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml)
mxmlDelete(tree);
return -1;
}
- utmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (utmp > UINT8_MAX || utmp < 0 || *endptr) {
+
+ if (nft_str2family(node->child->value.opaque) < 0) {
mxmlDelete(tree);
return -1;
}
- c->family = (uint32_t)utmp;
+ c->family = nft_str2family(node->child->value.opaque);
c->flags |= (1 << NFT_CHAIN_ATTR_FAMILY);
mxmlDelete(tree);
@@ -727,14 +727,14 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
"\"use\" : %d,"
"\"hooknum\" : %s,"
"\"policy\" : %d,"
- "\"family\" : %d"
+ "\"family\" : %s"
"}"
"}"
"}",
c->name, c->handle, c->bytes, c->packets,
NFT_CHAIN_JSON_VERSION, c->type, c->table,
c->prio, c->use, hooknum2str_array[c->hooknum],
- c->policy, c->family);
+ c->policy, nft_family2str(c->family));
}
static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
@@ -749,22 +749,24 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
"<use>%d</use>"
"<hooknum>%s</hooknum>"
"<policy>%d</policy>"
- "<family>%d</family>"
+ "<family>%s</family>"
"</properties>"
"</chain>",
c->name, c->handle, c->bytes, c->packets,
NFT_CHAIN_XML_VERSION, c->type, c->table,
c->prio, c->use, hooknum2str_array[c->hooknum],
- c->policy, c->family);
+ c->policy, nft_family2str(c->family));
}
-static int nft_chain_snprintf_default(char *buf, size_t size, struct nft_chain *c)
+static int nft_chain_snprintf_default(char *buf, size_t size,
+ struct nft_chain *c)
{
- return snprintf(buf, size, "family=%u table=%s chain=%s type=%s "
+ return snprintf(buf, size, "family=%s table=%s chain=%s type=%s "
"hook=%u prio=%d policy=%d use=%d "
"packets=%lu bytes=%lu",
- c->family, c->table, c->name, c->type, c->hooknum,
- c->prio, c->policy, c->use, c->packets, c->bytes);
+ nft_family2str(c->family), c->table, c->name, c->type,
+ c->hooknum, c->prio, c->policy, c->use, c->packets,
+ c->bytes);
}
int nft_chain_snprintf(char *buf, size_t size, struct nft_chain *c,
diff --git a/src/expr/nat.c b/src/expr/nat.c
index 7c4cf37..501f20c 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -254,15 +254,12 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
- if (strcmp(node->child->value.opaque, "AF_INET") == 0) {
- nat->family = AF_INET;
- } else if (strcmp(node->child->value.opaque, "AF_INET6") == 0) {
- nat->family = AF_INET6;
- } else {
+ if (nft_str2family(node->child->value.opaque) < 0) {
mxmlDelete(tree);
return -1;
}
+ nat->family = nft_str2family(node->child->value.opaque);
e->flags |= (1 << NFT_EXPR_NAT_FAMILY);
/* Get and set <sreg_addr_min_v4>. Not mandatory */
@@ -349,7 +346,7 @@ nft_rule_expr_nat_snprintf_xml(char *buf, size_t size,
}
ret = snprintf(buf+offset, len, "<family>%s</family>",
- nat->family == AF_INET ? "AF_INET" : "AF_INET6");
+ nft_family2str(nat->family));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
@@ -389,8 +386,7 @@ nft_rule_expr_nat_snprintf_default(char *buf, size_t size,
break;
}
- ret = snprintf(buf, len, "family=%s ",
- nat->family == AF_INET ? "AF_INET" : "AF_INET6");
+ ret = snprintf(buf, len, "family=%s ", nft_family2str(nat->family));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
diff --git a/src/internal.h b/src/internal.h
index fffca3d..23a3e59 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -23,6 +23,9 @@
#define NFT_TABLE_JSON_VERSION 0
#define NFT_CHAIN_JSON_VERSION 0
+const char *nft_family2str(uint32_t family);
+int nft_str2family(const char *family);
+
struct expr_ops;
struct nft_rule_expr {
diff --git a/src/rule.c b/src/rule.c
index 6058878..380b9ae 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -509,13 +509,12 @@ static int nft_rule_xml_parse(struct nft_rule *r, char *xml)
return -1;
}
- tmp = strtoull(mxmlElementGetAttr(tree, "family"), &endptr, 10);
- if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+ if (nft_str2family(mxmlElementGetAttr(tree, "family")) < 0) {
mxmlDelete(tree);
return -1;
}
- r->family = (uint8_t)tmp;
+ r->family = nft_str2family(mxmlElementGetAttr(tree, "family"));
r->flags |= (1 << NFT_RULE_ATTR_FAMILY);
/* get and set <rule ... table=X ...> */
@@ -678,9 +677,9 @@ static int nft_rule_snprintf_xml(char *buf, size_t size, struct nft_rule *r,
struct nft_rule_expr *expr;
ret = snprintf(buf, size,
- "<rule family=\"%u\" table=\"%s\" "
+ "<rule family=\"%s\" table=\"%s\" "
"chain=\"%s\" handle=\"%llu\" version=\"%d\">",
- r->family, r->table, r->chain,
+ nft_family2str(r->family), r->table, r->chain,
(unsigned long long)r->handle,
NFT_RULE_XML_VERSION);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
@@ -716,9 +715,9 @@ static int nft_rule_snprintf_default(char *buf, size_t size, struct nft_rule *r,
struct nft_rule_expr *expr;
int ret, len = size, offset = 0;
- ret = snprintf(buf, size, "family=%u table=%s chain=%s handle=%llu "
+ ret = snprintf(buf, size, "family=%s table=%s chain=%s handle=%llu "
"flags=%x ",
- r->family, r->table, r->chain,
+ nft_family2str(r->family), r->table, r->chain,
(unsigned long long)r->handle, r->rule_flags);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
diff --git a/src/table.c b/src/table.c
index 4533e23..211acdf 100644
--- a/src/table.c
+++ b/src/table.c
@@ -275,13 +275,12 @@ static int nft_table_xml_parse(struct nft_table *t, char *xml)
return -1;
}
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || *endptr || tmp < 0) {
+ if (nft_str2family(node->child->value.opaque) < 0) {
mxmlDelete(tree);
return -1;
}
- t->family = (uint32_t)tmp;
+ t->family = nft_str2family(node->child->value.opaque);
t->flags |= (1 << NFT_TABLE_ATTR_FAMILY);
/* Get and set <table_flags> */
@@ -335,32 +334,31 @@ static int nft_table_snprintf_json(char *buf, size_t size, struct nft_table *t)
"\"name\" : \"%s\","
"\"version\" : %d,"
"\"properties\" : {"
- "\"family\" : %u,"
+ "\"family\" : %s,"
"\"table_flags\" : %d"
"}"
"}"
"}" ,
t->name, NFT_TABLE_JSON_VERSION,
- t->family, t->table_flags);
+ nft_family2str(t->family), t->table_flags);
}
static int nft_table_snprintf_xml(char *buf, size_t size, struct nft_table *t)
{
- return snprintf(buf, size,
- "<table name=\"%s\" version=\"%d\">"
+ return snprintf(buf, size, "<table name=\"%s\" version=\"%d\">"
"<properties>"
- "<family>%u</family>"
+ "<family>%s</family>"
"<table_flags>%d</table_flags>"
"</properties>"
- "</table>" ,
- t->name, NFT_TABLE_XML_VERSION,
- t->family, t->table_flags);
+ "</table>",
+ t->name, NFT_TABLE_XML_VERSION,
+ nft_family2str(t->family), t->table_flags);
}
static int nft_table_snprintf_default(char *buf, size_t size, struct nft_table *t)
{
- return snprintf(buf, size, "table=%s family=%u flags=%x",
- t->name, t->family, t->table_flags);
+ return snprintf(buf, size, "table=%s family=%s flags=%x",
+ t->name, nft_family2str(t->family), t->table_flags);
}
int nft_table_snprintf(char *buf, size_t size, struct nft_table *t,
diff --git a/src/utils.c b/src/utils.c
new file mode 100644
index 0000000..e4463f1
--- /dev/null
+++ b/src/utils.c
@@ -0,0 +1,49 @@
+/*
+ * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
+ * (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ */
+
+#include <internal.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <stdint.h>
+#include <arpa/inet.h>
+
+const char *nft_family2str(uint32_t family)
+{
+ switch (family) {
+ case AF_INET:
+ return "ip";
+ case AF_INET6:
+ return "ip6";
+ case AF_BRIDGE:
+ return "bridge";
+ case 0:
+ return "arp";
+ default:
+ return "unknown";
+ }
+}
+
+int nft_str2family(const char *family)
+{
+ if (strcmp(family, "ip") == 0)
+ return AF_INET;
+
+ if (strcmp(family, "ip6") == 0)
+ return AF_INET6;
+
+ if (strcmp(family, "bridge") == 0)
+ return AF_BRIDGE;
+
+ if (strcmp(family, "arp") == 0)
+ return 0;
+
+ return -1;
+}
diff --git a/test/nft-chain-xml-add.sh b/test/nft-chain-xml-add.sh
index fda28cb..ab50e2b 100755
--- a/test/nft-chain-xml-add.sh
+++ b/test/nft-chain-xml-add.sh
@@ -42,7 +42,7 @@ XML="<chain name=\"test1\" handle=\"100\" bytes=\"123\" packets=\"321\" version=
<use>0</use>
<hooknum>NF_INET_LOCAL_IN</hooknum>
<policy>1</policy>
- <family>2</family>
+ <family>ip</family>
</properties>
</chain>"
@@ -63,7 +63,7 @@ XML="<chain name=\"test2\" handle=\"101\" bytes=\"59\" packets=\"1\" version=\"0
<use>0</use>
<hooknum>NF_INET_POST_ROUTING</hooknum>
<policy>1</policy>
- <family>10</family>
+ <family>ip6</family>
</properties>
</chain>"
@@ -85,7 +85,7 @@ XML="<chain name=\"test3\" handle=\"102\" bytes=\"51231239\" packets=\"112312312
<use>0</use>
<hooknum>NF_INET_FORWARD</hooknum>
<policy>1</policy>
- <family>2</family>
+ <family>ip</family>
</properties>
</chain>"
diff --git a/test/nft-rule-xml-add.sh b/test/nft-rule-xml-add.sh
index 426b975..961b597 100755
--- a/test/nft-rule-xml-add.sh
+++ b/test/nft-rule-xml-add.sh
@@ -33,9 +33,8 @@ fi
[ ! -x "$NFT" ] && echo "W: nftables main binary not found but continuing anyway $NFT"
-XML="<rule family=\"2\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version=\"0\">
+XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version=\"0\">
<rule_flags>0</rule_flags>
- <flags>127</flags>
<compat_flags>0</compat_flags>
<compat_proto>0</compat_proto>
<expr type=\"meta\">
diff --git a/test/nft-table-xml-add.sh b/test/nft-table-xml-add.sh
index 2c55edc..30b65e1 100755
--- a/test/nft-table-xml-add.sh
+++ b/test/nft-table-xml-add.sh
@@ -40,7 +40,7 @@ fi
# This is valid
XML="<table name=\"filter_test\" version=\"0\">
<properties>
- <family>2</family>
+ <family>ip</family>
<table_flags>0</table_flags>
</properties>
</table>"
@@ -57,7 +57,7 @@ fi
# This is valid
XML="<table name=\"filter6_test\" version=\"0\">
<properties>
- <family>10</family>
+ <family>ip6</family>
<table_flags>0</table_flags>
</properties>
</table>"
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 03/21] rule: xml: conditional compat info
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 01/21] chain: add hooknum2str Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 02/21] src: xml: convert family values to string Arturo Borrero Gonzalez
@ 2013-06-26 11:36 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 04/21] bitwise: xml: mask and xor use same number of data registers Arturo Borrero Gonzalez
` (18 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:36 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
The compat XML info is now conditional both when printing and parsing.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/rule.c | 59 ++++++++++++++++++++++++++++++-----------------------------
1 file changed, 30 insertions(+), 29 deletions(-)
diff --git a/src/rule.c b/src/rule.c
index 380b9ae..53b0e3b 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -571,37 +571,33 @@ static int nft_rule_xml_parse(struct nft_rule *r, char *xml)
r->rule_flags = (uint32_t)tmp;
r->flags |= (1 << NFT_RULE_ATTR_FLAGS);
- /* get and set <compat_proto> */
+ /* <compat_proto> is optional */
node = mxmlFindElement(tree, tree, "compat_proto", NULL, NULL,
MXML_DESCEND);
- if (node == NULL) {
- mxmlDelete(tree);
- return -1;
- }
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
+ if (node != NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
- r->compat.proto = (uint32_t)tmp;
- r->flags |= (1 << NFT_RULE_ATTR_COMPAT_PROTO);
+ r->compat.proto = tmp;
+ r->flags |= (1 << NFT_RULE_ATTR_COMPAT_PROTO);
+ }
- /* get and set <compat_flags> */
+ /* <compat_flags> is optional */
node = mxmlFindElement(tree, tree, "compat_flags", NULL, NULL,
MXML_DESCEND);
- if (node == NULL) {
- mxmlDelete(tree);
- return -1;
- }
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
+ if (node != NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
- r->compat.flags = (uint32_t)tmp;
- r->flags |= (1 << NFT_RULE_ATTR_COMPAT_FLAGS);
+ r->compat.flags = tmp;
+ r->flags |= (1 << NFT_RULE_ATTR_COMPAT_FLAGS);
+ }
/* Iterating over <expr> */
for (node = mxmlFindElement(tree, tree, "expr", "type",
@@ -684,13 +680,18 @@ static int nft_rule_snprintf_xml(char *buf, size_t size, struct nft_rule *r,
NFT_RULE_XML_VERSION);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- ret = snprintf(buf+offset, len, "<rule_flags>%u</rule_flags>"
- "<compat_flags>%u</compat_flags>"
- "<compat_proto>%u</compat_proto>",
- r->rule_flags,
- r->compat.flags, r->compat.proto);
+ ret = snprintf(buf+offset, len, "<rule_flags>%u</rule_flags>",
+ r->rule_flags);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ if (r->compat.flags != 0 || r->compat.proto != 0) {
+ ret = snprintf(buf+offset, len,
+ "<compat_flags>%u</compat_flags>"
+ "<compat_proto>%u</compat_proto>",
+ r->compat.flags, r->compat.proto);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
list_for_each_entry(expr, &r->expr_list, head) {
ret = snprintf(buf+offset, len,
"<expr type=\"%s\">", expr->ops->name);
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 04/21] bitwise: xml: mask and xor use same number of data registers
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (2 preceding siblings ...)
2013-06-26 11:36 ` [libnftables PATCH 03/21] rule: xml: conditional compat info Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 05/21] expr: xml: validate registers < NFT_REG_MAX Arturo Borrero Gonzalez
` (17 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
The mask and xor must use the same number of data registers.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/bitwise.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
index fa2fc5a..6932086 100644
--- a/src/expr/bitwise.c
+++ b/src/expr/bitwise.c
@@ -298,6 +298,16 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, char *xml)
bitwise->xor.len = data_regtmp.len;
e->flags |= (1 << NFT_EXPR_BITWISE_XOR);
+ /* Additional validation: mask and xor must use the same number of
+ * data registers.
+ */
+
+ if (bitwise->mask.len != bitwise->xor.len) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+
mxmlDelete(tree);
return 0;
#else
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 05/21] expr: xml: validate registers < NFT_REG_MAX
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (3 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 04/21] bitwise: xml: mask and xor use same number of data registers Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 06/21] nat: xml: change nat types string to dnat/snat Arturo Borrero Gonzalez
` (16 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patchs add validations for all exprs that uses nft_registers to use a value < NFT_REG_MAX..
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/bitwise.c | 10 ++++++++++
src/expr/byteorder.c | 6 ++++++
src/expr/cmp.c | 5 +++++
src/expr/ct.c | 3 +++
src/expr/exthdr.c | 5 +++++
src/expr/immediate.c | 5 +++++
src/expr/lookup.c | 10 ++++++++++
src/expr/meta.c | 5 +++++
src/expr/payload.c | 5 +++++
9 files changed, 54 insertions(+)
diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
index 6932086..35167db 100644
--- a/src/expr/bitwise.c
+++ b/src/expr/bitwise.c
@@ -237,6 +237,11 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
bitwise->sreg = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_BITWISE_SREG);
@@ -252,6 +257,11 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
bitwise->dreg = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_BITWISE_DREG);
diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c
index 201a943..c2f38a8 100644
--- a/src/expr/byteorder.c
+++ b/src/expr/byteorder.c
@@ -225,6 +225,9 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, char *xml)
if (tmp > UINT32_MAX || tmp < 0 || *endptr)
goto err;
+ if (tmp > NFT_REG_MAX)
+ goto err;
+
byteorder->sreg = tmp;
e->flags |= (1 << NFT_EXPR_BYTEORDER_SREG);
@@ -236,6 +239,9 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, char *xml)
if (tmp > UINT32_MAX || tmp < 0 || *endptr)
goto err;
+ if (tmp > NFT_REG_MAX)
+ goto err;
+
byteorder->dreg = tmp;
e->flags |= (1 << NFT_EXPR_BYTEORDER_DREG);
diff --git a/src/expr/cmp.c b/src/expr/cmp.c
index dac1f54..9507a0e 100644
--- a/src/expr/cmp.c
+++ b/src/expr/cmp.c
@@ -203,6 +203,11 @@ static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
cmp->sreg = (uint8_t)tmp;
e->flags |= (1 << NFT_EXPR_CMP_SREG);
}
diff --git a/src/expr/ct.c b/src/expr/ct.c
index 7a239fa..61a8fef 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -177,6 +177,9 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml)
if (tmp > UINT8_MAX || tmp < 0 || *endptr)
goto err;
+ if (tmp > NFT_REG_MAX)
+ goto err;
+
ct->dreg = tmp;
e->flags |= (1 << NFT_EXPR_CT_DREG);
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 8af6a63..7e16878 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -205,6 +205,11 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
exthdr->dreg = tmp;
e->flags |= (1 << NFT_EXPR_EXTHDR_DREG);
}
diff --git a/src/expr/immediate.c b/src/expr/immediate.c
index b5a6a41..8bc810c 100644
--- a/src/expr/immediate.c
+++ b/src/expr/immediate.c
@@ -236,6 +236,11 @@ nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
imm->dreg = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_IMM_DREG);
diff --git a/src/expr/lookup.c b/src/expr/lookup.c
index 0ae93ce..ecc07cb 100644
--- a/src/expr/lookup.c
+++ b/src/expr/lookup.c
@@ -204,6 +204,11 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
lookup->sreg = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_LOOKUP_SREG);
@@ -217,6 +222,11 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
lookup->dreg = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_LOOKUP_DREG);
}
diff --git a/src/expr/meta.c b/src/expr/meta.c
index 535b456..41fcff1 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -163,6 +163,11 @@ static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
meta->dreg = (uint8_t)tmp;
e->flags |= (1 << NFT_EXPR_META_DREG);
diff --git a/src/expr/payload.c b/src/expr/payload.c
index 28c52ca..dc42918 100644
--- a/src/expr/payload.c
+++ b/src/expr/payload.c
@@ -200,6 +200,11 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
payload->dreg = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_PAYLOAD_DREG);
}
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 06/21] nat: xml: change nat types string to dnat/snat
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (4 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 05/21] expr: xml: validate registers < NFT_REG_MAX Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 07/21] nat: xml: change IP range node names Arturo Borrero Gonzalez
` (15 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch replaces the string NFT_NAT_{S|D}NAT with {s|d}nat in the <type> node.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/nat.c | 25 +++++++++++--------------
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/src/expr/nat.c b/src/expr/nat.c
index 501f20c..f38011a 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -236,9 +236,9 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
- if (strcmp(node->child->value.opaque, "NFT_NAT_SNAT") == 0) {
+ if (strcmp(node->child->value.opaque, "snat") == 0) {
nat->type = NFT_NAT_SNAT;
- } else if (strcmp(node->child->value.opaque, "NFT_NAT_DNAT") == 0) {
+ } else if (strcmp(node->child->value.opaque, "dnat") == 0) {
nat->type = NFT_NAT_DNAT;
} else {
mxmlDelete(tree);
@@ -332,18 +332,15 @@ nft_rule_expr_nat_snprintf_xml(char *buf, size_t size,
struct nft_expr_nat *nat = (struct nft_expr_nat *)e->data;
int len = size, offset = 0, ret = 0;
- switch (nat->type) {
- case NFT_NAT_SNAT:
- ret = snprintf(buf, len,
- "<type>NFT_NAT_SNAT</type>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- break;
- case NFT_NAT_DNAT:
- ret = snprintf(buf, len,
- "<type>NFT_NAT_DNAT</type>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- break;
- }
+ /* Is a mandatory element. Provide a default, even empty */
+ if (nat->type == NFT_NAT_SNAT)
+ ret = snprintf(buf, len, "<type>snat</type>");
+ else if (nat->type == NFT_NAT_DNAT)
+ ret = snprintf(buf, len, "<type>dnat</type>");
+ else
+ ret = snprintf(buf, len, "<type/>");
+
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
ret = snprintf(buf+offset, len, "<family>%s</family>",
nft_family2str(nat->family));
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 07/21] nat: xml: change IP range node names
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (5 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 06/21] nat: xml: change nat types string to dnat/snat Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 08/21] byteorder: xml: op as string Arturo Borrero Gonzalez
` (14 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch changes the name of XML nodes from <sreg_addr_min_v4> to <sreg_addr_min>,
and <sreg_addr_max_v4> to <sreg_addr_max>, as they are protocol-independent.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/nat.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/expr/nat.c b/src/expr/nat.c
index f38011a..7d83154 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -262,8 +262,8 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
nat->family = nft_str2family(node->child->value.opaque);
e->flags |= (1 << NFT_EXPR_NAT_FAMILY);
- /* Get and set <sreg_addr_min_v4>. Not mandatory */
- node = mxmlFindElement(tree, tree, "sreg_addr_min_v4", NULL, NULL,
+ /* Get and set <sreg_addr_min>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "sreg_addr_min", NULL, NULL,
MXML_DESCEND);
if (node != NULL) {
tmp = strtoull(node->child->value.opaque, &endptr, 10);
@@ -276,8 +276,8 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MIN);
}
- /* Get and set <sreg_addr_max_v4>. Not mandatory */
- node = mxmlFindElement(tree, tree, "sreg_addr_max_v4", NULL, NULL,
+ /* Get and set <sreg_addr_max>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "sreg_addr_max", NULL, NULL,
MXML_DESCEND);
if (node != NULL) {
tmp = strtoull(node->child->value.opaque, &endptr, 10);
@@ -348,8 +348,8 @@ nft_rule_expr_nat_snprintf_xml(char *buf, size_t size,
if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
ret = snprintf(buf+offset, len,
- "<sreg_addr_min_v4>%u</sreg_addr_min_v4>"
- "<sreg_addr_max_v4>%u</sreg_addr_max_v4>",
+ "<sreg_addr_min>%u</sreg_addr_min>"
+ "<sreg_addr_max>%u</sreg_addr_max>",
nat->sreg_addr_min, nat->sreg_addr_max);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 08/21] byteorder: xml: op as string
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (6 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 07/21] nat: xml: change IP range node names Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 09/21] ct: xml: add extra dir check Arturo Borrero Gonzalez
` (13 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch changes the numerical value of the XML byteorder's <op> node to a string representation.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/byteorder.c | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c
index c2f38a8..b0ba009 100644
--- a/src/expr/byteorder.c
+++ b/src/expr/byteorder.c
@@ -196,6 +196,11 @@ nft_rule_expr_byteorder_parse(struct nft_rule_expr *e, struct nlattr *attr)
return ret;
}
+static char *expr_byteorder_str[] = {
+ [NFT_BYTEORDER_HTON] = "hton",
+ [NFT_BYTEORDER_NTOH] = "ntoh",
+};
+
static int
nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, char *xml)
{
@@ -249,11 +254,13 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, char *xml)
if (node == NULL)
goto err;
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT8_MAX || tmp < 0 || *endptr)
+ if (strcmp(node->child->value.opaque, "ntoh") == 0)
+ byteorder->op = NFT_BYTEORDER_NTOH;
+ else if (strcmp(node->child->value.opaque, "hton") == 0)
+ byteorder->op = NFT_BYTEORDER_HTON;
+ else
goto err;
- byteorder->op = tmp;
e->flags |= (1 << NFT_EXPR_BYTEORDER_OP);
node = mxmlFindElement(tree, tree, "len", NULL, NULL, MXML_DESCEND);
@@ -298,10 +305,11 @@ nft_rule_expr_byteorder_snprintf_xml(char *buf, size_t size,
ret = snprintf(buf, len, "<sreg>%u</sreg>"
"<dreg>%u</dreg>"
- "<op>%u</op>"
+ "<op>%s</op>"
"<len>%u</len>"
"<size>%u</size>",
- byteorder->sreg, byteorder->dreg, byteorder->op,
+ byteorder->sreg, byteorder->dreg,
+ expr_byteorder_str[byteorder->op],
byteorder->len, byteorder->size);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
@@ -314,8 +322,9 @@ nft_rule_expr_byteorder_snprintf_default(char *buf, size_t size,
{
int len = size, offset = 0, ret;
- ret = snprintf(buf, len, "sreg=%u dreg=%u op=%u len=%u size=%u ",
- byteorder->sreg, byteorder->dreg, byteorder->op,
+ ret = snprintf(buf, len, "sreg=%u dreg=%u op=%s len=%u size=%u ",
+ byteorder->sreg, byteorder->dreg,
+ expr_byteorder_str[byteorder->op],
byteorder->len, byteorder->size);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 09/21] ct: xml: add extra dir check
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (7 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 08/21] byteorder: xml: op as string Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 10/21] ct: xml: use key's name string instead of numbers Arturo Borrero Gonzalez
` (12 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch adds an extra dir check.
0 means original.
1 means a reply.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/ct.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/expr/ct.c b/src/expr/ct.c
index 61a8fef..3605ecc 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -14,6 +14,7 @@
#include <arpa/inet.h>
#include <errno.h>
#include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter/nf_conntrack_tuple_common.h>
#include "internal.h"
#include <libmnl/libmnl.h>
@@ -202,6 +203,9 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml)
if (tmp > UINT8_MAX || tmp < 0 || *endptr)
goto err;
+ if (tmp != IP_CT_DIR_ORIGINAL && tmp != IP_CT_DIR_REPLY)
+ goto err;
+
ct->dir = tmp;
e->flags |= (1 << NFT_EXPR_CT_DIR);
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 10/21] ct: xml: use key's name string instead of numbers
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (8 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 09/21] ct: xml: add extra dir check Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 11/21] exthdr: xml: fix mandatory elements Arturo Borrero Gonzalez
` (11 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
Now ct expr will use a string representation instead of a numerical one in the <key> node.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/ct.c | 51 ++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 44 insertions(+), 7 deletions(-)
diff --git a/src/expr/ct.c b/src/expr/ct.c
index 3605ecc..2955353 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -22,6 +22,10 @@
#include <libnftables/rule.h>
#include "expr_ops.h"
+#ifndef NFT_CT_MAX
+#define NFT_CT_MAX (NFT_CT_PROTO_DST + 1)
+#endif
+
struct nft_expr_ct {
enum nft_ct_keys key;
uint32_t dreg; /* enum nft_registers */
@@ -150,6 +154,40 @@ nft_rule_expr_ct_parse(struct nft_rule_expr *e, struct nlattr *attr)
return 0;
}
+const char *ctkey2str_array[NFT_CT_MAX] = {
+ [NFT_CT_STATE] = "state",
+ [NFT_CT_DIRECTION] = "direction",
+ [NFT_CT_STATUS] = "status",
+ [NFT_CT_MARK] = "mark",
+ [NFT_CT_SECMARK] = "secmark",
+ [NFT_CT_EXPIRATION] = "expiration",
+ [NFT_CT_HELPER] = "helper",
+ [NFT_CT_PROTOCOL] = "protocol",
+ [NFT_CT_SRC] = "src",
+ [NFT_CT_DST] = "dst",
+ [NFT_CT_PROTO_SRC] = "proto_src",
+ [NFT_CT_PROTO_DST] = "proto_dst"
+};
+
+static const char *ctkey2str(uint32_t ctkey)
+{
+ if (ctkey > NFT_CT_MAX)
+ return "unknown";
+
+ return ctkey2str_array[ctkey];
+}
+
+static int str2ctkey(char *ctkey)
+{
+ int i;
+
+ for (i = 0; i < NFT_CT_MAX; i++)
+ if (strcmp(ctkey2str_array[i], ctkey) == 0)
+ return i;
+
+ return -1;
+}
+
static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml)
{
#ifdef XML_PARSING
@@ -188,11 +226,10 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml)
if (node == NULL)
goto err;
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT8_MAX || tmp < 0 || *endptr)
+ if (str2ctkey(node->child->value.opaque) < 0)
goto err;
- ct->key = tmp;
+ ct->key = str2ctkey(node->child->value.opaque);
e->flags |= (1 << NFT_EXPR_CT_KEY);
node = mxmlFindElement(tree, tree, "dir", NULL, NULL, MXML_DESCEND);
@@ -229,13 +266,13 @@ nft_rule_expr_ct_snprintf(char *buf, size_t len, uint32_t type,
switch(type) {
case NFT_RULE_O_DEFAULT:
- return snprintf(buf, len, "dreg=%u key=%u dir=%u ",
- ct->dreg, ct->key, ct->dir);
+ return snprintf(buf, len, "dreg=%u key=%s dir=%u ",
+ ct->dreg, ctkey2str(ct->key), ct->dir);
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
- "<key>%u</key>"
+ "<key>%s</key>"
"<dir>%u</dir>",
- ct->dreg, ct->key, ct->dir);
+ ct->dreg, ctkey2str(ct->key), ct->dir);
default:
break;
}
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 11/21] exthdr: xml: fix mandatory elements
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (9 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 10/21] ct: xml: use key's name string instead of numbers Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 12/21] chain: xml: use string for policy Arturo Borrero Gonzalez
` (10 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
According to net/netfilter/nft_exthdr.c: nft_exthdr_init(),
all of dreg, type, offset and len are mandatory:
if (tb[NFTA_EXTHDR_DREG] == NULL ||
tb[NFTA_EXTHDR_TYPE] == NULL ||
tb[NFTA_EXTHDR_OFFSET] == NULL ||
tb[NFTA_EXTHDR_LEN] == NULL)
return -EINVAL;
So the XML parser must make sure the equivalent nodes exists.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/exthdr.c | 95 +++++++++++++++++++++++++++++++----------------------
1 file changed, 55 insertions(+), 40 deletions(-)
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 7e16878..762facd 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -195,64 +195,79 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
- /* Get and set <dreg>. Not mandatory */
+ /* All nodes are mandatory */
+
+ /* Get and set <dreg> */
node = mxmlFindElement(tree, tree, "dreg", NULL, NULL,
MXML_DESCEND_FIRST);
- if (node != NULL) {
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
- if (tmp > NFT_REG_MAX) {
- mxmlDelete(tree);
- return -1;
- }
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
- exthdr->dreg = tmp;
- e->flags |= (1 << NFT_EXPR_EXTHDR_DREG);
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
}
- /* Get and set <type>. Not mandatory */
+ exthdr->dreg = tmp;
+ e->flags |= (1 << NFT_EXPR_EXTHDR_DREG);
+
+ /* Get and set <type> */
node = mxmlFindElement(tree, tree, "type", NULL, NULL, MXML_DESCEND);
- if (node != NULL) {
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
- exthdr->type = tmp;
- e->flags |= (1 << NFT_EXPR_EXTHDR_TYPE);
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
}
- /* Get and set <offset>. Not mandatory */
+ exthdr->type = tmp;
+ e->flags |= (1 << NFT_EXPR_EXTHDR_TYPE);
+
+ /* Get and set <offset> */
node = mxmlFindElement(tree, tree, "offset", NULL, NULL,
MXML_DESCEND);
- if (node != NULL) {
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
- exthdr->offset = tmp;
- e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET);
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
}
- /* Get and set <len>. Not mandatory */
+ exthdr->offset = tmp;
+ e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET);
+
+ /* Get and set <len> */
node = mxmlFindElement(tree, tree, "len", NULL, NULL, MXML_DESCEND);
- if (node != NULL) {
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
- exthdr->len = tmp;
- e->flags |= (1 << NFT_EXPR_EXTHDR_LEN);
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
}
+
+ exthdr->len = tmp;
+ e->flags |= (1 << NFT_EXPR_EXTHDR_LEN);
+
mxmlDelete(tree);
return 0;
#else
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 12/21] chain: xml: use string for policy
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (10 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 11/21] exthdr: xml: fix mandatory elements Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 13/21] data_reg: xml: len node shows byte length Arturo Borrero Gonzalez
` (9 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
Now the <policy> node is using "accept" or "drop".
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/chain.c | 52 +++++++++++++++++++++++++++++++--------------
test/nft-chain-xml-add.sh | 6 +++--
2 files changed, 39 insertions(+), 19 deletions(-)
diff --git a/src/chain.c b/src/chain.c
index ce9bb1b..a66ffe9 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -660,13 +660,16 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml)
mxmlDelete(tree);
return -1;
}
- utmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (utmp > UINT32_MAX || utmp < 0 || *endptr) {
+
+ if (strcmp(node->child->value.opaque, "accept") == 0) {
+ c->policy = NF_ACCEPT;
+ } else if (strcmp(node->child->value.opaque, "drop") == 0) {
+ c->policy = NF_DROP;
+ } else {
mxmlDelete(tree);
return -1;
}
- c->policy = (uint32_t)utmp;
c->flags |= (1 << NFT_CHAIN_ATTR_POLICY);
/* Get and set <family> */
@@ -739,23 +742,40 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
{
- return snprintf(buf, size,
- "<chain name=\"%s\" handle=\"%lu\""
- " bytes=\"%lu\" packets=\"%lu\" version=\"%d\">"
- "<properties>"
+ int ret, len = size, offset = 0;
+
+ ret = snprintf(buf, size,
+ "<chain name=\"%s\" handle=\"%lu\""
+ " bytes=\"%lu\" packets=\"%lu\" version=\"%d\">"
+ "<properties>"
"<type>%s</type>"
"<table>%s</table>"
"<prio>%d</prio>"
"<use>%d</use>"
- "<hooknum>%s</hooknum>"
- "<policy>%d</policy>"
- "<family>%s</family>"
- "</properties>"
- "</chain>",
- c->name, c->handle, c->bytes, c->packets,
- NFT_CHAIN_XML_VERSION, c->type, c->table,
- c->prio, c->use, hooknum2str_array[c->hooknum],
- c->policy, nft_family2str(c->family));
+ "<hooknum>%s</hooknum>",
+ c->name, c->handle, c->bytes, c->packets,
+ NFT_CHAIN_XML_VERSION, c->type, c->table,
+ c->prio, c->use, hooknum2str_array[c->hooknum]);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ /* The parsing will fail both if there are something different
+ * than {accept|drop} or if the <policy> node is missing.
+ */
+
+ if (c->policy == NF_ACCEPT) {
+ ret = snprintf(buf+offset, size, "<policy>accept</policy>");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ } else if (c->policy == NF_DROP) {
+ ret = snprintf(buf+offset, size, "<policy>drop</policy>");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ ret = snprintf(buf+offset, size, "<family>%s</family>"
+ "</properties></chain>",
+ nft_family2str(c->family));
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
}
static int nft_chain_snprintf_default(char *buf, size_t size,
diff --git a/test/nft-chain-xml-add.sh b/test/nft-chain-xml-add.sh
index ab50e2b..ed39d54 100755
--- a/test/nft-chain-xml-add.sh
+++ b/test/nft-chain-xml-add.sh
@@ -41,7 +41,7 @@ XML="<chain name=\"test1\" handle=\"100\" bytes=\"123\" packets=\"321\" version=
<prio>0</prio>
<use>0</use>
<hooknum>NF_INET_LOCAL_IN</hooknum>
- <policy>1</policy>
+ <policy>accept</policy>
<family>ip</family>
</properties>
</chain>"
@@ -62,7 +62,7 @@ XML="<chain name=\"test2\" handle=\"101\" bytes=\"59\" packets=\"1\" version=\"0
<prio>1</prio>
<use>0</use>
<hooknum>NF_INET_POST_ROUTING</hooknum>
- <policy>1</policy>
+ <policy>accept</policy>
<family>ip6</family>
</properties>
</chain>"
@@ -84,7 +84,7 @@ XML="<chain name=\"test3\" handle=\"102\" bytes=\"51231239\" packets=\"112312312
<prio>0</prio>
<use>0</use>
<hooknum>NF_INET_FORWARD</hooknum>
- <policy>1</policy>
+ <policy>drop</policy>
<family>ip</family>
</properties>
</chain>"
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 13/21] data_reg: xml: len node shows byte length
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (11 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 12/21] chain: xml: use string for policy Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 14/21] data_reg: xml: fix bytes movements Arturo Borrero Gonzalez
` (8 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
Previous to this patch, the <len> node was 'how many <dataN> nodes we have'.
Now, the <len> node means 'how many bytes are in <dataN> nodes'.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/data_reg.c | 13 ++++++-------
test/nft-rule-xml-add.sh | 8 ++++----
2 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
index 5eb7f38..b8b8d66 100644
--- a/src/expr/data_reg.c
+++ b/src/expr/data_reg.c
@@ -132,7 +132,7 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml)
{
mxml_node_t *tree = NULL;
mxml_node_t *node = NULL;
- int i, len;
+ int i;
int64_t tmp;
uint64_t utmp;
char *endptr;
@@ -152,7 +152,7 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml)
/*
* <data_reg type="value">
- * <len>4</len>
+ * <len>16</len>
* <data0>0xc09a002a</data0>
* <data1>0x2700cac1</data1>
* <data2>0x00000000</data2>
@@ -183,11 +183,11 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml)
mxmlDelete(tree);
return -1;
}
- /* maybe also (len < 1 || len > 4) */
- len = tmp;
+
+ reg->len = tmp;
/* Get and set <dataN> */
- for (i = 0; i < len; i++) {
+ for (i = 0; i < reg->len/sizeof(uint32_t); i++) {
sprintf(node_name, "data%d", i);
node = mxmlFindElement(tree, tree, node_name, NULL,
@@ -205,7 +205,6 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml)
reg->val[i] = utmp;
}
- reg->len = sizeof(reg->val);
mxmlDelete(tree);
return 0;
@@ -265,7 +264,7 @@ int nft_data_reg_value_snprintf_xml(char *buf, size_t size,
ret = snprintf(buf, len, "<data_reg type=\"value\">");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- ret = snprintf(buf+offset, len, "<len>%d</len>", data_len);
+ ret = snprintf(buf+offset, len, "<len>%zd</len>", reg->len);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
for (i=0; i<data_len; i++) {
diff --git a/test/nft-rule-xml-add.sh b/test/nft-rule-xml-add.sh
index 961b597..0bd08ff 100755
--- a/test/nft-rule-xml-add.sh
+++ b/test/nft-rule-xml-add.sh
@@ -46,7 +46,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
<op>eq</op>
<cmpdata>
<data_reg type=\"value\">
- <len>1</len>
+ <len>4</len>
<data0>0x04000000</data0>
</data_reg>
</cmpdata>
@@ -62,7 +62,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
<op>eq</op>
<cmpdata>
<data_reg type=\"value\">
- <len>1</len>
+ <len>4</len>
<data0>0x96d60496</data0>
</data_reg>
</cmpdata>
@@ -78,7 +78,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
<op>eq</op>
<cmpdata>
<data_reg type=\"value\">
- <len>1</len>
+ <len>4</len>
<data0>0x96d60329</data0>
</data_reg>
</cmpdata>
@@ -94,7 +94,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
<op>eq</op>
<cmpdata>
<data_reg type=\"value\">
- <len>1</len>
+ <len>4</len>
<data0>0x06000000</data0>
</data_reg>
</cmpdata>
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 14/21] data_reg: xml: fix bytes movements
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (12 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 13/21] data_reg: xml: len node shows byte length Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 15/21] target&match: xml: don't print rev number Arturo Borrero Gonzalez
` (7 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
Fix wrong arithmetics when printing and parsing data registers in XML:
Previous to this patch, a uin32_t containing the number 2864434397
(0xaabbccdd) will be printed this way under some circumstances:
<data>0xddccbbaa</data>
Now, the data is ordered, the MSB position is controlled and snprintf prints:
<data>0xaabbccdd</data>
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/data_reg.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
index b8b8d66..c123d88 100644
--- a/src/expr/data_reg.c
+++ b/src/expr/data_reg.c
@@ -15,6 +15,7 @@
#include <limits.h>
#include <arpa/inet.h>
#include <errno.h>
+#include <netinet/in.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter.h>
@@ -205,7 +206,6 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml)
reg->val[i] = utmp;
}
-
mxmlDelete(tree);
return 0;
}
@@ -258,6 +258,7 @@ int nft_data_reg_value_snprintf_xml(char *buf, size_t size,
union nft_data_reg *reg, uint32_t flags)
{
int len = size, offset = 0, ret, i, j;
+ uint32_t be;
uint8_t *tmp;
int data_len = reg->len/sizeof(uint32_t);
@@ -271,9 +272,10 @@ int nft_data_reg_value_snprintf_xml(char *buf, size_t size,
ret = snprintf(buf+offset, len, "<data%d>0x", i);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- tmp = (uint8_t *)®->val[i];
+ be = htonl(reg->val[i]);
+ tmp = (uint8_t *)&be;
- for (j=0; j<sizeof(int); j++) {
+ for (j = 0; j < sizeof(uint32_t); j++) {
ret = snprintf(buf+offset, len, "%.02x", tmp[j]);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 15/21] target&match: xml: don't print rev number
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (13 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 14/21] data_reg: xml: fix bytes movements Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 16/21] payload: xml: use string for base attribute Arturo Borrero Gonzalez
` (6 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
The <rev> node is not printed/parsed anymore.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/match.c | 18 +-----------------
src/expr/target.c | 20 +-------------------
test/nft-rule-xml-add.sh | 6 ------
3 files changed, 2 insertions(+), 42 deletions(-)
diff --git a/src/expr/match.c b/src/expr/match.c
index 165d24d..7b4377f 100644
--- a/src/expr/match.c
+++ b/src/expr/match.c
@@ -190,8 +190,6 @@ static int nft_rule_expr_match_xml_parse(struct nft_rule_expr *e, char *xml)
struct nft_expr_match *mt = (struct nft_expr_match *)e->data;
mxml_node_t *tree = NULL;
mxml_node_t *node = NULL;
- uint64_t tmp;
- char *endptr;
/* load the tree */
tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
@@ -218,19 +216,6 @@ static int nft_rule_expr_match_xml_parse(struct nft_rule_expr *e, char *xml)
e->flags |= (1 << NFT_EXPR_MT_NAME);
}
- /* get and set <rev>. Not mandatory */
- node = mxmlFindElement(tree, tree, "rev", NULL, NULL, MXML_DESCEND);
- if (node != NULL) {
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
-
- mt->rev = (uint32_t)tmp;
- e->flags |= (1 << NFT_EXPR_MT_REV);
- }
-
/* mt->info is ignored until other solution is reached */
mxmlDelete(tree);
@@ -247,8 +232,7 @@ static int nft_rule_expr_match_snprintf_xml(char *buf, size_t len,
int ret, size=len;
int offset = 0;
- ret = snprintf(buf, len, "<name>%s</name><rev>%u</rev>",
- mt->name, mt->rev);
+ ret = snprintf(buf, len, "<name>%s</name>", mt->name);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
return offset;
diff --git a/src/expr/target.c b/src/expr/target.c
index 8c454a9..ed29f6d 100644
--- a/src/expr/target.c
+++ b/src/expr/target.c
@@ -191,8 +191,6 @@ nft_rule_expr_target_xml_parse(struct nft_rule_expr *e, char *xml)
struct nft_expr_target *tg = (struct nft_expr_target *)e->data;
mxml_node_t *tree = NULL;
mxml_node_t *node = NULL;
- uint64_t tmp;
- char *endptr;
/* load the tree */
tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
@@ -219,21 +217,6 @@ nft_rule_expr_target_xml_parse(struct nft_rule_expr *e, char *xml)
e->flags |= (1 << NFT_EXPR_TG_NAME);
}
- /* Get and set <rev>. Optional */
- node = mxmlFindElement(tree, tree, "rev", NULL, NULL,
- MXML_DESCEND);
- if (node == NULL) {
- errno = 0;
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
-
- tg->rev = (uint32_t)tmp;
- e->flags |= (1 << NFT_EXPR_TG_REV);
- }
-
/* tg->info is ignored until other solution is reached */
mxmlDelete(tree);
@@ -251,8 +234,7 @@ int nft_rule_exp_target_snprintf_xml(char *buf, size_t len,
int ret, size=len;
int offset = 0;
- ret = snprintf(buf, len, "<name>%s</name><rev>%u</rev>",
- tg->name, tg->rev);
+ ret = snprintf(buf, len, "<name>%s</name>", tg->name);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
return offset;
diff --git a/test/nft-rule-xml-add.sh b/test/nft-rule-xml-add.sh
index 0bd08ff..322e70c 100755
--- a/test/nft-rule-xml-add.sh
+++ b/test/nft-rule-xml-add.sh
@@ -101,9 +101,6 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
</expr>
<expr type=\"match\">
<name>state</name>
- <rev>0</rev>
- <info>
- </info>
</expr>
<expr type=\"counter\">
<pkts>123123</pkts>
@@ -111,9 +108,6 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
</expr>
<expr type=\"target\">
<name>LOG</name>
- <rev>0</rev>
- <info>
- </info>
</expr>
</rule>"
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 16/21] payload: xml: use string for base attribute
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (14 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 15/21] target&match: xml: don't print rev number Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 17/21] exthdr: xml: use string for type node Arturo Borrero Gonzalez
` (5 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch implements using a string instead of a number for the <base> node.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/payload.c | 52 ++++++++++++++++++++++++++++++++++++++--------
test/nft-rule-xml-add.sh | 6 +++--
2 files changed, 46 insertions(+), 12 deletions(-)
diff --git a/src/expr/payload.c b/src/expr/payload.c
index dc42918..6740d99 100644
--- a/src/expr/payload.c
+++ b/src/expr/payload.c
@@ -212,13 +212,19 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, char *xml)
/* Get and set <base>. Not mandatory */
node = mxmlFindElement(tree, tree, "base", NULL, NULL, MXML_DESCEND);
if (node != NULL) {
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+
+ if (strcmp(node->child->value.opaque, "link") == 0) {
+ payload->base = NFT_PAYLOAD_LL_HEADER;
+ } else if (strcmp(node->child->value.opaque, "network") == 0) {
+ payload->base = NFT_PAYLOAD_NETWORK_HEADER;
+ } else if (strcmp(node->child->value.opaque,
+ "transport") == 0) {
+ payload->base = NFT_PAYLOAD_TRANSPORT_HEADER;
+ } else {
mxmlDelete(tree);
return -1;
}
- payload->base = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_PAYLOAD_BASE);
}
@@ -257,6 +263,38 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, char *xml)
}
static int
+nft_rule_expr_payload_snprintf_xml(char *buf, size_t len, uint32_t flags,
+ struct nft_expr_payload *p)
+{
+ int size = len, offset = 0, ret;
+
+ ret = snprintf(buf, len, "<dreg>%u</dreg><offset>%u</offset>"
+ "<len>%u</len>", p->dreg, p->offset, p->len);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ /* A default option is not provided.
+ * The <base> node will be missing; Is not mandatory.
+ */
+
+ switch (p->base) {
+ case NFT_PAYLOAD_LL_HEADER:
+ ret = snprintf(buf+offset, len, "<base>link</base>");
+ break;
+ case NFT_PAYLOAD_NETWORK_HEADER:
+ ret = snprintf(buf+offset, len, "<base>network</base>");
+ break;
+ case NFT_PAYLOAD_TRANSPORT_HEADER:
+ ret = snprintf(buf+offset, len, "<base>transport</base>");
+ break;
+ }
+
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
+
+static int
nft_rule_expr_payload_snprintf(char *buf, size_t len, uint32_t type,
uint32_t flags, struct nft_rule_expr *e)
{
@@ -264,12 +302,8 @@ nft_rule_expr_payload_snprintf(char *buf, size_t len, uint32_t type,
switch(type) {
case NFT_RULE_O_XML:
- return snprintf(buf, len, "<dreg>%u</dreg>"
- "<base>%u</base><offset>%u</offset>"
- "<len>%u</len>",
- payload->dreg, payload->base,
- payload->offset, payload->len);
-
+ return nft_rule_expr_payload_snprintf_xml(buf, len, flags,
+ payload);
case NFT_RULE_O_DEFAULT:
return snprintf(buf, len, "dreg=%u base=%u offset=%u len=%u ",
payload->dreg, payload->base,
diff --git a/test/nft-rule-xml-add.sh b/test/nft-rule-xml-add.sh
index 322e70c..e1e35d9 100755
--- a/test/nft-rule-xml-add.sh
+++ b/test/nft-rule-xml-add.sh
@@ -53,7 +53,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
</expr>
<expr type=\"payload\">
<dreg>1</dreg>
- <base>1</base>
+ <base>transport</base>
<offset>12</offset>
<len>4</len>
</expr>
@@ -69,7 +69,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
</expr>
<expr type=\"payload\">
<dreg>1</dreg>
- <base>1</base>
+ <base>link</base>
<offset>16</offset>
<len>4</len>
</expr>
@@ -85,7 +85,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
</expr>
<expr type=\"payload\">
<dreg>1</dreg>
- <base>1</base>
+ <base>network</base>
<offset>9</offset>
<len>1</len>
</expr>
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 17/21] exthdr: xml: use string for type node
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (15 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 16/21] payload: xml: use string for base attribute Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 18/21] meta: xml: use string to represent key attribute Arturo Borrero Gonzalez
` (4 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch implements using a string for the <type> node.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/exthdr.c | 49 ++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 44 insertions(+), 5 deletions(-)
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 762facd..3cccc28 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -25,6 +25,10 @@
#include "expr_ops.h"
+#ifndef IPPROTO_MH
+#define IPPROTO_MH 135
+#endif
+
struct nft_expr_exthdr {
enum nft_registers dreg;
uint8_t type;
@@ -171,6 +175,41 @@ nft_rule_expr_exthdr_parse(struct nft_rule_expr *e, struct nlattr *attr)
return 0;
}
+static const char *exthdr_type2str(uint32_t type)
+{
+ switch (type) {
+ case IPPROTO_HOPOPTS:
+ return "hopopts";
+ case IPPROTO_ROUTING:
+ return "routing";
+ case IPPROTO_FRAGMENT:
+ return "fragment";
+ case IPPROTO_DSTOPTS:
+ return "dstopts";
+ case IPPROTO_MH:
+ return "mh";
+ default:
+ return "unknown";
+ }
+}
+
+static int str2exthdr_type(char *str)
+{
+ if (strcmp(str, "hopopts") == 0)
+ return IPPROTO_HOPOPTS;
+ else if (strcmp(str, "routing") == 0)
+ return IPPROTO_ROUTING;
+ else if (strcmp(str, "fragment") == 0)
+ return IPPROTO_FRAGMENT;
+ else if (strcmp(str, "dstopts") == 0)
+ return IPPROTO_DSTOPTS;
+ else if (strcmp(str, "mh") == 0)
+ return IPPROTO_MH;
+
+ return -1;
+}
+
+
static int
nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, char *xml)
{
@@ -226,13 +265,12 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+ if (str2exthdr_type(node->child->value.opaque) < 0) {
mxmlDelete(tree);
return -1;
}
- exthdr->type = tmp;
+ exthdr->type = str2exthdr_type(node->child->value.opaque);
e->flags |= (1 << NFT_EXPR_EXTHDR_TYPE);
/* Get and set <offset> */
@@ -285,9 +323,10 @@ nft_rule_expr_exthdr_snprintf(char *buf, size_t len, uint32_t type,
switch(type) {
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
- "<type>%u</type><offset>%u</offset>"
+ "<type>%s</type><offset>%u</offset>"
"<len>%u</len>",
- exthdr->dreg, exthdr->type,
+ exthdr->dreg,
+ exthdr_type2str(exthdr->type),
exthdr->offset, exthdr->len);
case NFT_RULE_O_DEFAULT:
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 18/21] meta: xml: use string to represent key attribute
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (16 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 17/21] exthdr: xml: use string for type node Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 19/21] nat: snprintf: fix buffer offset Arturo Borrero Gonzalez
` (3 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
Use a string for <key> node instead of a number.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/meta.c | 50 +++++++++++++++++++++++++++++++++++++++++-----
test/nft-rule-xml-add.sh | 2 +-
2 files changed, 46 insertions(+), 6 deletions(-)
diff --git a/src/expr/meta.c b/src/expr/meta.c
index 41fcff1..f3170e3 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -21,6 +21,10 @@
#include <libnftables/rule.h>
#include "expr_ops.h"
+#ifndef NFT_META_MAX
+#define NFT_META_MAX (NFT_META_SECMARK + 1)
+#endif
+
struct nft_expr_meta {
uint8_t key; /* enum nft_meta_keys */
uint8_t dreg; /* enum nft_registers */
@@ -126,6 +130,43 @@ nft_rule_expr_meta_parse(struct nft_rule_expr *e, struct nlattr *attr)
return 0;
}
+const char *meta_key2str_array[NFT_META_MAX] = {
+ [NFT_META_LEN] = "len",
+ [NFT_META_PROTOCOL] = "protocol",
+ [NFT_META_PRIORITY] = "priority",
+ [NFT_META_MARK] = "mark",
+ [NFT_META_IIF] = "iif",
+ [NFT_META_OIF] = "oif",
+ [NFT_META_IIFNAME] = "iifname",
+ [NFT_META_OIFNAME] = "oifname",
+ [NFT_META_IIFTYPE] = "iiftype",
+ [NFT_META_OIFTYPE] = "oiftype",
+ [NFT_META_SKUID] = "skuid",
+ [NFT_META_SKGID] = "skgid",
+ [NFT_META_NFTRACE] = "nftrace",
+ [NFT_META_RTCLASSID] = "rtclassid",
+ [NFT_META_SECMARK] = "secmark",
+};
+
+static const char *meta_key2str(uint8_t key)
+{
+ if (key < NFT_META_MAX)
+ return meta_key2str_array[key];
+
+ return "unknown";
+}
+
+static int str2meta_key(const char *str)
+{
+ int i;
+
+ for (i = 0; i < NFT_META_MAX; i++)
+ if (strcmp(str, meta_key2str_array[i]) == 0)
+ return i;
+
+ return -1;
+}
+
static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, char *xml)
{
#ifdef XML_PARSING
@@ -178,13 +219,12 @@ static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+ if (str2meta_key(node->child->value.opaque) < 0) {
mxmlDelete(tree);
return -1;
}
- meta->key = (uint8_t)tmp;
+ meta->key = str2meta_key(node->child->value.opaque);
e->flags |= (1 << NFT_EXPR_META_KEY);
mxmlDelete(tree);
@@ -204,8 +244,8 @@ nft_rule_expr_meta_snprintf(char *buf, size_t len, uint32_t type,
switch(type) {
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
- "<key>%u</key>",
- meta->dreg, meta->key);
+ "<key>%s</key>",
+ meta->dreg, meta_key2str(meta->key));
case NFT_RULE_O_DEFAULT:
return snprintf(buf, len, "dreg=%u key=%u ",
meta->dreg, meta->key);
diff --git a/test/nft-rule-xml-add.sh b/test/nft-rule-xml-add.sh
index e1e35d9..2a052b2 100755
--- a/test/nft-rule-xml-add.sh
+++ b/test/nft-rule-xml-add.sh
@@ -39,7 +39,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
<compat_proto>0</compat_proto>
<expr type=\"meta\">
<dreg>1</dreg>
- <key>4</key>
+ <key>iif</key>
</expr>
<expr type=\"cmp\">
<sreg>1</sreg>
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 19/21] nat: snprintf: fix buffer offset
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (17 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 18/21] meta: xml: use string to represent key attribute Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 20/21] nat: xml: rename node type to nat_type Arturo Borrero Gonzalez
` (2 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch fix the buffer offset necesary to print correctly the nat expr in a default output mode.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/nat.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/expr/nat.c b/src/expr/nat.c
index 7d83154..378d053 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -383,18 +383,18 @@ nft_rule_expr_nat_snprintf_default(char *buf, size_t size,
break;
}
- ret = snprintf(buf, len, "family=%s ", nft_family2str(nat->family));
+ ret = snprintf(buf+offset, len, "family=%s ", nft_family2str(nat->family));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
- ret = snprintf(buf, len,
+ ret = snprintf(buf+offset, len,
"sreg_addr_min_v4=%u sreg_addr_max_v4=%u ",
nat->sreg_addr_min, nat->sreg_addr_max);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
if (e->flags & (1 << NFT_EXPR_NAT_REG_PROTO_MIN)) {
- ret = snprintf(buf, len,
+ ret = snprintf(buf+offset, len,
"sreg_proto_min=%u sreg_proto_max=%u ",
nat->sreg_proto_min, nat->sreg_proto_max);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 20/21] nat: xml: rename node type to nat_type
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (18 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 19/21] nat: snprintf: fix buffer offset Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 21/21] exthdr: xml: rename type node to exthdr_type Arturo Borrero Gonzalez
2013-06-27 17:58 ` [libnftables PATCH 00/21] Small fixes for XML Pablo Neira Ayuso
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch renames the node <type> to a more explicit <nat_type>.
This will prevent in the future from confusing other <type> nodes from other exprs.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/nat.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/expr/nat.c b/src/expr/nat.c
index 378d053..b81fd81 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -228,8 +228,8 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
- /* Get and set <type>. Mandatory */
- node = mxmlFindElement(tree, tree, "type", NULL, NULL,
+ /* Get and set <nat_type>. Mandatory */
+ node = mxmlFindElement(tree, tree, "nat_type", NULL, NULL,
MXML_DESCEND_FIRST);
if (node == NULL) {
mxmlDelete(tree);
@@ -334,11 +334,11 @@ nft_rule_expr_nat_snprintf_xml(char *buf, size_t size,
/* Is a mandatory element. Provide a default, even empty */
if (nat->type == NFT_NAT_SNAT)
- ret = snprintf(buf, len, "<type>snat</type>");
+ ret = snprintf(buf, len, "<nat_type>snat</nat_type>");
else if (nat->type == NFT_NAT_DNAT)
- ret = snprintf(buf, len, "<type>dnat</type>");
+ ret = snprintf(buf, len, "<nat_type>dnat</nat_type>");
else
- ret = snprintf(buf, len, "<type/>");
+ ret = snprintf(buf, len, "<nat_type/>");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 21/21] exthdr: xml: rename type node to exthdr_type
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (19 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 20/21] nat: xml: rename node type to nat_type Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-27 17:58 ` [libnftables PATCH 00/21] Small fixes for XML Pablo Neira Ayuso
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch renames the <type> node in the exthdr expr to <exthdr_type>.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/exthdr.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 3cccc28..21b1d80 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -258,8 +258,9 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, char *xml)
exthdr->dreg = tmp;
e->flags |= (1 << NFT_EXPR_EXTHDR_DREG);
- /* Get and set <type> */
- node = mxmlFindElement(tree, tree, "type", NULL, NULL, MXML_DESCEND);
+ /* Get and set <exthdr_type> */
+ node = mxmlFindElement(tree, tree, "exthdr_type", NULL, NULL,
+ MXML_DESCEND);
if (node == NULL) {
mxmlDelete(tree);
return -1;
@@ -323,7 +324,8 @@ nft_rule_expr_exthdr_snprintf(char *buf, size_t len, uint32_t type,
switch(type) {
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
- "<type>%s</type><offset>%u</offset>"
+ "<exthdr_type>%s</exthdr_type>"
+ "<offset>%u</offset>"
"<len>%u</len>",
exthdr->dreg,
exthdr_type2str(exthdr->type),
^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [libnftables PATCH 00/21] Small fixes for XML
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (20 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 21/21] exthdr: xml: rename type node to exthdr_type Arturo Borrero Gonzalez
@ 2013-06-27 17:58 ` Pablo Neira Ayuso
21 siblings, 0 replies; 23+ messages in thread
From: Pablo Neira Ayuso @ 2013-06-27 17:58 UTC (permalink / raw)
To: Arturo Borrero Gonzalez; +Cc: netfilter-devel
On Wed, Jun 26, 2013 at 01:36:55PM +0200, Arturo Borrero Gonzalez wrote:
> The following series implements a bunch of small fixes for the XML
> code in libnftables.
>
> These are some of the changes Pablo requested me to make previous to
> the inclusion of the parsing test bench.
Applied from 3 to 21 with changes, please review the repo to note
mostly comestic changes. Thanks.
^ permalink raw reply [flat|nested] 23+ messages in thread
end of thread, other threads:[~2013-06-27 17:58 UTC | newest]
Thread overview: 23+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 01/21] chain: add hooknum2str Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 02/21] src: xml: convert family values to string Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 03/21] rule: xml: conditional compat info Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 04/21] bitwise: xml: mask and xor use same number of data registers Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 05/21] expr: xml: validate registers < NFT_REG_MAX Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 06/21] nat: xml: change nat types string to dnat/snat Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 07/21] nat: xml: change IP range node names Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 08/21] byteorder: xml: op as string Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 09/21] ct: xml: add extra dir check Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 10/21] ct: xml: use key's name string instead of numbers Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 11/21] exthdr: xml: fix mandatory elements Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 12/21] chain: xml: use string for policy Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 13/21] data_reg: xml: len node shows byte length Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 14/21] data_reg: xml: fix bytes movements Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 15/21] target&match: xml: don't print rev number Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 16/21] payload: xml: use string for base attribute Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 17/21] exthdr: xml: use string for type node Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 18/21] meta: xml: use string to represent key attribute Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 19/21] nat: snprintf: fix buffer offset Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 20/21] nat: xml: rename node type to nat_type Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 21/21] exthdr: xml: rename type node to exthdr_type Arturo Borrero Gonzalez
2013-06-27 17:58 ` [libnftables PATCH 00/21] Small fixes for XML Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.