[libnftables PATCH 0/2] small fixes for libnftables XML

[libnftables PATCH 0/2] small fixes for libnftables XML

[Arturo Borrero]

The following series implements a couple of fixes for libnftables XML.

The versioning attributes for XML is added to provide a future way to easily modify que XML format once libnftables is released.
Casting are for the same data type, thus useless.

---

Arturo Borrero (2):
      src: chain: delete useless castings
      src: xml: add versioning


 include/libnftables/chain.h |    2 ++
 include/libnftables/rule.h  |    2 ++
 include/libnftables/table.h |    2 ++
 src/chain.c                 |   24 ++++++++++++++++++------
 src/expr/counter.c          |    4 ++--
 src/rule.c                  |   19 ++++++++++++++++---
 src/table.c                 |   18 ++++++++++++++++--
 7 files changed, 58 insertions(+), 13 deletions(-)

-- 
Arturo Borrero Gonzalez

[libnftables PATCH 1/2] src: chain: delete useless castings

[Arturo Borrero]

These casting were useless.


Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 src/chain.c        |    6 +++---
 src/expr/counter.c |    4 ++--
 src/rule.c         |    2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/chain.c b/src/chain.c
index b160cff..4146e6a 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -490,7 +490,7 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml)
 		return -1;
 	}
 
-	c->handle = (uint64_t)utmp;
+	c->handle = utmp;
 	c->flags |= (1 << NFT_CHAIN_ATTR_HANDLE);
 
 	/* Get and set <chain bytes="x" ... >*/
@@ -503,7 +503,7 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml)
 		mxmlDelete(tree);
 		return -1;
 	}
-	c->bytes = (uint64_t)utmp;
+	c->bytes = utmp;
 	c->flags |= (1 << NFT_CHAIN_ATTR_BYTES);
 
 	/* Get and set <chain packets="x" ... > */
@@ -516,7 +516,7 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml)
 		mxmlDelete(tree);
 		return -1;
 	}
-	c->packets = (uint64_t)utmp;
+	c->packets = utmp;
 	c->flags |= (1 << NFT_CHAIN_ATTR_PACKETS);
 
 	/* Ignore <properties> node */
diff --git a/src/expr/counter.c b/src/expr/counter.c
index 633db3e..129f32e 100644
--- a/src/expr/counter.c
+++ b/src/expr/counter.c
@@ -160,7 +160,7 @@ nft_rule_expr_counter_xml_parse(struct nft_rule_expr *e, char *xml)
 			return -1;
 		}
 
-		ctr->pkts = (uint64_t)tmp;
+		ctr->pkts = tmp;
 		e->flags |= (1 << NFT_EXPR_CTR_PACKETS);
 	}
 
@@ -174,7 +174,7 @@ nft_rule_expr_counter_xml_parse(struct nft_rule_expr *e, char *xml)
 			return -1;
 		}
 
-		ctr->bytes = (uint64_t)tmp;
+		ctr->bytes = tmp;
 		e->flags |= (1 << NFT_EXPR_CTR_BYTES);
 	}
 
diff --git a/src/rule.c b/src/rule.c
index f000a77..318ae07 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -503,7 +503,7 @@ static int nft_rule_xml_parse(struct nft_rule *r, char *xml)
 		return -1;
 	}
 
-	r->handle = (uint64_t)tmp;
+	r->handle = tmp;
 	r->flags |= (1 << NFT_RULE_ATTR_HANDLE);
 
 	/* get and set <rule_flags> */

Re: [libnftables PATCH 1/2] src: chain: delete useless castings

[Pablo Neira Ayuso]

On Fri, May 24, 2013 at 01:28:41PM +0200, Arturo Borrero wrote:
> These casting were useless.

Applied, thanks.

[libnftables PATCH 2/2] src: xml: add versioning

[Arturo Borrero]

All XML chunks now have a "version" attribute to help in future changes.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 include/libnftables/chain.h |    2 ++
 include/libnftables/rule.h  |    2 ++
 include/libnftables/table.h |    2 ++
 src/chain.c                 |   18 +++++++++++++++---
 src/rule.c                  |   17 +++++++++++++++--
 src/table.c                 |   18 ++++++++++++++++--
 6 files changed, 52 insertions(+), 7 deletions(-)

diff --git a/include/libnftables/chain.h b/include/libnftables/chain.h
index b12474f..a789e8b 100644
--- a/include/libnftables/chain.h
+++ b/include/libnftables/chain.h
@@ -45,6 +45,8 @@ enum {
 	NFT_CHAIN_O_XML,
 };
 
+#define NFT_CHAIN_XML_VERSION 0
+
 enum nft_chain_parse_type {
 	NFT_CHAIN_PARSE_NONE	= 0,
 	NFT_CHAIN_PARSE_XML,
diff --git a/include/libnftables/rule.h b/include/libnftables/rule.h
index 9c4ab0d..96570ec 100644
--- a/include/libnftables/rule.h
+++ b/include/libnftables/rule.h
@@ -43,6 +43,8 @@ enum {
 	NFT_RULE_O_XML,
 };
 
+#define NFT_RULE_XML_VERSION 0
+
 enum nft_rule_parse_type {
 	NFT_RULE_PARSE_NONE	= 0,
 	NFT_RULE_PARSE_XML,
diff --git a/include/libnftables/table.h b/include/libnftables/table.h
index 658230c..4bf87fe 100644
--- a/include/libnftables/table.h
+++ b/include/libnftables/table.h
@@ -33,6 +33,8 @@ enum {
 	NFT_TABLE_O_XML,
 };
 
+#define NFT_TABLE_XML_VERSION 0
+
 enum nft_table_parse_type {
 	NFT_TABLE_PARSE_NONE	= 0,
 	NFT_TABLE_PARSE_XML,
diff --git a/src/chain.c b/src/chain.c
index 4146e6a..95c8807 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -14,6 +14,7 @@
 #include <endian.h>
 #include <stdint.h>
 #include <stdlib.h>
+#include <limits.h>
 #include <string.h>
 #include <netinet/in.h>
 #include <errno.h>
@@ -469,6 +470,17 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml)
 	if (tree == NULL)
 		return -1;
 
+	/* Validate version */
+	if (mxmlElementGetAttr(tree, "version") == NULL) {
+		mxmlDelete(tree);
+		return -1;
+	}
+	tmp = strtoll(mxmlElementGetAttr(tree, "version"), &endptr, 10);
+	if (tmp == LLONG_MAX || *endptr || tmp != NFT_CHAIN_XML_VERSION) {
+		mxmlDelete(tree);
+		return -1;
+	}
+
 	/* Get and set <chain name="xxx" ... >*/
 	if (mxmlElementGetAttr(tree, "name") == NULL) {
 		mxmlDelete(tree);
@@ -643,7 +655,7 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
 {
 	return snprintf(buf, size,
 		"<chain name=\"%s\" handle=\"%lu\""
-			" bytes=\"%lu\" packets=\"%lu\">"
+			" bytes=\"%lu\" packets=\"%lu\" version=\"%d\" >"
 			"<properties>"
 				"<type>%s</type>"
 				"<table>%s</table>"
@@ -655,8 +667,8 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
 			"</properties>"
 		"</chain>",
 			c->name, c->handle, c->bytes, c->packets,
-			c->type, c->table, c->prio, c->use, c->hooknum,
-			c->policy, c->family);
+			NFT_CHAIN_XML_VERSION, c->type, c->table,
+			c->prio, c->use, c->hooknum, c->policy, c->family);
 }
 
 static int nft_chain_snprintf_default(char *buf, size_t size, struct nft_chain *c)
diff --git a/src/rule.c b/src/rule.c
index 318ae07..9785c24 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -14,6 +14,7 @@
 #include <endian.h>
 #include <stdint.h>
 #include <stdlib.h>
+#include <limits.h>
 #include <string.h>
 #include <netinet/in.h>
 #include <errno.h>
@@ -454,6 +455,17 @@ static int nft_rule_xml_parse(struct nft_rule *r, char *xml)
 	if (tree == NULL)
 		return -1;
 
+	/* validate XML version <rule ... version=X ... > */
+	if (mxmlElementGetAttr(tree, "version") == NULL) {
+		mxmlDelete(tree);
+		return -1;
+	}
+	tmp = strtoll(mxmlElementGetAttr(tree, "version"), &endptr, 10);
+	if (tmp == LLONG_MAX || *endptr || tmp != NFT_RULE_XML_VERSION) {
+		mxmlDelete(tree);
+		return -1;
+	}
+
 	/* get and set <rule ... family=X ... > */
 	if (mxmlElementGetAttr(tree, "family") == NULL) {
 		mxmlDelete(tree);
@@ -629,9 +641,10 @@ static int nft_rule_snprintf_xml(char *buf, size_t size, struct nft_rule *r,
 
 	ret = snprintf(buf, size,
 		"<rule family=\"%u\" table=\"%s\" "
-			"chain=\"%s\" handle=\"%llu\"> ",
+			"chain=\"%s\" handle=\"%llu\" version=\"%d\"> ",
 				r->family, r->table, r->chain,
-				(unsigned long long)r->handle);
+				(unsigned long long)r->handle,
+				NFT_RULE_XML_VERSION);
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	ret = snprintf(buf+offset, len, "<rule_flags>%u</rule_flags>"
diff --git a/src/table.c b/src/table.c
index 70f482d..a868da4 100644
--- a/src/table.c
+++ b/src/table.c
@@ -203,6 +203,7 @@ static int nft_table_xml_parse(struct nft_table *t, char *xml)
 	mxml_node_t *node = NULL;
 	char *endptr = NULL;
 	uint64_t tmp;
+	int64_t stmp;
 
 	/* NOTE: all XML nodes are mandatory */
 
@@ -211,6 +212,18 @@ static int nft_table_xml_parse(struct nft_table *t, char *xml)
 	if (tree == NULL)
 		return -1;
 
+	/* Check the version of the XML */
+	if (mxmlElementGetAttr(tree, "version") == NULL) {
+		mxmlDelete(tree);
+		return -1;
+	}
+
+	stmp = strtoll(mxmlElementGetAttr(tree, "version"), &endptr, 10);
+	if (stmp == LLONG_MAX || *endptr || stmp != NFT_TABLE_XML_VERSION) {
+		mxmlDelete(tree);
+		return -1;
+	}
+
 	/* Get and set the name of the table */
 	if (mxmlElementGetAttr(tree, "name") == NULL) {
 		mxmlDelete(tree);
@@ -290,13 +303,14 @@ EXPORT_SYMBOL(nft_table_parse);
 static int nft_table_snprintf_xml(char *buf, size_t size, struct nft_table *t)
 {
 	return snprintf(buf, size,
-			"<table name=\"%s\">"
+			"<table name=\"%s\" version=\"%d\">"
 				"<properties>"
 					"<family>%u</family>"
 					"<table_flags>%d</table_flags>"
 				"</properties>"
 			"</table>" ,
-			t->name, t->family, t->table_flags);
+			t->name, NFT_TABLE_XML_VERSION,
+			t->family, t->table_flags);
 }
 
 static int nft_table_snprintf_default(char *buf, size_t size, struct nft_table *t)

Re: [libnftables PATCH 2/2] src: xml: add versioning

[Pablo Neira Ayuso]

On Fri, May 24, 2013 at 01:28:46PM +0200, Arturo Borrero wrote:
> All XML chunks now have a "version" attribute to help in future changes.
> 
> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
> ---
>  include/libnftables/chain.h |    2 ++
>  include/libnftables/rule.h  |    2 ++
>  include/libnftables/table.h |    2 ++
>  src/chain.c                 |   18 +++++++++++++++---
>  src/rule.c                  |   17 +++++++++++++++--
>  src/table.c                 |   18 ++++++++++++++++--
>  6 files changed, 52 insertions(+), 7 deletions(-)
> 
> diff --git a/include/libnftables/chain.h b/include/libnftables/chain.h
> index b12474f..a789e8b 100644
> --- a/include/libnftables/chain.h
> +++ b/include/libnftables/chain.h
> @@ -45,6 +45,8 @@ enum {
>  	NFT_CHAIN_O_XML,
>  };
>  
> +#define NFT_CHAIN_XML_VERSION 0

This definition is only used internally, so it should not be exported.
Move it to internal.h.