* [libnftables PATCH 0/2] Series to add JSON output support for rules
@ 2013-06-13 18:50 Alvaro Neira
2013-06-13 18:50 ` [libnftables PATCH 1/2] Add function for exporting rule to JSON format Alvaro Neira
2013-06-13 18:50 ` [libnftables PATCH 2/2] Add code for testing the new functions for exporting rules to JSON Format Alvaro Neira
0 siblings, 2 replies; 4+ messages in thread
From: Alvaro Neira @ 2013-06-13 18:50 UTC (permalink / raw)
To: netfilter-devel
This is the implementation for exporting the rules to JSON Format and for testing the new functions
---
Álvaro Neira Ayuso (2):
Add function for exporting rule to JSON format
Add code for testing the new functions for exporting rules to JSON Format
examples/nft-rule-get.c | 5 ++++
include/libnftables/rule.h | 1 +
src/expr/bitwise.c | 33 ++++++++++++++++++++++++++++++
src/expr/byteorder.c | 21 +++++++++++++++++++
src/expr/cmp.c | 21 +++++++++++++++++++
src/expr/counter.c | 4 ++++
src/expr/ct.c | 5 ++++
src/expr/data_reg.c | 49 ++++++++++++++++++++++++++++++++++++++++++++
src/expr/exthdr.c | 7 ++++++
src/expr/immediate.c | 36 ++++++++++++++++++++++++++++++++
src/expr/limit.c | 4 ++++
src/expr/log.c | 7 ++++++
src/expr/lookup.c | 16 ++++++++++++++
src/expr/match.c | 25 ++++++++++++++++++++++
src/expr/meta.c | 4 ++++
src/expr/nat.c | 44 ++++++++++++++++++++++++++++++++++++++++
src/expr/payload.c | 6 +++++
src/expr/target.c | 26 +++++++++++++++++++++++
src/internal.h | 1 +
src/rule.c | 44 ++++++++++++++++++++++++++++++++++++++++
20 files changed, 358 insertions(+), 1 deletion(-)
--
Álvaro Neira Ayuso
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* [libnftables PATCH 1/2] Add function for exporting rule to JSON format
2013-06-13 18:50 [libnftables PATCH 0/2] Series to add JSON output support for rules Alvaro Neira
@ 2013-06-13 18:50 ` Alvaro Neira
2013-06-13 18:50 ` [libnftables PATCH 2/2] Add code for testing the new functions for exporting rules to JSON Format Alvaro Neira
1 sibling, 0 replies; 4+ messages in thread
From: Alvaro Neira @ 2013-06-13 18:50 UTC (permalink / raw)
To: netfilter-devel
From: Álvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
include/libnftables/rule.h | 1 +
src/expr/bitwise.c | 33 ++++++++++++++++++++++++++++++
src/expr/byteorder.c | 21 +++++++++++++++++++
src/expr/cmp.c | 21 +++++++++++++++++++
src/expr/counter.c | 4 ++++
src/expr/ct.c | 5 ++++
src/expr/data_reg.c | 49 ++++++++++++++++++++++++++++++++++++++++++++
src/expr/exthdr.c | 7 ++++++
src/expr/immediate.c | 36 ++++++++++++++++++++++++++++++++
src/expr/limit.c | 4 ++++
src/expr/log.c | 7 ++++++
src/expr/lookup.c | 16 ++++++++++++++
src/expr/match.c | 25 ++++++++++++++++++++++
src/expr/meta.c | 4 ++++
src/expr/nat.c | 44 ++++++++++++++++++++++++++++++++++++++++
src/expr/payload.c | 6 +++++
src/expr/target.c | 26 +++++++++++++++++++++++
src/internal.h | 1 +
src/rule.c | 44 ++++++++++++++++++++++++++++++++++++++++
19 files changed, 354 insertions(+)
diff --git a/include/libnftables/rule.h b/include/libnftables/rule.h
index 9989f19..3287c27 100644
--- a/include/libnftables/rule.h
+++ b/include/libnftables/rule.h
@@ -42,6 +42,7 @@ void nft_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_rule *t);
enum {
NFT_RULE_O_DEFAULT = 0,
NFT_RULE_O_XML,
+ NFT_RULE_O_JSON,
};
enum nft_rule_parse_type {
diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
index 9ebe3dc..eda452d 100644
--- a/src/expr/bitwise.c
+++ b/src/expr/bitwise.c
@@ -306,6 +306,37 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, char *xml)
}
static int
+nft_rule_expr_bitwise_snprintf_json(char *buf, size_t size,
+ struct nft_expr_bitwise *bitwise)
+{
+ int len = size, offset = 0, ret;
+
+ ret = snprintf(buf, len, "\"sreg\" : %u, "
+ "\"dreg\" : %u, ",
+ bitwise->sreg, bitwise->dreg);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = snprintf(buf+offset, len, "\"mask\" : ");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = nft_data_reg_snprintf(buf+offset, len, &bitwise->mask,
+ NFT_RULE_O_JSON, 0, DATA_VALUE);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = snprintf(buf+offset, len, ", \"xor\" : ");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = nft_data_reg_snprintf(buf+offset, len, &bitwise->xor,
+ NFT_RULE_O_JSON, 0, DATA_VALUE);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = snprintf(buf+offset, len, "\"");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
+static int
nft_rule_expr_bitwise_snprintf_xml(char *buf, size_t size,
struct nft_expr_bitwise *bitwise)
{
@@ -370,6 +401,8 @@ nft_rule_expr_bitwise_snprintf(char *buf, size_t size, uint32_t type,
struct nft_expr_bitwise *bitwise = (struct nft_expr_bitwise *)e->data;
switch(type) {
+ case NFT_RULE_O_JSON:
+ return nft_rule_expr_bitwise_snprintf_json(buf, size, bitwise);
case NFT_RULE_O_XML:
return nft_rule_expr_bitwise_snprintf_xml(buf, size, bitwise);
case NFT_RULE_O_DEFAULT:
diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c
index 9d75824..4e0d9d7 100644
--- a/src/expr/byteorder.c
+++ b/src/expr/byteorder.c
@@ -285,6 +285,24 @@ err:
}
static int
+nft_rule_expr_byteorder_snprintf_json(char *buf, size_t size,
+ struct nft_expr_byteorder *byteorder)
+{
+ int len = size, offset = 0, ret;
+
+ ret = snprintf(buf, len, "\"sreg\" : %u, "
+ "\"dreg\" : %u, "
+ "\"op\" : %u, "
+ "\"len\" : %u, "
+ "\"size\" : %u",
+ byteorder->sreg, byteorder->dreg, byteorder->op,
+ byteorder->len, byteorder->size);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
+static int
nft_rule_expr_byteorder_snprintf_xml(char *buf, size_t size,
struct nft_expr_byteorder *byteorder)
{
@@ -329,6 +347,9 @@ nft_rule_expr_byteorder_snprintf(char *buf, size_t size, uint32_t type,
case NFT_RULE_O_XML:
return nft_rule_expr_byteorder_snprintf_xml(buf, size,
byteorder);
+ case NFT_RULE_O_JSON:
+ return nft_rule_expr_byteorder_snprintf_json(buf, size,
+ byteorder);
default:
break;
}
diff --git a/src/expr/cmp.c b/src/expr/cmp.c
index 673f3e0..5d3ddeb 100644
--- a/src/expr/cmp.c
+++ b/src/expr/cmp.c
@@ -259,6 +259,25 @@ static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, char *xml)
}
static int
+nft_rule_expr_cmp_snprintf_json(char *buf, size_t size, struct nft_expr_cmp *cmp)
+{
+ int len = size, offset = 0, ret;
+
+ ret = snprintf(buf, len, "\"sreg\" : %u, \"op\" : \"%s\", \"cmpdata\" : {",
+ cmp->sreg, expr_cmp_str[cmp->op]);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = nft_data_reg_snprintf(buf+offset, len, &cmp->data,
+ NFT_RULE_O_JSON, 0, DATA_VALUE);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = snprintf(buf+offset, len, "}");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
+static int
nft_rule_expr_cmp_snprintf_xml(char *buf, size_t size, struct nft_expr_cmp *cmp)
{
int len = size, offset = 0, ret;
@@ -300,6 +319,8 @@ nft_rule_expr_cmp_snprintf(char *buf, size_t size, uint32_t type,
{
struct nft_expr_cmp *cmp = (struct nft_expr_cmp *)e->data;
switch(type) {
+ case NFT_RULE_O_JSON:
+ return nft_rule_expr_cmp_snprintf_json(buf, size, cmp);
case NFT_RULE_O_XML:
return nft_rule_expr_cmp_snprintf_xml(buf, size, cmp);
case NFT_RULE_O_DEFAULT:
diff --git a/src/expr/counter.c b/src/expr/counter.c
index 129f32e..5e17bd9 100644
--- a/src/expr/counter.c
+++ b/src/expr/counter.c
@@ -193,6 +193,10 @@ nft_rule_expr_counter_snprintf(char *buf, size_t len, uint32_t type,
struct nft_expr_counter *ctr = (struct nft_expr_counter *)e->data;
switch(type) {
+
+ case NFT_RULE_O_JSON:
+ return snprintf(buf, len, "\"pkts\" : %lu, \"bytes\" : %lu",
+ ctr->pkts, ctr->bytes);
case NFT_RULE_O_XML:
return snprintf(buf, len, "<pkts>%lu</pkts><bytes>%lu</bytes>",
ctr->pkts, ctr->bytes);
diff --git a/src/expr/ct.c b/src/expr/ct.c
index 4042926..d6cde67 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -228,6 +228,11 @@ nft_rule_expr_ct_snprintf(char *buf, size_t len, uint32_t type,
"<key>%u</key>"
"<dir>%u</dir>",
ct->dreg, ct->key, ct->dir);
+ case NFT_RULE_O_JSON:
+ return snprintf(buf, len, "\"dreg\" : %u, "
+ "\"key\" : %u, "
+ "\"dir\" : %u",
+ ct->dreg, ct->key, ct->dir);
default:
break;
}
diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
index 5eb7f38..e5bd2fc 100644
--- a/src/expr/data_reg.c
+++ b/src/expr/data_reg.c
@@ -254,6 +254,42 @@ int nft_data_reg_xml_parse(union nft_data_reg *reg, char *xml)
#endif
}
+static int
+nft_data_reg_value_snprintf_json(char *buf, size_t size,
+ union nft_data_reg *reg,
+ uint32_t flags)
+{
+ int len = size, offset = 0, ret, i, j;
+ uint8_t *tmp;
+ int data_len = reg->len/sizeof(uint32_t);
+
+ ret = snprintf(buf, len, "\"data_reg\": { \"type\" : \"value\", ");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = snprintf(buf+offset, len, "\"len\" : %d, ", data_len);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ for (i=0; i<data_len; i++) {
+ ret = snprintf(buf+offset, len, "\"data%d\" : \"0x", i);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ tmp = (uint8_t *)®->val[i];
+
+ for (j=0; j<sizeof(int); j++) {
+ ret = snprintf(buf+offset, len, "%.02x", tmp[j]);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ ret = snprintf(buf+offset, len, "\"");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ ret = snprintf(buf+offset, len, "}");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
static
int nft_data_reg_value_snprintf_xml(char *buf, size_t size,
union nft_data_reg *reg, uint32_t flags)
@@ -309,6 +345,9 @@ int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg,
switch(reg_type) {
case DATA_VALUE:
switch(output_format) {
+ case NFT_RULE_O_JSON:
+ return nft_data_reg_value_snprintf_json(buf, size,
+ reg, flags);
case NFT_RULE_O_XML:
return nft_data_reg_value_snprintf_xml(buf, size,
reg, flags);
@@ -320,6 +359,11 @@ int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg,
}
case DATA_VERDICT:
switch(output_format) {
+ case NFT_RULE_O_JSON:
+ return snprintf(buf, size,
+ "\"data_reg\": { \"type\" : \"verdict\", "
+ "\"verdict\" : %d"
+ "}", reg->verdict);
case NFT_RULE_O_XML:
return snprintf(buf, size,
"<data_reg type=\"verdict\">"
@@ -332,6 +376,11 @@ int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg,
}
case DATA_CHAIN:
switch(output_format) {
+ case NFT_RULE_O_JSON:
+ return snprintf(buf, size,
+ "\"data_reg\": { \"type\" : \"chain\", "
+ "\"chain\" : %d"
+ "}", reg->verdict);
case NFT_RULE_O_XML:
return snprintf(buf, size,
"<data_reg type=\"chain\">"
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index fb3f7ad..5d564ec 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -262,6 +262,13 @@ nft_rule_expr_exthdr_snprintf(char *buf, size_t len, uint32_t type,
struct nft_expr_exthdr *exthdr = (struct nft_expr_exthdr *)e->data;
switch(type) {
+ case NFT_RULE_O_JSON:
+ return snprintf(buf, len, "\"dreg\" : %u, "
+ "\"type\" : %u, \"offset\" : %u, "
+ "\"len\" : %u",
+ exthdr->dreg, exthdr->type,
+ exthdr->offset, exthdr->len);
+
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
"<type>%u</type><offset>%u</offset>"
diff --git a/src/expr/immediate.c b/src/expr/immediate.c
index 295054d..6a79476 100644
--- a/src/expr/immediate.c
+++ b/src/expr/immediate.c
@@ -295,6 +295,40 @@ nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, char *xml)
}
static int
+nft_rule_expr_immediate_snprintf_json(char *buf, size_t len,
+ struct nft_rule_expr *e, uint32_t flags)
+{
+ int size = len, offset = 0, ret;
+ struct nft_expr_immediate *imm = (struct nft_expr_immediate *)e->data;
+
+ ret = snprintf(buf, len, "\"dreg\" : %u, "
+ "\"immediatedata\" : {", imm->dreg);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+
+ if (e->flags & (1 << NFT_EXPR_IMM_DATA)) {
+ ret = nft_data_reg_snprintf(buf+offset, len, &imm->data,
+ NFT_RULE_O_JSON, flags, DATA_VALUE);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ } else if (e->flags & (1 << NFT_EXPR_IMM_VERDICT)) {
+ ret = nft_data_reg_snprintf(buf+offset, len, &imm->data,
+ NFT_RULE_O_JSON, flags, DATA_VERDICT);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ } else if (e->flags & (1 << NFT_EXPR_IMM_CHAIN)) {
+ ret = nft_data_reg_snprintf(buf+offset, len, &imm->data,
+ NFT_RULE_O_JSON, flags, DATA_CHAIN);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ ret = snprintf(buf+offset, len, "}");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
+static int
nft_rule_expr_immediate_snprintf_xml(char *buf, size_t len,
struct nft_rule_expr *e, uint32_t flags)
{
@@ -362,6 +396,8 @@ nft_rule_expr_immediate_snprintf(char *buf, size_t len, uint32_t type,
uint32_t flags, struct nft_rule_expr *e)
{
switch(type) {
+ case NFT_RULE_O_JSON:
+ return nft_rule_expr_immediate_snprintf_json(buf, len, e, flags);
case NFT_RULE_O_XML:
return nft_rule_expr_immediate_snprintf_xml(buf, len, e, flags);
case NFT_RULE_O_DEFAULT:
diff --git a/src/expr/limit.c b/src/expr/limit.c
index 64a5b70..78798d6 100644
--- a/src/expr/limit.c
+++ b/src/expr/limit.c
@@ -194,6 +194,10 @@ nft_rule_expr_limit_snprintf(char *buf, size_t len, uint32_t type,
return snprintf(buf, len, "<rate>%"PRIu64"</rate>"
"<depth>%"PRIu64"</depth>",
limit->rate, limit->depth);
+ case NFT_RULE_O_JSON:
+ return snprintf(buf, len, "\"rate\" : %"PRIu64", "
+ "\"depth\" : %"PRIu64" ",
+ limit->rate, limit->depth);
default:
break;
}
diff --git a/src/expr/log.c b/src/expr/log.c
index 0e35a65..f7e7558 100644
--- a/src/expr/log.c
+++ b/src/expr/log.c
@@ -262,6 +262,13 @@ nft_rule_expr_log_snprintf(char *buf, size_t len, uint32_t type,
"<qthreshold>%u</qthreshold>",
log->prefix, log->group,
log->snaplen, log->qthreshold);
+ case NFT_RULE_O_JSON:
+ return snprintf(buf, len, "\"prefix\" : \"%s\", "
+ "\"group\" : %u, "
+ "\"snaplen\" : %u, "
+ "\"qthreshold\" : %u ",
+ log->prefix, log->group,
+ log->snaplen, log->qthreshold);
default:
break;
}
diff --git a/src/expr/lookup.c b/src/expr/lookup.c
index 6d2b9a2..ba56b78 100644
--- a/src/expr/lookup.c
+++ b/src/expr/lookup.c
@@ -228,6 +228,20 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, char *xml)
}
static int
+nft_rule_expr_lookup_snprintf_json(char *buf, size_t size,
+ struct nft_expr_lookup *l)
+{
+ int len = size, offset = 0, ret;
+
+ ret = snprintf(buf, len, "\"set\" : \"%s\", \"sreg\" : %u, \"dreg\" : %u",
+ l->set_name, l->sreg, l->dreg);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
+
+static int
nft_rule_expr_lookup_snprintf_xml(char *buf, size_t size,
struct nft_expr_lookup *l)
{
@@ -260,6 +274,8 @@ nft_rule_expr_lookup_snprintf(char *buf, size_t size, uint32_t type,
struct nft_expr_lookup *lookup = (struct nft_expr_lookup *)e->data;
switch(type) {
+ case NFT_RULE_O_JSON:
+ return nft_rule_expr_lookup_snprintf_json(buf, size, lookup);
case NFT_RULE_O_XML:
return nft_rule_expr_lookup_snprintf_xml(buf, size, lookup);
case NFT_RULE_O_DEFAULT:
diff --git a/src/expr/match.c b/src/expr/match.c
index edb78ea..8b98386 100644
--- a/src/expr/match.c
+++ b/src/expr/match.c
@@ -241,6 +241,29 @@ static int nft_rule_expr_match_xml_parse(struct nft_rule_expr *e, char *xml)
#endif
}
+static int nft_rule_expr_match_snprintf_json(char *buf, size_t len,
+ struct nft_expr_match *mt)
+{
+ int ret, size=len;
+ int i;
+ int offset = 0;
+ uint8_t *data = (uint8_t *)mt->data;
+
+ ret = snprintf(buf, len, "\"name\" : \"%s\", \"rev\" : %u, \"info\" : 0x",
+ mt->name, mt->rev);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ for (i=0; i < mt->data_len; i++) {
+ ret = snprintf(buf+offset, len, "%x", data[i] & 0xff);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ ret = snprintf(buf+offset, len, "\"");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
static int nft_rule_expr_match_snprintf_xml(char *buf, size_t len,
struct nft_expr_match *mt)
{
@@ -272,6 +295,8 @@ nft_rule_expr_match_snprintf(char *buf, size_t len, uint32_t type,
struct nft_expr_match *match = (struct nft_expr_match *)e->data;
switch(type) {
+ case NFT_RULE_O_JSON:
+ return nft_rule_expr_match_snprintf_json(buf, len, match);
case NFT_RULE_O_XML:
return nft_rule_expr_match_snprintf_xml(buf, len, match);
case NFT_RULE_O_DEFAULT:
diff --git a/src/expr/meta.c b/src/expr/meta.c
index 6316a49..df0c2ee 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -196,6 +196,10 @@ nft_rule_expr_meta_snprintf(char *buf, size_t len, uint32_t type,
struct nft_expr_meta *meta = (struct nft_expr_meta *)e->data;
switch(type) {
+ case NFT_RULE_O_JSON:
+ return snprintf(buf, len, "\"dreg\" : %u, "
+ "\"key\" : %u",
+ meta->dreg, meta->key);
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
"<key>%u</key>",
diff --git a/src/expr/nat.c b/src/expr/nat.c
index 5d924cf..182448d 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -328,6 +328,48 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
}
static int
+nft_rule_expr_nat_snprintf_json(char *buf, size_t size,
+ struct nft_rule_expr *e)
+{
+ struct nft_expr_nat *nat = (struct nft_expr_nat *)e->data;
+ int len = size, offset = 0, ret = 0;
+
+ switch (nat->type) {
+ case NFT_NAT_SNAT:
+ ret = snprintf(buf, len,
+ "\"type\" : \"NFT_NAT_SNAT\", ");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ break;
+ case NFT_NAT_DNAT:
+ ret = snprintf(buf, len,
+ "\"type\" : \"NFT_NAT_DNAT\", ");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ break;
+ }
+
+ ret = snprintf(buf, len, "\"family\" : \"%s\", ",
+ nat->family == AF_INET ? "AF_INET" : "AF_INET6");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
+ ret = snprintf(buf, len, "\"sreg_addr_min_v4\" : %u, "
+ " \"sreg_addr_max_v4\" : %u, ",
+ nat->sreg_addr_min, nat->sreg_addr_max);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ if (e->flags & (1 << NFT_EXPR_NAT_REG_PROTO_MIN)) {
+ ret = snprintf(buf, len, "\"sreg_proto_min\" : %u, "
+ "\"sreg_proto_max\" : %u",
+ nat->sreg_proto_min, nat->sreg_proto_max);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ return offset;
+}
+
+
+static int
nft_rule_expr_nat_snprintf_xml(char *buf, size_t size,
struct nft_rule_expr *e)
{
@@ -412,6 +454,8 @@ nft_rule_expr_nat_snprintf(char *buf, size_t size, uint32_t type,
uint32_t flags, struct nft_rule_expr *e)
{
switch (type) {
+ case NFT_RULE_O_JSON:
+ return nft_rule_expr_nat_snprintf_json(buf, size, e);
case NFT_RULE_O_XML:
return nft_rule_expr_nat_snprintf_xml(buf, size, e);
case NFT_RULE_O_DEFAULT:
diff --git a/src/expr/payload.c b/src/expr/payload.c
index ecb1bce..4f114a6 100644
--- a/src/expr/payload.c
+++ b/src/expr/payload.c
@@ -257,6 +257,12 @@ nft_rule_expr_payload_snprintf(char *buf, size_t len, uint32_t type,
struct nft_expr_payload *payload = (struct nft_expr_payload *)e->data;
switch(type) {
+ case NFT_RULE_O_JSON:
+ return snprintf(buf, len, "\"dreg\" : %u, "
+ "\"base\" : %u, \"offset\" : %u, "
+ "\"len\" : %u ",
+ payload->dreg, payload->base,
+ payload->offset, payload->len);
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
"<base>%u</base><offset>%u</offset>"
diff --git a/src/expr/target.c b/src/expr/target.c
index 6652c47..f534cfe 100644
--- a/src/expr/target.c
+++ b/src/expr/target.c
@@ -245,6 +245,30 @@ nft_rule_expr_target_xml_parse(struct nft_rule_expr *e, char *xml)
}
static
+int nft_rule_exp_target_snprintf_json(char *buf, size_t len,
+ struct nft_expr_target *tg)
+{
+ int ret, size=len;
+ int i;
+ int offset = 0;
+ uint8_t *data = (uint8_t *)tg->data;
+
+ ret = snprintf(buf, len, "\"name\" : \"%s\",\"rev\" : %u,\"info\" : \"0x",
+ tg->name, tg->rev);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ for (i=0; i < tg->data_len; i++) {
+ ret = snprintf(buf+offset, len, "%x", data[i] & 0xff);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ ret = snprintf(buf+offset, len, "\"");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
+static
int nft_rule_exp_target_snprintf_xml(char *buf, size_t len,
struct nft_expr_target *tg)
{
@@ -275,6 +299,8 @@ nft_rule_expr_target_snprintf(char *buf, size_t len, uint32_t type,
struct nft_expr_target *target = (struct nft_expr_target *)e->data;
switch(type) {
+ case NFT_RULE_O_JSON:
+ return nft_rule_exp_target_snprintf_json(buf, len, target);
case NFT_RULE_O_XML:
return nft_rule_exp_target_snprintf_xml(buf, len, target);
case NFT_RULE_O_DEFAULT:
diff --git a/src/internal.h b/src/internal.h
index 769926b..8e2e26d 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -22,6 +22,7 @@
#define NFT_RULE_XML_VERSION 0
#define NFT_TABLE_JSON_VERSION 0
#define NFT_CHAIN_JSON_VERSION 0
+#define NFT_RULE_JSON_VERSION 0
struct expr_ops;
diff --git a/src/rule.c b/src/rule.c
index 4c1672d..34b9a27 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -665,6 +665,48 @@ int nft_rule_parse(struct nft_rule *r, enum nft_rule_parse_type type, char *data
}
EXPORT_SYMBOL(nft_rule_parse);
+static int nft_rule_snprintf_json(char *buf, size_t size, struct nft_rule *r,
+ uint32_t type, uint32_t flags)
+{
+ int ret, len = size, offset = 0;
+ struct nft_rule_expr *expr;
+
+ret = snprintf(buf, size,
+ "{ \"rule\": { \"family\" : %u, \"table\" : \"%s\", "
+ "\"chain\" : \"%s\", \"handle\" : %llu, \"version\" : %d, ",
+ r->family, r->table, r->chain,
+ (unsigned long long)r->handle,
+ NFT_RULE_JSON_VERSION);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = snprintf(buf+offset, len, "\"rule_flags\" : %u, "
+ "\"compat_flags\" : %u, "
+ "\"compat_proto\" : %u, ",
+ r->rule_flags,
+ r->compat.flags, r->compat.proto);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = snprintf(buf+offset, len, "\"expr\" : [");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ list_for_each_entry(expr, &r->expr_list, head) {
+ ret = snprintf(buf+offset, len,
+ " { \"type\" : \"%s\", ", expr->ops->name);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = expr->ops->snprintf(buf+offset, len, type, flags, expr);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = snprintf(buf+offset, len, "},");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ }
+ ret = snprintf(buf+offset-1, len, "]}}");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
static int nft_rule_snprintf_xml(char *buf, size_t size, struct nft_rule *r,
uint32_t type, uint32_t flags)
{
@@ -731,6 +773,8 @@ int nft_rule_snprintf(char *buf, size_t size, struct nft_rule *r,
uint32_t type, uint32_t flags)
{
switch(type) {
+ case NFT_RULE_O_JSON:
+ return nft_rule_snprintf_json(buf, size, r, type, flags);
case NFT_RULE_O_XML:
return nft_rule_snprintf_xml(buf, size, r, type, flags);
case NFT_RULE_O_DEFAULT:
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [libnftables PATCH 2/2] Add code for testing the new functions for exporting rules to JSON Format
2013-06-13 18:50 [libnftables PATCH 0/2] Series to add JSON output support for rules Alvaro Neira
2013-06-13 18:50 ` [libnftables PATCH 1/2] Add function for exporting rule to JSON format Alvaro Neira
@ 2013-06-13 18:50 ` Alvaro Neira
1 sibling, 0 replies; 4+ messages in thread
From: Alvaro Neira @ 2013-06-13 18:50 UTC (permalink / raw)
To: netfilter-devel
From: Álvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
examples/nft-rule-get.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/examples/nft-rule-get.c b/examples/nft-rule-get.c
index 5bf41f5..2404f27 100644
--- a/examples/nft-rule-get.c
+++ b/examples/nft-rule-get.c
@@ -54,8 +54,11 @@ int main(int argc, char *argv[])
struct nft_rule *t = NULL;
int ret;
- if (argc == 2 && strcmp(argv[1], "xml") == 0 )
+ if (argc == 2 && strcmp(argv[1], "xml") == 0 ){
type = NFT_RULE_O_XML;
+ }else if (argc == 2 && strcmp(argv[1], "json") == 0 ){
+ type = NFT_RULE_O_JSON;
+ }
/* XXX requires table, chain and handle attributes for selective get */
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [libnftables PATCH 0/2] Series to add JSON output support for rules
@ 2013-06-27 19:56 Alvaro Neira
0 siblings, 0 replies; 4+ messages in thread
From: Alvaro Neira @ 2013-06-27 19:56 UTC (permalink / raw)
To: netfilter-devel; +Cc: eric
Json support for exporting rules and add implementation for testing this functions. I have also ordered the switch case in the right order:
First position: Default Support
Second position: Xml Support
Last position: Json Support
---
Álvaro Neira Ayuso (2):
Add function for exporting rule to JSON format and Order the switch values in the right order
Add code for testing the new functions for exporting rules to JSON Format
examples/nft-rule-get.c | 5 +++
include/libnftables/rule.h | 1 +
src/chain.c | 8 +++--
src/expr/bitwise.c | 37 ++++++++++++++++++++++++-
src/expr/byteorder.c | 22 +++++++++++++++
src/expr/cmp.c | 25 ++++++++++++++++-
src/expr/counter.c | 7 +++--
src/expr/ct.c | 5 +++
src/expr/data_reg.c | 65 +++++++++++++++++++++++++++++++++++++++-----
src/expr/exthdr.c | 16 +++++++----
src/expr/immediate.c | 40 ++++++++++++++++++++++++++-
src/expr/limit.c | 4 +++
src/expr/log.c | 7 +++++
src/expr/lookup.c | 20 ++++++++++++--
src/expr/match.c | 18 +++++++++++-
src/expr/meta.c | 10 +++++--
src/expr/nat.c | 44 ++++++++++++++++++++++++++++--
src/expr/payload.c | 39 ++++++++++++++++++++++++--
src/expr/target.c | 19 ++++++++++++-
src/internal.h | 1 +
src/rule.c | 52 ++++++++++++++++++++++++++++++++++-
src/table.c | 4 +--
22 files changed, 406 insertions(+), 43 deletions(-)
--
Álvaro Neira Ayuso
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-06-27 19:56 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-13 18:50 [libnftables PATCH 0/2] Series to add JSON output support for rules Alvaro Neira
2013-06-13 18:50 ` [libnftables PATCH 1/2] Add function for exporting rule to JSON format Alvaro Neira
2013-06-13 18:50 ` [libnftables PATCH 2/2] Add code for testing the new functions for exporting rules to JSON Format Alvaro Neira
-- strict thread matches above, loose matches on Subject: below --
2013-06-27 19:56 [libnftables PATCH 0/2] Series to add JSON output support for rules Alvaro Neira
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).