* [libnftables PATCH 00/21] Small fixes for XML
@ 2013-06-26 11:36 Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 01/21] chain: add hooknum2str Arturo Borrero Gonzalez
` (21 more replies)
0 siblings, 22 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:36 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
The following series implements a bunch of small fixes for the XML code in libnftables.
These are some of the changes Pablo requested me to make previous to the inclusion of the parsing test bench.
---
Arturo Borrero Gonzalez (21):
chain: add hooknum2str
src: xml: convert family values to string
rule: xml: conditional compat info
bitwise: xml: mask and xor use same number of data registers
expr: xml: validate registers < NFT_REG_MAX
nat: xml: change nat types string to dnat/snat
nat: xml: change IP range node names
byteorder: xml: op as string
ct: xml: add extra dir check
ct: xml: use key's name string instead of numbers
exthdr: xml: fix mandatory elements
chain: xml: use string for policy
data_reg: xml: len node shows byte length
data_reg: xml: fix bytes movements
target&match: xml: don't print rev number
payload: xml: use string for base attribute
exthdr: xml: use string for type node
meta: xml: use string to represent key attribute
nat: snprintf: fix buffer offset
nat: xml: rename node type to nat_type
exthdr: xml: rename type node to exthdr_type
src/Makefile.am | 3 +
src/chain.c | 100 +++++++++++++++++++++++---------
src/expr/bitwise.c | 20 ++++++
src/expr/byteorder.c | 29 +++++++--
src/expr/cmp.c | 5 ++
src/expr/ct.c | 58 +++++++++++++++++--
src/expr/data_reg.c | 21 ++++---
src/expr/exthdr.c | 139 ++++++++++++++++++++++++++++++++-------------
src/expr/immediate.c | 5 ++
src/expr/lookup.c | 10 +++
src/expr/match.c | 18 ------
src/expr/meta.c | 55 ++++++++++++++++--
src/expr/nat.c | 57 ++++++++----------
src/expr/payload.c | 57 ++++++++++++++++--
src/expr/target.c | 20 ------
src/internal.h | 3 +
src/rule.c | 72 ++++++++++++-----------
src/table.c | 24 ++++----
src/utils.c | 49 ++++++++++++++++
test/nft-chain-xml-add.sh | 18 +++---
test/nft-rule-xml-add.sh | 25 +++-----
test/nft-table-xml-add.sh | 4 +
22 files changed, 540 insertions(+), 252 deletions(-)
create mode 100644 src/utils.c
--
Signature
^ permalink raw reply [flat|nested] 23+ messages in thread
* [libnftables PATCH 01/21] chain: add hooknum2str
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
@ 2013-06-26 11:36 ` Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 02/21] src: xml: convert family values to string Arturo Borrero Gonzalez
` (20 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:36 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch translates the Netfilter hooknumber to a readable string.
Useful for printing and parsing in XML and JSON formats.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/chain.c | 36 +++++++++++++++++++++++++++---------
test/nft-chain-xml-add.sh | 6 +++---
2 files changed, 30 insertions(+), 12 deletions(-)
diff --git a/src/chain.c b/src/chain.c
index 6673b82..f3ba532 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -22,6 +22,7 @@
#include <libmnl/libmnl.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter.h>
#include <libnftables/chain.h>
@@ -42,6 +43,14 @@ struct nft_chain {
uint32_t flags;
};
+static const char *hooknum2str_array[NF_INET_NUMHOOKS] = {
+ [NF_INET_PRE_ROUTING] = "NF_INET_PRE_ROUTING",
+ [NF_INET_LOCAL_IN] = "NF_INET_LOCAL_IN",
+ [NF_INET_FORWARD] = "NF_INET_FORWARD",
+ [NF_INET_LOCAL_OUT] = "NF_INET_LOCAL_OUT",
+ [NF_INET_POST_ROUTING] = "NF_INET_POST_ROUTING",
+};
+
struct nft_chain *nft_chain_alloc(void)
{
return calloc(1, sizeof(struct nft_chain));
@@ -629,15 +638,22 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml)
mxmlDelete(tree);
return -1;
}
- utmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (utmp > UINT32_MAX || utmp < 0 || *endptr) {
+
+ /* iterate the list of hooks until a match is found */
+ for (utmp = 0; utmp < NF_INET_NUMHOOKS; utmp++) {
+ if (strcmp(node->child->value.opaque, hooknum2str_array[utmp]) == 0) {
+ c->hooknum = utmp;
+ c->flags |= (1 << NFT_CHAIN_ATTR_HOOKNUM);
+ break;
+ }
+ }
+
+ /* if no hook was found, error */
+ if (!(c->flags & (1 << NFT_CHAIN_ATTR_HOOKNUM))) {
mxmlDelete(tree);
return -1;
}
- memcpy(&c->hooknum, &utmp, sizeof(c->hooknum));
- c->flags |= (1 << NFT_CHAIN_ATTR_HOOKNUM);
-
/* Get and set <policy> */
node = mxmlFindElement(tree, tree, "policy", NULL, NULL, MXML_DESCEND);
if (node == NULL) {
@@ -709,7 +725,7 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
"\"table\" : \"%s\","
"\"prio\" : %d,"
"\"use\" : %d,"
- "\"hooknum\" : %d,"
+ "\"hooknum\" : %s,"
"\"policy\" : %d,"
"\"family\" : %d"
"}"
@@ -717,7 +733,8 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
"}",
c->name, c->handle, c->bytes, c->packets,
NFT_CHAIN_JSON_VERSION, c->type, c->table,
- c->prio, c->use, c->hooknum, c->policy, c->family);
+ c->prio, c->use, hooknum2str_array[c->hooknum],
+ c->policy, c->family);
}
static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
@@ -730,14 +747,15 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
"<table>%s</table>"
"<prio>%d</prio>"
"<use>%d</use>"
- "<hooknum>%d</hooknum>"
+ "<hooknum>%s</hooknum>"
"<policy>%d</policy>"
"<family>%d</family>"
"</properties>"
"</chain>",
c->name, c->handle, c->bytes, c->packets,
NFT_CHAIN_XML_VERSION, c->type, c->table,
- c->prio, c->use, c->hooknum, c->policy, c->family);
+ c->prio, c->use, hooknum2str_array[c->hooknum],
+ c->policy, c->family);
}
static int nft_chain_snprintf_default(char *buf, size_t size, struct nft_chain *c)
diff --git a/test/nft-chain-xml-add.sh b/test/nft-chain-xml-add.sh
index d1bd839..fda28cb 100755
--- a/test/nft-chain-xml-add.sh
+++ b/test/nft-chain-xml-add.sh
@@ -40,7 +40,7 @@ XML="<chain name=\"test1\" handle=\"100\" bytes=\"123\" packets=\"321\" version=
<table>filter</table>
<prio>0</prio>
<use>0</use>
- <hooknum>2</hooknum>
+ <hooknum>NF_INET_LOCAL_IN</hooknum>
<policy>1</policy>
<family>2</family>
</properties>
@@ -61,7 +61,7 @@ XML="<chain name=\"test2\" handle=\"101\" bytes=\"59\" packets=\"1\" version=\"0
<table>filter</table>
<prio>1</prio>
<use>0</use>
- <hooknum>4</hooknum>
+ <hooknum>NF_INET_POST_ROUTING</hooknum>
<policy>1</policy>
<family>10</family>
</properties>
@@ -83,7 +83,7 @@ XML="<chain name=\"test3\" handle=\"102\" bytes=\"51231239\" packets=\"112312312
<table>filter</table>
<prio>0</prio>
<use>0</use>
- <hooknum>4</hooknum>
+ <hooknum>NF_INET_FORWARD</hooknum>
<policy>1</policy>
<family>2</family>
</properties>
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 02/21] src: xml: convert family values to string
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 01/21] chain: add hooknum2str Arturo Borrero Gonzalez
@ 2013-06-26 11:36 ` Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 03/21] rule: xml: conditional compat info Arturo Borrero Gonzalez
` (19 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:36 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch translates all family values all around the code to show a string:
* ip if AF_INET
* ip6 if AF_INET6
* bridge if AF_BRIDGE
* arp if 0
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/Makefile.am | 3 ++-
src/chain.c | 24 ++++++++++++----------
src/expr/nat.c | 12 ++++-------
src/internal.h | 3 +++
src/rule.c | 13 ++++++------
src/table.c | 24 ++++++++++------------
src/utils.c | 49 +++++++++++++++++++++++++++++++++++++++++++++
test/nft-chain-xml-add.sh | 6 +++---
test/nft-rule-xml-add.sh | 3 +--
test/nft-table-xml-add.sh | 4 ++--
10 files changed, 94 insertions(+), 47 deletions(-)
create mode 100644 src/utils.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 4017720..4649646 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -4,7 +4,8 @@ lib_LTLIBRARIES = libnftables.la
libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBXML_LIBS}
libnftables_la_LDFLAGS = -Wl,--version-script=$(srcdir)/libnftables.map \
-version-info $(LIBVERSION)
-libnftables_la_SOURCES = table.c \
+libnftables_la_SOURCES = utils.c \
+ table.c \
chain.c \
rule.c \
set.c \
diff --git a/src/chain.c b/src/chain.c
index f3ba532..ce9bb1b 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -675,13 +675,13 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml)
mxmlDelete(tree);
return -1;
}
- utmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (utmp > UINT8_MAX || utmp < 0 || *endptr) {
+
+ if (nft_str2family(node->child->value.opaque) < 0) {
mxmlDelete(tree);
return -1;
}
- c->family = (uint32_t)utmp;
+ c->family = nft_str2family(node->child->value.opaque);
c->flags |= (1 << NFT_CHAIN_ATTR_FAMILY);
mxmlDelete(tree);
@@ -727,14 +727,14 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
"\"use\" : %d,"
"\"hooknum\" : %s,"
"\"policy\" : %d,"
- "\"family\" : %d"
+ "\"family\" : %s"
"}"
"}"
"}",
c->name, c->handle, c->bytes, c->packets,
NFT_CHAIN_JSON_VERSION, c->type, c->table,
c->prio, c->use, hooknum2str_array[c->hooknum],
- c->policy, c->family);
+ c->policy, nft_family2str(c->family));
}
static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
@@ -749,22 +749,24 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
"<use>%d</use>"
"<hooknum>%s</hooknum>"
"<policy>%d</policy>"
- "<family>%d</family>"
+ "<family>%s</family>"
"</properties>"
"</chain>",
c->name, c->handle, c->bytes, c->packets,
NFT_CHAIN_XML_VERSION, c->type, c->table,
c->prio, c->use, hooknum2str_array[c->hooknum],
- c->policy, c->family);
+ c->policy, nft_family2str(c->family));
}
-static int nft_chain_snprintf_default(char *buf, size_t size, struct nft_chain *c)
+static int nft_chain_snprintf_default(char *buf, size_t size,
+ struct nft_chain *c)
{
- return snprintf(buf, size, "family=%u table=%s chain=%s type=%s "
+ return snprintf(buf, size, "family=%s table=%s chain=%s type=%s "
"hook=%u prio=%d policy=%d use=%d "
"packets=%lu bytes=%lu",
- c->family, c->table, c->name, c->type, c->hooknum,
- c->prio, c->policy, c->use, c->packets, c->bytes);
+ nft_family2str(c->family), c->table, c->name, c->type,
+ c->hooknum, c->prio, c->policy, c->use, c->packets,
+ c->bytes);
}
int nft_chain_snprintf(char *buf, size_t size, struct nft_chain *c,
diff --git a/src/expr/nat.c b/src/expr/nat.c
index 7c4cf37..501f20c 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -254,15 +254,12 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
- if (strcmp(node->child->value.opaque, "AF_INET") == 0) {
- nat->family = AF_INET;
- } else if (strcmp(node->child->value.opaque, "AF_INET6") == 0) {
- nat->family = AF_INET6;
- } else {
+ if (nft_str2family(node->child->value.opaque) < 0) {
mxmlDelete(tree);
return -1;
}
+ nat->family = nft_str2family(node->child->value.opaque);
e->flags |= (1 << NFT_EXPR_NAT_FAMILY);
/* Get and set <sreg_addr_min_v4>. Not mandatory */
@@ -349,7 +346,7 @@ nft_rule_expr_nat_snprintf_xml(char *buf, size_t size,
}
ret = snprintf(buf+offset, len, "<family>%s</family>",
- nat->family == AF_INET ? "AF_INET" : "AF_INET6");
+ nft_family2str(nat->family));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
@@ -389,8 +386,7 @@ nft_rule_expr_nat_snprintf_default(char *buf, size_t size,
break;
}
- ret = snprintf(buf, len, "family=%s ",
- nat->family == AF_INET ? "AF_INET" : "AF_INET6");
+ ret = snprintf(buf, len, "family=%s ", nft_family2str(nat->family));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
diff --git a/src/internal.h b/src/internal.h
index fffca3d..23a3e59 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -23,6 +23,9 @@
#define NFT_TABLE_JSON_VERSION 0
#define NFT_CHAIN_JSON_VERSION 0
+const char *nft_family2str(uint32_t family);
+int nft_str2family(const char *family);
+
struct expr_ops;
struct nft_rule_expr {
diff --git a/src/rule.c b/src/rule.c
index 6058878..380b9ae 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -509,13 +509,12 @@ static int nft_rule_xml_parse(struct nft_rule *r, char *xml)
return -1;
}
- tmp = strtoull(mxmlElementGetAttr(tree, "family"), &endptr, 10);
- if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+ if (nft_str2family(mxmlElementGetAttr(tree, "family")) < 0) {
mxmlDelete(tree);
return -1;
}
- r->family = (uint8_t)tmp;
+ r->family = nft_str2family(mxmlElementGetAttr(tree, "family"));
r->flags |= (1 << NFT_RULE_ATTR_FAMILY);
/* get and set <rule ... table=X ...> */
@@ -678,9 +677,9 @@ static int nft_rule_snprintf_xml(char *buf, size_t size, struct nft_rule *r,
struct nft_rule_expr *expr;
ret = snprintf(buf, size,
- "<rule family=\"%u\" table=\"%s\" "
+ "<rule family=\"%s\" table=\"%s\" "
"chain=\"%s\" handle=\"%llu\" version=\"%d\">",
- r->family, r->table, r->chain,
+ nft_family2str(r->family), r->table, r->chain,
(unsigned long long)r->handle,
NFT_RULE_XML_VERSION);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
@@ -716,9 +715,9 @@ static int nft_rule_snprintf_default(char *buf, size_t size, struct nft_rule *r,
struct nft_rule_expr *expr;
int ret, len = size, offset = 0;
- ret = snprintf(buf, size, "family=%u table=%s chain=%s handle=%llu "
+ ret = snprintf(buf, size, "family=%s table=%s chain=%s handle=%llu "
"flags=%x ",
- r->family, r->table, r->chain,
+ nft_family2str(r->family), r->table, r->chain,
(unsigned long long)r->handle, r->rule_flags);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
diff --git a/src/table.c b/src/table.c
index 4533e23..211acdf 100644
--- a/src/table.c
+++ b/src/table.c
@@ -275,13 +275,12 @@ static int nft_table_xml_parse(struct nft_table *t, char *xml)
return -1;
}
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || *endptr || tmp < 0) {
+ if (nft_str2family(node->child->value.opaque) < 0) {
mxmlDelete(tree);
return -1;
}
- t->family = (uint32_t)tmp;
+ t->family = nft_str2family(node->child->value.opaque);
t->flags |= (1 << NFT_TABLE_ATTR_FAMILY);
/* Get and set <table_flags> */
@@ -335,32 +334,31 @@ static int nft_table_snprintf_json(char *buf, size_t size, struct nft_table *t)
"\"name\" : \"%s\","
"\"version\" : %d,"
"\"properties\" : {"
- "\"family\" : %u,"
+ "\"family\" : %s,"
"\"table_flags\" : %d"
"}"
"}"
"}" ,
t->name, NFT_TABLE_JSON_VERSION,
- t->family, t->table_flags);
+ nft_family2str(t->family), t->table_flags);
}
static int nft_table_snprintf_xml(char *buf, size_t size, struct nft_table *t)
{
- return snprintf(buf, size,
- "<table name=\"%s\" version=\"%d\">"
+ return snprintf(buf, size, "<table name=\"%s\" version=\"%d\">"
"<properties>"
- "<family>%u</family>"
+ "<family>%s</family>"
"<table_flags>%d</table_flags>"
"</properties>"
- "</table>" ,
- t->name, NFT_TABLE_XML_VERSION,
- t->family, t->table_flags);
+ "</table>",
+ t->name, NFT_TABLE_XML_VERSION,
+ nft_family2str(t->family), t->table_flags);
}
static int nft_table_snprintf_default(char *buf, size_t size, struct nft_table *t)
{
- return snprintf(buf, size, "table=%s family=%u flags=%x",
- t->name, t->family, t->table_flags);
+ return snprintf(buf, size, "table=%s family=%s flags=%x",
+ t->name, nft_family2str(t->family), t->table_flags);
}
int nft_table_snprintf(char *buf, size_t size, struct nft_table *t,
diff --git a/src/utils.c b/src/utils.c
new file mode 100644
index 0000000..e4463f1
--- /dev/null
+++ b/src/utils.c
@@ -0,0 +1,49 @@
+/*
+ * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
+ * (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ */
+
+#include <internal.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <stdint.h>
+#include <arpa/inet.h>
+
+const char *nft_family2str(uint32_t family)
+{
+ switch (family) {
+ case AF_INET:
+ return "ip";
+ case AF_INET6:
+ return "ip6";
+ case AF_BRIDGE:
+ return "bridge";
+ case 0:
+ return "arp";
+ default:
+ return "unknown";
+ }
+}
+
+int nft_str2family(const char *family)
+{
+ if (strcmp(family, "ip") == 0)
+ return AF_INET;
+
+ if (strcmp(family, "ip6") == 0)
+ return AF_INET6;
+
+ if (strcmp(family, "bridge") == 0)
+ return AF_BRIDGE;
+
+ if (strcmp(family, "arp") == 0)
+ return 0;
+
+ return -1;
+}
diff --git a/test/nft-chain-xml-add.sh b/test/nft-chain-xml-add.sh
index fda28cb..ab50e2b 100755
--- a/test/nft-chain-xml-add.sh
+++ b/test/nft-chain-xml-add.sh
@@ -42,7 +42,7 @@ XML="<chain name=\"test1\" handle=\"100\" bytes=\"123\" packets=\"321\" version=
<use>0</use>
<hooknum>NF_INET_LOCAL_IN</hooknum>
<policy>1</policy>
- <family>2</family>
+ <family>ip</family>
</properties>
</chain>"
@@ -63,7 +63,7 @@ XML="<chain name=\"test2\" handle=\"101\" bytes=\"59\" packets=\"1\" version=\"0
<use>0</use>
<hooknum>NF_INET_POST_ROUTING</hooknum>
<policy>1</policy>
- <family>10</family>
+ <family>ip6</family>
</properties>
</chain>"
@@ -85,7 +85,7 @@ XML="<chain name=\"test3\" handle=\"102\" bytes=\"51231239\" packets=\"112312312
<use>0</use>
<hooknum>NF_INET_FORWARD</hooknum>
<policy>1</policy>
- <family>2</family>
+ <family>ip</family>
</properties>
</chain>"
diff --git a/test/nft-rule-xml-add.sh b/test/nft-rule-xml-add.sh
index 426b975..961b597 100755
--- a/test/nft-rule-xml-add.sh
+++ b/test/nft-rule-xml-add.sh
@@ -33,9 +33,8 @@ fi
[ ! -x "$NFT" ] && echo "W: nftables main binary not found but continuing anyway $NFT"
-XML="<rule family=\"2\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version=\"0\">
+XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version=\"0\">
<rule_flags>0</rule_flags>
- <flags>127</flags>
<compat_flags>0</compat_flags>
<compat_proto>0</compat_proto>
<expr type=\"meta\">
diff --git a/test/nft-table-xml-add.sh b/test/nft-table-xml-add.sh
index 2c55edc..30b65e1 100755
--- a/test/nft-table-xml-add.sh
+++ b/test/nft-table-xml-add.sh
@@ -40,7 +40,7 @@ fi
# This is valid
XML="<table name=\"filter_test\" version=\"0\">
<properties>
- <family>2</family>
+ <family>ip</family>
<table_flags>0</table_flags>
</properties>
</table>"
@@ -57,7 +57,7 @@ fi
# This is valid
XML="<table name=\"filter6_test\" version=\"0\">
<properties>
- <family>10</family>
+ <family>ip6</family>
<table_flags>0</table_flags>
</properties>
</table>"
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 03/21] rule: xml: conditional compat info
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 01/21] chain: add hooknum2str Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 02/21] src: xml: convert family values to string Arturo Borrero Gonzalez
@ 2013-06-26 11:36 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 04/21] bitwise: xml: mask and xor use same number of data registers Arturo Borrero Gonzalez
` (18 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:36 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
The compat XML info is now conditional both when printing and parsing.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/rule.c | 59 ++++++++++++++++++++++++++++++-----------------------------
1 file changed, 30 insertions(+), 29 deletions(-)
diff --git a/src/rule.c b/src/rule.c
index 380b9ae..53b0e3b 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -571,37 +571,33 @@ static int nft_rule_xml_parse(struct nft_rule *r, char *xml)
r->rule_flags = (uint32_t)tmp;
r->flags |= (1 << NFT_RULE_ATTR_FLAGS);
- /* get and set <compat_proto> */
+ /* <compat_proto> is optional */
node = mxmlFindElement(tree, tree, "compat_proto", NULL, NULL,
MXML_DESCEND);
- if (node == NULL) {
- mxmlDelete(tree);
- return -1;
- }
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
+ if (node != NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
- r->compat.proto = (uint32_t)tmp;
- r->flags |= (1 << NFT_RULE_ATTR_COMPAT_PROTO);
+ r->compat.proto = tmp;
+ r->flags |= (1 << NFT_RULE_ATTR_COMPAT_PROTO);
+ }
- /* get and set <compat_flags> */
+ /* <compat_flags> is optional */
node = mxmlFindElement(tree, tree, "compat_flags", NULL, NULL,
MXML_DESCEND);
- if (node == NULL) {
- mxmlDelete(tree);
- return -1;
- }
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
+ if (node != NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
- r->compat.flags = (uint32_t)tmp;
- r->flags |= (1 << NFT_RULE_ATTR_COMPAT_FLAGS);
+ r->compat.flags = tmp;
+ r->flags |= (1 << NFT_RULE_ATTR_COMPAT_FLAGS);
+ }
/* Iterating over <expr> */
for (node = mxmlFindElement(tree, tree, "expr", "type",
@@ -684,13 +680,18 @@ static int nft_rule_snprintf_xml(char *buf, size_t size, struct nft_rule *r,
NFT_RULE_XML_VERSION);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- ret = snprintf(buf+offset, len, "<rule_flags>%u</rule_flags>"
- "<compat_flags>%u</compat_flags>"
- "<compat_proto>%u</compat_proto>",
- r->rule_flags,
- r->compat.flags, r->compat.proto);
+ ret = snprintf(buf+offset, len, "<rule_flags>%u</rule_flags>",
+ r->rule_flags);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ if (r->compat.flags != 0 || r->compat.proto != 0) {
+ ret = snprintf(buf+offset, len,
+ "<compat_flags>%u</compat_flags>"
+ "<compat_proto>%u</compat_proto>",
+ r->compat.flags, r->compat.proto);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
list_for_each_entry(expr, &r->expr_list, head) {
ret = snprintf(buf+offset, len,
"<expr type=\"%s\">", expr->ops->name);
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 04/21] bitwise: xml: mask and xor use same number of data registers
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (2 preceding siblings ...)
2013-06-26 11:36 ` [libnftables PATCH 03/21] rule: xml: conditional compat info Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 05/21] expr: xml: validate registers < NFT_REG_MAX Arturo Borrero Gonzalez
` (17 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
The mask and xor must use the same number of data registers.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/bitwise.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
index fa2fc5a..6932086 100644
--- a/src/expr/bitwise.c
+++ b/src/expr/bitwise.c
@@ -298,6 +298,16 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, char *xml)
bitwise->xor.len = data_regtmp.len;
e->flags |= (1 << NFT_EXPR_BITWISE_XOR);
+ /* Additional validation: mask and xor must use the same number of
+ * data registers.
+ */
+
+ if (bitwise->mask.len != bitwise->xor.len) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+
mxmlDelete(tree);
return 0;
#else
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 05/21] expr: xml: validate registers < NFT_REG_MAX
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (3 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 04/21] bitwise: xml: mask and xor use same number of data registers Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 06/21] nat: xml: change nat types string to dnat/snat Arturo Borrero Gonzalez
` (16 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patchs add validations for all exprs that uses nft_registers to use a value < NFT_REG_MAX..
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/bitwise.c | 10 ++++++++++
src/expr/byteorder.c | 6 ++++++
src/expr/cmp.c | 5 +++++
src/expr/ct.c | 3 +++
src/expr/exthdr.c | 5 +++++
src/expr/immediate.c | 5 +++++
src/expr/lookup.c | 10 ++++++++++
src/expr/meta.c | 5 +++++
src/expr/payload.c | 5 +++++
9 files changed, 54 insertions(+)
diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
index 6932086..35167db 100644
--- a/src/expr/bitwise.c
+++ b/src/expr/bitwise.c
@@ -237,6 +237,11 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
bitwise->sreg = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_BITWISE_SREG);
@@ -252,6 +257,11 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
bitwise->dreg = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_BITWISE_DREG);
diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c
index 201a943..c2f38a8 100644
--- a/src/expr/byteorder.c
+++ b/src/expr/byteorder.c
@@ -225,6 +225,9 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, char *xml)
if (tmp > UINT32_MAX || tmp < 0 || *endptr)
goto err;
+ if (tmp > NFT_REG_MAX)
+ goto err;
+
byteorder->sreg = tmp;
e->flags |= (1 << NFT_EXPR_BYTEORDER_SREG);
@@ -236,6 +239,9 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, char *xml)
if (tmp > UINT32_MAX || tmp < 0 || *endptr)
goto err;
+ if (tmp > NFT_REG_MAX)
+ goto err;
+
byteorder->dreg = tmp;
e->flags |= (1 << NFT_EXPR_BYTEORDER_DREG);
diff --git a/src/expr/cmp.c b/src/expr/cmp.c
index dac1f54..9507a0e 100644
--- a/src/expr/cmp.c
+++ b/src/expr/cmp.c
@@ -203,6 +203,11 @@ static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
cmp->sreg = (uint8_t)tmp;
e->flags |= (1 << NFT_EXPR_CMP_SREG);
}
diff --git a/src/expr/ct.c b/src/expr/ct.c
index 7a239fa..61a8fef 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -177,6 +177,9 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml)
if (tmp > UINT8_MAX || tmp < 0 || *endptr)
goto err;
+ if (tmp > NFT_REG_MAX)
+ goto err;
+
ct->dreg = tmp;
e->flags |= (1 << NFT_EXPR_CT_DREG);
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 8af6a63..7e16878 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -205,6 +205,11 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
exthdr->dreg = tmp;
e->flags |= (1 << NFT_EXPR_EXTHDR_DREG);
}
diff --git a/src/expr/immediate.c b/src/expr/immediate.c
index b5a6a41..8bc810c 100644
--- a/src/expr/immediate.c
+++ b/src/expr/immediate.c
@@ -236,6 +236,11 @@ nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
imm->dreg = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_IMM_DREG);
diff --git a/src/expr/lookup.c b/src/expr/lookup.c
index 0ae93ce..ecc07cb 100644
--- a/src/expr/lookup.c
+++ b/src/expr/lookup.c
@@ -204,6 +204,11 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
lookup->sreg = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_LOOKUP_SREG);
@@ -217,6 +222,11 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
lookup->dreg = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_LOOKUP_DREG);
}
diff --git a/src/expr/meta.c b/src/expr/meta.c
index 535b456..41fcff1 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -163,6 +163,11 @@ static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
meta->dreg = (uint8_t)tmp;
e->flags |= (1 << NFT_EXPR_META_DREG);
diff --git a/src/expr/payload.c b/src/expr/payload.c
index 28c52ca..dc42918 100644
--- a/src/expr/payload.c
+++ b/src/expr/payload.c
@@ -200,6 +200,11 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
payload->dreg = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_PAYLOAD_DREG);
}
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 06/21] nat: xml: change nat types string to dnat/snat
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (4 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 05/21] expr: xml: validate registers < NFT_REG_MAX Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 07/21] nat: xml: change IP range node names Arturo Borrero Gonzalez
` (15 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch replaces the string NFT_NAT_{S|D}NAT with {s|d}nat in the <type> node.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/nat.c | 25 +++++++++++--------------
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/src/expr/nat.c b/src/expr/nat.c
index 501f20c..f38011a 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -236,9 +236,9 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
- if (strcmp(node->child->value.opaque, "NFT_NAT_SNAT") == 0) {
+ if (strcmp(node->child->value.opaque, "snat") == 0) {
nat->type = NFT_NAT_SNAT;
- } else if (strcmp(node->child->value.opaque, "NFT_NAT_DNAT") == 0) {
+ } else if (strcmp(node->child->value.opaque, "dnat") == 0) {
nat->type = NFT_NAT_DNAT;
} else {
mxmlDelete(tree);
@@ -332,18 +332,15 @@ nft_rule_expr_nat_snprintf_xml(char *buf, size_t size,
struct nft_expr_nat *nat = (struct nft_expr_nat *)e->data;
int len = size, offset = 0, ret = 0;
- switch (nat->type) {
- case NFT_NAT_SNAT:
- ret = snprintf(buf, len,
- "<type>NFT_NAT_SNAT</type>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- break;
- case NFT_NAT_DNAT:
- ret = snprintf(buf, len,
- "<type>NFT_NAT_DNAT</type>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- break;
- }
+ /* Is a mandatory element. Provide a default, even empty */
+ if (nat->type == NFT_NAT_SNAT)
+ ret = snprintf(buf, len, "<type>snat</type>");
+ else if (nat->type == NFT_NAT_DNAT)
+ ret = snprintf(buf, len, "<type>dnat</type>");
+ else
+ ret = snprintf(buf, len, "<type/>");
+
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
ret = snprintf(buf+offset, len, "<family>%s</family>",
nft_family2str(nat->family));
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 07/21] nat: xml: change IP range node names
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (5 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 06/21] nat: xml: change nat types string to dnat/snat Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 08/21] byteorder: xml: op as string Arturo Borrero Gonzalez
` (14 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch changes the name of XML nodes from <sreg_addr_min_v4> to <sreg_addr_min>,
and <sreg_addr_max_v4> to <sreg_addr_max>, as they are protocol-independent.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/nat.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/expr/nat.c b/src/expr/nat.c
index f38011a..7d83154 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -262,8 +262,8 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
nat->family = nft_str2family(node->child->value.opaque);
e->flags |= (1 << NFT_EXPR_NAT_FAMILY);
- /* Get and set <sreg_addr_min_v4>. Not mandatory */
- node = mxmlFindElement(tree, tree, "sreg_addr_min_v4", NULL, NULL,
+ /* Get and set <sreg_addr_min>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "sreg_addr_min", NULL, NULL,
MXML_DESCEND);
if (node != NULL) {
tmp = strtoull(node->child->value.opaque, &endptr, 10);
@@ -276,8 +276,8 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MIN);
}
- /* Get and set <sreg_addr_max_v4>. Not mandatory */
- node = mxmlFindElement(tree, tree, "sreg_addr_max_v4", NULL, NULL,
+ /* Get and set <sreg_addr_max>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "sreg_addr_max", NULL, NULL,
MXML_DESCEND);
if (node != NULL) {
tmp = strtoull(node->child->value.opaque, &endptr, 10);
@@ -348,8 +348,8 @@ nft_rule_expr_nat_snprintf_xml(char *buf, size_t size,
if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
ret = snprintf(buf+offset, len,
- "<sreg_addr_min_v4>%u</sreg_addr_min_v4>"
- "<sreg_addr_max_v4>%u</sreg_addr_max_v4>",
+ "<sreg_addr_min>%u</sreg_addr_min>"
+ "<sreg_addr_max>%u</sreg_addr_max>",
nat->sreg_addr_min, nat->sreg_addr_max);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 08/21] byteorder: xml: op as string
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (6 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 07/21] nat: xml: change IP range node names Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 09/21] ct: xml: add extra dir check Arturo Borrero Gonzalez
` (13 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch changes the numerical value of the XML byteorder's <op> node to a string representation.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/byteorder.c | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c
index c2f38a8..b0ba009 100644
--- a/src/expr/byteorder.c
+++ b/src/expr/byteorder.c
@@ -196,6 +196,11 @@ nft_rule_expr_byteorder_parse(struct nft_rule_expr *e, struct nlattr *attr)
return ret;
}
+static char *expr_byteorder_str[] = {
+ [NFT_BYTEORDER_HTON] = "hton",
+ [NFT_BYTEORDER_NTOH] = "ntoh",
+};
+
static int
nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, char *xml)
{
@@ -249,11 +254,13 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, char *xml)
if (node == NULL)
goto err;
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT8_MAX || tmp < 0 || *endptr)
+ if (strcmp(node->child->value.opaque, "ntoh") == 0)
+ byteorder->op = NFT_BYTEORDER_NTOH;
+ else if (strcmp(node->child->value.opaque, "hton") == 0)
+ byteorder->op = NFT_BYTEORDER_HTON;
+ else
goto err;
- byteorder->op = tmp;
e->flags |= (1 << NFT_EXPR_BYTEORDER_OP);
node = mxmlFindElement(tree, tree, "len", NULL, NULL, MXML_DESCEND);
@@ -298,10 +305,11 @@ nft_rule_expr_byteorder_snprintf_xml(char *buf, size_t size,
ret = snprintf(buf, len, "<sreg>%u</sreg>"
"<dreg>%u</dreg>"
- "<op>%u</op>"
+ "<op>%s</op>"
"<len>%u</len>"
"<size>%u</size>",
- byteorder->sreg, byteorder->dreg, byteorder->op,
+ byteorder->sreg, byteorder->dreg,
+ expr_byteorder_str[byteorder->op],
byteorder->len, byteorder->size);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
@@ -314,8 +322,9 @@ nft_rule_expr_byteorder_snprintf_default(char *buf, size_t size,
{
int len = size, offset = 0, ret;
- ret = snprintf(buf, len, "sreg=%u dreg=%u op=%u len=%u size=%u ",
- byteorder->sreg, byteorder->dreg, byteorder->op,
+ ret = snprintf(buf, len, "sreg=%u dreg=%u op=%s len=%u size=%u ",
+ byteorder->sreg, byteorder->dreg,
+ expr_byteorder_str[byteorder->op],
byteorder->len, byteorder->size);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 09/21] ct: xml: add extra dir check
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (7 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 08/21] byteorder: xml: op as string Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 10/21] ct: xml: use key's name string instead of numbers Arturo Borrero Gonzalez
` (12 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch adds an extra dir check.
0 means original.
1 means a reply.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/ct.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/expr/ct.c b/src/expr/ct.c
index 61a8fef..3605ecc 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -14,6 +14,7 @@
#include <arpa/inet.h>
#include <errno.h>
#include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter/nf_conntrack_tuple_common.h>
#include "internal.h"
#include <libmnl/libmnl.h>
@@ -202,6 +203,9 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml)
if (tmp > UINT8_MAX || tmp < 0 || *endptr)
goto err;
+ if (tmp != IP_CT_DIR_ORIGINAL && tmp != IP_CT_DIR_REPLY)
+ goto err;
+
ct->dir = tmp;
e->flags |= (1 << NFT_EXPR_CT_DIR);
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 10/21] ct: xml: use key's name string instead of numbers
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (8 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 09/21] ct: xml: add extra dir check Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 11/21] exthdr: xml: fix mandatory elements Arturo Borrero Gonzalez
` (11 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
Now ct expr will use a string representation instead of a numerical one in the <key> node.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/ct.c | 51 ++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 44 insertions(+), 7 deletions(-)
diff --git a/src/expr/ct.c b/src/expr/ct.c
index 3605ecc..2955353 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -22,6 +22,10 @@
#include <libnftables/rule.h>
#include "expr_ops.h"
+#ifndef NFT_CT_MAX
+#define NFT_CT_MAX (NFT_CT_PROTO_DST + 1)
+#endif
+
struct nft_expr_ct {
enum nft_ct_keys key;
uint32_t dreg; /* enum nft_registers */
@@ -150,6 +154,40 @@ nft_rule_expr_ct_parse(struct nft_rule_expr *e, struct nlattr *attr)
return 0;
}
+const char *ctkey2str_array[NFT_CT_MAX] = {
+ [NFT_CT_STATE] = "state",
+ [NFT_CT_DIRECTION] = "direction",
+ [NFT_CT_STATUS] = "status",
+ [NFT_CT_MARK] = "mark",
+ [NFT_CT_SECMARK] = "secmark",
+ [NFT_CT_EXPIRATION] = "expiration",
+ [NFT_CT_HELPER] = "helper",
+ [NFT_CT_PROTOCOL] = "protocol",
+ [NFT_CT_SRC] = "src",
+ [NFT_CT_DST] = "dst",
+ [NFT_CT_PROTO_SRC] = "proto_src",
+ [NFT_CT_PROTO_DST] = "proto_dst"
+};
+
+static const char *ctkey2str(uint32_t ctkey)
+{
+ if (ctkey > NFT_CT_MAX)
+ return "unknown";
+
+ return ctkey2str_array[ctkey];
+}
+
+static int str2ctkey(char *ctkey)
+{
+ int i;
+
+ for (i = 0; i < NFT_CT_MAX; i++)
+ if (strcmp(ctkey2str_array[i], ctkey) == 0)
+ return i;
+
+ return -1;
+}
+
static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml)
{
#ifdef XML_PARSING
@@ -188,11 +226,10 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, char *xml)
if (node == NULL)
goto err;
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT8_MAX || tmp < 0 || *endptr)
+ if (str2ctkey(node->child->value.opaque) < 0)
goto err;
- ct->key = tmp;
+ ct->key = str2ctkey(node->child->value.opaque);
e->flags |= (1 << NFT_EXPR_CT_KEY);
node = mxmlFindElement(tree, tree, "dir", NULL, NULL, MXML_DESCEND);
@@ -229,13 +266,13 @@ nft_rule_expr_ct_snprintf(char *buf, size_t len, uint32_t type,
switch(type) {
case NFT_RULE_O_DEFAULT:
- return snprintf(buf, len, "dreg=%u key=%u dir=%u ",
- ct->dreg, ct->key, ct->dir);
+ return snprintf(buf, len, "dreg=%u key=%s dir=%u ",
+ ct->dreg, ctkey2str(ct->key), ct->dir);
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
- "<key>%u</key>"
+ "<key>%s</key>"
"<dir>%u</dir>",
- ct->dreg, ct->key, ct->dir);
+ ct->dreg, ctkey2str(ct->key), ct->dir);
default:
break;
}
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 11/21] exthdr: xml: fix mandatory elements
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (9 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 10/21] ct: xml: use key's name string instead of numbers Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 12/21] chain: xml: use string for policy Arturo Borrero Gonzalez
` (10 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
According to net/netfilter/nft_exthdr.c: nft_exthdr_init(),
all of dreg, type, offset and len are mandatory:
if (tb[NFTA_EXTHDR_DREG] == NULL ||
tb[NFTA_EXTHDR_TYPE] == NULL ||
tb[NFTA_EXTHDR_OFFSET] == NULL ||
tb[NFTA_EXTHDR_LEN] == NULL)
return -EINVAL;
So the XML parser must make sure the equivalent nodes exists.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/exthdr.c | 95 +++++++++++++++++++++++++++++++----------------------
1 file changed, 55 insertions(+), 40 deletions(-)
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 7e16878..762facd 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -195,64 +195,79 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
- /* Get and set <dreg>. Not mandatory */
+ /* All nodes are mandatory */
+
+ /* Get and set <dreg> */
node = mxmlFindElement(tree, tree, "dreg", NULL, NULL,
MXML_DESCEND_FIRST);
- if (node != NULL) {
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
- if (tmp > NFT_REG_MAX) {
- mxmlDelete(tree);
- return -1;
- }
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
- exthdr->dreg = tmp;
- e->flags |= (1 << NFT_EXPR_EXTHDR_DREG);
+ if (tmp > NFT_REG_MAX) {
+ mxmlDelete(tree);
+ return -1;
}
- /* Get and set <type>. Not mandatory */
+ exthdr->dreg = tmp;
+ e->flags |= (1 << NFT_EXPR_EXTHDR_DREG);
+
+ /* Get and set <type> */
node = mxmlFindElement(tree, tree, "type", NULL, NULL, MXML_DESCEND);
- if (node != NULL) {
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
- exthdr->type = tmp;
- e->flags |= (1 << NFT_EXPR_EXTHDR_TYPE);
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
}
- /* Get and set <offset>. Not mandatory */
+ exthdr->type = tmp;
+ e->flags |= (1 << NFT_EXPR_EXTHDR_TYPE);
+
+ /* Get and set <offset> */
node = mxmlFindElement(tree, tree, "offset", NULL, NULL,
MXML_DESCEND);
- if (node != NULL) {
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
- exthdr->offset = tmp;
- e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET);
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
}
- /* Get and set <len>. Not mandatory */
+ exthdr->offset = tmp;
+ e->flags |= (1 << NFT_EXPR_EXTHDR_OFFSET);
+
+ /* Get and set <len> */
node = mxmlFindElement(tree, tree, "len", NULL, NULL, MXML_DESCEND);
- if (node != NULL) {
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
- exthdr->len = tmp;
- e->flags |= (1 << NFT_EXPR_EXTHDR_LEN);
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
}
+
+ exthdr->len = tmp;
+ e->flags |= (1 << NFT_EXPR_EXTHDR_LEN);
+
mxmlDelete(tree);
return 0;
#else
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 12/21] chain: xml: use string for policy
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (10 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 11/21] exthdr: xml: fix mandatory elements Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 13/21] data_reg: xml: len node shows byte length Arturo Borrero Gonzalez
` (9 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
Now the <policy> node is using "accept" or "drop".
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/chain.c | 52 +++++++++++++++++++++++++++++++--------------
test/nft-chain-xml-add.sh | 6 +++--
2 files changed, 39 insertions(+), 19 deletions(-)
diff --git a/src/chain.c b/src/chain.c
index ce9bb1b..a66ffe9 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -660,13 +660,16 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml)
mxmlDelete(tree);
return -1;
}
- utmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (utmp > UINT32_MAX || utmp < 0 || *endptr) {
+
+ if (strcmp(node->child->value.opaque, "accept") == 0) {
+ c->policy = NF_ACCEPT;
+ } else if (strcmp(node->child->value.opaque, "drop") == 0) {
+ c->policy = NF_DROP;
+ } else {
mxmlDelete(tree);
return -1;
}
- c->policy = (uint32_t)utmp;
c->flags |= (1 << NFT_CHAIN_ATTR_POLICY);
/* Get and set <family> */
@@ -739,23 +742,40 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
{
- return snprintf(buf, size,
- "<chain name=\"%s\" handle=\"%lu\""
- " bytes=\"%lu\" packets=\"%lu\" version=\"%d\">"
- "<properties>"
+ int ret, len = size, offset = 0;
+
+ ret = snprintf(buf, size,
+ "<chain name=\"%s\" handle=\"%lu\""
+ " bytes=\"%lu\" packets=\"%lu\" version=\"%d\">"
+ "<properties>"
"<type>%s</type>"
"<table>%s</table>"
"<prio>%d</prio>"
"<use>%d</use>"
- "<hooknum>%s</hooknum>"
- "<policy>%d</policy>"
- "<family>%s</family>"
- "</properties>"
- "</chain>",
- c->name, c->handle, c->bytes, c->packets,
- NFT_CHAIN_XML_VERSION, c->type, c->table,
- c->prio, c->use, hooknum2str_array[c->hooknum],
- c->policy, nft_family2str(c->family));
+ "<hooknum>%s</hooknum>",
+ c->name, c->handle, c->bytes, c->packets,
+ NFT_CHAIN_XML_VERSION, c->type, c->table,
+ c->prio, c->use, hooknum2str_array[c->hooknum]);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ /* The parsing will fail both if there are something different
+ * than {accept|drop} or if the <policy> node is missing.
+ */
+
+ if (c->policy == NF_ACCEPT) {
+ ret = snprintf(buf+offset, size, "<policy>accept</policy>");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ } else if (c->policy == NF_DROP) {
+ ret = snprintf(buf+offset, size, "<policy>drop</policy>");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ ret = snprintf(buf+offset, size, "<family>%s</family>"
+ "</properties></chain>",
+ nft_family2str(c->family));
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
}
static int nft_chain_snprintf_default(char *buf, size_t size,
diff --git a/test/nft-chain-xml-add.sh b/test/nft-chain-xml-add.sh
index ab50e2b..ed39d54 100755
--- a/test/nft-chain-xml-add.sh
+++ b/test/nft-chain-xml-add.sh
@@ -41,7 +41,7 @@ XML="<chain name=\"test1\" handle=\"100\" bytes=\"123\" packets=\"321\" version=
<prio>0</prio>
<use>0</use>
<hooknum>NF_INET_LOCAL_IN</hooknum>
- <policy>1</policy>
+ <policy>accept</policy>
<family>ip</family>
</properties>
</chain>"
@@ -62,7 +62,7 @@ XML="<chain name=\"test2\" handle=\"101\" bytes=\"59\" packets=\"1\" version=\"0
<prio>1</prio>
<use>0</use>
<hooknum>NF_INET_POST_ROUTING</hooknum>
- <policy>1</policy>
+ <policy>accept</policy>
<family>ip6</family>
</properties>
</chain>"
@@ -84,7 +84,7 @@ XML="<chain name=\"test3\" handle=\"102\" bytes=\"51231239\" packets=\"112312312
<prio>0</prio>
<use>0</use>
<hooknum>NF_INET_FORWARD</hooknum>
- <policy>1</policy>
+ <policy>drop</policy>
<family>ip</family>
</properties>
</chain>"
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 13/21] data_reg: xml: len node shows byte length
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (11 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 12/21] chain: xml: use string for policy Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 14/21] data_reg: xml: fix bytes movements Arturo Borrero Gonzalez
` (8 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
Previous to this patch, the <len> node was 'how many <dataN> nodes we have'.
Now, the <len> node means 'how many bytes are in <dataN> nodes'.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/data_reg.c | 13 ++++++-------
test/nft-rule-xml-add.sh | 8 ++++----
2 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
index 5eb7f38..b8b8d66 100644
--- a/src/expr/data_reg.c
+++ b/src/expr/data_reg.c
@@ -132,7 +132,7 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml)
{
mxml_node_t *tree = NULL;
mxml_node_t *node = NULL;
- int i, len;
+ int i;
int64_t tmp;
uint64_t utmp;
char *endptr;
@@ -152,7 +152,7 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml)
/*
* <data_reg type="value">
- * <len>4</len>
+ * <len>16</len>
* <data0>0xc09a002a</data0>
* <data1>0x2700cac1</data1>
* <data2>0x00000000</data2>
@@ -183,11 +183,11 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml)
mxmlDelete(tree);
return -1;
}
- /* maybe also (len < 1 || len > 4) */
- len = tmp;
+
+ reg->len = tmp;
/* Get and set <dataN> */
- for (i = 0; i < len; i++) {
+ for (i = 0; i < reg->len/sizeof(uint32_t); i++) {
sprintf(node_name, "data%d", i);
node = mxmlFindElement(tree, tree, node_name, NULL,
@@ -205,7 +205,6 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml)
reg->val[i] = utmp;
}
- reg->len = sizeof(reg->val);
mxmlDelete(tree);
return 0;
@@ -265,7 +264,7 @@ int nft_data_reg_value_snprintf_xml(char *buf, size_t size,
ret = snprintf(buf, len, "<data_reg type=\"value\">");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- ret = snprintf(buf+offset, len, "<len>%d</len>", data_len);
+ ret = snprintf(buf+offset, len, "<len>%zd</len>", reg->len);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
for (i=0; i<data_len; i++) {
diff --git a/test/nft-rule-xml-add.sh b/test/nft-rule-xml-add.sh
index 961b597..0bd08ff 100755
--- a/test/nft-rule-xml-add.sh
+++ b/test/nft-rule-xml-add.sh
@@ -46,7 +46,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
<op>eq</op>
<cmpdata>
<data_reg type=\"value\">
- <len>1</len>
+ <len>4</len>
<data0>0x04000000</data0>
</data_reg>
</cmpdata>
@@ -62,7 +62,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
<op>eq</op>
<cmpdata>
<data_reg type=\"value\">
- <len>1</len>
+ <len>4</len>
<data0>0x96d60496</data0>
</data_reg>
</cmpdata>
@@ -78,7 +78,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
<op>eq</op>
<cmpdata>
<data_reg type=\"value\">
- <len>1</len>
+ <len>4</len>
<data0>0x96d60329</data0>
</data_reg>
</cmpdata>
@@ -94,7 +94,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
<op>eq</op>
<cmpdata>
<data_reg type=\"value\">
- <len>1</len>
+ <len>4</len>
<data0>0x06000000</data0>
</data_reg>
</cmpdata>
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 14/21] data_reg: xml: fix bytes movements
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (12 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 13/21] data_reg: xml: len node shows byte length Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 15/21] target&match: xml: don't print rev number Arturo Borrero Gonzalez
` (7 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
Fix wrong arithmetics when printing and parsing data registers in XML:
Previous to this patch, a uin32_t containing the number 2864434397
(0xaabbccdd) will be printed this way under some circumstances:
<data>0xddccbbaa</data>
Now, the data is ordered, the MSB position is controlled and snprintf prints:
<data>0xaabbccdd</data>
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/data_reg.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
index b8b8d66..c123d88 100644
--- a/src/expr/data_reg.c
+++ b/src/expr/data_reg.c
@@ -15,6 +15,7 @@
#include <limits.h>
#include <arpa/inet.h>
#include <errno.h>
+#include <netinet/in.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter.h>
@@ -205,7 +206,6 @@ static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml)
reg->val[i] = utmp;
}
-
mxmlDelete(tree);
return 0;
}
@@ -258,6 +258,7 @@ int nft_data_reg_value_snprintf_xml(char *buf, size_t size,
union nft_data_reg *reg, uint32_t flags)
{
int len = size, offset = 0, ret, i, j;
+ uint32_t be;
uint8_t *tmp;
int data_len = reg->len/sizeof(uint32_t);
@@ -271,9 +272,10 @@ int nft_data_reg_value_snprintf_xml(char *buf, size_t size,
ret = snprintf(buf+offset, len, "<data%d>0x", i);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- tmp = (uint8_t *)®->val[i];
+ be = htonl(reg->val[i]);
+ tmp = (uint8_t *)&be;
- for (j=0; j<sizeof(int); j++) {
+ for (j = 0; j < sizeof(uint32_t); j++) {
ret = snprintf(buf+offset, len, "%.02x", tmp[j]);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 15/21] target&match: xml: don't print rev number
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (13 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 14/21] data_reg: xml: fix bytes movements Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 16/21] payload: xml: use string for base attribute Arturo Borrero Gonzalez
` (6 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
The <rev> node is not printed/parsed anymore.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/match.c | 18 +-----------------
src/expr/target.c | 20 +-------------------
test/nft-rule-xml-add.sh | 6 ------
3 files changed, 2 insertions(+), 42 deletions(-)
diff --git a/src/expr/match.c b/src/expr/match.c
index 165d24d..7b4377f 100644
--- a/src/expr/match.c
+++ b/src/expr/match.c
@@ -190,8 +190,6 @@ static int nft_rule_expr_match_xml_parse(struct nft_rule_expr *e, char *xml)
struct nft_expr_match *mt = (struct nft_expr_match *)e->data;
mxml_node_t *tree = NULL;
mxml_node_t *node = NULL;
- uint64_t tmp;
- char *endptr;
/* load the tree */
tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
@@ -218,19 +216,6 @@ static int nft_rule_expr_match_xml_parse(struct nft_rule_expr *e, char *xml)
e->flags |= (1 << NFT_EXPR_MT_NAME);
}
- /* get and set <rev>. Not mandatory */
- node = mxmlFindElement(tree, tree, "rev", NULL, NULL, MXML_DESCEND);
- if (node != NULL) {
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
-
- mt->rev = (uint32_t)tmp;
- e->flags |= (1 << NFT_EXPR_MT_REV);
- }
-
/* mt->info is ignored until other solution is reached */
mxmlDelete(tree);
@@ -247,8 +232,7 @@ static int nft_rule_expr_match_snprintf_xml(char *buf, size_t len,
int ret, size=len;
int offset = 0;
- ret = snprintf(buf, len, "<name>%s</name><rev>%u</rev>",
- mt->name, mt->rev);
+ ret = snprintf(buf, len, "<name>%s</name>", mt->name);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
return offset;
diff --git a/src/expr/target.c b/src/expr/target.c
index 8c454a9..ed29f6d 100644
--- a/src/expr/target.c
+++ b/src/expr/target.c
@@ -191,8 +191,6 @@ nft_rule_expr_target_xml_parse(struct nft_rule_expr *e, char *xml)
struct nft_expr_target *tg = (struct nft_expr_target *)e->data;
mxml_node_t *tree = NULL;
mxml_node_t *node = NULL;
- uint64_t tmp;
- char *endptr;
/* load the tree */
tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
@@ -219,21 +217,6 @@ nft_rule_expr_target_xml_parse(struct nft_rule_expr *e, char *xml)
e->flags |= (1 << NFT_EXPR_TG_NAME);
}
- /* Get and set <rev>. Optional */
- node = mxmlFindElement(tree, tree, "rev", NULL, NULL,
- MXML_DESCEND);
- if (node == NULL) {
- errno = 0;
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
- mxmlDelete(tree);
- return -1;
- }
-
- tg->rev = (uint32_t)tmp;
- e->flags |= (1 << NFT_EXPR_TG_REV);
- }
-
/* tg->info is ignored until other solution is reached */
mxmlDelete(tree);
@@ -251,8 +234,7 @@ int nft_rule_exp_target_snprintf_xml(char *buf, size_t len,
int ret, size=len;
int offset = 0;
- ret = snprintf(buf, len, "<name>%s</name><rev>%u</rev>",
- tg->name, tg->rev);
+ ret = snprintf(buf, len, "<name>%s</name>", tg->name);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
return offset;
diff --git a/test/nft-rule-xml-add.sh b/test/nft-rule-xml-add.sh
index 0bd08ff..322e70c 100755
--- a/test/nft-rule-xml-add.sh
+++ b/test/nft-rule-xml-add.sh
@@ -101,9 +101,6 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
</expr>
<expr type=\"match\">
<name>state</name>
- <rev>0</rev>
- <info>
- </info>
</expr>
<expr type=\"counter\">
<pkts>123123</pkts>
@@ -111,9 +108,6 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
</expr>
<expr type=\"target\">
<name>LOG</name>
- <rev>0</rev>
- <info>
- </info>
</expr>
</rule>"
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 16/21] payload: xml: use string for base attribute
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (14 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 15/21] target&match: xml: don't print rev number Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 17/21] exthdr: xml: use string for type node Arturo Borrero Gonzalez
` (5 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch implements using a string instead of a number for the <base> node.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/payload.c | 52 ++++++++++++++++++++++++++++++++++++++--------
test/nft-rule-xml-add.sh | 6 +++--
2 files changed, 46 insertions(+), 12 deletions(-)
diff --git a/src/expr/payload.c b/src/expr/payload.c
index dc42918..6740d99 100644
--- a/src/expr/payload.c
+++ b/src/expr/payload.c
@@ -212,13 +212,19 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, char *xml)
/* Get and set <base>. Not mandatory */
node = mxmlFindElement(tree, tree, "base", NULL, NULL, MXML_DESCEND);
if (node != NULL) {
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+
+ if (strcmp(node->child->value.opaque, "link") == 0) {
+ payload->base = NFT_PAYLOAD_LL_HEADER;
+ } else if (strcmp(node->child->value.opaque, "network") == 0) {
+ payload->base = NFT_PAYLOAD_NETWORK_HEADER;
+ } else if (strcmp(node->child->value.opaque,
+ "transport") == 0) {
+ payload->base = NFT_PAYLOAD_TRANSPORT_HEADER;
+ } else {
mxmlDelete(tree);
return -1;
}
- payload->base = (uint32_t)tmp;
e->flags |= (1 << NFT_EXPR_PAYLOAD_BASE);
}
@@ -257,6 +263,38 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, char *xml)
}
static int
+nft_rule_expr_payload_snprintf_xml(char *buf, size_t len, uint32_t flags,
+ struct nft_expr_payload *p)
+{
+ int size = len, offset = 0, ret;
+
+ ret = snprintf(buf, len, "<dreg>%u</dreg><offset>%u</offset>"
+ "<len>%u</len>", p->dreg, p->offset, p->len);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ /* A default option is not provided.
+ * The <base> node will be missing; Is not mandatory.
+ */
+
+ switch (p->base) {
+ case NFT_PAYLOAD_LL_HEADER:
+ ret = snprintf(buf+offset, len, "<base>link</base>");
+ break;
+ case NFT_PAYLOAD_NETWORK_HEADER:
+ ret = snprintf(buf+offset, len, "<base>network</base>");
+ break;
+ case NFT_PAYLOAD_TRANSPORT_HEADER:
+ ret = snprintf(buf+offset, len, "<base>transport</base>");
+ break;
+ }
+
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
+
+static int
nft_rule_expr_payload_snprintf(char *buf, size_t len, uint32_t type,
uint32_t flags, struct nft_rule_expr *e)
{
@@ -264,12 +302,8 @@ nft_rule_expr_payload_snprintf(char *buf, size_t len, uint32_t type,
switch(type) {
case NFT_RULE_O_XML:
- return snprintf(buf, len, "<dreg>%u</dreg>"
- "<base>%u</base><offset>%u</offset>"
- "<len>%u</len>",
- payload->dreg, payload->base,
- payload->offset, payload->len);
-
+ return nft_rule_expr_payload_snprintf_xml(buf, len, flags,
+ payload);
case NFT_RULE_O_DEFAULT:
return snprintf(buf, len, "dreg=%u base=%u offset=%u len=%u ",
payload->dreg, payload->base,
diff --git a/test/nft-rule-xml-add.sh b/test/nft-rule-xml-add.sh
index 322e70c..e1e35d9 100755
--- a/test/nft-rule-xml-add.sh
+++ b/test/nft-rule-xml-add.sh
@@ -53,7 +53,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
</expr>
<expr type=\"payload\">
<dreg>1</dreg>
- <base>1</base>
+ <base>transport</base>
<offset>12</offset>
<len>4</len>
</expr>
@@ -69,7 +69,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
</expr>
<expr type=\"payload\">
<dreg>1</dreg>
- <base>1</base>
+ <base>link</base>
<offset>16</offset>
<len>4</len>
</expr>
@@ -85,7 +85,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
</expr>
<expr type=\"payload\">
<dreg>1</dreg>
- <base>1</base>
+ <base>network</base>
<offset>9</offset>
<len>1</len>
</expr>
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 17/21] exthdr: xml: use string for type node
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (15 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 16/21] payload: xml: use string for base attribute Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 18/21] meta: xml: use string to represent key attribute Arturo Borrero Gonzalez
` (4 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch implements using a string for the <type> node.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/exthdr.c | 49 ++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 44 insertions(+), 5 deletions(-)
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 762facd..3cccc28 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -25,6 +25,10 @@
#include "expr_ops.h"
+#ifndef IPPROTO_MH
+#define IPPROTO_MH 135
+#endif
+
struct nft_expr_exthdr {
enum nft_registers dreg;
uint8_t type;
@@ -171,6 +175,41 @@ nft_rule_expr_exthdr_parse(struct nft_rule_expr *e, struct nlattr *attr)
return 0;
}
+static const char *exthdr_type2str(uint32_t type)
+{
+ switch (type) {
+ case IPPROTO_HOPOPTS:
+ return "hopopts";
+ case IPPROTO_ROUTING:
+ return "routing";
+ case IPPROTO_FRAGMENT:
+ return "fragment";
+ case IPPROTO_DSTOPTS:
+ return "dstopts";
+ case IPPROTO_MH:
+ return "mh";
+ default:
+ return "unknown";
+ }
+}
+
+static int str2exthdr_type(char *str)
+{
+ if (strcmp(str, "hopopts") == 0)
+ return IPPROTO_HOPOPTS;
+ else if (strcmp(str, "routing") == 0)
+ return IPPROTO_ROUTING;
+ else if (strcmp(str, "fragment") == 0)
+ return IPPROTO_FRAGMENT;
+ else if (strcmp(str, "dstopts") == 0)
+ return IPPROTO_DSTOPTS;
+ else if (strcmp(str, "mh") == 0)
+ return IPPROTO_MH;
+
+ return -1;
+}
+
+
static int
nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, char *xml)
{
@@ -226,13 +265,12 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+ if (str2exthdr_type(node->child->value.opaque) < 0) {
mxmlDelete(tree);
return -1;
}
- exthdr->type = tmp;
+ exthdr->type = str2exthdr_type(node->child->value.opaque);
e->flags |= (1 << NFT_EXPR_EXTHDR_TYPE);
/* Get and set <offset> */
@@ -285,9 +323,10 @@ nft_rule_expr_exthdr_snprintf(char *buf, size_t len, uint32_t type,
switch(type) {
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
- "<type>%u</type><offset>%u</offset>"
+ "<type>%s</type><offset>%u</offset>"
"<len>%u</len>",
- exthdr->dreg, exthdr->type,
+ exthdr->dreg,
+ exthdr_type2str(exthdr->type),
exthdr->offset, exthdr->len);
case NFT_RULE_O_DEFAULT:
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 18/21] meta: xml: use string to represent key attribute
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (16 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 17/21] exthdr: xml: use string for type node Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 19/21] nat: snprintf: fix buffer offset Arturo Borrero Gonzalez
` (3 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
Use a string for <key> node instead of a number.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/meta.c | 50 +++++++++++++++++++++++++++++++++++++++++-----
test/nft-rule-xml-add.sh | 2 +-
2 files changed, 46 insertions(+), 6 deletions(-)
diff --git a/src/expr/meta.c b/src/expr/meta.c
index 41fcff1..f3170e3 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -21,6 +21,10 @@
#include <libnftables/rule.h>
#include "expr_ops.h"
+#ifndef NFT_META_MAX
+#define NFT_META_MAX (NFT_META_SECMARK + 1)
+#endif
+
struct nft_expr_meta {
uint8_t key; /* enum nft_meta_keys */
uint8_t dreg; /* enum nft_registers */
@@ -126,6 +130,43 @@ nft_rule_expr_meta_parse(struct nft_rule_expr *e, struct nlattr *attr)
return 0;
}
+const char *meta_key2str_array[NFT_META_MAX] = {
+ [NFT_META_LEN] = "len",
+ [NFT_META_PROTOCOL] = "protocol",
+ [NFT_META_PRIORITY] = "priority",
+ [NFT_META_MARK] = "mark",
+ [NFT_META_IIF] = "iif",
+ [NFT_META_OIF] = "oif",
+ [NFT_META_IIFNAME] = "iifname",
+ [NFT_META_OIFNAME] = "oifname",
+ [NFT_META_IIFTYPE] = "iiftype",
+ [NFT_META_OIFTYPE] = "oiftype",
+ [NFT_META_SKUID] = "skuid",
+ [NFT_META_SKGID] = "skgid",
+ [NFT_META_NFTRACE] = "nftrace",
+ [NFT_META_RTCLASSID] = "rtclassid",
+ [NFT_META_SECMARK] = "secmark",
+};
+
+static const char *meta_key2str(uint8_t key)
+{
+ if (key < NFT_META_MAX)
+ return meta_key2str_array[key];
+
+ return "unknown";
+}
+
+static int str2meta_key(const char *str)
+{
+ int i;
+
+ for (i = 0; i < NFT_META_MAX; i++)
+ if (strcmp(str, meta_key2str_array[i]) == 0)
+ return i;
+
+ return -1;
+}
+
static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, char *xml)
{
#ifdef XML_PARSING
@@ -178,13 +219,12 @@ static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+ if (str2meta_key(node->child->value.opaque) < 0) {
mxmlDelete(tree);
return -1;
}
- meta->key = (uint8_t)tmp;
+ meta->key = str2meta_key(node->child->value.opaque);
e->flags |= (1 << NFT_EXPR_META_KEY);
mxmlDelete(tree);
@@ -204,8 +244,8 @@ nft_rule_expr_meta_snprintf(char *buf, size_t len, uint32_t type,
switch(type) {
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
- "<key>%u</key>",
- meta->dreg, meta->key);
+ "<key>%s</key>",
+ meta->dreg, meta_key2str(meta->key));
case NFT_RULE_O_DEFAULT:
return snprintf(buf, len, "dreg=%u key=%u ",
meta->dreg, meta->key);
diff --git a/test/nft-rule-xml-add.sh b/test/nft-rule-xml-add.sh
index e1e35d9..2a052b2 100755
--- a/test/nft-rule-xml-add.sh
+++ b/test/nft-rule-xml-add.sh
@@ -39,7 +39,7 @@ XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version
<compat_proto>0</compat_proto>
<expr type=\"meta\">
<dreg>1</dreg>
- <key>4</key>
+ <key>iif</key>
</expr>
<expr type=\"cmp\">
<sreg>1</sreg>
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 19/21] nat: snprintf: fix buffer offset
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (17 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 18/21] meta: xml: use string to represent key attribute Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 20/21] nat: xml: rename node type to nat_type Arturo Borrero Gonzalez
` (2 subsequent siblings)
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch fix the buffer offset necesary to print correctly the nat expr in a default output mode.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/nat.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/expr/nat.c b/src/expr/nat.c
index 7d83154..378d053 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -383,18 +383,18 @@ nft_rule_expr_nat_snprintf_default(char *buf, size_t size,
break;
}
- ret = snprintf(buf, len, "family=%s ", nft_family2str(nat->family));
+ ret = snprintf(buf+offset, len, "family=%s ", nft_family2str(nat->family));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
- ret = snprintf(buf, len,
+ ret = snprintf(buf+offset, len,
"sreg_addr_min_v4=%u sreg_addr_max_v4=%u ",
nat->sreg_addr_min, nat->sreg_addr_max);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
if (e->flags & (1 << NFT_EXPR_NAT_REG_PROTO_MIN)) {
- ret = snprintf(buf, len,
+ ret = snprintf(buf+offset, len,
"sreg_proto_min=%u sreg_proto_max=%u ",
nat->sreg_proto_min, nat->sreg_proto_max);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 20/21] nat: xml: rename node type to nat_type
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (18 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 19/21] nat: snprintf: fix buffer offset Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 21/21] exthdr: xml: rename type node to exthdr_type Arturo Borrero Gonzalez
2013-06-27 17:58 ` [libnftables PATCH 00/21] Small fixes for XML Pablo Neira Ayuso
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch renames the node <type> to a more explicit <nat_type>.
This will prevent in the future from confusing other <type> nodes from other exprs.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/nat.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/expr/nat.c b/src/expr/nat.c
index 378d053..b81fd81 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -228,8 +228,8 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
return -1;
}
- /* Get and set <type>. Mandatory */
- node = mxmlFindElement(tree, tree, "type", NULL, NULL,
+ /* Get and set <nat_type>. Mandatory */
+ node = mxmlFindElement(tree, tree, "nat_type", NULL, NULL,
MXML_DESCEND_FIRST);
if (node == NULL) {
mxmlDelete(tree);
@@ -334,11 +334,11 @@ nft_rule_expr_nat_snprintf_xml(char *buf, size_t size,
/* Is a mandatory element. Provide a default, even empty */
if (nat->type == NFT_NAT_SNAT)
- ret = snprintf(buf, len, "<type>snat</type>");
+ ret = snprintf(buf, len, "<nat_type>snat</nat_type>");
else if (nat->type == NFT_NAT_DNAT)
- ret = snprintf(buf, len, "<type>dnat</type>");
+ ret = snprintf(buf, len, "<nat_type>dnat</nat_type>");
else
- ret = snprintf(buf, len, "<type/>");
+ ret = snprintf(buf, len, "<nat_type/>");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [libnftables PATCH 21/21] exthdr: xml: rename type node to exthdr_type
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (19 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 20/21] nat: xml: rename node type to nat_type Arturo Borrero Gonzalez
@ 2013-06-26 11:37 ` Arturo Borrero Gonzalez
2013-06-27 17:58 ` [libnftables PATCH 00/21] Small fixes for XML Pablo Neira Ayuso
21 siblings, 0 replies; 23+ messages in thread
From: Arturo Borrero Gonzalez @ 2013-06-26 11:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
This patch renames the <type> node in the exthdr expr to <exthdr_type>.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/exthdr.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 3cccc28..21b1d80 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -258,8 +258,9 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, char *xml)
exthdr->dreg = tmp;
e->flags |= (1 << NFT_EXPR_EXTHDR_DREG);
- /* Get and set <type> */
- node = mxmlFindElement(tree, tree, "type", NULL, NULL, MXML_DESCEND);
+ /* Get and set <exthdr_type> */
+ node = mxmlFindElement(tree, tree, "exthdr_type", NULL, NULL,
+ MXML_DESCEND);
if (node == NULL) {
mxmlDelete(tree);
return -1;
@@ -323,7 +324,8 @@ nft_rule_expr_exthdr_snprintf(char *buf, size_t len, uint32_t type,
switch(type) {
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
- "<type>%s</type><offset>%u</offset>"
+ "<exthdr_type>%s</exthdr_type>"
+ "<offset>%u</offset>"
"<len>%u</len>",
exthdr->dreg,
exthdr_type2str(exthdr->type),
^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [libnftables PATCH 00/21] Small fixes for XML
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
` (20 preceding siblings ...)
2013-06-26 11:37 ` [libnftables PATCH 21/21] exthdr: xml: rename type node to exthdr_type Arturo Borrero Gonzalez
@ 2013-06-27 17:58 ` Pablo Neira Ayuso
21 siblings, 0 replies; 23+ messages in thread
From: Pablo Neira Ayuso @ 2013-06-27 17:58 UTC (permalink / raw)
To: Arturo Borrero Gonzalez; +Cc: netfilter-devel
On Wed, Jun 26, 2013 at 01:36:55PM +0200, Arturo Borrero Gonzalez wrote:
> The following series implements a bunch of small fixes for the XML
> code in libnftables.
>
> These are some of the changes Pablo requested me to make previous to
> the inclusion of the parsing test bench.
Applied from 3 to 21 with changes, please review the repo to note
mostly comestic changes. Thanks.
^ permalink raw reply [flat|nested] 23+ messages in thread
end of thread, other threads:[~2013-06-27 17:58 UTC | newest]
Thread overview: 23+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-26 11:36 [libnftables PATCH 00/21] Small fixes for XML Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 01/21] chain: add hooknum2str Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 02/21] src: xml: convert family values to string Arturo Borrero Gonzalez
2013-06-26 11:36 ` [libnftables PATCH 03/21] rule: xml: conditional compat info Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 04/21] bitwise: xml: mask and xor use same number of data registers Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 05/21] expr: xml: validate registers < NFT_REG_MAX Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 06/21] nat: xml: change nat types string to dnat/snat Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 07/21] nat: xml: change IP range node names Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 08/21] byteorder: xml: op as string Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 09/21] ct: xml: add extra dir check Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 10/21] ct: xml: use key's name string instead of numbers Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 11/21] exthdr: xml: fix mandatory elements Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 12/21] chain: xml: use string for policy Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 13/21] data_reg: xml: len node shows byte length Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 14/21] data_reg: xml: fix bytes movements Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 15/21] target&match: xml: don't print rev number Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 16/21] payload: xml: use string for base attribute Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 17/21] exthdr: xml: use string for type node Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 18/21] meta: xml: use string to represent key attribute Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 19/21] nat: snprintf: fix buffer offset Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 20/21] nat: xml: rename node type to nat_type Arturo Borrero Gonzalez
2013-06-26 11:37 ` [libnftables PATCH 21/21] exthdr: xml: rename type node to exthdr_type Arturo Borrero Gonzalez
2013-06-27 17:58 ` [libnftables PATCH 00/21] Small fixes for XML Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).