* [libnftables PATCH 0/2] Series Add Json Support
@ 2013-07-05 12:41 Alvaro Neira
2013-07-05 12:41 ` [libnftables PATCH 1/2] set: add Json Export Support Alvaro Neira
2013-07-05 12:41 ` [libnftables PATCH 2/2] examples: nft-table-get different families options Alvaro Neira
0 siblings, 2 replies; 5+ messages in thread
From: Alvaro Neira @ 2013-07-05 12:41 UTC (permalink / raw)
To: netfilter-devel; +Cc: eric
I have done the function for exporting set to JSON Format and I have changed
nft-table-get for exporting tables in other families.
---
Álvaro Neira Ayuso (2):
set: add Json Export Support
examples: nft-table-get different families options
examples/nft-set-elem-get.c | 15 ++++++++----
examples/nft-set-get.c | 15 ++++++++----
examples/nft-table-get.c | 26 ++++++++++++++++----
include/libnftables/set.h | 5 ++++
src/set.c | 56 +++++++++++++++++++++++++++++++++++++++++--
src/set_elem.c | 49 ++++++++++++++++++++++++++++++++++++--
6 files changed, 147 insertions(+), 19 deletions(-)
--
Álvaro Neira Ayuso
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* [libnftables PATCH 1/2] set: add Json Export Support
2013-07-05 12:41 [libnftables PATCH 0/2] Series Add Json Support Alvaro Neira
@ 2013-07-05 12:41 ` Alvaro Neira
2013-07-05 22:22 ` Pablo Neira Ayuso
2013-07-05 12:41 ` [libnftables PATCH 2/2] examples: nft-table-get different families options Alvaro Neira
1 sibling, 1 reply; 5+ messages in thread
From: Alvaro Neira @ 2013-07-05 12:41 UTC (permalink / raw)
To: netfilter-devel; +Cc: eric
From: Álvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
examples/nft-set-elem-get.c | 15 ++++++++----
examples/nft-set-get.c | 15 ++++++++----
include/libnftables/set.h | 5 ++++
src/set.c | 56 +++++++++++++++++++++++++++++++++++++++++--
src/set_elem.c | 49 ++++++++++++++++++++++++++++++++++++--
5 files changed, 126 insertions(+), 14 deletions(-)
diff --git a/examples/nft-set-elem-get.c b/examples/nft-set-elem-get.c
index 34dfca2..353a752 100644
--- a/examples/nft-set-elem-get.c
+++ b/examples/nft-set-elem-get.c
@@ -23,6 +23,7 @@ static int set_cb(const struct nlmsghdr *nlh, void *data)
{
struct nft_set *t;
char buf[4096];
+ uint32_t *type = data;
t = nft_set_alloc();
if (t == NULL) {
@@ -35,7 +36,7 @@ static int set_cb(const struct nlmsghdr *nlh, void *data)
goto err_free;
}
- nft_set_snprintf(buf, sizeof(buf), t, 0, 0);
+ nft_set_snprintf(buf, sizeof(buf), t, *type, 0);
printf("%s\n", buf);
err_free:
@@ -50,11 +51,12 @@ int main(int argc, char *argv[])
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
uint32_t portid, seq, family;
+ uint32_t type = NFT_SET_O_DEFAULT;
struct nft_set *t = NULL;
int ret;
- if (argc != 4) {
- fprintf(stderr, "%s <family> <table> <set>\n", argv[0]);
+ if (argc < 4 || argc > 5) {
+ fprintf(stderr, "%s <family> <table> <set> [default|json]\n", argv[0]);
return EXIT_FAILURE;
}
t = nft_set_alloc();
@@ -67,13 +69,16 @@ int main(int argc, char *argv[])
family = AF_INET;
else if (strcmp(argv[1], "ip6") == 0)
family = AF_INET6;
- else if (strcmp(argv[2], "bridge") == 0)
+ else if (strcmp(argv[1], "bridge") == 0)
family = AF_BRIDGE;
else {
fprintf(stderr, "Unknown family: ip, ip6, bridge\n");
exit(EXIT_FAILURE);
}
+ if (argc == 5 && strcmp(argv[4], "json") == 0 )
+ type = NFT_SET_O_JSON;
+
nlh = nft_set_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, family,
NLM_F_DUMP|NLM_F_ACK, seq);
nft_set_attr_set(t, NFT_SET_ATTR_NAME, argv[3]);
@@ -100,7 +105,7 @@ int main(int argc, char *argv[])
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
while (ret > 0) {
- ret = mnl_cb_run(buf, ret, seq, portid, set_cb, NULL);
+ ret = mnl_cb_run(buf, ret, seq, portid, set_cb, &type);
if (ret <= 0)
break;
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
diff --git a/examples/nft-set-get.c b/examples/nft-set-get.c
index d4588ba..5ef654c 100644
--- a/examples/nft-set-get.c
+++ b/examples/nft-set-get.c
@@ -23,6 +23,7 @@ static int set_cb(const struct nlmsghdr *nlh, void *data)
{
struct nft_set *t;
char buf[4096];
+ uint32_t *type = data;
t = nft_set_alloc();
if (t == NULL) {
@@ -35,7 +36,7 @@ static int set_cb(const struct nlmsghdr *nlh, void *data)
goto err_free;
}
- nft_set_snprintf(buf, sizeof(buf), t, 0, 0);
+ nft_set_snprintf(buf, sizeof(buf), t, *type, 0);
printf("%s\n", buf);
err_free:
@@ -50,11 +51,12 @@ int main(int argc, char *argv[])
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
uint32_t portid, seq, family;
+ uint32_t type = NFT_SET_O_DEFAULT;
struct nft_set *t = NULL;
int ret;
- if (argc != 3) {
- fprintf(stderr, "%s <family> <table>\n", argv[0]);
+ if (argc < 3 || argc > 4) {
+ fprintf(stderr, "%s <family> <table> [default|json]\n", argv[0]);
return EXIT_FAILURE;
}
t = nft_set_alloc();
@@ -67,13 +69,16 @@ int main(int argc, char *argv[])
family = AF_INET;
else if (strcmp(argv[1], "ip6") == 0)
family = AF_INET6;
- else if (strcmp(argv[2], "bridge") == 0)
+ else if (strcmp(argv[1], "bridge") == 0)
family = AF_BRIDGE;
else {
fprintf(stderr, "Unknown family: ip, ip6, bridge\n");
exit(EXIT_FAILURE);
}
+ if (argc == 4 && strcmp(argv[3], "json") == 0)
+ type = NFT_SET_O_JSON;
+
nlh = nft_set_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family,
NLM_F_DUMP|NLM_F_ACK, seq);
nft_set_attr_set(t, NFT_SET_ATTR_TABLE, argv[2]);
@@ -99,7 +104,7 @@ int main(int argc, char *argv[])
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
while (ret > 0) {
- ret = mnl_cb_run(buf, ret, seq, portid, set_cb, NULL);
+ ret = mnl_cb_run(buf, ret, seq, portid, set_cb, &type);
if (ret <= 0)
break;
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
diff --git a/include/libnftables/set.h b/include/libnftables/set.h
index 63b30fc..2d41c8e 100644
--- a/include/libnftables/set.h
+++ b/include/libnftables/set.h
@@ -62,6 +62,11 @@ enum {
NFT_SET_ELEM_ATTR_DATA,
};
+enum {
+ NFT_SET_O_DEFAULT = 0,
+ NFT_SET_O_JSON,
+};
+
struct nft_set_elem;
struct nft_set_elem *nft_set_elem_alloc(void);
diff --git a/src/set.c b/src/set.c
index b8d431e..f60999c 100644
--- a/src/set.c
+++ b/src/set.c
@@ -316,8 +316,46 @@ int nft_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set *s)
}
EXPORT_SYMBOL(nft_set_nlmsg_parse);
-int nft_set_snprintf(char *buf, size_t size, struct nft_set *s,
- uint32_t type, uint32_t flags)
+static int nft_set_snprintf_json(char *buf, size_t size, struct nft_set *s,
+ uint32_t type, uint32_t flags)
+{
+ int ret;
+ int len = size, offset = 0;
+ struct nft_set_elem *elem;
+
+ ret = snprintf(buf, size, "{ \"set\" : { \"name\" : \"%s\", \"table\" : \"%s\", \"flags\" : %u",
+ s->name, s->table, s->set_flags);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ /* Empty set? Skip printinf of elements */
+ if (list_empty(&s->element_list)){
+ ret = snprintf(buf+offset, size, "}}");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ return offset;
+ }
+
+ ret = snprintf(buf+offset, size, ", \"set_elem\" : [");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ list_for_each_entry(elem, &s->element_list, head) {
+ ret = snprintf(buf+offset, size, "{");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = nft_set_elem_snprintf(buf+offset, size, elem, type, flags);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = snprintf(buf+offset, size, "}, ");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ ret = snprintf(buf+offset-2, size, "]}}");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ return offset;
+}
+
+static int nft_set_snprintf_default(char *buf, size_t size, struct nft_set *s,
+ uint32_t type, uint32_t flags)
{
int ret;
int len = size, offset = 0;
@@ -344,6 +382,20 @@ int nft_set_snprintf(char *buf, size_t size, struct nft_set *s,
return offset;
}
+
+int nft_set_snprintf(char *buf, size_t size, struct nft_set *s,
+ uint32_t type, uint32_t flags)
+{
+ switch(type) {
+ case NFT_SET_O_DEFAULT:
+ return nft_set_snprintf_default(buf, size, s, type, flags);
+ case NFT_SET_O_JSON:
+ return nft_set_snprintf_json(buf, size, s, type, flags);
+ default:
+ break;
+ }
+ return -1;
+}
EXPORT_SYMBOL(nft_set_snprintf);
void nft_set_elem_add(struct nft_set *s, struct nft_set_elem *elem)
diff --git a/src/set_elem.c b/src/set_elem.c
index 0cbb9b7..288f843 100644
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -384,8 +384,39 @@ int nft_set_elems_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set *s)
}
EXPORT_SYMBOL(nft_set_elems_nlmsg_parse);
-int nft_set_elem_snprintf(char *buf, size_t size, struct nft_set_elem *e,
- uint32_t type, uint32_t flags)
+static int nft_set_elem_snprintf_json(char *buf, size_t size, struct nft_set_elem *e)
+{
+ int ret, len = size, offset = 0, i;
+
+ ret = snprintf(buf, size, "\"flags\" : %u", e->set_elem_flags);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ if (e->key.len/sizeof(uint32_t) != 0) {
+ ret = snprintf(buf+offset, len, ", \"key\" : \"0x");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ for (i=0; i<e->key.len/sizeof(uint32_t); i++) {
+ ret = snprintf(buf+offset, len, "%.8x", e->key.val[i]);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+ ret = snprintf(buf+offset, len, "\"");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ if (e->data.len/sizeof(uint32_t) != 0) {
+ ret = snprintf(buf+offset, size, " ,\"data\" : \"0x");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ for (i=0; i<e->data.len/sizeof(uint32_t); i++) {
+ ret = snprintf(buf+offset, len, "%.8x", e->data.val[i]);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+ ret = snprintf(buf+offset, len, "\"");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ return offset;
+}
+
+static int nft_set_elem_snprintf_default(char *buf, size_t size, struct nft_set_elem *e)
{
int ret, len = size, offset = 0, i;
@@ -407,6 +438,20 @@ int nft_set_elem_snprintf(char *buf, size_t size, struct nft_set_elem *e,
return offset;
}
+
+int nft_set_elem_snprintf(char *buf, size_t size, struct nft_set_elem *e,
+ uint32_t type, uint32_t flags)
+{
+ switch(type) {
+ case NFT_SET_O_DEFAULT:
+ return nft_set_elem_snprintf_default(buf, size, e);
+ case NFT_SET_O_JSON:
+ return nft_set_elem_snprintf_json(buf, size, e);
+ default:
+ break;
+ }
+ return -1;
+}
EXPORT_SYMBOL(nft_set_elem_snprintf);
int nft_set_elem_foreach(struct nft_set *s,
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [libnftables PATCH 2/2] examples: nft-table-get different families options
2013-07-05 12:41 [libnftables PATCH 0/2] Series Add Json Support Alvaro Neira
2013-07-05 12:41 ` [libnftables PATCH 1/2] set: add Json Export Support Alvaro Neira
@ 2013-07-05 12:41 ` Alvaro Neira
2013-07-05 22:23 ` Pablo Neira Ayuso
1 sibling, 1 reply; 5+ messages in thread
From: Alvaro Neira @ 2013-07-05 12:41 UTC (permalink / raw)
To: netfilter-devel; +Cc: eric
From: Álvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
examples/nft-table-get.c | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/examples/nft-table-get.c b/examples/nft-table-get.c
index 0d7746c..eab78de 100644
--- a/examples/nft-table-get.c
+++ b/examples/nft-table-get.c
@@ -50,11 +50,27 @@ int main(int argc, char *argv[])
struct mnl_socket *nl;
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- uint32_t portid, seq;
+ uint32_t portid, seq, family;
struct nft_table *t = NULL;
int ret;
uint32_t type = NFT_TABLE_O_DEFAULT;
+ if (argc < 2 || argc > 4) {
+ fprintf(stderr, "%s <family> [<table>] [default|xml|json]\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+
+ if (strcmp(argv[1], "ip") == 0)
+ family = AF_INET;
+ else if (strcmp(argv[1], "ip6") == 0)
+ family = AF_INET6;
+ else if (strcmp(argv[1], "bridge") == 0)
+ family = AF_BRIDGE;
+ else {
+ fprintf(stderr, "Unknown family: ip, ip6, bridge\n");
+ exit(EXIT_FAILURE);
+ }
+
if (strcmp(argv[argc-1], "xml") == 0) {
type = NFT_TABLE_O_XML;
argv[argc-1] = NULL;
@@ -67,7 +83,7 @@ int main(int argc, char *argv[])
argc--;
}
- if (argc == 2) {
+ if (argc == 3) {
t = nft_table_alloc();
if (t == NULL) {
perror("OOM");
@@ -77,12 +93,12 @@ int main(int argc, char *argv[])
seq = time(NULL);
if (t == NULL) {
- nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, AF_INET,
+ nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family,
NLM_F_DUMP, seq);
} else {
- nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, AF_INET,
+ nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family,
NLM_F_ACK, seq);
- nft_table_attr_set(t, NFT_TABLE_ATTR_NAME, argv[1]);
+ nft_table_attr_set(t, NFT_TABLE_ATTR_NAME, argv[2]);
nft_table_nlmsg_build_payload(nlh, t);
nft_table_free(t);
}
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [libnftables PATCH 1/2] set: add Json Export Support
2013-07-05 12:41 ` [libnftables PATCH 1/2] set: add Json Export Support Alvaro Neira
@ 2013-07-05 22:22 ` Pablo Neira Ayuso
0 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2013-07-05 22:22 UTC (permalink / raw)
To: Alvaro Neira; +Cc: netfilter-devel, eric
On Fri, Jul 05, 2013 at 02:41:28PM +0200, Alvaro Neira wrote:
> From: Álvaro Neira Ayuso <alvaroneay@gmail.com>
>
> Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
> ---
> examples/nft-set-elem-get.c | 15 ++++++++----
> examples/nft-set-get.c | 15 ++++++++----
> include/libnftables/set.h | 5 ++++
> src/set.c | 56 +++++++++++++++++++++++++++++++++++++++++--
> src/set_elem.c | 49 ++++++++++++++++++++++++++++++++++++--
> 5 files changed, 126 insertions(+), 14 deletions(-)
Applied, thanks Alvaro.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [libnftables PATCH 2/2] examples: nft-table-get different families options
2013-07-05 12:41 ` [libnftables PATCH 2/2] examples: nft-table-get different families options Alvaro Neira
@ 2013-07-05 22:23 ` Pablo Neira Ayuso
0 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2013-07-05 22:23 UTC (permalink / raw)
To: Alvaro Neira; +Cc: netfilter-devel, eric
On Fri, Jul 05, 2013 at 02:41:35PM +0200, Alvaro Neira wrote:
> From: Álvaro Neira Ayuso <alvaroneay@gmail.com>
>
> Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
> ---
> examples/nft-table-get.c | 26 +++++++++++++++++++++-----
> 1 file changed, 21 insertions(+), 5 deletions(-)
Also applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-07-05 22:23 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-07-05 12:41 [libnftables PATCH 0/2] Series Add Json Support Alvaro Neira
2013-07-05 12:41 ` [libnftables PATCH 1/2] set: add Json Export Support Alvaro Neira
2013-07-05 22:22 ` Pablo Neira Ayuso
2013-07-05 12:41 ` [libnftables PATCH 2/2] examples: nft-table-get different families options Alvaro Neira
2013-07-05 22:23 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).