* [libnftables PATCH 2/4] set: Add json parser support
2013-08-27 18:10 [libnftables PATCH 1/4] tests: remove unnecessary variable initialization Alvaro Neira
@ 2013-08-27 18:10 ` Alvaro Neira
2013-08-27 22:52 ` Pablo Neira Ayuso
2013-08-27 18:10 ` [libnftables PATCH 3/4] tests: set: add json parsing support Alvaro Neira
` (2 subsequent siblings)
3 siblings, 1 reply; 8+ messages in thread
From: Alvaro Neira @ 2013-08-27 18:10 UTC (permalink / raw)
To: netfilter-devel; +Cc: eric
From: Álvaro Neira Ayuso <alvaroneay@gmail.com>
Add function for parsing set in format JSON.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
include/libnftables/set.h | 1
src/internal.h | 1
src/jansson.c | 37 +++++++++++++++++
src/set.c | 99 +++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 138 insertions(+)
diff --git a/include/libnftables/set.h b/include/libnftables/set.h
index c55718c..9526ae1 100644
--- a/include/libnftables/set.h
+++ b/include/libnftables/set.h
@@ -55,6 +55,7 @@ void nft_set_list_iter_destroy(struct nft_set_list_iter *iter);
enum nft_set_parse_type {
NFT_SET_PARSE_NONE = 0,
NFT_SET_PARSE_XML,
+ NFT_SET_PARSE_JSON,
NFT_SET_PARSE_MAX,
};
diff --git a/src/internal.h b/src/internal.h
index 6698962..2a36543 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -58,6 +58,7 @@ struct nft_rule_expr *nft_jansson_expr_parse(json_t *root);
union nft_data_reg;
int nft_jansson_data_reg_parse(json_t *root, const char *tag,
union nft_data_reg *data_reg);
+int nft_set_elem_json_parse(struct nft_set_elem *e, json_t *root);
#endif
const char *nft_family2str(uint32_t family);
diff --git a/src/jansson.c b/src/jansson.c
index 682b74b..04146e2 100644
--- a/src/jansson.c
+++ b/src/jansson.c
@@ -16,6 +16,7 @@
#include <errno.h>
#include <string.h>
#include "expr_ops.h"
+#include <libnftables/set.h>
#include <libnftables/expr.h>
#include <linux/netfilter/nf_tables.h>
@@ -210,4 +211,40 @@ int nft_jansson_data_reg_parse(json_t *root, const char *tag,
return -1;
}
}
+
+int nft_set_elem_json_parse(struct nft_set_elem *e, json_t *root)
+{
+ uint32_t uval32;
+ int set_elem_data;
+
+ if (nft_jansson_parse_val(root, "flags", NFT_TYPE_U32, &uval32) < 0)
+ return -1;
+
+ nft_set_elem_attr_set_u32(e, NFT_SET_ELEM_ATTR_FLAGS, uval32);
+
+ if (nft_jansson_data_reg_parse(root, "key", &e->key) != DATA_VALUE)
+ return -1;
+
+ e->flags |= (1 << NFT_SET_ELEM_ATTR_KEY);
+
+ if (nft_jansson_node_exist(root, "data")) {
+ set_elem_data = nft_jansson_data_reg_parse(root, "data",
+ &e->data);
+ switch (set_elem_data) {
+ case DATA_VALUE:
+ e->flags |= (1 << NFT_SET_ELEM_ATTR_DATA);
+ break;
+ case DATA_VERDICT:
+ e->flags |= (1 << NFT_SET_ELEM_ATTR_VERDICT);
+ break;
+ case DATA_CHAIN:
+ e->flags |= (1 << NFT_SET_ELEM_ATTR_CHAIN);
+ break;
+ default:
+ return -1;
+ }
+ }
+
+ return 0;
+}
#endif
diff --git a/src/set.c b/src/set.c
index 3617265..1168b54 100644
--- a/src/set.c
+++ b/src/set.c
@@ -303,6 +303,102 @@ int nft_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set *s)
}
EXPORT_SYMBOL(nft_set_nlmsg_parse);
+static int nft_set_json_parse(struct nft_set *s, const char *json)
+{
+#ifdef JSON_PARSING
+ json_t *root, *node, *array, *json_elem;
+ json_error_t error;
+ uint32_t uval32;
+ int family, i;
+ const char *valstr;
+ struct nft_set_elem *elem;
+
+ node = nft_jansson_create_root(json, &error);
+ if (node == NULL)
+ return -1;
+
+ root = nft_jansson_get_node(node, "set");
+ if (root == NULL)
+ return -1;
+
+ valstr = nft_jansson_parse_str(root, "name");
+ if (valstr == NULL)
+ return -1;
+
+ nft_set_attr_set_str(s, NFT_SET_ATTR_NAME, valstr);
+
+ valstr = nft_jansson_parse_str(root, "table");
+ if (valstr == NULL)
+ return -1;
+
+ nft_set_attr_set_str(s, NFT_SET_ATTR_TABLE, valstr);
+
+ if (nft_jansson_parse_val(root, "flags", NFT_TYPE_U32, &uval32) < 0)
+ return -1;
+
+ nft_set_attr_set_u32(s, NFT_SET_ATTR_FLAGS, uval32);
+
+ if (nft_jansson_parse_family(root, &family) < 0)
+ return -1;
+
+ nft_set_attr_set_u32(s, NFT_SET_ATTR_FAMILY, family);
+
+ if (nft_jansson_parse_val(root, "key_type", NFT_TYPE_U32, &uval32) < 0)
+ return -1;
+
+ nft_set_attr_set_u32(s, NFT_SET_ATTR_KEY_TYPE, uval32);
+
+ if (nft_jansson_parse_val(root, "key_len", NFT_TYPE_U32, &uval32) < 0)
+ return -1;
+
+ nft_set_attr_set_u32(s, NFT_SET_ATTR_KEY_LEN, uval32);
+
+ if (nft_jansson_node_exist(root, "data_type")) {
+ if (nft_jansson_parse_val(root, "data_type", NFT_TYPE_U32,
+ &uval32) < 0)
+ goto err;
+
+ nft_set_attr_set_u32(s, NFT_SET_ATTR_DATA_TYPE, uval32);
+ }
+
+ if (nft_jansson_node_exist(root, "data_len")) {
+ if (nft_jansson_parse_val(root, "data_len", NFT_TYPE_U32,
+ &uval32) < 0)
+ goto err;
+
+ nft_set_attr_set_u32(s, NFT_SET_ATTR_DATA_LEN, uval32);
+ }
+
+ if (nft_jansson_node_exist(root, "set_elem")) {
+ array = json_object_get(root, "set_elem");
+ for (i = 0; i < json_array_size(array); i++) {
+ elem = nft_set_elem_alloc();
+ if (elem == NULL)
+ goto err;
+
+ json_elem = json_array_get(array, i);
+ if (json_elem == NULL)
+ goto err;
+
+ if (nft_set_elem_json_parse(elem, json_elem) < 0)
+ goto err;
+
+ list_add_tail(&elem->head, &s->element_list);
+ }
+
+ }
+
+ nft_jansson_free_root(node);
+ return 0;
+err:
+ nft_jansson_free_root(node);
+ return -1;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
static int nft_set_xml_parse(struct nft_set *s, const char *xml)
{
#ifdef XML_PARSING
@@ -415,6 +511,9 @@ int nft_set_parse(struct nft_set *s, enum nft_set_parse_type type,
case NFT_SET_PARSE_XML:
ret = nft_set_xml_parse(s, data);
break;
+ case NFT_SET_PARSE_JSON:
+ ret = nft_set_json_parse(s, data);
+ break;
default:
ret = -1;
errno = EOPNOTSUPP;
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 8+ messages in thread* [libnftables PATCH 3/4] tests: set: add json parsing support
2013-08-27 18:10 [libnftables PATCH 1/4] tests: remove unnecessary variable initialization Alvaro Neira
2013-08-27 18:10 ` [libnftables PATCH 2/4] set: Add json parser support Alvaro Neira
@ 2013-08-27 18:10 ` Alvaro Neira
2013-08-27 22:52 ` Pablo Neira Ayuso
2013-08-27 18:11 ` [libnftables PATCH 4/4] examples: Add nft-set-json-add Alvaro Neira
2013-08-27 22:51 ` [libnftables PATCH 1/4] tests: remove unnecessary variable initialization Pablo Neira Ayuso
3 siblings, 1 reply; 8+ messages in thread
From: Alvaro Neira @ 2013-08-27 18:10 UTC (permalink / raw)
To: netfilter-devel; +Cc: eric
From: Álvaro Neira Ayuso <alvaroneay@gmail.com>
Test the functions for parsing set in JSON.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
tests/jsonfiles/62-set.json | 1 +
tests/jsonfiles/63-set.json | 1 +
tests/nft-parsing-test.c | 11 +++++++++++
3 files changed, 13 insertions(+)
create mode 100644 tests/jsonfiles/62-set.json
create mode 100644 tests/jsonfiles/63-set.json
diff --git a/tests/jsonfiles/62-set.json b/tests/jsonfiles/62-set.json
new file mode 100644
index 0000000..c5200eb
--- /dev/null
+++ b/tests/jsonfiles/62-set.json
@@ -0,0 +1 @@
+{ "set": { "name": "set0","table": "filter","flags": 3,"family": "ip","key_type": 12,"key_len": 2,"set_elem": [{"flags": 0,"key": {"data_reg": { "type" : "value", "len" : 2, "data0" : "0x00001700"}}}, {"flags": 0,"key": {"data_reg": { "type" : "value", "len" : 2, "data0" : "0x00001600"}}}]}}
diff --git a/tests/jsonfiles/63-set.json b/tests/jsonfiles/63-set.json
new file mode 100644
index 0000000..be3e564
--- /dev/null
+++ b/tests/jsonfiles/63-set.json
@@ -0,0 +1 @@
+{ "set": { "name": "map0","table": "filter","flags": 11,"family": "ip","key_type": 12,"key_len": 2,"data_type": 4294967040,"data_len": 16,"set_elem": [{"flags": 0,"key": {"data_reg": { "type" : "value", "len" : 2, "data0" : "0x00001700"}},"data": {"data_reg": { "type" : "chain", "chain" : "forward"}}}, {"flags": 0,"key": {"data_reg": { "type" : "value", "len" : 2, "data0" : "0x00001600"}},"data": {"data_reg": { "type" : "chain", "chain" : "chain1"}}}]}}
diff --git a/tests/nft-parsing-test.c b/tests/nft-parsing-test.c
index 648ed36..ecde0e2 100644
--- a/tests/nft-parsing-test.c
+++ b/tests/nft-parsing-test.c
@@ -158,6 +158,7 @@ static int test_json(const char *filename)
struct nft_table *t;
struct nft_chain *c;
struct nft_rule *r;
+ struct nft_set *s;
json_t *root;
json_error_t error;
char *json;
@@ -200,6 +201,16 @@ static int test_json(const char *filename)
nft_rule_free(r);
}
+ } else if (json_object_get(root, "set") != NULL) {
+ s = nft_set_alloc();
+ if (s != NULL) {
+ if (nft_set_parse(s, NFT_SET_PARSE_JSON, json) == 0)
+ ret = compare_test(TEST_JSON_SET, s, filename);
+ else
+ goto failparsing;
+
+ nft_set_free(s);
+ }
}
free(json);
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 8+ messages in thread* [libnftables PATCH 4/4] examples: Add nft-set-json-add
2013-08-27 18:10 [libnftables PATCH 1/4] tests: remove unnecessary variable initialization Alvaro Neira
2013-08-27 18:10 ` [libnftables PATCH 2/4] set: Add json parser support Alvaro Neira
2013-08-27 18:10 ` [libnftables PATCH 3/4] tests: set: add json parsing support Alvaro Neira
@ 2013-08-27 18:11 ` Alvaro Neira
2013-08-27 22:52 ` Pablo Neira Ayuso
2013-08-27 22:51 ` [libnftables PATCH 1/4] tests: remove unnecessary variable initialization Pablo Neira Ayuso
3 siblings, 1 reply; 8+ messages in thread
From: Alvaro Neira @ 2013-08-27 18:11 UTC (permalink / raw)
To: netfilter-devel; +Cc: eric
From: Álvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
examples/Makefile.am | 4 +
examples/nft-set-json-add.c | 116 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 120 insertions(+)
create mode 100644 examples/nft-set-json-add.c
diff --git a/examples/Makefile.am b/examples/Makefile.am
index 639aafb..9965387 100644
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -19,6 +19,7 @@ check_PROGRAMS = nft-table-add \
nft-rule-get \
nft-events \
nft-set-add \
+ nft-set-json-add \
nft-set-get \
nft-set-del \
nft-set-elem-add \
@@ -83,6 +84,9 @@ nft_events_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
nft_set_add_SOURCES = nft-set-add.c
nft_set_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_set_json_add_SOURCES = nft-set-json-add.c
+nft_set_json_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+
nft_set_del_SOURCES = nft-set-del.c
nft_set_del_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
diff --git a/examples/nft-set-json-add.c b/examples/nft-set-json-add.c
new file mode 100644
index 0000000..33c3acd
--- /dev/null
+++ b/examples/nft-set-json-add.c
@@ -0,0 +1,116 @@
+/*
+ * (C) 2013 by Álvaro Neira Ayuso <alvaroneay@gmail.com>
+ *
+ * Based on nft-set-xml-add from:
+ *
+ * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
+ * (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <netinet/in.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include <linux/netfilter.h>
+#include <linux/netfilter/nf_tables.h>
+
+#include <libmnl/libmnl.h>
+#include <libnftables/set.h>
+
+int main(int argc, char *argv[])
+{
+ struct mnl_socket *nl;
+ char buf[MNL_SOCKET_BUFFER_SIZE];
+ struct nlmsghdr *nlh;
+ uint32_t portid, seq;
+ struct nft_set *s;
+ int ret, fd;
+ uint16_t family;
+ char json[4096];
+ char reprint[4096];
+
+ if (argc < 2) {
+ printf("Usage: %s <json-file>\n", argv[0]);
+ exit(EXIT_FAILURE);
+ }
+
+ s = nft_set_alloc();
+ if (s == NULL) {
+ perror("OOM");
+ exit(EXIT_FAILURE);
+ }
+
+ fd = open(argv[1], O_RDONLY);
+ if (fd < 0) {
+ perror("open");
+ exit(EXIT_FAILURE);
+ }
+
+ if (read(fd, json, sizeof(json)) < 0) {
+ perror("read");
+ close(fd);
+ exit(EXIT_FAILURE);
+ }
+
+ close(fd);
+
+ if (nft_set_parse(s, NFT_SET_PARSE_JSON, json) < 0) {
+ printf("E: Unable to parse JSON file: %s\n", strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+
+ nft_set_snprintf(reprint, sizeof(reprint), s, NFT_SET_O_JSON, 0);
+ printf("Parsed:\n%s\n", reprint);
+
+ family = nft_set_attr_get_u32(s, NFT_SET_ATTR_FAMILY);
+
+ seq = time(NULL);
+
+ nlh = nft_set_nlmsg_build_hdr(buf, NFT_MSG_NEWSET, family,
+ NLM_F_CREATE|NLM_F_ACK, seq);
+ nft_set_nlmsg_build_payload(nlh, s);
+ nft_set_free(s);
+
+ nl = mnl_socket_open(NETLINK_NETFILTER);
+ if (nl == NULL) {
+ perror("mnl_socket_open");
+ exit(EXIT_FAILURE);
+ }
+
+ if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
+ perror("mnl_socket_bind");
+ exit(EXIT_FAILURE);
+ }
+ portid = mnl_socket_get_portid(nl);
+
+ if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
+ perror("mnl_socket_send");
+ exit(EXIT_FAILURE);
+ }
+
+ ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
+ while (ret > 0) {
+ ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
+ if (ret <= 0)
+ break;
+ ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
+ }
+ if (ret == -1) {
+ perror("error");
+ exit(EXIT_FAILURE);
+ }
+
+ mnl_socket_close(nl);
+
+ return EXIT_SUCCESS;
+}
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 8+ messages in thread