* [libnftables PATCH 1/2] mxml: add optional/mandatory flag to nft_mxml_reg_parse
@ 2014-01-15 10:42 Arturo Borrero Gonzalez
2014-01-15 10:42 ` [libnftables PATCH 2/2] lookup: xml: conditional output of dreg Arturo Borrero Gonzalez
2014-01-15 13:10 ` [libnftables PATCH 1/2] mxml: add optional/mandatory flag to nft_mxml_reg_parse Pablo Neira Ayuso
0 siblings, 2 replies; 4+ messages in thread
From: Arturo Borrero Gonzalez @ 2014-01-15 10:42 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
There are some cases where a reg is not mandatory, for example:
* dreg in lookup
* dreg/sreg in meta (last version)
So, lets change the function nft_mxml_reg_parse() to add
an optional/mandatory flag.
dreg in lookup is optional as stated at:
net/netfilter/nft_lookup.c:nft_lookup_init()
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/bitwise.c | 10 +++++-----
src/expr/byteorder.c | 11 ++++++-----
src/expr/cmp.c | 7 ++++---
src/expr/ct.c | 6 +++---
src/expr/exthdr.c | 6 +++---
src/expr/immediate.c | 6 +++---
src/expr/lookup.c | 17 ++++++++---------
src/expr/meta.c | 6 +++---
src/expr/nat.c | 18 +++++++++---------
src/expr/payload.c | 7 ++++---
src/internal.h | 3 ++-
src/mxml.c | 24 ++++++++++++++----------
12 files changed, 64 insertions(+), 57 deletions(-)
diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
index 3c4f644..e57c244 100644
--- a/src/expr/bitwise.c
+++ b/src/expr/bitwise.c
@@ -231,17 +231,17 @@ nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
{
#ifdef XML_PARSING
struct nft_expr_bitwise *bitwise = nft_expr_data(e);
- int32_t reg;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
bitwise->sreg = reg;
e->flags |= (1 << NFT_EXPR_BITWISE_SREG);
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
bitwise->dreg = reg;
diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c
index d6beba3..49ae38f 100644
--- a/src/expr/byteorder.c
+++ b/src/expr/byteorder.c
@@ -246,17 +246,18 @@ nft_rule_expr_byteorder_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
#ifdef XML_PARSING
struct nft_expr_byteorder *byteorder = nft_expr_data(e);
const char *op;
- int32_t reg, ntoh;
+ int32_t ntoh;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
byteorder->sreg = reg;
e->flags |= (1 << NFT_EXPR_BYTEORDER_SREG);
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND, NFT_XML_MAND,
+ err) != 0)
return -1;
byteorder->dreg = reg;
diff --git a/src/expr/cmp.c b/src/expr/cmp.c
index b5c694a..ebd3e5c 100644
--- a/src/expr/cmp.c
+++ b/src/expr/cmp.c
@@ -217,10 +217,11 @@ static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre
#ifdef XML_PARSING
struct nft_expr_cmp *cmp = nft_expr_data(e);
const char *op;
- int32_t reg, op_value;
+ int32_t op_value;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
cmp->sreg = reg;
diff --git a/src/expr/ct.c b/src/expr/ct.c
index 7e20464..97f9dcc 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -233,12 +233,12 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree
#ifdef XML_PARSING
struct nft_expr_ct *ct = nft_expr_data(e);
const char *key_str;
- int32_t reg;
int key;
uint8_t dir;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
ct->dreg = reg;
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index d9e293a..0bf1de3 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -240,11 +240,11 @@ nft_rule_expr_exthdr_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
#ifdef XML_PARSING
struct nft_expr_exthdr *exthdr = nft_expr_data(e);
const char *exthdr_type;
- int32_t reg;
int type;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
exthdr->dreg = reg;
diff --git a/src/expr/immediate.c b/src/expr/immediate.c
index 3ae4082..db7b958 100644
--- a/src/expr/immediate.c
+++ b/src/expr/immediate.c
@@ -224,10 +224,10 @@ nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
#ifdef XML_PARSING
struct nft_expr_immediate *imm = nft_expr_data(e);
int datareg_type;
- int32_t reg;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
imm->dreg = reg;
diff --git a/src/expr/lookup.c b/src/expr/lookup.c
index b0aadf2..546066a 100644
--- a/src/expr/lookup.c
+++ b/src/expr/lookup.c
@@ -180,7 +180,7 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
#ifdef XML_PARSING
struct nft_expr_lookup *lookup = nft_expr_data(e);
const char *set_name;
- int32_t reg;
+ uint32_t reg;
set_name = nft_mxml_str_parse(tree, "set", MXML_DESCEND_FIRST,
NFT_XML_MAND, err);
@@ -191,19 +191,18 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
lookup->set_name[IFNAMSIZ-1] = '\0';
e->flags |= (1 << NFT_EXPR_LOOKUP_SET);
- reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg", ®, MXML_DESCEND,
+ NFT_XML_MAND, err) != 0)
return -1;
lookup->sreg = reg;
e->flags |= (1 << NFT_EXPR_LOOKUP_SREG);
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND, err);
- if (reg < 0)
- return -1;
-
- lookup->dreg = reg;
- e->flags |= (1 << NFT_EXPR_LOOKUP_DREG);
+ if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND,
+ NFT_XML_OPT, err) == 0) {
+ lookup->dreg = reg;
+ e->flags |= (1 << NFT_EXPR_LOOKUP_DREG);
+ }
return 0;
#else
diff --git a/src/expr/meta.c b/src/expr/meta.c
index fb62bfd..1b5c904 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -197,11 +197,11 @@ static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, mxml_node_t *tr
#ifdef XML_PARSING
struct nft_expr_meta *meta = nft_expr_data(e);
const char *key_str;
- int32_t reg;
int key;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) < 0)
return -1;
meta->dreg = reg;
diff --git a/src/expr/nat.c b/src/expr/nat.c
index 34a977a..65b35ea 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -261,8 +261,8 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre
#ifdef XML_PARSING
struct nft_expr_nat *nat = nft_expr_data(e);
const char *nat_type;
- int32_t reg;
int family, nat_type_value;
+ uint32_t reg;
nat_type = nft_mxml_str_parse(tree, "type", MXML_DESCEND_FIRST,
NFT_XML_MAND, err);
@@ -286,29 +286,29 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, mxml_node_t *tre
nat->family = family;
e->flags |= (1 << NFT_EXPR_NAT_FAMILY);
- reg = nft_mxml_reg_parse(tree, "sreg_addr_min", MXML_DESCEND, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg_addr_min", ®,
+ MXML_DESCEND, NFT_XML_MAND, err) != 0)
return -1;
nat->sreg_addr_min = reg;
e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MIN);
- reg = nft_mxml_reg_parse(tree, "sreg_addr_max", MXML_DESCEND, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg_addr_max", ®,
+ MXML_DESCEND, NFT_XML_MAND, err) != 0)
return -1;
nat->sreg_addr_max = reg;
e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MAX);
- reg = nft_mxml_reg_parse(tree, "sreg_proto_min", MXML_DESCEND, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg_proto_min", ®,
+ MXML_DESCEND, NFT_XML_MAND, err) != 0)
return -1;
nat->sreg_proto_min = reg;
e->flags |= (1 << NFT_EXPR_NAT_REG_PROTO_MIN);
- reg = nft_mxml_reg_parse(tree, "sreg_proto_max", MXML_DESCEND, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "sreg_proto_max", ®,
+ MXML_DESCEND, NFT_XML_MAND, err) != 0)
return -1;
nat->sreg_proto_max = reg;
diff --git a/src/expr/payload.c b/src/expr/payload.c
index 2c1ef04..d64b097 100644
--- a/src/expr/payload.c
+++ b/src/expr/payload.c
@@ -242,10 +242,11 @@ nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
#ifdef XML_PARSING
struct nft_expr_payload *payload = nft_expr_data(e);
const char *base_str;
- int32_t reg, base;
+ int32_t base;
+ uint32_t reg;
- reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST, err);
- if (reg < 0)
+ if (nft_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST,
+ NFT_XML_MAND, err) != 0)
return -1;
payload->dreg = reg;
diff --git a/src/internal.h b/src/internal.h
index d3c58a2..ab12cec 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -51,7 +51,8 @@ mxml_node_t *nft_mxml_build_tree(const void *data, const char *treename,
struct nft_parse_err *err, enum nft_parse_input input);
struct nft_rule_expr *nft_mxml_expr_parse(mxml_node_t *node,
struct nft_parse_err *err);
-int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags,
+int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t *reg,
+ uint32_t mxmlflags, uint32_t flags,
struct nft_parse_err *err);
union nft_data_reg;
int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name,
diff --git a/src/mxml.c b/src/mxml.c
index ddbd01b..4988502 100644
--- a/src/mxml.c
+++ b/src/mxml.c
@@ -99,30 +99,34 @@ err:
return NULL;
}
-int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t flags,
+int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t *reg,
+ uint32_t mxmlflags, uint32_t flags,
struct nft_parse_err *err)
{
mxml_node_t *node;
- uint64_t val;
- node = mxmlFindElement(tree, tree, reg_name, NULL, NULL, flags);
+ node = mxmlFindElement(tree, tree, reg_name, NULL, NULL, mxmlflags);
if (node == NULL) {
- err->error = NFT_PARSE_EMISSINGNODE;
- errno = EINVAL;
- goto err;
+ if (!(flags & NFT_XML_OPT)) {
+ err->error = NFT_PARSE_EMISSINGNODE;
+ errno = EINVAL;
+ goto err;
+ }
+ return -1;
}
- if (nft_strtoi(node->child->value.opaque, BASE_DEC, &val,
- NFT_TYPE_U64) != 0) {
+ if (nft_strtoi(node->child->value.opaque, BASE_DEC, reg,
+ NFT_TYPE_U32) != 0) {
err->error = NFT_PARSE_EBADTYPE;
goto err;
}
- if (val > NFT_REG_MAX) {
+ if (*reg > NFT_REG_MAX) {
errno = ERANGE;
goto err;
}
- return val;
+
+ return 0;
err:
err->node_name = reg_name;
return -1;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [libnftables PATCH 2/2] lookup: xml: conditional output of dreg
2014-01-15 10:42 [libnftables PATCH 1/2] mxml: add optional/mandatory flag to nft_mxml_reg_parse Arturo Borrero Gonzalez
@ 2014-01-15 10:42 ` Arturo Borrero Gonzalez
2014-01-15 13:10 ` Pablo Neira Ayuso
2014-01-15 13:10 ` [libnftables PATCH 1/2] mxml: add optional/mandatory flag to nft_mxml_reg_parse Pablo Neira Ayuso
1 sibling, 1 reply; 4+ messages in thread
From: Arturo Borrero Gonzalez @ 2014-01-15 10:42 UTC (permalink / raw)
To: netfilter-devel; +Cc: pablo
The dreg attribute is optional as stated at:
net/netfilter/nf_lookup.c
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/expr/lookup.c | 43 ++++++++++++++++++++++++++++++-------------
1 file changed, 30 insertions(+), 13 deletions(-)
diff --git a/src/expr/lookup.c b/src/expr/lookup.c
index 546066a..0e53f58 100644
--- a/src/expr/lookup.c
+++ b/src/expr/lookup.c
@@ -213,41 +213,59 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
static int
nft_rule_expr_lookup_snprintf_json(char *buf, size_t size,
- struct nft_expr_lookup *l)
+ struct nft_rule_expr *e)
{
int len = size, offset = 0, ret;
+ struct nft_expr_lookup *l = nft_expr_data(e);
- ret = snprintf(buf, len, "\"set\":\"%s\",\"sreg\":%u,\"dreg\":%u",
- l->set_name, l->sreg, l->dreg);
+ ret = snprintf(buf, len, "\"set\":\"%s\",\"sreg\":%u",
+ l->set_name, l->sreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ if (e->flags & (1 << NFT_EXPR_LOOKUP_DREG)) {
+ ret = snprintf(buf+offset, len, ",\"dreg\":%u", l->dreg);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
return offset;
}
static int
nft_rule_expr_lookup_snprintf_xml(char *buf, size_t size,
- struct nft_expr_lookup *l)
+ struct nft_rule_expr *e)
{
int len = size, offset = 0, ret;
+ struct nft_expr_lookup *l = nft_expr_data(e);
- ret = snprintf(buf, len, "<set>%s</set><sreg>%u</sreg><dreg>%u</dreg>",
- l->set_name, l->sreg, l->dreg);
+ ret = snprintf(buf, len, "<set>%s</set><sreg>%u</sreg>",
+ l->set_name, l->sreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ if (e->flags & (1 << NFT_EXPR_LOOKUP_DREG)) {
+ ret = snprintf(buf+offset, len, "<dreg>%u</dreg>", l->dreg);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
return offset;
}
static int
nft_rule_expr_lookup_snprintf_default(char *buf, size_t size,
- struct nft_expr_lookup *l)
+ struct nft_rule_expr *e)
{
int len = size, offset = 0, ret;
+ struct nft_expr_lookup *l = nft_expr_data(e);
- ret = snprintf(buf, len, "reg %u set %s dreg %u ",
- l->sreg, l->set_name, l->dreg);
+ ret = snprintf(buf, len, "reg %u set %s ", l->sreg, l->set_name);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ if (e->flags & (1 << NFT_EXPR_LOOKUP_DREG)) {
+ ret = snprintf(buf+offset, len, "dreg %u ", l->dreg);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
return offset;
}
@@ -255,15 +273,14 @@ static int
nft_rule_expr_lookup_snprintf(char *buf, size_t size, uint32_t type,
uint32_t flags, struct nft_rule_expr *e)
{
- struct nft_expr_lookup *lookup = nft_expr_data(e);
switch(type) {
case NFT_OUTPUT_DEFAULT:
- return nft_rule_expr_lookup_snprintf_default(buf, size, lookup);
+ return nft_rule_expr_lookup_snprintf_default(buf, size, e);
case NFT_OUTPUT_XML:
- return nft_rule_expr_lookup_snprintf_xml(buf, size, lookup);
+ return nft_rule_expr_lookup_snprintf_xml(buf, size, e);
case NFT_OUTPUT_JSON:
- return nft_rule_expr_lookup_snprintf_json(buf, size, lookup);
+ return nft_rule_expr_lookup_snprintf_json(buf, size, e);
default:
break;
}
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [libnftables PATCH 1/2] mxml: add optional/mandatory flag to nft_mxml_reg_parse
2014-01-15 10:42 [libnftables PATCH 1/2] mxml: add optional/mandatory flag to nft_mxml_reg_parse Arturo Borrero Gonzalez
2014-01-15 10:42 ` [libnftables PATCH 2/2] lookup: xml: conditional output of dreg Arturo Borrero Gonzalez
@ 2014-01-15 13:10 ` Pablo Neira Ayuso
1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2014-01-15 13:10 UTC (permalink / raw)
To: Arturo Borrero Gonzalez; +Cc: netfilter-devel, pablo
On Wed, Jan 15, 2014 at 11:42:17AM +0100, Arturo Borrero Gonzalez wrote:
> There are some cases where a reg is not mandatory, for example:
> * dreg in lookup
> * dreg/sreg in meta (last version)
>
> So, lets change the function nft_mxml_reg_parse() to add
> an optional/mandatory flag.
>
> dreg in lookup is optional as stated at:
> net/netfilter/nft_lookup.c:nft_lookup_init()
Applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [libnftables PATCH 2/2] lookup: xml: conditional output of dreg
2014-01-15 10:42 ` [libnftables PATCH 2/2] lookup: xml: conditional output of dreg Arturo Borrero Gonzalez
@ 2014-01-15 13:10 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2014-01-15 13:10 UTC (permalink / raw)
To: Arturo Borrero Gonzalez; +Cc: netfilter-devel, pablo
On Wed, Jan 15, 2014 at 11:42:22AM +0100, Arturo Borrero Gonzalez wrote:
> The dreg attribute is optional as stated at:
> net/netfilter/nf_lookup.c
Also applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-01-15 13:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-15 10:42 [libnftables PATCH 1/2] mxml: add optional/mandatory flag to nft_mxml_reg_parse Arturo Borrero Gonzalez
2014-01-15 10:42 ` [libnftables PATCH 2/2] lookup: xml: conditional output of dreg Arturo Borrero Gonzalez
2014-01-15 13:10 ` Pablo Neira Ayuso
2014-01-15 13:10 ` [libnftables PATCH 1/2] mxml: add optional/mandatory flag to nft_mxml_reg_parse Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).