[libnftnl PATCH 1/2] common: add wrapper to represent events

[libnftnl PATCH 1/2] common: add wrapper to represent events

[Arturo Borrero Gonzalez]

This patch adds a simple string wrapper to represent nf_tables events.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 include/libnftnl/common.h |    6 +++++
 src/common.c              |   59 +++++++++++++++++++++++++++++++++++++++++++++
 src/libnftnl.map          |    3 ++
 3 files changed, 68 insertions(+)

diff --git a/include/libnftnl/common.h b/include/libnftnl/common.h
index f0c20f0..96f8155 100644
--- a/include/libnftnl/common.h
+++ b/include/libnftnl/common.h
@@ -2,6 +2,7 @@
 #define _LIBNFTNL_COMMON_H_
 
 #include <stdint.h>
+#include <stdio.h>
 
 enum {
 	NFT_PARSE_EBADINPUT	= 0,
@@ -30,4 +31,9 @@ struct nlmsghdr *nft_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family,
 struct nft_parse_err *nft_parse_err_alloc(void);
 void nft_parse_err_free(struct nft_parse_err *);
 int nft_parse_perror(const char *str, struct nft_parse_err *err);
+int nft_event_snprintf(char *buf, size_t bufsiz, const char *content,
+		       uint32_t format, uint32_t type);
+int nft_event_fprintf(FILE *fp, const char *content,
+		      uint32_t format, uint32_t type);
+
 #endif
diff --git a/src/common.c b/src/common.c
index 336d2b4..5ded0de 100644
--- a/src/common.c
+++ b/src/common.c
@@ -8,9 +8,11 @@
  */
 
 #include <stdlib.h>
+#include <stdio.h>
 #include <sys/socket.h>
 #include <linux/netlink.h>
 #include <linux/netfilter/nfnetlink.h>
+#include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
 #include <libnftnl/common.h>
@@ -66,3 +68,60 @@ int nft_parse_perror(const char *str, struct nft_parse_err *err)
 	}
 }
 EXPORT_SYMBOL(nft_parse_perror);
+
+int nft_event_snprintf(char *buf, size_t bufsiz, const char *content,
+		       uint32_t format, uint32_t type)
+{
+	const char *type_str = "unknown";
+	int ret;
+
+	switch (type) {
+	case NFT_MSG_NEWTABLE:
+	case NFT_MSG_NEWCHAIN:
+	case NFT_MSG_NEWSET:
+	case NFT_MSG_NEWRULE:
+	case NFT_MSG_NEWSETELEM:
+		type_str = "new";
+		break;
+	case NFT_MSG_DELTABLE:
+	case NFT_MSG_DELCHAIN:
+	case NFT_MSG_DELSET:
+	case NFT_MSG_DELRULE:
+	case NFT_MSG_DELSETELEM:
+		type_str = "destroy";
+		break;
+	}
+
+	switch (format) {
+	case NFT_OUTPUT_XML:
+		ret = snprintf(buf, bufsiz, "<event><type>%s</type>"
+			       "<nftables>%s</nftables></event>",
+			       type_str, content);
+		break;
+	case NFT_OUTPUT_JSON:
+		ret = snprintf(buf, bufsiz, "{event:{type:\"%s\","
+			       "{\"nftables\":[\"%s\"]}}}",
+			       type_str, content);
+		break;
+	default:
+		ret = snprintf(buf, bufsiz, "[%s] %s", type_str, content);
+	}
+
+	return ret;
+}
+EXPORT_SYMBOL(nft_event_snprintf);
+
+static int nft_event_do_snprintf(char *buf, size_t bufsiz, void *content,
+				 uint32_t format, uint32_t type)
+{
+	return nft_event_snprintf(buf, bufsiz, (const char *)content,
+				  format, type);
+}
+
+int nft_event_fprintf(FILE *fp, const char *content,
+		      uint32_t format, uint32_t type)
+{
+	return nft_fprintf(fp, (void *)content, format, type,
+			   nft_event_do_snprintf);
+}
+EXPORT_SYMBOL(nft_event_fprintf);
diff --git a/src/libnftnl.map b/src/libnftnl.map
index b11db67..18e58fa 100644
--- a/src/libnftnl.map
+++ b/src/libnftnl.map
@@ -205,4 +205,7 @@ LIBNFTNL_1.1 {
   nft_rule_attr_get_data;
   nft_set_attr_set_data;
   nft_set_attr_get_data;
+
+  nft_event_snprintf;
+  nft_event_fprintf;
 } LIBNFTNL_1.0;

[libnftnl PATCH 2/2] examples: nft-events: use new events wrappers

[Arturo Borrero Gonzalez]

Let's use the new event wrappers in the events example.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 examples/nft-events.c |   16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/examples/nft-events.c b/examples/nft-events.c
index 989f4bd..9d33295 100644
--- a/examples/nft-events.c
+++ b/examples/nft-events.c
@@ -22,6 +22,7 @@
 #include <libnftnl/chain.h>
 #include <libnftnl/rule.h>
 #include <libnftnl/set.h>
+#include <libnftnl/common.h>
 
 static int table_cb(const struct nlmsghdr *nlh, int type)
 {
@@ -40,7 +41,8 @@ static int table_cb(const struct nlmsghdr *nlh, int type)
 	}
 
 	nft_table_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWTABLE ? "NEW" : "DEL", buf);
+	nft_event_fprintf(stdout, buf, NFT_OUTPUT_DEFAULT, type);
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_table_free(t);
@@ -65,7 +67,8 @@ static int rule_cb(const struct nlmsghdr *nlh, int type)
 	}
 
 	nft_rule_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWRULE ? "NEW" : "DEL", buf);
+	nft_event_fprintf(stdout, buf, NFT_OUTPUT_DEFAULT, type);
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_rule_free(t);
@@ -90,7 +93,8 @@ static int chain_cb(const struct nlmsghdr *nlh, int type)
 	}
 
 	nft_chain_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWCHAIN ? "NEW" : "DEL", buf);
+	nft_event_fprintf(stdout, buf, NFT_OUTPUT_DEFAULT, type);
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_chain_free(t);
@@ -115,7 +119,8 @@ static int set_cb(const struct nlmsghdr *nlh, int type)
 	}
 
 	nft_set_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWSET ? "NEW" : "DEL", buf);
+	nft_event_fprintf(stdout, buf, NFT_OUTPUT_DEFAULT, type);
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_set_free(t);
@@ -141,7 +146,8 @@ static int setelem_cb(const struct nlmsghdr *nlh, int type)
 	}
 
 	nft_set_snprintf(buf, sizeof(buf), s, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWSETELEM ? "NEW" : "DEL", buf);
+	nft_event_fprintf(stdout, buf, NFT_OUTPUT_DEFAULT, type);
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_set_free(s);

Re: [libnftnl PATCH 1/2] common: add wrapper to represent events

[Pablo Neira Ayuso]

On Tue, Apr 15, 2014 at 11:40:30AM +0200, Arturo Borrero Gonzalez wrote:
> This patch adds a simple string wrapper to represent nf_tables events.
> 
> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
> ---
>  include/libnftnl/common.h |    6 +++++
>  src/common.c              |   59 +++++++++++++++++++++++++++++++++++++++++++++
>  src/libnftnl.map          |    3 ++
>  3 files changed, 68 insertions(+)
> 
> diff --git a/include/libnftnl/common.h b/include/libnftnl/common.h
> index f0c20f0..96f8155 100644
> --- a/include/libnftnl/common.h
> +++ b/include/libnftnl/common.h
> @@ -2,6 +2,7 @@
>  #define _LIBNFTNL_COMMON_H_
>  
>  #include <stdint.h>
> +#include <stdio.h>
>  
>  enum {
>  	NFT_PARSE_EBADINPUT	= 0,
> @@ -30,4 +31,9 @@ struct nlmsghdr *nft_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family,
>  struct nft_parse_err *nft_parse_err_alloc(void);
>  void nft_parse_err_free(struct nft_parse_err *);
>  int nft_parse_perror(const char *str, struct nft_parse_err *err);
> +int nft_event_snprintf(char *buf, size_t bufsiz, const char *content,
> +		       uint32_t format, uint32_t type);
> +int nft_event_fprintf(FILE *fp, const char *content,
> +		      uint32_t format, uint32_t type);

We have flags in the existing output functions:

int nft_table_snprintf(char *buf, size_t size, struct nft_table *t,
                       uint32_t type, uint32_t flags);
int nft_table_fprintf(FILE *fp, struct nft_table *t, uint32_t type,
                      uint32_t flags);

I think you can add a new flag that tells that you have to add the
extra event handling that you need, thus, we don't need a new
interface.

You can most likely reuse most of the code in this patch.

[libnftnl PATCH 2/2] examples: nft-events: use new events wrappers

[Arturo Borrero Gonzalez]

Let's use the new event wrappers in the events example.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 examples/nft-events.c |   45 +++++++++++++++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 14 deletions(-)

diff --git a/examples/nft-events.c b/examples/nft-events.c
index 989f4bd..6177f95 100644
--- a/examples/nft-events.c
+++ b/examples/nft-events.c
@@ -22,11 +22,31 @@
 #include <libnftnl/chain.h>
 #include <libnftnl/rule.h>
 #include <libnftnl/set.h>
+#include <libnftnl/common.h>
+
+static uint32_t event2flag(uint32_t event)
+{
+	switch (event) {
+	case NFT_MSG_NEWTABLE:
+	case NFT_MSG_NEWCHAIN:
+	case NFT_MSG_NEWRULE:
+	case NFT_MSG_NEWSET:
+	case NFT_MSG_NEWSETELEM:
+		return (1 << NFT_OUTPUT_FLAG_EVENTNEW);
+	case NFT_MSG_DELTABLE:
+	case NFT_MSG_DELCHAIN:
+	case NFT_MSG_DELRULE:
+	case NFT_MSG_DELSET:
+	case NFT_MSG_DELSETELEM:
+		return (1 << NFT_OUTPUT_FLAG_EVENTDEL);
+	}
+
+	return 0;
+}
 
 static int table_cb(const struct nlmsghdr *nlh, int type)
 {
 	struct nft_table *t;
-	char buf[4096];
 
 	t = nft_table_alloc();
 	if (t == NULL) {
@@ -39,8 +59,8 @@ static int table_cb(const struct nlmsghdr *nlh, int type)
 		goto err_free;
 	}
 
-	nft_table_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWTABLE ? "NEW" : "DEL", buf);
+	nft_table_fprintf(stdout, t, NFT_OUTPUT_DEFAULT, event2flag(type));
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_table_free(t);
@@ -51,7 +71,6 @@ err:
 static int rule_cb(const struct nlmsghdr *nlh, int type)
 {
 	struct nft_rule *t;
-	char buf[4096];
 
 	t = nft_rule_alloc();
 	if (t == NULL) {
@@ -64,8 +83,8 @@ static int rule_cb(const struct nlmsghdr *nlh, int type)
 		goto err_free;
 	}
 
-	nft_rule_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWRULE ? "NEW" : "DEL", buf);
+	nft_rule_fprintf(stdout, t, NFT_OUTPUT_DEFAULT, event2flag(type));
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_rule_free(t);
@@ -76,7 +95,6 @@ err:
 static int chain_cb(const struct nlmsghdr *nlh, int type)
 {
 	struct nft_chain *t;
-	char buf[4096];
 
 	t = nft_chain_alloc();
 	if (t == NULL) {
@@ -89,8 +107,8 @@ static int chain_cb(const struct nlmsghdr *nlh, int type)
 		goto err_free;
 	}
 
-	nft_chain_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWCHAIN ? "NEW" : "DEL", buf);
+	nft_chain_fprintf(stdout, t, NFT_OUTPUT_DEFAULT, event2flag(type));
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_chain_free(t);
@@ -114,8 +132,8 @@ static int set_cb(const struct nlmsghdr *nlh, int type)
 		goto err_free;
 	}
 
-	nft_set_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWSET ? "NEW" : "DEL", buf);
+	nft_set_fprintf(stdout, t, NFT_OUTPUT_DEFAULT, event2flag(type));
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_set_free(t);
@@ -127,7 +145,6 @@ static int setelem_cb(const struct nlmsghdr *nlh, int type)
 {
 
 	struct nft_set *s;
-	char buf[4096];
 
 	s = nft_set_alloc();
 	if (s == NULL) {
@@ -140,8 +157,8 @@ static int setelem_cb(const struct nlmsghdr *nlh, int type)
 		goto err_free;
 	}
 
-	nft_set_snprintf(buf, sizeof(buf), s, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWSETELEM ? "NEW" : "DEL", buf);
+	nft_set_fprintf(stdout, s, NFT_OUTPUT_DEFAULT, event2flag(type));
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_set_free(s);