[libnftnl PATCH 1/2] src: add flag to add event wrapping in output functions

[libnftnl PATCH 1/2] src: add flag to add event wrapping in output functions

[Arturo Borrero Gonzalez]

This patch uses the flag option of each output function to print an
event wrapper string in each object.

In order to use this functionality, the caller must pass a flag with either
NFT_OUTPUT_FLAG_EVENTNEW or NFT_OUTPUT_FLAG_EVENTDEL activated.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 include/libnftnl/common.h |    5 +++
 src/chain.c               |   37 ++++++++++++++++++++++---
 src/internal.h            |    2 +
 src/rule.c                |   43 ++++++++++++++++++++++++++---
 src/ruleset.c             |   66 ++++++++++++++++++++++++++++++++++++++++-----
 src/set.c                 |   42 +++++++++++++++++++++++++----
 src/set_elem.c            |   37 ++++++++++++++++++++++---
 src/table.c               |   36 +++++++++++++++++++++----
 src/utils.c               |   45 +++++++++++++++++++++++++++++++
 9 files changed, 280 insertions(+), 33 deletions(-)

diff --git a/include/libnftnl/common.h b/include/libnftnl/common.h
index f0c20f0..f105c9a 100644
--- a/include/libnftnl/common.h
+++ b/include/libnftnl/common.h
@@ -15,6 +15,11 @@ enum nft_output_type {
 	NFT_OUTPUT_JSON,
 };
 
+enum {
+	NFT_OUTPUT_FLAG_EVENTNEW	= 0,
+	NFT_OUTPUT_FLAG_EVENTDEL,
+};
+
 enum nft_parse_type {
 	NFT_PARSE_NONE		= 0,
 	NFT_PARSE_XML,
diff --git a/src/chain.c b/src/chain.c
index 472203e..87558a1 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -924,17 +924,44 @@ static int nft_chain_snprintf_default(char *buf, size_t size,
 int nft_chain_snprintf(char *buf, size_t size, struct nft_chain *c,
 		       uint32_t type, uint32_t flags)
 {
+	int ret, len = size, offset = 0;
+
+	if (flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTNEW,
+						 type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	} else if (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL)) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTDEL,
+						 type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
 	switch(type) {
 	case NFT_OUTPUT_DEFAULT:
-		return nft_chain_snprintf_default(buf, size, c);
+		ret = nft_chain_snprintf_default(buf+offset, len, c);
+		break;
 	case NFT_OUTPUT_XML:
-		return nft_chain_snprintf_xml(buf, size, c);
+		ret = nft_chain_snprintf_xml(buf+offset, len, c);
+		break;
 	case NFT_OUTPUT_JSON:
-		return nft_chain_snprintf_json(buf, size, c);
-	default:
+		ret = nft_chain_snprintf_json(buf+offset, len, c);
 		break;
+	default:
+		return -1;
 	}
-	return -1;
+
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	if ((flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) ||
+	    (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL))) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_closetag(type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
+	return offset;
 }
 EXPORT_SYMBOL(nft_chain_snprintf);
 
diff --git a/src/internal.h b/src/internal.h
index ba994c8..8979bb7 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -136,6 +136,8 @@ int nft_get_value(enum nft_type type, void *val, void *out);
 
 #include <stdio.h>
 int nft_fprintf(FILE *fp, void *obj, uint32_t type, uint32_t flags, int (*snprintf_cb)(char *buf, size_t bufsiz, void *obj, uint32_t type, uint32_t flags));
+const char *nft_event_opentag(uint32_t event, uint32_t format);
+const char *nft_event_closetag(uint32_t format);
 
 void xfree(const void *ptr);
 
diff --git a/src/rule.c b/src/rule.c
index df9dd80..0a9ee1d 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -967,17 +967,50 @@ static int nft_rule_snprintf_default(char *buf, size_t size, struct nft_rule *r,
 int nft_rule_snprintf(char *buf, size_t size, struct nft_rule *r,
 		       uint32_t type, uint32_t flags)
 {
+	int ret, len = size, offset = 0;
+	uint32_t noevent_flags = flags;
+
+	if (flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTNEW,
+						 type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+		noevent_flags &= ~(1 << NFT_OUTPUT_FLAG_EVENTNEW);
+	} else if (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL)) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTDEL,
+						 type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+		noevent_flags &= ~(1 << NFT_OUTPUT_FLAG_EVENTDEL);
+	}
+
 	switch(type) {
 	case NFT_OUTPUT_DEFAULT:
-		return nft_rule_snprintf_default(buf, size, r, type, flags);
+		ret = nft_rule_snprintf_default(buf+offset, len, r, type,
+						noevent_flags);
+		break;
 	case NFT_OUTPUT_XML:
-		return nft_rule_snprintf_xml(buf, size, r, type, flags);
+		ret = nft_rule_snprintf_xml(buf+offset, len, r, type,
+					    noevent_flags);
+		break;
 	case NFT_OUTPUT_JSON:
-		return nft_rule_snprintf_json(buf, size, r, type, flags);
-	default:
+		ret = nft_rule_snprintf_json(buf+offset, len, r, type,
+					     noevent_flags);
 		break;
+	default:
+		return -1;
 	}
-	return -1;
+
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	if ((flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) ||
+	    (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL))) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_closetag(type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
+	return offset;
 }
 EXPORT_SYMBOL(nft_rule_snprintf);
 
diff --git a/src/ruleset.c b/src/ruleset.c
index 3cbec09..2b249ef 100644
--- a/src/ruleset.c
+++ b/src/ruleset.c
@@ -765,6 +765,24 @@ nft_ruleset_do_snprintf(char *buf, size_t size, const struct nft_ruleset *rs,
 {
 	int ret, len = size, offset = 0;
 	void *prev = NULL;
+	uint32_t noevent_flags;
+
+	/* dont pass events flags to child calls of _snprintf() */
+	noevent_flags = flags;
+
+	if (flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) {
+		ret = snprintf(buf+offset, size, "%s",
+			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTNEW,
+						 type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+		noevent_flags &= ~(1 << NFT_OUTPUT_FLAG_EVENTNEW);
+	} else if (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL)) {
+		ret = snprintf(buf+offset, size, "%s",
+			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTDEL,
+						 type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+		noevent_flags &= ~(1 << NFT_OUTPUT_FLAG_EVENTDEL);
+	}
 
 	ret = snprintf(buf+offset, size, "%s", nft_ruleset_o_opentag(type));
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
@@ -772,7 +790,7 @@ nft_ruleset_do_snprintf(char *buf, size_t size, const struct nft_ruleset *rs,
 	if (nft_ruleset_attr_is_set(rs, NFT_RULESET_ATTR_TABLELIST) &&
 	    (!nft_table_list_is_empty(rs->table_list))) {
 		ret = nft_ruleset_snprintf_table(buf+offset, len, rs,
-						 type, flags);
+						 type, noevent_flags);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 		if (ret > 0)
@@ -786,7 +804,7 @@ nft_ruleset_do_snprintf(char *buf, size_t size, const struct nft_ruleset *rs,
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 		ret = nft_ruleset_snprintf_chain(buf+offset, len, rs,
-						 type, flags);
+						 type, noevent_flags);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 		if (ret > 0)
@@ -800,7 +818,7 @@ nft_ruleset_do_snprintf(char *buf, size_t size, const struct nft_ruleset *rs,
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 		ret = nft_ruleset_snprintf_set(buf+offset, len, rs,
-					       type, flags);
+					       type, noevent_flags);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 		if (ret > 0)
@@ -814,13 +832,20 @@ nft_ruleset_do_snprintf(char *buf, size_t size, const struct nft_ruleset *rs,
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 		ret = nft_ruleset_snprintf_rule(buf+offset, len, rs,
-						type, flags);
+						type, noevent_flags);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
 	ret = snprintf(buf+offset, size, "%s", nft_ruleset_o_closetag(type));
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
+	if ((flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) ||
+	    (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL))) {
+		ret = snprintf(buf+offset, size, "%s",
+			       nft_event_closetag(type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
 	return offset;
 }
 
@@ -989,13 +1014,32 @@ int nft_ruleset_fprintf(FILE *fp, const struct nft_ruleset *rs, uint32_t type,
 {
 	int len = 0, ret = 0;
 	void *prev = NULL;
+	uint32_t noevent_flags;
+
+	/* dont pass events flags to child calls of _snprintf() */
+	noevent_flags = flags;
+
+	if (flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) {
+		ret = fprintf(fp, "%s",
+			      nft_event_opentag(NFT_OUTPUT_FLAG_EVENTNEW,
+						type));
+		NFT_FPRINTF_RETURN_OR_FIXLEN(ret, len);
+		noevent_flags &= ~(1 << NFT_OUTPUT_FLAG_EVENTNEW);
+
+	} else if (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL)) {
+		ret = fprintf(fp, "%s",
+			      nft_event_opentag(NFT_OUTPUT_FLAG_EVENTDEL,
+						type));
+		NFT_FPRINTF_RETURN_OR_FIXLEN(ret, len);
+		noevent_flags &= ~(1 << NFT_OUTPUT_FLAG_EVENTNEW);
+	}
 
 	ret = fprintf(fp, "%s", nft_ruleset_o_opentag(type));
 	NFT_FPRINTF_RETURN_OR_FIXLEN(ret, len);
 
 	if ((nft_ruleset_attr_is_set(rs, NFT_RULESET_ATTR_TABLELIST)) &&
 	    (!nft_table_list_is_empty(rs->table_list))) {
-		ret = nft_ruleset_fprintf_tables(fp, rs, type, flags);
+		ret = nft_ruleset_fprintf_tables(fp, rs, type, noevent_flags);
 		NFT_FPRINTF_RETURN_OR_FIXLEN(ret, len);
 
 		if (ret > 0)
@@ -1007,7 +1051,7 @@ int nft_ruleset_fprintf(FILE *fp, const struct nft_ruleset *rs, uint32_t type,
 		ret = fprintf(fp, "%s", nft_ruleset_o_separator(prev, type));
 		NFT_FPRINTF_RETURN_OR_FIXLEN(ret, len);
 
-		ret = nft_ruleset_fprintf_chains(fp, rs, type, flags);
+		ret = nft_ruleset_fprintf_chains(fp, rs, type, noevent_flags);
 		NFT_FPRINTF_RETURN_OR_FIXLEN(ret, len);
 
 		if (ret > 0)
@@ -1019,7 +1063,7 @@ int nft_ruleset_fprintf(FILE *fp, const struct nft_ruleset *rs, uint32_t type,
 		ret = fprintf(fp, "%s", nft_ruleset_o_separator(prev, type));
 		NFT_FPRINTF_RETURN_OR_FIXLEN(ret, len);
 
-		ret = nft_ruleset_fprintf_sets(fp, rs, type, flags);
+		ret = nft_ruleset_fprintf_sets(fp, rs, type, noevent_flags);
 		NFT_FPRINTF_RETURN_OR_FIXLEN(ret, len);
 
 		if (ret > 0)
@@ -1031,13 +1075,19 @@ int nft_ruleset_fprintf(FILE *fp, const struct nft_ruleset *rs, uint32_t type,
 		ret = fprintf(fp, "%s", nft_ruleset_o_separator(prev, type));
 		NFT_FPRINTF_RETURN_OR_FIXLEN(ret, len);
 
-		ret = nft_ruleset_fprintf_rules(fp, rs, type, flags);
+		ret = nft_ruleset_fprintf_rules(fp, rs, type, noevent_flags);
 		NFT_FPRINTF_RETURN_OR_FIXLEN(ret, len);
 	}
 
 	ret = fprintf(fp, "%s", nft_ruleset_o_closetag(type));
 	NFT_FPRINTF_RETURN_OR_FIXLEN(ret, len);
 
+	if ((flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) ||
+	    (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL))) {
+		ret = fprintf(fp, "%s", nft_event_closetag(type));
+		NFT_FPRINTF_RETURN_OR_FIXLEN(ret, len);
+	}
+
 	return len;
 }
 EXPORT_SYMBOL(nft_ruleset_fprintf);
diff --git a/src/set.c b/src/set.c
index 550c262..59832aa 100644
--- a/src/set.c
+++ b/src/set.c
@@ -704,17 +704,49 @@ static int nft_set_snprintf_xml(char *buf, size_t size, struct nft_set *s,
 int nft_set_snprintf(char *buf, size_t size, struct nft_set *s,
 		     uint32_t type, uint32_t flags)
 {
+	int ret, len = size, offset = 0;
+	uint32_t noevent_flags = flags;
+
+	if (flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTNEW,
+						 type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+		noevent_flags &= ~(1 << NFT_OUTPUT_FLAG_EVENTNEW);
+	} else if (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL)) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTDEL,
+						 type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+		noevent_flags &= ~(1 << NFT_OUTPUT_FLAG_EVENTDEL);
+	}
+
 	switch(type) {
 	case NFT_OUTPUT_DEFAULT:
-		return nft_set_snprintf_default(buf, size, s, type, flags);
+		ret = nft_set_snprintf_default(buf+offset, len, s, type,
+					       noevent_flags);
+		break;
 	case NFT_OUTPUT_XML:
-		return nft_set_snprintf_xml(buf, size, s, flags);
+		ret = nft_set_snprintf_xml(buf+offset, len, s, noevent_flags);
+		break;
 	case NFT_OUTPUT_JSON:
-		return nft_set_snprintf_json(buf, size, s, type, flags);
-	default:
+		ret = nft_set_snprintf_json(buf+offset, len, s, type,
+					    noevent_flags);
 		break;
+	default:
+		return -1;
 	}
-	return -1;
+
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	if ((flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) ||
+	    (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL))) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_closetag(type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
+	return offset;
 }
 EXPORT_SYMBOL(nft_set_snprintf);
 
diff --git a/src/set_elem.c b/src/set_elem.c
index a747ba6..9181a10 100644
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -591,17 +591,44 @@ static int nft_set_elem_snprintf_xml(char *buf, size_t size,
 int nft_set_elem_snprintf(char *buf, size_t size, struct nft_set_elem *e,
 			   uint32_t type, uint32_t flags)
 {
+	int ret, len = size, offset = 0;
+
+	if (flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTNEW,
+						 type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	} else if (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL)) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTDEL,
+						 type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
 	switch(type) {
 	case NFT_OUTPUT_DEFAULT:
-		return nft_set_elem_snprintf_default(buf, size, e);
+		ret = nft_set_elem_snprintf_default(buf+offset, len, e);
+		break;
 	case NFT_OUTPUT_XML:
-		return nft_set_elem_snprintf_xml(buf, size, e, flags);
+		ret = nft_set_elem_snprintf_xml(buf+offset, len, e, flags);
+		break;
 	case NFT_OUTPUT_JSON:
-		return nft_set_elem_snprintf_json(buf, size, e, flags);
-	default:
+		ret = nft_set_elem_snprintf_json(buf+offset, len, e, flags);
 		break;
+	default:
+		return -1;
 	}
-	return -1;
+
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	if ((flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) ||
+	    (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL))) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_closetag(type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
+	return offset;
 }
 EXPORT_SYMBOL(nft_set_elem_snprintf);
 
diff --git a/src/table.c b/src/table.c
index 44e9a7b..82ca84d 100644
--- a/src/table.c
+++ b/src/table.c
@@ -441,17 +441,43 @@ static int nft_table_snprintf_default(char *buf, size_t size, struct nft_table *
 int nft_table_snprintf(char *buf, size_t size, struct nft_table *t,
 		       uint32_t type, uint32_t flags)
 {
+	int ret, len = size, offset = 0;
+
+	if (flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTNEW,
+						 type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	} else if (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL)) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTDEL,
+						 type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
 	switch(type) {
 	case NFT_OUTPUT_DEFAULT:
-		return nft_table_snprintf_default(buf, size, t);
+		ret = nft_table_snprintf_default(buf+offset, len, t);
+		break;
 	case NFT_OUTPUT_XML:
-		return nft_table_snprintf_xml(buf, size, t);
+		ret = nft_table_snprintf_xml(buf+offset, len, t);
+		break;
 	case NFT_OUTPUT_JSON:
-		return nft_table_snprintf_json(buf, size, t);
-	default:
+		ret = nft_table_snprintf_json(buf+offset, len, t);
 		break;
+	default:
+		return -1;
 	}
-	return -1;
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	if ((flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) ||
+	    (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL))) {
+		ret = snprintf(buf+offset, len, "%s",
+			       nft_event_closetag(type));
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
+	return offset;
 }
 EXPORT_SYMBOL(nft_table_snprintf);
 
diff --git a/src/utils.c b/src/utils.c
index 18917f5..870157a 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -212,6 +212,51 @@ int nft_fprintf(FILE *fp, void *obj, uint32_t type, uint32_t flags,
 	return ret;
 }
 
+const char *nft_event_opentag(uint32_t event, uint32_t format)
+{
+	switch (format) {
+	case NFT_OUTPUT_XML:
+		switch (event) {
+		case NFT_OUTPUT_FLAG_EVENTNEW:
+			return "<event><type>new</type>";
+		case NFT_OUTPUT_FLAG_EVENTDEL:
+			return "<event><type>destroy</type>";
+		default:
+			return "[unknown]";
+		}
+	case NFT_OUTPUT_JSON:
+		switch (event) {
+		case NFT_OUTPUT_FLAG_EVENTNEW:
+			return "{event:{type:\"new\",{\"";
+		case NFT_OUTPUT_FLAG_EVENTDEL:
+			return "{event:{type:\"destroy\",{\"";
+		default:
+			return "[unknown]";
+		}
+	default:
+		switch (event) {
+		case NFT_OUTPUT_FLAG_EVENTNEW:
+			return "[NEW] ";
+		case NFT_OUTPUT_FLAG_EVENTDEL:
+			return "[DEL] ";
+		default:
+			return "[unknown]";
+		}
+	}
+}
+
+const char *nft_event_closetag(uint32_t format)
+{
+	switch (format) {
+	case NFT_OUTPUT_XML:
+		return "</event>";
+	case NFT_OUTPUT_JSON:
+		return "}}}";
+	default:
+		return "";
+	}
+}
+
 void __nft_assert_fail(uint16_t attr, const char *filename, int line)
 {
 	fprintf(stderr, "libnftnl: attribute %d assertion failed in %s:%d\n",

[libnftnl PATCH 2/2] examples: nft-events: use new events wrappers

[Arturo Borrero Gonzalez]

Let's use the new event wrappers in the events example.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 examples/nft-events.c |   45 +++++++++++++++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 14 deletions(-)

diff --git a/examples/nft-events.c b/examples/nft-events.c
index 989f4bd..6177f95 100644
--- a/examples/nft-events.c
+++ b/examples/nft-events.c
@@ -22,11 +22,31 @@
 #include <libnftnl/chain.h>
 #include <libnftnl/rule.h>
 #include <libnftnl/set.h>
+#include <libnftnl/common.h>
+
+static uint32_t event2flag(uint32_t event)
+{
+	switch (event) {
+	case NFT_MSG_NEWTABLE:
+	case NFT_MSG_NEWCHAIN:
+	case NFT_MSG_NEWRULE:
+	case NFT_MSG_NEWSET:
+	case NFT_MSG_NEWSETELEM:
+		return (1 << NFT_OUTPUT_FLAG_EVENTNEW);
+	case NFT_MSG_DELTABLE:
+	case NFT_MSG_DELCHAIN:
+	case NFT_MSG_DELRULE:
+	case NFT_MSG_DELSET:
+	case NFT_MSG_DELSETELEM:
+		return (1 << NFT_OUTPUT_FLAG_EVENTDEL);
+	}
+
+	return 0;
+}
 
 static int table_cb(const struct nlmsghdr *nlh, int type)
 {
 	struct nft_table *t;
-	char buf[4096];
 
 	t = nft_table_alloc();
 	if (t == NULL) {
@@ -39,8 +59,8 @@ static int table_cb(const struct nlmsghdr *nlh, int type)
 		goto err_free;
 	}
 
-	nft_table_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWTABLE ? "NEW" : "DEL", buf);
+	nft_table_fprintf(stdout, t, NFT_OUTPUT_DEFAULT, event2flag(type));
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_table_free(t);
@@ -51,7 +71,6 @@ err:
 static int rule_cb(const struct nlmsghdr *nlh, int type)
 {
 	struct nft_rule *t;
-	char buf[4096];
 
 	t = nft_rule_alloc();
 	if (t == NULL) {
@@ -64,8 +83,8 @@ static int rule_cb(const struct nlmsghdr *nlh, int type)
 		goto err_free;
 	}
 
-	nft_rule_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWRULE ? "NEW" : "DEL", buf);
+	nft_rule_fprintf(stdout, t, NFT_OUTPUT_DEFAULT, event2flag(type));
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_rule_free(t);
@@ -76,7 +95,6 @@ err:
 static int chain_cb(const struct nlmsghdr *nlh, int type)
 {
 	struct nft_chain *t;
-	char buf[4096];
 
 	t = nft_chain_alloc();
 	if (t == NULL) {
@@ -89,8 +107,8 @@ static int chain_cb(const struct nlmsghdr *nlh, int type)
 		goto err_free;
 	}
 
-	nft_chain_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWCHAIN ? "NEW" : "DEL", buf);
+	nft_chain_fprintf(stdout, t, NFT_OUTPUT_DEFAULT, event2flag(type));
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_chain_free(t);
@@ -114,8 +132,8 @@ static int set_cb(const struct nlmsghdr *nlh, int type)
 		goto err_free;
 	}
 
-	nft_set_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWSET ? "NEW" : "DEL", buf);
+	nft_set_fprintf(stdout, t, NFT_OUTPUT_DEFAULT, event2flag(type));
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_set_free(t);
@@ -127,7 +145,6 @@ static int setelem_cb(const struct nlmsghdr *nlh, int type)
 {
 
 	struct nft_set *s;
-	char buf[4096];
 
 	s = nft_set_alloc();
 	if (s == NULL) {
@@ -140,8 +157,8 @@ static int setelem_cb(const struct nlmsghdr *nlh, int type)
 		goto err_free;
 	}
 
-	nft_set_snprintf(buf, sizeof(buf), s, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWSETELEM ? "NEW" : "DEL", buf);
+	nft_set_fprintf(stdout, s, NFT_OUTPUT_DEFAULT, event2flag(type));
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_set_free(s);

Re: [libnftnl PATCH 1/2] src: add flag to add event wrapping in output functions

[Pablo Neira Ayuso]

On Tue, Apr 15, 2014 at 02:50:30PM +0200, Arturo Borrero Gonzalez wrote:
> This patch uses the flag option of each output function to print an
> event wrapper string in each object.
> 
> In order to use this functionality, the caller must pass a flag with either
> NFT_OUTPUT_FLAG_EVENTNEW or NFT_OUTPUT_FLAG_EVENTDEL activated.
> 
> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
> ---
>  include/libnftnl/common.h |    5 +++
>  src/chain.c               |   37 ++++++++++++++++++++++---
>  src/internal.h            |    2 +
>  src/rule.c                |   43 ++++++++++++++++++++++++++---
>  src/ruleset.c             |   66 ++++++++++++++++++++++++++++++++++++++++-----
>  src/set.c                 |   42 +++++++++++++++++++++++++----
>  src/set_elem.c            |   37 ++++++++++++++++++++++---
>  src/table.c               |   36 +++++++++++++++++++++----
>  src/utils.c               |   45 +++++++++++++++++++++++++++++++
>  9 files changed, 280 insertions(+), 33 deletions(-)
> 
> diff --git a/include/libnftnl/common.h b/include/libnftnl/common.h
> index f0c20f0..f105c9a 100644
> --- a/include/libnftnl/common.h
> +++ b/include/libnftnl/common.h
> @@ -15,6 +15,11 @@ enum nft_output_type {
>  	NFT_OUTPUT_JSON,
>  };
>  
> +enum {
> +	NFT_OUTPUT_FLAG_EVENTNEW	= 0,
> +	NFT_OUTPUT_FLAG_EVENTDEL,
> +};

Please, change this to:

enum nft_output_flags {
        NFT_OF_EVENT_NEW        = (1 << 0),
        NFT_OF_EVENT_DEL        = (1 << 1),
};

So people don't need to use (1 << NFT_OUTPUT_FLAG_EVENTNEW) to pass
the flag to nft_*_snprintf from their applications.

> +
>  enum nft_parse_type {
>  	NFT_PARSE_NONE		= 0,
>  	NFT_PARSE_XML,
> diff --git a/src/chain.c b/src/chain.c
> index 472203e..87558a1 100644
> --- a/src/chain.c
> +++ b/src/chain.c
> @@ -924,17 +924,44 @@ static int nft_chain_snprintf_default(char *buf, size_t size,
>  int nft_chain_snprintf(char *buf, size_t size, struct nft_chain *c,
>  		       uint32_t type, uint32_t flags)
>  {
> +	int ret, len = size, offset = 0;
> +
> +	if (flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) {
> +		ret = snprintf(buf+offset, len, "%s",

Use this instead "%9s ".

So you can use [NEW] and [DELETE] tags and the plain text event output
gets aligned (and you don't need to trim DELETE to DEL anymore).

Re: [libnftnl PATCH 1/2] src: add flag to add event wrapping in output functions

[Pablo Neira Ayuso]

On Tue, Apr 15, 2014 at 02:50:30PM +0200, Arturo Borrero Gonzalez wrote:
> diff --git a/src/chain.c b/src/chain.c
> index 472203e..87558a1 100644
> --- a/src/chain.c
> +++ b/src/chain.c
> @@ -924,17 +924,44 @@ static int nft_chain_snprintf_default(char *buf, size_t size,
>  int nft_chain_snprintf(char *buf, size_t size, struct nft_chain *c,
>  		       uint32_t type, uint32_t flags)
>  {
> +	int ret, len = size, offset = 0;
> +
> +	if (flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) {
> +		ret = snprintf(buf+offset, len, "%s",
> +			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTNEW,
> +						 type));
> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +	} else if (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL)) {
> +		ret = snprintf(buf+offset, len, "%s",
> +			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTDEL,
> +						 type));
> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +	}
> +
[...]
> +	if (flags & (1 << NFT_OUTPUT_FLAG_EVENTNEW)) {
> +		ret = snprintf(buf+offset, len, "%s",
> +			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTNEW,
> +						 type));
> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +		noevent_flags &= ~(1 << NFT_OUTPUT_FLAG_EVENTNEW);
> +	} else if (flags & (1 << NFT_OUTPUT_FLAG_EVENTDEL)) {
> +		ret = snprintf(buf+offset, len, "%s",
> +			       nft_event_opentag(NFT_OUTPUT_FLAG_EVENTDEL,
> +						 type));
> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +		noevent_flags &= ~(1 << NFT_OUTPUT_FLAG_EVENTDEL);
> +	}

This code looks very similar, you can encapsulate it in one function
to add the heading and the trailer.

Regarding the noevent_flags thing, which is the only different, you can do:

        unsigned int inner_flags &= ~NFT_OF_EVENT_ANY;

And use inner_flags to when you have nested calls (ie. like in ruleset.c).

The NFT_OF_EVENT_ANY mask should be something like:

enum ... {
        NFT_OF_EVENT_ANY        = (NFT_OF_EVENT_NEW | NFT_OF_EVENT_DEL)
};

Thanks.

[libnftnl PATCH 1/2] common: add wrapper to represent events

[Arturo Borrero Gonzalez]

This patch adds a simple string wrapper to represent nf_tables events.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 include/libnftnl/common.h |    6 +++++
 src/common.c              |   59 +++++++++++++++++++++++++++++++++++++++++++++
 src/libnftnl.map          |    3 ++
 3 files changed, 68 insertions(+)

diff --git a/include/libnftnl/common.h b/include/libnftnl/common.h
index f0c20f0..96f8155 100644
--- a/include/libnftnl/common.h
+++ b/include/libnftnl/common.h
@@ -2,6 +2,7 @@
 #define _LIBNFTNL_COMMON_H_
 
 #include <stdint.h>
+#include <stdio.h>
 
 enum {
 	NFT_PARSE_EBADINPUT	= 0,
@@ -30,4 +31,9 @@ struct nlmsghdr *nft_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family,
 struct nft_parse_err *nft_parse_err_alloc(void);
 void nft_parse_err_free(struct nft_parse_err *);
 int nft_parse_perror(const char *str, struct nft_parse_err *err);
+int nft_event_snprintf(char *buf, size_t bufsiz, const char *content,
+		       uint32_t format, uint32_t type);
+int nft_event_fprintf(FILE *fp, const char *content,
+		      uint32_t format, uint32_t type);
+
 #endif
diff --git a/src/common.c b/src/common.c
index 336d2b4..5ded0de 100644
--- a/src/common.c
+++ b/src/common.c
@@ -8,9 +8,11 @@
  */
 
 #include <stdlib.h>
+#include <stdio.h>
 #include <sys/socket.h>
 #include <linux/netlink.h>
 #include <linux/netfilter/nfnetlink.h>
+#include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
 #include <libnftnl/common.h>
@@ -66,3 +68,60 @@ int nft_parse_perror(const char *str, struct nft_parse_err *err)
 	}
 }
 EXPORT_SYMBOL(nft_parse_perror);
+
+int nft_event_snprintf(char *buf, size_t bufsiz, const char *content,
+		       uint32_t format, uint32_t type)
+{
+	const char *type_str = "unknown";
+	int ret;
+
+	switch (type) {
+	case NFT_MSG_NEWTABLE:
+	case NFT_MSG_NEWCHAIN:
+	case NFT_MSG_NEWSET:
+	case NFT_MSG_NEWRULE:
+	case NFT_MSG_NEWSETELEM:
+		type_str = "new";
+		break;
+	case NFT_MSG_DELTABLE:
+	case NFT_MSG_DELCHAIN:
+	case NFT_MSG_DELSET:
+	case NFT_MSG_DELRULE:
+	case NFT_MSG_DELSETELEM:
+		type_str = "destroy";
+		break;
+	}
+
+	switch (format) {
+	case NFT_OUTPUT_XML:
+		ret = snprintf(buf, bufsiz, "<event><type>%s</type>"
+			       "<nftables>%s</nftables></event>",
+			       type_str, content);
+		break;
+	case NFT_OUTPUT_JSON:
+		ret = snprintf(buf, bufsiz, "{event:{type:\"%s\","
+			       "{\"nftables\":[\"%s\"]}}}",
+			       type_str, content);
+		break;
+	default:
+		ret = snprintf(buf, bufsiz, "[%s] %s", type_str, content);
+	}
+
+	return ret;
+}
+EXPORT_SYMBOL(nft_event_snprintf);
+
+static int nft_event_do_snprintf(char *buf, size_t bufsiz, void *content,
+				 uint32_t format, uint32_t type)
+{
+	return nft_event_snprintf(buf, bufsiz, (const char *)content,
+				  format, type);
+}
+
+int nft_event_fprintf(FILE *fp, const char *content,
+		      uint32_t format, uint32_t type)
+{
+	return nft_fprintf(fp, (void *)content, format, type,
+			   nft_event_do_snprintf);
+}
+EXPORT_SYMBOL(nft_event_fprintf);
diff --git a/src/libnftnl.map b/src/libnftnl.map
index b11db67..18e58fa 100644
--- a/src/libnftnl.map
+++ b/src/libnftnl.map
@@ -205,4 +205,7 @@ LIBNFTNL_1.1 {
   nft_rule_attr_get_data;
   nft_set_attr_set_data;
   nft_set_attr_get_data;
+
+  nft_event_snprintf;
+  nft_event_fprintf;
 } LIBNFTNL_1.0;

[libnftnl PATCH 2/2] examples: nft-events: use new events wrappers

[Arturo Borrero Gonzalez]

Let's use the new event wrappers in the events example.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 examples/nft-events.c |   16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/examples/nft-events.c b/examples/nft-events.c
index 989f4bd..9d33295 100644
--- a/examples/nft-events.c
+++ b/examples/nft-events.c
@@ -22,6 +22,7 @@
 #include <libnftnl/chain.h>
 #include <libnftnl/rule.h>
 #include <libnftnl/set.h>
+#include <libnftnl/common.h>
 
 static int table_cb(const struct nlmsghdr *nlh, int type)
 {
@@ -40,7 +41,8 @@ static int table_cb(const struct nlmsghdr *nlh, int type)
 	}
 
 	nft_table_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWTABLE ? "NEW" : "DEL", buf);
+	nft_event_fprintf(stdout, buf, NFT_OUTPUT_DEFAULT, type);
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_table_free(t);
@@ -65,7 +67,8 @@ static int rule_cb(const struct nlmsghdr *nlh, int type)
 	}
 
 	nft_rule_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWRULE ? "NEW" : "DEL", buf);
+	nft_event_fprintf(stdout, buf, NFT_OUTPUT_DEFAULT, type);
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_rule_free(t);
@@ -90,7 +93,8 @@ static int chain_cb(const struct nlmsghdr *nlh, int type)
 	}
 
 	nft_chain_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWCHAIN ? "NEW" : "DEL", buf);
+	nft_event_fprintf(stdout, buf, NFT_OUTPUT_DEFAULT, type);
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_chain_free(t);
@@ -115,7 +119,8 @@ static int set_cb(const struct nlmsghdr *nlh, int type)
 	}
 
 	nft_set_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWSET ? "NEW" : "DEL", buf);
+	nft_event_fprintf(stdout, buf, NFT_OUTPUT_DEFAULT, type);
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_set_free(t);
@@ -141,7 +146,8 @@ static int setelem_cb(const struct nlmsghdr *nlh, int type)
 	}
 
 	nft_set_snprintf(buf, sizeof(buf), s, NFT_OUTPUT_DEFAULT, 0);
-	printf("[%s]\t%s\n", type == NFT_MSG_NEWSETELEM ? "NEW" : "DEL", buf);
+	nft_event_fprintf(stdout, buf, NFT_OUTPUT_DEFAULT, type);
+	fprintf(stdout, "\n");
 
 err_free:
 	nft_set_free(s);