From: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: pablo@netfilter.org
Subject: [nft-sync PATCH 3/3] client: parse ruleset before printing
Date: Fri, 26 Dec 2014 13:51:33 +0100 [thread overview]
Message-ID: <20141226125133.16382.87197.stgit@nfdev.cica.es> (raw)
In-Reply-To: <20141226125122.16382.30213.stgit@nfdev.cica.es>
Instead of printing directly the payload to stdout, let's parse it with
libnftnl, so we make sure we fetch a ruleset that we actually understand.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
src/client.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 46 insertions(+), 3 deletions(-)
diff --git a/src/client.c b/src/client.c
index d509a52..c979392 100644
--- a/src/client.c
+++ b/src/client.c
@@ -21,12 +21,55 @@
#include "msg_buff.h"
#include "proto.h"
#include "config.h"
+#include "utils.h"
+
+#include <libnftnl/ruleset.h>
+#include <libnftnl/common.h>
+
+static struct nft_ruleset *payload2ruleset(struct msg_buff *msgb)
+{
+ struct nft_ruleset *rs;
+ struct nft_parse_err *err;
+ char *data = (char *)(msgb_data(msgb) + sizeof(struct nft_sync_hdr));
+
+ rs = nft_ruleset_alloc();
+ if (rs == NULL)
+ memory_allocation_error();
+
+ err = nft_parse_err_alloc();
+ if (err == NULL)
+ memory_allocation_error();
+
+ if (nft_ruleset_parse(rs, NFT_PARSE_XML, data, err) < 0) {
+ nft_parse_perror("unable to parse remote ruleset", err);
+ nft_parse_err_free(err);
+ nft_ruleset_free(rs);
+ return NULL;
+ }
+
+ nft_parse_err_free(err);
+ return rs;
+}
static void print_payload(struct msg_buff *msgb)
{
- write(1, msgb_data(msgb) + sizeof(struct nft_sync_hdr),
- msgb_len(msgb) - sizeof(struct nft_sync_hdr));
- write(1, "\n", 1);
+ struct nft_ruleset *rs = payload2ruleset(msgb);
+
+ if (rs == NULL) {
+ nfts_log(NFTS_LOG_ERROR,
+ "unable to parse remote ruleset\n");
+ return;
+ }
+
+ if (nft_ruleset_fprintf(stdout, rs, NFT_OUTPUT_XML, 0) < 0) {
+ nfts_log(NFTS_LOG_ERROR,
+ "unable to print remote ruleset to stdout\n");
+ nft_ruleset_free(rs);
+ return;
+ }
+
+ nft_ruleset_free(rs);
+ fprintf(stdout, "\n");
}
static int process_response(struct msg_buff *msgb, int len)
next prev parent reply other threads:[~2014-12-26 12:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-26 12:51 [nft-sync PATCH 1/3] build: rename configure.in to configure.ac Arturo Borrero Gonzalez
2014-12-26 12:51 ` [nft-sync PATCH 2/3] mnl: sync source code with nft Arturo Borrero Gonzalez
2015-01-05 11:29 ` Pablo Neira Ayuso
2015-01-05 12:17 ` Arturo Borrero Gonzalez
2014-12-26 12:51 ` Arturo Borrero Gonzalez [this message]
2015-01-05 11:30 ` [nft-sync PATCH 3/3] client: parse ruleset before printing Pablo Neira Ayuso
2015-01-05 11:23 ` [nft-sync PATCH 1/3] build: rename configure.in to configure.ac Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141226125133.16382.87197.stgit@nfdev.cica.es \
--to=arturo.borrero.glez@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).