This patch translates the Netfilter hooknumber to a readable string.
Useful for printing and parsing in XML and JSON formats.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
---
src/chain.c | 36 +++++++++++++++++++++++++++---------
test/nft-chain-xml-add.sh | 6 +++---
2 files changed, 30 insertions(+), 12 deletions(-)
diff --git a/src/chain.c b/src/chain.c
index 6673b82..f3ba532 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -22,6 +22,7 @@
#include <libmnl/libmnl.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter.h>
#include <libnftables/chain.h>
@@ -42,6 +43,14 @@ struct nft_chain {
uint32_t flags;
};
+static const char *hooknum2str_array[NF_INET_NUMHOOKS] = {
+ [NF_INET_PRE_ROUTING] = "NF_INET_PRE_ROUTING",
+ [NF_INET_LOCAL_IN] = "NF_INET_LOCAL_IN",
+ [NF_INET_FORWARD] = "NF_INET_FORWARD",
+ [NF_INET_LOCAL_OUT] = "NF_INET_LOCAL_OUT",
+ [NF_INET_POST_ROUTING] = "NF_INET_POST_ROUTING",
+};
+
struct nft_chain *nft_chain_alloc(void)
{
return calloc(1, sizeof(struct nft_chain));
@@ -629,15 +638,22 @@ static int nft_chain_xml_parse(struct nft_chain *c, char *xml)
mxmlDelete(tree);
return -1;
}
- utmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (utmp > UINT32_MAX || utmp < 0 || *endptr) {
+
+ /* iterate the list of hooks until a match is found */
+ for (utmp = 0; utmp < NF_INET_NUMHOOKS; utmp++) {
+ if (strcmp(node->child->value.opaque, hooknum2str_array[utmp]) == 0) {
+ c->hooknum = utmp;
+ c->flags |= (1 << NFT_CHAIN_ATTR_HOOKNUM);
+ break;
+ }
+ }
+
+ /* if no hook was found, error */
+ if (!(c->flags & (1 << NFT_CHAIN_ATTR_HOOKNUM))) {
mxmlDelete(tree);
return -1;
}
- memcpy(&c->hooknum, &utmp, sizeof(c->hooknum));
- c->flags |= (1 << NFT_CHAIN_ATTR_HOOKNUM);
-
/* Get and set <policy> */
node = mxmlFindElement(tree, tree, "policy", NULL, NULL, MXML_DESCEND);
if (node == NULL) {
@@ -709,7 +725,7 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
"\"table\" : \"%s\","
"\"prio\" : %d,"
"\"use\" : %d,"
- "\"hooknum\" : %d,"
+ "\"hooknum\" : %s,"
"\"policy\" : %d,"
"\"family\" : %d"
"}"
@@ -717,7 +733,8 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
"}",
c->name, c->handle, c->bytes, c->packets,
NFT_CHAIN_JSON_VERSION, c->type, c->table,
- c->prio, c->use, c->hooknum, c->policy, c->family);
+ c->prio, c->use, hooknum2str_array[c->hooknum],
+ c->policy, c->family);
}
static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
@@ -730,14 +747,15 @@ static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
"<table>%s</table>"
"<prio>%d</prio>"
"<use>%d</use>"
- "<hooknum>%d</hooknum>"
+ "<hooknum>%s</hooknum>"
"<policy>%d</policy>"
"<family>%d</family>"
"</properties>"
"</chain>",
c->name, c->handle, c->bytes, c->packets,
NFT_CHAIN_XML_VERSION, c->type, c->table,
- c->prio, c->use, c->hooknum, c->policy, c->family);
+ c->prio, c->use, hooknum2str_array[c->hooknum],
+ c->policy, c->family);
}
static int nft_chain_snprintf_default(char *buf, size_t size, struct nft_chain *c)
diff --git a/test/nft-chain-xml-add.sh b/test/nft-chain-xml-add.sh
index d1bd839..fda28cb 100755
--- a/test/nft-chain-xml-add.sh
+++ b/test/nft-chain-xml-add.sh
@@ -40,7 +40,7 @@ XML="<chain name=\"test1\" handle=\"100\" bytes=\"123\" packets=\"321\" version=
<table>filter</table>
<prio>0</prio>
<use>0</use>
- <hooknum>2</hooknum>
+ <hooknum>NF_INET_LOCAL_IN</hooknum>
<policy>1</policy>
<family>2</family>
</properties>
@@ -61,7 +61,7 @@ XML="<chain name=\"test2\" handle=\"101\" bytes=\"59\" packets=\"1\" version=\"0
<table>filter</table>
<prio>1</prio>
<use>0</use>
- <hooknum>4</hooknum>
+ <hooknum>NF_INET_POST_ROUTING</hooknum>
<policy>1</policy>
<family>10</family>
</properties>
@@ -83,7 +83,7 @@ XML="<chain name=\"test3\" handle=\"102\" bytes=\"51231239\" packets=\"112312312
<table>filter</table>
<prio>0</prio>
<use>0</use>
- <hooknum>4</hooknum>
+ <hooknum>NF_INET_FORWARD</hooknum>
<policy>1</policy>
<family>2</family>
</properties>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
