From: Álvaro Neira Ayuso <alvaroneay@xxxxxxxxx>
In (bf39c53 set: add json output), the json support for sets was
incomplete:
* version, family, key_type, key_len, data_type, data_len were not included.
* Now I use nft_data_reg_snprintf for printing the key and data
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@xxxxxxxxx>
---
src/internal.h | 1 +
src/set.c | 23 +++++++++++++++++------
src/set_elem.c | 50 ++++++++++++++++++++++++++++----------------------
3 files changed, 46 insertions(+), 28 deletions(-)
diff --git a/src/internal.h b/src/internal.h
index 803dcc4..b3cdb76 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -28,6 +28,7 @@ int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, union nft_
#define NFT_TABLE_JSON_VERSION 0
#define NFT_CHAIN_JSON_VERSION 0
#define NFT_RULE_JSON_VERSION 0
+#define NFT_SET_JSON_VERSION 0
const char *nft_family2str(uint32_t family);
int nft_str2family(const char *family);
diff --git a/src/set.c b/src/set.c
index dc3bd27..343e27c 100644
--- a/src/set.c
+++ b/src/set.c
@@ -317,16 +317,27 @@ int nft_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set *s)
EXPORT_SYMBOL(nft_set_nlmsg_parse);
static int nft_set_snprintf_json(char *buf, size_t size, struct nft_set *s,
- uint32_t type, uint32_t flags)
+ uint32_t type, uint32_t flags)
{
- int ret;
- int len = size, offset = 0;
+ int len = size, offset = 0, ret;
struct nft_set_elem *elem;
- ret = snprintf(buf, size, "{ \"set\" : { \"name\" : \"%s\", \"table\" : \"%s\", \"flags\" : %u",
- s->name, s->table, s->set_flags);
+ ret = snprintf(buf, size, "{ \"set\": { \"name\": \"%s\","
+ "\"table\": \"%s\",\"version\": %d,"
+ "\"flags\": %u,\"family\": \"%s\","
+ "\"key_type\": %u,\"key_len\": %u",
+ s->name, s->table, NFT_SET_JSON_VERSION, s->set_flags,
+ nft_family2str(s->family), s->key_type, s->key_len);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ if(s->flags & (1 << NFT_SET_ATTR_DATA_TYPE) &&
+ s->flags & (1 << NFT_SET_ATTR_DATA_LEN)){
+ ret = snprintf(buf+offset, size,
+ ",\"data_type\": %u,\"data_len\": %u",
+ s->data_type, s->data_len);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
/* Empty set? Skip printinf of elements */
if (list_empty(&s->element_list)){
ret = snprintf(buf+offset, size, "}}");
@@ -334,7 +345,7 @@ static int nft_set_snprintf_json(char *buf, size_t size, struct nft_set *s,
return offset;
}
- ret = snprintf(buf+offset, size, ", \"set_elem\" : [");
+ ret = snprintf(buf+offset, size, ",\"set_elem\": [");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
list_for_each_entry(elem, &s->element_list, head) {
diff --git a/src/set_elem.c b/src/set_elem.c
index 3966cd6..eeab726 100644
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -385,34 +385,40 @@ int nft_set_elems_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_set *s)
}
EXPORT_SYMBOL(nft_set_elems_nlmsg_parse);
-static int nft_set_elem_snprintf_json(char *buf, size_t size, struct nft_set_elem *e)
+static int nft_set_elem_snprintf_json(char *buf, size_t size,
+ struct nft_set_elem *e, uint32_t flags)
{
- int ret, len = size, offset = 0, i, numregs;
+ int ret, len = size, offset = 0, type = -1;
- ret = snprintf(buf, size, "\"flags\" : %u", e->set_elem_flags);
+ ret = snprintf(buf, size, "\"set_elem_flags\": %u", e->set_elem_flags);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- numregs = div_round_up(e->key.len, sizeof(uint32_t));
- if (numregs != 0) {
- ret = snprintf(buf+offset, len, ", \"key\" : \"0x");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- for (i = 0; i < numregs; i++) {
- ret = snprintf(buf+offset, len, "%.8x", e->key.val[i]);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
- ret = snprintf(buf+offset, len, "\"");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
+ ret = snprintf(buf+offset, size, ",\"set_elem_key\": {");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = nft_data_reg_snprintf(buf+offset, len, &e->key,
+ NFT_RULE_O_JSON, flags, DATA_VALUE);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = snprintf(buf+offset, size, "}");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ if (e->flags & (1 << NFT_SET_ELEM_ATTR_DATA))
+ type = DATA_VALUE;
+ else if (e->flags & (1 << NFT_SET_ELEM_ATTR_CHAIN))
+ type = DATA_CHAIN;
+ else if (e->flags & (1 << NFT_SET_ELEM_ATTR_VERDICT))
+ type = DATA_VERDICT;
- numregs = div_round_up(e->data.len, sizeof(uint32_t));
- if (numregs != 0) {
- ret = snprintf(buf+offset, size, " ,\"data\" : \"0x");
+ if (type != -1) {
+ ret = snprintf(buf+offset, size, ",\"set_elem_data\": {");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- for (i = 0; i < numregs; i++) {
- ret = snprintf(buf+offset, len, "%.8x", e->data.val[i]);
+
+ ret = nft_data_reg_snprintf(buf+offset, len, &e->data,
+ NFT_RULE_O_JSON, flags, type);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
- ret = snprintf(buf+offset, len, "\"");
+
+ ret = snprintf(buf+offset, size, "}");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
@@ -514,7 +520,7 @@ int nft_set_elem_snprintf(char *buf, size_t size, struct nft_set_elem *e,
case NFT_SET_O_XML:
return nft_set_elem_snprintf_xml(buf, size, e, flags);
case NFT_SET_O_JSON:
- return nft_set_elem_snprintf_json(buf, size, e);
+ return nft_set_elem_snprintf_json(buf, size, e, flags);
default:
break;
}
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
