Add verdict2str() and str2verdict() helper functions and use in XML.
I've followed nft_verdict_init() in net/netfilter/nf_tables_api.c
While at it, I've fixed a small style issue in the data_reg JSON output and a
bug in the data_reg XML parser:
The parser walked the top level tree, instead of single <data_reg> node.
This patch fixes it. Introduced at: 51370f0 src: add support for XML parsing.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
---
src/expr/data_reg.c | 54 ++++++++++++++++++++++-----------------------------
src/internal.h | 2 ++
src/utils.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 74 insertions(+), 31 deletions(-)
diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
index b290b96..85c441e 100644
--- a/src/expr/data_reg.c
+++ b/src/expr/data_reg.c
@@ -31,8 +31,8 @@ static int nft_data_reg_verdict_xml_parse(union nft_data_reg *reg, char *xml)
{
mxml_node_t *tree = NULL;
mxml_node_t *node = NULL;
- char *endptr;
- long int tmp;
+ int verdict;
+ const char *verdict_str;
tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
if (tree == NULL)
@@ -47,33 +47,30 @@ static int nft_data_reg_verdict_xml_parse(union nft_data_reg *reg, char *xml)
}
/* Get and validate <data_reg type="verdict" >*/
- if (mxmlElementGetAttr(tree, "type") == NULL) {
+ if (mxmlElementGetAttr(node, "type") == NULL) {
mxmlDelete(tree);
return -1;
}
- if (strcmp(mxmlElementGetAttr(tree, "type"), "verdict") != 0) {
+ if (strcmp(mxmlElementGetAttr(node, "type"), "verdict") != 0) {
mxmlDelete(tree);
return -1;
}
/* Get and set <verdict> */
- node = mxmlFindElement(tree, tree, "verdict", NULL, NULL,
- MXML_DESCEND_FIRST);
- if (node == NULL) {
+ verdict_str = nft_mxml_str_parse(tree, "verdict", MXML_DESCEND);
+ if (verdict_str == NULL) {
mxmlDelete(tree);
return -1;
}
- errno = 0;
- tmp = strtoll(node->child->value.opaque, &endptr, 10);
- if (tmp > INT_MAX || tmp < INT_MIN || errno != 0
- || strlen(endptr) > 0) {
+ verdict = nft_str2verdict(verdict_str);
+ if (verdict < 0) {
mxmlDelete(tree);
return -1;
}
- reg->verdict = tmp;
+ reg->verdict = (uint32_t)verdict;
mxmlDelete(tree);
return 0;
@@ -97,34 +94,27 @@ static int nft_data_reg_chain_xml_parse(union nft_data_reg *reg, char *xml)
}
/* Get and validate <data_reg type="chain" >*/
- if (mxmlElementGetAttr(tree, "type") == NULL) {
+ if (mxmlElementGetAttr(node, "type") == NULL) {
mxmlDelete(tree);
return -1;
}
- if (strcmp(mxmlElementGetAttr(tree, "type"), "chain") != 0) {
+ if (strcmp(mxmlElementGetAttr(node, "type"), "chain") != 0) {
mxmlDelete(tree);
return -1;
}
/* Get and set <chain> */
- node = mxmlFindElement(tree, tree, "chain", NULL, NULL, MXML_DESCEND);
- if (node == NULL) {
- mxmlDelete(tree);
- return -1;
- }
+ if (reg->chain)
+ free(reg->chain);
- /* no max len value to validate? */
- if (strlen(node->child->value.opaque) < 1) {
+ reg->chain = (char *)nft_mxml_str_parse(tree, "chain",
+ MXML_DESCEND);
+ if (reg->chain == NULL) {
mxmlDelete(tree);
return -1;
}
- if (reg->chain)
- free(reg->chain);
-
- reg->chain = strdup(node->child->value.opaque);
-
mxmlDelete(tree);
return 0;
}
@@ -346,13 +336,15 @@ int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg,
case NFT_RULE_O_XML:
return snprintf(buf, size,
"<data_reg type=\"verdict\">"
- "<verdict>%d</verdict>"
- "</data_reg>", reg->verdict);
+ "<verdict>%s</verdict>"
+ "</data_reg>",
+ nft_verdict2str(reg->verdict));
case NFT_RULE_O_JSON:
return snprintf(buf, size,
- "\"data_reg\": { \"type\" : \"verdict\", "
- "\"verdict\" : %d"
- "}", reg->verdict);
+ "\"data_reg\": {"
+ "\"type\" : \"verdict\", "
+ "\"verdict\" : \"%s\""
+ "}", nft_verdict2str(reg->verdict));
default:
break;
}
diff --git a/src/internal.h b/src/internal.h
index fc78233..b846814 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -49,6 +49,8 @@ const char *nft_mxml_str_parse(mxml_node_t *tree, const char *node_name, uint32_
const char *nft_family2str(uint32_t family);
int nft_str2family(const char *family);
int nft_strtoi(const char *string, int base, void *number, enum nft_type type);
+const char *nft_verdict2str(uint32_t verdict);
+int nft_str2verdict(const char *verdict);
struct expr_ops;
diff --git a/src/utils.c b/src/utils.c
index 4a0bb9c..2cdf4bf 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -17,6 +17,9 @@
#include <errno.h>
#include <inttypes.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter/nf_tables.h>
+
const char *nft_family2str(uint32_t family)
{
switch (family) {
@@ -117,3 +120,49 @@ int nft_strtoi(const char *string, int base, void *out, enum nft_type type)
return 0;
}
+
+const char *nft_verdict2str(uint32_t verdict)
+{
+ switch (verdict) {
+ case NF_ACCEPT:
+ return "accept";
+ case NF_DROP:
+ return "drop";
+ case NF_QUEUE:
+ return "queue";
+ case NFT_CONTINUE:
+ return "continue";
+ case NFT_BREAK:
+ return "break";
+ case NFT_RETURN:
+ return "return";
+ case NFT_JUMP:
+ return "jump";
+ case NFT_GOTO:
+ return "goto";
+ default:
+ return "unknown";
+ }
+}
+
+int nft_str2verdict(const char *verdict)
+{
+ if (strcmp(verdict, "accept") == 0)
+ return NF_ACCEPT;
+ else if (strcmp(verdict, "drop") == 0)
+ return NF_DROP;
+ else if (strcmp(verdict, "queue") == 0)
+ return NF_QUEUE;
+ else if (strcmp(verdict, "continue") == 0)
+ return NFT_CONTINUE;
+ else if (strcmp(verdict, "break") == 0)
+ return NFT_BREAK;
+ else if (strcmp(verdict, "return") == 0)
+ return NFT_RETURN;
+ else if (strcmp(verdict, "jump") == 0)
+ return NFT_JUMP;
+ else if (strcmp(verdict, "goto") == 0)
+ return NFT_GOTO;
+
+ return -1;
+}
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
