On 18 January 2014 21:53, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Sat, Jan 18, 2014 at 05:39:44PM +0100, Arturo Borrero Gonzalez wrote:
>> Patrick reports that the XML/JSON formats of the data_reg object
>> are not accuarate.
>>
>> This patch updates these formats, so they are now as follow:
>>
>> * <data_reg type=value> with raw data (this doesn't change).
>> * <data_reg type=verdict> with a concrete verdict (eg drop accept) and an
>> optional <chain>, with destination.
>
> Applied.
>
I included an unrelated change! :(
diff --git a/tests/nft-parsing-test.c b/tests/nft-parsing-test.c
index b2ad62e..df981ad 100644
--- a/tests/nft-parsing-test.c
+++ b/tests/nft-parsing-test.c
@@ -121,6 +121,7 @@ failparsing:
fclose(fp);
printf("parsing %s: ", filename);
printf("\033[31mFAILED\e[0m (%s)\n", strerror(errno));
+ nft_parse_perror("fail", err);
return -1;
}
i'm very sorry. What should I do?
>> In XML:
>> <data_reg type="verdict">
> ^------------^
>
> I think we decided time ago that we prefer elements instead of
> attributes. I would take a patch for that conversion.
I think this particular case is more like in expressions.
We need a 'type' attribute, so we can know which nodes to expect
inside <data_reg>.
I think the absence of this 'type' attribute may harden the parsing,
validating and error reporting. Don't you?
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
