[nft-sync PATCH 3/3] client: parse ruleset before printing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Instead of printing directly the payload to stdout, let's parse it with
libnftnl, so we make sure we fetch a ruleset that we actually understand.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
---
 src/client.c |   49 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 46 insertions(+), 3 deletions(-)

diff --git a/src/client.c b/src/client.c
index d509a52..c979392 100644
--- a/src/client.c
+++ b/src/client.c
@@ -21,12 +21,55 @@
 #include "msg_buff.h"
 #include "proto.h"
 #include "config.h"
+#include "utils.h"
+
+#include <libnftnl/ruleset.h>
+#include <libnftnl/common.h>
+
+static struct nft_ruleset *payload2ruleset(struct msg_buff *msgb)
+{
+	struct nft_ruleset *rs;
+	struct nft_parse_err *err;
+	char *data = (char *)(msgb_data(msgb) + sizeof(struct nft_sync_hdr));
+
+	rs = nft_ruleset_alloc();
+	if (rs == NULL)
+		memory_allocation_error();
+
+	err = nft_parse_err_alloc();
+	if (err == NULL)
+		memory_allocation_error();
+
+	if (nft_ruleset_parse(rs, NFT_PARSE_XML, data, err) < 0) {
+		nft_parse_perror("unable to parse remote ruleset", err);
+		nft_parse_err_free(err);
+		nft_ruleset_free(rs);
+		return NULL;
+	}
+
+	nft_parse_err_free(err);
+	return rs;
+}
 
 static void print_payload(struct msg_buff *msgb)
 {
-	write(1, msgb_data(msgb) + sizeof(struct nft_sync_hdr),
-	      msgb_len(msgb) - sizeof(struct nft_sync_hdr));
-	write(1, "\n", 1);
+	struct nft_ruleset *rs = payload2ruleset(msgb);
+
+	if (rs == NULL) {
+		nfts_log(NFTS_LOG_ERROR,
+			 "unable to parse remote ruleset\n");
+		return;
+	}
+
+	if (nft_ruleset_fprintf(stdout, rs, NFT_OUTPUT_XML, 0) < 0) {
+		nfts_log(NFTS_LOG_ERROR,
+			 "unable to print remote ruleset to stdout\n");
+		nft_ruleset_free(rs);
+		return;
+	}
+
+	nft_ruleset_free(rs);
+	fprintf(stdout, "\n");
 }
 
 static int process_response(struct msg_buff *msgb, int len)

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux