Instead of printing directly the payload to stdout, let's parse it with libnftnl, so we make sure we fetch a ruleset that we actually understand. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx> --- src/client.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 3 deletions(-) diff --git a/src/client.c b/src/client.c index d509a52..c979392 100644 --- a/src/client.c +++ b/src/client.c @@ -21,12 +21,55 @@ #include "msg_buff.h" #include "proto.h" #include "config.h" +#include "utils.h" + +#include <libnftnl/ruleset.h> +#include <libnftnl/common.h> + +static struct nft_ruleset *payload2ruleset(struct msg_buff *msgb) +{ + struct nft_ruleset *rs; + struct nft_parse_err *err; + char *data = (char *)(msgb_data(msgb) + sizeof(struct nft_sync_hdr)); + + rs = nft_ruleset_alloc(); + if (rs == NULL) + memory_allocation_error(); + + err = nft_parse_err_alloc(); + if (err == NULL) + memory_allocation_error(); + + if (nft_ruleset_parse(rs, NFT_PARSE_XML, data, err) < 0) { + nft_parse_perror("unable to parse remote ruleset", err); + nft_parse_err_free(err); + nft_ruleset_free(rs); + return NULL; + } + + nft_parse_err_free(err); + return rs; +} static void print_payload(struct msg_buff *msgb) { - write(1, msgb_data(msgb) + sizeof(struct nft_sync_hdr), - msgb_len(msgb) - sizeof(struct nft_sync_hdr)); - write(1, "\n", 1); + struct nft_ruleset *rs = payload2ruleset(msgb); + + if (rs == NULL) { + nfts_log(NFTS_LOG_ERROR, + "unable to parse remote ruleset\n"); + return; + } + + if (nft_ruleset_fprintf(stdout, rs, NFT_OUTPUT_XML, 0) < 0) { + nfts_log(NFTS_LOG_ERROR, + "unable to print remote ruleset to stdout\n"); + nft_ruleset_free(rs); + return; + } + + nft_ruleset_free(rs); + fprintf(stdout, "\n"); } static int process_response(struct msg_buff *msgb, int len) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html