[nft PATCH 4/7] JSON: Add support for socket expression

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 include/json.h              |  2 ++
 include/socket.h            |  2 ++
 src/json.c                  |  6 ++++++
 src/parser_json.c           | 23 +++++++++++++++++++++++
 src/socket.c                |  2 ++
 tests/py/inet/socket.t.json | 28 ++++++++++++++++++++++++++++
 6 files changed, 63 insertions(+)
 create mode 100644 tests/py/inet/socket.t.json

diff --git a/include/json.h b/include/json.h
index ae3938142aeac..1972bc841525d 100644
--- a/include/json.h
+++ b/include/json.h
@@ -39,6 +39,7 @@ json_t *numgen_expr_json(const struct expr *expr, struct output_ctx *octx);
 json_t *hash_expr_json(const struct expr *expr, struct output_ctx *octx);
 json_t *fib_expr_json(const struct expr *expr, struct output_ctx *octx);
 json_t *constant_expr_json(const struct expr *expr, struct output_ctx *octx);
+json_t *socket_expr_json(const struct expr *expr, struct output_ctx *octx);
 
 json_t *integer_type_json(const struct expr *expr, struct output_ctx *octx);
 json_t *string_type_json(const struct expr *expr, struct output_ctx *octx);
@@ -115,6 +116,7 @@ EXPR_PRINT_STUB(numgen_expr)
 EXPR_PRINT_STUB(hash_expr)
 EXPR_PRINT_STUB(fib_expr)
 EXPR_PRINT_STUB(constant_expr)
+EXPR_PRINT_STUB(socket_expr)
 
 EXPR_PRINT_STUB(integer_type)
 EXPR_PRINT_STUB(string_type)
diff --git a/include/socket.h b/include/socket.h
index a2ae9f104958d..1814974ceb100 100644
--- a/include/socket.h
+++ b/include/socket.h
@@ -18,6 +18,8 @@ struct socket_template {
 	enum byteorder		byteorder;
 };
 
+extern const struct socket_template socket_templates[];
+
 extern struct expr *socket_expr_alloc(const struct location *loc,
 				    enum nft_socket_keys key);
 
diff --git a/src/json.c b/src/json.c
index 9019982a9ebf2..83d438c6c9c23 100644
--- a/src/json.c
+++ b/src/json.c
@@ -805,6 +805,12 @@ json_t *constant_expr_json(const struct expr *expr, struct output_ctx *octx)
 	return datatype_json(expr, octx);
 }
 
+json_t *socket_expr_json(const struct expr *expr, struct output_ctx *octx)
+{
+	return json_pack("{s:{s:s}}", "socket", "key",
+			 socket_templates[expr->socket.key].token);
+}
+
 json_t *integer_type_json(const struct expr *expr, struct output_ctx *octx)
 {
 	char buf[1024] = "0x";
diff --git a/src/parser_json.c b/src/parser_json.c
index e340bebc03b6d..d60cbad8299ef 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -10,6 +10,7 @@
 #include <netlink.h>
 #include <parser.h>
 #include <rule.h>
+#include <socket.h>
 
 #include <netdb.h>
 #include <netinet/icmp6.h>
@@ -345,6 +346,27 @@ static struct expr *json_parse_meta_expr(struct json_ctx *ctx,
 	return meta_expr_alloc(int_loc, key);
 }
 
+static struct expr *json_parse_socket_expr(struct json_ctx *ctx,
+					   const char *type, json_t *root)
+{
+	const char *key;
+	int keyval = -1;
+
+
+	if (json_unpack_err(ctx, root, "{s:s}", "key", &key))
+		return NULL;
+
+	if (!strcmp(key, "transparent"))
+		keyval = NFT_SOCKET_TRANSPARENT;
+
+	if (keyval == -1) {
+		json_error(ctx, "Invalid socket key value.");
+		return NULL;
+	}
+
+	return socket_expr_alloc(int_loc, keyval);
+}
+
 static int json_parse_payload_field(const struct proto_desc *desc,
 				    const char *name, int *field)
 {
@@ -1157,6 +1179,7 @@ static struct expr *json_parse_expr(struct json_ctx *ctx, json_t *root)
 		{ "exthdr", json_parse_exthdr_expr, CTX_F_PRIMARY | CTX_F_SET_RHS | CTX_F_SES | CTX_F_MAP },
 		{ "tcp option", json_parse_tcp_option_expr, CTX_F_PRIMARY | CTX_F_SET_RHS | CTX_F_MANGLE | CTX_F_SES },
 		{ "meta", json_parse_meta_expr, CTX_F_STMT | CTX_F_PRIMARY | CTX_F_SET_RHS | CTX_F_MANGLE | CTX_F_SES | CTX_F_MAP },
+		{ "socket", json_parse_socket_expr, CTX_F_PRIMARY },
 		{ "rt", json_parse_rt_expr, CTX_F_STMT | CTX_F_PRIMARY | CTX_F_SET_RHS | CTX_F_SES | CTX_F_MAP },
 		{ "ct", json_parse_ct_expr, CTX_F_STMT | CTX_F_PRIMARY | CTX_F_SET_RHS | CTX_F_MANGLE | CTX_F_SES | CTX_F_MAP },
 		{ "numgen", json_parse_numgen_expr, CTX_F_STMT | CTX_F_PRIMARY | CTX_F_SET_RHS | CTX_F_SES | CTX_F_MAP },
diff --git a/src/socket.c b/src/socket.c
index d5f401f06bbff..7cfe5a9d2bc6c 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -11,6 +11,7 @@
 #include <nftables.h>
 #include <expression.h>
 #include <socket.h>
+#include <json.h>
 
 const struct socket_template socket_templates[] = {
 	[NFT_SOCKET_TRANSPARENT]	= {.token = "transparent",
@@ -39,6 +40,7 @@ static const struct expr_ops socket_expr_ops = {
 	.type		= EXPR_SOCKET,
 	.name		= "socket",
 	.print		= socket_expr_print,
+	.json		= socket_expr_json,
 	.cmp		= socket_expr_cmp,
 	.clone		= socket_expr_clone,
 };
diff --git a/tests/py/inet/socket.t.json b/tests/py/inet/socket.t.json
new file mode 100644
index 0000000000000..c1ac1d12ddfb8
--- /dev/null
+++ b/tests/py/inet/socket.t.json
@@ -0,0 +1,28 @@
+# socket transparent 0
+[
+    {
+        "match": {
+            "left": {
+                "socket": {
+                    "key": "transparent"
+                }
+            },
+            "right": 0
+        }
+    }
+]
+
+# socket transparent 1
+[
+    {
+        "match": {
+            "left": {
+                "socket": {
+                    "key": "transparent"
+                }
+            },
+            "right": 1
+        }
+    }
+]
+
-- 
2.17.0

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux