[nft PATCH 5/7] JSON: Add support for connlimit statement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 include/json.h    |  2 ++
 src/json.c        | 10 ++++++++++
 src/parser_json.c | 19 +++++++++++++++++++
 src/statement.c   |  1 +
 4 files changed, 32 insertions(+)

diff --git a/include/json.h b/include/json.h
index 1972bc841525d..0a93bca8d9ead 100644
--- a/include/json.h
+++ b/include/json.h
@@ -74,6 +74,7 @@ json_t *objref_stmt_json(const struct stmt *stmt, struct output_ctx *octx);
 json_t *meter_stmt_json(const struct stmt *stmt, struct output_ctx *octx);
 json_t *queue_stmt_json(const struct stmt *stmt, struct output_ctx *octx);
 json_t *verdict_stmt_json(const struct stmt *stmt, struct output_ctx *octx);
+json_t *connlimit_stmt_json(const struct stmt *stmt, struct output_ctx *octx);
 
 int do_command_list_json(struct netlink_ctx *ctx, struct cmd *cmd);
 
@@ -149,6 +150,7 @@ STMT_PRINT_STUB(objref)
 STMT_PRINT_STUB(meter)
 STMT_PRINT_STUB(queue)
 STMT_PRINT_STUB(verdict)
+STMT_PRINT_STUB(connlimit)
 
 #undef STMT_PRINT_STUB
 #undef EXPR_PRINT_STUB
diff --git a/src/json.c b/src/json.c
index 83d438c6c9c23..a871c934f020c 100644
--- a/src/json.c
+++ b/src/json.c
@@ -1276,6 +1276,16 @@ json_t *verdict_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
 	return expr_print_json(stmt->expr, octx);
 }
 
+json_t *connlimit_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
+{
+	json_t *root = json_pack("{s:i}", "val", stmt->connlimit.count);
+
+	if (stmt->connlimit.flags & NFT_CONNLIMIT_F_INV)
+		json_object_set_new(root, "inv", json_true());
+
+	return json_pack("{s:o}", "ct count", root);
+}
+
 static json_t *table_print_json_full(struct netlink_ctx *ctx,
 				     struct table *table)
 {
diff --git a/src/parser_json.c b/src/parser_json.c
index d60cbad8299ef..bc36136f825fc 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2048,6 +2048,24 @@ static struct stmt *json_parse_queue_stmt(struct json_ctx *ctx,
 	return stmt;
 }
 
+static struct stmt *json_parse_connlimit_stmt(struct json_ctx *ctx,
+					      const char *key, json_t *value)
+{
+	struct stmt *stmt = connlimit_stmt_alloc(int_loc);
+
+	if (json_unpack_err(ctx, value, "{s:i}",
+			    "val", &stmt->connlimit.count)) {
+		stmt_free(stmt);
+		return NULL;
+	}
+
+	json_unpack(value, "{s:b}", "inv", &stmt->connlimit.flags);
+	if (stmt->connlimit.flags)
+		stmt->connlimit.flags = NFT_CONNLIMIT_F_INV;
+
+	return stmt;
+}
+
 static struct stmt *json_parse_stmt(struct json_ctx *ctx, json_t *root)
 {
 	struct {
@@ -2078,6 +2096,7 @@ static struct stmt *json_parse_stmt(struct json_ctx *ctx, json_t *root)
 		{ "ct helper", json_parse_cthelper_stmt },
 		{ "meter", json_parse_meter_stmt },
 		{ "queue", json_parse_queue_stmt },
+		{ "ct count", json_parse_connlimit_stmt },
 	};
 	const char *type;
 	unsigned int i;
diff --git a/src/statement.c b/src/statement.c
index 58e86f215d5ac..6f5e6660d474a 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -159,6 +159,7 @@ static const struct stmt_ops connlimit_stmt_ops = {
 	.type		= STMT_CONNLIMIT,
 	.name		= "connlimit",
 	.print		= connlimit_stmt_print,
+	.json		= connlimit_stmt_json,
 };
 
 struct stmt *connlimit_stmt_alloc(const struct location *loc)
-- 
2.17.0

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux