Change jump and goto verdicts to become extensible by dedicating an
object for the target parameter.
While being at it, drop break and queue verdict expressions since they
don't seem to exist, no idea where I got those from in the first place.
For queue, there is a dedicated expression at least.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
doc/libnftables-json.adoc | 18 ++++++++----------
src/json.c | 5 ++++-
src/parser_json.c | 10 ++++------
tests/py/nft-test.py | 4 +++-
4 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc
index 058573dfc5c7d..74e7d0271b8c8 100644
--- a/doc/libnftables-json.adoc
+++ b/doc/libnftables-json.adoc
@@ -548,13 +548,13 @@ single statement.
*{ "drop": null }*
*{ "continue": null }*
*{ "return": null }*
-*{ "jump":* 'STRING' *}*
-*{ "goto":* 'STRING' *}*
+*{ "jump": { "target": * 'STRING' *}}*
+*{ "goto": { "target": * 'STRING' *}}*
A verdict either terminates packet traversal through the current chain or
delegates to a different one.
-*jump* and *goto* statements expect a target chain name as value.
+*jump* and *goto* statements expect a target chain name.
=== MATCH
[verse]
@@ -1177,18 +1177,16 @@ side.
=== VERDICT
[verse]
-*{ "continue": null }*
-*{ "break": null }*
-*{ "jump":* 'STRING' *}*
-*{ "goto":* 'STRING' *}*
-*{ "return": null }*
*{ "accept": null }*
*{ "drop": null }*
-*{ "queue": null }*
+*{ "continue": null }*
+*{ "return": null }*
+*{ "jump": { "target":* 'STRING' *}}*
+*{ "goto": { "target":* 'STRING' *}}*
Same as *verdict* statement, but for use in verdict maps.
-Only *jump* and *goto* verdicts expect a string denoting the target chain name.
+*jump* and *goto* verdicts expect a target chain name.
=== ELEM
[verse]
diff --git a/src/json.c b/src/json.c
index 32fa4d412bfaa..c5d127f3d6596 100644
--- a/src/json.c
+++ b/src/json.c
@@ -642,7 +642,10 @@ json_t *verdict_expr_json(const struct expr *expr, struct output_ctx *octx)
BUG("Unknown verdict %d.", expr->verdict);
return NULL;
}
- return json_pack("{s:o}", name, chain ? json_string(chain) : json_null());
+ if (chain)
+ return json_pack("{s:{s:s}}", name, "target", chain);
+ else
+ return json_pack("{s:n}", name);
}
json_t *rt_expr_json(const struct expr *expr, struct output_ctx *octx)
diff --git a/src/parser_json.c b/src/parser_json.c
index 6cac43290fbab..8fa281cf65049 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -1017,27 +1017,25 @@ static struct expr *json_parse_verdict_expr(struct json_ctx *ctx,
bool chain;
} verdict_tbl[] = {
{ NFT_CONTINUE, "continue", false },
- { NFT_BREAK, "break", false },
{ NFT_JUMP, "jump", true },
{ NFT_GOTO, "goto", true },
{ NFT_RETURN, "return", false },
{ NF_ACCEPT, "accept", false },
{ NF_DROP, "drop", false },
- { NF_QUEUE, "queue", false },
};
const char *chain = NULL;
unsigned int i;
- json_unpack(root, "s", &chain);
+ json_unpack(root, "{s:s}", "target", &chain);
for (i = 0; i < array_size(verdict_tbl); i++) {
if (strcmp(type, verdict_tbl[i].name))
continue;
- if (verdict_tbl[i].chain && !chain) {
- json_error(ctx, "Verdict %s needs chain argument.", type);
+ if (verdict_tbl[i].chain &&
+ json_unpack_err(ctx, root, "{s:s}", "target", &chain))
return NULL;
- }
+
return verdict_expr_alloc(int_loc,
verdict_tbl[i].verdict, chain);
}
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index 1b7e04c9d0b60..3b89ec3514bde 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -278,7 +278,9 @@ def chain_create(chain, table, filename):
print_error(reason, filename, chain.lineno)
return -1
- cmd = "add chain %s %s { %s; }" % (table, chain, chain.config)
+ cmd = "add chain %s %s" % (table, chain)
+ if chain.config:
+ cmd += " { %s; }" % chain.config
ret = execute_cmd(cmd, filename, chain.lineno)
if ret != 0:
--
2.18.0
