libnftables: Introduce a few helper functions

This adds a bunch of functions for conversion of different values into
string (and vice-versa).

* log_level_parse(): A simple helper to turn log level string
                     representation into log level value.
* nat_etype2str(): Translate nat statement type into string
                   representation.
* ct_dir2str(): Convert IP_CT_DIR_* values into string representation.
* ct_label2str(): Convert ct_label values into string representation.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/ct.h b/include/ct.h
index dadd820f8874038582fbab4ea3208e97908b6cd5..4c5bd804dabfc2e47ccc0050f11b0b697c947bf2 100644 (file)
--- a/include/ct.h
+++ b/include/ct.h
@@ -33,6 +33,8 @@ extern void ct_expr_update_type(struct proto_ctx *ctx, struct expr *expr);
 extern struct stmt *notrack_stmt_alloc(const struct location *loc);
 extern struct stmt *flow_offload_stmt_alloc(const struct location *loc,
                                            const char *table_name);
+extern const char *ct_dir2str(int dir);
+extern const char *ct_label2str(unsigned long value);
 
 extern const struct datatype ct_dir_type;
 extern const struct datatype ct_state_type;

diff --git a/include/statement.h b/include/statement.h
index fc80dbd518b355bf46bf8cf80dab15af6bf0b054..2c6d0dfa2dd505ab00b281d8bd2557fe44bf4b85 100644 (file)
--- a/include/statement.h
+++ b/include/statement.h
@@ -77,6 +77,7 @@ struct log_stmt {
 };
 
 extern const char *log_level(uint32_t level);
+extern int log_level_parse(const char *level);
 extern struct stmt *log_stmt_alloc(const struct location *loc);
 
 
@@ -107,6 +108,8 @@ enum nft_nat_etypes {
        NFT_NAT_REDIR,
 };
 
+extern const char *nat_etype2str(enum nft_nat_etypes type);
+
 struct nat_stmt {
        enum nft_nat_etypes     type;
        struct expr             *addr;

diff --git a/src/ct.c b/src/ct.c
index 2abaa0d58144364ee41923dbf40a3be3f2597c8f..a1a91f3ae76441d1367bbe499e39a11d94c2e153 100644 (file)
--- a/src/ct.c
+++ b/src/ct.c
@@ -64,6 +64,18 @@ static const struct symbol_table ct_dir_tbl = {
        }
 };
 
+const char *ct_dir2str(int dir)
+{
+       const struct symbolic_constant *s;
+
+       for (s = ct_dir_tbl.symbols; s->identifier != NULL; s++) {
+               if (dir == (int)s->value)
+                       return s->identifier;
+       }
+
+       return NULL;
+}
+
 const struct datatype ct_dir_type = {
        .type           = TYPE_CT_DIR,
        .name           = "ct_dir",
@@ -133,20 +145,30 @@ static struct symbol_table *ct_label_tbl;
 
 #define CT_LABEL_BIT_SIZE 128
 
+const char *ct_label2str(unsigned long value)
+{
+       const struct symbolic_constant *s;
+
+       for (s = ct_label_tbl->symbols; s->identifier; s++) {
+               if (value == s->value)
+                       return s->identifier;
+       }
+
+       return NULL;
+}
+
 static void ct_label_type_print(const struct expr *expr,
                                 struct output_ctx *octx)
 {
        unsigned long bit = mpz_scan1(expr->value, 0);
-       const struct symbolic_constant *s;
+       const char *labelstr = ct_label2str(bit);
 
-       for (s = ct_label_tbl->symbols; s->identifier != NULL; s++) {
-               if (bit != s->value)
-                       continue;
-               nft_print(octx, "\"%s\"", s->identifier);
+       if (labelstr) {
+               nft_print(octx, "\"%s\"", labelstr);
                return;
        }
        /* can happen when connlabel.conf is altered after rules were added */
-       nft_print(octx, "%ld", (long)mpz_scan1(expr->value, 0));
+       nft_print(octx, "%lu", bit);
 }
 
 static struct error_record *ct_label_type_parse(const struct expr *sym,
@@ -273,19 +295,15 @@ const struct ct_template ct_templates[__NFT_CT_MAX] = {
 static void ct_print(enum nft_ct_keys key, int8_t dir, uint8_t nfproto,
                     struct output_ctx *octx)
 {
-       const struct symbolic_constant *s;
+       const char *dirstr = ct_dir2str(dir);
        const struct proto_desc *desc;
 
        nft_print(octx, "ct ");
        if (dir < 0)
                goto done;
 
-       for (s = ct_dir_tbl.symbols; s->identifier != NULL; s++) {
-               if (dir == (int)s->value) {
-                       nft_print(octx, "%s ", s->identifier);
-                       break;
-               }
-       }
+       if (dirstr)
+               nft_print(octx, "%s ", dirstr);
 
        switch (key) {
        case NFT_CT_SRC:

diff --git a/src/statement.c b/src/statement.c
index 6537bbbd9a20b89040cbc7be0b988316ab4e688f..8160e0adfce493e2cf5b005bf2e911f69a35ff7a 100644 (file)
--- a/src/statement.c
+++ b/src/statement.c
@@ -233,6 +233,18 @@ const char *log_level(uint32_t level)
        return syslog_level[level];
 }
 
+int log_level_parse(const char *level)
+{
+       int i;
+
+       for (i = 0; i <= LOG_DEBUG; i++) {
+               if (syslog_level[i] &&
+                   !strcmp(level, syslog_level[i]))
+                       return i;
+       }
+       return -1;
+}
+
 static void log_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
 {
        nft_print(octx, "log");
@@ -499,7 +511,7 @@ static void print_nf_nat_flags(uint32_t flags, struct output_ctx *octx)
                nft_print(octx, "%spersistent", delim);
 }
 
-static void nat_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
+const char *nat_etype2str(enum nft_nat_etypes type)
 {
        static const char * const nat_types[] = {
                [NFT_NAT_SNAT]  = "snat",
@@ -508,7 +520,12 @@ static void nat_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
                [NFT_NAT_REDIR] = "redirect",
        };
 
-       nft_print(octx, "%s", nat_types[stmt->nat.type]);
+       return nat_types[type];
+}
+
+static void nat_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
+{
+       nft_print(octx, "%s", nat_etype2str(stmt->nat.type));
        if (stmt->nat.addr || stmt->nat.proto)
                nft_print(octx, " to");