dnl Dependencies
PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.0])
-AC_ARG_WITH([xml-parsing],
- AS_HELP_STRING([--with-xml-parsing], [XML parsing support]))
AC_ARG_WITH([json-parsing],
AS_HELP_STRING([--with-json-parsing], [JSON parsing support]))
-AS_IF([test "x$with_xml_parsing" = "xyes"],
- [PKG_CHECK_MODULES([LIBXML], [mxml >= 2.6])],
- [with_xml_parsing="no"]
-)
AS_IF([test "x$with_json_parsing" = "xyes"],
[PKG_CHECK_MODULES([LIBJSON], [jansson >= 2.3])],
[with_json_parsing="no"]
esac
regular_CPPFLAGS="-D_FILE_OFFSET_BITS=64 -D_REENTRANT"
-AS_IF([test "x$with_xml_parsing" = "xyes"], [
- regular_CPPFLAGS="$regular_CPPFLAGS -DXML_PARSING"
-])
AS_IF([test "x$with_json_parsing" = "xyes"], [
regular_CPPFLAGS="$regular_CPPFLAGS -DJSON_PARSING"
echo "
libnftnl configuration:
- XML support: ${with_xml_parsing}
JSON support: ${with_json_parsing}"
seq = time(NULL);
if (argc < 2 || argc > 5) {
- fprintf(stderr, "Usage: %s <family> [<table> <chain>] [xml]\n",
+ fprintf(stderr, "Usage: %s <family> [<table> <chain>] [json]\n",
argv[0]);
exit(EXIT_FAILURE);
}
NLM_F_DUMP, seq);
}
- if (strcmp(argv[argc-1], "xml") == 0){
- type = NFTNL_OUTPUT_XML;
- }else if (strcmp(argv[argc-1], "json") == 0){
+ if (strcmp(argv[argc-1], "json") == 0)
type = NFTNL_OUTPUT_JSON;
- }
nl = mnl_socket_open(NETLINK_NETFILTER);
if (nl == NULL) {
struct mnl_nlmsg_batch *batch;
if (argc < 3) {
- printf("Usage: %s {xml|json} <file>\n", argv[0]);
+ printf("Usage: %s {json} <file>\n", argv[0]);
exit(EXIT_FAILURE);
}
- if (strcmp(argv[1], "xml") == 0) {
- format = NFTNL_PARSE_XML;
- outformat = NFTNL_OUTPUT_XML;
- } else if (strcmp(argv[1], "json") == 0) {
+ if (strcmp(argv[1], "json") == 0) {
format = NFTNL_PARSE_JSON;
outformat = NFTNL_OUTPUT_JSON;
} else {
- printf("Unknown format: xml, json\n");
+ printf("Unknown format: only json is supported\n");
exit(EXIT_FAILURE);
}
type = NFTNL_OUTPUT_DEFAULT;
break;
case 2:
- if (strcmp(argv[1], "xml") == 0) {
- type = NFTNL_OUTPUT_XML;
- } else if (strcmp(argv[1], "json") == 0) {
+ if (strcmp(argv[1], "json") == 0) {
type = NFTNL_OUTPUT_JSON;
} else if (strcmp(argv[1], "default") == 0) {
type = NFTNL_OUTPUT_DEFAULT;
}
break;
default:
- fprintf(stderr, "%s [<default|xml|json>]\n", argv[0]);
+ fprintf(stderr, "%s [<default|json>]\n", argv[0]);
return EXIT_FAILURE;
}
int ret, family;
if (argc < 2 || argc > 5) {
- fprintf(stderr, "Usage: %s <family> [<table> <chain>] [xml|json]\n",
+ fprintf(stderr, "Usage: %s <family> [<table> <chain>] [json]\n",
argv[0]);
exit(EXIT_FAILURE);
}
exit(EXIT_FAILURE);
}
- /* [xml|json] specified */
+ /* json specified */
if (argc == 3 || argc == 5) {
- if (strcmp(argv[argc - 1], "xml") == 0)
- type = NFTNL_OUTPUT_XML;
- else if (strcmp(argv[argc - 1], "json") == 0)
+ if (strcmp(argv[argc - 1], "json") == 0)
type = NFTNL_OUTPUT_JSON;
}
uint16_t family, format, outformat;
if (argc < 3) {
- printf("Usage: %s {xml|json} <file>\n", argv[0]);
+ printf("Usage: %s {json} <file>\n", argv[0]);
exit(EXIT_FAILURE);
}
- if (strcmp(argv[1], "xml") == 0) {
- format = NFTNL_PARSE_XML;
- outformat = NFTNL_OUTPUT_XML;
- } else if (strcmp(argv[1], "json") == 0) {
+ if (strcmp(argv[1], "json") == 0) {
format = NFTNL_PARSE_JSON;
outformat = NFTNL_OUTPUT_JSON;
} else {
- printf("Unknown format: xml, json\n");
+ printf("Unknown format: json\n");
exit(EXIT_FAILURE);
}
int ret;
if (argc > 2) {
- fprintf(stderr, "%s {xml|json}\n",
+ fprintf(stderr, "%s {json}\n",
argv[0]);
exit(EXIT_FAILURE);
}
if (argc == 2) {
- if (strcmp(argv[1], "xml") == 0)
- type = NFTNL_OUTPUT_XML;
- else if (strcmp(argv[1], "json") == 0)
+ if (strcmp(argv[1], "json") == 0)
type = NFTNL_OUTPUT_JSON;
else {
- fprintf(stderr, "Unknown type: {xml|json}\n");
+ fprintf(stderr, "Unknown type: only json is supported\n");
exit(EXIT_FAILURE);
}
}
if (len >= 5 && strcmp(&filename[len - 5], ".json") == 0)
ret = nftnl_ruleset_parse_file_cb(NFTNL_PARSE_JSON, fp, err, NULL,
&ruleset_elems_cb);
- else if (len >= 4 && strcmp(&filename[len - 4], ".xml") == 0)
- ret = nftnl_ruleset_parse_file_cb(NFTNL_PARSE_XML, fp, err, NULL,
- &ruleset_elems_cb);
else {
- printf("the filename %s must to end in .xml or .json\n",
+ printf("the filename %s does not have a trailing .json\n",
filename);
exit(EXIT_FAILURE);
}
int ret;
if (argc < 4 || argc > 5) {
- fprintf(stderr, "%s <family> <table> <set> [<json|xml>]\n",
+ fprintf(stderr, "%s <family> <table> <set> [<json>]\n",
argv[0]);
return EXIT_FAILURE;
}
if (argc == 5 && strcmp(argv[4], "json") == 0 )
type = NFTNL_OUTPUT_JSON;
- else if (argc == 5 && strcmp(argv[4], "xml") == 0)
- type = NFTNL_OUTPUT_XML;
nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, family,
NLM_F_DUMP|NLM_F_ACK, seq);
int ret;
if (argc < 2 || argc > 3) {
- fprintf(stderr, "%s <family> [<json|xml>]\n", argv[0]);
+ fprintf(stderr, "%s <family> [<json>]\n", argv[0]);
return EXIT_FAILURE;
}
t = nftnl_set_alloc();
if (argc == 3 && strcmp(argv[2], "json") == 0)
type = NFTNL_OUTPUT_JSON;
- else if (argc == 3 && strcmp(argv[2], "xml") == 0)
- type = NFTNL_OUTPUT_XML;
nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family,
NLM_F_DUMP|NLM_F_ACK, seq);
struct mnl_nlmsg_batch *batch;
if (argc < 2) {
- printf("Usage: %s {xml|json} <file>\n", argv[0]);
+ printf("Usage: %s {json} <file>\n", argv[0]);
exit(EXIT_FAILURE);
}
- if (strcmp(argv[1], "xml") == 0) {
- format = NFTNL_PARSE_XML;
- outformat = NFTNL_OUTPUT_XML;
- } else if (strcmp(argv[1], "json") == 0) {
+ if (strcmp(argv[1], "json") == 0) {
format = NFTNL_PARSE_JSON;
outformat = NFTNL_OUTPUT_JSON;
} else {
- printf("Unknown format: xml, json\n");
+ printf("Unknown format: only json is supported\n");
exit(EXIT_FAILURE);
}
uint32_t type = NFTNL_OUTPUT_DEFAULT;
if (argc < 2 || argc > 4) {
- fprintf(stderr, "%s <family> [<table>] [<default|xml|json>]\n",
+ fprintf(stderr, "%s <family> [<table>] [<default|json>]\n",
argv[0]);
return EXIT_FAILURE;
}
exit(EXIT_FAILURE);
}
- if (strcmp(argv[argc-1], "xml") == 0) {
- type = NFTNL_OUTPUT_XML;
- argv[argc-1] = NULL;
- argc--;
- }else if (strcmp(argv[argc-1], "json") == 0) {
+ if (strcmp(argv[argc-1], "json") == 0) {
type = NFTNL_OUTPUT_JSON;
argv[argc-1] = NULL;
argc--;
struct mnl_nlmsg_batch *batch;
if (argc < 3) {
- printf("Usage: %s {xml|json} <file>\n", argv[0]);
+ printf("Usage: %s {json} <file>\n", argv[0]);
exit(EXIT_FAILURE);
}
- if (strcmp(argv[1], "xml") == 0) {
- format = NFTNL_PARSE_XML;
- outformat = NFTNL_OUTPUT_XML;
- } else if (strcmp(argv[1], "json") == 0) {
+ if (strcmp(argv[1], "json") == 0) {
format = NFTNL_PARSE_JSON;
outformat = NFTNL_OUTPUT_JSON;
} else {
- printf("Unknown format: xml, json\n");
+ printf("Unknown format: only json is supported\n");
exit(EXIT_FAILURE);
}
expr_ops.h \
linux_list.h \
set.h \
- xml.h \
common.h \
expr.h \
json.h \
int (*parse)(struct nftnl_expr *e, struct nlattr *attr);
void (*build)(struct nlmsghdr *nlh, const struct nftnl_expr *e);
int (*snprintf)(char *buf, size_t len, uint32_t type, uint32_t flags, const struct nftnl_expr *e);
- int (*xml_parse)(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err);
int (*json_parse)(struct nftnl_expr *e, json_t *data,
struct nftnl_parse_err *err);
};
#include "linux_list.h"
#include "utils.h"
#include "common.h"
-#include "xml.h"
#include "json.h"
#include "linux_list.h"
#include "set.h"
+++ /dev/null
-#ifndef LIBNFTNL_XML_INTERNAL_H
-#define LIBNFTNL_XML_INTERNAL_H
-
-#ifdef XML_PARSING
-#include <mxml.h>
-#include "common.h"
-
-#define NFTNL_XML_MAND 0
-#define NFTNL_XML_OPT (1 << 0)
-
-struct nftnl_table;
-struct nftnl_chain;
-struct nftnl_rule;
-struct nftnl_set;
-struct nftnl_set_elem;
-struct nftnl_set_list;
-union nftnl_data_reg;
-
-mxml_node_t *nftnl_mxml_build_tree(const void *data, const char *treename,
- struct nftnl_parse_err *err, enum nftnl_parse_input input);
-struct nftnl_expr *nftnl_mxml_expr_parse(mxml_node_t *node,
- struct nftnl_parse_err *err,
- struct nftnl_set_list *set_list);
-int nftnl_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t *reg,
- uint32_t mxmlflags, uint32_t flags,
- struct nftnl_parse_err *err);
-int nftnl_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name,
- union nftnl_data_reg *data_reg, uint16_t flags,
- struct nftnl_parse_err *err);
-int nftnl_mxml_num_parse(mxml_node_t *tree, const char *node_name,
- uint32_t mxml_flags, int base, void *number,
- enum nftnl_type type, uint16_t flags,
- struct nftnl_parse_err *err);
-const char *nftnl_mxml_str_parse(mxml_node_t *tree, const char *node_name,
- uint32_t mxml_flags, uint16_t flags,
- struct nftnl_parse_err *err);
-int nftnl_mxml_family_parse(mxml_node_t *tree, const char *node_name,
- uint32_t mxml_flags, uint16_t flags,
- struct nftnl_parse_err *err);
-int nftnl_mxml_set_elem_parse(mxml_node_t *node, struct nftnl_set_elem *e,
- struct nftnl_parse_err *err);
-int nftnl_mxml_table_parse(mxml_node_t *tree, struct nftnl_table *t,
- struct nftnl_parse_err *err);
-int nftnl_mxml_chain_parse(mxml_node_t *tree, struct nftnl_chain *c,
- struct nftnl_parse_err *err);
-int nftnl_mxml_rule_parse(mxml_node_t *tree, struct nftnl_rule *r,
- struct nftnl_parse_err *err,
- struct nftnl_set_list *set_list);
-int nftnl_mxml_set_parse(mxml_node_t *tree, struct nftnl_set *s,
- struct nftnl_parse_err *err);
-
-int nftnl_data_reg_xml_parse(union nftnl_data_reg *reg, mxml_node_t *tree,
- struct nftnl_parse_err *err);
-#else
-#define mxml_node_t void
-#endif
-
-#endif /* LIBNFTNL_XML_INTERNAL_H */
include $(top_srcdir)/Make_global.am
lib_LTLIBRARIES = libnftnl.la
-libnftnl_la_LIBADD = ${LIBMNL_LIBS} ${LIBXML_LIBS} ${LIBJSON_LIBS}
+libnftnl_la_LIBADD = ${LIBMNL_LIBS} ${LIBJSON_LIBS}
libnftnl_la_LDFLAGS = -Wl,--version-script=$(srcdir)/libnftnl.map \
-version-info $(LIBVERSION)
set.c \
set_elem.c \
ruleset.c \
- mxml.c \
jansson.c \
udata.c \
expr.c \
int nftnl_buf_open(struct nftnl_buf *b, int type, const char *tag)
{
switch (type) {
- case NFTNL_OUTPUT_XML:
- return nftnl_buf_put(b, "<%s>", tag);
case NFTNL_OUTPUT_JSON:
return nftnl_buf_put(b, "{\"%s\":{", tag);
+ case NFTNL_OUTPUT_XML:
default:
return 0;
}
int nftnl_buf_close(struct nftnl_buf *b, int type, const char *tag)
{
switch (type) {
- case NFTNL_OUTPUT_XML:
- return nftnl_buf_put(b, "</%s>", tag);
case NFTNL_OUTPUT_JSON:
/* Remove trailing comma in json */
if (b->size > 0 && b->buf[b->size - 1] == ',') {
}
return nftnl_buf_put(b, "}}");
+ case NFTNL_OUTPUT_XML:
default:
return 0;
}
case NFTNL_OUTPUT_JSON:
return nftnl_buf_put(b, "{\"%s\":[", tag);
case NFTNL_OUTPUT_XML:
- return nftnl_buf_put(b, "<%s>", tag);
default:
return 0;
}
case NFTNL_OUTPUT_JSON:
return nftnl_buf_put(b, "]}");
case NFTNL_OUTPUT_XML:
- return nftnl_buf_put(b, "</%s>", tag);
default:
return 0;
}
int nftnl_buf_u32(struct nftnl_buf *b, int type, uint32_t value, const char *tag)
{
switch (type) {
- case NFTNL_OUTPUT_XML:
- return nftnl_buf_put(b, "<%s>%u</%s>", tag, value, tag);
case NFTNL_OUTPUT_JSON:
return nftnl_buf_put(b, "\"%s\":%u,", tag, value);
+ case NFTNL_OUTPUT_XML:
default:
return 0;
}
int nftnl_buf_s32(struct nftnl_buf *b, int type, uint32_t value, const char *tag)
{
switch (type) {
- case NFTNL_OUTPUT_XML:
- return nftnl_buf_put(b, "<%s>%d</%s>", tag, value, tag);
case NFTNL_OUTPUT_JSON:
return nftnl_buf_put(b, "\"%s\":%d,", tag, value);
+ case NFTNL_OUTPUT_XML:
default:
return 0;
}
int nftnl_buf_u64(struct nftnl_buf *b, int type, uint64_t value, const char *tag)
{
switch (type) {
- case NFTNL_OUTPUT_XML:
- return nftnl_buf_put(b, "<%s>%"PRIu64"</%s>", tag, value, tag);
case NFTNL_OUTPUT_JSON:
return nftnl_buf_put(b, "\"%s\":%"PRIu64",", tag, value);
+ case NFTNL_OUTPUT_XML:
default:
return 0;
}
int nftnl_buf_str(struct nftnl_buf *b, int type, const char *str, const char *tag)
{
switch (type) {
- case NFTNL_OUTPUT_XML:
- return nftnl_buf_put(b, "<%s>%s</%s>", tag, str, tag);
case NFTNL_OUTPUT_JSON:
return nftnl_buf_put(b, "\"%s\":\"%s\",", tag, str);
+ case NFTNL_OUTPUT_XML:
default:
return 0;
}
switch (type) {
case NFTNL_OUTPUT_XML:
- ret = nftnl_buf_put(b, "<%s>", tag);
- ret = nftnl_data_reg_snprintf(b->buf + b->off, b->len, reg,
- NFTNL_OUTPUT_XML, 0, reg_type);
- nftnl_buf_update(b, ret);
- return nftnl_buf_put(b, "</%s>", tag);
+ return 0;
case NFTNL_OUTPUT_JSON:
nftnl_buf_put(b, "\"%s\":{", tag);
ret = nftnl_data_reg_snprintf(b->buf + b->off, b->len, reg,
#endif
}
-#ifdef XML_PARSING
-int nftnl_mxml_chain_parse(mxml_node_t *tree, struct nftnl_chain *c,
- struct nftnl_parse_err *err)
-{
- const char *table, *name, *hooknum_str, *policy_str, *type, *dev;
- int family, hooknum, policy;
- uint64_t handle, bytes, packets, prio, use;
-
- name = nftnl_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (name != NULL)
- nftnl_chain_set_str(c, NFTNL_CHAIN_NAME, name);
-
- if (nftnl_mxml_num_parse(tree, "handle", MXML_DESCEND_FIRST, BASE_DEC,
- &handle, NFTNL_TYPE_U64, NFTNL_XML_MAND, err) == 0)
- nftnl_chain_set_u64(c, NFTNL_CHAIN_HANDLE, handle);
-
- if (nftnl_mxml_num_parse(tree, "bytes", MXML_DESCEND_FIRST, BASE_DEC,
- &bytes, NFTNL_TYPE_U64, NFTNL_XML_MAND, err) == 0)
- nftnl_chain_set_u64(c, NFTNL_CHAIN_BYTES, bytes);
-
-
- if (nftnl_mxml_num_parse(tree, "packets", MXML_DESCEND_FIRST, BASE_DEC,
- &packets, NFTNL_TYPE_U64, NFTNL_XML_MAND, err) == 0)
- nftnl_chain_set_u64(c, NFTNL_CHAIN_PACKETS, packets);
-
- table = nftnl_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
-
- if (table != NULL)
- nftnl_chain_set_str(c, NFTNL_CHAIN_TABLE, table);
-
- if (nftnl_mxml_num_parse(tree, "use", MXML_DESCEND_FIRST, BASE_DEC,
- &use, NFTNL_TYPE_U64, NFTNL_XML_MAND, err) == 0)
- nftnl_chain_set_u64(c, NFTNL_CHAIN_PACKETS, use);
-
- family = nftnl_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (family >= 0)
- nftnl_chain_set_u32(c, NFTNL_CHAIN_FAMILY, family);
-
- hooknum_str = nftnl_mxml_str_parse(tree, "hooknum", MXML_DESCEND_FIRST,
- NFTNL_XML_OPT, err);
- if (hooknum_str != NULL) {
- hooknum = nftnl_str2hooknum(c->family, hooknum_str);
- if (hooknum < 0)
- return -1;
- nftnl_chain_set_u32(c, NFTNL_CHAIN_HOOKNUM, hooknum);
-
- type = nftnl_mxml_str_parse(tree, "type", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
-
- if (type != NULL)
- nftnl_chain_set_str(c, NFTNL_CHAIN_TYPE, type);
-
- if (nftnl_mxml_num_parse(tree, "prio", MXML_DESCEND, BASE_DEC,
- &prio, NFTNL_TYPE_S32, NFTNL_XML_MAND,
- err) == 0)
- nftnl_chain_set_s32(c, NFTNL_CHAIN_PRIO, prio);
-
- policy_str = nftnl_mxml_str_parse(tree, "policy",
- MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (policy_str != NULL) {
- if (nftnl_str2verdict(policy_str, &policy) != 0) {
- errno = EINVAL;
- err->node_name = "policy";
- err->error = NFTNL_PARSE_EBADTYPE;
- return -1;
- }
- nftnl_chain_set_u32(c, NFTNL_CHAIN_POLICY,
- policy);
- }
-
- dev = nftnl_mxml_str_parse(tree, "device", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (dev != NULL)
- nftnl_chain_set_str(c, NFTNL_CHAIN_DEV, dev);
- }
-
- return 0;
-}
-#endif
-
-static int nftnl_chain_xml_parse(struct nftnl_chain *c, const void *xml,
- struct nftnl_parse_err *err,
- enum nftnl_parse_input input)
-{
-#ifdef XML_PARSING
- int ret;
- mxml_node_t *tree = nftnl_mxml_build_tree(xml, "chain", err, input);
- if (tree == NULL)
- return -1;
-
- ret = nftnl_mxml_chain_parse(tree, c, err);
- mxmlDelete(tree);
- return ret;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_chain_do_parse(struct nftnl_chain *c, enum nftnl_parse_type type,
const void *data, struct nftnl_parse_err *err,
enum nftnl_parse_input input)
struct nftnl_parse_err perr = {};
switch (type) {
- case NFTNL_PARSE_XML:
- ret = nftnl_chain_xml_parse(c, data, &perr, input);
- break;
case NFTNL_PARSE_JSON:
ret = nftnl_chain_json_parse(c, data, &perr, input);
break;
+ case NFTNL_PARSE_XML:
default:
ret = -1;
errno = EOPNOTSUPP;
#endif
}
-static int
-nftnl_expr_bitwise_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- struct nftnl_expr_bitwise *bitwise = nftnl_expr_data(e);
- uint32_t sreg, dreg, len;
-
- if (nftnl_mxml_reg_parse(tree, "sreg", &sreg, MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_BITWISE_SREG, sreg);
-
- if (nftnl_mxml_reg_parse(tree, "dreg", &dreg, MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_BITWISE_DREG, dreg);
-
- if (nftnl_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC,
- &len, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_BITWISE_LEN, len);
-
- if (nftnl_mxml_data_reg_parse(tree, "mask", &bitwise->mask, NFTNL_XML_MAND,
- err) == DATA_VALUE)
- e->flags |= (1 << NFTNL_EXPR_BITWISE_MASK);
-
- if (nftnl_mxml_data_reg_parse(tree, "xor", &bitwise->xor, NFTNL_XML_MAND,
- err) == DATA_VALUE)
- e->flags |= (1 << NFTNL_EXPR_BITWISE_XOR);
-
- /* Additional validation: mask and xor must use the same number of
- * data registers.
- */
- if (bitwise->mask.len != bitwise->xor.len)
- return -1;
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_bitwise_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_bitwise_parse,
.build = nftnl_expr_bitwise_build,
.snprintf = nftnl_expr_bitwise_snprintf,
- .xml_parse = nftnl_expr_bitwise_xml_parse,
.json_parse = nftnl_expr_bitwise_json_parse,
};
#endif
}
-static int
-nftnl_expr_byteorder_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- const char *op;
- int32_t ntoh;
- uint32_t sreg, dreg, len, size;
-
- if (nftnl_mxml_reg_parse(tree, "sreg", &sreg, MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_BYTEORDER_SREG, sreg);
-
- if (nftnl_mxml_reg_parse(tree, "dreg", &dreg, MXML_DESCEND, NFTNL_XML_MAND,
- err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_BYTEORDER_DREG, dreg);
-
- op = nftnl_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFTNL_XML_MAND,
- err);
- if (op != NULL) {
- ntoh = nftnl_str2ntoh(op);
- if (ntoh < 0)
- return -1;
-
- nftnl_expr_set_u32(e, NFTNL_EXPR_BYTEORDER_OP, ntoh);
- }
-
- if (nftnl_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC,
- &len, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_BYTEORDER_LEN, len);
-
- if (nftnl_mxml_num_parse(tree, "size", MXML_DESCEND_FIRST, BASE_DEC,
- &size, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_BYTEORDER_SIZE, size);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_byteorder_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_byteorder_parse,
.build = nftnl_expr_byteorder_build,
.snprintf = nftnl_expr_byteorder_snprintf,
- .xml_parse = nftnl_expr_byteorder_xml_parse,
.json_parse = nftnl_expr_byteorder_json_parse,
};
#endif
}
-static int nftnl_expr_cmp_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
- const char *op;
- int32_t op_value;
- uint32_t sreg;
-
- if (nftnl_mxml_reg_parse(tree, "sreg", &sreg, MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_CMP_SREG, sreg);
-
- op = nftnl_mxml_str_parse(tree, "op", MXML_DESCEND_FIRST, NFTNL_XML_MAND,
- err);
- if (op != NULL) {
- op_value = nftnl_str2cmp(op);
- if (op_value < 0)
- return -1;
-
- nftnl_expr_set_u32(e, NFTNL_EXPR_CMP_OP, op_value);
- }
-
- if (nftnl_mxml_data_reg_parse(tree, "data",
- &cmp->data, NFTNL_XML_MAND,
- err) == DATA_VALUE)
- e->flags |= (1 << NFTNL_EXPR_CMP_DATA);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_cmp_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_cmp_parse,
.build = nftnl_expr_cmp_build,
.snprintf = nftnl_expr_cmp_snprintf,
- .xml_parse = nftnl_expr_cmp_xml_parse,
.json_parse = nftnl_expr_cmp_json_parse,
};
#endif
}
-static int
-nftnl_expr_counter_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- uint64_t pkts, bytes;
-
- if (nftnl_mxml_num_parse(tree, "pkts", MXML_DESCEND_FIRST, BASE_DEC,
- &pkts, NFTNL_TYPE_U64, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u64(e, NFTNL_EXPR_CTR_PACKETS, pkts);
-
- if (nftnl_mxml_num_parse(tree, "bytes", MXML_DESCEND_FIRST, BASE_DEC,
- &bytes, NFTNL_TYPE_U64, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u64(e, NFTNL_EXPR_CTR_BYTES, bytes);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_counter_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_counter_parse,
.build = nftnl_expr_counter_build,
.snprintf = nftnl_expr_counter_snprintf,
- .xml_parse = nftnl_expr_counter_xml_parse,
.json_parse = nftnl_expr_counter_json_parse,
};
}
-static int nftnl_expr_ct_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- const char *key_str, *dir_str;
- int key;
- uint8_t dir;
- uint32_t dreg, sreg;
-
- if (nftnl_mxml_reg_parse(tree, "dreg", &dreg, MXML_DESCEND_FIRST,
- NFTNL_XML_OPT, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_CT_DREG, dreg);
-
- if (nftnl_mxml_reg_parse(tree, "sreg", &sreg, MXML_DESCEND_FIRST,
- NFTNL_XML_OPT, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_CT_SREG, sreg);
-
- key_str = nftnl_mxml_str_parse(tree, "key", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (key_str != NULL) {
- key = str2ctkey(key_str);
- if (key < 0)
- return -1;
-
- nftnl_expr_set_u32(e, NFTNL_EXPR_CT_KEY, key);
- }
- dir_str = nftnl_mxml_str_parse(tree, "dir", MXML_DESCEND_FIRST,
- NFTNL_XML_OPT, err);
- if (dir_str != NULL) {
- if (str2ctdir(dir_str, &dir) != 0) {
- err->node_name = "dir";
- err->error = NFTNL_PARSE_EBADTYPE;
- goto err;
- }
- nftnl_expr_set_u8(e, NFTNL_EXPR_CT_DIR, dir);
- }
-
- return 0;
-err:
- errno = EINVAL;
- return -1;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int
nftnl_expr_ct_export(char *buf, size_t size, const struct nftnl_expr *e,
int type)
.parse = nftnl_expr_ct_parse,
.build = nftnl_expr_ct_build,
.snprintf = nftnl_expr_ct_snprintf,
- .xml_parse = nftnl_expr_ct_xml_parse,
.json_parse = nftnl_expr_ct_json_parse,
};
}
#endif
-#ifdef XML_PARSING
-static int nftnl_data_reg_verdict_xml_parse(union nftnl_data_reg *reg,
- mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
- int verdict;
- const char *verdict_str;
- const char *chain;
-
- verdict_str = nftnl_mxml_str_parse(tree, "verdict", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (verdict_str == NULL)
- return DATA_NONE;
-
- if (nftnl_str2verdict(verdict_str, &verdict) != 0) {
- err->node_name = "verdict";
- err->error = NFTNL_PARSE_EBADTYPE;
- errno = EINVAL;
- return DATA_NONE;
- }
-
- reg->verdict = (uint32_t)verdict;
-
- chain = nftnl_mxml_str_parse(tree, "chain", MXML_DESCEND_FIRST,
- NFTNL_XML_OPT, err);
- if (chain != NULL) {
- if (reg->chain)
- xfree(reg->chain);
-
- reg->chain = strdup(chain);
- }
-
- return DATA_VERDICT;
-}
-
-static int nftnl_data_reg_value_xml_parse(union nftnl_data_reg *reg,
- mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
- int i;
- char node_name[6];
-
- if (nftnl_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC,
- ®->len, NFTNL_TYPE_U8, NFTNL_XML_MAND, err) != 0)
- return DATA_NONE;
-
- for (i = 0; i < div_round_up(reg->len, sizeof(uint32_t)); i++) {
- sprintf(node_name, "data%d", i);
-
- if (nftnl_mxml_num_parse(tree, node_name, MXML_DESCEND_FIRST,
- BASE_HEX, ®->val[i], NFTNL_TYPE_U32,
- NFTNL_XML_MAND, err) != 0)
- return DATA_NONE;
- }
-
- return DATA_VALUE;
-}
-
-int nftnl_data_reg_xml_parse(union nftnl_data_reg *reg, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
- const char *type;
- mxml_node_t *node;
-
- node = mxmlFindElement(tree, tree, "reg", "type", NULL,
- MXML_DESCEND_FIRST);
- if (node == NULL)
- goto err;
-
- type = mxmlElementGetAttr(node, "type");
-
- if (type == NULL)
- goto err;
-
- if (strcmp(type, "value") == 0)
- return nftnl_data_reg_value_xml_parse(reg, node, err);
- else if (strcmp(type, "verdict") == 0)
- return nftnl_data_reg_verdict_xml_parse(reg, node, err);
-
- return DATA_NONE;
-err:
- errno = EINVAL;
- err->node_name = "reg";
- err->error = NFTNL_PARSE_EMISSINGNODE;
- return DATA_NONE;
-}
-#endif
-
static int
nftnl_data_reg_value_snprintf_json(char *buf, size_t size,
const union nftnl_data_reg *reg,
return offset;
}
-static
-int nftnl_data_reg_value_snprintf_xml(char *buf, size_t size,
- const union nftnl_data_reg *reg,
- uint32_t flags)
-{
- int len = size, offset = 0, ret, i, j;
- uint32_t be;
- uint8_t *tmp;
-
- ret = snprintf(buf, len, "<reg type=\"value\">");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- ret = snprintf(buf+offset, len, "<len>%u</len>", reg->len);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- for (i = 0; i < div_round_up(reg->len, sizeof(uint32_t)); i++) {
- ret = snprintf(buf+offset, len, "<data%d>0x", i);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- be = htonl(reg->val[i]);
- tmp = (uint8_t *)&be;
-
- for (j = 0; j < sizeof(uint32_t); j++) {
- ret = snprintf(buf+offset, len, "%.02x", tmp[j]);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- ret = snprintf(buf+offset, len, "</data%d>", i);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- ret = snprintf(buf+offset, len, "</reg>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- return offset;
-}
-
static int
nftnl_data_reg_value_snprintf_default(char *buf, size_t size,
const union nftnl_data_reg *reg,
return offset;
}
-static int
-nftnl_data_reg_verdict_snprintf_xml(char *buf, size_t size,
- const union nftnl_data_reg *reg,
- uint32_t flags)
-{
- int len = size, offset = 0, ret = 0;
-
- ret = snprintf(buf, size, "<reg type=\"verdict\">"
- "<verdict>%s</verdict>", nftnl_verdict2str(reg->verdict));
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- if (reg->chain != NULL) {
- ret = snprintf(buf+offset, len, "<chain>%s</chain>",
- reg->chain);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- ret = snprintf(buf+offset, len, "</reg>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- return offset;
-}
-
static int
nftnl_data_reg_verdict_snprintf_json(char *buf, size_t size,
const union nftnl_data_reg *reg,
case NFTNL_OUTPUT_DEFAULT:
return nftnl_data_reg_value_snprintf_default(buf, size,
reg, flags);
- case NFTNL_OUTPUT_XML:
- return nftnl_data_reg_value_snprintf_xml(buf, size,
- reg, flags);
case NFTNL_OUTPUT_JSON:
return nftnl_data_reg_value_snprintf_json(buf, size,
reg, flags);
+ case NFTNL_OUTPUT_XML:
default:
break;
}
case NFTNL_OUTPUT_DEFAULT:
return nftnl_data_reg_verdict_snprintf_def(buf, size,
reg, flags);
- case NFTNL_OUTPUT_XML:
- return nftnl_data_reg_verdict_snprintf_xml(buf, size,
- reg, flags);
case NFTNL_OUTPUT_JSON:
return nftnl_data_reg_verdict_snprintf_json(buf, size,
reg, flags);
+ case NFTNL_OUTPUT_XML:
default:
break;
}
#endif
}
-static int nftnl_expr_dup_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- uint32_t sreg_addr, sreg_dev;
-
- if (nftnl_mxml_reg_parse(tree, "sreg_addr", &sreg_addr, MXML_DESCEND_FIRST,
- NFTNL_XML_OPT, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_DUP_SREG_ADDR, sreg_addr);
- if (nftnl_mxml_reg_parse(tree, "sreg_dev", &sreg_dev, MXML_DESCEND_FIRST,
- NFTNL_XML_OPT, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_DUP_SREG_DEV, sreg_dev);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_dup_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_dup_parse,
.build = nftnl_expr_dup_build,
.snprintf = nftnl_expr_dup_snprintf,
- .xml_parse = nftnl_expr_dup_xml_parse,
.json_parse = nftnl_expr_dup_json_parse,
};
#endif
}
-static int
-nftnl_expr_dynset_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- const char *set_name;
- uint32_t uval32;
- uint64_t uval64;
-
- set_name = nftnl_mxml_str_parse(tree, "set", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (set_name != NULL)
- nftnl_expr_set_str(e, NFTNL_EXPR_DYNSET_SET_NAME, set_name);
-
- if (nftnl_mxml_reg_parse(tree, "sreg_key", &uval32, MXML_DESCEND,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_DYNSET_SREG_KEY, uval32);
-
- if (nftnl_mxml_reg_parse(tree, "sreg_data", &uval32, MXML_DESCEND,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_DYNSET_SREG_DATA, uval32);
-
- if (nftnl_mxml_num_parse(tree, "op", MXML_DESCEND_FIRST, BASE_DEC,
- &uval32, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_DYNSET_OP, uval32);
-
- if (nftnl_mxml_num_parse(tree, "timeout", MXML_DESCEND_FIRST, BASE_DEC,
- &uval64, NFTNL_TYPE_U64, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u64(e, NFTNL_EXPR_DYNSET_TIMEOUT, uval64);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int
nftnl_expr_dynset_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
.parse = nftnl_expr_dynset_parse,
.build = nftnl_expr_dynset_build,
.snprintf = nftnl_expr_dynset_snprintf,
- .xml_parse = nftnl_expr_dynset_xml_parse,
.json_parse = nftnl_expr_dynset_json_parse,
};
#endif
}
-static int
-nftnl_expr_exthdr_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- const char *exthdr_type;
- int type;
- uint32_t dreg, len, offset;
-
- if (nftnl_mxml_reg_parse(tree, "dreg", &dreg, MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_EXTHDR_DREG, dreg);
-
- exthdr_type = nftnl_mxml_str_parse(tree, "exthdr_type",
- MXML_DESCEND_FIRST, NFTNL_XML_MAND, err);
- if (exthdr_type != NULL) {
- type = str2exthdr_type(exthdr_type);
- if (type < 0)
- return -1;
- nftnl_expr_set_u8(e, NFTNL_EXPR_EXTHDR_TYPE, type);
- }
-
- /* Get and set <offset> */
- if (nftnl_mxml_num_parse(tree, "offset", MXML_DESCEND_FIRST, BASE_DEC,
- &offset, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_EXTHDR_OFFSET, offset);
-
- /* Get and set <len> */
- if (nftnl_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC,
- &len, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_EXTHDR_LEN, len);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_exthdr_export(char *buf, size_t len,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_exthdr_parse,
.build = nftnl_expr_exthdr_build,
.snprintf = nftnl_expr_exthdr_snprintf,
- .xml_parse = nftnl_expr_exthdr_xml_parse,
.json_parse = nftnl_expr_exthdr_json_parse,
};
#endif
}
-static int nftnl_expr_fwd_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- uint32_t sreg_dev;
-
- if (nftnl_mxml_reg_parse(tree, "sreg_dev", &sreg_dev, MXML_DESCEND_FIRST,
- NFTNL_XML_OPT, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_FWD_SREG_DEV, sreg_dev);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_fwd_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_fwd_parse,
.build = nftnl_expr_fwd_build,
.snprintf = nftnl_expr_fwd_snprintf,
- .xml_parse = nftnl_expr_fwd_xml_parse,
.json_parse = nftnl_expr_fwd_json_parse,
};
#endif
}
-
-static int nftnl_expr_hash_xml_parse(struct nftnl_expr *e,
- mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- uint32_t sreg, dreg, len, modulus, seed, offset;
-
- if (nftnl_mxml_reg_parse(tree, "sreg", &sreg, MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_HASH_SREG, sreg);
-
- if (nftnl_mxml_reg_parse(tree, "dreg", &dreg, MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_HASH_DREG, dreg);
-
- if (nftnl_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC,
- &len, NFTNL_TYPE_U32, NFTNL_XML_MAND,
- err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_HASH_LEN, len);
-
- if (nftnl_mxml_num_parse(tree, "modulus", MXML_DESCEND_FIRST, BASE_DEC,
- &modulus, NFTNL_TYPE_U32, NFTNL_XML_MAND,
- err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_HASH_MODULUS, modulus);
-
- if (nftnl_mxml_num_parse(tree, "seed", MXML_DESCEND_FIRST, BASE_DEC,
- &seed, NFTNL_TYPE_U32, NFTNL_XML_MAND,
- err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_HASH_SEED, seed);
-
- if (nftnl_mxml_num_parse(tree, "offset", MXML_DESCEND_FIRST, BASE_DEC,
- &offset, NFTNL_TYPE_U32, NFTNL_XML_MAND,
- err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_HASH_OFFSET, offset);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int
nftnl_expr_hash_snprintf_default(char *buf, size_t size,
const struct nftnl_expr *e)
.parse = nftnl_expr_hash_parse,
.build = nftnl_expr_hash_build,
.snprintf = nftnl_expr_hash_snprintf,
- .xml_parse = nftnl_expr_hash_xml_parse,
.json_parse = nftnl_expr_hash_json_parse,
};
#endif
}
-static int
-nftnl_expr_immediate_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- struct nftnl_expr_immediate *imm = nftnl_expr_data(e);
- int datareg_type;
- uint32_t reg;
-
- if (nftnl_mxml_reg_parse(tree, "dreg", ®, MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_IMM_DREG, reg);
-
- datareg_type = nftnl_mxml_data_reg_parse(tree, "data",
- &imm->data, NFTNL_XML_MAND, err);
- if (datareg_type >= 0) {
- switch (datareg_type) {
- case DATA_VALUE:
- e->flags |= (1 << NFTNL_EXPR_IMM_DATA);
- break;
- case DATA_VERDICT:
- e->flags |= (1 << NFTNL_EXPR_IMM_VERDICT);
- break;
- case DATA_CHAIN:
- e->flags |= (1 << NFTNL_EXPR_IMM_CHAIN);
- break;
- default:
- return -1;
- }
- }
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int
nftnl_expr_immediate_export(char *buf, size_t size, const struct nftnl_expr *e,
int type)
.parse = nftnl_expr_immediate_parse,
.build = nftnl_expr_immediate_build,
.snprintf = nftnl_expr_immediate_snprintf,
- .xml_parse = nftnl_expr_immediate_xml_parse,
.json_parse = nftnl_expr_immediate_json_parse,
};
#endif
}
-static int nftnl_expr_limit_xml_parse(struct nftnl_expr *e,
- mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- uint64_t rate, unit;
- uint32_t burst, type, flags;
-
- if (nftnl_mxml_num_parse(tree, "rate", MXML_DESCEND_FIRST, BASE_DEC,
- &rate, NFTNL_TYPE_U64, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u64(e, NFTNL_EXPR_LIMIT_RATE, rate);
-
- if (nftnl_mxml_num_parse(tree, "unit", MXML_DESCEND_FIRST, BASE_DEC,
- &unit, NFTNL_TYPE_U64, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u64(e, NFTNL_EXPR_LIMIT_UNIT, unit);
- if (nftnl_mxml_num_parse(tree, "burst", MXML_DESCEND_FIRST, BASE_DEC,
- &burst, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_LIMIT_BURST, burst);
- if (nftnl_mxml_num_parse(tree, "type", MXML_DESCEND_FIRST, BASE_DEC,
- &type, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_LIMIT_TYPE, type);
- if (nftnl_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, BASE_DEC,
- &flags, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_LIMIT_FLAGS, flags);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static const char *get_unit(uint64_t u)
{
switch (u) {
.parse = nftnl_expr_limit_parse,
.build = nftnl_expr_limit_build,
.snprintf = nftnl_expr_limit_snprintf,
- .xml_parse = nftnl_expr_limit_xml_parse,
.json_parse = nftnl_expr_limit_json_parse,
};
#endif
}
-static int nftnl_expr_log_xml_parse(struct nftnl_expr *e,
- mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- const char *prefix;
- uint32_t snaplen, level, flags;
- uint16_t group, qthreshold;
-
- prefix = nftnl_mxml_str_parse(tree, "prefix", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (prefix != NULL)
- nftnl_expr_set_str(e, NFTNL_EXPR_LOG_PREFIX, prefix);
-
- if (nftnl_mxml_num_parse(tree, "group", MXML_DESCEND_FIRST, BASE_DEC,
- &group, NFTNL_TYPE_U16, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u16(e, NFTNL_EXPR_LOG_GROUP, group);
-
- if (nftnl_mxml_num_parse(tree, "snaplen", MXML_DESCEND_FIRST, BASE_DEC,
- &snaplen, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_LOG_SNAPLEN, snaplen);
-
- if (nftnl_mxml_num_parse(tree, "qthreshold", MXML_DESCEND_FIRST, BASE_DEC,
- &qthreshold, NFTNL_TYPE_U16, NFTNL_XML_MAND,
- err) == 0)
- nftnl_expr_set_u16(e, NFTNL_EXPR_LOG_QTHRESHOLD, qthreshold);
-
- if (nftnl_mxml_num_parse(tree, "level", MXML_DESCEND_FIRST, BASE_DEC,
- &level, NFTNL_TYPE_U16, NFTNL_XML_MAND,
- err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_LOG_LEVEL, level);
-
- if (nftnl_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, BASE_DEC,
- &flags, NFTNL_TYPE_U16, NFTNL_XML_MAND,
- err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_LOG_FLAGS, flags);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_log_snprintf_default(char *buf, size_t size,
const struct nftnl_expr *e)
{
.parse = nftnl_expr_log_parse,
.build = nftnl_expr_log_build,
.snprintf = nftnl_expr_log_snprintf,
- .xml_parse = nftnl_expr_log_xml_parse,
.json_parse = nftnl_expr_log_json_parse,
};
#endif
}
-static int
-nftnl_expr_lookup_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- const char *set_name;
- uint32_t sreg, dreg, flags;
-
- set_name = nftnl_mxml_str_parse(tree, "set", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (set_name != NULL)
- nftnl_expr_set_str(e, NFTNL_EXPR_LOOKUP_SET, set_name);
-
- if (nftnl_mxml_reg_parse(tree, "sreg", &sreg, MXML_DESCEND, NFTNL_XML_MAND,
- err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_LOOKUP_SREG, sreg);
-
- if (nftnl_mxml_reg_parse(tree, "dreg", &dreg, MXML_DESCEND, NFTNL_XML_OPT,
- err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_LOOKUP_DREG, dreg);
-
- if (nftnl_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, BASE_DEC,
- &flags, NFTNL_TYPE_U32,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_LOOKUP_FLAGS, flags);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int
nftnl_expr_lookup_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
.parse = nftnl_expr_lookup_parse,
.build = nftnl_expr_lookup_build,
.snprintf = nftnl_expr_lookup_snprintf,
- .xml_parse = nftnl_expr_lookup_xml_parse,
.json_parse = nftnl_expr_lookup_json_parse,
};
#endif
}
-static int
-nftnl_expr_masq_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- uint32_t flags;
- uint32_t reg_proto_min, reg_proto_max;
-
- if (nftnl_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, BASE_DEC,
- &flags, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_MASQ_FLAGS, flags);
- if (nftnl_mxml_reg_parse(tree, "sreg_proto_min", ®_proto_min,
- MXML_DESCEND, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_MASQ_REG_PROTO_MIN,
- reg_proto_min);
- if (nftnl_mxml_reg_parse(tree, "sreg_proto_max", ®_proto_max,
- MXML_DESCEND, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_MASQ_REG_PROTO_MAX,
- reg_proto_max);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
static int nftnl_expr_masq_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_masq_parse,
.build = nftnl_expr_masq_build,
.snprintf = nftnl_expr_masq_snprintf,
- .xml_parse = nftnl_expr_masq_xml_parse,
.json_parse = nftnl_expr_masq_json_parse,
};
}
-static int nftnl_expr_match_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- const char *name;
-
- name = nftnl_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (name != NULL)
- nftnl_expr_set_str(e, NFTNL_EXPR_MT_NAME, name);
-
- /* mt->info is ignored until other solution is reached */
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_match_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_match_parse,
.build = nftnl_expr_match_build,
.snprintf = nftnl_expr_match_snprintf,
- .xml_parse = nftnl_expr_match_xml_parse,
.json_parse = nftnl_expr_match_json_parse,
};
#endif
}
-
-static int nftnl_expr_meta_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- const char *key_str;
- int key;
- uint32_t dreg, sreg;
-
- key_str = nftnl_mxml_str_parse(tree, "key", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (key_str != NULL) {
- key = str2meta_key(key_str);
- if (key >= 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_META_KEY, key);
- }
-
- if (nftnl_mxml_reg_parse(tree, "dreg", &dreg, MXML_DESCEND_FIRST,
- NFTNL_XML_OPT, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_META_DREG, dreg);
-
- if (nftnl_mxml_reg_parse(tree, "sreg", &sreg, MXML_DESCEND_FIRST,
- NFTNL_XML_OPT, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_META_SREG, sreg);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int
nftnl_expr_meta_snprintf_default(char *buf, size_t len,
const struct nftnl_expr *e)
.parse = nftnl_expr_meta_parse,
.build = nftnl_expr_meta_build,
.snprintf = nftnl_expr_meta_snprintf,
- .xml_parse = nftnl_expr_meta_xml_parse,
.json_parse = nftnl_expr_meta_json_parse,
};
#endif
}
-static int nftnl_expr_nat_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- const char *nat_type;
- uint32_t family, nat_type_value, flags;
- uint32_t reg_addr_min, reg_addr_max;
- uint32_t reg_proto_min, reg_proto_max;
-
- nat_type = nftnl_mxml_str_parse(tree, "nat_type", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (nat_type == NULL)
- return -1;
-
- nat_type_value = nftnl_str2nat(nat_type);
- if (nat_type_value < 0)
- return -1;
- nftnl_expr_set_u32(e, NFTNL_EXPR_NAT_TYPE, nat_type_value);
-
- family = nftnl_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (family < 0) {
- mxmlDelete(tree);
- return -1;
- }
- nftnl_expr_set_u32(e, NFTNL_EXPR_NAT_FAMILY, family);
-
- if (nftnl_mxml_reg_parse(tree, "sreg_addr_min", ®_addr_min,
- MXML_DESCEND, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_NAT_REG_ADDR_MIN, reg_addr_min);
-
- if (nftnl_mxml_reg_parse(tree, "sreg_addr_max", ®_addr_max,
- MXML_DESCEND, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_NAT_REG_ADDR_MAX, reg_addr_max);
-
- if (nftnl_mxml_reg_parse(tree, "sreg_proto_min", ®_proto_min,
- MXML_DESCEND, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_NAT_REG_PROTO_MIN, reg_proto_min);
-
- if (nftnl_mxml_reg_parse(tree, "sreg_proto_max", ®_proto_max,
- MXML_DESCEND, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_NAT_REG_PROTO_MAX, reg_proto_max);
-
- if (nftnl_mxml_num_parse(tree, "flags", MXML_DESCEND, BASE_DEC, &flags,
- NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_NAT_FLAGS, flags);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_nat_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_nat_parse,
.build = nftnl_expr_nat_build,
.snprintf = nftnl_expr_nat_snprintf,
- .xml_parse = nftnl_expr_nat_xml_parse,
.json_parse = nftnl_expr_nat_json_parse,
};
#endif
}
-
-static int nftnl_expr_ng_xml_parse(struct nftnl_expr *e,
- mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- uint32_t dreg, modulus, type, offset;
-
- if (nftnl_mxml_reg_parse(tree, "dreg", &dreg, MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_NG_DREG, dreg);
-
- if (nftnl_mxml_num_parse(tree, "modulus", MXML_DESCEND_FIRST, BASE_DEC,
- &modulus, NFTNL_TYPE_U32, NFTNL_XML_MAND,
- err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_NG_MODULUS, modulus);
-
- if (nftnl_mxml_num_parse(tree, "type", MXML_DESCEND_FIRST, BASE_DEC,
- &type, NFTNL_TYPE_U32, NFTNL_XML_MAND,
- err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_NG_TYPE, type);
-
- if (nftnl_mxml_num_parse(tree, "offset", MXML_DESCEND_FIRST, BASE_DEC,
- &offset, NFTNL_TYPE_U32, NFTNL_XML_MAND,
- err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_NG_OFFSET, offset);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int
nftnl_expr_ng_snprintf_default(char *buf, size_t size,
const struct nftnl_expr *e)
.parse = nftnl_expr_ng_parse,
.build = nftnl_expr_ng_build,
.snprintf = nftnl_expr_ng_snprintf,
- .xml_parse = nftnl_expr_ng_xml_parse,
.json_parse = nftnl_expr_ng_json_parse,
};
#endif
}
-static int
-nftnl_expr_payload_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- const char *base_str;
- int32_t base;
- uint32_t dreg, offset, len;
-
- if (nftnl_mxml_reg_parse(tree, "dreg", &dreg, MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_PAYLOAD_DREG, dreg);
-
- base_str = nftnl_mxml_str_parse(tree, "base", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (base_str != NULL) {
- base = nftnl_str2base(base_str);
- if (base < 0)
- return -1;
-
- nftnl_expr_set_u32(e, NFTNL_EXPR_PAYLOAD_BASE, base);
- }
-
- if (nftnl_mxml_num_parse(tree, "offset", MXML_DESCEND_FIRST, BASE_DEC,
- &offset, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_PAYLOAD_OFFSET, offset);
-
-
- if (nftnl_mxml_num_parse(tree, "len", MXML_DESCEND_FIRST, BASE_DEC,
- &len, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_PAYLOAD_LEN, len);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_payload_export(char *buf, size_t size, uint32_t flags,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_payload_parse,
.build = nftnl_expr_payload_build,
.snprintf = nftnl_expr_payload_snprintf,
- .xml_parse = nftnl_expr_payload_xml_parse,
.json_parse = nftnl_expr_payload_json_parse,
};
#endif
}
-static int
-nftnl_expr_queue_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- uint16_t queue_num, queue_total, flags;
- uint32_t sreg_qnum;
-
- if (nftnl_mxml_num_parse(tree, "num", MXML_DESCEND_FIRST, BASE_DEC,
- &queue_num, NFTNL_TYPE_U16, NFTNL_XML_MAND,
- err) == 0)
- nftnl_expr_set_u16(e, NFTNL_EXPR_QUEUE_NUM, queue_num);
-
- if (nftnl_mxml_num_parse(tree, "total", MXML_DESCEND_FIRST, BASE_DEC,
- &queue_total, NFTNL_TYPE_U16,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u16(e, NFTNL_EXPR_QUEUE_TOTAL, queue_total);
-
- if (nftnl_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, BASE_DEC,
- &flags, NFTNL_TYPE_U16,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u16(e, NFTNL_EXPR_QUEUE_FLAGS, flags);
-
- if (nftnl_mxml_num_parse(tree, "sreg_qnum", MXML_DESCEND_FIRST, BASE_DEC,
- &sreg_qnum, NFTNL_TYPE_U32,
- NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_QUEUE_SREG_QNUM, sreg_qnum);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_queue_snprintf_default(char *buf, size_t len,
const struct nftnl_expr *e)
{
.parse = nftnl_expr_queue_parse,
.build = nftnl_expr_queue_build,
.snprintf = nftnl_expr_queue_snprintf,
- .xml_parse = nftnl_expr_queue_xml_parse,
.json_parse = nftnl_expr_queue_json_parse,
};
#endif
}
-static int nftnl_expr_quota_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- uint64_t bytes;
- uint32_t flags;
-
- if (nftnl_mxml_num_parse(tree, "bytes", MXML_DESCEND_FIRST, BASE_DEC,
- &bytes, NFTNL_TYPE_U64, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u64(e, NFTNL_EXPR_QUOTA_BYTES, bytes);
- if (nftnl_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, BASE_DEC,
- &flags, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_QUOTA_FLAGS, flags);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_quota_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_quota_parse,
.build = nftnl_expr_quota_build,
.snprintf = nftnl_expr_quota_snprintf,
- .xml_parse = nftnl_expr_quota_xml_parse,
.json_parse = nftnl_expr_quota_json_parse,
};
#endif
}
-static int
-nftnl_expr_redir_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- uint32_t reg, flags;
-
- if (nftnl_mxml_reg_parse(tree, "sreg_proto_min", ®,
- MXML_DESCEND, NFTNL_XML_OPT, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_REDIR_REG_PROTO_MIN, reg);
-
- if (nftnl_mxml_reg_parse(tree, "sreg_proto_max", ®,
- MXML_DESCEND, NFTNL_XML_OPT, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_REDIR_REG_PROTO_MAX, reg);
-
- if (nftnl_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, BASE_DEC,
- &flags, NFTNL_TYPE_U32, NFTNL_XML_OPT, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_REDIR_FLAGS, flags);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_redir_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_redir_parse,
.build = nftnl_expr_redir_build,
.snprintf = nftnl_expr_redir_snprintf,
- .xml_parse = nftnl_expr_redir_xml_parse,
.json_parse = nftnl_expr_redir_json_parse,
};
#endif
}
-static int
-nftnl_expr_reject_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- uint32_t type;
- uint8_t code;
-
- if (nftnl_mxml_num_parse(tree, "type", MXML_DESCEND_FIRST, BASE_DEC,
- &type, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u32(e, NFTNL_EXPR_REJECT_TYPE, type);
-
- if (nftnl_mxml_num_parse(tree, "code", MXML_DESCEND_FIRST, BASE_DEC,
- &code, NFTNL_TYPE_U8, NFTNL_XML_MAND, err) == 0)
- nftnl_expr_set_u8(e, NFTNL_EXPR_REJECT_CODE, code);
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_expr_reject_snprintf_default(char *buf, size_t len,
const struct nftnl_expr *e)
{
.parse = nftnl_expr_reject_parse,
.build = nftnl_expr_reject_build,
.snprintf = nftnl_expr_reject_snprintf,
- .xml_parse = nftnl_expr_reject_xml_parse,
.json_parse = nftnl_expr_reject_json_parse,
};
#endif
}
-static int
-nftnl_expr_target_xml_parse(struct nftnl_expr *e, mxml_node_t *tree,
- struct nftnl_parse_err *err)
-{
-#ifdef XML_PARSING
- const char *name;
-
- name = nftnl_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (name != NULL)
- nftnl_expr_set_str(e, NFTNL_EXPR_TG_NAME, name);
-
- /* tg->info is ignored until other solution is reached */
-
- return 0;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_rule_exp_target_export(char *buf, size_t size,
const struct nftnl_expr *e, int type)
{
.parse = nftnl_expr_target_parse,
.build = nftnl_expr_target_build,
.snprintf = nftnl_expr_target_snprintf,
- .xml_parse = nftnl_expr_target_xml_parse,
.json_parse = nftnl_expr_target_json_parse,
};
+++ /dev/null
-/*
- * (C) 2012-2013 by Pablo Neira Ayuso <pablo@netfilter.org>
- * (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published
- * by the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
- */
-#include "internal.h"
-
-#include <stdint.h>
-#include <limits.h>
-
-#include <linux/netfilter/nf_tables.h>
-#include <libnftnl/table.h>
-#include <libnftnl/chain.h>
-#include <libnftnl/rule.h>
-#include <libnftnl/expr.h>
-#include <libnftnl/set.h>
-
-#ifdef XML_PARSING
-mxml_node_t *nftnl_mxml_build_tree(const void *data, const char *treename,
- struct nftnl_parse_err *err, enum nftnl_parse_input input)
-{
- mxml_node_t *tree;
-
- switch (input) {
- case NFTNL_PARSE_BUFFER:
- tree = mxmlLoadString(NULL, data, MXML_OPAQUE_CALLBACK);
- break;
- case NFTNL_PARSE_FILE:
- tree = mxmlLoadFile(NULL, (FILE *)data, MXML_OPAQUE_CALLBACK);
- break;
- default:
- goto err;
- }
-
- if (tree == NULL) {
- err->error = NFTNL_PARSE_EBADINPUT;
- goto err;
- }
-
- if (tree->value.opaque != NULL &&
- strcmp(tree->value.opaque, treename) == 0)
- return tree;
-
- err->error = NFTNL_PARSE_EMISSINGNODE;
- err->node_name = treename;
-
- mxmlDelete(tree);
-err:
- err->line = 0;
- err->column = 0;
- errno = EINVAL;
- return NULL;
-}
-
-struct nftnl_expr *nftnl_mxml_expr_parse(mxml_node_t *node,
- struct nftnl_parse_err *err,
- struct nftnl_set_list *set_list)
-{
- mxml_node_t *tree;
- struct nftnl_expr *e;
- const char *expr_name;
- char *xml_text;
- uint32_t set_id;
- int ret;
-
- expr_name = mxmlElementGetAttr(node, "type");
- if (expr_name == NULL) {
- err->node_name = "type";
- err->error = NFTNL_PARSE_EMISSINGNODE;
- goto err;
- }
-
- e = nftnl_expr_alloc(expr_name);
- if (e == NULL)
- goto err;
-
- xml_text = mxmlSaveAllocString(node, MXML_NO_CALLBACK);
- if (xml_text == NULL)
- goto err_expr;
-
- tree = mxmlLoadString(NULL, xml_text, MXML_OPAQUE_CALLBACK);
- xfree(xml_text);
-
- if (tree == NULL)
- goto err_expr;
-
- ret = e->ops->xml_parse(e, tree, err);
- mxmlDelete(tree);
-
- if (set_list != NULL &&
- strcmp(expr_name, "lookup") == 0 &&
- nftnl_set_lookup_id(e, set_list, &set_id))
- nftnl_expr_set_u32(e, NFTNL_EXPR_LOOKUP_SET_ID, set_id);
-
- return ret < 0 ? NULL : e;
-err_expr:
- nftnl_expr_free(e);
-err:
- mxmlDelete(tree);
- errno = EINVAL;
- return NULL;
-}
-
-int nftnl_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t *reg,
- uint32_t mxmlflags, uint32_t flags,
- struct nftnl_parse_err *err)
-{
- mxml_node_t *node;
-
- node = mxmlFindElement(tree, tree, reg_name, NULL, NULL, mxmlflags);
- if (node == NULL) {
- if (!(flags & NFTNL_XML_OPT)) {
- err->error = NFTNL_PARSE_EMISSINGNODE;
- errno = EINVAL;
- goto err;
- }
- return -1;
- }
-
- if (nftnl_strtoi(node->child->value.opaque, BASE_DEC, reg,
- NFTNL_TYPE_U32) != 0) {
- err->error = NFTNL_PARSE_EBADTYPE;
- goto err;
- }
-
- if (*reg > NFT_REG_MAX) {
- errno = ERANGE;
- goto err;
- }
-
- return 0;
-err:
- err->node_name = reg_name;
- return -1;
-}
-
-int nftnl_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name,
- union nftnl_data_reg *data_reg, uint16_t flags,
- struct nftnl_parse_err *err)
-{
- mxml_node_t *node;
-
- node = mxmlFindElement(tree, tree, node_name, NULL, NULL,
- MXML_DESCEND_FIRST);
-
- /* It is necessary for the compatibility with cmpdata label. */
- if (node == NULL || node->child == NULL)
- node = tree;
-
- return nftnl_data_reg_xml_parse(data_reg, node, err);
-}
-
-int
-nftnl_mxml_num_parse(mxml_node_t *tree, const char *node_name,
- uint32_t mxml_flags, int base, void *number,
- enum nftnl_type type, uint16_t flags,
- struct nftnl_parse_err *err)
-{
- mxml_node_t *node = NULL;
- int ret;
-
- node = mxmlFindElement(tree, tree, node_name, NULL, NULL, mxml_flags);
- if (node == NULL || node->child == NULL) {
- if (!(flags & NFTNL_XML_OPT)) {
- errno = EINVAL;
- err->node_name = node_name;
- err->error = NFTNL_PARSE_EMISSINGNODE;
- }
- return -1;
- }
-
- ret = nftnl_strtoi(node->child->value.opaque, base, number, type);
-
- if (ret != 0) {
- err->error = NFTNL_PARSE_EBADTYPE;
- err->node_name = node_name;
- }
- return ret;
-}
-
-const char *nftnl_mxml_str_parse(mxml_node_t *tree, const char *node_name,
- uint32_t mxml_flags, uint16_t flags,
- struct nftnl_parse_err *err)
-{
- mxml_node_t *node;
- const char *ret;
-
- node = mxmlFindElement(tree, tree, node_name, NULL, NULL, mxml_flags);
- if (node == NULL || node->child == NULL) {
- if (!(flags & NFTNL_XML_OPT)) {
- errno = EINVAL;
- err->node_name = node_name;
- err->error = NFTNL_PARSE_EMISSINGNODE;
- }
- return NULL;
- }
-
- ret = node->child->value.opaque;
- if (ret == NULL) {
- err->node_name = node_name;
- err->error = NFTNL_PARSE_EBADTYPE;
- }
- return ret;
-}
-
-int nftnl_mxml_family_parse(mxml_node_t *tree, const char *node_name,
- uint32_t mxml_flags, uint16_t flags,
- struct nftnl_parse_err *err)
-{
- const char *family_str;
- int family;
-
- family_str = nftnl_mxml_str_parse(tree, node_name, mxml_flags,
- flags, err);
- if (family_str == NULL)
- return -1;
-
- family = nftnl_str2family(family_str);
- if (family < 0) {
- err->node_name = node_name;
- errno = EAFNOSUPPORT;
- }
-
- return family;
-}
-#endif
#endif
}
-#ifdef XML_PARSING
-int nftnl_mxml_rule_parse(mxml_node_t *tree, struct nftnl_rule *r,
- struct nftnl_parse_err *err,
- struct nftnl_set_list *set_list)
-{
- mxml_node_t *node;
- struct nftnl_expr *e;
- const char *table, *chain;
- int family;
-
- family = nftnl_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (family >= 0)
- nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, family);
-
- table = nftnl_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (table != NULL)
- nftnl_rule_set_str(r, NFTNL_RULE_TABLE, table);
-
- chain = nftnl_mxml_str_parse(tree, "chain", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (chain != NULL)
- nftnl_rule_set_str(r, NFTNL_RULE_CHAIN, chain);
-
- if (nftnl_mxml_num_parse(tree, "handle", MXML_DESCEND_FIRST, BASE_DEC,
- &r->handle, NFTNL_TYPE_U64, NFTNL_XML_MAND, err) >= 0)
- r->flags |= (1 << NFTNL_RULE_HANDLE);
-
- if (nftnl_mxml_num_parse(tree, "compat_proto", MXML_DESCEND_FIRST,
- BASE_DEC, &r->compat.proto, NFTNL_TYPE_U32,
- NFTNL_XML_OPT, err) >= 0)
- r->flags |= (1 << NFTNL_RULE_COMPAT_PROTO);
-
- if (nftnl_mxml_num_parse(tree, "compat_flags", MXML_DESCEND_FIRST,
- BASE_DEC, &r->compat.flags, NFTNL_TYPE_U32,
- NFTNL_XML_OPT, err) >= 0)
- r->flags |= (1 << NFTNL_RULE_COMPAT_FLAGS);
-
- if (nftnl_rule_is_set(r, NFTNL_RULE_COMPAT_PROTO) !=
- nftnl_rule_is_set(r, NFTNL_RULE_COMPAT_FLAGS)) {
- errno = EINVAL;
- }
-
- if (nftnl_mxml_num_parse(tree, "position", MXML_DESCEND_FIRST,
- BASE_DEC, &r->position, NFTNL_TYPE_U64,
- NFTNL_XML_OPT, err) >= 0)
- r->flags |= (1 << NFTNL_RULE_POSITION);
-
- /* Iterating over <expr> */
- for (node = mxmlFindElement(tree, tree, "expr", "type",
- NULL, MXML_DESCEND);
- node != NULL;
- node = mxmlFindElement(node, tree, "expr", "type",
- NULL, MXML_DESCEND)) {
- e = nftnl_mxml_expr_parse(node, err, set_list);
- if (e == NULL)
- return -1;
-
- nftnl_rule_add_expr(r, e);
- }
-
- return 0;
-}
-#endif
-
-static int nftnl_rule_xml_parse(struct nftnl_rule *r, const void *xml,
- struct nftnl_parse_err *err,
- enum nftnl_parse_input input,
- struct nftnl_set_list *set_list)
-{
-#ifdef XML_PARSING
- int ret;
- mxml_node_t *tree = nftnl_mxml_build_tree(xml, "rule", err, input);
- if (tree == NULL)
- return -1;
-
- ret = nftnl_mxml_rule_parse(tree, r, err, set_list);
- mxmlDelete(tree);
- return ret;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_rule_do_parse(struct nftnl_rule *r, enum nftnl_parse_type type,
const void *data, struct nftnl_parse_err *err,
enum nftnl_parse_input input)
struct nftnl_parse_err perr = {};
switch (type) {
- case NFTNL_PARSE_XML:
- ret = nftnl_rule_xml_parse(r, data, &perr, input, NULL);
- break;
case NFTNL_PARSE_JSON:
ret = nftnl_rule_json_parse(r, data, &perr, input, NULL);
break;
+ case NFTNL_PARSE_XML:
default:
ret = -1;
errno = EOPNOTSUPP;
return offset;
}
-static int nftnl_rule_snprintf_xml(char *buf, size_t size,
- const struct nftnl_rule *r,
- uint32_t type, uint32_t flags)
-{
- int ret, len = size, offset = 0;
- struct nftnl_expr *expr;
-
- ret = snprintf(buf, len, "<rule>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- if (r->flags & (1 << NFTNL_RULE_FAMILY)) {
- ret = snprintf(buf+offset, len, "<family>%s</family>",
- nftnl_family2str(r->family));
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- if (r->flags & (1 << NFTNL_RULE_TABLE)) {
- ret = snprintf(buf+offset, len, "<table>%s</table>",
- r->table);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- if (r->flags & (1 << NFTNL_RULE_CHAIN)) {
- ret = snprintf(buf+offset, len, "<chain>%s</chain>",
- r->chain);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
- if (r->flags & (1 << NFTNL_RULE_HANDLE)) {
- ret = snprintf(buf+offset, len, "<handle>%llu</handle>",
- (unsigned long long)r->handle);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- if (r->compat.flags != 0 || r->compat.proto != 0) {
- ret = snprintf(buf+offset, len,
- "<compat_flags>%u</compat_flags>"
- "<compat_proto>%u</compat_proto>",
- r->compat.flags, r->compat.proto);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- if (r->flags & (1 << NFTNL_RULE_POSITION)) {
- ret = snprintf(buf+offset, len,
- "<position>%"PRIu64"</position>",
- r->position);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- list_for_each_entry(expr, &r->expr_list, head) {
- ret = snprintf(buf+offset, len,
- "<expr type=\"%s\">", expr->ops->name);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- ret = nftnl_expr_snprintf(buf+offset, len, expr,
- type, flags);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- ret = snprintf(buf+offset, len, "</expr>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- }
- ret = snprintf(buf+offset, len, "</rule>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- return offset;
-}
-
static int nftnl_rule_snprintf_default(char *buf, size_t size,
const struct nftnl_rule *r,
uint32_t type, uint32_t flags)
ret = nftnl_rule_snprintf_default(buf+offset, len, r, type,
inner_flags);
break;
- case NFTNL_OUTPUT_XML:
- ret = nftnl_rule_snprintf_xml(buf+offset, len, r, type,
- inner_flags);
- break;
case NFTNL_OUTPUT_JSON:
ret = nftnl_rule_snprintf_json(buf+offset, len, r, type,
inner_flags);
break;
+ case NFTNL_OUTPUT_XML:
default:
return -1;
}
void *data;
/* These fields below are not exposed to the user */
- union {
- json_t *json;
- mxml_node_t *xml;
- };
+ json_t *json;
uint32_t format;
uint32_t set_id;
}
EXPORT_SYMBOL_ALIAS(nftnl_ruleset_ctx_get_u32, nft_ruleset_ctx_get_u32);
-#if defined(JSON_PARSING) || defined(XML_PARSING)
+#if defined(JSON_PARSING)
static void nftnl_ruleset_ctx_set(struct nftnl_parse_ctx *ctx, uint16_t attr,
void *data)
{
#endif
break;
case NFTNL_OUTPUT_XML:
-#ifdef XML_PARSING
- if (nftnl_mxml_table_parse(ctx->xml, table, err) < 0)
- goto err;
-#endif
- break;
default:
errno = EOPNOTSUPP;
goto err;
#endif
break;
case NFTNL_OUTPUT_XML:
-#ifdef XML_PARSING
- if (nftnl_mxml_chain_parse(ctx->xml, chain, err) < 0)
- goto err;
-#endif
- break;
default:
errno = EOPNOTSUPP;
goto err;
#endif
break;
case NFTNL_OUTPUT_XML:
-#ifdef XML_PARSING
- if (nftnl_mxml_set_parse(ctx->xml, set, err) < 0)
- goto err;
-#endif
- break;
default:
errno = EOPNOTSUPP;
goto err;
#endif
break;
case NFTNL_OUTPUT_XML:
-#ifdef XML_PARSING
- if (nftnl_mxml_set_parse(ctx->xml, set, err) < 0)
- goto err;
-#endif
- break;
default:
errno = EOPNOTSUPP;
goto err;
#endif
break;
case NFTNL_OUTPUT_XML:
-#ifdef XML_PARSING
- if (nftnl_mxml_rule_parse(ctx->xml, rule, err, ctx->set_list) < 0)
- goto err;
-#endif
- break;
default:
errno = EOPNOTSUPP;
goto err;
#endif
}
-#ifdef XML_PARSING
-static int nftnl_ruleset_xml_parse_ruleset(struct nftnl_parse_ctx *ctx,
- struct nftnl_parse_err *err)
-{
- const char *node_type;
- mxml_node_t *node, *array = ctx->xml;
- int len = 0, ret;
-
- for (node = mxmlFindElement(array, array, NULL, NULL, NULL,
- MXML_DESCEND_FIRST);
- node != NULL;
- node = mxmlFindElement(node, array, NULL, NULL, NULL,
- MXML_NO_DESCEND)) {
- len++;
- node_type = node->value.opaque;
- ctx->xml = node;
- if (strcmp(node_type, "table") == 0)
- ret = nftnl_ruleset_parse_tables(ctx, err);
- else if (strcmp(node_type, "chain") == 0)
- ret = nftnl_ruleset_parse_chains(ctx, err);
- else if (strcmp(node_type, "set") == 0)
- ret = nftnl_ruleset_parse_sets(ctx, err);
- else if (strcmp(node_type, "rule") == 0)
- ret = nftnl_ruleset_parse_rules(ctx, err);
- else if (strcmp(node_type, "element") == 0)
- ret = nftnl_ruleset_parse_set_elems(ctx, err);
- else
- return -1;
-
- if (ret < 0)
- return ret;
- }
-
- if (len == 0 && ctx->cmd == NFTNL_CMD_FLUSH) {
- nftnl_ruleset_ctx_set_u32(ctx, NFTNL_RULESET_CTX_TYPE,
- NFTNL_RULESET_RULESET);
- if (ctx->cb(ctx) < 0)
- return -1;
- }
-
- return 0;
-}
-
-static int nftnl_ruleset_xml_parse_cmd(const char *cmd, struct nftnl_parse_err *err,
- struct nftnl_parse_ctx *ctx)
-{
- uint32_t cmdnum;
- mxml_node_t *nodecmd;
-
- cmdnum = nftnl_str2cmd(cmd);
- if (cmdnum == NFTNL_CMD_UNSPEC) {
- err->error = NFTNL_PARSE_EMISSINGNODE;
- err->node_name = strdup(cmd);
- return -1;
- }
-
- nodecmd = mxmlFindElement(ctx->xml, ctx->xml, cmd, NULL, NULL,
- MXML_DESCEND_FIRST);
-
- ctx->xml = nodecmd;
- nftnl_ruleset_ctx_set_u32(ctx, NFTNL_RULESET_CTX_CMD, cmdnum);
-
- if (nftnl_ruleset_xml_parse_ruleset(ctx, err) != 0)
- goto err;
-
- return 0;
-err:
- return -1;
-}
-#endif
-
-static int nftnl_ruleset_xml_parse(const void *xml, struct nftnl_parse_err *err,
- enum nftnl_parse_input input,
- enum nftnl_parse_type type, void *arg,
- int (*cb)(const struct nftnl_parse_ctx *ctx))
-{
-#ifdef XML_PARSING
- mxml_node_t *tree, *nodecmd = NULL;
- char *cmd;
- struct nftnl_parse_ctx ctx;
-
- ctx.cb = cb;
- ctx.format = type;
- ctx.flags = 0;
-
- ctx.set_list = nftnl_set_list_alloc();
- if (ctx.set_list == NULL)
- return -1;
-
- if (arg != NULL)
- nftnl_ruleset_ctx_set(&ctx, NFTNL_RULESET_CTX_DATA, arg);
-
- tree = nftnl_mxml_build_tree(xml, "nftables", err, input);
- if (tree == NULL)
- goto err1;
-
- ctx.xml = tree;
-
- nodecmd = mxmlWalkNext(tree, tree, MXML_DESCEND_FIRST);
- while (nodecmd != NULL) {
- cmd = nodecmd->value.opaque;
- if (nftnl_ruleset_xml_parse_cmd(cmd, err, &ctx) < 0)
- goto err2;
- nodecmd = mxmlWalkNext(tree, tree, MXML_NO_DESCEND);
- }
-
- nftnl_set_list_free(ctx.set_list);
- mxmlDelete(tree);
- return 0;
-err2:
- mxmlDelete(tree);
-err1:
- nftnl_set_list_free(ctx.set_list);
- return -1;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int
nftnl_ruleset_do_parse(enum nftnl_parse_type type, const void *data,
struct nftnl_parse_err *err, enum nftnl_parse_input input,
int ret;
switch (type) {
- case NFTNL_PARSE_XML:
- ret = nftnl_ruleset_xml_parse(data, err, input, type, arg, cb);
- break;
case NFTNL_PARSE_JSON:
ret = nftnl_ruleset_json_parse(data, err, input, type, arg, cb);
break;
+ case NFTNL_PARSE_XML:
default:
ret = -1;
errno = EOPNOTSUPP;
static const char *nftnl_ruleset_o_opentag(uint32_t type)
{
switch (type) {
- case NFTNL_OUTPUT_XML:
- return "<nftables>";
case NFTNL_OUTPUT_JSON:
return "{\"nftables\":[";
+ case NFTNL_OUTPUT_XML:
default:
return "";
}
static const char *nftnl_ruleset_o_closetag(uint32_t type)
{
switch (type) {
- case NFTNL_OUTPUT_XML:
- return "</nftables>";
case NFTNL_OUTPUT_JSON:
return "]}";
+ case NFTNL_OUTPUT_XML:
default:
return "";
}
{
switch (type) {
case NFTNL_OUTPUT_DEFAULT:
- case NFTNL_OUTPUT_XML:
case NFTNL_OUTPUT_JSON:
return nftnl_ruleset_do_snprintf(buf, size, r, cmd, type, flags);
+ case NFTNL_OUTPUT_XML:
default:
errno = EOPNOTSUPP;
return -1;
{
switch (type) {
case NFTNL_OUTPUT_DEFAULT:
- case NFTNL_OUTPUT_XML:
case NFTNL_OUTPUT_JSON:
return nftnl_ruleset_cmd_snprintf(buf, size, r,
nftnl_flag2cmd(flags), type,
flags);
+ case NFTNL_OUTPUT_XML:
default:
errno = EOPNOTSUPP;
return -1;
#endif
}
-#ifdef XML_PARSING
-int nftnl_mxml_set_parse(mxml_node_t *tree, struct nftnl_set *s,
- struct nftnl_parse_err *err)
-{
- mxml_node_t *node = NULL;
- struct nftnl_set_elem *elem;
- const char *name, *table;
- int family;
- uint32_t set_flags, key_type, key_len;
- uint32_t data_type, data_len, policy, size;
-
- name = nftnl_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (name == NULL)
- return -1;
- nftnl_set_set_str(s, NFTNL_SET_NAME, name);
-
- table = nftnl_mxml_str_parse(tree, "table", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (table == NULL)
- return -1;
- nftnl_set_set_str(s, NFTNL_SET_TABLE, table);
-
- family = nftnl_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (family >= 0)
- nftnl_set_set_u32(s, NFTNL_SET_FAMILY, family);
-
- if (nftnl_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, BASE_DEC,
- &set_flags, NFTNL_TYPE_U32, NFTNL_XML_MAND,
- err) == 0)
- nftnl_set_set_u32(s, NFTNL_SET_FLAGS, set_flags);
-
- if (nftnl_mxml_num_parse(tree, "key_type", MXML_DESCEND_FIRST, BASE_DEC,
- &key_type, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_set_set_u32(s, NFTNL_SET_KEY_TYPE, key_type);
-
- if (nftnl_mxml_num_parse(tree, "key_len", MXML_DESCEND_FIRST, BASE_DEC,
- &key_len, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) < 0)
- return -1;
- nftnl_set_set_u32(s, NFTNL_SET_KEY_LEN, key_len);
-
- if (nftnl_mxml_num_parse(tree, "data_type", MXML_DESCEND_FIRST, BASE_DEC,
- &data_type, NFTNL_TYPE_U32,
- NFTNL_XML_OPT, err) == 0) {
- nftnl_set_set_u32(s, NFTNL_SET_DATA_TYPE, data_type);
-
- if (nftnl_mxml_num_parse(tree, "data_len", MXML_DESCEND_FIRST,
- BASE_DEC, &data_len, NFTNL_TYPE_U32,
- NFTNL_XML_MAND, err) == 0)
- nftnl_set_set_u32(s, NFTNL_SET_DATA_LEN, data_len);
-
- }
-
- if (nftnl_mxml_num_parse(tree, "policy", MXML_DESCEND_FIRST,
- BASE_DEC, &policy, NFTNL_TYPE_U32,
- NFTNL_XML_OPT, err) == 0)
- nftnl_set_set_u32(s, NFTNL_SET_POLICY, policy);
-
- if (nftnl_mxml_num_parse(tree, "desc_size", MXML_DESCEND_FIRST,
- BASE_DEC, &size, NFTNL_TYPE_U32,
- NFTNL_XML_OPT, err) == 0)
- nftnl_set_set_u32(s, NFTNL_SET_DESC_SIZE, policy);
-
- for (node = mxmlFindElement(tree, tree, "set_elem", NULL,
- NULL, MXML_DESCEND);
- node != NULL;
- node = mxmlFindElement(node, tree, "set_elem", NULL,
- NULL, MXML_DESCEND)) {
-
- elem = nftnl_set_elem_alloc();
- if (elem == NULL)
- return -1;
-
- if (nftnl_mxml_set_elem_parse(node, elem, err) < 0)
- return -1;
-
- list_add_tail(&elem->head, &s->element_list);
- }
-
- return 0;
-}
-#endif
-
-static int nftnl_set_xml_parse(struct nftnl_set *s, const void *xml,
- struct nftnl_parse_err *err,
- enum nftnl_parse_input input)
-{
-#ifdef XML_PARSING
- int ret;
- mxml_node_t *tree = nftnl_mxml_build_tree(xml, "set", err, input);
- if (tree == NULL)
- return -1;
-
- ret = nftnl_mxml_set_parse(tree, s, err);
- mxmlDelete(tree);
- return ret;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_set_do_parse(struct nftnl_set *s, enum nftnl_parse_type type,
const void *data, struct nftnl_parse_err *err,
enum nftnl_parse_input input)
struct nftnl_parse_err perr = {};
switch (type) {
- case NFTNL_PARSE_XML:
- ret = nftnl_set_xml_parse(s, data, &perr, input);
- break;
case NFTNL_PARSE_JSON:
ret = nftnl_set_json_parse(s, data, &perr, input);
break;
+ case NFTNL_PARSE_XML:
default:
ret = -1;
errno = EOPNOTSUPP;
return offset;
}
-static int nftnl_set_snprintf_xml(char *buf, size_t size,
- const struct nftnl_set *s, uint32_t flags)
-{
- int ret;
- int len = size, offset = 0;
- struct nftnl_set_elem *elem;
-
- ret = snprintf(buf, len, "<set>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- if (s->flags & (1 << NFTNL_SET_FAMILY)) {
- ret = snprintf(buf + offset, len, "<family>%s</family>",
- nftnl_family2str(s->family));
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- if (s->flags & (1 << NFTNL_SET_TABLE)) {
- ret = snprintf(buf + offset, len, "<table>%s</table>",
- s->table);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- if (s->flags & (1 << NFTNL_SET_NAME)) {
- ret = snprintf(buf + offset, len, "<name>%s</name>",
- s->name);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- if (s->flags & (1 << NFTNL_SET_FLAGS)) {
- ret = snprintf(buf + offset, len, "<flags>%u</flags>",
- s->set_flags);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
- if (s->flags & (1 << NFTNL_SET_KEY_TYPE)) {
- ret = snprintf(buf + offset, len, "<key_type>%u</key_type>",
- s->key_type);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
- if (s->flags & (1 << NFTNL_SET_KEY_LEN)) {
- ret = snprintf(buf + offset, len, "<key_len>%u</key_len>",
- s->key_len);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- if (s->flags & (1 << NFTNL_SET_DATA_TYPE)) {
- ret = snprintf(buf + offset, len, "<data_type>%u</data_type>",
- s->data_type);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
- if (s->flags & (1 << NFTNL_SET_DATA_LEN)) {
- ret = snprintf(buf + offset, len, "<data_len>%u</data_len>",
- s->data_len);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- if (s->flags & (1 << NFTNL_SET_POLICY)) {
- ret = snprintf(buf + offset, len, "<policy>%u</policy>",
- s->policy);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- if (s->flags & (1 << NFTNL_SET_DESC_SIZE)) {
- ret = snprintf(buf + offset, len, "<desc_size>%u</desc_size>",
- s->desc.size);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- if (!list_empty(&s->element_list)) {
- list_for_each_entry(elem, &s->element_list, head) {
- ret = nftnl_set_elem_snprintf(buf + offset, len, elem,
- NFTNL_OUTPUT_XML, flags);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
- }
-
- ret = snprintf(buf + offset, len, "</set>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- return offset;
-}
-
static int nftnl_set_cmd_snprintf(char *buf, size_t size,
const struct nftnl_set *s, uint32_t cmd,
uint32_t type, uint32_t flags)
int ret, len = size, offset = 0;
uint32_t inner_flags = flags;
+ if (type == NFTNL_OUTPUT_XML)
+ return 0;
+
/* prevent set_elems to print as events */
inner_flags &= ~NFTNL_OF_EVENT_ANY;
ret = nftnl_set_snprintf_default(buf+offset, len, s, type,
inner_flags);
break;
- case NFTNL_OUTPUT_XML:
- ret = nftnl_set_snprintf_xml(buf+offset, len, s, inner_flags);
- break;
case NFTNL_OUTPUT_JSON:
ret = nftnl_set_snprintf_json(buf+offset, len, s, type,
inner_flags);
}
EXPORT_SYMBOL_ALIAS(nftnl_set_elems_nlmsg_parse, nft_set_elems_nlmsg_parse);
-#ifdef XML_PARSING
-int nftnl_mxml_set_elem_parse(mxml_node_t *tree, struct nftnl_set_elem *e,
- struct nftnl_parse_err *err)
-{
- int set_elem_data;
- uint32_t set_elem_flags;
-
- if (nftnl_mxml_num_parse(tree, "flags", MXML_DESCEND_FIRST, BASE_DEC,
- &set_elem_flags, NFTNL_TYPE_U32, NFTNL_XML_MAND,
- err) == 0)
- nftnl_set_elem_set_u32(e, NFTNL_SET_ELEM_FLAGS, set_elem_flags);
-
- if (nftnl_mxml_data_reg_parse(tree, "key", &e->key,
- NFTNL_XML_MAND, err) == DATA_VALUE)
- e->flags |= (1 << NFTNL_SET_ELEM_KEY);
-
- /* <set_elem_data> is not mandatory */
- set_elem_data = nftnl_mxml_data_reg_parse(tree, "data",
- &e->data, NFTNL_XML_OPT, err);
- switch (set_elem_data) {
- case DATA_VALUE:
- e->flags |= (1 << NFTNL_SET_ELEM_DATA);
- break;
- case DATA_VERDICT:
- e->flags |= (1 << NFTNL_SET_ELEM_VERDICT);
- if (e->data.chain != NULL)
- e->flags |= (1 << NFTNL_SET_ELEM_CHAIN);
-
- break;
- }
-
- return 0;
-}
-#endif
-
-static int nftnl_set_elem_xml_parse(struct nftnl_set_elem *e, const void *xml,
- struct nftnl_parse_err *err,
- enum nftnl_parse_input input)
-{
-#ifdef XML_PARSING
- mxml_node_t *tree;
- int ret;
-
- tree = nftnl_mxml_build_tree(xml, "set_elem", err, input);
- if (tree == NULL)
- return -1;
-
- ret = nftnl_mxml_set_elem_parse(tree, e, err);
- mxmlDelete(tree);
- return ret;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
static int nftnl_set_elem_json_parse(struct nftnl_set_elem *e, const void *json,
struct nftnl_parse_err *err,
enum nftnl_parse_input input)
int ret;
switch (type) {
- case NFTNL_PARSE_XML:
- ret = nftnl_set_elem_xml_parse(e, data, err, input);
- break;
case NFTNL_PARSE_JSON:
ret = nftnl_set_elem_json_parse(e, data, err, input);
break;
+ case NFTNL_PARSE_XML:
default:
errno = EOPNOTSUPP;
ret = -1;
return offset;
}
-static int nftnl_set_elem_snprintf_xml(char *buf, size_t size,
- const struct nftnl_set_elem *e,
- uint32_t flags)
-{
- int ret, len = size, offset = 0, type = DATA_NONE;
-
- ret = snprintf(buf, size, "<set_elem>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- if (e->flags & (1 << NFTNL_SET_ELEM_FLAGS)) {
- ret = snprintf(buf + offset, size, "<flags>%u</flags>",
- e->set_elem_flags);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- if (e->flags & (1 << NFTNL_SET_ELEM_KEY)) {
- ret = snprintf(buf + offset, len, "<key>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- ret = nftnl_data_reg_snprintf(buf + offset, len, &e->key,
- NFTNL_OUTPUT_XML, flags, DATA_VALUE);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- ret = snprintf(buf + offset, len, "</key>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- if (e->flags & (1 << NFTNL_SET_ELEM_DATA))
- type = DATA_VALUE;
- else if (e->flags & (1 << NFTNL_SET_ELEM_CHAIN))
- type = DATA_CHAIN;
- else if (e->flags & (1 << NFTNL_SET_ELEM_VERDICT))
- type = DATA_VERDICT;
-
- if (type != DATA_NONE) {
- ret = snprintf(buf + offset, len, "<data>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- ret = nftnl_data_reg_snprintf(buf + offset, len, &e->data,
- NFTNL_OUTPUT_XML, flags, type);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- ret = snprintf(buf + offset, len, "</data>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- }
-
- ret = snprintf(buf + offset, len, "</set_elem>");
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- return offset;
-}
-
static int nftnl_set_elem_cmd_snprintf(char *buf, size_t size,
const struct nftnl_set_elem *e,
uint32_t cmd, uint32_t type,
{
int ret, len = size, offset = 0;
+ if (type == NFTNL_OUTPUT_XML)
+ return 0;
+
ret = nftnl_cmd_header_snprintf(buf + offset, len, cmd, type, flags);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
case NFTNL_OUTPUT_DEFAULT:
ret = nftnl_set_elem_snprintf_default(buf+offset, len, e);
break;
- case NFTNL_OUTPUT_XML:
- ret = nftnl_set_elem_snprintf_xml(buf+offset, len, e, flags);
- break;
case NFTNL_OUTPUT_JSON:
ret = nftnl_set_elem_snprintf_json(buf+offset, len, e, flags);
break;
}
EXPORT_SYMBOL_ALIAS(nftnl_table_nlmsg_parse, nft_table_nlmsg_parse);
-#ifdef XML_PARSING
-int nftnl_mxml_table_parse(mxml_node_t *tree, struct nftnl_table *t,
- struct nftnl_parse_err *err)
-{
- const char *name;
- int family;
- uint32_t flags, use;
-
- name = nftnl_mxml_str_parse(tree, "name", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (name != NULL)
- nftnl_table_set_str(t, NFTNL_TABLE_NAME, name);
-
- family = nftnl_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST,
- NFTNL_XML_MAND, err);
- if (family >= 0)
- nftnl_table_set_u32(t, NFTNL_TABLE_FAMILY, family);
-
- if (nftnl_mxml_num_parse(tree, "flags", MXML_DESCEND, BASE_DEC,
- &flags, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_table_set_u32(t, NFTNL_TABLE_FLAGS, flags);
-
- if (nftnl_mxml_num_parse(tree, "use", MXML_DESCEND, BASE_DEC,
- &use, NFTNL_TYPE_U32, NFTNL_XML_MAND, err) == 0)
- nftnl_table_set_u32(t, NFTNL_TABLE_USE, use);
-
- return 0;
-}
-#endif
-
-static int nftnl_table_xml_parse(struct nftnl_table *t, const void *data,
- struct nftnl_parse_err *err,
- enum nftnl_parse_input input)
-{
-#ifdef XML_PARSING
- int ret;
- mxml_node_t *tree = nftnl_mxml_build_tree(data, "table", err, input);
- if (tree == NULL)
- return -1;
-
- ret = nftnl_mxml_table_parse(tree, t, err);
- mxmlDelete(tree);
- return ret;
-#else
- errno = EOPNOTSUPP;
- return -1;
-#endif
-}
-
#ifdef JSON_PARSING
int nftnl_jansson_parse_table(struct nftnl_table *t, json_t *tree,
struct nftnl_parse_err *err)
struct nftnl_parse_err perr = {};
switch (type) {
- case NFTNL_PARSE_XML:
- ret = nftnl_table_xml_parse(t, data, &perr, input);
- break;
case NFTNL_PARSE_JSON:
ret = nftnl_table_json_parse(t, data, &perr, input);
break;
+ case NFTNL_PARSE_XML:
default:
ret = -1;
errno = EOPNOTSUPP;
include $(top_srcdir)/Make_global.am
EXTRA_DIST = test-script.sh \
- jsonfiles \
- xmlfiles
+ jsonfiles
check_PROGRAMS = nft-parsing-test \
nft-table-test \
nft-expr_hash-test
nft_parsing_test_SOURCES = nft-parsing-test.c
-nft_parsing_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} ${LIBXML_LIBS} ${LIBJSON_LIBS}
+nft_parsing_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} ${LIBJSON_LIBS}
nft_table_test_SOURCES = nft-table-test.c
nft_table_test_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
return -1;
}
-static int test_xml(const char *filename, struct nftnl_parse_err *err)
-{
- int ret = -1;
- struct nftnl_ruleset *rs;
- FILE *fp;
-
- fp = fopen(filename, "r");
- if (fp == NULL) {
- printf("unable to open file %s: %s\n", filename,
- strerror(errno));
- return -1;
- }
-
- rs = nftnl_ruleset_alloc();
- if (rs == NULL) {
- perror("nftnl_ruleset_alloc");
- return -1;
- }
-
- if (nftnl_ruleset_parse_file(rs, NFTNL_PARSE_XML, fp, err) == 0)
- ret = compare_test(TEST_XML_RULESET, rs, filename, fp);
- else
- goto failparsing;
-
- nftnl_ruleset_free(rs);
- fclose(fp);
-
- return ret;
-
-failparsing:
- fclose(fp);
- printf("parsing %s: ", filename);
- printf("\033[31mFAILED\e[0m (%s)\n", strerror(errno));
- nftnl_parse_perror("Reason", err);
- return -1;
-}
-
static int execute_test(const char *dir_name)
{
DIR *d;
snprintf(path, sizeof(path), "%s/%s", dir_name, dent->d_name);
- if (strcmp(&dent->d_name[len-4], ".xml") == 0) {
- if ((ret = test_xml(path, err)) == 0) {
- if (!update) {
- printf("parsing and validating %s: ",
- path);
- printf("\033[32mOK\e[0m\n");
- }
- }
- exit_code += ret;
- }
if (strcmp(&dent->d_name[len-5], ".json") == 0) {
if ((ret = test_json(path, err)) == 0) {
if (!update) {
static int execute_test_file(const char *filename)
{
char path[PATH_MAX];
- int ret = 0;
struct nftnl_parse_err *err;
+ int ret = 0, len;
err = nftnl_parse_err_alloc();
if (err == NULL) {
snprintf(path, sizeof(path), "%s", filename);
- int len = strlen(filename);
- if (strcmp(&filename[len-4], ".xml") == 0) {
- if ((ret = test_xml(path, err)) == 0) {
- if (!update) {
- printf("parsing and validating %s: ",
- path);
- printf("\033[32mOK\e[0m\n");
- }
- }
- nftnl_parse_err_free(err);
- exit(EXIT_FAILURE);
- }
+ len = strlen(filename);
if (strcmp(&filename[len-5], ".json") == 0) {
if ((ret = test_json(path, err)) == 0) {
if (!update) {
./nft-rule-test
./nft-set-test
./nft-table-test
-./nft-parsing-test -d xmlfiles
./nft-parsing-test -d jsonfiles
+++ /dev/null
-<nftables><add><table><name>filter</name><family>ip</family><flags>0</flags><use>0</use></table></add></nftables>
+++ /dev/null
-<nftables><add><table><name>nat</name><family>ip6</family><flags>0</flags><use>0</use></table></add></nftables>
+++ /dev/null
-<nftables><add><chain><name>test</name><handle>0</handle><bytes>0</bytes><packets>0</packets><table>filter</table><family>ip</family><type>filter</type><hooknum>input</hooknum><prio>0</prio><policy>accept</policy></chain></add></nftables>
+++ /dev/null
-<nftables><add><chain><name>test</name><handle>0</handle><bytes>59</bytes><packets>1</packets><table>filter</table><family>ip6</family><type>filter</type><hooknum>forward</hooknum><prio>0</prio><policy>drop</policy></chain></add></nftables>
+++ /dev/null
-<nftables><add><chain><name>foo</name><handle>100</handle><bytes>59264154979</bytes><packets>2548796325</packets><table>nat</table><family>ip</family><type>nat</type><hooknum>postrouting</hooknum><prio>0</prio><policy>accept</policy></chain></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>100</handle><expr type="bitwise"><sreg>1</sreg><dreg>1</dreg><len>4</len><mask><reg type="value"><len>4</len><data0>0x0000000a</data0></reg></mask><xor><reg type="value"><len>4</len><data0>0x00000000</data0></reg></xor></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>test</table><chain>test</chain><handle>1000</handle><expr type="byteorder"><sreg>3</sreg><dreg>4</dreg><op>hton</op><len>4</len><size>4</size></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip6</family><table>filter</table><chain>test</chain><handle>36</handle><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>16</len><data0>0x00000000</data0><data1>0x6e6f6200</data1><data2>0x2e303164</data2><data3>0x00393331</data3></reg></data></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip6</family><table>filter</table><chain>test</chain><handle>39</handle><expr type="counter"><pkts>3</pkts><bytes>177</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>100</handle><expr type="ct"><dreg>1</dreg><key>state</key><dir>original</dir></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip6</family><table>filter</table><chain>INPUT</chain><handle>100</handle><expr type="exthdr"><dreg>1</dreg><exthdr_type>mh</exthdr_type><offset>2</offset><len>16</len></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>input</chain><handle>32</handle><expr type="immediate"><dreg>0</dreg><data><reg type="verdict"><verdict>accept</verdict></reg></data></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>100</handle><expr type="limit"><rate>123123</rate><unit>321321</unit></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip6</family><table>filter</table><chain>test</chain><handle>96</handle><expr type="log"><prefix>test_chain</prefix><group>1</group></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip6</family><table>filter</table><chain>test</chain><handle>37</handle><expr type="lookup"><set>set0</set><sreg>1</sreg><dreg>0</dreg></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>100</handle><expr type="match"><name>state</name></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip6</family><table>filter</table><chain>test</chain><handle>36</handle><expr type="meta"><dreg>1</dreg><key>iifname</key></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip6</family><table>nat</table><chain>OUTPUT</chain><handle>100</handle><expr type="nat"><nat_type>snat</nat_type><family>ip6</family><sreg_addr_min>1</sreg_addr_min><sreg_addr_max>2</sreg_addr_max><sreg_proto_min>3</sreg_proto_min><sreg_proto_max>4</sreg_proto_max></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>100</handle><expr type="nat"><nat_type>dnat</nat_type><family>ip</family><sreg_addr_min>1</sreg_addr_min><sreg_addr_max>2</sreg_addr_max><sreg_proto_min>3</sreg_proto_min><sreg_proto_max>4</sreg_proto_max><flags>12</flags></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip6</family><table>filter</table><chain>test</chain><handle>34</handle><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>100</handle><expr type="target"><name>LOG</name></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>22</handle><expr type="payload"><dreg>1</dreg><offset>12</offset><len>8</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>8</len><data0>0x0100a8c0</data0><data1>0x6400a8c0</data1></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>25</handle><expr type="meta"><dreg>1</dreg><key>iifname</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>16</len><data0>0x00000000</data0><data1>0x00000000</data1><data2>0x65000000</data2><data3>0x00306874</data3></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000006</data0></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>2</len><data0>0x00001600</data0></reg></data></expr><expr type="ct"><dreg>1</dreg><key>state</key><dir>original</dir></expr><expr type="bitwise"><sreg>1</sreg><dreg>1</dreg><len>4</len><mask><reg type="value"><len>4</len><data0>0x0000000a</data0></reg></mask><xor><reg type="value"><len>4</len><data0>0x00000000</data0></reg></xor></expr><expr type="cmp"><sreg>1</sreg><op>neq</op><data><reg type="value"><len>4</len><data0>0x00000000</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="log"><prefix>testprefix</prefix><group>1</group></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>INPUT</chain><handle>30</handle><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="lookup"><set>set3</set><sreg>1</sreg><dreg>0</dreg></expr><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000006</data0></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>2</len><data0>0x0000bb01</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="immediate"><dreg>0</dreg><data><reg type="verdict"><verdict>accept</verdict></reg></data></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip6</family><table>filter</table><chain>test</chain><handle>31</handle><expr type="meta"><dreg>1</dreg><key>iifname</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>16</len><data0>0x00000000</data0><data1>0x00000000</data1><data2>0x6f620000</data2><data3>0x0030646e</data3></reg></data></expr><expr type="meta"><dreg>1</dreg><key>oifname</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>16</len><data0>0x00000000</data0><data1>0x62000000</data1><data2>0x31646e6f</data2><data3>0x0037322e</data3></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>8</offset><len>16</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>16</len><data0>0xc09a002a</data0><data1>0x2700cac1</data1><data2>0x00000000</data2><data3>0x50010000</data3></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>6</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000011</data0></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>2</len><data0>0x00003500</data0></reg></data></expr><expr type="ct"><dreg>1</dreg><key>status</key><dir>original</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x00000001</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="log"><prefix>dns_drop</prefix><group>2</group></expr><expr type="immediate"><dreg>0</dreg><data><reg type="verdict"><verdict>drop</verdict></reg></data></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>2</handle><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x0100a8c0</data0></reg></data></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>3</handle><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>gte</op><data><reg type="value"><len>4</len><data0>0x0100a8c0</data0></reg></data></expr><expr type="cmp"><sreg>1</sreg><op>lte</op><data><reg type="value"><len>4</len><data0>0xfa00a8c0</data0></reg></data></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>4</handle><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x0100a8c0</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>5</handle><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x0100a8c0</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="immediate"><dreg>0</dreg><data><reg type="verdict"><verdict>drop</verdict></reg></data></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>6</handle><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x0100a8c0</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="log"></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>7</handle><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000006</data0></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>2</len><data0>0x00001600</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>8</handle><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000006</data0></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>0</offset><len>4</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x16000004</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>9</handle><expr type="payload"><dreg>1</dreg><offset>12</offset><len>8</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>8</len><data0>0x0100a8c0</data0><data1>0x6400a8c0</data1></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>10</handle><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000006</data0></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>0</offset><len>8</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>8</len><data0>0x16000004</data0><data1>0x00000000</data1></reg></data></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>11</handle><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000006</data0></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>0</offset><len>8</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>8</len><data0>0x16000004</data0><data1>0x00000000</data1></reg></data></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>12</handle><expr type="ct"><dreg>1</dreg><key>state</key><dir>original</dir></expr><expr type="bitwise"><sreg>1</sreg><dreg>1</dreg><len>4</len><mask><reg type="value"><len>4</len><data0>0x0000000a</data0></reg></mask><xor><reg type="value"><len>4</len><data0>0x00000000</data0></reg></xor></expr><expr type="cmp"><sreg>1</sreg><op>neq</op><data><reg type="value"><len>4</len><data0>0x00000000</data0></reg></data></expr><expr type="counter"><pkts>55</pkts><bytes>11407</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>13</handle><expr type="ct"><dreg>1</dreg><key>direction</key><dir>original</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000000</data0></reg></data></expr><expr type="counter"><pkts>5</pkts><bytes>160</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>14</handle><expr type="ct"><dreg>1</dreg><key>direction</key><dir>original</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000001</data0></reg></data></expr><expr type="counter"><pkts>50</pkts><bytes>11247</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>15</handle><expr type="ct"><dreg>1</dreg><key>status</key><dir>original</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x00000001</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>16</handle><expr type="ct"><dreg>1</dreg><key>mark</key><dir>original</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x00000064</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>17</handle><expr type="ct"><dreg>1</dreg><key>secmark</key><dir>original</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x00000000</data0></reg></data></expr><expr type="counter"><pkts>55</pkts><bytes>11407</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>18</handle><expr type="ct"><dreg>1</dreg><key>expiration</key><dir>original</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x0000001e</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>19</handle><expr type="ct"><dreg>1</dreg><key>helper</key><dir>original</dir></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x00707466</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>20</handle><expr type="meta"><dreg>1</dreg><key>len</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x000003e8</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>21</handle><expr type="meta"><dreg>1</dreg><key>protocol</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>2</len><data0>0x00000008</data0></reg></data></expr><expr type="counter"><pkts>55</pkts><bytes>11407</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>22</handle><expr type="meta"><dreg>1</dreg><key>mark</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x00000000</data0></reg></data></expr><expr type="counter"><pkts>55</pkts><bytes>11407</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>23</handle><expr type="meta"><dreg>1</dreg><key>iif</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x00000001</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>24</handle><expr type="meta"><dreg>1</dreg><key>iifname</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>16</len><data0>0x00000000</data0><data1>0x00000000</data1><data2>0x65000000</data2><data3>0x00306874</data3></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>25</handle><expr type="meta"><dreg>1</dreg><key>oif</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x00000001</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>26</handle><expr type="meta"><dreg>1</dreg><key>oifname</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>16</len><data0>0x00000000</data0><data1>0x00000000</data1><data2>0x65000000</data2><data3>0x00306874</data3></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>27</handle><expr type="meta"><dreg>1</dreg><key>skuid</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x000003e8</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>28</handle><expr type="meta"><dreg>1</dreg><key>skgid</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x000003e8</data0></reg></data></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>29</handle><expr type="meta"><dreg>1</dreg><key>secmark</key></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>4</len><data0>0x00000000</data0></reg></data></expr><expr type="counter"><pkts>55</pkts><bytes>11407</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>32</handle><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000006</data0></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="lookup"><set>set0</set><sreg>1</sreg><dreg>0</dreg></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>33</handle><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="lookup"><set>set1</set><sreg>1</sreg><dreg>0</dreg></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>34</handle><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000006</data0></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="lookup"><set>map0</set><sreg>1</sreg><dreg>0</dreg></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>35</handle><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000006</data0></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="lookup"><set>map1</set><sreg>1</sreg><dreg>0</dreg></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>output</chain><handle>36</handle><expr type="payload"><dreg>1</dreg><offset>16</offset><len>4</len><base>network</base></expr><expr type="lookup"><set>map2</set><sreg>1</sreg><dreg>0</dreg></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><set><family>ip</family><table>filter</table><name>set0</name><key_type>0</key_type><key_len>0</key_len><data_type>0</data_type><data_len>0</data_len><set_elem><key><reg type="value"><len>4</len><data0>0x0300a8c0</data0></reg></key></set_elem><set_elem><key><reg type="value"><len>4</len><data0>0x0200a8c0</data0></reg></key></set_elem><set_elem><key><reg type="value"><len>4</len><data0>0x0100a8c0</data0></reg></key></set_elem></set></add></nftables>
+++ /dev/null
-<nftables><add><set><family>ip6</family><table>filter</table><name>set0</name><key_type>0</key_type><key_len>0</key_len><data_type>0</data_type><data_len>0</data_len><set_elem><key><reg type="value"><len>16</len><data0>0xc09a002a</data0><data1>0x2700cac1</data1><data2>0x00000000</data2><data3>0x70010000</data3></reg></key></set_elem><set_elem><key><reg type="value"><len>16</len><data0>0xc09a002a</data0><data1>0x2700cac1</data1><data2>0x00000000</data2><data3>0x50010000</data3></reg></key></set_elem></set></add></nftables>
+++ /dev/null
-<nftables><add><table><name>filter</name><family>ip</family><flags>0</flags><use>0</use></table><table><name>filter</name><family>ip6</family><flags>0</flags><use>0</use></table><chain><name>input</name><handle>1</handle><bytes>0</bytes><packets>0</packets><table>filter</table><family>ip</family></chain><chain><name>output</name><handle>2</handle><bytes>0</bytes><packets>0</packets><table>filter</table><family>ip</family></chain><chain><name>forward</name><handle>1</handle><bytes>0</bytes><packets>0</packets><table>filter</table><family>ip6</family></chain><set><family>ip6</family><table>filter</table><name>set0</name><flags>3</flags><key_type>12</key_type><key_len>2</key_len><data_type>0</data_type><data_len>0</data_len><set_elem><key><reg type="value"><len>2</len><data0>0x00004300</data0></reg></key></set_elem><set_elem><key><reg type="value"><len>2</len><data0>0x00003500</data0></reg></key></set_elem></set><set><family>ip</family><table>filter</table><name>map0</name><flags>11</flags><key_type>12</key_type><key_len>2</key_len><data_type>4294967040</data_type><data_len>16</data_len><set_elem><key><reg type="value"><len>2</len><data0>0x00005000</data0></reg></key><data><reg type="verdict"><verdict>drop</verdict></reg></data></set_elem><set_elem><key><reg type="value"><len>2</len><data0>0x00001600</data0></reg></key><data><reg type="verdict"><verdict>accept</verdict></reg></data></set_elem></set><rule><family>ip</family><table>filter</table><chain>input</chain><handle>8</handle><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="immediate"><dreg>0</dreg><data><reg type="verdict"><verdict>accept</verdict></reg></data></expr></rule><rule><family>ip</family><table>filter</table><chain>output</chain><handle>9</handle><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000006</data0></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="lookup"><set>map0</set><sreg>1</sreg><dreg>0</dreg></expr></rule><rule><family>ip6</family><table>filter</table><chain>forward</chain><handle>2</handle><expr type="payload"><dreg>1</dreg><offset>6</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000011</data0></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="lookup"><set>set0</set><sreg>1</sreg><dreg>0</dreg></expr><expr type="counter"><pkts>0</pkts><bytes>0</bytes></expr><expr type="immediate"><dreg>0</dreg><data><reg type="verdict"><verdict>accept</verdict></reg></data></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip6</family><table>filter</table><chain>test</chain><handle>129</handle><expr type="meta"><key>mark</key><sreg>1</sreg></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>input</chain><handle>43</handle><expr type="queue"><num>4</num><total>2</total><flags>0</flags></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>input</chain><handle>44</handle><position>43</position><expr type="queue"><num>4</num><total>2</total><flags>3</flags></expr></rule></add></nftables>
-
+++ /dev/null
-<nftables><add><rule><family>ip6</family><table>nat</table><chain>postrouting</chain><handle>4</handle><expr type="masq"><flags>12</flags></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip6</family><table>nat</table><chain>prerouting</chain><handle>4</handle><expr type="redir"></expr></rule></add></nftables>
+++ /dev/null
-<nftables><add><rule><family>ip</family><table>filter</table><chain>input</chain><handle>5</handle><expr type="payload"><dreg>1</dreg><offset>9</offset><len>1</len><base>network</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>1</len><data0>0x00000006</data0></reg></data></expr><expr type="payload"><dreg>1</dreg><offset>2</offset><len>2</len><base>transport</base></expr><expr type="cmp"><sreg>1</sreg><op>eq</op><data><reg type="value"><len>2</len><data0>0x00001700</data0></reg></data></expr></rule></add></nftables>
projects / thirdparty / libnftnl.git / commitdiff
