git.ipfire.org Git - thirdparty/libnftnl.git/commit

author	Arturo Borrero <arturo.borrero.glez@gmail.com>
	Sat, 18 Jan 2014 16:56:45 +0000 (17:56 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sat, 18 Jan 2014 20:50:27 +0000 (21:50 +0100)
commit	dec687412e31118a3add7bad8de6ac496f7c1c65
tree	2c45e84f99cf2bede27f7e2854cb15ebc514b2cf	tree \| snapshot
parent	871c7fd0204325b947a5fde3ab8617ef89b9168f	commit \| diff

data_reg: fix verdict format approach

Patrick reports that the XML/JSON formats of the data_reg object
are not accuarate.

This patch updates these formats, so they are now as follow:

* <data_reg type=value> with raw data (this doesn't change).
* <data_reg type=verdict> with a concrete verdict (eg drop accept) and an
optional <chain>, with destination.

In XML:
<data_reg type="verdict">
<verdict>goto</verdict>
<chain>output</chain>
</data_reg>

In JSON:
"data_reg" : {
"type" : "verdict",
"verdict" : "goto"
"chain" : "output",
}

The default output format is updated to reflect these changes (minor collateral
thing).

When parsing set_elems, to know if we need to add the NFT_SET_ELEM_ATTR_CHAIN
flag, a basic check for the chain not being NULL is done, instead of evaluating
if the result of the parsing was DATA_CHAIN. The DATA_CHAIN symbol is no longer
used in the data_reg XML/JSON parsing zone.

While at it, I updated the error reporting stuff regarding data_reg/verdict, in
order to leave a consistent state in the library.

A JSON testfile is updated as well.

Reported-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/expr/data_reg.c		diff \| blob \| blame \| history
src/jansson.c		diff \| blob \| blame \| history
src/set_elem.c		diff \| blob \| blame \| history
tests/jsonfiles/63-set.json		diff \| blob \| blame \| history
tests/nft-parsing-test.c		diff \| blob \| blame \| history