This patch adds capabilities for parsing a XML table/chain/rule.
Some comments:
* The XML data is case sensitive
(so <chain>asd</chain> != <chain>ASD</chain> != <CHAIN>asd</CHAIN>)
* All exported functions receive XML and return an object (table|chain|rule).
* To compile the lib with XML parsing support, run './configure --with-xml-parsing'
* XML parsing is done with libmxml (http://minixml.org). XML parsing depends
on this external lib, this dependency is optional at compile time.
NOTE: expr/target and expr/match binary data are exported.
[ Fixed to compile without --with-xml-parsing --pablo ]
Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com>
#
LIBVERSION=0:0:0
-AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_srcdir}/include ${LIBMNL_CFLAGS}
+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_srcdir}/include ${LIBMNL_CFLAGS} ${LIBMXML_CFLAGS}
AM_CFLAGS = ${regular_CFLAGS} ${GCC_FVISIBILITY_HIDDEN}
dnl Dependencies
PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.0])
+AC_ARG_WITH([xml-parsing], AS_HELP_STRING([--with-xml-parsing], [XML parsing support]))
+AS_IF([test "x$with_xml_parsing" = "xyes"], [
+ PKG_CHECK_MODULES([LIBXML], [mxml >= 2.6])
+])
AC_PROG_CC
AM_PROG_CC_C_O
esac
regular_CPPFLAGS="-D_FILE_OFFSET_BITS=64 -D_REENTRANT"
+AS_IF([test "x$with_xml_parsing" = "xyes"], [
+ regular_CPPFLAGS="$regular_CPPFLAGS -DXML_PARSING"
+])
regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \
-Wmissing-prototypes -Wshadow -Wstrict-prototypes \
-Wformat=2 -pipe"
NFT_CHAIN_O_XML,
};
+enum nft_chain_parse_type {
+ NFT_CHAIN_PARSE_NONE = 0,
+ NFT_CHAIN_PARSE_XML,
+ NFT_CHAIN_PARSE_MAX
+};
+
+int nft_chain_parse(struct nft_chain *c, enum nft_chain_parse_type type, char *data);
int nft_chain_snprintf(char *buf, size_t size, struct nft_chain *t, uint32_t type, uint32_t flags);
struct nlmsghdr *nft_chain_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family, uint16_t type, uint32_t seq);
NFT_RULE_O_XML,
};
+enum nft_rule_parse_type {
+ NFT_RULE_PARSE_NONE = 0,
+ NFT_RULE_PARSE_XML,
+ NFT_RULE_PARSE_MAX,
+};
+
+int nft_rule_parse(struct nft_rule *r, enum nft_rule_parse_type type, char *data);
int nft_rule_snprintf(char *buf, size_t size, struct nft_rule *t, uint32_t type, uint32_t flags);
struct nlmsghdr *nft_rule_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family, uint16_t type, uint32_t seq);
NFT_TABLE_O_XML,
};
+enum nft_table_parse_type {
+ NFT_TABLE_PARSE_NONE = 0,
+ NFT_TABLE_PARSE_XML,
+ NFT_TABLE_PARSE_MAX,
+};
+
+int nft_table_parse(struct nft_table *t, enum nft_table_parse_type type, char *data);
int nft_table_snprintf(char *buf, size_t size, struct nft_table *t, uint32_t type, uint32_t flags);
struct nlmsghdr *nft_table_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family, uint16_t type, uint32_t seq);
#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
+#include <errno.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nfnetlink.h>
}
EXPORT_SYMBOL(nft_chain_nlmsg_parse);
+static int nft_chain_xml_parse(struct nft_chain *c, char *xml)
+{
+#ifdef XML_PARSING
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ char *endptr = NULL;
+ uint64_t utmp;
+ int64_t tmp;
+
+ /* NOTE: all XML nodes are mandatory */
+
+ /* Load the tree */
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ /* Get and set <chain name="xxx" ... >*/
+ if (mxmlElementGetAttr(tree, "name") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ strncpy(c->name, mxmlElementGetAttr(tree, "name"),
+ NFT_CHAIN_MAXNAMELEN);
+ c->flags |= (1 << NFT_CHAIN_ATTR_NAME);
+
+ /* Get and set <chain handle="x" ... >*/
+ if (mxmlElementGetAttr(tree, "handle") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ utmp = strtoull(mxmlElementGetAttr(tree, "handle"), &endptr, 10);
+ if (utmp == UINT64_MAX || utmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ c->handle = (uint64_t)utmp;
+ c->flags |= (1 << NFT_CHAIN_ATTR_HANDLE);
+
+ /* Get and set <chain bytes="x" ... >*/
+ if (mxmlElementGetAttr(tree, "bytes") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ utmp = strtoull(mxmlElementGetAttr(tree, "bytes"), &endptr, 10);
+ if (utmp == UINT64_MAX || utmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ c->bytes = (uint64_t)utmp;
+ c->flags |= (1 << NFT_CHAIN_ATTR_BYTES);
+
+ /* Get and set <chain packets="x" ... > */
+ if (mxmlElementGetAttr(tree, "packets") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ utmp = strtoull(mxmlElementGetAttr(tree, "packets"), &endptr, 10);
+ if (utmp == UINT64_MAX || utmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ c->packets = (uint64_t)utmp;
+ c->flags |= (1 << NFT_CHAIN_ATTR_PACKETS);
+
+ /* Ignore <properties> node */
+ node = mxmlFindElement(tree, tree, "properties", NULL, NULL,
+ MXML_DESCEND_FIRST);
+
+ /* Get and set <type> */
+ node = mxmlFindElement(tree, tree, "type", NULL, NULL, MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (c->type)
+ free(c->type);
+
+ c->type = strdup(node->child->value.opaque);
+ c->flags |= (1 << NFT_CHAIN_ATTR_TYPE);
+
+ /* Get and set <table> */
+ node = mxmlFindElement(tree, tree, "table", NULL, NULL, MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ if (c->table)
+ free(c->table);
+
+ c->table = strdup(node->child->value.opaque);
+ c->flags |= (1 << NFT_CHAIN_ATTR_TABLE);
+
+ /* Get and set <prio> */
+ node = mxmlFindElement(tree, tree, "prio", NULL, NULL, MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ tmp = strtoll(node->child->value.opaque, &endptr, 10);
+ if (tmp > INT32_MAX || tmp < INT32_MIN || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ memcpy(&c->prio, &tmp, sizeof(c->prio));
+ c->flags |= (1 << NFT_CHAIN_ATTR_PRIO);
+
+ /* Ignore <use> (cannot be set)*/
+ node = mxmlFindElement(tree, tree, "use", NULL, NULL, MXML_DESCEND);
+
+ /* Get and set <hooknum> */
+ node = mxmlFindElement(tree, tree, "hooknum", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ utmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (utmp > UINT32_MAX || utmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ memcpy(&c->hooknum, &utmp, sizeof(c->hooknum));
+ c->flags |= (1 << NFT_CHAIN_ATTR_HOOKNUM);
+
+ /* Get and set <policy> */
+ node = mxmlFindElement(tree, tree, "policy", NULL, NULL, MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ utmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (utmp > UINT32_MAX || utmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ c->policy = (uint32_t)utmp;
+ c->flags |= (1 << NFT_CHAIN_ATTR_POLICY);
+
+ /* Get and set <family> */
+ node = mxmlFindElement(tree, tree, "family", NULL, NULL, MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ utmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (utmp > UINT8_MAX || utmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ c->family = (uint32_t)utmp;
+ c->flags |= (1 << NFT_CHAIN_ATTR_FAMILY);
+
+ mxmlDelete(tree);
+ return 0;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
+int nft_chain_parse(struct nft_chain *c, enum nft_chain_parse_type type,
+ char *data)
+{
+ int ret;
+
+ switch (type) {
+ case NFT_CHAIN_PARSE_XML:
+ ret = nft_chain_xml_parse(c, data);
+ break;
+ default:
+ ret = -1;
+ errno = EOPNOTSUPP;
+ break;
+ }
+
+ return ret;
+}
+EXPORT_SYMBOL(nft_chain_parse);
+
static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
{
return snprintf(buf, size,
#include <stdint.h>
#include <string.h> /* for memcpy */
#include <arpa/inet.h>
+#include <errno.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
#include <libnftables/expr.h>
return ret;
}
+static int
+nft_rule_expr_bitwise_xml_parse(struct nft_rule_expr *e, char *xml)
+{
+#ifdef XML_PARSING
+ struct nft_expr_bitwise *bitwise = (struct nft_expr_bitwise *)e;
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ mxml_node_t *save = NULL;
+ uint64_t tmp;
+ union nft_data_reg data_regtmp;
+ char *endptr = NULL;
+
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ if (mxmlElementGetAttr(tree, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp("bitwise", mxmlElementGetAttr(tree, "type")) != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* get and set <sreg> */
+ node = mxmlFindElement(tree, tree, "sreg", NULL, NULL,
+ MXML_DESCEND_FIRST);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ bitwise->sreg = (uint32_t)tmp;
+ e->flags |= (1 << NFT_EXPR_BITWISE_SREG);
+
+ /* get and set <dreg> */
+ node = mxmlFindElement(tree, tree, "dreg", NULL, NULL, MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ bitwise->dreg = (uint32_t)tmp;
+ e->flags |= (1 << NFT_EXPR_BITWISE_DREG);
+
+ /* Get and set <mask> */
+ node = mxmlFindElement(tree, tree, "mask", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* hack for mxmSaveAllocString to print just the current node */
+ save = node->next;
+ node->next = NULL;
+ if (nft_data_reg_xml_parse(&data_regtmp,
+ mxmlSaveAllocString(node, MXML_NO_CALLBACK)) < 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ node->next = save;
+
+ memcpy(&bitwise->mask.val, data_regtmp.val, data_regtmp.len);
+ bitwise->mask.len = data_regtmp.len;
+ e->flags |= (1 << NFT_EXPR_BITWISE_MASK);
+
+ /* Get and set <xor> */
+ node = mxmlFindElement(tree, tree, "xor", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* hack for mxmSaveAllocString to print just the current node */
+ save = node->next;
+ node->next = NULL;
+ if (nft_data_reg_xml_parse(&data_regtmp,
+ mxmlSaveAllocString(node, MXML_NO_CALLBACK)) < 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ memcpy(&bitwise->xor.val, data_regtmp.val, data_regtmp.len);
+ bitwise->xor.len = data_regtmp.len;
+ e->flags |= (1 << NFT_EXPR_BITWISE_XOR);
+
+ mxmlDelete(tree);
+ return 0;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
static int
nft_rule_expr_bitwise_snprintf_xml(char *buf, size_t size,
struct nft_expr_bitwise *bitwise)
.parse = nft_rule_expr_bitwise_parse,
.build = nft_rule_expr_bitwise_build,
.snprintf = nft_rule_expr_bitwise_snprintf,
+ .xml_parse = nft_rule_expr_bitwise_xml_parse,
};
#include <stdint.h>
#include <string.h>
#include <arpa/inet.h>
+#include <errno.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
[NFT_CMP_GTE] = "gte",
};
+static int nft_rule_expr_cmp_xml_parse(struct nft_rule_expr *e, char *xml)
+{
+#ifdef XML_PARSING
+ struct nft_expr_cmp *cmp = (struct nft_expr_cmp *)e->data;
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ mxml_node_t *save = NULL;
+ union nft_data_reg data_regtmp;
+ uint64_t tmp;
+ char *endptr;
+
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ if (mxmlElementGetAttr(tree, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp("cmp", mxmlElementGetAttr(tree, "type")) != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* Get and set <sreg>. Is not mandatory */
+ node = mxmlFindElement(tree, tree, "sreg", NULL, NULL,
+ MXML_DESCEND_FIRST);
+ if (node != NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ cmp->sreg = (uint8_t)tmp;
+ e->flags |= (1 << NFT_EXPR_CMP_SREG);
+ }
+
+ /* Get and set <op>. Is not mandatory*/
+ node = mxmlFindElement(tree, tree, "op", NULL, NULL, MXML_DESCEND);
+ if (node != NULL) {
+ if (strcmp(node->child->value.opaque, "eq") == 0) {
+ cmp->op = NFT_CMP_EQ;
+ } else if (strcmp(node->child->value.opaque, "neq") == 0) {
+ cmp->op = NFT_CMP_NEQ;
+ } else if (strcmp(node->child->value.opaque, "lt") == 0) {
+ cmp->op = NFT_CMP_LT;
+ } else if (strcmp(node->child->value.opaque, "lte") == 0) {
+ cmp->op = NFT_CMP_LTE;
+ } else if (strcmp(node->child->value.opaque, "gt") == 0) {
+ cmp->op = NFT_CMP_GT;
+ } else if (strcmp(node->child->value.opaque, "gte") == 0) {
+ cmp->op = NFT_CMP_GTE;
+ } else {
+ /* If <op> is present, a valid value is mandatory */
+ mxmlDelete(tree);
+ return -1;
+ }
+ e->flags |= (1 << NFT_EXPR_CMP_OP);
+ }
+
+ /* Get and set <cmpdata>. Is not mandatory */
+ node = mxmlFindElement(tree, tree, "cmpdata", NULL, NULL,
+ MXML_DESCEND);
+ if (node != NULL) {
+ /* hack for mxmSaveAllocString to print just the current node */
+ save = node->next;
+ node->next = NULL;
+
+ if (nft_data_reg_xml_parse(&data_regtmp,
+ mxmlSaveAllocString(node, MXML_NO_CALLBACK)) < 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ node->next = save;
+
+ memcpy(&cmp->data.val, data_regtmp.val, data_regtmp.len);
+ cmp->data.len = data_regtmp.len;
+ e->flags |= (1 << NFT_EXPR_CMP_DATA);
+ }
+
+ mxmlDelete(tree);
+ return 0;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
static int
nft_rule_expr_cmp_snprintf_xml(char *buf, size_t size, struct nft_expr_cmp *cmp)
{
.parse = nft_rule_expr_cmp_parse,
.build = nft_rule_expr_cmp_build,
.snprintf = nft_rule_expr_cmp_snprintf,
+ .xml_parse = nft_rule_expr_cmp_xml_parse,
};
#include <stdio.h>
#include <stdint.h>
#include <arpa/inet.h>
+#include <errno.h>
#include <linux/netfilter/nf_tables.h>
return 0;
}
+static int
+nft_rule_expr_counter_xml_parse(struct nft_rule_expr *e, char *xml)
+{
+#ifdef XML_PARSING
+ struct nft_expr_counter *ctr = (struct nft_expr_counter *)e->data;
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ char *endptr;
+ uint64_t tmp;
+
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ if (mxmlElementGetAttr(tree, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp("counter", mxmlElementGetAttr(tree, "type")) != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* get and set <pkts>. Is not mandatory*/
+ node = mxmlFindElement(tree, tree, "pkts", NULL, NULL,
+ MXML_DESCEND_FIRST);
+ if (node != NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp == UINT64_MAX || tmp < 0 || *endptr ) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ ctr->pkts = (uint64_t)tmp;
+ e->flags |= (1 << NFT_EXPR_CTR_PACKETS);
+ }
+
+ /* get and set <bytes> */
+ node = mxmlFindElement(tree, tree, "bytes", NULL, NULL,
+ MXML_DESCEND);
+ if (node != NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp == UINT64_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ ctr->bytes = (uint64_t)tmp;
+ e->flags |= (1 << NFT_EXPR_CTR_BYTES);
+ }
+
+ mxmlDelete(tree);
+ return 0;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
static int
nft_rule_expr_counter_snprintf(char *buf, size_t len, uint32_t type,
uint32_t flags, struct nft_rule_expr *e)
.parse = nft_rule_expr_counter_parse,
.build = nft_rule_expr_counter_build,
.snprintf = nft_rule_expr_counter_snprintf,
+ .xml_parse = nft_rule_expr_counter_xml_parse,
};
#include <stdio.h>
#include <stdint.h>
#include <string.h>
+#include <limits.h>
#include <arpa/inet.h>
+#include <errno.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter.h>
#include "data_reg.h"
#include "internal.h"
-static int nft_data_reg_value_snprintf_xml(char *buf, size_t size,
- union nft_data_reg *reg,
- uint32_t flags)
+#ifdef XML_PARSING
+static int nft_data_reg_verdict_xml_parse(union nft_data_reg *reg, char *xml)
{
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ char *endptr;
+ long int tmp;
+
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ node = mxmlFindElement(tree, tree, "data_reg", NULL, NULL,
+ MXML_DESCEND_FIRST);
+
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* Get and validate <data_reg type="verdict" >*/
+ if (mxmlElementGetAttr(tree, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp(mxmlElementGetAttr(tree, "type"), "verdict") != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* Get and set <verdict> */
+ node = mxmlFindElement(tree, tree, "verdict", NULL, NULL,
+ MXML_DESCEND_FIRST);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ errno = 0;
+ tmp = strtoll(node->child->value.opaque, &endptr, 10);
+ if (tmp > INT_MAX || tmp < INT_MIN || errno != 0
+ || strlen(endptr) > 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ reg->verdict = tmp;
+
+ mxmlDelete(tree);
+ return 0;
+ errno = EOPNOTSUPP;
+ return -1;
+}
+
+static int nft_data_reg_chain_xml_parse(union nft_data_reg *reg, char *xml)
+{
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ node = mxmlFindElement(tree, tree, "data_reg", NULL, NULL,
+ MXML_DESCEND_FIRST);
+
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* Get and validate <data_reg type="chain" >*/
+ if (mxmlElementGetAttr(tree, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp(mxmlElementGetAttr(tree, "type"), "chain") != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* Get and set <chain> */
+ node = mxmlFindElement(tree, tree, "chain", NULL, NULL, MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* no max len value to validate? */
+ if (strlen(node->child->value.opaque) < 1) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (reg->chain)
+ free(reg->chain);
+
+ reg->chain = strdup(node->child->value.opaque);
+
+ mxmlDelete(tree);
+ return 0;
+}
+
+static int nft_data_reg_value_xml_parse(union nft_data_reg *reg, char *xml)
+{
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ int i, len;
+ int64_t tmp;
+ uint64_t utmp;
+ char *endptr;
+ char node_name[6];
+
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ node = mxmlFindElement(tree, tree, "data_reg", NULL, NULL,
+ MXML_DESCEND_FIRST);
+
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /*
+ * <data_reg type="value">
+ * <len>4</len>
+ * <data0>0xc09a002a</data0>
+ * <data1>0x2700cac1</data1>
+ * <data2>0x00000000</data2>
+ * <data3>0x08000000</data3>
+ * </data_reg>
+ */
+
+ /* Get and validate <data_reg type="value" ... >*/
+ if (mxmlElementGetAttr(node, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp(mxmlElementGetAttr(node, "type"), "value") != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* Get <len> */
+ node = mxmlFindElement(tree, tree, "len", NULL, NULL, MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ tmp = strtoll(node->child->value.opaque, &endptr, 10);
+ if (tmp > INT64_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ /* maybe also (len < 1 || len > 4) */
+ len = tmp;
+
+ /* Get and set <dataN> */
+ for (i = 0; i < len; i++) {
+ sprintf(node_name, "data%d", i);
+
+ node = mxmlFindElement(tree, tree, node_name, NULL,
+ NULL, MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ utmp = strtoull(node->child->value.opaque, &endptr, 16);
+ if (utmp == UINT64_MAX || utmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ reg->val[i] = tmp;
+ }
+
+ reg->len = sizeof(reg->val);
+
+ mxmlDelete(tree);
+ return 0;
+ errno = EOPNOTSUPP;
+ return -1;
+}
+#endif
+
+int nft_data_reg_xml_parse(union nft_data_reg *reg, char *xml)
+{
+#ifdef XML_PARSING
+ mxml_node_t *node = NULL;
+ mxml_node_t *tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+
+ if (tree == NULL)
+ return -1;
+
+ node = mxmlFindElement(tree, tree, "data_reg", NULL, NULL,
+ MXML_DESCEND_FIRST);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* Get <data_reg type="xxx" ... >*/
+ if (mxmlElementGetAttr(node, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* Select what type of parsing is needed */
+ if (strcmp(mxmlElementGetAttr(node, "type"), "value") == 0) {
+ mxmlDelete(tree);
+ return nft_data_reg_value_xml_parse(reg, xml);
+ } else if (strcmp(mxmlElementGetAttr(node, "type"), "verdict") == 0) {
+ mxmlDelete(tree);
+ return nft_data_reg_verdict_xml_parse(reg, xml);
+ } else if (strcmp(mxmlElementGetAttr(node, "type"), "chain") == 0) {
+ mxmlDelete(tree);
+ return nft_data_reg_chain_xml_parse(reg, xml);
+ }
+
+ mxmlDelete(tree);
+ return -1;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
+static
+int nft_data_reg_value_snprintf_xml(char *buf, size_t size,
+ union nft_data_reg *reg, uint32_t flags)
+{
+#ifdef XML_PARSING
int len = size, offset = 0, ret, i, j;
uint8_t *tmp;
int data_len = reg->len/sizeof(uint32_t);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
return offset;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
}
static int
return ret;
}
+
#include <stdint.h>
#include <string.h>
#include <arpa/inet.h>
-
+#include <errno.h>
#include "internal.h"
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
return ret;
}
+static int
+nft_rule_expr_immediate_xml_parse(struct nft_rule_expr *e, char *xml)
+{
+#ifdef XML_PARSING
+ struct nft_expr_immediate *imm = (struct nft_expr_immediate *)e->data;
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ mxml_node_t *save = NULL;
+ union nft_data_reg data_regtmp;
+ uint64_t tmp;
+ char *endptr;
+
+ /* load the tree */
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ if (mxmlElementGetAttr(tree, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp("immediate", mxmlElementGetAttr(tree, "type")) != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* Get and set <dreg>. Is mandatory */
+ node = mxmlFindElement(tree, tree, "dreg", NULL, NULL,
+ MXML_DESCEND_FIRST);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ imm->dreg = (uint32_t)tmp;
+ e->flags |= (1 << NFT_EXPR_IMM_DREG);
+
+ /* Get and set <immdata>. Is mandatory */
+ node = mxmlFindElement(tree, tree, "immdata", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* hack for mxmSaveAllocString to print just the current node */
+ save = node->next;
+ node->next = NULL;
+
+ if (nft_data_reg_xml_parse(&data_regtmp,
+ mxmlSaveAllocString(node, MXML_NO_CALLBACK)) < 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ node->next = save;
+
+ /* data_reg type switch */
+ node = mxmlFindElement(tree, tree, "data_reg", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (mxmlElementGetAttr(node, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp(mxmlElementGetAttr(node, "type"), "value") == 0) {
+ memcpy(&imm->data.val, data_regtmp.val, data_regtmp.len);
+ imm->data.len = data_regtmp.len;
+ e->flags |= (1 << NFT_EXPR_IMM_DATA);
+ } else if (strcmp(mxmlElementGetAttr(node, "type"), "verdict") == 0) {
+ imm->data.verdict = data_regtmp.verdict;
+ e->flags |= (1 << NFT_EXPR_IMM_VERDICT);
+ } else if (strcmp(mxmlElementGetAttr(node, "type"), "chain") == 0) {
+ if (imm->data.chain)
+ free(imm->data.chain);
+
+ imm->data.chain = strdup(data_regtmp.chain);
+ e->flags |= (1 << NFT_EXPR_IMM_CHAIN);
+ }
+
+ mxmlDelete(tree);
+ return 0;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
static int
nft_rule_expr_immediate_snprintf_xml(char *buf, size_t len,
struct nft_rule_expr *e, uint32_t flags)
.parse = nft_rule_expr_immediate_parse,
.build = nft_rule_expr_immediate_build,
.snprintf = nft_rule_expr_immediate_snprintf,
+ .xml_parse = nft_rule_expr_immediate_xml_parse,
};
#include <stdint.h>
#include <string.h> /* for memcpy */
#include <arpa/inet.h>
+#include <errno.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
#include <libnftables/rule.h>
return ret;
}
+static int
+nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, char *xml)
+{
+#ifdef XML_PARSING
+ struct nft_expr_lookup *lookup = (struct nft_expr_lookup *)e->data;
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ uint64_t tmp;
+ char *endptr;
+
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ if (mxmlElementGetAttr(tree, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp("lookup", mxmlElementGetAttr(tree, "type")) != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* get and set <set>. Is mandatory */
+ node = mxmlFindElement(tree, tree, "set", NULL, NULL,
+ MXML_DESCEND_FIRST);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ memcpy(lookup->set_name, node->child->value.opaque, IFNAMSIZ);
+ lookup->set_name[IFNAMSIZ-1] = '\0';
+ e->flags |= (1 << NFT_EXPR_LOOKUP_SET);
+
+ /* get and set <sreg>. Is mandatory */
+ node = mxmlFindElement(tree, tree, "sreg", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ errno = 0;
+
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ lookup->sreg = (uint32_t)tmp;
+ e->flags |= (1 << NFT_EXPR_LOOKUP_SREG);
+
+ /* get and set <dreg>. Isn't mandatory */
+ node = mxmlFindElement(tree, tree, "dreg", NULL, NULL,
+ MXML_DESCEND);
+ if (node != NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ lookup->dreg = (uint32_t)tmp;
+ e->flags |= (1 << NFT_EXPR_LOOKUP_DREG);
+ }
+ mxmlDelete(tree);
+ return 0;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
static int
nft_rule_expr_lookup_snprintf_xml(char *buf, size_t size,
struct nft_expr_lookup *l)
.parse = nft_rule_expr_lookup_parse,
.build = nft_rule_expr_lookup_build,
.snprintf = nft_rule_expr_lookup_snprintf,
+ .xml_parse = nft_rule_expr_lookup_xml_parse,
};
#include <stdint.h>
#include <string.h> /* for memcpy */
#include <arpa/inet.h>
-
+#include <errno.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
return 0;
}
+static int nft_rule_expr_match_xml_parse(struct nft_rule_expr *e, char *xml)
+{
+#ifdef XML_PARSING
+ struct nft_expr_match *mt = (struct nft_expr_match *)e->data;
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ uint64_t tmp;
+ char *endptr;
+
+ /* load the tree */
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ if (mxmlElementGetAttr(tree, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp("match", mxmlElementGetAttr(tree, "type")) != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* get and set <name>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "name", NULL, NULL,
+ MXML_DESCEND_FIRST);
+ if (node != NULL) {
+ memcpy(mt->name, node->child->value.opaque,
+ XT_EXTENSION_MAXNAMELEN);
+ mt->name[XT_EXTENSION_MAXNAMELEN-1] = '\0';
+ e->flags |= (1 << NFT_EXPR_MT_NAME);
+ }
+
+ /* get and set <rev>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "rev", NULL, NULL, MXML_DESCEND);
+ if (node != NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ mt->rev = (uint32_t)tmp;
+ e->flags |= (1 << NFT_EXPR_MT_REV);
+ }
+
+ /* mt->info is ignored until other solution is reached */
+
+ mxmlDelete(tree);
+ return 0;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
static int nft_rule_expr_match_snprintf_xml(char *buf, size_t len,
struct nft_expr_match *mt)
{
.parse = nft_rule_expr_match_parse,
.build = nft_rule_expr_match_build,
.snprintf = nft_rule_expr_match_snprintf,
+ .xml_parse = nft_rule_expr_match_xml_parse,
};
#include <stdio.h>
#include <stdint.h>
#include <arpa/inet.h>
-
+#include <errno.h>
#include <linux/netfilter/nf_tables.h>
#include "internal.h"
return 0;
}
+static int nft_rule_expr_meta_xml_parse(struct nft_rule_expr *e, char *xml)
+{
+#ifdef XML_PARSING
+ struct nft_expr_meta *meta = (struct nft_expr_meta *)e->data;
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ uint64_t tmp;
+ char *endptr;
+
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ if (mxmlElementGetAttr(tree, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp("meta", mxmlElementGetAttr(tree, "type")) != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* Get and set <dreg>. Is mandatory */
+ node = mxmlFindElement(tree, tree, "dreg", NULL, NULL,
+ MXML_DESCEND_FIRST);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ meta->dreg = (uint8_t)tmp;
+ e->flags |= (1 << NFT_EXPR_META_DREG);
+
+ /* Get and set <key>. Is mandatory */
+ node = mxmlFindElement(tree, tree, "key", NULL, NULL, MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ meta->key = (uint8_t)tmp;
+ e->flags |= (1 << NFT_EXPR_META_KEY);
+
+ mxmlDelete(tree);
+ return 0;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
static int
nft_rule_expr_meta_snprintf(char *buf, size_t len, uint32_t type,
uint32_t flags, struct nft_rule_expr *e)
.parse = nft_rule_expr_meta_parse,
.build = nft_rule_expr_meta_build,
.snprintf = nft_rule_expr_meta_snprintf,
+ .xml_parse = nft_rule_expr_meta_xml_parse,
};
#include <stdio.h>
#include <stdint.h>
+#include <limits.h>
+#include <errno.h>
#include <arpa/inet.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
htonl(nat->sreg_proto_max));
}
+
+static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
+{
+#ifdef XML_PARSING
+ struct nft_expr_nat *nat = (struct nft_expr_nat *)e->data;
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ uint64_t tmp;
+ char *endptr;
+
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ if (mxmlElementGetAttr(tree, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp("nat", mxmlElementGetAttr(tree, "type")) != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* Get and set <type>. Mandatory */
+ node = mxmlFindElement(tree, tree, "type", NULL, NULL,
+ MXML_DESCEND_FIRST);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp(node->child->value.opaque, "NFT_NAT_SNAT") == 0) {
+ nat->type = NFT_NAT_SNAT;
+ } else if (strcmp(node->child->value.opaque, "NFT_NAT_DNAT") == 0) {
+ nat->type = NFT_NAT_DNAT;
+ } else {
+ mxmlDelete(tree);
+ return -1;
+ }
+ e->flags |= (1 << NFT_EXPR_NAT_TYPE);
+
+ /* Get and set <family>. Mandatory */
+ node = mxmlFindElement(tree, tree, "family", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp(node->child->value.opaque, "AF_INET") == 0) {
+ nat->family = AF_INET;
+ } else if (strcmp(node->child->value.opaque, "AF_INET6") == 0) {
+ nat->family = AF_INET6;
+ } else {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ e->flags |= (1 << NFT_EXPR_NAT_FAMILY);
+
+ /* Get and set <sreg_addr_min_v4>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "sreg_addr_min_v4", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ nat->sreg_addr_min = (uint32_t)tmp;
+ e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MIN);
+ }
+
+ /* Get and set <sreg_addr_max_v4>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "sreg_addr_max_v4", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ nat->sreg_addr_max = (uint32_t)tmp;
+ e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MAX);
+ }
+
+ /* Get and set <sreg_proto_min>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "sreg_proto_min", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ nat->sreg_proto_min = (uint32_t)tmp;
+ e->flags |= (1 << NFT_EXPR_NAT_REG_PROTO_MIN);
+ }
+
+ /* Get and set <sreg_proto_max>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "sreg_proto_max", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ nat->sreg_proto_max = (uint32_t)tmp;
+ e->flags |= (1 << NFT_EXPR_NAT_REG_PROTO_MAX);
+ }
+ mxmlDelete(tree);
+ return 0;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
static int
nft_rule_expr_nat_snprintf_xml(char *buf, size_t size,
struct nft_rule_expr *e)
.parse = nft_rule_expr_nat_parse,
.build = nft_rule_expr_nat_build,
.snprintf = nft_rule_expr_nat_snprintf,
+ .xml_parse = nft_rule_expr_nat_xml_parse,
};
#include <stdio.h>
#include <stdint.h>
+#include <limits.h>
#include <arpa/inet.h>
-
+#include <errno.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
return 0;
}
+static int
+nft_rule_expr_payload_xml_parse(struct nft_rule_expr *e, char *xml)
+{
+#ifdef XML_PARSING
+ struct nft_expr_payload *payload = (struct nft_expr_payload *)e->data;
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ uint64_t tmp;
+ char *endptr;
+
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ if (mxmlElementGetAttr(tree, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp("payload", mxmlElementGetAttr(tree, "type")) != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* Get and set <dreg>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "dreg", NULL, NULL,
+ MXML_DESCEND_FIRST);
+ if (node != NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ payload->dreg = (uint32_t)tmp;
+ e->flags |= (1 << NFT_EXPR_PAYLOAD_DREG);
+ }
+
+ /* Get and set <base>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "base", NULL, NULL, MXML_DESCEND);
+ if (node != NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ payload->base = (uint32_t)tmp;
+ e->flags |= (1 << NFT_EXPR_PAYLOAD_BASE);
+ }
+
+ /* Get and set <offset>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "offset", NULL, NULL,
+ MXML_DESCEND);
+ if (node != NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ payload->offset = (unsigned int)tmp;
+ e->flags |= (1 << NFT_EXPR_PAYLOAD_OFFSET);
+ }
+
+ /* Get and set <len>. Not mandatory */
+ node = mxmlFindElement(tree, tree, "len", NULL, NULL, MXML_DESCEND);
+ if (node != NULL) {
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ payload->len = (unsigned int)tmp;
+ e->flags |= (1 << NFT_EXPR_PAYLOAD_LEN);
+ }
+ mxmlDelete(tree);
+ return 0;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
static int
nft_rule_expr_payload_snprintf(char *buf, size_t len, uint32_t type,
uint32_t flags, struct nft_rule_expr *e)
.parse = nft_rule_expr_payload_parse,
.build = nft_rule_expr_payload_build,
.snprintf = nft_rule_expr_payload_snprintf,
+ .xml_parse = nft_rule_expr_payload_xml_parse,
};
#include <stdint.h>
#include <string.h> /* for memcpy */
#include <arpa/inet.h>
-
+#include <errno.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nf_tables.h>
return 0;
}
+static int
+nft_rule_expr_target_xml_parse(struct nft_rule_expr *e, char *xml)
+{
+#ifdef XML_PARSING
+ struct nft_expr_target *tg = (struct nft_expr_target *)e->data;
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ uint64_t tmp;
+ char *endptr;
+
+ /* load the tree */
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ if (mxmlElementGetAttr(tree, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (strcmp("target", mxmlElementGetAttr(tree, "type")) != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* Get and set <name>. Optional */
+ node = mxmlFindElement(tree, tree, "name", NULL, NULL,
+ MXML_DESCEND_FIRST);
+ if (node != NULL) {
+ memcpy(tg->name, node->child->value.opaque,
+ XT_EXTENSION_MAXNAMELEN);
+ tg->name[XT_EXTENSION_MAXNAMELEN-1] = '\0';
+ e->flags |= (1 << NFT_EXPR_TG_NAME);
+ }
+
+ /* Get and set <rev>. Optional */
+ node = mxmlFindElement(tree, tree, "rev", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ errno = 0;
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ tg->rev = (uint32_t)tmp;
+ e->flags |= (1 << NFT_EXPR_TG_REV);
+ }
+
+ /* tg->info is ignored until other solution is reached */
+
+ mxmlDelete(tree);
+ return 0;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
static
int nft_rule_exp_target_snprintf_xml(char *buf, size_t len,
struct nft_expr_target *tg)
.parse = nft_rule_expr_target_parse,
.build = nft_rule_expr_target_build,
.snprintf = nft_rule_expr_target_snprintf,
+ .xml_parse = nft_rule_expr_target_xml_parse,
};
int (*parse)(struct nft_rule_expr *e, struct nlattr *attr);
void (*build)(struct nlmsghdr *nlh, struct nft_rule_expr *e);
int (*snprintf)(char *buf, size_t len, uint32_t type, uint32_t flags, struct nft_rule_expr *e);
+ int (*xml_parse)(struct nft_rule_expr *e, char *xml);
};
struct expr_ops *nft_expr_ops_lookup(const char *name);
#include <stdint.h>
+#ifdef XML_PARSING
+#include <mxml.h>
+#endif
+
struct expr_ops;
struct nft_rule_expr {
nft_table_attr_set_str;
nft_table_attr_get_u32;
nft_table_attr_get_str;
+ nft_table_parse;
nft_table_snprintf;
nft_table_nlmsg_build_hdr;
nft_table_nlmsg_build_payload;
nft_chain_attr_get_s32;
nft_chain_attr_get_u64;
nft_chain_attr_get_str;
+ nft_chain_parse;
nft_chain_snprintf;
nft_chain_nlmsg_build_hdr;
nft_chain_nlmsg_build_payload;
nft_rule_attr_get_u32;
nft_rule_attr_get_u64;
nft_rule_attr_get_str;
+ nft_rule_parse;
nft_rule_snprintf;
nft_rule_nlmsg_build_hdr;
nft_rule_nlmsg_build_payload;
#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
+#include <errno.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nfnetlink.h>
}
EXPORT_SYMBOL(nft_rule_nlmsg_parse);
+static int nft_rule_xml_parse(struct nft_rule *r, char *xml)
+{
+#ifdef XML_PARSING
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ mxml_node_t *save = NULL;
+ struct nft_rule_expr *e;
+ struct expr_ops *ops;
+ char *endptr = NULL;
+ uint64_t tmp;
+
+ /* Load the tree */
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ /* get and set <rule ... family=X ... > */
+ if (mxmlElementGetAttr(tree, "family") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ tmp = strtoull(mxmlElementGetAttr(tree, "family"), &endptr, 10);
+ if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ r->family = (uint8_t)tmp;
+ r->flags |= (1 << NFT_RULE_ATTR_FAMILY);
+
+ /* get and set <rule ... table=X ...> */
+ if (mxmlElementGetAttr(tree, "table") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (r->table)
+ free(r->table);
+
+ r->table = strdup(mxmlElementGetAttr(tree, "table"));
+
+ /* get and set <rule ... chain=X ...> */
+ if (mxmlElementGetAttr(tree, "chain") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (r->chain)
+ free(r->chain);
+
+ r->chain = strdup(mxmlElementGetAttr(tree, "chain"));
+ r->flags |= (1 << NFT_RULE_ATTR_CHAIN);
+
+ /* get and set <rule ... handle=X ...> */
+ if (mxmlElementGetAttr(tree, "handle") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ tmp = strtoull(mxmlElementGetAttr(tree, "handle"), &endptr, 10);
+ if (tmp == UINT64_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ r->handle = (uint64_t)tmp;
+ r->flags |= (1 << NFT_RULE_ATTR_HANDLE);
+
+ /* get and set <rule_flags> */
+ node = mxmlFindElement(tree, tree, "rule_flags", NULL, NULL,
+ MXML_DESCEND_FIRST);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ r->rule_flags = (uint32_t)tmp;
+ r->flags |= (1 << NFT_RULE_ATTR_FLAGS);
+
+ /* get and set <compat_proto> */
+ node = mxmlFindElement(tree, tree, "compat_proto", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ r->compat.proto = (uint32_t)tmp;
+ r->flags |= (1 << NFT_RULE_ATTR_COMPAT_PROTO);
+
+ /* get and set <compat_flags> */
+ node = mxmlFindElement(tree, tree, "compat_flags", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ r->compat.flags = (uint32_t)tmp;
+ r->flags |= (1 << NFT_RULE_ATTR_COMPAT_FLAGS);
+
+ /* Iterating over <expr> */
+ for (node = mxmlFindElement(tree, tree, "expr", "type",
+ NULL, MXML_DESCEND);
+ node != NULL;
+ node = mxmlFindElement(node, tree, "expr", "type",
+ NULL, MXML_DESCEND)) {
+
+ if (mxmlElementGetAttr(node, "type") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ ops = nft_expr_ops_lookup(mxmlElementGetAttr(node, "type"));
+ if (ops == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ e = nft_rule_expr_alloc(mxmlElementGetAttr(node, "type"));
+ if (e == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ /* This is a hack for mxml to print just the current node */
+ save = node->next;
+ node->next = NULL;
+
+ if (ops->xml_parse(e,
+ mxmlSaveAllocString(node,
+ MXML_NO_CALLBACK)) != 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ nft_rule_add_expr(r, e);
+
+ node->next = save;
+ save = NULL;
+ }
+
+ mxmlDelete(tree);
+ return 0;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
+int nft_rule_parse(struct nft_rule *r, enum nft_rule_parse_type type, char *data)
+{
+ int ret;
+
+ switch (type) {
+ case NFT_RULE_PARSE_XML:
+ ret = nft_rule_xml_parse(r, data);
+ break;
+ default:
+ ret = -1;
+ errno = EOPNOTSUPP;
+ break;
+ }
+
+ return ret;
+}
+EXPORT_SYMBOL(nft_rule_parse);
+
static int nft_rule_snprintf_xml(char *buf, size_t size, struct nft_rule *r,
uint32_t type, uint32_t flags)
{
#include <time.h>
#include <endian.h>
#include <stdint.h>
+#include <limits.h>
#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
+#include <errno.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nfnetlink.h>
}
EXPORT_SYMBOL(nft_table_nlmsg_parse);
+static int nft_table_xml_parse(struct nft_table *t, char *xml)
+{
+#ifdef XML_PARSING
+ mxml_node_t *tree = NULL;
+ mxml_node_t *node = NULL;
+ char *endptr = NULL;
+ uint64_t tmp;
+
+ /* NOTE: all XML nodes are mandatory */
+
+ /* Load the tree */
+ tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
+ if (tree == NULL)
+ return -1;
+
+ /* Get and set the name of the table */
+ if (mxmlElementGetAttr(tree, "name") == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ if (t->name)
+ free(t->name);
+
+ t->name = strdup(mxmlElementGetAttr(tree, "name"));
+ t->flags |= (1 << NFT_TABLE_ATTR_NAME);
+
+ /* Ignore <properties> node */
+ node = mxmlFindElement(tree, tree, "properties", NULL, NULL,
+ MXML_DESCEND_FIRST);
+
+ /* Get the and set <family> node */
+ node = mxmlFindElement(tree, tree, "family", NULL, NULL, MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || *endptr || tmp < 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ t->family = (uint32_t)tmp;
+ t->flags |= (1 << NFT_TABLE_ATTR_FAMILY);
+
+ /* Get and set <table_flags> */
+ node = mxmlFindElement(tree, tree, "table_flags", NULL, NULL,
+ MXML_DESCEND);
+ if (node == NULL) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ tmp = strtoull(node->child->value.opaque, &endptr, 10);
+ if (tmp > UINT32_MAX || *endptr || tmp < 0) {
+ mxmlDelete(tree);
+ return -1;
+ }
+
+ t->table_flags = (uint32_t)tmp;
+ t->flags |= (1 << NFT_TABLE_ATTR_FLAGS);
+
+ mxmlDelete(tree);
+ return 0;
+#else
+ errno = EOPNOTSUPP;
+ return -1;
+#endif
+}
+
+int nft_table_parse(struct nft_table *t, enum nft_table_parse_type type,
+ char *data)
+{
+ int ret;
+
+ switch (type) {
+ case NFT_TABLE_PARSE_XML:
+ ret = nft_table_xml_parse(t, data);
+ break;
+ default:
+ ret = -1;
+ errno = EOPNOTSUPP;
+ break;
+ }
+
+ return ret;
+}
+EXPORT_SYMBOL(nft_table_parse);
+
static int nft_table_snprintf_xml(char *buf, size_t size, struct nft_table *t)
{
return snprintf(buf, size,
projects / thirdparty / libnftnl.git / commitdiff
