libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBXML_LIBS}
libnftables_la_LDFLAGS = -Wl,--version-script=$(srcdir)/libnftables.map \
-version-info $(LIBVERSION)
-libnftables_la_SOURCES = table.c \
+libnftables_la_SOURCES = utils.c \
+ table.c \
chain.c \
rule.c \
set.c \
char *endptr = NULL;
uint64_t utmp;
int64_t tmp;
+ int family;
/* NOTE: all XML nodes are mandatory */
mxmlDelete(tree);
return -1;
}
- utmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (utmp > UINT8_MAX || utmp < 0 || *endptr) {
+
+ family = nft_str2family(node->child->value.opaque);
+ if (family < 0) {
mxmlDelete(tree);
return -1;
}
- c->family = (uint32_t)utmp;
+ c->family = family;
c->flags |= (1 << NFT_CHAIN_ATTR_FAMILY);
mxmlDelete(tree);
"\"use\" : %d,"
"\"hooknum\" : \"%s\","
"\"policy\" : %d,"
- "\"family\" : %d"
+ "\"family\" : \"%s\""
"}"
"}"
"}",
c->name, c->handle, c->bytes, c->packets,
NFT_CHAIN_JSON_VERSION, c->type, c->table,
c->prio, c->use, hooknum2str_array[c->hooknum],
- c->policy, c->family);
+ c->policy, nft_family2str(c->family));
}
static int nft_chain_snprintf_xml(char *buf, size_t size, struct nft_chain *c)
"<use>%d</use>"
"<hooknum>%s</hooknum>"
"<policy>%d</policy>"
- "<family>%d</family>"
+ "<family>%s</family>"
"</properties>"
"</chain>",
c->name, c->handle, c->bytes, c->packets,
NFT_CHAIN_XML_VERSION, c->type, c->table,
c->prio, c->use, hooknum2str_array[c->hooknum],
- c->policy, c->family);
+ c->policy, nft_family2str(c->family));
}
-static int nft_chain_snprintf_default(char *buf, size_t size, struct nft_chain *c)
+static int nft_chain_snprintf_default(char *buf, size_t size,
+ struct nft_chain *c)
{
- return snprintf(buf, size, "family=%u table=%s chain=%s type=%s "
+ return snprintf(buf, size, "family=%s table=%s chain=%s type=%s "
"hook=%u prio=%d policy=%d use=%d "
"packets=%lu bytes=%lu",
- c->family, c->table, c->name, c->type, c->hooknum,
- c->prio, c->policy, c->use, c->packets, c->bytes);
+ nft_family2str(c->family), c->table, c->name, c->type,
+ c->hooknum, c->prio, c->policy, c->use, c->packets,
+ c->bytes);
}
int nft_chain_snprintf(char *buf, size_t size, struct nft_chain *c,
mxml_node_t *node = NULL;
uint64_t tmp;
char *endptr;
+ int family;
tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
if (tree == NULL)
return -1;
}
- if (strcmp(node->child->value.opaque, "AF_INET") == 0) {
- nat->family = AF_INET;
- } else if (strcmp(node->child->value.opaque, "AF_INET6") == 0) {
- nat->family = AF_INET6;
- } else {
+ family = nft_str2family(node->child->value.opaque);
+ if (family < 0) {
mxmlDelete(tree);
return -1;
}
+ nat->family = family;
e->flags |= (1 << NFT_EXPR_NAT_FAMILY);
/* Get and set <sreg_addr_min_v4>. Not mandatory */
}
ret = snprintf(buf+offset, len, "<family>%s</family>",
- nat->family == AF_INET ? "AF_INET" : "AF_INET6");
+ nft_family2str(nat->family));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
break;
}
- ret = snprintf(buf, len, "family=%s ",
- nat->family == AF_INET ? "AF_INET" : "AF_INET6");
+ ret = snprintf(buf, len, "family=%s ", nft_family2str(nat->family));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
#define NFT_TABLE_JSON_VERSION 0
#define NFT_CHAIN_JSON_VERSION 0
+const char *nft_family2str(uint32_t family);
+int nft_str2family(const char *family);
+
struct expr_ops;
struct nft_rule_expr {
struct expr_ops *ops;
char *endptr = NULL;
uint64_t tmp;
+ int family;
/* Load the tree */
tree = mxmlLoadString(NULL, xml, MXML_OPAQUE_CALLBACK);
return -1;
}
- tmp = strtoull(mxmlElementGetAttr(tree, "family"), &endptr, 10);
- if (tmp > UINT8_MAX || tmp < 0 || *endptr) {
+ family = nft_str2family(mxmlElementGetAttr(tree, "family"));
+ if (family < 0) {
mxmlDelete(tree);
return -1;
}
- r->family = (uint8_t)tmp;
+ r->family = family;
r->flags |= (1 << NFT_RULE_ATTR_FAMILY);
/* get and set <rule ... table=X ...> */
struct nft_rule_expr *expr;
ret = snprintf(buf, size,
- "<rule family=\"%u\" table=\"%s\" "
+ "<rule family=\"%s\" table=\"%s\" "
"chain=\"%s\" handle=\"%llu\" version=\"%d\">",
- r->family, r->table, r->chain,
+ nft_family2str(r->family), r->table, r->chain,
(unsigned long long)r->handle,
NFT_RULE_XML_VERSION);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
struct nft_rule_expr *expr;
int ret, len = size, offset = 0;
- ret = snprintf(buf, size, "family=%u table=%s chain=%s handle=%llu "
+ ret = snprintf(buf, size, "family=%s table=%s chain=%s handle=%llu "
"flags=%x ",
- r->family, r->table, r->chain,
+ nft_family2str(r->family), r->table, r->chain,
(unsigned long long)r->handle, r->rule_flags);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
char *endptr = NULL;
uint64_t tmp;
int64_t stmp;
+ int family;
/* NOTE: all XML nodes are mandatory */
return -1;
}
- tmp = strtoull(node->child->value.opaque, &endptr, 10);
- if (tmp > UINT32_MAX || *endptr || tmp < 0) {
+ family = nft_str2family(node->child->value.opaque);
+ if (family < 0) {
mxmlDelete(tree);
return -1;
}
- t->family = (uint32_t)tmp;
+ t->family = family;
t->flags |= (1 << NFT_TABLE_ATTR_FAMILY);
/* Get and set <table_flags> */
"\"name\" : \"%s\","
"\"version\" : %d,"
"\"properties\" : {"
- "\"family\" : %u,"
+ "\"family\" : \"%s\","
"\"table_flags\" : %d"
"}"
"}"
"}" ,
t->name, NFT_TABLE_JSON_VERSION,
- t->family, t->table_flags);
+ nft_family2str(t->family), t->table_flags);
}
static int nft_table_snprintf_xml(char *buf, size_t size, struct nft_table *t)
{
- return snprintf(buf, size,
- "<table name=\"%s\" version=\"%d\">"
+ return snprintf(buf, size, "<table name=\"%s\" version=\"%d\">"
"<properties>"
- "<family>%u</family>"
+ "<family>%s</family>"
"<table_flags>%d</table_flags>"
"</properties>"
- "</table>" ,
- t->name, NFT_TABLE_XML_VERSION,
- t->family, t->table_flags);
+ "</table>",
+ t->name, NFT_TABLE_XML_VERSION,
+ nft_family2str(t->family), t->table_flags);
}
static int nft_table_snprintf_default(char *buf, size_t size, struct nft_table *t)
{
- return snprintf(buf, size, "table=%s family=%u flags=%x",
- t->name, t->family, t->table_flags);
+ return snprintf(buf, size, "table=%s family=%s flags=%x",
+ t->name, nft_family2str(t->family), t->table_flags);
}
int nft_table_snprintf(char *buf, size_t size, struct nft_table *t,
--- /dev/null
+/*
+ * (C) 2012-2013 by Pablo Neira Ayuso <pablo@netfilter.org>
+ * (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include <internal.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <stdint.h>
+#include <arpa/inet.h>
+
+const char *nft_family2str(uint32_t family)
+{
+ switch (family) {
+ case AF_INET:
+ return "ip";
+ case AF_INET6:
+ return "ip6";
+ case AF_BRIDGE:
+ return "bridge";
+ case 0:
+ return "arp";
+ default:
+ return "unknown";
+ }
+}
+
+int nft_str2family(const char *family)
+{
+ if (strcmp(family, "ip") == 0)
+ return AF_INET;
+ else if (strcmp(family, "ip6") == 0)
+ return AF_INET6;
+ else if (strcmp(family, "bridge") == 0)
+ return AF_BRIDGE;
+ else if (strcmp(family, "arp") == 0)
+ return 0;
+
+ return -1;
+}
<use>0</use>
<hooknum>NF_INET_LOCAL_IN</hooknum>
<policy>1</policy>
- <family>2</family>
+ <family>ip</family>
</properties>
</chain>"
<use>0</use>
<hooknum>NF_INET_POST_ROUTING</hooknum>
<policy>1</policy>
- <family>10</family>
+ <family>ip6</family>
</properties>
</chain>"
<use>0</use>
<hooknum>NF_INET_FORWARD</hooknum>
<policy>1</policy>
- <family>2</family>
+ <family>ip</family>
</properties>
</chain>"
[ ! -x "$NFT" ] && echo "W: nftables main binary not found but continuing anyway $NFT"
-XML="<rule family=\"2\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version=\"0\">
+XML="<rule family=\"ip\" table=\"filter\" chain=\"INPUT\" handle=\"100\" version=\"0\">
<rule_flags>0</rule_flags>
- <flags>127</flags>
<compat_flags>0</compat_flags>
<compat_proto>0</compat_proto>
<expr type=\"meta\">
# This is valid
XML="<table name=\"filter_test\" version=\"0\">
<properties>
- <family>2</family>
+ <family>ip</family>
<table_flags>0</table_flags>
</properties>
</table>"
# This is valid
XML="<table name=\"filter6_test\" version=\"0\">
<properties>
- <family>10</family>
+ <family>ip6</family>
<table_flags>0</table_flags>
</properties>
</table>"
projects / thirdparty / libnftnl.git / commitdiff
