#include <string.h>
#include <netinet/in.h>
#include <errno.h>
+#include <inttypes.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nfnetlink.h>
return snprintf(buf, size,
"{ \"chain\": {"
"\"name\": \"%s\","
- "\"handle\": %lu,"
- "\"bytes\": %lu,"
- "\"packets\": %lu,"
+ "\"handle\": %"PRIu64","
+ "\"bytes\": %"PRIu64","
+ "\"packets\": %"PRIu64","
"\"version\": %d,"
"\"properties\": {"
"\"type\" : \"%s\","
int ret, len = size, offset = 0;
ret = snprintf(buf, size,
- "<chain name=\"%s\" handle=\"%lu\""
- " bytes=\"%lu\" packets=\"%lu\" version=\"%d\">"
+ "<chain name=\"%s\" handle=\"%"PRIu64"\""
+ " bytes=\"%"PRIu64"\" packets=\"%"PRIu64"\" version=\"%d\">"
"<properties>"
"<type>%s</type>"
"<table>%s</table>"
return offset;
}
+static const char *policy2str(int policy)
+{
+ switch (policy) {
+ case NF_ACCEPT:
+ return "accept";
+ case NF_DROP:
+ return "drop";
+ default:
+ break;
+ }
+ return "unknown";
+}
+
static int nft_chain_snprintf_default(char *buf, size_t size,
struct nft_chain *c)
{
- return snprintf(buf, size, "family=%s table=%s chain=%s type=%s "
- "hook=%u prio=%d policy=%d use=%d "
- "packets=%lu bytes=%lu",
- nft_family2str(c->family), c->table, c->name, c->type,
- c->hooknum, c->prio, c->policy, c->use, c->packets,
- c->bytes);
+ int ret, len = size, offset = 0;
+
+ ret = snprintf(buf, size, "%s %s %s",
+ nft_family2str(c->family), c->table, c->name);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ if (c->flags & (1 << NFT_CHAIN_ATTR_HOOKNUM)) {
+ ret = snprintf(buf+offset, size,
+ " type %s hook %s prio %d policy %s use %d "
+ "packets %"PRIu64" bytes %"PRIu64"",
+ c->type, hooknum2str_array[c->hooknum], c->prio,
+ policy2str(c->policy), c->use,
+ c->packets, c->bytes);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
+ return offset;
}
int nft_chain_snprintf(char *buf, size_t size, struct nft_chain *c,
{
int len = size, offset = 0, ret;
- ret = snprintf(buf, len, "sreg=%u dreg=%u ",
- bitwise->sreg, bitwise->dreg);
- SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
- ret = snprintf(buf+offset, len, " mask=");
+ ret = snprintf(buf, len, "reg %u = (reg=%u & ",
+ bitwise->dreg, bitwise->sreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
ret = nft_data_reg_snprintf(buf+offset, len, &bitwise->mask,
NFT_RULE_O_DEFAULT, 0, DATA_VALUE);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
- ret = snprintf(buf+offset, len, " xor=");
+ ret = snprintf(buf+offset, len, ") ^ ");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
ret = nft_data_reg_snprintf(buf+offset, len, &bitwise->xor,
{
int len = size, offset = 0, ret;
- ret = snprintf(buf, len, "sreg=%u dreg=%u op=%s len=%u size=%u ",
- byteorder->sreg, byteorder->dreg,
- expr_byteorder_str[byteorder->op],
- byteorder->len, byteorder->size);
+ ret = snprintf(buf, len, "reg %u = %s(reg %u, %u, %u) ",
+ byteorder->dreg, expr_byteorder_str[byteorder->op],
+ byteorder->sreg, byteorder->size, byteorder->len);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
return offset;
{
int len = size, offset = 0, ret;
- ret = snprintf(buf, len, "sreg=%u op=%s data=",
- cmp->sreg, expr_cmp_str[cmp->op]);
+ ret = snprintf(buf, len, "%s reg %u ",
+ expr_cmp_str[cmp->op], cmp->sreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
ret = nft_data_reg_snprintf(buf+offset, len, &cmp->data,
#include <stdint.h>
#include <arpa/inet.h>
#include <errno.h>
+#include <inttypes.h>
#include <linux/netfilter/nf_tables.h>
switch(type) {
case NFT_RULE_O_DEFAULT:
- return snprintf(buf, len, "pkts=%lu bytes=%lu ",
+ return snprintf(buf, len, "pkts %"PRIu64" bytes %"PRIu64" ",
ctr->pkts, ctr->bytes);
case NFT_RULE_O_XML:
- return snprintf(buf, len, "<pkts>%lu</pkts><bytes>%lu</bytes>",
+ return snprintf(buf, len, "<pkts>%"PRIu64"</pkts><bytes>%"PRIu64"</bytes>",
ctr->pkts, ctr->bytes);
case NFT_RULE_O_JSON:
- return snprintf(buf, len, "\"pkts\" : %lu, \"bytes\" : %lu",
+ return snprintf(buf, len, "\"pkts\" : %"PRIu64", \"bytes\" : %"PRIu64"",
ctr->pkts, ctr->bytes);
default:
break;
switch(type) {
case NFT_RULE_O_DEFAULT:
- return snprintf(buf, len, "dreg=%u key=%s dir=%u ",
- ct->dreg, ctkey2str(ct->key), ct->dir);
+ return snprintf(buf, len, "load %s => reg %u dir %u ",
+ ctkey2str(ct->key), ct->dreg, ct->dir);
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
"<key>%s</key>"
case DATA_VERDICT:
switch(output_format) {
case NFT_RULE_O_DEFAULT:
- return snprintf(buf, size, "verdict=%d", reg->verdict);
+ return snprintf(buf, size, "%d ", reg->verdict);
case NFT_RULE_O_XML:
return snprintf(buf, size,
"<data_reg type=\"verdict\">"
case DATA_CHAIN:
switch(output_format) {
case NFT_RULE_O_DEFAULT:
- return snprintf(buf, size, "chain=%s", reg->chain);
+ return snprintf(buf, size, "%s ", reg->chain);
case NFT_RULE_O_XML:
return snprintf(buf, size,
"<data_reg type=\"chain\">"
switch(type) {
case NFT_RULE_O_DEFAULT:
- return snprintf(buf, len, "dreg=%u type=%u offset=%u len=%u ",
- exthdr->dreg, exthdr->type,
- exthdr->offset, exthdr->len);
+ return snprintf(buf, len, "load %ub @ %u + %u => reg %u ",
+ exthdr->len, exthdr->type,
+ exthdr->offset, exthdr->dreg);
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
"<exthdr_type>%s</exthdr_type>"
int size = len, offset = 0, ret;
struct nft_expr_immediate *imm = (struct nft_expr_immediate *)e->data;
- ret = snprintf(buf, len, "dreg=%u ", imm->dreg);
+ ret = snprintf(buf, len, "reg %u ", imm->dreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
if (e->flags & (1 << NFT_EXPR_IMM_DATA)) {
switch(type) {
case NFT_RULE_O_DEFAULT:
- return snprintf(buf, len, "rate=%"PRIu64" depth=%"PRIu64" ",
+ return snprintf(buf, len, "rate %"PRIu64" depth %"PRIu64" ",
limit->rate, limit->depth);
case NFT_RULE_O_XML:
return snprintf(buf, len, "<rate>%"PRIu64"</rate>"
switch(type) {
case NFT_RULE_O_DEFAULT:
- return snprintf(buf, len, "prefix=%s group=%u "
- "snaplen=%u qthreshold=%u ",
+ return snprintf(buf, len, "prefix '%s' group %u "
+ "snaplen %u qthreshold %u ",
log->prefix, log->group,
log->snaplen, log->qthreshold);
case NFT_RULE_O_XML:
{
int len = size, offset = 0, ret;
- ret = snprintf(buf, len, "set=%s sreg=%u dreg=%u",
- l->set_name, l->sreg, l->dreg);
+ ret = snprintf(buf, len, "reg %u set %s dreg %u ",
+ l->sreg, l->set_name, l->dreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
return offset;
switch(type) {
case NFT_RULE_O_DEFAULT:
- return snprintf(buf, len, "name=%s rev=%u ",
+ return snprintf(buf, len, "name %s rev %u ",
match->name, match->rev);
case NFT_RULE_O_XML:
return nft_rule_expr_match_snprintf_xml(buf, len, match);
switch(type) {
case NFT_RULE_O_DEFAULT:
- return snprintf(buf, len, "dreg=%u key=%u ",
- meta->dreg, meta->key);
+ return snprintf(buf, len, "load %s => reg %u ",
+ meta_key2str(meta->key), meta->dreg);
case NFT_RULE_O_XML:
return snprintf(buf, len, "<dreg>%u</dreg>"
"<key>%s</key>",
switch (nat->type) {
case NFT_NAT_SNAT:
- ret = snprintf(buf, len, "type=NFT_NAT_SNAT ");
+ ret = snprintf(buf, len, "snat ");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
break;
case NFT_NAT_DNAT:
- ret = snprintf(buf, len, "type=NFT_NAT_DNAT ");
+ ret = snprintf(buf, len, "dnat ");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
break;
}
- ret = snprintf(buf+offset, len, "family=%s ", nft_family2str(nat->family));
+ ret = snprintf(buf+offset, len, "%s ", nft_family2str(nat->family));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
ret = snprintf(buf+offset, len,
- "sreg_addr_min_v4=%u sreg_addr_max_v4=%u ",
+ "addr_min reg %u addr_max reg %u ",
nat->sreg_addr_min, nat->sreg_addr_max);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
if (e->flags & (1 << NFT_EXPR_NAT_REG_PROTO_MIN)) {
ret = snprintf(buf+offset, len,
- "sreg_proto_min=%u sreg_proto_max=%u ",
+ "proto_min reg %u proto_max reg %u ",
nat->sreg_proto_min, nat->sreg_proto_max);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
switch(type) {
case NFT_RULE_O_DEFAULT:
- return snprintf(buf, len, "dreg=%u base=%u offset=%u len=%u ",
- payload->dreg, payload->base,
- payload->offset, payload->len);
+ return snprintf(buf, len, "load %ub @ network header + %u => reg %u ",
+ payload->dreg, payload->offset, payload->len);
case NFT_RULE_O_XML:
return nft_rule_expr_payload_snprintf_xml(buf, len, flags,
payload);
switch(type) {
case NFT_RULE_O_DEFAULT:
- return snprintf(buf, len, "name=%s rev=%u ",
+ return snprintf(buf, len, "name %s rev %u ",
target->name, target->rev);
case NFT_RULE_O_XML:
return nft_rule_exp_target_snprintf_xml(buf, len, target);
#include <string.h>
#include <netinet/in.h>
#include <errno.h>
+#include <inttypes.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nfnetlink.h>
struct nft_rule_expr *expr;
int ret, len = size, offset = 0;
- ret = snprintf(buf, size, "family=%s table=%s chain=%s handle=%llu "
- "flags=%x ",
+ ret = snprintf(buf, size, "%s %s %s %"PRIu64"\n",
nft_family2str(r->family), r->table, r->chain,
- (unsigned long long)r->handle, r->rule_flags);
+ r->handle);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
list_for_each_entry(expr, &r->expr_list, head) {
- ret = snprintf(buf+offset, len, "%s ", expr->ops->name);
+ ret = snprintf(buf+offset, len, " [ %s ", expr->ops->name);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
ret = nft_rule_expr_snprintf(buf+offset, size, expr, type, flags);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+ ret = snprintf(buf+offset, len, "]\n");
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
return offset;
int len = size, offset = 0;
struct nft_set_elem *elem;
- ret = snprintf(buf, size, "set=%s table=%s flags=%x",
+ ret = snprintf(buf, size, "%s %s %x",
s->name, s->table, s->set_flags);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
{
int ret, len = size, offset = 0, i;
- ret = snprintf(buf, size, "flags=%u key=", e->set_elem_flags);
+ ret = snprintf(buf, size, "element ");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
for (i=0; i<e->key.len/sizeof(uint32_t); i++) {
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
- ret = snprintf(buf+offset, size, "data=");
+ ret = snprintf(buf+offset, size, " : ");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
for (i=0; i<e->data.len/sizeof(uint32_t); i++) {
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
+ ret = snprintf(buf+offset, len, "%u [end]", e->set_elem_flags);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
return offset;
}
EXPORT_SYMBOL(nft_set_elem_snprintf);
static int nft_table_snprintf_default(char *buf, size_t size, struct nft_table *t)
{
- return snprintf(buf, size, "table=%s family=%s flags=%x",
+ return snprintf(buf, size, "table %s %s flags %x",
t->name, nft_family2str(t->family), t->table_flags);
}
projects / thirdparty / libnftnl.git / commitdiff
