JSON: Add support for connlimit statement

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/json.h b/include/json.h
index 1972bc841525dfc6273d24274cd15124fde5c315..0a93bca8d9eadf3de2fb8bed7dc95738e00864be 100644 (file)
--- a/include/json.h
+++ b/include/json.h
@@ -74,6 +74,7 @@ json_t *objref_stmt_json(const struct stmt *stmt, struct output_ctx *octx);
 json_t *meter_stmt_json(const struct stmt *stmt, struct output_ctx *octx);
 json_t *queue_stmt_json(const struct stmt *stmt, struct output_ctx *octx);
 json_t *verdict_stmt_json(const struct stmt *stmt, struct output_ctx *octx);
+json_t *connlimit_stmt_json(const struct stmt *stmt, struct output_ctx *octx);
 
 int do_command_list_json(struct netlink_ctx *ctx, struct cmd *cmd);
 
@@ -149,6 +150,7 @@ STMT_PRINT_STUB(objref)
 STMT_PRINT_STUB(meter)
 STMT_PRINT_STUB(queue)
 STMT_PRINT_STUB(verdict)
+STMT_PRINT_STUB(connlimit)
 
 #undef STMT_PRINT_STUB
 #undef EXPR_PRINT_STUB

diff --git a/src/json.c b/src/json.c
index 83d438c6c9c2339bc8c0f6e6c29e238d4ce194e1..a871c934f020cfa53d64f4c52227cf8bc69a7972 100644 (file)
--- a/src/json.c
+++ b/src/json.c
@@ -1276,6 +1276,16 @@ json_t *verdict_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
        return expr_print_json(stmt->expr, octx);
 }
 
+json_t *connlimit_stmt_json(const struct stmt *stmt, struct output_ctx *octx)
+{
+       json_t *root = json_pack("{s:i}", "val", stmt->connlimit.count);
+
+       if (stmt->connlimit.flags & NFT_CONNLIMIT_F_INV)
+               json_object_set_new(root, "inv", json_true());
+
+       return json_pack("{s:o}", "ct count", root);
+}
+
 static json_t *table_print_json_full(struct netlink_ctx *ctx,
                                     struct table *table)
 {

diff --git a/src/parser_json.c b/src/parser_json.c
index d60cbad8299efc14ae59d9d66c861bb147a1984e..bc36136f825fc098589310c6af26643ae343dec0 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -2048,6 +2048,24 @@ static struct stmt *json_parse_queue_stmt(struct json_ctx *ctx,
        return stmt;
 }
 
+static struct stmt *json_parse_connlimit_stmt(struct json_ctx *ctx,
+                                             const char *key, json_t *value)
+{
+       struct stmt *stmt = connlimit_stmt_alloc(int_loc);
+
+       if (json_unpack_err(ctx, value, "{s:i}",
+                           "val", &stmt->connlimit.count)) {
+               stmt_free(stmt);
+               return NULL;
+       }
+
+       json_unpack(value, "{s:b}", "inv", &stmt->connlimit.flags);
+       if (stmt->connlimit.flags)
+               stmt->connlimit.flags = NFT_CONNLIMIT_F_INV;
+
+       return stmt;
+}
+
 static struct stmt *json_parse_stmt(struct json_ctx *ctx, json_t *root)
 {
        struct {
@@ -2078,6 +2096,7 @@ static struct stmt *json_parse_stmt(struct json_ctx *ctx, json_t *root)
                { "ct helper", json_parse_cthelper_stmt },
                { "meter", json_parse_meter_stmt },
                { "queue", json_parse_queue_stmt },
+               { "ct count", json_parse_connlimit_stmt },
        };
        const char *type;
        unsigned int i;

diff --git a/src/statement.c b/src/statement.c
index 58e86f215d5aca10f512ab56adc34a52d1d271c0..6f5e6660d474a98422d8b66298092b19536342f7 100644 (file)
--- a/src/statement.c
+++ b/src/statement.c
@@ -159,6 +159,7 @@ static const struct stmt_ops connlimit_stmt_ops = {
        .type           = STMT_CONNLIMIT,
        .name           = "connlimit",
        .print          = connlimit_stmt_print,
+       .json           = connlimit_stmt_json,
 };
 
 struct stmt *connlimit_stmt_alloc(const struct location *loc)