98 lines
3.1 KiB
Diff
98 lines
3.1 KiB
Diff
|
From 9eb22ba5e195c97ca7a1e2baac7fec68b3f3b310 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Phil Sutter <phil@nwl.cc>
|
||
|
|
Date: Wed, 29 Aug 2018 16:23:23 +0200
|
||
|
|
Subject: [PATCH] JSON: Review verdict statement and expression
|
||
|
|
|
||
|
|
Change jump and goto verdicts to become extensible by dedicating an
|
||
|
|
object for the target parameter.
|
||
|
|
|
||
|
|
While being at it, drop break and queue verdict expressions since they
|
||
|
|
don't seem to exist, no idea where I got those from in the first place.
|
||
|
|
For queue, there is a dedicated expression at least.
|
||
|
|
|
||
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||
|
|
(cherry picked from commit 8125785d5c5d35ec275e508166091d5472748bc1)
|
||
|
|
|
||
|
|
Conflicts:
|
||
|
|
doc/libnftables-json.adoc
|
||
|
|
-> Dropped changes to non-existent libnftables JSON API documentation.
|
||
|
|
|
||
|
|
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||
|
|
---
|
||
|
|
src/json.c | 5 ++++-
|
||
|
|
src/parser_json.c | 10 ++++------
|
||
|
|
tests/py/nft-test.py | 4 +++-
|
||
|
|
3 files changed, 11 insertions(+), 8 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/src/json.c b/src/json.c
|
||
|
|
index f74afd5a7292e..fad2a83624062 100644
|
||
|
|
--- a/src/json.c
|
||
|
|
+++ b/src/json.c
|
||
|
|
@@ -651,7 +651,10 @@ json_t *verdict_expr_json(const struct expr *expr, struct output_ctx *octx)
|
||
|
|
BUG("Unknown verdict %d.", expr->verdict);
|
||
|
|
return NULL;
|
||
|
|
}
|
||
|
|
- return json_pack("{s:o}", name, chain ? json_string(chain) : json_null());
|
||
|
|
+ if (chain)
|
||
|
|
+ return json_pack("{s:{s:s}}", name, "target", chain);
|
||
|
|
+ else
|
||
|
|
+ return json_pack("{s:n}", name);
|
||
|
|
}
|
||
|
|
|
||
|
|
json_t *rt_expr_json(const struct expr *expr, struct output_ctx *octx)
|
||
|
|
diff --git a/src/parser_json.c b/src/parser_json.c
|
||
|
|
index 1e3688b2dc1cd..e3f20ae51c764 100644
|
||
|
|
--- a/src/parser_json.c
|
||
|
|
+++ b/src/parser_json.c
|
||
|
|
@@ -1008,27 +1008,25 @@ static struct expr *json_parse_verdict_expr(struct json_ctx *ctx,
|
||
|
|
bool chain;
|
||
|
|
} verdict_tbl[] = {
|
||
|
|
{ NFT_CONTINUE, "continue", false },
|
||
|
|
- { NFT_BREAK, "break", false },
|
||
|
|
{ NFT_JUMP, "jump", true },
|
||
|
|
{ NFT_GOTO, "goto", true },
|
||
|
|
{ NFT_RETURN, "return", false },
|
||
|
|
{ NF_ACCEPT, "accept", false },
|
||
|
|
{ NF_DROP, "drop", false },
|
||
|
|
- { NF_QUEUE, "queue", false },
|
||
|
|
};
|
||
|
|
const char *chain = NULL;
|
||
|
|
unsigned int i;
|
||
|
|
|
||
|
|
- json_unpack(root, "s", &chain);
|
||
|
|
+ json_unpack(root, "{s:s}", "target", &chain);
|
||
|
|
|
||
|
|
for (i = 0; i < array_size(verdict_tbl); i++) {
|
||
|
|
if (strcmp(type, verdict_tbl[i].name))
|
||
|
|
continue;
|
||
|
|
|
||
|
|
- if (verdict_tbl[i].chain && !chain) {
|
||
|
|
- json_error(ctx, "Verdict %s needs chain argument.", type);
|
||
|
|
+ if (verdict_tbl[i].chain &&
|
||
|
|
+ json_unpack_err(ctx, root, "{s:s}", "target", &chain))
|
||
|
|
return NULL;
|
||
|
|
- }
|
||
|
|
+
|
||
|
|
return verdict_expr_alloc(int_loc,
|
||
|
|
verdict_tbl[i].verdict, chain);
|
||
|
|
}
|
||
|
|
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
|
||
|
|
index c02294ac54562..08569fbe0de44 100755
|
||
|
|
--- a/tests/py/nft-test.py
|
||
|
|
+++ b/tests/py/nft-test.py
|
||
|
|
@@ -277,7 +277,9 @@ def chain_create(chain, table, filename):
|
||
|
|
print_error(reason, filename, chain.lineno)
|
||
|
|
return -1
|
||
|
|
|
||
|
|
- cmd = "add chain %s %s { %s; }" % (table, chain, chain.config)
|
||
|
|
+ cmd = "add chain %s %s" % (table, chain)
|
||
|
|
+ if chain.config:
|
||
|
|
+ cmd += " { %s; }" % chain.config
|
||
|
|
|
||
|
|
ret = execute_cmd(cmd, filename, chain.lineno)
|
||
|
|
if ret != 0:
|
||
|
|
--
|
||
|
|
2.21.0
|
||
|
|
|