nftables/SOURCES/0052-JSON-Review-verdict-statement-and-expression.patch
2021-09-09 22:49:01 +00:00

98 lines
3.1 KiB
Diff

From 9eb22ba5e195c97ca7a1e2baac7fec68b3f3b310 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 29 Aug 2018 16:23:23 +0200
Subject: [PATCH] JSON: Review verdict statement and expression
Change jump and goto verdicts to become extensible by dedicating an
object for the target parameter.
While being at it, drop break and queue verdict expressions since they
don't seem to exist, no idea where I got those from in the first place.
For queue, there is a dedicated expression at least.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 8125785d5c5d35ec275e508166091d5472748bc1)
Conflicts:
doc/libnftables-json.adoc
-> Dropped changes to non-existent libnftables JSON API documentation.
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
src/json.c | 5 ++++-
src/parser_json.c | 10 ++++------
tests/py/nft-test.py | 4 +++-
3 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/src/json.c b/src/json.c
index f74afd5a7292e..fad2a83624062 100644
--- a/src/json.c
+++ b/src/json.c
@@ -651,7 +651,10 @@ json_t *verdict_expr_json(const struct expr *expr, struct output_ctx *octx)
BUG("Unknown verdict %d.", expr->verdict);
return NULL;
}
- return json_pack("{s:o}", name, chain ? json_string(chain) : json_null());
+ if (chain)
+ return json_pack("{s:{s:s}}", name, "target", chain);
+ else
+ return json_pack("{s:n}", name);
}
json_t *rt_expr_json(const struct expr *expr, struct output_ctx *octx)
diff --git a/src/parser_json.c b/src/parser_json.c
index 1e3688b2dc1cd..e3f20ae51c764 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -1008,27 +1008,25 @@ static struct expr *json_parse_verdict_expr(struct json_ctx *ctx,
bool chain;
} verdict_tbl[] = {
{ NFT_CONTINUE, "continue", false },
- { NFT_BREAK, "break", false },
{ NFT_JUMP, "jump", true },
{ NFT_GOTO, "goto", true },
{ NFT_RETURN, "return", false },
{ NF_ACCEPT, "accept", false },
{ NF_DROP, "drop", false },
- { NF_QUEUE, "queue", false },
};
const char *chain = NULL;
unsigned int i;
- json_unpack(root, "s", &chain);
+ json_unpack(root, "{s:s}", "target", &chain);
for (i = 0; i < array_size(verdict_tbl); i++) {
if (strcmp(type, verdict_tbl[i].name))
continue;
- if (verdict_tbl[i].chain && !chain) {
- json_error(ctx, "Verdict %s needs chain argument.", type);
+ if (verdict_tbl[i].chain &&
+ json_unpack_err(ctx, root, "{s:s}", "target", &chain))
return NULL;
- }
+
return verdict_expr_alloc(int_loc,
verdict_tbl[i].verdict, chain);
}
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index c02294ac54562..08569fbe0de44 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -277,7 +277,9 @@ def chain_create(chain, table, filename):
print_error(reason, filename, chain.lineno)
return -1
- cmd = "add chain %s %s { %s; }" % (table, chain, chain.config)
+ cmd = "add chain %s %s" % (table, chain)
+ if chain.config:
+ cmd += " { %s; }" % chain.config
ret = execute_cmd(cmd, filename, chain.lineno)
if ret != 0:
--
2.21.0