From fbccf77429c4f1fccd48a201369402e33bea91c6 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 26 Sep 2018 16:23:19 +0200
Subject: [PATCH] netlink: remove markup json parsing code

We have better json support these days, remove libnftnl json support.

While at it, remove test file for this too.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 276c452e47c5e22b3af06a051aa2908521aeba66)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 src/netlink.c                                 | 276 +-----------------
 tests/shell/testcases/import/vm_json_import_0 |  53 ----
 2 files changed, 2 insertions(+), 327 deletions(-)
 delete mode 100755 tests/shell/testcases/import/vm_json_import_0

diff --git a/src/netlink.c b/src/netlink.c
index c178be3c9ee26..0509a06b3d2b3 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1970,280 +1970,8 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type,
 	return MNL_CB_OK;
 }
 
-static int netlink_markup_setelems(const struct nftnl_parse_ctx *ctx)
-{
-	const struct ruleset_parse *rp;
-	struct nftnl_set *set;
-	uint32_t cmd;
-	int ret = -1;
-
-	set = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_SET);
-	rp = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_DATA);
-
-	cmd = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_CMD);
-	switch (cmd) {
-	case NFTNL_CMD_ADD:
-		ret = mnl_nft_setelem_batch_add(set, rp->nl_ctx->batch,
-						0, rp->nl_ctx->seqnum);
-		break;
-	case NFTNL_CMD_DELETE:
-		ret = mnl_nft_setelem_batch_del(set, rp->nl_ctx->batch,
-						0, rp->nl_ctx->seqnum);
-		break;
-	default:
-		errno = EOPNOTSUPP;
-		break;
-	}
-
-	return ret;
-}
-
-static int netlink_markup_set(const struct nftnl_parse_ctx *ctx)
-{
-	const struct ruleset_parse *rp;
-	struct nftnl_set *set;
-	uint32_t cmd;
-	int ret = -1;
-
-	set = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_SET);
-	rp = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_DATA);
-
-	cmd = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_CMD);
-	switch (cmd) {
-	case NFTNL_CMD_ADD:
-		ret = mnl_nft_set_batch_add(set, rp->nl_ctx->batch, NLM_F_EXCL,
-					    rp->nl_ctx->seqnum);
-		break;
-	case NFTNL_CMD_DELETE:
-		ret = mnl_nft_set_batch_del(set, rp->nl_ctx->batch,
-					    0, rp->nl_ctx->seqnum);
-		break;
-	default:
-		errno = EOPNOTSUPP;
-		break;
-	}
-
-	if (ret < 0)
-		return ret;
-
-	return netlink_markup_setelems(ctx);
-}
-
-static int netlink_markup_build_rule(const struct nftnl_parse_ctx *ctx,
-				      uint32_t cmd, struct nftnl_rule *rule)
-{
-	const struct ruleset_parse *rp;
-	uint32_t nl_flags;
-	int ret = -1;
-
-	rp = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_DATA);
-
-	switch (cmd) {
-	case NFTNL_CMD_ADD:
-		nl_flags = NLM_F_APPEND | NLM_F_CREATE;
-		nftnl_rule_unset(rule, NFTNL_RULE_HANDLE);
-		ret = mnl_nft_rule_batch_add(rule, rp->nl_ctx->batch, nl_flags,
-					     rp->nl_ctx->seqnum);
-		break;
-	case NFTNL_CMD_DELETE:
-		ret = mnl_nft_rule_batch_del(rule, rp->nl_ctx->batch,
-					     0, rp->nl_ctx->seqnum);
-		break;
-	case NFTNL_CMD_REPLACE:
-		nl_flags = NLM_F_REPLACE;
-		ret = mnl_nft_rule_batch_add(rule, rp->nl_ctx->batch, nl_flags,
-					     rp->nl_ctx->seqnum);
-		break;
-	case NFTNL_CMD_INSERT:
-		nl_flags = NLM_F_CREATE;
-		nftnl_rule_unset(rule, NFTNL_RULE_HANDLE);
-		ret = mnl_nft_rule_batch_add(rule, rp->nl_ctx->batch, nl_flags,
-					     rp->nl_ctx->seqnum);
-		break;
-	default:
-		errno = EOPNOTSUPP;
-		break;
-	}
-
-	return ret;
-
-}
-
-static int netlink_markup_rule(const struct nftnl_parse_ctx *ctx)
-{
-	struct nftnl_rule *rule;
-	uint32_t cmd;
-
-	cmd = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_CMD);
-	rule = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_RULE);
-
-	return netlink_markup_build_rule(ctx, cmd, rule);
-}
-
-static int netlink_markup_build_flush(const struct nftnl_parse_ctx *ctx)
-{
-	struct nftnl_rule *rule;
-	struct nftnl_table *table;
-	struct nftnl_chain *chain;
-	const char  *table_get_name, *table_get_family;
-	const char *chain_get_table, *chain_get_name, *chain_get_family;
-	uint32_t type;
-	int ret = -1;
-
-	rule = nftnl_rule_alloc();
-	if (rule == NULL)
-		return -1;
-
-	type = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_TYPE);
-	switch (type) {
-	case NFTNL_RULESET_TABLE:
-		table = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_TABLE);
-		table_get_name = nftnl_table_get(table, NFTNL_TABLE_NAME);
-		table_get_family = nftnl_table_get(table, NFTNL_TABLE_FAMILY);
-
-		nftnl_rule_set(rule, NFTNL_RULE_TABLE, table_get_name);
-		nftnl_rule_set(rule, NFTNL_RULE_FAMILY, table_get_family);
-		break;
-	case NFTNL_RULESET_CHAIN:
-		chain = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_CHAIN);
-		chain_get_table = nftnl_chain_get(chain, NFTNL_CHAIN_TABLE);
-		chain_get_name = nftnl_chain_get(chain, NFTNL_CHAIN_NAME);
-		chain_get_family = nftnl_chain_get(chain, NFTNL_TABLE_FAMILY);
-
-		nftnl_rule_set(rule, NFTNL_RULE_TABLE, chain_get_table);
-		nftnl_rule_set(rule, NFTNL_RULE_CHAIN, chain_get_name);
-		nftnl_rule_set(rule, NFTNL_RULE_FAMILY, chain_get_family);
-		break;
-	default:
-		errno = EOPNOTSUPP;
-		goto err;
-	}
-
-	ret = netlink_markup_build_rule(ctx, NFTNL_CMD_DELETE, rule);
-err:
-	nftnl_rule_free(rule);
-	return ret;
-}
-
-static int netlink_markup_chain(const struct nftnl_parse_ctx *ctx)
-{
-	const struct ruleset_parse *rp;
-	struct nftnl_chain *chain;
-	uint32_t cmd;
-	int ret = -1;
-
-	chain = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_CHAIN);
-	rp = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_DATA);
-
-	nftnl_chain_unset(chain, NFTNL_CHAIN_HANDLE);
-
-	cmd = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_CMD);
-	switch (cmd) {
-	case NFTNL_CMD_ADD:
-		ret = mnl_nft_chain_batch_add(chain, rp->nl_ctx->batch,
-					      0, rp->nl_ctx->seqnum);
-		break;
-	case NFTNL_CMD_DELETE:
-		ret = mnl_nft_chain_batch_del(chain, rp->nl_ctx->batch,
-					      0, rp->nl_ctx->seqnum);
-		break;
-	case NFTNL_CMD_FLUSH:
-		ret = netlink_markup_build_flush(ctx);
-		break;
-	default:
-		errno = EOPNOTSUPP;
-		break;
-	}
-
-	return ret;
-}
-
-
-static int netlink_markup_build_table(const struct nftnl_parse_ctx *ctx,
-				       uint32_t cmd, struct nftnl_table *table)
-{
-	struct ruleset_parse *rp;
-	int ret = -1;
-
-	rp = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_DATA);
-
-	switch (cmd) {
-	case NFTNL_CMD_ADD:
-		ret = mnl_nft_table_batch_add(table, rp->nl_ctx->batch,
-					      0, rp->nl_ctx->seqnum);
-		break;
-	case NFTNL_CMD_DELETE:
-		ret = mnl_nft_table_batch_del(table, rp->nl_ctx->batch,
-					      0, rp->nl_ctx->seqnum);
-		break;
-	case NFTNL_CMD_FLUSH:
-		ret = netlink_markup_build_flush(ctx);
-		break;
-	default:
-		errno = EOPNOTSUPP;
-		break;
-	}
-
-	return ret;
-}
-
-static int netlink_markup_table(const struct nftnl_parse_ctx *ctx)
-{
-	struct nftnl_table *table;
-	uint32_t cmd;
-
-	cmd = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_CMD);
-	table = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_TABLE);
-
-	return netlink_markup_build_table(ctx, cmd, table);
-}
-
-static int netlink_markup_flush(const struct nftnl_parse_ctx *ctx)
-{
-	struct nftnl_table *table;
-	int ret;
-
-	table = nftnl_table_alloc();
-	if (table == NULL)
-		return -1;
-
-	ret = netlink_markup_build_table(ctx, NFTNL_CMD_DELETE, table);
-	nftnl_table_free(table);
-
-	return ret;
-}
-
 int netlink_markup_parse_cb(const struct nftnl_parse_ctx *ctx)
 {
-	uint32_t type;
-	int ret = -1;
-
-	type = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_TYPE);
-	switch (type) {
-	case NFTNL_RULESET_TABLE:
-		ret = netlink_markup_table(ctx);
-		break;
-	case NFTNL_RULESET_CHAIN:
-		ret = netlink_markup_chain(ctx);
-		break;
-	case NFTNL_RULESET_RULE:
-		ret = netlink_markup_rule(ctx);
-		break;
-	case NFTNL_RULESET_SET:
-		ret = netlink_markup_set(ctx);
-		break;
-	case NFTNL_RULESET_SET_ELEMS:
-		ret = netlink_markup_setelems(ctx);
-		break;
-	case NFTNL_RULESET_RULESET:
-		ret = netlink_markup_flush(ctx);
-		break;
-	default:
-		errno = EOPNOTSUPP;
-		break;
-	}
-
-	nftnl_ruleset_ctx_free(ctx);
-
-	return ret;
+	errno = EOPNOTSUPP;
+	return -1;
 }
diff --git a/tests/shell/testcases/import/vm_json_import_0 b/tests/shell/testcases/import/vm_json_import_0
deleted file mode 100755
index 546ccf7ab490f..0000000000000
--- a/tests/shell/testcases/import/vm_json_import_0
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/bin/bash
-
-RULESET="table ip mangle {
-	set blackhole {
-		type ipv4_addr
-		elements = { 192.168.1.4, 192.168.1.5 }
-	}
-
-	chain prerouting {
-		type filter hook prerouting priority 0; policy accept;
-		tcp dport { ssh, http } accept
-		ip saddr @blackhole drop
-		icmp type echo-request accept
-		iifname \"lo\" accept
-		icmp type echo-request counter packets 0 bytes 0
-		ct state established,related accept
-		tcp flags != syn counter packets 7 bytes 841
-		ip saddr 192.168.1.100 ip daddr 192.168.1.1 counter packets 0 bytes 0
-	}
-}
-table arp x {
-	chain y {
-		arp htype 22
-		arp ptype ip
-		arp operation != rrequest
-		arp operation { request, reply, rrequest, rreply, inrequest, inreply, nak }
-		arp hlen 33-45
-	}
-}
-table bridge x {
-	chain y {
-		type filter hook input priority 0; policy accept;
-		vlan id 4094
-		vlan id 4094 vlan cfi 0
-		vlan id 1 ip saddr 10.0.0.0/23 udp dport domain
-	}
-}
-table ip6 x {
-	chain y {
-		type nat hook postrouting priority 0; policy accept;
-		icmpv6 id 33-45
-		ip6 daddr fe00::1-fe00::200 udp dport domain counter packets 0 bytes 0
-		meta l4proto tcp masquerade to :1024
-		iifname \"wlan0\" ct state established,new tcp dport vmap { ssh : drop, 222 : drop } masquerade
-		tcp dport ssh ip6 daddr 1::2 ether saddr 00:0f:54:0c:11:04 accept
-		ip6 daddr fe00::1-fe00::200 udp dport domain counter packets 0 bytes 0 masquerade
-	}
-}"
-
-$NFT -f - <<< "$RULESET"
-RULESET_JSON=$($NFT export vm json)
-$NFT flush ruleset
-$NFT import vm json <<< "$RULESET_JSON"
-- 
2.21.0