libnftnl 1.2.9
target.c
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
4 *
5 * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
6 */
7
8#include "internal.h"
9
10#include <stdio.h>
11#include <stdint.h>
12#include <string.h> /* for memcpy */
13#include <arpa/inet.h>
14#include <errno.h>
15#include <libmnl/libmnl.h>
16
17#include <linux/netfilter/nf_tables.h>
18#include <linux/netfilter/nf_tables_compat.h>
19
20#include <libnftnl/expr.h>
21#include <libnftnl/rule.h>
22
23/* From include/linux/netfilter/x_tables.h */
24#define XT_EXTENSION_MAXNAMELEN 29
25
27 char name[XT_EXTENSION_MAXNAMELEN];
28 uint32_t rev;
29 uint32_t data_len;
30 const void *data;
31};
32
33static int
34nftnl_expr_target_set(struct nftnl_expr *e, uint16_t type,
35 const void *data, uint32_t data_len)
36{
37 struct nftnl_expr_target *tg = nftnl_expr_data(e);
38
39 switch(type) {
40 case NFTNL_EXPR_TG_NAME:
41 snprintf(tg->name, sizeof(tg->name), "%.*s", data_len,
42 (const char *) data);
43 break;
44 case NFTNL_EXPR_TG_REV:
45 memcpy(&tg->rev, data, data_len);
46 break;
47 case NFTNL_EXPR_TG_INFO:
48 if (e->flags & (1 << NFTNL_EXPR_TG_INFO))
49 xfree(tg->data);
50
51 tg->data = data;
52 tg->data_len = data_len;
53 break;
54 }
55 return 0;
56}
57
58static const void *
59nftnl_expr_target_get(const struct nftnl_expr *e, uint16_t type,
60 uint32_t *data_len)
61{
62 struct nftnl_expr_target *tg = nftnl_expr_data(e);
63
64 switch(type) {
65 case NFTNL_EXPR_TG_NAME:
66 *data_len = sizeof(tg->name);
67 return tg->name;
68 case NFTNL_EXPR_TG_REV:
69 *data_len = sizeof(tg->rev);
70 return &tg->rev;
71 case NFTNL_EXPR_TG_INFO:
72 *data_len = tg->data_len;
73 return tg->data;
74 }
75 return NULL;
76}
77
78static int nftnl_expr_target_cb(const struct nlattr *attr, void *data)
79{
80 const struct nlattr **tb = data;
81 int type = mnl_attr_get_type(attr);
82
83 if (mnl_attr_type_valid(attr, NFTA_TARGET_MAX) < 0)
84 return MNL_CB_OK;
85
86 switch(type) {
87 case NFTA_TARGET_NAME:
88 if (mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0)
89 abi_breakage();
90 break;
91 case NFTA_TARGET_REV:
92 if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
93 abi_breakage();
94 break;
95 case NFTA_TARGET_INFO:
96 if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
97 abi_breakage();
98 break;
99 }
100
101 tb[type] = attr;
102 return MNL_CB_OK;
103}
104
105static void
106nftnl_expr_target_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
107{
108 struct nftnl_expr_target *tg = nftnl_expr_data(e);
109
110 if (e->flags & (1 << NFTNL_EXPR_TG_NAME))
111 mnl_attr_put_strz(nlh, NFTA_TARGET_NAME, tg->name);
112 if (e->flags & (1 << NFTNL_EXPR_TG_REV))
113 mnl_attr_put_u32(nlh, NFTA_TARGET_REV, htonl(tg->rev));
114 if (e->flags & (1 << NFTNL_EXPR_TG_INFO))
115 mnl_attr_put(nlh, NFTA_TARGET_INFO, tg->data_len, tg->data);
116}
117
118static int nftnl_expr_target_parse(struct nftnl_expr *e, struct nlattr *attr)
119{
120 struct nftnl_expr_target *target = nftnl_expr_data(e);
121 struct nlattr *tb[NFTA_TARGET_MAX+1] = {};
122
123 if (mnl_attr_parse_nested(attr, nftnl_expr_target_cb, tb) < 0)
124 return -1;
125
126 if (tb[NFTA_TARGET_NAME]) {
127 snprintf(target->name, XT_EXTENSION_MAXNAMELEN, "%s",
128 mnl_attr_get_str(tb[NFTA_TARGET_NAME]));
129
130 target->name[XT_EXTENSION_MAXNAMELEN-1] = '\0';
131 e->flags |= (1 << NFTNL_EXPR_TG_NAME);
132 }
133
134 if (tb[NFTA_TARGET_REV]) {
135 target->rev = ntohl(mnl_attr_get_u32(tb[NFTA_TARGET_REV]));
136 e->flags |= (1 << NFTNL_EXPR_TG_REV);
137 }
138
139 if (tb[NFTA_TARGET_INFO]) {
140 uint32_t len = mnl_attr_get_payload_len(tb[NFTA_TARGET_INFO]);
141 void *target_data;
142
143 if (target->data)
144 xfree(target->data);
145
146 target_data = calloc(1, len);
147 if (target_data == NULL)
148 return -1;
149
150 memcpy(target_data, mnl_attr_get_payload(tb[NFTA_TARGET_INFO]), len);
151
152 target->data = target_data;
153 target->data_len = len;
154
155 e->flags |= (1 << NFTNL_EXPR_TG_INFO);
156 }
157
158 return 0;
159}
160
161static int
162nftnl_expr_target_snprintf(char *buf, size_t len,
163 uint32_t flags, const struct nftnl_expr *e)
164{
165 struct nftnl_expr_target *target = nftnl_expr_data(e);
166
167 return snprintf(buf, len, "name %s rev %u ", target->name, target->rev);
168}
169
170static void nftnl_expr_target_free(const struct nftnl_expr *e)
171{
172 struct nftnl_expr_target *target = nftnl_expr_data(e);
173
174 xfree(target->data);
175}
176
177static struct attr_policy target_attr_policy[__NFTNL_EXPR_TG_MAX] = {
178 [NFTNL_EXPR_TG_NAME] = { .maxlen = XT_EXTENSION_MAXNAMELEN },
179 [NFTNL_EXPR_TG_REV] = { .maxlen = sizeof(uint32_t) },
180 [NFTNL_EXPR_TG_INFO] = { .maxlen = 0 },
181};
182
183struct expr_ops expr_ops_target = {
184 .name = "target",
185 .alloc_len = sizeof(struct nftnl_expr_target),
186 .nftnl_max_attr = __NFTNL_EXPR_TG_MAX - 1,
187 .attr_policy = target_attr_policy,
188 .free = nftnl_expr_target_free,
189 .set = nftnl_expr_target_set,
190 .get = nftnl_expr_target_get,
191 .parse = nftnl_expr_target_parse,
192 .build = nftnl_expr_target_build,
193 .output = nftnl_expr_target_snprintf,
194};