libnftnl 1.2.9
data_reg.c
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
4 *
5 * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
6 */
7
8#include <stdio.h>
9#include <stdint.h>
10#include <string.h>
11#include <limits.h>
12#include <arpa/inet.h>
13#include <errno.h>
14#include <netinet/in.h>
15
16#include <libmnl/libmnl.h>
17#include <linux/netfilter.h>
18#include <linux/netfilter/nf_tables.h>
19#include <libnftnl/expr.h>
20#include <libnftnl/rule.h>
21#include "internal.h"
22
23static int
24nftnl_data_reg_value_snprintf_default(char *buf, size_t remain,
25 const union nftnl_data_reg *reg,
26 uint32_t flags)
27{
28 const char *pfx = flags & DATA_F_NOPFX ? "" : "0x";
29 int offset = 0, ret, i;
30
31
32
33 for (i = 0; i < div_round_up(reg->len, sizeof(uint32_t)); i++) {
34 ret = snprintf(buf + offset, remain,
35 "%s%.8x ", pfx, reg->val[i]);
36 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
37 }
38
39 return offset;
40}
41
42static int
43nftnl_data_reg_verdict_snprintf_def(char *buf, size_t size,
44 const union nftnl_data_reg *reg,
45 uint32_t flags)
46{
47 int remain = size, offset = 0, ret = 0;
48
49 ret = snprintf(buf, size, "%s ", nftnl_verdict2str(reg->verdict));
50 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
51
52 if (reg->chain != NULL) {
53 ret = snprintf(buf + offset, remain, "-> %s ", reg->chain);
54 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
55 }
56
57 return offset;
58}
59
60int nftnl_data_reg_snprintf(char *buf, size_t size,
61 const union nftnl_data_reg *reg,
62 uint32_t flags, int reg_type)
63{
64 switch(reg_type) {
65 case DATA_VALUE:
66 return nftnl_data_reg_value_snprintf_default(buf, size,
67 reg, flags);
68 case DATA_VERDICT:
69 case DATA_CHAIN:
70 return nftnl_data_reg_verdict_snprintf_def(buf, size,
71 reg, flags);
72 default:
73 return -1;
74 }
75}
76
77static int nftnl_data_parse_cb(const struct nlattr *attr, void *data)
78{
79 const struct nlattr **tb = data;
80 int type = mnl_attr_get_type(attr);
81
82 if (mnl_attr_type_valid(attr, NFTA_DATA_MAX) < 0)
83 return MNL_CB_OK;
84
85 switch(type) {
86 case NFTA_DATA_VALUE:
87 if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
88 abi_breakage();
89 break;
90 case NFTA_DATA_VERDICT:
91 if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0)
92 abi_breakage();
93 break;
94 }
95 tb[type] = attr;
96 return MNL_CB_OK;
97}
98
99static int nftnl_verdict_parse_cb(const struct nlattr *attr, void *data)
100{
101 const struct nlattr **tb = data;
102 int type = mnl_attr_get_type(attr);
103
104 if (mnl_attr_type_valid(attr, NFTA_VERDICT_MAX) < 0)
105 return MNL_CB_OK;
106
107 switch(type) {
108 case NFTA_VERDICT_CODE:
109 case NFTA_VERDICT_CHAIN_ID:
110 if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
111 abi_breakage();
112 break;
113 case NFTA_VERDICT_CHAIN:
114 if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0)
115 abi_breakage();
116 break;
117 }
118 tb[type] = attr;
119 return MNL_CB_OK;
120}
121
122static int
123nftnl_parse_verdict(union nftnl_data_reg *data, const struct nlattr *attr, int *type)
124{
125 struct nlattr *tb[NFTA_VERDICT_MAX+1];
126
127 if (mnl_attr_parse_nested(attr, nftnl_verdict_parse_cb, tb) < 0)
128 return -1;
129
130 if (!tb[NFTA_VERDICT_CODE])
131 return -1;
132
133 data->verdict = ntohl(mnl_attr_get_u32(tb[NFTA_VERDICT_CODE]));
134
135 switch(data->verdict) {
136 case NF_ACCEPT:
137 case NF_DROP:
138 case NF_QUEUE:
139 case NFT_CONTINUE:
140 case NFT_BREAK:
141 case NFT_RETURN:
142 if (type)
143 *type = DATA_VERDICT;
144 data->len = sizeof(data->verdict);
145 break;
146 case NFT_JUMP:
147 case NFT_GOTO:
148 if (!tb[NFTA_VERDICT_CHAIN])
149 return -1;
150
151 data->chain = strdup(mnl_attr_get_str(tb[NFTA_VERDICT_CHAIN]));
152 if (!data->chain)
153 return -1;
154
155 if (type)
156 *type = DATA_CHAIN;
157 break;
158 default:
159 return -1;
160 }
161
162 return 0;
163}
164
165static int
166__nftnl_parse_data(union nftnl_data_reg *data, const struct nlattr *attr)
167{
168 void *orig = mnl_attr_get_payload(attr);
169 uint32_t data_len = mnl_attr_get_payload_len(attr);
170
171 if (data_len == 0)
172 return -1;
173
174 if (data_len > sizeof(data->val))
175 return -1;
176
177 memcpy(data->val, orig, data_len);
178 data->len = data_len;
179
180 return 0;
181}
182
183int nftnl_parse_data(union nftnl_data_reg *data, struct nlattr *attr, int *type)
184{
185 struct nlattr *tb[NFTA_DATA_MAX+1] = {};
186 int ret = 0;
187
188 if (mnl_attr_parse_nested(attr, nftnl_data_parse_cb, tb) < 0)
189 return -1;
190
191 if (tb[NFTA_DATA_VALUE]) {
192 if (type)
193 *type = DATA_VALUE;
194
195 ret = __nftnl_parse_data(data, tb[NFTA_DATA_VALUE]);
196 if (ret < 0)
197 return ret;
198 }
199 if (tb[NFTA_DATA_VERDICT])
200 ret = nftnl_parse_verdict(data, tb[NFTA_DATA_VERDICT], type);
201
202 return ret;
203}
204
205int nftnl_data_cpy(union nftnl_data_reg *dreg, const void *src, uint32_t len)
206{
207 int ret = 0;
208
209 if (len > sizeof(dreg->val)) {
210 len = sizeof(dreg->val);
211 ret = -1;
212 }
213
214 memcpy(dreg->val, src, len);
215 dreg->len = len;
216 return ret;
217}