libnftnl 1.2.9
match.c
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
4 *
5 * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
6 */
7
8#include "internal.h"
9
10#include <stdio.h>
11#include <stdint.h>
12#include <string.h> /* for memcpy */
13#include <arpa/inet.h>
14#include <errno.h>
15#include <libmnl/libmnl.h>
16
17#include <linux/netfilter/nf_tables.h>
18#include <linux/netfilter/nf_tables_compat.h>
19
20#include <libnftnl/expr.h>
21#include <libnftnl/rule.h>
22
23/* From include/linux/netfilter/x_tables.h */
24#define XT_EXTENSION_MAXNAMELEN 29
25
27 char name[XT_EXTENSION_MAXNAMELEN];
28 uint32_t rev;
29 uint32_t data_len;
30 const void *data;
31};
32
33static int
34nftnl_expr_match_set(struct nftnl_expr *e, uint16_t type,
35 const void *data, uint32_t data_len)
36{
37 struct nftnl_expr_match *mt = nftnl_expr_data(e);
38
39 switch(type) {
40 case NFTNL_EXPR_MT_NAME:
41 snprintf(mt->name, sizeof(mt->name), "%.*s", data_len,
42 (const char *)data);
43 break;
44 case NFTNL_EXPR_MT_REV:
45 memcpy(&mt->rev, data, data_len);
46 break;
47 case NFTNL_EXPR_MT_INFO:
48 if (e->flags & (1 << NFTNL_EXPR_MT_INFO))
49 xfree(mt->data);
50
51 mt->data = data;
52 mt->data_len = data_len;
53 break;
54 }
55 return 0;
56}
57
58static const void *
59nftnl_expr_match_get(const struct nftnl_expr *e, uint16_t type,
60 uint32_t *data_len)
61{
62 struct nftnl_expr_match *mt = nftnl_expr_data(e);
63
64 switch(type) {
65 case NFTNL_EXPR_MT_NAME:
66 *data_len = sizeof(mt->name);
67 return mt->name;
68 case NFTNL_EXPR_MT_REV:
69 *data_len = sizeof(mt->rev);
70 return &mt->rev;
71 case NFTNL_EXPR_MT_INFO:
72 *data_len = mt->data_len;
73 return mt->data;
74 }
75 return NULL;
76}
77
78static int nftnl_expr_match_cb(const struct nlattr *attr, void *data)
79{
80 const struct nlattr **tb = data;
81 int type = mnl_attr_get_type(attr);
82
83 if (mnl_attr_type_valid(attr, NFTA_MATCH_MAX) < 0)
84 return MNL_CB_OK;
85
86 switch(type) {
87 case NFTA_MATCH_NAME:
88 if (mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0)
89 abi_breakage();
90 break;
91 case NFTA_MATCH_REV:
92 if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
93 abi_breakage();
94 break;
95 case NFTA_MATCH_INFO:
96 if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
97 abi_breakage();
98 break;
99 }
100
101 tb[type] = attr;
102 return MNL_CB_OK;
103}
104
105static void
106nftnl_expr_match_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
107{
108 struct nftnl_expr_match *mt = nftnl_expr_data(e);
109
110 if (e->flags & (1 << NFTNL_EXPR_MT_NAME))
111 mnl_attr_put_strz(nlh, NFTA_MATCH_NAME, mt->name);
112 if (e->flags & (1 << NFTNL_EXPR_MT_REV))
113 mnl_attr_put_u32(nlh, NFTA_MATCH_REV, htonl(mt->rev));
114 if (e->flags & (1 << NFTNL_EXPR_MT_INFO))
115 mnl_attr_put(nlh, NFTA_MATCH_INFO, mt->data_len, mt->data);
116}
117
118static int nftnl_expr_match_parse(struct nftnl_expr *e, struct nlattr *attr)
119{
120 struct nftnl_expr_match *match = nftnl_expr_data(e);
121 struct nlattr *tb[NFTA_MATCH_MAX+1] = {};
122
123 if (mnl_attr_parse_nested(attr, nftnl_expr_match_cb, tb) < 0)
124 return -1;
125
126 if (tb[NFTA_MATCH_NAME]) {
127 snprintf(match->name, XT_EXTENSION_MAXNAMELEN, "%s",
128 mnl_attr_get_str(tb[NFTA_MATCH_NAME]));
129
130 match->name[XT_EXTENSION_MAXNAMELEN-1] = '\0';
131 e->flags |= (1 << NFTNL_EXPR_MT_NAME);
132 }
133
134 if (tb[NFTA_MATCH_REV]) {
135 match->rev = ntohl(mnl_attr_get_u32(tb[NFTA_MATCH_REV]));
136 e->flags |= (1 << NFTNL_EXPR_MT_REV);
137 }
138
139 if (tb[NFTA_MATCH_INFO]) {
140 uint32_t len = mnl_attr_get_payload_len(tb[NFTA_MATCH_INFO]);
141 void *match_data;
142
143 if (e->flags & (1 << NFTNL_EXPR_MT_INFO))
144 xfree(match->data);
145
146 match_data = calloc(1, len);
147 if (match_data == NULL)
148 return -1;
149
150 memcpy(match_data, mnl_attr_get_payload(tb[NFTA_MATCH_INFO]), len);
151
152 match->data = match_data;
153 match->data_len = len;
154
155 e->flags |= (1 << NFTNL_EXPR_MT_INFO);
156 }
157
158 return 0;
159}
160
161static int
162nftnl_expr_match_snprintf(char *buf, size_t len,
163 uint32_t flags, const struct nftnl_expr *e)
164{
165 struct nftnl_expr_match *match = nftnl_expr_data(e);
166
167 return snprintf(buf, len, "name %s rev %u ", match->name, match->rev);
168}
169
170static void nftnl_expr_match_free(const struct nftnl_expr *e)
171{
172 struct nftnl_expr_match *match = nftnl_expr_data(e);
173
174 xfree(match->data);
175}
176
177static struct attr_policy match_attr_policy[__NFTNL_EXPR_MT_MAX] = {
178 [NFTNL_EXPR_MT_NAME] = { .maxlen = XT_EXTENSION_MAXNAMELEN },
179 [NFTNL_EXPR_MT_REV] = { .maxlen = sizeof(uint32_t) },
180 [NFTNL_EXPR_MT_INFO] = { .maxlen = 0 },
181};
182
183struct expr_ops expr_ops_match = {
184 .name = "match",
185 .alloc_len = sizeof(struct nftnl_expr_match),
186 .nftnl_max_attr = __NFTNL_EXPR_MT_MAX - 1,
187 .attr_policy = match_attr_policy,
188 .free = nftnl_expr_match_free,
189 .set = nftnl_expr_match_set,
190 .get = nftnl_expr_match_get,
191 .parse = nftnl_expr_match_parse,
192 .build = nftnl_expr_match_build,
193 .output = nftnl_expr_match_snprintf,
194};