libnftnl 1.2.9
cmp.c
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
4 *
5 * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
6 */
7
8#include "internal.h"
9
10#include <stdio.h>
11#include <stdint.h>
12#include <string.h>
13#include <arpa/inet.h>
14#include <errno.h>
15
16#include <libmnl/libmnl.h>
17#include <linux/netfilter/nf_tables.h>
18#include <libnftnl/expr.h>
19#include <libnftnl/rule.h>
20
22 union nftnl_data_reg data;
23 enum nft_registers sreg;
24 enum nft_cmp_ops op;
25};
26
27static int
28nftnl_expr_cmp_set(struct nftnl_expr *e, uint16_t type,
29 const void *data, uint32_t data_len)
30{
31 struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
32
33 switch(type) {
34 case NFTNL_EXPR_CMP_SREG:
35 memcpy(&cmp->sreg, data, data_len);
36 break;
37 case NFTNL_EXPR_CMP_OP:
38 memcpy(&cmp->op, data, data_len);
39 break;
40 case NFTNL_EXPR_CMP_DATA:
41 return nftnl_data_cpy(&cmp->data, data, data_len);
42 }
43 return 0;
44}
45
46static const void *
47nftnl_expr_cmp_get(const struct nftnl_expr *e, uint16_t type,
48 uint32_t *data_len)
49{
50 struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
51
52 switch(type) {
53 case NFTNL_EXPR_CMP_SREG:
54 *data_len = sizeof(cmp->sreg);
55 return &cmp->sreg;
56 case NFTNL_EXPR_CMP_OP:
57 *data_len = sizeof(cmp->op);
58 return &cmp->op;
59 case NFTNL_EXPR_CMP_DATA:
60 *data_len = cmp->data.len;
61 return &cmp->data.val;
62 }
63 return NULL;
64}
65
66static int nftnl_expr_cmp_cb(const struct nlattr *attr, void *data)
67{
68 const struct nlattr **tb = data;
69 int type = mnl_attr_get_type(attr);
70
71 if (mnl_attr_type_valid(attr, NFTA_CMP_MAX) < 0)
72 return MNL_CB_OK;
73
74 switch(type) {
75 case NFTA_CMP_SREG:
76 case NFTA_CMP_OP:
77 if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
78 abi_breakage();
79 break;
80 case NFTA_CMP_DATA:
81 if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
82 abi_breakage();
83 break;
84 }
85
86 tb[type] = attr;
87 return MNL_CB_OK;
88}
89
90static void
91nftnl_expr_cmp_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
92{
93 struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
94
95 if (e->flags & (1 << NFTNL_EXPR_CMP_SREG))
96 mnl_attr_put_u32(nlh, NFTA_CMP_SREG, htonl(cmp->sreg));
97 if (e->flags & (1 << NFTNL_EXPR_CMP_OP))
98 mnl_attr_put_u32(nlh, NFTA_CMP_OP, htonl(cmp->op));
99 if (e->flags & (1 << NFTNL_EXPR_CMP_DATA)) {
100 struct nlattr *nest;
101
102 nest = mnl_attr_nest_start(nlh, NFTA_CMP_DATA);
103 mnl_attr_put(nlh, NFTA_DATA_VALUE, cmp->data.len, cmp->data.val);
104 mnl_attr_nest_end(nlh, nest);
105 }
106}
107
108static int
109nftnl_expr_cmp_parse(struct nftnl_expr *e, struct nlattr *attr)
110{
111 struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
112 struct nlattr *tb[NFTA_CMP_MAX+1] = {};
113 int ret = 0;
114
115 if (mnl_attr_parse_nested(attr, nftnl_expr_cmp_cb, tb) < 0)
116 return -1;
117
118 if (tb[NFTA_CMP_SREG]) {
119 cmp->sreg = ntohl(mnl_attr_get_u32(tb[NFTA_CMP_SREG]));
120 e->flags |= (1 << NFTA_CMP_SREG);
121 }
122 if (tb[NFTA_CMP_OP]) {
123 cmp->op = ntohl(mnl_attr_get_u32(tb[NFTA_CMP_OP]));
124 e->flags |= (1 << NFTA_CMP_OP);
125 }
126 if (tb[NFTA_CMP_DATA]) {
127 ret = nftnl_parse_data(&cmp->data, tb[NFTA_CMP_DATA], NULL);
128 e->flags |= (1 << NFTA_CMP_DATA);
129 }
130
131 return ret;
132}
133
134static const char *expr_cmp_str[] = {
135 [NFT_CMP_EQ] = "eq",
136 [NFT_CMP_NEQ] = "neq",
137 [NFT_CMP_LT] = "lt",
138 [NFT_CMP_LTE] = "lte",
139 [NFT_CMP_GT] = "gt",
140 [NFT_CMP_GTE] = "gte",
141};
142
143static const char *cmp2str(uint32_t op)
144{
145 if (op > NFT_CMP_GTE)
146 return "unknown";
147
148 return expr_cmp_str[op];
149}
150
151static int
152nftnl_expr_cmp_snprintf(char *buf, size_t remain,
153 uint32_t flags, const struct nftnl_expr *e)
154{
155 struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
156 int offset = 0, ret;
157
158 ret = snprintf(buf, remain, "%s reg %u ",
159 cmp2str(cmp->op), cmp->sreg);
160 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
161
162 ret = nftnl_data_reg_snprintf(buf + offset, remain, &cmp->data,
163 0, DATA_VALUE);
164 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
165
166 return offset;
167}
168
169static struct attr_policy cmp_attr_policy[__NFTNL_EXPR_CMP_MAX] = {
170 [NFTNL_EXPR_CMP_SREG] = { .maxlen = sizeof(uint32_t) },
171 [NFTNL_EXPR_CMP_OP] = { .maxlen = sizeof(uint32_t) },
172 [NFTNL_EXPR_CMP_DATA] = { .maxlen = NFT_DATA_VALUE_MAXLEN }
173};
174
175struct expr_ops expr_ops_cmp = {
176 .name = "cmp",
177 .alloc_len = sizeof(struct nftnl_expr_cmp),
178 .nftnl_max_attr = __NFTNL_EXPR_CMP_MAX - 1,
179 .attr_policy = cmp_attr_policy,
180 .set = nftnl_expr_cmp_set,
181 .get = nftnl_expr_cmp_get,
182 .parse = nftnl_expr_cmp_parse,
183 .build = nftnl_expr_cmp_build,
184 .output = nftnl_expr_cmp_snprintf,
185};