libnftnl 1.2.6
reject.c
1/*
2 * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published
6 * by the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
10 */
11
12#include <stdio.h>
13#include <stdint.h>
14#include <string.h>
15#include <arpa/inet.h>
16#include <errno.h>
17#include <linux/netfilter/nf_tables.h>
18
19#include "internal.h"
20#include <libmnl/libmnl.h>
21#include <libnftnl/expr.h>
22#include <libnftnl/rule.h>
23
25 uint32_t type;
26 uint8_t icmp_code;
27};
28
29static int nftnl_expr_reject_set(struct nftnl_expr *e, uint16_t type,
30 const void *data, uint32_t data_len)
31{
32 struct nftnl_expr_reject *reject = nftnl_expr_data(e);
33
34 switch(type) {
35 case NFTNL_EXPR_REJECT_TYPE:
36 memcpy(&reject->type, data, sizeof(reject->type));
37 break;
38 case NFTNL_EXPR_REJECT_CODE:
39 memcpy(&reject->icmp_code, data, sizeof(reject->icmp_code));
40 break;
41 default:
42 return -1;
43 }
44 return 0;
45}
46
47static const void *
48nftnl_expr_reject_get(const struct nftnl_expr *e, uint16_t type,
49 uint32_t *data_len)
50{
51 struct nftnl_expr_reject *reject = nftnl_expr_data(e);
52
53 switch(type) {
54 case NFTNL_EXPR_REJECT_TYPE:
55 *data_len = sizeof(reject->type);
56 return &reject->type;
57 case NFTNL_EXPR_REJECT_CODE:
58 *data_len = sizeof(reject->icmp_code);
59 return &reject->icmp_code;
60 }
61 return NULL;
62}
63
64static int nftnl_expr_reject_cb(const struct nlattr *attr, void *data)
65{
66 const struct nlattr **tb = data;
67 int type = mnl_attr_get_type(attr);
68
69 if (mnl_attr_type_valid(attr, NFTA_REJECT_MAX) < 0)
70 return MNL_CB_OK;
71
72 switch(type) {
73 case NFTA_REJECT_TYPE:
74 if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
75 abi_breakage();
76 break;
77 case NFTA_REJECT_ICMP_CODE:
78 if (mnl_attr_validate(attr, MNL_TYPE_U8) < 0)
79 abi_breakage();
80 break;
81 }
82
83 tb[type] = attr;
84 return MNL_CB_OK;
85}
86
87static void
88nftnl_expr_reject_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
89{
90 struct nftnl_expr_reject *reject = nftnl_expr_data(e);
91
92 if (e->flags & (1 << NFTNL_EXPR_REJECT_TYPE))
93 mnl_attr_put_u32(nlh, NFTA_REJECT_TYPE, htonl(reject->type));
94 if (e->flags & (1 << NFTNL_EXPR_REJECT_CODE))
95 mnl_attr_put_u8(nlh, NFTA_REJECT_ICMP_CODE, reject->icmp_code);
96}
97
98static int
99nftnl_expr_reject_parse(struct nftnl_expr *e, struct nlattr *attr)
100{
101 struct nftnl_expr_reject *reject = nftnl_expr_data(e);
102 struct nlattr *tb[NFTA_REJECT_MAX+1] = {};
103
104 if (mnl_attr_parse_nested(attr, nftnl_expr_reject_cb, tb) < 0)
105 return -1;
106
107 if (tb[NFTA_REJECT_TYPE]) {
108 reject->type = ntohl(mnl_attr_get_u32(tb[NFTA_REJECT_TYPE]));
109 e->flags |= (1 << NFTNL_EXPR_REJECT_TYPE);
110 }
111 if (tb[NFTA_REJECT_ICMP_CODE]) {
112 reject->icmp_code = mnl_attr_get_u8(tb[NFTA_REJECT_ICMP_CODE]);
113 e->flags |= (1 << NFTNL_EXPR_REJECT_CODE);
114 }
115
116 return 0;
117}
118
119static int
120nftnl_expr_reject_snprintf(char *buf, size_t len,
121 uint32_t flags, const struct nftnl_expr *e)
122{
123 struct nftnl_expr_reject *reject = nftnl_expr_data(e);
124
125 return snprintf(buf, len, "type %u code %u ",
126 reject->type, reject->icmp_code);
127}
128
129struct expr_ops expr_ops_reject = {
130 .name = "reject",
131 .alloc_len = sizeof(struct nftnl_expr_reject),
132 .max_attr = NFTA_REJECT_MAX,
133 .set = nftnl_expr_reject_set,
134 .get = nftnl_expr_reject_get,
135 .parse = nftnl_expr_reject_parse,
136 .build = nftnl_expr_reject_build,
137 .output = nftnl_expr_reject_snprintf,
138};