libnftnl 1.2.6
cmp.c
1/*
2 * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published
6 * by the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
10 */
11
12#include "internal.h"
13
14#include <stdio.h>
15#include <stdint.h>
16#include <string.h>
17#include <arpa/inet.h>
18#include <errno.h>
19
20#include <libmnl/libmnl.h>
21#include <linux/netfilter/nf_tables.h>
22#include <libnftnl/expr.h>
23#include <libnftnl/rule.h>
24
26 union nftnl_data_reg data;
27 enum nft_registers sreg;
28 enum nft_cmp_ops op;
29};
30
31static int
32nftnl_expr_cmp_set(struct nftnl_expr *e, uint16_t type,
33 const void *data, uint32_t data_len)
34{
35 struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
36
37 switch(type) {
38 case NFTNL_EXPR_CMP_SREG:
39 memcpy(&cmp->sreg, data, sizeof(cmp->sreg));
40 break;
41 case NFTNL_EXPR_CMP_OP:
42 memcpy(&cmp->op, data, sizeof(cmp->op));
43 break;
44 case NFTNL_EXPR_CMP_DATA:
45 memcpy(&cmp->data.val, data, data_len);
46 cmp->data.len = data_len;
47 break;
48 default:
49 return -1;
50 }
51 return 0;
52}
53
54static const void *
55nftnl_expr_cmp_get(const struct nftnl_expr *e, uint16_t type,
56 uint32_t *data_len)
57{
58 struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
59
60 switch(type) {
61 case NFTNL_EXPR_CMP_SREG:
62 *data_len = sizeof(cmp->sreg);
63 return &cmp->sreg;
64 case NFTNL_EXPR_CMP_OP:
65 *data_len = sizeof(cmp->op);
66 return &cmp->op;
67 case NFTNL_EXPR_CMP_DATA:
68 *data_len = cmp->data.len;
69 return &cmp->data.val;
70 }
71 return NULL;
72}
73
74static int nftnl_expr_cmp_cb(const struct nlattr *attr, void *data)
75{
76 const struct nlattr **tb = data;
77 int type = mnl_attr_get_type(attr);
78
79 if (mnl_attr_type_valid(attr, NFTA_CMP_MAX) < 0)
80 return MNL_CB_OK;
81
82 switch(type) {
83 case NFTA_CMP_SREG:
84 case NFTA_CMP_OP:
85 if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
86 abi_breakage();
87 break;
88 case NFTA_CMP_DATA:
89 if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
90 abi_breakage();
91 break;
92 }
93
94 tb[type] = attr;
95 return MNL_CB_OK;
96}
97
98static void
99nftnl_expr_cmp_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
100{
101 struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
102
103 if (e->flags & (1 << NFTNL_EXPR_CMP_SREG))
104 mnl_attr_put_u32(nlh, NFTA_CMP_SREG, htonl(cmp->sreg));
105 if (e->flags & (1 << NFTNL_EXPR_CMP_OP))
106 mnl_attr_put_u32(nlh, NFTA_CMP_OP, htonl(cmp->op));
107 if (e->flags & (1 << NFTNL_EXPR_CMP_DATA)) {
108 struct nlattr *nest;
109
110 nest = mnl_attr_nest_start(nlh, NFTA_CMP_DATA);
111 mnl_attr_put(nlh, NFTA_DATA_VALUE, cmp->data.len, cmp->data.val);
112 mnl_attr_nest_end(nlh, nest);
113 }
114}
115
116static int
117nftnl_expr_cmp_parse(struct nftnl_expr *e, struct nlattr *attr)
118{
119 struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
120 struct nlattr *tb[NFTA_CMP_MAX+1] = {};
121 int ret = 0;
122
123 if (mnl_attr_parse_nested(attr, nftnl_expr_cmp_cb, tb) < 0)
124 return -1;
125
126 if (tb[NFTA_CMP_SREG]) {
127 cmp->sreg = ntohl(mnl_attr_get_u32(tb[NFTA_CMP_SREG]));
128 e->flags |= (1 << NFTA_CMP_SREG);
129 }
130 if (tb[NFTA_CMP_OP]) {
131 cmp->op = ntohl(mnl_attr_get_u32(tb[NFTA_CMP_OP]));
132 e->flags |= (1 << NFTA_CMP_OP);
133 }
134 if (tb[NFTA_CMP_DATA]) {
135 ret = nftnl_parse_data(&cmp->data, tb[NFTA_CMP_DATA], NULL);
136 e->flags |= (1 << NFTA_CMP_DATA);
137 }
138
139 return ret;
140}
141
142static const char *expr_cmp_str[] = {
143 [NFT_CMP_EQ] = "eq",
144 [NFT_CMP_NEQ] = "neq",
145 [NFT_CMP_LT] = "lt",
146 [NFT_CMP_LTE] = "lte",
147 [NFT_CMP_GT] = "gt",
148 [NFT_CMP_GTE] = "gte",
149};
150
151static const char *cmp2str(uint32_t op)
152{
153 if (op > NFT_CMP_GTE)
154 return "unknown";
155
156 return expr_cmp_str[op];
157}
158
159static inline int nftnl_str2cmp(const char *op)
160{
161 if (strcmp(op, "eq") == 0)
162 return NFT_CMP_EQ;
163 else if (strcmp(op, "neq") == 0)
164 return NFT_CMP_NEQ;
165 else if (strcmp(op, "lt") == 0)
166 return NFT_CMP_LT;
167 else if (strcmp(op, "lte") == 0)
168 return NFT_CMP_LTE;
169 else if (strcmp(op, "gt") == 0)
170 return NFT_CMP_GT;
171 else if (strcmp(op, "gte") == 0)
172 return NFT_CMP_GTE;
173 else {
174 errno = EINVAL;
175 return -1;
176 }
177}
178
179static int
180nftnl_expr_cmp_snprintf(char *buf, size_t remain,
181 uint32_t flags, const struct nftnl_expr *e)
182{
183 struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
184 int offset = 0, ret;
185
186 ret = snprintf(buf, remain, "%s reg %u ",
187 cmp2str(cmp->op), cmp->sreg);
188 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
189
190 ret = nftnl_data_reg_snprintf(buf + offset, remain, &cmp->data,
191 0, DATA_VALUE);
192 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
193
194 return offset;
195}
196
197struct expr_ops expr_ops_cmp = {
198 .name = "cmp",
199 .alloc_len = sizeof(struct nftnl_expr_cmp),
200 .max_attr = NFTA_CMP_MAX,
201 .set = nftnl_expr_cmp_set,
202 .get = nftnl_expr_cmp_get,
203 .parse = nftnl_expr_cmp_parse,
204 .build = nftnl_expr_cmp_build,
205 .output = nftnl_expr_cmp_snprintf,
206};