diff options
author | Phil Sutter <phil@nwl.cc> | 2023-03-29 17:53:11 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-05-03 19:09:29 +0200 |
commit | 46ed4d264ce44dd0a01723a1e326eedc0da822ba (patch) | |
tree | 74a4646736d597a0daf45556d6e2b110e65bb54b /iptables/nft-shared.h | |
parent | 90a7a183a208b691810b8519cc57d3d9d3b7eb60 (diff) |
nft: Introduce nft-ruleparse.{c,h}
Extract all code dealing with parsing from struct nftnl_rule into struct
iptables_command_state from nft-shared.c into a separate source file.
Basically this is nft_rule_to_iptables_command_state() and the functions
it calls, plus family-independent parsers called from family-specific
callbacks.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft-shared.h')
-rw-r--r-- | iptables/nft-shared.h | 101 |
1 files changed, 1 insertions, 100 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 2c4c0d90..2edee649 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -11,6 +11,7 @@ #include <linux/netfilter/nf_tables.h> #include "xshared.h" +#include "nft-ruleparse.h" #ifdef DEBUG #define DEBUG_DEL @@ -38,92 +39,6 @@ struct xtables_args; struct nft_handle; struct xt_xlate; -enum nft_ctx_reg_type { - NFT_XT_REG_UNDEF, - NFT_XT_REG_PAYLOAD, - NFT_XT_REG_IMMEDIATE, - NFT_XT_REG_META_DREG, -}; - -struct nft_xt_ctx_reg { - enum nft_ctx_reg_type type:8; - - union { - struct { - uint32_t base; - uint32_t offset; - uint32_t len; - } payload; - struct { - uint32_t data[4]; - uint8_t len; - } immediate; - struct { - uint32_t key; - } meta_dreg; - struct { - uint32_t key; - } meta_sreg; - }; - - struct { - uint32_t mask[4]; - uint32_t xor[4]; - bool set; - } bitwise; -}; - -struct nft_xt_ctx { - struct iptables_command_state *cs; - struct nftnl_expr_iter *iter; - struct nft_handle *h; - uint32_t flags; - const char *table; - - struct nft_xt_ctx_reg regs[1 + 16]; - - const char *errmsg; -}; - -static inline struct nft_xt_ctx_reg *nft_xt_ctx_get_sreg(struct nft_xt_ctx *ctx, enum nft_registers reg) -{ - switch (reg) { - case NFT_REG_VERDICT: - return &ctx->regs[0]; - case NFT_REG_1: - return &ctx->regs[1]; - case NFT_REG_2: - return &ctx->regs[5]; - case NFT_REG_3: - return &ctx->regs[9]; - case NFT_REG_4: - return &ctx->regs[13]; - case NFT_REG32_00...NFT_REG32_15: - return &ctx->regs[reg - NFT_REG32_00]; - default: - ctx->errmsg = "Unknown register requested"; - break; - } - - return NULL; -} - -static inline void nft_xt_reg_clear(struct nft_xt_ctx_reg *r) -{ - r->type = 0; - r->bitwise.set = false; -} - -static inline struct nft_xt_ctx_reg *nft_xt_ctx_get_dreg(struct nft_xt_ctx *ctx, enum nft_registers reg) -{ - struct nft_xt_ctx_reg *r = nft_xt_ctx_get_sreg(ctx, reg); - - if (r) - nft_xt_reg_clear(r); - - return r; -} - struct nft_family_ops { int (*add)(struct nft_handle *h, struct nftnl_rule *r, struct iptables_command_state *cs); @@ -207,14 +122,8 @@ bool is_same_interfaces(const char *a_iniface, const char *a_outiface, unsigned const char *b_iniface_mask, unsigned const char *b_outiface_mask); -int parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e, uint8_t key, - char *iniface, unsigned char *iniface_mask, char *outiface, - unsigned char *outiface_mask, uint8_t *invflags); void __get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, uint8_t *op); void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv); -bool nft_rule_to_iptables_command_state(struct nft_handle *h, - const struct nftnl_rule *r, - struct iptables_command_state *cs); void print_matches_and_target(struct iptables_command_state *cs, unsigned int format); void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy); @@ -224,9 +133,6 @@ void save_matches_and_target(const struct iptables_command_state *cs, struct nft_family_ops *nft_family_ops_lookup(int family); -void nft_ipv46_parse_target(struct xtables_target *t, - struct iptables_command_state *cs); - bool compare_matches(struct xtables_rule_match *mt1, struct xtables_rule_match *mt2); bool compare_targets(struct xtables_target *tg1, struct xtables_target *tg2); @@ -263,11 +169,6 @@ void xtables_restore_parse(struct nft_handle *h, void nft_check_xt_legacy(int family, bool is_ipt_save); -int nft_parse_hl(struct nft_xt_ctx *ctx, struct nftnl_expr *e, struct iptables_command_state *cs); - -#define min(x, y) ((x) < (y) ? (x) : (y)) -#define max(x, y) ((x) > (y) ? (x) : (y)) - /* simplified nftables:include/netlink.h, netlink_padded_len() */ #define NETLINK_ALIGN 4 |