diff options
| author | Jose M. Guisado Gomez <guigom@riseup.net> | 2020-08-20 10:19:02 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-08-28 19:32:18 +0200 |
| commit | 99be0e6d066d734f7580c4034404f123cc0f07f3 (patch) | |
| tree | aaaeb6d0c38cd77bb49bffd63a833cdb2b76cc95 | |
| parent | a4db940701e899b87a1d4e70db614f23cb8f6cdf (diff) | |
table: add userdata support
This patch adds NFT_TABLE_USERDATA and NFTNL_UDATA_TABLE_COMMENT to
support for table comments.
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/libnftnl/table.h | 1 | ||||
| -rw-r--r-- | include/libnftnl/udata.h | 6 | ||||
| -rw-r--r-- | include/linux/netfilter/nf_tables.h | 1 | ||||
| -rw-r--r-- | src/table.c | 33 |
4 files changed, 41 insertions, 0 deletions
diff --git a/include/libnftnl/table.h b/include/libnftnl/table.h index 5faec81..a37fba2 100644 --- a/include/libnftnl/table.h +++ b/include/libnftnl/table.h @@ -23,6 +23,7 @@ enum nftnl_table_attr { NFTNL_TABLE_FLAGS, NFTNL_TABLE_USE, NFTNL_TABLE_HANDLE, + NFTNL_TABLE_USERDATA, __NFTNL_TABLE_MAX }; #define NFTNL_TABLE_MAX (__NFTNL_TABLE_MAX - 1) diff --git a/include/libnftnl/udata.h b/include/libnftnl/udata.h index efa3f76..ba6b3ab 100644 --- a/include/libnftnl/udata.h +++ b/include/libnftnl/udata.h @@ -9,6 +9,12 @@ extern "C" { #endif +enum nftnl_udata_table_types { + NFTNL_UDATA_TABLE_COMMENT, + __NFTNL_UDATA_TABLE_MAX +}; +#define NFTNL_UDATA_TABLE_MAX (__NFTNL_UDATA_TABLE_MAX - 1) + enum nftnl_udata_rule_types { NFTNL_UDATA_RULE_COMMENT, NFTNL_UDATA_RULE_EBTABLES_POLICY, diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index d9b0daa..d508154 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -180,6 +180,7 @@ enum nft_table_attributes { NFTA_TABLE_USE, NFTA_TABLE_HANDLE, NFTA_TABLE_PAD, + NFTA_TABLE_USERDATA, __NFTA_TABLE_MAX }; #define NFTA_TABLE_MAX (__NFTA_TABLE_MAX - 1) diff --git a/src/table.c b/src/table.c index 94d522b..731c818 100644 --- a/src/table.c +++ b/src/table.c @@ -34,6 +34,10 @@ struct nftnl_table { uint64_t handle; uint32_t use; uint32_t flags; + struct { + void *data; + uint32_t len; + } user; }; EXPORT_SYMBOL(nftnl_table_alloc); @@ -47,6 +51,8 @@ void nftnl_table_free(const struct nftnl_table *t) { if (t->flags & (1 << NFTNL_TABLE_NAME)) xfree(t->name); + if (t->flags & (1 << NFTNL_TABLE_USERDATA)) + xfree(t->user.data); xfree(t); } @@ -111,6 +117,16 @@ int nftnl_table_set_data(struct nftnl_table *t, uint16_t attr, case NFTNL_TABLE_USE: memcpy(&t->use, data, sizeof(t->use)); break; + case NFTNL_TABLE_USERDATA: + if (t->flags & (1 << NFTNL_TABLE_USERDATA)) + xfree(t->user.data); + + t->user.data = malloc(data_len); + if (!t->user.data) + return -1; + memcpy(t->user.data, data, data_len); + t->user.len = data_len; + break; } t->flags |= (1 << attr); return 0; @@ -169,6 +185,9 @@ const void *nftnl_table_get_data(const struct nftnl_table *t, uint16_t attr, case NFTNL_TABLE_USE: *data_len = sizeof(uint32_t); return &t->use; + case NFTNL_TABLE_USERDATA: + *data_len = t->user.len; + return t->user.data; } return NULL; } @@ -216,6 +235,8 @@ void nftnl_table_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nftnl_ta mnl_attr_put_u64(nlh, NFTA_TABLE_HANDLE, htobe64(t->handle)); if (t->flags & (1 << NFTNL_TABLE_FLAGS)) mnl_attr_put_u32(nlh, NFTA_TABLE_FLAGS, htonl(t->table_flags)); + if (t->flags & (1 << NFTNL_TABLE_USERDATA)) + mnl_attr_put(nlh, NFTA_TABLE_USERDATA, t->user.len, t->user.data); } static int nftnl_table_parse_attr_cb(const struct nlattr *attr, void *data) @@ -240,6 +261,10 @@ static int nftnl_table_parse_attr_cb(const struct nlattr *attr, void *data) if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) abi_breakage(); break; + case NFTA_TABLE_USERDATA: + if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0) + abi_breakage(); + break; } tb[type] = attr; @@ -251,6 +276,7 @@ int nftnl_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_table *t) { struct nlattr *tb[NFTA_TABLE_MAX+1] = {}; struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh); + int ret; if (mnl_attr_parse(nlh, sizeof(*nfg), nftnl_table_parse_attr_cb, tb) < 0) return -1; @@ -275,6 +301,13 @@ int nftnl_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_table *t) t->handle = be64toh(mnl_attr_get_u64(tb[NFTA_TABLE_HANDLE])); t->flags |= (1 << NFTNL_TABLE_HANDLE); } + if (tb[NFTA_TABLE_USERDATA]) { + ret = nftnl_table_set_data(t, NFTNL_TABLE_USERDATA, + mnl_attr_get_payload(tb[NFTA_TABLE_USERDATA]), + mnl_attr_get_payload_len(tb[NFTA_TABLE_USERDATA])); + if (ret < 0) + return ret; + } t->family = nfg->nfgen_family; t->flags |= (1 << NFTNL_TABLE_FAMILY); |