diff options
author | Phil Sutter <phil@nwl.cc> | 2023-12-15 16:30:52 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2024-03-06 15:40:37 +0100 |
commit | cdde5a8c5a8734f2d540a0ab52c32d41d4d18127 (patch) | |
tree | a1641dedae09aa9b6e069d66b4e3212fe3525972 /include/expr_ops.h | |
parent | 9da7658c6e25b02f7eeef936835469f4174cbfec (diff) |
expr: Introduce struct expr_ops::attr_policy
Similar to kernel's nla_policy, enable expressions to inform about
restrictions on attribute use. This allows the generic expression code
to perform sanity checks before dispatching to expression ops.
For now, this holds only the maximum data len which may be passed to
nftnl_expr_set().
While one may debate whether accepting e.g. uint32_t for sreg/dreg
attributes is correct, it is necessary to not break nftables.
Note that this introduces artificial restrictions on name lengths which
were caught by the kernel (if nftables didn't).
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'include/expr_ops.h')
-rw-r--r-- | include/expr_ops.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/expr_ops.h b/include/expr_ops.h index 51b2214..6cfb3b5 100644 --- a/include/expr_ops.h +++ b/include/expr_ops.h @@ -8,10 +8,15 @@ struct nlattr; struct nlmsghdr; struct nftnl_expr; +struct attr_policy { + uint32_t maxlen; +}; + struct expr_ops { const char *name; uint32_t alloc_len; int nftnl_max_attr; + struct attr_policy *attr_policy; void (*init)(const struct nftnl_expr *e); void (*free)(const struct nftnl_expr *e); int (*set)(struct nftnl_expr *e, uint16_t type, const void *data, uint32_t data_len); |