expr: Introduce struct expr_ops::attr_policy

Similar to kernel's nla_policy, enable expressions to inform about restrictions on attribute use. This allows the generic expression code to perform sanity checks before dispatching to expression ops. For now, this holds only the maximum data len which may be passed to nftnl_expr_set(). While one may debate whether accepting e.g. uint32_t for sreg/dreg attributes is correct, it is necessary to not break nftables. Note that this introduces artificial restrictions on name lengths which were caught by the kernel (if nftables didn't). Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2023-12-15 16:30:52 +0100
committer: Phil Sutter <phil@nwl.cc> 2024-03-06 15:40:37 +0100
commit: cdde5a8c5a8734f2d540a0ab52c32d41d4d18127 (patch)
tree: a1641dedae09aa9b6e069d66b4e3212fe3525972 /include/expr_ops.h
parent: 9da7658c6e25b02f7eeef936835469f4174cbfec (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/include/expr_ops.h b/include/expr_ops.h
index 51b2214..6cfb3b5 100644
--- a/include/expr_ops.h
+++ b/include/expr_ops.h
@@ -8,10 +8,15 @@ struct nlattr;
 struct nlmsghdr;
 struct nftnl_expr;
 
+struct attr_policy {
+	uint32_t maxlen;
+};
+
 struct expr_ops {
 	const char *name;
 	uint32_t alloc_len;
 	int	nftnl_max_attr;
+	struct attr_policy *attr_policy;
 	void	(*init)(const struct nftnl_expr *e);
 	void	(*free)(const struct nftnl_expr *e);
 	int	(*set)(struct nftnl_expr *e, uint16_t type, const void *data, uint32_t data_len);
author	Phil Sutter <phil@nwl.cc>	2023-12-15 16:30:52 +0100
committer	Phil Sutter <phil@nwl.cc>	2024-03-06 15:40:37 +0100
commit	cdde5a8c5a8734f2d540a0ab52c32d41d4d18127 (patch)
tree	a1641dedae09aa9b6e069d66b4e3212fe3525972 /include/expr_ops.h
parent	9da7658c6e25b02f7eeef936835469f4174cbfec (diff)