diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-01-19 20:12:15 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-01-23 02:55:12 +0100 |
commit | e046e39725859d6efc0cb7588694e4983ec46251 (patch) | |
tree | a0f95023ba3d1e39f2b3a513c9275fb76f7de262 /src/rule.c | |
parent | f5ea90b500d94fcf383393c9e338c2e199f74513 (diff) |
rule: add support for rule flags
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
-rw-r--r-- | src/rule.c | 36 |
1 files changed, 34 insertions, 2 deletions
@@ -34,6 +34,7 @@ struct nft_rule { char *table; char *chain; uint8_t family; + uint32_t rule_flags; uint64_t handle; struct list_head expr_list; @@ -82,6 +83,9 @@ void nft_rule_attr_set(struct nft_rule *r, uint16_t attr, void *data) case NFT_RULE_ATTR_HANDLE: r->handle = *((uint64_t *)data); break; + case NFT_RULE_ATTR_FLAGS: + r->rule_flags = *((uint32_t *)data); + break; default: return; } @@ -89,6 +93,12 @@ void nft_rule_attr_set(struct nft_rule *r, uint16_t attr, void *data) } EXPORT_SYMBOL(nft_rule_attr_set); +void nft_rule_attr_set_u32(struct nft_rule *r, uint16_t attr, uint32_t val) +{ + nft_rule_attr_set(r, attr, &val); +} +EXPORT_SYMBOL(nft_rule_attr_set_u32); + void nft_rule_attr_set_u64(struct nft_rule *r, uint16_t attr, uint64_t val) { nft_rule_attr_set(r, attr, &val); @@ -127,6 +137,12 @@ void *nft_rule_attr_get(struct nft_rule *r, uint16_t attr) else return NULL; break; + case NFT_RULE_ATTR_FLAGS: + if (r->flags & (1 << NFT_RULE_ATTR_FLAGS)) + return &r->rule_flags; + else + return NULL; + break; default: return NULL; } @@ -139,6 +155,13 @@ const char *nft_rule_attr_get_str(struct nft_rule *r, uint16_t attr) } EXPORT_SYMBOL(nft_rule_attr_get_str); +uint32_t nft_rule_attr_get_u32(struct nft_rule *r, uint16_t attr) +{ + uint32_t val = *((uint32_t *)nft_rule_attr_get(r, attr)); + return val; +} +EXPORT_SYMBOL(nft_rule_attr_get_u64); + uint64_t nft_rule_attr_get_u64(struct nft_rule *r, uint16_t attr) { uint64_t val = *((uint64_t *)nft_rule_attr_get(r, attr)); @@ -185,6 +208,8 @@ void nft_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_rule *r) mnl_attr_put_strz(nlh, NFTA_RULE_CHAIN, r->chain); if (r->flags & (1 << NFT_RULE_ATTR_HANDLE)) mnl_attr_put_u64(nlh, NFTA_RULE_HANDLE, htobe64(r->handle)); + if (r->flags & (1 << NFT_RULE_ATTR_FLAGS)) + mnl_attr_put_u32(nlh, NFTA_RULE_FLAGS, htonl(r->rule_flags)); nest = mnl_attr_nest_start(nlh, NFTA_RULE_EXPRESSIONS); list_for_each_entry(expr, &r->expr_list, head) { @@ -222,6 +247,12 @@ static int nft_rule_parse_attr_cb(const struct nlattr *attr, void *data) return MNL_CB_ERROR; } break; + case NFTA_RULE_FLAGS: + if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { + perror("mnl_attr_validate"); + return MNL_CB_ERROR; + } + break; } tb[type] = attr; @@ -327,9 +358,10 @@ int nft_rule_snprintf(char *buf, size_t size, struct nft_rule *r, struct nft_rule_expr *expr; int len = size, offset = 0; - ret = snprintf(buf, size, "family=%u table=%s chain=%s handle=%llu ", + ret = snprintf(buf, size, "family=%u table=%s chain=%s handle=%llu " + "flags=%x ", r->family, r->table, r->chain, - (unsigned long long)r->handle); + (unsigned long long)r->handle, r->rule_flags); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); list_for_each_entry(expr, &r->expr_list, head) { |