chain: add netdev family support

Add support for the new NFT_CHAIN_ATTR_DEV attribute that indicates that the basechain is attached to a net_device. This partially reworks 1dd9ba1ea23c ("table: add netdev family support"). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2015-06-11 20:43:54 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-06-16 17:29:57 +0200
commit: be97f91146d5717a1c6d43694fdb429b662846b3 (patch)
tree: 285f64e6801b1614c8a7e2c496a7dfa44bee8dab /src
parent: 1dd9ba1ea23c46d2c9ea1685b458afb9af459e58 (diff)
2 files changed, 47 insertions, 37 deletions
diff --git a/src/chain.c b/src/chain.c
index 74e5925..ed9d9e4 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -35,6 +35,7 @@ struct nft_chain {
 	char		name[NFT_CHAIN_MAXNAMELEN];
 	const char	*type;
 	const char	*table;
+	const char	*dev;
 	uint32_t	family;
 	uint32_t	policy;
 	uint32_t	hooknum;
@@ -98,6 +99,8 @@ void nft_chain_free(struct nft_chain *c)
 		xfree(c->table);
 	if (c->type != NULL)
 		xfree(c->type);
+	if (c->dev != NULL)
+		xfree(c->dev);
 
 	xfree(c);
 }
@@ -138,6 +141,12 @@ void nft_chain_attr_unset(struct nft_chain *c, uint16_t attr)
 	case NFT_CHAIN_ATTR_HANDLE:
 	case NFT_CHAIN_ATTR_FAMILY:
 		break;
+	case NFT_CHAIN_ATTR_DEV:
+		if (c->dev) {
+			xfree(c->dev);
+			c->dev = NULL;
+		}
+		break;
 	default:
 		return;
 	}
@@ -204,6 +213,12 @@ void nft_chain_attr_set_data(struct nft_chain *c, uint16_t attr,
 
 		c->type = strdup(data);
 		break;
+	case NFT_CHAIN_ATTR_DEV:
+		if (c->dev)
+			xfree(c->dev);
+
+		c->dev = strdup(data);
+		break;
 	}
 	c->flags |= (1 << attr);
 }
@@ -283,6 +298,8 @@ const void *nft_chain_attr_get_data(struct nft_chain *c, uint16_t attr,
 	case NFT_CHAIN_ATTR_TYPE:
 		*data_len = sizeof(uint32_t);
 		return c->type;
+	case NFT_CHAIN_ATTR_DEV:
+		return c->dev;
 	}
 	return NULL;
 }
@@ -358,6 +375,8 @@ void nft_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_chain
 		nest = mnl_attr_nest_start(nlh, NFTA_CHAIN_HOOK);
 		mnl_attr_put_u32(nlh, NFTA_HOOK_HOOKNUM, htonl(c->hooknum));
 		mnl_attr_put_u32(nlh, NFTA_HOOK_PRIORITY, htonl(c->prio));
+		if (c->flags & (1 << NFT_CHAIN_ATTR_DEV))
+			mnl_attr_put_strz(nlh, NFTA_HOOK_DEV, c->dev);
 		mnl_attr_nest_end(nlh, nest);
 	}
 	if (c->flags & (1 << NFT_CHAIN_ATTR_POLICY))
@@ -467,6 +486,10 @@ static int nft_chain_parse_hook_cb(const struct nlattr *attr, void *data)
 		if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
 			abi_breakage();
 		break;
+	case NFTA_HOOK_DEV:
+		if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0)
+			abi_breakage();
+		break;
 	}
 
 	tb[type] = attr;
@@ -488,6 +511,10 @@ static int nft_chain_parse_hook(struct nlattr *attr, struct nft_chain *c)
 		c->prio = ntohl(mnl_attr_get_u32(tb[NFTA_HOOK_PRIORITY]));
 		c->flags |= (1 << NFT_CHAIN_ATTR_PRIO);
 	}
+	if (tb[NFTA_HOOK_DEV]) {
+		c->dev = strdup(mnl_attr_get_str(tb[NFTA_HOOK_DEV]));
+		c->flags |= (1 << NFT_CHAIN_ATTR_DEV);
+	}
 
 	return 0;
 }
@@ -563,7 +590,7 @@ int nft_jansson_parse_chain(struct nft_chain *c, json_t *tree,
 	uint64_t handle, bytes, packets;
 	int policy_num;
 	int32_t family, prio, hooknum, use;
-	const char *name, *table, *type, *hooknum_str, *policy;
+	const char *name, *table, *type, *hooknum_str, *policy, *dev;
 
 	root = nft_jansson_get_node(tree, "chain", err);
 	if (root == NULL)
@@ -626,6 +653,10 @@ int nft_jansson_parse_chain(struct nft_chain *c, json_t *tree,
 			nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_POLICY,
 					       policy_num);
 		}
+
+		dev = nft_jansson_parse_str(root, "device", err);
+		if (dev != NULL)
+			nft_chain_attr_set_str(c, NFT_CHAIN_ATTR_DEV, dev);
 	}
 
 	return 0;
@@ -660,7 +691,7 @@ static int nft_chain_json_parse(struct nft_chain *c, const void *json,
 int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c,
 			 struct nft_parse_err *err)
 {
-	const char *table, *name, *hooknum_str, *policy_str, *type;
+	const char *table, *name, *hooknum_str, *policy_str, *type, *dev;
 	int family, hooknum, policy;
 	uint64_t handle, bytes, packets, prio, use;
 
@@ -729,6 +760,11 @@ int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c,
 			nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_POLICY,
 					       policy);
 		}
+		dev = nft_mxml_str_parse(tree, "device", MXML_DESCEND_FIRST,
+					 NFT_XML_MAND, err);
+
+		if (table != NULL)
+			nft_chain_attr_set_str(c, NFT_CHAIN_ATTR_DEV, dev);
 	}
 
 	return 0;
@@ -824,6 +860,8 @@ static int nft_chain_export(char *buf, size_t size, struct nft_chain *c,
 			nft_buf_s32(&b, type, c->prio, PRIO);
 		if (c->flags & (1 << NFT_CHAIN_ATTR_POLICY))
 			nft_buf_str(&b, type, nft_verdict2str(c->policy), POLICY);
+		if (c->flags & (1 << NFT_CHAIN_ATTR_DEV))
+			nft_buf_str(&b, type, c->dev, DEVICE);
 	}
 
 	nft_buf_close(&b, type, CHAIN);
@@ -848,6 +886,11 @@ static int nft_chain_snprintf_default(char *buf, size_t size,
 			       c->prio, nft_verdict2str(c->policy),
 			       c->packets, c->bytes);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+		if (c->flags & (1 << NFT_CHAIN_ATTR_DEV)) {
+			ret = snprintf(buf+offset, len, " dev %s ", c->dev);
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+		}
 	}
 
 	return offset;
diff --git a/src/table.c b/src/table.c
index f748d6d..ab0a8ea 100644
--- a/src/table.c
+++ b/src/table.c
@@ -32,7 +32,6 @@ struct nft_table {
 	const char	*name;
 	uint32_t	family;
 	uint32_t	table_flags;
-	const char	*dev;
 	uint32_t	use;
 	uint32_t	flags;
 };
@@ -75,12 +74,6 @@ void nft_table_attr_unset(struct nft_table *t, uint16_t attr)
 		break;
 	case NFT_TABLE_ATTR_USE:
 		break;
-	case NFT_TABLE_ATTR_DEV:
-		if (t->dev) {
-			xfree(t->dev);
-			t->dev = NULL;
-		}
-		break;
 	}
 	t->flags &= ~(1 << attr);
 }
@@ -115,12 +108,6 @@ void nft_table_attr_set_data(struct nft_table *t, uint16_t attr,
 	case NFT_TABLE_ATTR_USE:
 		t->use = *((uint32_t *)data);
 		break;
-	case NFT_TABLE_ATTR_DEV:
-		if (t->dev)
-			xfree(t->dev);
-
-		t->dev = strdup(data);
-		break;
 	}
 	t->flags |= (1 << attr);
 }
@@ -168,8 +155,6 @@ const void *nft_table_attr_get_data(struct nft_table *t, uint16_t attr,
 	case NFT_TABLE_ATTR_USE:
 		*data_len = sizeof(uint32_t);
 		return &t->use;
-	case NFT_TABLE_ATTR_DEV:
-		return t->dev;
 	}
 	return NULL;
 }
@@ -208,8 +193,6 @@ void nft_table_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_table
 		mnl_attr_put_strz(nlh, NFTA_TABLE_NAME, t->name);
 	if (t->flags & (1 << NFT_TABLE_ATTR_FLAGS))
 		mnl_attr_put_u32(nlh, NFTA_TABLE_FLAGS, htonl(t->table_flags));
-	if (t->flags & (1 << NFT_TABLE_ATTR_DEV))
-		mnl_attr_put_str(nlh, NFTA_TABLE_DEV, t->dev);
 }
 EXPORT_SYMBOL(nft_table_nlmsg_build_payload);
 
@@ -223,7 +206,6 @@ static int nft_table_parse_attr_cb(const struct nlattr *attr, void *data)
 
 	switch(type) {
 	case NFTA_TABLE_NAME:
-	case NFTA_TABLE_DEV:
 		if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0)
 			abi_breakage();
 		break;
@@ -258,10 +240,6 @@ int nft_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_table *t)
 		t->use = ntohl(mnl_attr_get_u32(tb[NFTA_TABLE_USE]));
 		t->flags |= (1 << NFT_TABLE_ATTR_USE);
 	}
-	if (tb[NFTA_TABLE_DEV]) {
-		t->dev = strdup(mnl_attr_get_str(tb[NFTA_TABLE_DEV]));
-		t->flags |= (1 << NFT_TABLE_ATTR_DEV);
-	}
 
 	t->family = nfg->nfgen_family;
 	t->flags |= (1 << NFT_TABLE_ATTR_FAMILY);
@@ -274,7 +252,7 @@ EXPORT_SYMBOL(nft_table_nlmsg_parse);
 int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t,
 			 struct nft_parse_err *err)
 {
-	const char *name, *dev;
+	const char *name;
 	int family;
 	uint32_t flags, use;
 
@@ -292,11 +270,6 @@ int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t,
 			       &flags, NFT_TYPE_U32, NFT_XML_MAND, err) == 0)
 		nft_table_attr_set_u32(t, NFT_TABLE_ATTR_FLAGS, flags);
 
-	dev = nft_mxml_str_parse(tree, "device", MXML_DESCEND_FIRST,
-				 NFT_XML_MAND, err);
-	if (dev != NULL)
-		nft_table_attr_set_str(t, NFT_TABLE_ATTR_DEV, dev);
-
 	if (nft_mxml_num_parse(tree, "use", MXML_DESCEND, BASE_DEC,
 			       &use, NFT_TYPE_U32, NFT_XML_MAND, err) == 0)
 		nft_table_attr_set_u32(t, NFT_TABLE_ATTR_USE, use);
@@ -330,7 +303,7 @@ int nft_jansson_parse_table(struct nft_table *t, json_t *tree,
 {
 	json_t *root;
 	uint32_t flags, use;
-	const char *str, *dev;
+	const char *str;
 	int family;
 
 	root = nft_jansson_get_node(tree, "table", err);
@@ -348,10 +321,6 @@ int nft_jansson_parse_table(struct nft_table *t, json_t *tree,
 				  err) == 0)
 		nft_table_attr_set_u32(t, NFT_TABLE_ATTR_FLAGS, flags);
 
-	dev = nft_jansson_parse_str(root, "device", err);
-	if (dev != NULL)
-		nft_table_attr_set_str(t, NFT_TABLE_ATTR_DEV, dev);
-
 	if (nft_jansson_parse_val(root, "use", NFT_TYPE_U32, &use, err) == 0)
 		nft_table_attr_set_u32(t, NFT_TABLE_ATTR_USE, use);
 
@@ -435,8 +404,6 @@ static int nft_table_export(char *buf, size_t size, struct nft_table *t,
 		nft_buf_str(&b, type, nft_family2str(t->family), FAMILY);
 	if (t->flags & (1 << NFT_TABLE_ATTR_FLAGS))
 		nft_buf_u32(&b, type, t->table_flags, FLAGS);
-	if (t->flags & (1 << NFT_TABLE_ATTR_DEV))
-		nft_buf_str(&b, type, t->dev, DEVICE);
 	if (t->flags & (1 << NFT_TABLE_ATTR_USE))
 		nft_buf_u32(&b, type, t->use, USE);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2015-06-11 20:43:54 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-06-16 17:29:57 +0200
commit	be97f91146d5717a1c6d43694fdb429b662846b3 (patch)
tree	285f64e6801b1614c8a7e2c496a7dfa44bee8dab /src
parent	1dd9ba1ea23c46d2c9ea1685b458afb9af459e58 (diff)