summaryrefslogtreecommitdiffstats
path: root/src/expr/ct.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/expr/ct.c')
-rw-r--r--src/expr/ct.c104
1 files changed, 14 insertions, 90 deletions
diff --git a/src/expr/ct.c b/src/expr/ct.c
index f17491c..bea0522 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -14,7 +14,6 @@
#include <stdint.h>
#include <arpa/inet.h>
#include <errno.h>
-#include <assert.h>
#include <linux/netfilter/nf_tables.h>
#include "internal.h"
@@ -40,19 +39,17 @@ nftnl_expr_ct_set(struct nftnl_expr *e, uint16_t type,
switch(type) {
case NFTNL_EXPR_CT_KEY:
- memcpy(&ct->key, data, sizeof(ct->key));
+ memcpy(&ct->key, data, data_len);
break;
case NFTNL_EXPR_CT_DIR:
- memcpy(&ct->dir, data, sizeof(ct->dir));
+ memcpy(&ct->dir, data, data_len);
break;
case NFTNL_EXPR_CT_DREG:
- memcpy(&ct->dreg, data, sizeof(ct->dreg));
+ memcpy(&ct->dreg, data, data_len);
break;
case NFTNL_EXPR_CT_SREG:
- memcpy(&ct->sreg, data, sizeof(ct->sreg));
+ memcpy(&ct->sreg, data, data_len);
break;
- default:
- return -1;
}
return 0;
}
@@ -149,82 +146,6 @@ nftnl_expr_ct_parse(struct nftnl_expr *e, struct nlattr *attr)
return 0;
}
-#ifndef XT_CONNLABEL_MAXBIT
-#define XT_CONNLABEL_MAXBIT 127
-#endif
-
-#ifndef NF_CT_LABELS_MAX_SIZE
-#define NF_CT_LABELS_MAX_SIZE ((XT_CONNLABEL_MAXBIT + 1) / 8)
-#endif
-
-#ifndef NF_CT_HELPER_NAME_LEN
-#define NF_CT_HELPER_NAME_LEN 16
-#endif
-
-static int
-nftnl_expr_ct_reg_len(const struct nftnl_expr *e)
-{
- const struct nftnl_expr_ct *ct = nftnl_expr_data(e);
-
- switch (ct->key) {
- case NFT_CT_DIRECTION:
- case NFT_CT_PROTOCOL:
- case NFT_CT_L3PROTOCOL:
- return sizeof(uint8_t);
- case NFT_CT_ZONE:
- case NFT_CT_LABELS:
- return NF_CT_LABELS_MAX_SIZE;
- case NFT_CT_HELPER:
- return NF_CT_HELPER_NAME_LEN;
- case NFT_CT_PROTO_SRC:
- case NFT_CT_PROTO_DST:
- return sizeof(uint16_t);
- case NFT_CT_ID:
- case NFT_CT_STATE:
- case NFT_CT_STATUS:
- case NFT_CT_MARK:
- case NFT_CT_SECMARK:
- case NFT_CT_EXPIRATION:
- case NFT_CT_EVENTMASK:
- case NFT_CT_SRC_IP:
- case NFT_CT_DST_IP:
- return sizeof(uint32_t);
- case NFT_CT_BYTES:
- case NFT_CT_PKTS:
- case NFT_CT_AVGPKT:
- return sizeof(uint64_t);
- case NFT_CT_SRC:
- case NFT_CT_DST:
- case NFT_CT_SRC_IP6:
- case NFT_CT_DST_IP6:
- return sizeof(uint32_t) * 4;
- default:
- assert(0);
- }
-
- return sizeof(uint32_t);
-}
-
-static bool
-nftnl_expr_ct_reg_cmp(const struct nftnl_reg *reg,
- const struct nftnl_expr *e)
-{
- const struct nftnl_expr_ct *ct = nftnl_expr_data(e);
-
- return reg->ct.key == ct->key &&
- reg->ct.dir == ct->dir;
-}
-
-static void
-nftnl_expr_ct_reg_update(struct nftnl_reg *reg,
- const struct nftnl_expr *e)
-{
- const struct nftnl_expr_ct *ct = nftnl_expr_data(e);
-
- reg->ct.key = ct->key;
- reg->ct.dir = ct->dir;
-}
-
static const char *ctkey2str_array[NFT_CT_MAX + 1] = {
[NFT_CT_STATE] = "state",
[NFT_CT_DIRECTION] = "direction",
@@ -327,18 +248,21 @@ nftnl_expr_ct_snprintf(char *buf, size_t remain,
return offset;
}
+static struct attr_policy ct_attr_policy[__NFTNL_EXPR_CT_MAX] = {
+ [NFTNL_EXPR_CT_DREG] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_EXPR_CT_KEY] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_EXPR_CT_DIR] = { .maxlen = sizeof(uint8_t) },
+ [NFTNL_EXPR_CT_SREG] = { .maxlen = sizeof(uint32_t) },
+};
+
struct expr_ops expr_ops_ct = {
.name = "ct",
.alloc_len = sizeof(struct nftnl_expr_ct),
- .max_attr = NFTA_CT_MAX,
+ .nftnl_max_attr = __NFTNL_EXPR_CT_MAX - 1,
+ .attr_policy = ct_attr_policy,
.set = nftnl_expr_ct_set,
.get = nftnl_expr_ct_get,
.parse = nftnl_expr_ct_parse,
.build = nftnl_expr_ct_build,
- .snprintf = nftnl_expr_ct_snprintf,
- .reg = {
- .len = nftnl_expr_ct_reg_len,
- .cmp = nftnl_expr_ct_reg_cmp,
- .update = nftnl_expr_ct_reg_update,
- },
+ .output = nftnl_expr_ct_snprintf,
};