summaryrefslogtreecommitdiffstats
path: root/src/expr/xfrm.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/expr/xfrm.c')
-rw-r--r--src/expr/xfrm.c72
1 files changed, 15 insertions, 57 deletions
diff --git a/src/expr/xfrm.c b/src/expr/xfrm.c
index 7f6d7fe..2585579 100644
--- a/src/expr/xfrm.c
+++ b/src/expr/xfrm.c
@@ -10,7 +10,6 @@
#include <stdint.h>
#include <arpa/inet.h>
#include <errno.h>
-#include <assert.h>
#include <linux/netfilter/nf_tables.h>
#include <linux/xfrm.h>
@@ -34,16 +33,16 @@ nftnl_expr_xfrm_set(struct nftnl_expr *e, uint16_t type,
switch(type) {
case NFTNL_EXPR_XFRM_KEY:
- memcpy(&x->key, data, sizeof(x->key));
+ memcpy(&x->key, data, data_len);
break;
case NFTNL_EXPR_XFRM_DIR:
- memcpy(&x->dir, data, sizeof(x->dir));
+ memcpy(&x->dir, data, data_len);
break;
case NFTNL_EXPR_XFRM_SPNUM:
- memcpy(&x->spnum, data, sizeof(x->spnum));
+ memcpy(&x->spnum, data, data_len);
break;
case NFTNL_EXPR_XFRM_DREG:
- memcpy(&x->dreg, data, sizeof(x->dreg));
+ memcpy(&x->dreg, data, data_len);
break;
default:
return -1;
@@ -142,51 +141,6 @@ nftnl_expr_xfrm_parse(struct nftnl_expr *e, struct nlattr *attr)
return 0;
}
-static int
-nftnl_expr_xfrm_reg_len(const struct nftnl_expr *e)
-{
- const struct nftnl_expr_xfrm *xfrm = nftnl_expr_data(e);
-
- switch (xfrm->key) {
- case NFT_XFRM_KEY_REQID:
- case NFT_XFRM_KEY_SPI:
- return sizeof(uint32_t);
- case NFT_XFRM_KEY_DADDR_IP4:
- case NFT_XFRM_KEY_SADDR_IP4:
- return sizeof(struct in_addr);
- case NFT_XFRM_KEY_DADDR_IP6:
- case NFT_XFRM_KEY_SADDR_IP6:
- return sizeof(struct in6_addr);
- default:
- assert(0);
- break;
- }
-
- return sizeof(struct in_addr);
-}
-
-static bool
-nftnl_expr_xfrm_reg_cmp(const struct nftnl_reg *reg,
- const struct nftnl_expr *e)
-{
- const struct nftnl_expr_xfrm *xfrm = nftnl_expr_data(e);
-
- return reg->xfrm.key == xfrm->key &&
- reg->xfrm.spnum == xfrm->spnum &&
- reg->xfrm.dir == xfrm->dir;
-}
-
-static void
-nftnl_expr_xfrm_reg_update(struct nftnl_reg *reg,
- const struct nftnl_expr *e)
-{
- const struct nftnl_expr_xfrm *xfrm = nftnl_expr_data(e);
-
- reg->xfrm.key = xfrm->key;
- reg->xfrm.spnum = xfrm->spnum;
- reg->xfrm.dir = xfrm->dir;
-}
-
static const char *xfrmkey2str_array[] = {
[NFT_XFRM_KEY_DADDR_IP4] = "daddr4",
[NFT_XFRM_KEY_SADDR_IP4] = "saddr4",
@@ -234,18 +188,22 @@ nftnl_expr_xfrm_snprintf(char *buf, size_t remain,
return offset;
}
+static struct attr_policy xfrm_attr_policy[__NFTNL_EXPR_XFRM_MAX] = {
+ [NFTNL_EXPR_XFRM_DREG] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_EXPR_XFRM_SREG] = { .maxlen = 0 },
+ [NFTNL_EXPR_XFRM_KEY] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_EXPR_XFRM_DIR] = { .maxlen = sizeof(uint8_t) },
+ [NFTNL_EXPR_XFRM_SPNUM] = { .maxlen = sizeof(uint32_t) },
+};
+
struct expr_ops expr_ops_xfrm = {
.name = "xfrm",
.alloc_len = sizeof(struct nftnl_expr_xfrm),
- .max_attr = NFTA_XFRM_MAX,
+ .nftnl_max_attr = __NFTNL_EXPR_XFRM_MAX - 1,
+ .attr_policy = xfrm_attr_policy,
.set = nftnl_expr_xfrm_set,
.get = nftnl_expr_xfrm_get,
.parse = nftnl_expr_xfrm_parse,
.build = nftnl_expr_xfrm_build,
- .snprintf = nftnl_expr_xfrm_snprintf,
- .reg = {
- .len = nftnl_expr_xfrm_reg_len,
- .cmp = nftnl_expr_xfrm_reg_cmp,
- .update = nftnl_expr_xfrm_reg_update,
- },
+ .output = nftnl_expr_xfrm_snprintf,
};