diff options
Diffstat (limited to 'src/obj')
-rw-r--r-- | src/obj/counter.c | 36 | ||||
-rw-r--r-- | src/obj/ct_expect.c | 63 | ||||
-rw-r--r-- | src/obj/ct_helper.c | 39 | ||||
-rw-r--r-- | src/obj/ct_timeout.c | 61 | ||||
-rw-r--r-- | src/obj/limit.c | 46 | ||||
-rw-r--r-- | src/obj/quota.c | 40 | ||||
-rw-r--r-- | src/obj/secmark.c | 32 | ||||
-rw-r--r-- | src/obj/synproxy.c | 39 | ||||
-rw-r--r-- | src/obj/tunnel.c | 77 |
9 files changed, 177 insertions, 256 deletions
diff --git a/src/obj/counter.c b/src/obj/counter.c index 1baba4e..19e09ed 100644 --- a/src/obj/counter.c +++ b/src/obj/counter.c @@ -29,13 +29,11 @@ nftnl_obj_counter_set(struct nftnl_obj *e, uint16_t type, switch(type) { case NFTNL_OBJ_CTR_BYTES: - memcpy(&ctr->bytes, data, sizeof(ctr->bytes)); + memcpy(&ctr->bytes, data, data_len); break; case NFTNL_OBJ_CTR_PKTS: - memcpy(&ctr->pkts, data, sizeof(ctr->pkts)); + memcpy(&ctr->pkts, data, data_len); break; - default: - return -1; } return 0; } @@ -109,8 +107,8 @@ nftnl_obj_counter_parse(struct nftnl_obj *e, struct nlattr *attr) return 0; } -static int nftnl_obj_counter_snprintf_default(char *buf, size_t len, - const struct nftnl_obj *e) +static int nftnl_obj_counter_snprintf(char *buf, size_t len, uint32_t flags, + const struct nftnl_obj *e) { struct nftnl_obj_counter *ctr = nftnl_obj_data(e); @@ -118,32 +116,20 @@ static int nftnl_obj_counter_snprintf_default(char *buf, size_t len, ctr->pkts, ctr->bytes); } -static int nftnl_obj_counter_snprintf(char *buf, size_t len, uint32_t type, - uint32_t flags, - const struct nftnl_obj *e) -{ - if (len) - buf[0] = '\0'; - - switch (type) { - case NFTNL_OUTPUT_DEFAULT: - return nftnl_obj_counter_snprintf_default(buf, len, e); - case NFTNL_OUTPUT_XML: - case NFTNL_OUTPUT_JSON: - default: - break; - } - return -1; -} +static struct attr_policy obj_ctr_attr_policy[__NFTNL_OBJ_CTR_MAX] = { + [NFTNL_OBJ_CTR_BYTES] = { .maxlen = sizeof(uint64_t) }, + [NFTNL_OBJ_CTR_PKTS] = { .maxlen = sizeof(uint64_t) }, +}; struct obj_ops obj_ops_counter = { .name = "counter", .type = NFT_OBJECT_COUNTER, .alloc_len = sizeof(struct nftnl_obj_counter), - .max_attr = NFTA_COUNTER_MAX, + .nftnl_max_attr = __NFTNL_OBJ_CTR_MAX - 1, + .attr_policy = obj_ctr_attr_policy, .set = nftnl_obj_counter_set, .get = nftnl_obj_counter_get, .parse = nftnl_obj_counter_parse, .build = nftnl_obj_counter_build, - .snprintf = nftnl_obj_counter_snprintf, + .output = nftnl_obj_counter_snprintf, }; diff --git a/src/obj/ct_expect.c b/src/obj/ct_expect.c index c0bb5ba..b4d6faa 100644 --- a/src/obj/ct_expect.c +++ b/src/obj/ct_expect.c @@ -21,22 +21,20 @@ static int nftnl_obj_ct_expect_set(struct nftnl_obj *e, uint16_t type, switch (type) { case NFTNL_OBJ_CT_EXPECT_L3PROTO: - memcpy(&exp->l3proto, data, sizeof(exp->l3proto)); + memcpy(&exp->l3proto, data, data_len); break; case NFTNL_OBJ_CT_EXPECT_L4PROTO: - memcpy(&exp->l4proto, data, sizeof(exp->l4proto)); + memcpy(&exp->l4proto, data, data_len); break; case NFTNL_OBJ_CT_EXPECT_DPORT: - memcpy(&exp->dport, data, sizeof(exp->dport)); + memcpy(&exp->dport, data, data_len); break; case NFTNL_OBJ_CT_EXPECT_TIMEOUT: - memcpy(&exp->timeout, data, sizeof(exp->timeout)); + memcpy(&exp->timeout, data, data_len); break; case NFTNL_OBJ_CT_EXPECT_SIZE: - memcpy(&exp->size, data, sizeof(exp->size)); + memcpy(&exp->size, data, data_len); break; - default: - return -1; } return 0; } @@ -151,31 +149,35 @@ nftnl_obj_ct_expect_parse(struct nftnl_obj *e, struct nlattr *attr) return 0; } -static int nftnl_obj_ct_expect_snprintf_default(char *buf, size_t len, - const struct nftnl_obj *e) +static int nftnl_obj_ct_expect_snprintf(char *buf, size_t remain, + uint32_t flags, + const struct nftnl_obj *e) { - int ret = 0; - int offset = 0, remain = len; struct nftnl_obj_ct_expect *exp = nftnl_obj_data(e); + int ret = 0, offset = 0; if (e->flags & (1 << NFTNL_OBJ_CT_EXPECT_L3PROTO)) { - ret = snprintf(buf + offset, len, "family %d ", exp->l3proto); + ret = snprintf(buf + offset, remain, + "family %d ", exp->l3proto); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } if (e->flags & (1 << NFTNL_OBJ_CT_EXPECT_L4PROTO)) { - ret = snprintf(buf + offset, len, "protocol %d ", exp->l4proto); + ret = snprintf(buf + offset, remain, + "protocol %d ", exp->l4proto); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } if (e->flags & (1 << NFTNL_OBJ_CT_EXPECT_DPORT)) { - ret = snprintf(buf + offset, len, "dport %d ", exp->dport); + ret = snprintf(buf + offset, remain, + "dport %d ", exp->dport); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } if (e->flags & (1 << NFTNL_OBJ_CT_EXPECT_TIMEOUT)) { - ret = snprintf(buf + offset, len, "timeout %d ", exp->timeout); + ret = snprintf(buf + offset, remain, + "timeout %d ", exp->timeout); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } if (e->flags & (1 << NFTNL_OBJ_CT_EXPECT_SIZE)) { - ret = snprintf(buf + offset, len, "size %d ", exp->size); + ret = snprintf(buf + offset, remain, "size %d ", exp->size); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } @@ -183,31 +185,24 @@ static int nftnl_obj_ct_expect_snprintf_default(char *buf, size_t len, return offset; } -static int nftnl_obj_ct_expect_snprintf(char *buf, size_t len, uint32_t type, - uint32_t flags, - const struct nftnl_obj *e) -{ - if (len) - buf[0] = '\0'; - - switch (type) { - case NFTNL_OUTPUT_DEFAULT: - return nftnl_obj_ct_expect_snprintf_default(buf, len, e); - case NFTNL_OUTPUT_JSON: - default: - break; - } - return -1; -} +static struct attr_policy +obj_ct_expect_attr_policy[__NFTNL_OBJ_CT_EXPECT_MAX] = { + [NFTNL_OBJ_CT_EXPECT_L3PROTO] = { .maxlen = sizeof(uint16_t) }, + [NFTNL_OBJ_CT_EXPECT_L4PROTO] = { .maxlen = sizeof(uint8_t) }, + [NFTNL_OBJ_CT_EXPECT_DPORT] = { .maxlen = sizeof(uint16_t) }, + [NFTNL_OBJ_CT_EXPECT_TIMEOUT] = { .maxlen = sizeof(uint32_t) }, + [NFTNL_OBJ_CT_EXPECT_SIZE] = { .maxlen = sizeof(uint8_t) }, +}; struct obj_ops obj_ops_ct_expect = { .name = "ct_expect", .type = NFT_OBJECT_CT_EXPECT, .alloc_len = sizeof(struct nftnl_obj_ct_expect), - .max_attr = NFTA_CT_EXPECT_MAX, + .nftnl_max_attr = __NFTNL_OBJ_CT_EXPECT_MAX - 1, + .attr_policy = obj_ct_expect_attr_policy, .set = nftnl_obj_ct_expect_set, .get = nftnl_obj_ct_expect_get, .parse = nftnl_obj_ct_expect_parse, .build = nftnl_obj_ct_expect_build, - .snprintf = nftnl_obj_ct_expect_snprintf, + .output = nftnl_obj_ct_expect_snprintf, }; diff --git a/src/obj/ct_helper.c b/src/obj/ct_helper.c index d91f636..1feccf2 100644 --- a/src/obj/ct_helper.c +++ b/src/obj/ct_helper.c @@ -32,13 +32,11 @@ static int nftnl_obj_ct_helper_set(struct nftnl_obj *e, uint16_t type, snprintf(helper->name, sizeof(helper->name), "%s", (const char *)data); break; case NFTNL_OBJ_CT_HELPER_L3PROTO: - memcpy(&helper->l3proto, data, sizeof(helper->l3proto)); + memcpy(&helper->l3proto, data, data_len); break; case NFTNL_OBJ_CT_HELPER_L4PROTO: - memcpy(&helper->l4proto, data, sizeof(helper->l4proto)); + memcpy(&helper->l4proto, data, data_len); break; - default: - return -1; } return 0; } @@ -131,8 +129,9 @@ nftnl_obj_ct_helper_parse(struct nftnl_obj *e, struct nlattr *attr) return 0; } -static int nftnl_obj_ct_helper_snprintf_default(char *buf, size_t len, - const struct nftnl_obj *e) +static int nftnl_obj_ct_helper_snprintf(char *buf, size_t len, + uint32_t flags, + const struct nftnl_obj *e) { struct nftnl_obj_ct_helper *helper = nftnl_obj_data(e); @@ -140,31 +139,25 @@ static int nftnl_obj_ct_helper_snprintf_default(char *buf, size_t len, helper->name, helper->l3proto, helper->l4proto); } -static int nftnl_obj_ct_helper_snprintf(char *buf, size_t len, uint32_t type, - uint32_t flags, - const struct nftnl_obj *e) -{ - if (len) - buf[0] = '\0'; +/* from kernel's include/net/netfilter/nf_conntrack_helper.h */ +#define NF_CT_HELPER_NAME_LEN 16 - switch (type) { - case NFTNL_OUTPUT_DEFAULT: - return nftnl_obj_ct_helper_snprintf_default(buf, len, e); - case NFTNL_OUTPUT_JSON: - default: - break; - } - return -1; -} +static struct attr_policy +obj_ct_helper_attr_policy[__NFTNL_OBJ_CT_HELPER_MAX] = { + [NFTNL_OBJ_CT_HELPER_NAME] = { .maxlen = NF_CT_HELPER_NAME_LEN }, + [NFTNL_OBJ_CT_HELPER_L3PROTO] = { .maxlen = sizeof(uint16_t) }, + [NFTNL_OBJ_CT_HELPER_L4PROTO] = { .maxlen = sizeof(uint8_t) }, +}; struct obj_ops obj_ops_ct_helper = { .name = "ct_helper", .type = NFT_OBJECT_CT_HELPER, .alloc_len = sizeof(struct nftnl_obj_ct_helper), - .max_attr = NFTA_CT_HELPER_MAX, + .nftnl_max_attr = __NFTNL_OBJ_CT_HELPER_MAX - 1, + .attr_policy = obj_ct_helper_attr_policy, .set = nftnl_obj_ct_helper_set, .get = nftnl_obj_ct_helper_get, .parse = nftnl_obj_ct_helper_parse, .build = nftnl_obj_ct_helper_build, - .snprintf = nftnl_obj_ct_helper_snprintf, + .output = nftnl_obj_ct_helper_snprintf, }; diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c index 2662cac..b9b688e 100644 --- a/src/obj/ct_timeout.c +++ b/src/obj/ct_timeout.c @@ -21,7 +21,7 @@ #include "obj.h" -static const char *const tcp_state_to_name[] = { +static const char *const tcp_state_to_name[NFTNL_CTTIMEOUT_TCP_MAX] = { [NFTNL_CTTIMEOUT_TCP_SYN_SENT] = "SYN_SENT", [NFTNL_CTTIMEOUT_TCP_SYN_RECV] = "SYN_RECV", [NFTNL_CTTIMEOUT_TCP_ESTABLISHED] = "ESTABLISHED", @@ -35,7 +35,7 @@ static const char *const tcp_state_to_name[] = { [NFTNL_CTTIMEOUT_TCP_UNACK] = "UNACKNOWLEDGED", }; -static uint32_t tcp_dflt_timeout[] = { +static uint32_t tcp_dflt_timeout[NFTNL_CTTIMEOUT_TCP_MAX] = { [NFTNL_CTTIMEOUT_TCP_SYN_SENT] = 120, [NFTNL_CTTIMEOUT_TCP_SYN_RECV] = 60, [NFTNL_CTTIMEOUT_TCP_ESTABLISHED] = 432000, @@ -49,12 +49,12 @@ static uint32_t tcp_dflt_timeout[] = { [NFTNL_CTTIMEOUT_TCP_UNACK] = 300, }; -static const char *const udp_state_to_name[] = { +static const char *const udp_state_to_name[NFTNL_CTTIMEOUT_UDP_MAX] = { [NFTNL_CTTIMEOUT_UDP_UNREPLIED] = "UNREPLIED", [NFTNL_CTTIMEOUT_UDP_REPLIED] = "REPLIED", }; -static uint32_t udp_dflt_timeout[] = { +static uint32_t udp_dflt_timeout[NFTNL_CTTIMEOUT_UDP_MAX] = { [NFTNL_CTTIMEOUT_UDP_UNREPLIED] = 30, [NFTNL_CTTIMEOUT_UDP_REPLIED] = 180, }; @@ -150,17 +150,18 @@ static int nftnl_obj_ct_timeout_set(struct nftnl_obj *e, uint16_t type, switch (type) { case NFTNL_OBJ_CT_TIMEOUT_L3PROTO: - memcpy(&timeout->l3proto, data, sizeof(timeout->l3proto)); + memcpy(&timeout->l3proto, data, data_len); break; case NFTNL_OBJ_CT_TIMEOUT_L4PROTO: - memcpy(&timeout->l4proto, data, sizeof(timeout->l4proto)); + memcpy(&timeout->l4proto, data, data_len); break; case NFTNL_OBJ_CT_TIMEOUT_ARRAY: + if (data_len < sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX) + return -1; + memcpy(timeout->timeout, data, sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX); break; - default: - return -1; } return 0; } @@ -257,21 +258,21 @@ nftnl_obj_ct_timeout_parse(struct nftnl_obj *e, struct nlattr *attr) return 0; } -static int nftnl_obj_ct_timeout_snprintf_default(char *buf, size_t len, - const struct nftnl_obj *e) +static int nftnl_obj_ct_timeout_snprintf(char *buf, size_t remain, + uint32_t flags, + const struct nftnl_obj *e) { - int ret = 0; - int offset = 0, remain = len; + int ret = 0, offset = 0; struct nftnl_obj_ct_timeout *timeout = nftnl_obj_data(e); if (e->flags & (1 << NFTNL_OBJ_CT_TIMEOUT_L3PROTO)) { - ret = snprintf(buf + offset, len, "family %d ", + ret = snprintf(buf + offset, remain, "family %d ", timeout->l3proto); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } if (e->flags & (1 << NFTNL_OBJ_CT_TIMEOUT_L4PROTO)) { - ret = snprintf(buf + offset, len, "protocol %d ", + ret = snprintf(buf + offset, remain, "protocol %d ", timeout->l4proto); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } @@ -283,7 +284,7 @@ static int nftnl_obj_ct_timeout_snprintf_default(char *buf, size_t len, if (timeout_protocol[timeout->l4proto].attr_max == 0) l4num = IPPROTO_RAW; - ret = snprintf(buf + offset, len, "policy = {"); + ret = snprintf(buf + offset, remain, "policy = {"); SNPRINTF_BUFFER_SIZE(ret, remain, offset); for (i = 0; i < timeout_protocol[l4num].attr_max; i++) { @@ -293,13 +294,13 @@ static int nftnl_obj_ct_timeout_snprintf_default(char *buf, size_t len, "UNKNOWN"; if (timeout->timeout[i] != timeout_protocol[l4num].dflt_timeout[i]) { - ret = snprintf(buf + offset, len, + ret = snprintf(buf + offset, remain, "%s = %u,", state_name, timeout->timeout[i]); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } } - ret = snprintf(buf + offset, len, "}"); + ret = snprintf(buf + offset, remain, "}"); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } buf[offset] = '\0'; @@ -307,31 +308,21 @@ static int nftnl_obj_ct_timeout_snprintf_default(char *buf, size_t len, return offset; } -static int nftnl_obj_ct_timeout_snprintf(char *buf, size_t len, uint32_t type, - uint32_t flags, - const struct nftnl_obj *e) -{ - if (len) - buf[0] = '\0'; - - switch (type) { - case NFTNL_OUTPUT_DEFAULT: - return nftnl_obj_ct_timeout_snprintf_default(buf, len, e); - case NFTNL_OUTPUT_JSON: - default: - break; - } - return -1; -} +static struct attr_policy +obj_ct_timeout_attr_policy[__NFTNL_OBJ_CT_TIMEOUT_MAX] = { + [NFTNL_OBJ_CT_TIMEOUT_L3PROTO] = { .maxlen = sizeof(uint16_t) }, + [NFTNL_OBJ_CT_TIMEOUT_L4PROTO] = { .maxlen = sizeof(uint8_t) }, +}; struct obj_ops obj_ops_ct_timeout = { .name = "ct_timeout", .type = NFT_OBJECT_CT_TIMEOUT, .alloc_len = sizeof(struct nftnl_obj_ct_timeout), - .max_attr = NFTA_CT_TIMEOUT_MAX, + .nftnl_max_attr = __NFTNL_OBJ_CT_TIMEOUT_MAX - 1, + .attr_policy = obj_ct_timeout_attr_policy, .set = nftnl_obj_ct_timeout_set, .get = nftnl_obj_ct_timeout_get, .parse = nftnl_obj_ct_timeout_parse, .build = nftnl_obj_ct_timeout_build, - .snprintf = nftnl_obj_ct_timeout_snprintf, + .output = nftnl_obj_ct_timeout_snprintf, }; diff --git a/src/obj/limit.c b/src/obj/limit.c index 60b0159..cbf30b4 100644 --- a/src/obj/limit.c +++ b/src/obj/limit.c @@ -28,22 +28,20 @@ static int nftnl_obj_limit_set(struct nftnl_obj *e, uint16_t type, switch (type) { case NFTNL_OBJ_LIMIT_RATE: - memcpy(&limit->rate, data, sizeof(limit->rate)); + memcpy(&limit->rate, data, data_len); break; case NFTNL_OBJ_LIMIT_UNIT: - memcpy(&limit->unit, data, sizeof(limit->unit)); + memcpy(&limit->unit, data, data_len); break; case NFTNL_OBJ_LIMIT_BURST: - memcpy(&limit->burst, data, sizeof(limit->burst)); + memcpy(&limit->burst, data, data_len); break; case NFTNL_OBJ_LIMIT_TYPE: - memcpy(&limit->type, data, sizeof(limit->type)); + memcpy(&limit->type, data, data_len); break; case NFTNL_OBJ_LIMIT_FLAGS: - memcpy(&limit->flags, data, sizeof(limit->flags)); + memcpy(&limit->flags, data, data_len); break; - default: - return -1; } return 0; } @@ -148,8 +146,9 @@ static int nftnl_obj_limit_parse(struct nftnl_obj *e, struct nlattr *attr) return 0; } -static int nftnl_obj_limit_snprintf_default(char *buf, size_t len, - const struct nftnl_obj *e) +static int nftnl_obj_limit_snprintf(char *buf, size_t len, + uint32_t flags, + const struct nftnl_obj *e) { struct nftnl_obj_limit *limit = nftnl_obj_data(e); @@ -158,32 +157,23 @@ static int nftnl_obj_limit_snprintf_default(char *buf, size_t len, limit->burst, limit->type, limit->flags); } -static int nftnl_obj_limit_snprintf(char *buf, size_t len, uint32_t type, - uint32_t flags, - const struct nftnl_obj *e) -{ - if (len) - buf[0] = '\0'; - - switch (type) { - case NFTNL_OUTPUT_DEFAULT: - return nftnl_obj_limit_snprintf_default(buf, len, e); - case NFTNL_OUTPUT_XML: - case NFTNL_OUTPUT_JSON: - default: - break; - } - return -1; -} +static struct attr_policy obj_limit_attr_policy[__NFTNL_OBJ_LIMIT_MAX] = { + [NFTNL_OBJ_LIMIT_RATE] = { .maxlen = sizeof(uint64_t) }, + [NFTNL_OBJ_LIMIT_UNIT] = { .maxlen = sizeof(uint64_t) }, + [NFTNL_OBJ_LIMIT_BURST] = { .maxlen = sizeof(uint32_t) }, + [NFTNL_OBJ_LIMIT_TYPE] = { .maxlen = sizeof(uint32_t) }, + [NFTNL_OBJ_LIMIT_FLAGS] = { .maxlen = sizeof(uint32_t) }, +}; struct obj_ops obj_ops_limit = { .name = "limit", .type = NFT_OBJECT_LIMIT, .alloc_len = sizeof(struct nftnl_obj_limit), - .max_attr = NFTA_LIMIT_MAX, + .nftnl_max_attr = __NFTNL_OBJ_LIMIT_MAX - 1, + .attr_policy = obj_limit_attr_policy, .set = nftnl_obj_limit_set, .get = nftnl_obj_limit_get, .parse = nftnl_obj_limit_parse, .build = nftnl_obj_limit_build, - .snprintf = nftnl_obj_limit_snprintf, + .output = nftnl_obj_limit_snprintf, }; diff --git a/src/obj/quota.c b/src/obj/quota.c index 1914037..526db8e 100644 --- a/src/obj/quota.c +++ b/src/obj/quota.c @@ -28,16 +28,14 @@ static int nftnl_obj_quota_set(struct nftnl_obj *e, uint16_t type, switch (type) { case NFTNL_OBJ_QUOTA_BYTES: - memcpy("a->bytes, data, sizeof(quota->bytes)); + memcpy("a->bytes, data, data_len); break; case NFTNL_OBJ_QUOTA_CONSUMED: - memcpy("a->consumed, data, sizeof(quota->consumed)); + memcpy("a->consumed, data, data_len); break; case NFTNL_OBJ_QUOTA_FLAGS: - memcpy("a->flags, data, sizeof(quota->flags)); + memcpy("a->flags, data, data_len); break; - default: - return -1; } return 0; } @@ -125,8 +123,9 @@ nftnl_obj_quota_parse(struct nftnl_obj *e, struct nlattr *attr) return 0; } -static int nftnl_obj_quota_snprintf_default(char *buf, size_t len, - const struct nftnl_obj *e) +static int nftnl_obj_quota_snprintf(char *buf, size_t len, + uint32_t flags, + const struct nftnl_obj *e) { struct nftnl_obj_quota *quota = nftnl_obj_data(e); @@ -134,32 +133,21 @@ static int nftnl_obj_quota_snprintf_default(char *buf, size_t len, quota->bytes, quota->flags); } -static int nftnl_obj_quota_snprintf(char *buf, size_t len, uint32_t type, - uint32_t flags, - const struct nftnl_obj *e) -{ - if (len) - buf[0] = '\0'; - - switch (type) { - case NFTNL_OUTPUT_DEFAULT: - return nftnl_obj_quota_snprintf_default(buf, len, e); - case NFTNL_OUTPUT_XML: - case NFTNL_OUTPUT_JSON: - default: - break; - } - return -1; -} +static struct attr_policy obj_quota_attr_policy[__NFTNL_OBJ_QUOTA_MAX] = { + [NFTNL_OBJ_QUOTA_BYTES] = { .maxlen = sizeof(uint64_t) }, + [NFTNL_OBJ_QUOTA_CONSUMED] = { .maxlen = sizeof(uint64_t) }, + [NFTNL_OBJ_QUOTA_FLAGS] = { .maxlen = sizeof(uint32_t) }, +}; struct obj_ops obj_ops_quota = { .name = "quota", .type = NFT_OBJECT_QUOTA, .alloc_len = sizeof(struct nftnl_obj_quota), - .max_attr = NFTA_QUOTA_MAX, + .nftnl_max_attr = __NFTNL_OBJ_QUOTA_MAX - 1, + .attr_policy = obj_quota_attr_policy, .set = nftnl_obj_quota_set, .get = nftnl_obj_quota_get, .parse = nftnl_obj_quota_parse, .build = nftnl_obj_quota_build, - .snprintf = nftnl_obj_quota_snprintf, + .output = nftnl_obj_quota_snprintf, }; diff --git a/src/obj/secmark.c b/src/obj/secmark.c index e27b5fa..eea9664 100644 --- a/src/obj/secmark.c +++ b/src/obj/secmark.c @@ -30,8 +30,6 @@ static int nftnl_obj_secmark_set(struct nftnl_obj *e, uint16_t type, case NFTNL_OBJ_SECMARK_CTX: snprintf(secmark->ctx, sizeof(secmark->ctx), "%s", (const char *)data); break; - default: - return -1; } return 0; } @@ -98,40 +96,28 @@ nftnl_obj_secmark_parse(struct nftnl_obj *e, struct nlattr *attr) return 0; } -static int nftnl_obj_secmark_snprintf_default(char *buf, size_t len, - const struct nftnl_obj *e) +static int nftnl_obj_secmark_snprintf(char *buf, size_t len, + uint32_t flags, + const struct nftnl_obj *e) { struct nftnl_obj_secmark *secmark = nftnl_obj_data(e); return snprintf(buf, len, "context %s ", secmark->ctx); } -static int nftnl_obj_secmark_snprintf(char *buf, size_t len, uint32_t type, - uint32_t flags, - const struct nftnl_obj *e) -{ - if (len) - buf[0] = '\0'; - - switch (type) { - case NFTNL_OUTPUT_DEFAULT: - return nftnl_obj_secmark_snprintf_default(buf, len, e); - case NFTNL_OUTPUT_XML: - case NFTNL_OUTPUT_JSON: - default: - break; - } - return -1; -} +static struct attr_policy obj_secmark_attr_policy[__NFTNL_OBJ_SECMARK_MAX] = { + [NFTNL_OBJ_SECMARK_CTX] = { .maxlen = NFT_SECMARK_CTX_MAXLEN }, +}; struct obj_ops obj_ops_secmark = { .name = "secmark", .type = NFT_OBJECT_SECMARK, .alloc_len = sizeof(struct nftnl_obj_secmark), - .max_attr = NFTA_SECMARK_MAX, + .nftnl_max_attr = __NFTNL_OBJ_SECMARK_MAX - 1, + .attr_policy = obj_secmark_attr_policy, .set = nftnl_obj_secmark_set, .get = nftnl_obj_secmark_get, .parse = nftnl_obj_secmark_parse, .build = nftnl_obj_secmark_build, - .snprintf = nftnl_obj_secmark_snprintf, + .output = nftnl_obj_secmark_snprintf, }; diff --git a/src/obj/synproxy.c b/src/obj/synproxy.c index 56ebc85..65fbcf7 100644 --- a/src/obj/synproxy.c +++ b/src/obj/synproxy.c @@ -19,16 +19,14 @@ static int nftnl_obj_synproxy_set(struct nftnl_obj *e, uint16_t type, switch (type) { case NFTNL_OBJ_SYNPROXY_MSS: - synproxy->mss = *((uint16_t *)data); + memcpy(&synproxy->mss, data, data_len); break; case NFTNL_OBJ_SYNPROXY_WSCALE: - synproxy->wscale = *((uint8_t *)data); + memcpy(&synproxy->wscale, data, data_len); break; case NFTNL_OBJ_SYNPROXY_FLAGS: - synproxy->flags = *((uint32_t *)data); + memcpy(&synproxy->flags, data, data_len); break; - default: - return -1; } return 0; } @@ -117,11 +115,12 @@ static int nftnl_obj_synproxy_parse(struct nftnl_obj *e, struct nlattr *attr) return 0; } -static int nftnl_obj_synproxy_snprintf_default(char *buf, size_t size, - const struct nftnl_obj *e) +static int nftnl_obj_synproxy_snprintf(char *buf, size_t len, + uint32_t flags, + const struct nftnl_obj *e) { struct nftnl_obj_synproxy *synproxy = nftnl_obj_data(e); - int ret, offset = 0, len = size; + int ret, offset = 0; if (e->flags & (1 << NFTNL_OBJ_SYNPROXY_MSS) && e->flags & (1 << NFTNL_OBJ_SYNPROXY_WSCALE)) { @@ -133,29 +132,21 @@ static int nftnl_obj_synproxy_snprintf_default(char *buf, size_t size, return offset; } -static int nftnl_obj_synproxy_snprintf(char *buf, size_t len, uint32_t type, - uint32_t flags, - const struct nftnl_obj *e) -{ - switch (type) { - case NFTNL_OUTPUT_DEFAULT: - return nftnl_obj_synproxy_snprintf_default(buf, len, e); - case NFTNL_OUTPUT_XML: - case NFTNL_OUTPUT_JSON: - default: - break; - } - return -1; -} +static struct attr_policy obj_synproxy_attr_policy[__NFTNL_OBJ_SYNPROXY_MAX] = { + [NFTNL_OBJ_SYNPROXY_MSS] = { .maxlen = sizeof(uint16_t) }, + [NFTNL_OBJ_SYNPROXY_WSCALE] = { .maxlen = sizeof(uint8_t) }, + [NFTNL_OBJ_SYNPROXY_FLAGS] = { .maxlen = sizeof(uint32_t) }, +}; struct obj_ops obj_ops_synproxy = { .name = "synproxy", .type = NFT_OBJECT_SYNPROXY, .alloc_len = sizeof(struct nftnl_obj_synproxy), - .max_attr = NFTA_SYNPROXY_MAX, + .nftnl_max_attr = __NFTNL_OBJ_SYNPROXY_MAX - 1, + .attr_policy = obj_synproxy_attr_policy, .set = nftnl_obj_synproxy_set, .get = nftnl_obj_synproxy_get, .parse = nftnl_obj_synproxy_parse, .build = nftnl_obj_synproxy_build, - .snprintf = nftnl_obj_synproxy_snprintf, + .output = nftnl_obj_synproxy_snprintf, }; diff --git a/src/obj/tunnel.c b/src/obj/tunnel.c index 100aa09..0309410 100644 --- a/src/obj/tunnel.c +++ b/src/obj/tunnel.c @@ -29,55 +29,53 @@ nftnl_obj_tunnel_set(struct nftnl_obj *e, uint16_t type, switch (type) { case NFTNL_OBJ_TUNNEL_ID: - memcpy(&tun->id, data, sizeof(tun->id)); + memcpy(&tun->id, data, data_len); break; case NFTNL_OBJ_TUNNEL_IPV4_SRC: - memcpy(&tun->src_v4, data, sizeof(tun->src_v4)); + memcpy(&tun->src_v4, data, data_len); break; case NFTNL_OBJ_TUNNEL_IPV4_DST: - memcpy(&tun->dst_v4, data, sizeof(tun->dst_v4)); + memcpy(&tun->dst_v4, data, data_len); break; case NFTNL_OBJ_TUNNEL_IPV6_SRC: - memcpy(&tun->src_v6, data, sizeof(struct in6_addr)); + memcpy(&tun->src_v6, data, data_len); break; case NFTNL_OBJ_TUNNEL_IPV6_DST: - memcpy(&tun->dst_v6, data, sizeof(struct in6_addr)); + memcpy(&tun->dst_v6, data, data_len); break; case NFTNL_OBJ_TUNNEL_IPV6_FLOWLABEL: - memcpy(&tun->flowlabel, data, sizeof(tun->flowlabel)); + memcpy(&tun->flowlabel, data, data_len); break; case NFTNL_OBJ_TUNNEL_SPORT: - memcpy(&tun->sport, data, sizeof(tun->sport)); + memcpy(&tun->sport, data, data_len); break; case NFTNL_OBJ_TUNNEL_DPORT: - memcpy(&tun->dport, data, sizeof(tun->dport)); + memcpy(&tun->dport, data, data_len); break; case NFTNL_OBJ_TUNNEL_FLAGS: - memcpy(&tun->tun_flags, data, sizeof(tun->tun_flags)); + memcpy(&tun->tun_flags, data, data_len); break; case NFTNL_OBJ_TUNNEL_TOS: - memcpy(&tun->tun_tos, data, sizeof(tun->tun_tos)); + memcpy(&tun->tun_tos, data, data_len); break; case NFTNL_OBJ_TUNNEL_TTL: - memcpy(&tun->tun_ttl, data, sizeof(tun->tun_ttl)); + memcpy(&tun->tun_ttl, data, data_len); break; case NFTNL_OBJ_TUNNEL_VXLAN_GBP: - memcpy(&tun->u.tun_vxlan.gbp, data, sizeof(tun->u.tun_vxlan.gbp)); + memcpy(&tun->u.tun_vxlan.gbp, data, data_len); break; case NFTNL_OBJ_TUNNEL_ERSPAN_VERSION: - memcpy(&tun->u.tun_erspan.version, data, sizeof(tun->u.tun_erspan.version)); + memcpy(&tun->u.tun_erspan.version, data, data_len); break; case NFTNL_OBJ_TUNNEL_ERSPAN_V1_INDEX: - memcpy(&tun->u.tun_erspan.u.v1_index, data, sizeof(tun->u.tun_erspan.u.v1_index)); + memcpy(&tun->u.tun_erspan.u.v1_index, data, data_len); break; case NFTNL_OBJ_TUNNEL_ERSPAN_V2_HWID: - memcpy(&tun->u.tun_erspan.u.v2.hwid, data, sizeof(tun->u.tun_erspan.u.v2.hwid)); + memcpy(&tun->u.tun_erspan.u.v2.hwid, data, data_len); break; case NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR: - memcpy(&tun->u.tun_erspan.u.v2.dir, data, sizeof(tun->u.tun_erspan.u.v2.dir)); + memcpy(&tun->u.tun_erspan.u.v2.dir, data, data_len); break; - default: - return -1; } return 0; } @@ -530,39 +528,42 @@ nftnl_obj_tunnel_parse(struct nftnl_obj *e, struct nlattr *attr) return 0; } -static int nftnl_obj_tunnel_snprintf_default(char *buf, size_t len, - const struct nftnl_obj *e) +static int nftnl_obj_tunnel_snprintf(char *buf, size_t len, + uint32_t flags, const struct nftnl_obj *e) { struct nftnl_obj_tunnel *tun = nftnl_obj_data(e); return snprintf(buf, len, "id %u ", tun->id); } -static int nftnl_obj_tunnel_snprintf(char *buf, size_t len, uint32_t type, - uint32_t flags, const struct nftnl_obj *e) -{ - if (len) - buf[0] = '\0'; - - switch (type) { - case NFTNL_OUTPUT_DEFAULT: - return nftnl_obj_tunnel_snprintf_default(buf, len, e); - case NFTNL_OUTPUT_XML: - case NFTNL_OUTPUT_JSON: - default: - break; - } - return -1; -} +static struct attr_policy obj_tunnel_attr_policy[__NFTNL_OBJ_TUNNEL_MAX] = { + [NFTNL_OBJ_TUNNEL_ID] = { .maxlen = sizeof(uint32_t) }, + [NFTNL_OBJ_TUNNEL_IPV4_SRC] = { .maxlen = sizeof(uint32_t) }, + [NFTNL_OBJ_TUNNEL_IPV4_DST] = { .maxlen = sizeof(uint32_t) }, + [NFTNL_OBJ_TUNNEL_IPV6_SRC] = { .maxlen = sizeof(struct in6_addr) }, + [NFTNL_OBJ_TUNNEL_IPV6_DST] = { .maxlen = sizeof(struct in6_addr) }, + [NFTNL_OBJ_TUNNEL_IPV6_FLOWLABEL] = { .maxlen = sizeof(uint32_t) }, + [NFTNL_OBJ_TUNNEL_SPORT] = { .maxlen = sizeof(uint16_t) }, + [NFTNL_OBJ_TUNNEL_DPORT] = { .maxlen = sizeof(uint16_t) }, + [NFTNL_OBJ_TUNNEL_FLAGS] = { .maxlen = sizeof(uint32_t) }, + [NFTNL_OBJ_TUNNEL_TOS] = { .maxlen = sizeof(uint8_t) }, + [NFTNL_OBJ_TUNNEL_TTL] = { .maxlen = sizeof(uint8_t) }, + [NFTNL_OBJ_TUNNEL_VXLAN_GBP] = { .maxlen = sizeof(uint32_t) }, + [NFTNL_OBJ_TUNNEL_ERSPAN_VERSION] = { .maxlen = sizeof(uint32_t) }, + [NFTNL_OBJ_TUNNEL_ERSPAN_V1_INDEX] = { .maxlen = sizeof(uint32_t) }, + [NFTNL_OBJ_TUNNEL_ERSPAN_V2_HWID] = { .maxlen = sizeof(uint8_t) }, + [NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR] = { .maxlen = sizeof(uint8_t) }, +}; struct obj_ops obj_ops_tunnel = { .name = "tunnel", .type = NFT_OBJECT_TUNNEL, .alloc_len = sizeof(struct nftnl_obj_tunnel), - .max_attr = NFTA_TUNNEL_KEY_MAX, + .nftnl_max_attr = __NFTNL_OBJ_TUNNEL_MAX - 1, + .attr_policy = obj_tunnel_attr_policy, .set = nftnl_obj_tunnel_set, .get = nftnl_obj_tunnel_get, .parse = nftnl_obj_tunnel_parse, .build = nftnl_obj_tunnel_build, - .snprintf = nftnl_obj_tunnel_snprintf, + .output = nftnl_obj_tunnel_snprintf, }; |