From cdde5a8c5a8734f2d540a0ab52c32d41d4d18127 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 15 Dec 2023 16:30:52 +0100 Subject: expr: Introduce struct expr_ops::attr_policy Similar to kernel's nla_policy, enable expressions to inform about restrictions on attribute use. This allows the generic expression code to perform sanity checks before dispatching to expression ops. For now, this holds only the maximum data len which may be passed to nftnl_expr_set(). While one may debate whether accepting e.g. uint32_t for sreg/dreg attributes is correct, it is necessary to not break nftables. Note that this introduces artificial restrictions on name lengths which were caught by the kernel (if nftables didn't). Signed-off-by: Phil Sutter --- src/expr/queue.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src/expr/queue.c') diff --git a/src/expr/queue.c b/src/expr/queue.c index 3343dd4..54792ef 100644 --- a/src/expr/queue.c +++ b/src/expr/queue.c @@ -183,10 +183,18 @@ nftnl_expr_queue_snprintf(char *buf, size_t remain, return offset; } +static struct attr_policy queue_attr_policy[__NFTNL_EXPR_QUEUE_MAX] = { + [NFTNL_EXPR_QUEUE_NUM] = { .maxlen = sizeof(uint16_t) }, + [NFTNL_EXPR_QUEUE_TOTAL] = { .maxlen = sizeof(uint16_t) }, + [NFTNL_EXPR_QUEUE_FLAGS] = { .maxlen = sizeof(uint16_t) }, + [NFTNL_EXPR_QUEUE_SREG_QNUM] = { .maxlen = sizeof(uint32_t) }, +}; + struct expr_ops expr_ops_queue = { .name = "queue", .alloc_len = sizeof(struct nftnl_expr_queue), .nftnl_max_attr = __NFTNL_EXPR_QUEUE_MAX - 1, + .attr_policy = queue_attr_policy, .set = nftnl_expr_queue_set, .get = nftnl_expr_queue_get, .parse = nftnl_expr_queue_parse, -- cgit v1.2.3