src: add multidevice support for netdev chain

This patch allows you to specify multiple netdevices to be bound to the
netdev basechain, eg.

 # nft add chain netdev x y { \
	type filter hook ingress devices = { eth0, eth1 } priority 0\; }

json codebase has been updated to support for one single device with the
existing representation, no support for multidevice is included in this
patch.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 17 insertions, 3 deletions

diff --git a/src/netlink.c b/src/netlink.c
index 1e669e5d..c47771d3 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -378,9 +378,9 @@ void netlink_dump_chain(const struct nftnl_chain *nlc, struct netlink_ctx *ctx)
 struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
 					const struct nftnl_chain *nlc)
 {
+	int priority, policy, len = 0, i;
+	const char * const *dev_array;
 	struct chain *chain;
-	int priority;
-	int policy;
 
 	chain = chain_alloc(nftnl_chain_get_str(nlc, NFTNL_CHAIN_NAME));
 	chain->handle.family =
@@ -415,8 +415,22 @@ struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
 						    &policy);
 			nftnl_chain_get_u32(nlc, NFTNL_CHAIN_POLICY);
 		if (nftnl_chain_is_set(nlc, NFTNL_CHAIN_DEV)) {
-			chain->dev	=
+			chain->dev_array = xmalloc(sizeof(char *));
+			chain->dev_array_len = 1;
+			chain->dev_array[0] =
 				xstrdup(nftnl_chain_get_str(nlc, NFTNL_CHAIN_DEV));
+			chain->dev_array[1] = NULL;
+		} else if (nftnl_chain_is_set(nlc, NFTNL_CHAIN_DEVICES)) {
+			dev_array = nftnl_chain_get(nlc, NFTNL_CHAIN_DEVICES);
+			while (dev_array[len])
+				len++;
+
+			chain->dev_array = xmalloc(len * sizeof(char *));
+			for (i = 0; i < len; i++)
+				chain->dev_array[i] = xstrdup(dev_array[i]);
+
+			chain->dev_array[i] = NULL;
+			chain->dev_array_len = len;
 		}
 		chain->flags        |= CHAIN_F_BASECHAIN;
 	}