From e407cc18def5856592918a3d26855dbc93151cde Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 16 Jan 2014 22:01:02 +0100 Subject: datatype: add time type parser and adapt output This patch allows to specify a string to indicate the time, eg. nft add rule filter output ct expiration \"1d2h3m4s\" counter Signed-off-by: Pablo Neira Ayuso --- src/datatype.c | 134 ++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 118 insertions(+), 16 deletions(-) diff --git a/src/datatype.c b/src/datatype.c index 45944907..4f9e29a7 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -11,6 +11,7 @@ #include #include #include +#include /* isdigit */ #include #include #include @@ -670,7 +671,6 @@ const struct datatype mark_type = { static void time_type_print(const struct expr *expr) { uint64_t days, hours, minutes, seconds; - const char *delim = ""; seconds = mpz_get_uint64(expr->value); @@ -683,22 +683,123 @@ static void time_type_print(const struct expr *expr) minutes = seconds / 60; seconds %= 60; - if (days > 0) { - printf("%s%" PRIu64 " d", delim, days); - delim = " "; - } - if (hours > 0) { - printf("%s%" PRIu64 " h", delim, hours); - delim = " "; - } - if (minutes > 0) { - printf("%s%" PRIu64 " min", delim, minutes); - delim = " "; - } - if (seconds > 0) { - printf("%s%" PRIu64 " s", delim, seconds); - delim = " "; + printf("\""); + + if (days > 0) + printf("%"PRIu64"d", days); + if (hours > 0) + printf("%"PRIu64"h", hours); + if (minutes > 0) + printf("%"PRIu64"m", minutes); + if (seconds > 0) + printf("%"PRIu64"s", seconds); + + printf("\""); +} + +enum { + DAY = (1 << 0), + HOUR = (1 << 1), + MIN = (1 << 2), + SECS = (1 << 3), +}; + +static uint32_t str2int(char *tmp, const char *c, int k) +{ + if (k == 0) + return 0; + + strncpy(tmp, c-k, k+1); + return atoi(tmp); +} + +static struct error_record *time_type_parse(const struct expr *sym, + struct expr **res) +{ + int i, len; + unsigned int k = 0; + char tmp[8]; + const char *c; + uint64_t d = 0, h = 0, m = 0, s = 0; + uint32_t mask = 0; + + c = sym->identifier; + len = strlen(c); + for (i = 0; i < len; i++, c++) { + switch (*c) { + case 'd': + if (mask & DAY) { + return error(&sym->location, + "Day has been specified twice"); + } + d = str2int(tmp, c, k); + k = 0; + mask |= DAY; + break; + case 'h': + if (mask & HOUR) { + return error(&sym->location, + "Hour has been specified twice"); + } + h = str2int(tmp, c, k); + k = 0; + if (h > 23) { + return error(&sym->location, + "Hour needs to be 0-23"); + } + mask |= HOUR; + break; + case 'm': + if (mask & MIN) { + return error(&sym->location, + "Minute has been specified twice"); + } + m = str2int(tmp, c, k); + k = 0; + if (m > 59) { + return error(&sym->location, + "Minute needs to be 0-59"); + } + mask |= MIN; + break; + case 's': + if (mask & SECS) { + return error(&sym->location, + "Second has been specified twice"); + } + s = str2int(tmp, c, k); + k = 0; + if (s > 59) { + return error(&sym->location, + "second needs to be 0-59"); + } + mask |= SECS; + break; + default: + if (!isdigit(*c)) + return error(&sym->location, "wrong format"); + + if (k++ >= array_size(tmp)) { + return error(&sym->location, + "value too large"); + } + break; + } } + + /* default to seconds if no unit was specified */ + if (!mask) + s = atoi(sym->identifier); + else + s = 24*60*60*d+60*60*h+60*m+s; + + if (s > UINT32_MAX) + return error(&sym->location, "value too large"); + + *res = constant_expr_alloc(&sym->location, &time_type, + BYTEORDER_HOST_ENDIAN, + sizeof(uint32_t) * BITS_PER_BYTE, &s); + return NULL; } const struct datatype time_type = { @@ -709,6 +810,7 @@ const struct datatype time_type = { .size = 8 * BITS_PER_BYTE, .basetype = &integer_type, .print = time_type_print, + .parse = time_type_parse, }; static struct error_record *concat_type_parse(const struct expr *sym, -- cgit v1.2.3 From 3d16ff2523f3a3d09fd3056e86308cd7089e8c27 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 17 Jan 2014 13:20:39 +0100 Subject: mnl: fix chain type autoloading Add missing NLM_F_CREATE flag when creating new chains to trigger module autoloading in the kernel. Reported-by: Ana Rey Botello Signed-off-by: Pablo Neira Ayuso --- src/mnl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mnl.c b/src/mnl.c index 16625000..d457e319 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -394,7 +394,7 @@ int mnl_nft_chain_add(struct mnl_socket *nf_sock, struct nft_chain *nlc, nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_FAMILY), - NLM_F_ACK|flags, seq); + NLM_F_CREATE|NLM_F_ACK|flags, seq); nft_chain_nlmsg_build_payload(nlh, nlc); return mnl_talk(nf_sock, nlh, nlh->nlmsg_len, NULL, NULL); -- cgit v1.2.3 From 1c2c506d3ce3261c7b2aa7518c63cc8bd81fa9ad Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 20 Jan 2014 10:49:21 +0100 Subject: use new libnftnl library name Adapt the current code to use the new library name libnftnl. Signed-off-by: Pablo Neira Ayuso --- INSTALL | 2 +- configure.ac | 2 +- include/netlink.h | 10 +++++----- src/mnl.c | 10 +++++----- src/netlink.c | 8 ++++---- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/INSTALL b/INSTALL index 0672b1d1..ba6f7a38 100644 --- a/INSTALL +++ b/INSTALL @@ -8,7 +8,7 @@ Installation instructions for nftables - libmnl: git://git.netfilter.org/libmnl.git - - libnftables: git://git.netfilter.org/libnftables.git + - libnftnl: git://git.netfilter.org/libnftnl.git - flex diff --git a/configure.ac b/configure.ac index ca14d835..d0a8595a 100644 --- a/configure.ac +++ b/configure.ac @@ -54,7 +54,7 @@ AC_CHECK_LIB([mnl], [mnl_socket_open], , AC_MSG_ERROR([No suitable version of libmnl found])) AC_CHECK_LIB([nftables], [nft_rule_alloc], , - AC_MSG_ERROR([No suitable version of libnftables found])) + AC_MSG_ERROR([No suitable version of libnftnl found])) AC_CHECK_LIB([gmp], [__gmpz_init], , AC_MSG_ERROR([No suitable version of libgmp found])) diff --git a/include/netlink.h b/include/netlink.h index 85e84343..fbaaaeba 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -1,11 +1,11 @@ #ifndef NFTABLES_NETLINK_H #define NFTABLES_NETLINK_H -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include #include #include diff --git a/src/mnl.c b/src/mnl.c index d457e319..b8679022 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -9,11 +9,11 @@ */ #include -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include #include #include diff --git a/src/netlink.c b/src/netlink.c index b776b3cc..7f69995d 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -14,10 +14,10 @@ #include #include -#include -#include -#include -#include +#include +#include +#include +#include #include #include -- cgit v1.2.3 From 6d0a165e402e6477203111ca9c7ce49f0a3fd758 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 20 Jan 2014 09:56:05 +0000 Subject: nftables: version 0.099 Signed-off-by: Patrick McHardy --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index d0a8595a..b38295f2 100644 --- a/configure.ac +++ b/configure.ac @@ -4,8 +4,8 @@ AC_PREREQ(2.61) AC_COPYRIGHT([Copyright (c) 2008 Patrick McHardy ]) -AC_INIT([nftables], [0.01-alpha1], [netfilter-devel@vger.kernel.org]) -AC_DEFINE([RELEASE_NAME], ["schäublefilter"], [Release name]) +AC_INIT([nftables], [0.099], [netfilter-devel@vger.kernel.org]) +AC_DEFINE([RELEASE_NAME], ["keith-alexander-filter"], [Release name]) AC_CONFIG_SRCDIR([src/rule.c]) AC_CONFIG_HEADER([config.h]) -- cgit v1.2.3