From 3fdc7541fba079f9626bcb1605368a7da3a8d81a Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sat, 26 Oct 2019 13:15:10 +0200 Subject: src: add multidevice support for netdev chain This patch allows you to specify multiple netdevices to be bound to the netdev basechain, eg. # nft add chain netdev x y { \ type filter hook ingress devices = { eth0, eth1 } priority 0\; } json codebase has been updated to support for one single device with the existing representation, no support for multidevice is included in this patch. Signed-off-by: Pablo Neira Ayuso --- src/mnl.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) (limited to 'src/mnl.c') diff --git a/src/mnl.c b/src/mnl.c index 75ab07b0..492381da 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -526,10 +526,12 @@ err: int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd, unsigned int flags) { + int priority, policy, i = 0; struct nftnl_chain *nlc; + const char **dev_array; struct nlmsghdr *nlh; - int priority; - int policy; + struct expr *expr; + int dev_array_len; nlc = nftnl_chain_alloc(); if (nlc == NULL) @@ -555,9 +557,26 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd, BYTEORDER_HOST_ENDIAN, sizeof(int)); nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY, policy); } - if (cmd->chain->dev != NULL) - nftnl_chain_set_str(nlc, NFTNL_CHAIN_DEV, - cmd->chain->dev); + if (cmd->chain->dev_expr) { + dev_array = xmalloc(sizeof(char *) * 8); + dev_array_len = 8; + list_for_each_entry(expr, &cmd->chain->dev_expr->expressions, list) { + dev_array[i++] = expr->identifier; + if (i == dev_array_len) { + dev_array_len *= 2; + dev_array = xrealloc(dev_array, + dev_array_len * sizeof(char *)); + } + } + + dev_array[i] = NULL; + if (i == 1) + nftnl_chain_set_str(nlc, NFTNL_CHAIN_DEV, dev_array[0]); + else if (i > 1) + nftnl_chain_set(nlc, NFTNL_CHAIN_DEVICES, dev_array); + + xfree(dev_array); + } } netlink_dump_chain(nlc, ctx); -- cgit v1.2.3