diff options
| author | Harsha Sharma <harshasharmaiitr@gmail.com> | 2018-01-14 22:13:52 +0530 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-05 16:31:55 +0100 |
| commit | 48f76f4dd9e3f66758953a2d8fa67731ceefb764 (patch) | |
| tree | 4b2316d1e66eb7c38fb5a9710d278dc8e378596b | |
| parent | d6f8edceb7873b9cf7e8bbf582a0009210594268 (diff) | |
src: parse new handle attribute for sets
This patch adds code to allocate set handles and delete sets via set
handle.
Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
| -rw-r--r-- | include/libnftnl/set.h | 1 | ||||
| -rw-r--r-- | include/linux/netfilter/nf_tables.h | 2 | ||||
| -rw-r--r-- | include/set.h | 1 | ||||
| -rw-r--r-- | src/set.c | 18 |
4 files changed, 22 insertions, 0 deletions
diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h index e760d31..27f5bc4 100644 --- a/include/libnftnl/set.h +++ b/include/libnftnl/set.h @@ -24,6 +24,7 @@ enum nftnl_set_attr { NFTNL_SET_GC_INTERVAL, NFTNL_SET_USERDATA, NFTNL_SET_OBJ_TYPE, + NFTNL_SET_HANDLE, __NFTNL_SET_MAX }; #define NFTNL_SET_MAX (__NFTNL_SET_MAX - 1) diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 1938bb7..5833297 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -317,6 +317,7 @@ enum nft_set_desc_attributes { * @NFTA_SET_GC_INTERVAL: garbage collection interval (NLA_U32) * @NFTA_SET_USERDATA: user data (NLA_BINARY) * @NFTA_SET_OBJ_TYPE: stateful object type (NLA_U32: NFT_OBJECT_*) + * @NFTA_SET_HANDLE: numerical table handle (NLA_U64) */ enum nft_set_attributes { NFTA_SET_UNSPEC, @@ -335,6 +336,7 @@ enum nft_set_attributes { NFTA_SET_USERDATA, NFTA_SET_PAD, NFTA_SET_OBJ_TYPE, + NFTA_SET_HANDLE, __NFTA_SET_MAX }; #define NFTA_SET_MAX (__NFTA_SET_MAX - 1) diff --git a/include/set.h b/include/set.h index c6deb73..3bcec7c 100644 --- a/include/set.h +++ b/include/set.h @@ -10,6 +10,7 @@ struct nftnl_set { uint32_t set_flags; const char *table; const char *name; + uint64_t handle; uint32_t key_type; uint32_t key_len; uint32_t data_type; @@ -78,6 +78,7 @@ void nftnl_set_unset(struct nftnl_set *s, uint16_t attr) case NFTNL_SET_NAME: xfree(s->name); break; + case NFTNL_SET_HANDLE: case NFTNL_SET_FLAGS: case NFTNL_SET_KEY_TYPE: case NFTNL_SET_KEY_LEN: @@ -102,6 +103,7 @@ void nftnl_set_unset(struct nftnl_set *s, uint16_t attr) } static uint32_t nftnl_set_validate[NFTNL_SET_MAX + 1] = { + [NFTNL_SET_HANDLE] = sizeof(uint64_t), [NFTNL_SET_FLAGS] = sizeof(uint32_t), [NFTNL_SET_KEY_TYPE] = sizeof(uint32_t), [NFTNL_SET_KEY_LEN] = sizeof(uint32_t), @@ -139,6 +141,9 @@ int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data, if (!s->name) return -1; break; + case NFTNL_SET_HANDLE: + s->handle = *((uint64_t *)data); + break; case NFTNL_SET_FLAGS: s->set_flags = *((uint32_t *)data); break; @@ -228,6 +233,9 @@ const void *nftnl_set_get_data(const struct nftnl_set *s, uint16_t attr, case NFTNL_SET_NAME: *data_len = strlen(s->name) + 1; return s->name; + case NFTNL_SET_HANDLE: + *data_len = sizeof(uint64_t); + return &s->handle; case NFTNL_SET_FLAGS: *data_len = sizeof(uint32_t); return &s->set_flags; @@ -360,6 +368,8 @@ void nftnl_set_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set *s) mnl_attr_put_strz(nlh, NFTA_SET_TABLE, s->table); if (s->flags & (1 << NFTNL_SET_NAME)) mnl_attr_put_strz(nlh, NFTA_SET_NAME, s->name); + if (s->handle & (1 << NFTNL_SET_HANDLE)) + mnl_attr_put_u64(nlh, NFTA_SET_HANDLE, htobe64(s->handle)); if (s->flags & (1 << NFTNL_SET_FLAGS)) mnl_attr_put_u32(nlh, NFTA_SET_FLAGS, htonl(s->set_flags)); if (s->flags & (1 << NFTNL_SET_KEY_TYPE)) @@ -402,6 +412,10 @@ static int nftnl_set_parse_attr_cb(const struct nlattr *attr, void *data) if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) abi_breakage(); break; + case NFTA_SET_HANDLE: + if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0) + abi_breakage(); + break; case NFTA_SET_FLAGS: case NFTA_SET_KEY_TYPE: case NFTA_SET_KEY_LEN: @@ -492,6 +506,10 @@ int nftnl_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_set *s) return -1; s->flags |= (1 << NFTNL_SET_NAME); } + if (tb[NFTA_SET_HANDLE]) { + s->handle = be64toh(mnl_attr_get_u64(tb[NFTA_SET_HANDLE])); + s->flags |= (1 << NFTNL_SET_HANDLE); + } if (tb[NFTA_SET_FLAGS]) { s->set_flags = ntohl(mnl_attr_get_u32(tb[NFTA_SET_FLAGS])); s->flags |= (1 << NFTNL_SET_FLAGS); |