diff options
| author | Jose M. Guisado Gomez <guigom@riseup.net> | 2022-05-15 18:06:07 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-05-15 21:59:05 +0200 |
| commit | 7576202723d145c042b610ccc08fd775e883f912 (patch) | |
| tree | 9b42db31ec4e96551f9326f5beab59abe9cea221 /src/expr/xfrm.c | |
| parent | e549f5b3239c19f78af2f7c7a582fe5616403ca8 (diff) | |
expr: extend support for dynamic register allocation
Add expression support for:
- ct
- exthdr
- fib
- osf
- rt
- socket
- xfrm
to extend b9e00458b9f3 ("src: add dynamic register allocation
infrastructure").
Joint work with Pablo.
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/expr/xfrm.c')
| -rw-r--r-- | src/expr/xfrm.c | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/src/expr/xfrm.c b/src/expr/xfrm.c index c81d14d..7f6d7fe 100644 --- a/src/expr/xfrm.c +++ b/src/expr/xfrm.c @@ -10,6 +10,7 @@ #include <stdint.h> #include <arpa/inet.h> #include <errno.h> +#include <assert.h> #include <linux/netfilter/nf_tables.h> #include <linux/xfrm.h> @@ -141,6 +142,51 @@ nftnl_expr_xfrm_parse(struct nftnl_expr *e, struct nlattr *attr) return 0; } +static int +nftnl_expr_xfrm_reg_len(const struct nftnl_expr *e) +{ + const struct nftnl_expr_xfrm *xfrm = nftnl_expr_data(e); + + switch (xfrm->key) { + case NFT_XFRM_KEY_REQID: + case NFT_XFRM_KEY_SPI: + return sizeof(uint32_t); + case NFT_XFRM_KEY_DADDR_IP4: + case NFT_XFRM_KEY_SADDR_IP4: + return sizeof(struct in_addr); + case NFT_XFRM_KEY_DADDR_IP6: + case NFT_XFRM_KEY_SADDR_IP6: + return sizeof(struct in6_addr); + default: + assert(0); + break; + } + + return sizeof(struct in_addr); +} + +static bool +nftnl_expr_xfrm_reg_cmp(const struct nftnl_reg *reg, + const struct nftnl_expr *e) +{ + const struct nftnl_expr_xfrm *xfrm = nftnl_expr_data(e); + + return reg->xfrm.key == xfrm->key && + reg->xfrm.spnum == xfrm->spnum && + reg->xfrm.dir == xfrm->dir; +} + +static void +nftnl_expr_xfrm_reg_update(struct nftnl_reg *reg, + const struct nftnl_expr *e) +{ + const struct nftnl_expr_xfrm *xfrm = nftnl_expr_data(e); + + reg->xfrm.key = xfrm->key; + reg->xfrm.spnum = xfrm->spnum; + reg->xfrm.dir = xfrm->dir; +} + static const char *xfrmkey2str_array[] = { [NFT_XFRM_KEY_DADDR_IP4] = "daddr4", [NFT_XFRM_KEY_SADDR_IP4] = "saddr4", @@ -197,4 +243,9 @@ struct expr_ops expr_ops_xfrm = { .parse = nftnl_expr_xfrm_parse, .build = nftnl_expr_xfrm_build, .snprintf = nftnl_expr_xfrm_snprintf, + .reg = { + .len = nftnl_expr_xfrm_reg_len, + .cmp = nftnl_expr_xfrm_reg_cmp, + .update = nftnl_expr_xfrm_reg_update, + }, }; |