summaryrefslogtreecommitdiffstats
path: root/src/obj
diff options
context:
space:
mode:
Diffstat (limited to 'src/obj')
-rw-r--r--src/obj/counter.c16
-rw-r--r--src/obj/ct_expect.c26
-rw-r--r--src/obj/ct_helper.c21
-rw-r--r--src/obj/ct_timeout.c28
-rw-r--r--src/obj/limit.c25
-rw-r--r--src/obj/quota.c19
-rw-r--r--src/obj/secmark.c11
-rw-r--r--src/obj/synproxy.c19
-rw-r--r--src/obj/tunnel.c58
9 files changed, 145 insertions, 78 deletions
diff --git a/src/obj/counter.c b/src/obj/counter.c
index ef0cd20..19e09ed 100644
--- a/src/obj/counter.c
+++ b/src/obj/counter.c
@@ -29,13 +29,11 @@ nftnl_obj_counter_set(struct nftnl_obj *e, uint16_t type,
switch(type) {
case NFTNL_OBJ_CTR_BYTES:
- memcpy(&ctr->bytes, data, sizeof(ctr->bytes));
+ memcpy(&ctr->bytes, data, data_len);
break;
case NFTNL_OBJ_CTR_PKTS:
- memcpy(&ctr->pkts, data, sizeof(ctr->pkts));
+ memcpy(&ctr->pkts, data, data_len);
break;
- default:
- return -1;
}
return 0;
}
@@ -118,14 +116,20 @@ static int nftnl_obj_counter_snprintf(char *buf, size_t len, uint32_t flags,
ctr->pkts, ctr->bytes);
}
+static struct attr_policy obj_ctr_attr_policy[__NFTNL_OBJ_CTR_MAX] = {
+ [NFTNL_OBJ_CTR_BYTES] = { .maxlen = sizeof(uint64_t) },
+ [NFTNL_OBJ_CTR_PKTS] = { .maxlen = sizeof(uint64_t) },
+};
+
struct obj_ops obj_ops_counter = {
.name = "counter",
.type = NFT_OBJECT_COUNTER,
.alloc_len = sizeof(struct nftnl_obj_counter),
- .max_attr = NFTA_COUNTER_MAX,
+ .nftnl_max_attr = __NFTNL_OBJ_CTR_MAX - 1,
+ .attr_policy = obj_ctr_attr_policy,
.set = nftnl_obj_counter_set,
.get = nftnl_obj_counter_get,
.parse = nftnl_obj_counter_parse,
.build = nftnl_obj_counter_build,
- .snprintf = nftnl_obj_counter_snprintf,
+ .output = nftnl_obj_counter_snprintf,
};
diff --git a/src/obj/ct_expect.c b/src/obj/ct_expect.c
index 8136ad9..b4d6faa 100644
--- a/src/obj/ct_expect.c
+++ b/src/obj/ct_expect.c
@@ -21,22 +21,20 @@ static int nftnl_obj_ct_expect_set(struct nftnl_obj *e, uint16_t type,
switch (type) {
case NFTNL_OBJ_CT_EXPECT_L3PROTO:
- memcpy(&exp->l3proto, data, sizeof(exp->l3proto));
+ memcpy(&exp->l3proto, data, data_len);
break;
case NFTNL_OBJ_CT_EXPECT_L4PROTO:
- memcpy(&exp->l4proto, data, sizeof(exp->l4proto));
+ memcpy(&exp->l4proto, data, data_len);
break;
case NFTNL_OBJ_CT_EXPECT_DPORT:
- memcpy(&exp->dport, data, sizeof(exp->dport));
+ memcpy(&exp->dport, data, data_len);
break;
case NFTNL_OBJ_CT_EXPECT_TIMEOUT:
- memcpy(&exp->timeout, data, sizeof(exp->timeout));
+ memcpy(&exp->timeout, data, data_len);
break;
case NFTNL_OBJ_CT_EXPECT_SIZE:
- memcpy(&exp->size, data, sizeof(exp->size));
+ memcpy(&exp->size, data, data_len);
break;
- default:
- return -1;
}
return 0;
}
@@ -187,14 +185,24 @@ static int nftnl_obj_ct_expect_snprintf(char *buf, size_t remain,
return offset;
}
+static struct attr_policy
+obj_ct_expect_attr_policy[__NFTNL_OBJ_CT_EXPECT_MAX] = {
+ [NFTNL_OBJ_CT_EXPECT_L3PROTO] = { .maxlen = sizeof(uint16_t) },
+ [NFTNL_OBJ_CT_EXPECT_L4PROTO] = { .maxlen = sizeof(uint8_t) },
+ [NFTNL_OBJ_CT_EXPECT_DPORT] = { .maxlen = sizeof(uint16_t) },
+ [NFTNL_OBJ_CT_EXPECT_TIMEOUT] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_OBJ_CT_EXPECT_SIZE] = { .maxlen = sizeof(uint8_t) },
+};
+
struct obj_ops obj_ops_ct_expect = {
.name = "ct_expect",
.type = NFT_OBJECT_CT_EXPECT,
.alloc_len = sizeof(struct nftnl_obj_ct_expect),
- .max_attr = NFTA_CT_EXPECT_MAX,
+ .nftnl_max_attr = __NFTNL_OBJ_CT_EXPECT_MAX - 1,
+ .attr_policy = obj_ct_expect_attr_policy,
.set = nftnl_obj_ct_expect_set,
.get = nftnl_obj_ct_expect_get,
.parse = nftnl_obj_ct_expect_parse,
.build = nftnl_obj_ct_expect_build,
- .snprintf = nftnl_obj_ct_expect_snprintf,
+ .output = nftnl_obj_ct_expect_snprintf,
};
diff --git a/src/obj/ct_helper.c b/src/obj/ct_helper.c
index c52032a..1feccf2 100644
--- a/src/obj/ct_helper.c
+++ b/src/obj/ct_helper.c
@@ -32,13 +32,11 @@ static int nftnl_obj_ct_helper_set(struct nftnl_obj *e, uint16_t type,
snprintf(helper->name, sizeof(helper->name), "%s", (const char *)data);
break;
case NFTNL_OBJ_CT_HELPER_L3PROTO:
- memcpy(&helper->l3proto, data, sizeof(helper->l3proto));
+ memcpy(&helper->l3proto, data, data_len);
break;
case NFTNL_OBJ_CT_HELPER_L4PROTO:
- memcpy(&helper->l4proto, data, sizeof(helper->l4proto));
+ memcpy(&helper->l4proto, data, data_len);
break;
- default:
- return -1;
}
return 0;
}
@@ -141,14 +139,25 @@ static int nftnl_obj_ct_helper_snprintf(char *buf, size_t len,
helper->name, helper->l3proto, helper->l4proto);
}
+/* from kernel's include/net/netfilter/nf_conntrack_helper.h */
+#define NF_CT_HELPER_NAME_LEN 16
+
+static struct attr_policy
+obj_ct_helper_attr_policy[__NFTNL_OBJ_CT_HELPER_MAX] = {
+ [NFTNL_OBJ_CT_HELPER_NAME] = { .maxlen = NF_CT_HELPER_NAME_LEN },
+ [NFTNL_OBJ_CT_HELPER_L3PROTO] = { .maxlen = sizeof(uint16_t) },
+ [NFTNL_OBJ_CT_HELPER_L4PROTO] = { .maxlen = sizeof(uint8_t) },
+};
+
struct obj_ops obj_ops_ct_helper = {
.name = "ct_helper",
.type = NFT_OBJECT_CT_HELPER,
.alloc_len = sizeof(struct nftnl_obj_ct_helper),
- .max_attr = NFTA_CT_HELPER_MAX,
+ .nftnl_max_attr = __NFTNL_OBJ_CT_HELPER_MAX - 1,
+ .attr_policy = obj_ct_helper_attr_policy,
.set = nftnl_obj_ct_helper_set,
.get = nftnl_obj_ct_helper_get,
.parse = nftnl_obj_ct_helper_parse,
.build = nftnl_obj_ct_helper_build,
- .snprintf = nftnl_obj_ct_helper_snprintf,
+ .output = nftnl_obj_ct_helper_snprintf,
};
diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c
index 1d4f8fb..b9b688e 100644
--- a/src/obj/ct_timeout.c
+++ b/src/obj/ct_timeout.c
@@ -21,7 +21,7 @@
#include "obj.h"
-static const char *const tcp_state_to_name[] = {
+static const char *const tcp_state_to_name[NFTNL_CTTIMEOUT_TCP_MAX] = {
[NFTNL_CTTIMEOUT_TCP_SYN_SENT] = "SYN_SENT",
[NFTNL_CTTIMEOUT_TCP_SYN_RECV] = "SYN_RECV",
[NFTNL_CTTIMEOUT_TCP_ESTABLISHED] = "ESTABLISHED",
@@ -35,7 +35,7 @@ static const char *const tcp_state_to_name[] = {
[NFTNL_CTTIMEOUT_TCP_UNACK] = "UNACKNOWLEDGED",
};
-static uint32_t tcp_dflt_timeout[] = {
+static uint32_t tcp_dflt_timeout[NFTNL_CTTIMEOUT_TCP_MAX] = {
[NFTNL_CTTIMEOUT_TCP_SYN_SENT] = 120,
[NFTNL_CTTIMEOUT_TCP_SYN_RECV] = 60,
[NFTNL_CTTIMEOUT_TCP_ESTABLISHED] = 432000,
@@ -49,12 +49,12 @@ static uint32_t tcp_dflt_timeout[] = {
[NFTNL_CTTIMEOUT_TCP_UNACK] = 300,
};
-static const char *const udp_state_to_name[] = {
+static const char *const udp_state_to_name[NFTNL_CTTIMEOUT_UDP_MAX] = {
[NFTNL_CTTIMEOUT_UDP_UNREPLIED] = "UNREPLIED",
[NFTNL_CTTIMEOUT_UDP_REPLIED] = "REPLIED",
};
-static uint32_t udp_dflt_timeout[] = {
+static uint32_t udp_dflt_timeout[NFTNL_CTTIMEOUT_UDP_MAX] = {
[NFTNL_CTTIMEOUT_UDP_UNREPLIED] = 30,
[NFTNL_CTTIMEOUT_UDP_REPLIED] = 180,
};
@@ -150,17 +150,18 @@ static int nftnl_obj_ct_timeout_set(struct nftnl_obj *e, uint16_t type,
switch (type) {
case NFTNL_OBJ_CT_TIMEOUT_L3PROTO:
- memcpy(&timeout->l3proto, data, sizeof(timeout->l3proto));
+ memcpy(&timeout->l3proto, data, data_len);
break;
case NFTNL_OBJ_CT_TIMEOUT_L4PROTO:
- memcpy(&timeout->l4proto, data, sizeof(timeout->l4proto));
+ memcpy(&timeout->l4proto, data, data_len);
break;
case NFTNL_OBJ_CT_TIMEOUT_ARRAY:
+ if (data_len < sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX)
+ return -1;
+
memcpy(timeout->timeout, data,
sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX);
break;
- default:
- return -1;
}
return 0;
}
@@ -307,14 +308,21 @@ static int nftnl_obj_ct_timeout_snprintf(char *buf, size_t remain,
return offset;
}
+static struct attr_policy
+obj_ct_timeout_attr_policy[__NFTNL_OBJ_CT_TIMEOUT_MAX] = {
+ [NFTNL_OBJ_CT_TIMEOUT_L3PROTO] = { .maxlen = sizeof(uint16_t) },
+ [NFTNL_OBJ_CT_TIMEOUT_L4PROTO] = { .maxlen = sizeof(uint8_t) },
+};
+
struct obj_ops obj_ops_ct_timeout = {
.name = "ct_timeout",
.type = NFT_OBJECT_CT_TIMEOUT,
.alloc_len = sizeof(struct nftnl_obj_ct_timeout),
- .max_attr = NFTA_CT_TIMEOUT_MAX,
+ .nftnl_max_attr = __NFTNL_OBJ_CT_TIMEOUT_MAX - 1,
+ .attr_policy = obj_ct_timeout_attr_policy,
.set = nftnl_obj_ct_timeout_set,
.get = nftnl_obj_ct_timeout_get,
.parse = nftnl_obj_ct_timeout_parse,
.build = nftnl_obj_ct_timeout_build,
- .snprintf = nftnl_obj_ct_timeout_snprintf,
+ .output = nftnl_obj_ct_timeout_snprintf,
};
diff --git a/src/obj/limit.c b/src/obj/limit.c
index 8b40f9d..cbf30b4 100644
--- a/src/obj/limit.c
+++ b/src/obj/limit.c
@@ -28,22 +28,20 @@ static int nftnl_obj_limit_set(struct nftnl_obj *e, uint16_t type,
switch (type) {
case NFTNL_OBJ_LIMIT_RATE:
- memcpy(&limit->rate, data, sizeof(limit->rate));
+ memcpy(&limit->rate, data, data_len);
break;
case NFTNL_OBJ_LIMIT_UNIT:
- memcpy(&limit->unit, data, sizeof(limit->unit));
+ memcpy(&limit->unit, data, data_len);
break;
case NFTNL_OBJ_LIMIT_BURST:
- memcpy(&limit->burst, data, sizeof(limit->burst));
+ memcpy(&limit->burst, data, data_len);
break;
case NFTNL_OBJ_LIMIT_TYPE:
- memcpy(&limit->type, data, sizeof(limit->type));
+ memcpy(&limit->type, data, data_len);
break;
case NFTNL_OBJ_LIMIT_FLAGS:
- memcpy(&limit->flags, data, sizeof(limit->flags));
+ memcpy(&limit->flags, data, data_len);
break;
- default:
- return -1;
}
return 0;
}
@@ -159,14 +157,23 @@ static int nftnl_obj_limit_snprintf(char *buf, size_t len,
limit->burst, limit->type, limit->flags);
}
+static struct attr_policy obj_limit_attr_policy[__NFTNL_OBJ_LIMIT_MAX] = {
+ [NFTNL_OBJ_LIMIT_RATE] = { .maxlen = sizeof(uint64_t) },
+ [NFTNL_OBJ_LIMIT_UNIT] = { .maxlen = sizeof(uint64_t) },
+ [NFTNL_OBJ_LIMIT_BURST] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_OBJ_LIMIT_TYPE] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_OBJ_LIMIT_FLAGS] = { .maxlen = sizeof(uint32_t) },
+};
+
struct obj_ops obj_ops_limit = {
.name = "limit",
.type = NFT_OBJECT_LIMIT,
.alloc_len = sizeof(struct nftnl_obj_limit),
- .max_attr = NFTA_LIMIT_MAX,
+ .nftnl_max_attr = __NFTNL_OBJ_LIMIT_MAX - 1,
+ .attr_policy = obj_limit_attr_policy,
.set = nftnl_obj_limit_set,
.get = nftnl_obj_limit_get,
.parse = nftnl_obj_limit_parse,
.build = nftnl_obj_limit_build,
- .snprintf = nftnl_obj_limit_snprintf,
+ .output = nftnl_obj_limit_snprintf,
};
diff --git a/src/obj/quota.c b/src/obj/quota.c
index 8ab3300..526db8e 100644
--- a/src/obj/quota.c
+++ b/src/obj/quota.c
@@ -28,16 +28,14 @@ static int nftnl_obj_quota_set(struct nftnl_obj *e, uint16_t type,
switch (type) {
case NFTNL_OBJ_QUOTA_BYTES:
- memcpy(&quota->bytes, data, sizeof(quota->bytes));
+ memcpy(&quota->bytes, data, data_len);
break;
case NFTNL_OBJ_QUOTA_CONSUMED:
- memcpy(&quota->consumed, data, sizeof(quota->consumed));
+ memcpy(&quota->consumed, data, data_len);
break;
case NFTNL_OBJ_QUOTA_FLAGS:
- memcpy(&quota->flags, data, sizeof(quota->flags));
+ memcpy(&quota->flags, data, data_len);
break;
- default:
- return -1;
}
return 0;
}
@@ -135,14 +133,21 @@ static int nftnl_obj_quota_snprintf(char *buf, size_t len,
quota->bytes, quota->flags);
}
+static struct attr_policy obj_quota_attr_policy[__NFTNL_OBJ_QUOTA_MAX] = {
+ [NFTNL_OBJ_QUOTA_BYTES] = { .maxlen = sizeof(uint64_t) },
+ [NFTNL_OBJ_QUOTA_CONSUMED] = { .maxlen = sizeof(uint64_t) },
+ [NFTNL_OBJ_QUOTA_FLAGS] = { .maxlen = sizeof(uint32_t) },
+};
+
struct obj_ops obj_ops_quota = {
.name = "quota",
.type = NFT_OBJECT_QUOTA,
.alloc_len = sizeof(struct nftnl_obj_quota),
- .max_attr = NFTA_QUOTA_MAX,
+ .nftnl_max_attr = __NFTNL_OBJ_QUOTA_MAX - 1,
+ .attr_policy = obj_quota_attr_policy,
.set = nftnl_obj_quota_set,
.get = nftnl_obj_quota_get,
.parse = nftnl_obj_quota_parse,
.build = nftnl_obj_quota_build,
- .snprintf = nftnl_obj_quota_snprintf,
+ .output = nftnl_obj_quota_snprintf,
};
diff --git a/src/obj/secmark.c b/src/obj/secmark.c
index 2ccc803..eea9664 100644
--- a/src/obj/secmark.c
+++ b/src/obj/secmark.c
@@ -30,8 +30,6 @@ static int nftnl_obj_secmark_set(struct nftnl_obj *e, uint16_t type,
case NFTNL_OBJ_SECMARK_CTX:
snprintf(secmark->ctx, sizeof(secmark->ctx), "%s", (const char *)data);
break;
- default:
- return -1;
}
return 0;
}
@@ -107,14 +105,19 @@ static int nftnl_obj_secmark_snprintf(char *buf, size_t len,
return snprintf(buf, len, "context %s ", secmark->ctx);
}
+static struct attr_policy obj_secmark_attr_policy[__NFTNL_OBJ_SECMARK_MAX] = {
+ [NFTNL_OBJ_SECMARK_CTX] = { .maxlen = NFT_SECMARK_CTX_MAXLEN },
+};
+
struct obj_ops obj_ops_secmark = {
.name = "secmark",
.type = NFT_OBJECT_SECMARK,
.alloc_len = sizeof(struct nftnl_obj_secmark),
- .max_attr = NFTA_SECMARK_MAX,
+ .nftnl_max_attr = __NFTNL_OBJ_SECMARK_MAX - 1,
+ .attr_policy = obj_secmark_attr_policy,
.set = nftnl_obj_secmark_set,
.get = nftnl_obj_secmark_get,
.parse = nftnl_obj_secmark_parse,
.build = nftnl_obj_secmark_build,
- .snprintf = nftnl_obj_secmark_snprintf,
+ .output = nftnl_obj_secmark_snprintf,
};
diff --git a/src/obj/synproxy.c b/src/obj/synproxy.c
index d689fee..65fbcf7 100644
--- a/src/obj/synproxy.c
+++ b/src/obj/synproxy.c
@@ -19,16 +19,14 @@ static int nftnl_obj_synproxy_set(struct nftnl_obj *e, uint16_t type,
switch (type) {
case NFTNL_OBJ_SYNPROXY_MSS:
- synproxy->mss = *((uint16_t *)data);
+ memcpy(&synproxy->mss, data, data_len);
break;
case NFTNL_OBJ_SYNPROXY_WSCALE:
- synproxy->wscale = *((uint8_t *)data);
+ memcpy(&synproxy->wscale, data, data_len);
break;
case NFTNL_OBJ_SYNPROXY_FLAGS:
- synproxy->flags = *((uint32_t *)data);
+ memcpy(&synproxy->flags, data, data_len);
break;
- default:
- return -1;
}
return 0;
}
@@ -134,14 +132,21 @@ static int nftnl_obj_synproxy_snprintf(char *buf, size_t len,
return offset;
}
+static struct attr_policy obj_synproxy_attr_policy[__NFTNL_OBJ_SYNPROXY_MAX] = {
+ [NFTNL_OBJ_SYNPROXY_MSS] = { .maxlen = sizeof(uint16_t) },
+ [NFTNL_OBJ_SYNPROXY_WSCALE] = { .maxlen = sizeof(uint8_t) },
+ [NFTNL_OBJ_SYNPROXY_FLAGS] = { .maxlen = sizeof(uint32_t) },
+};
+
struct obj_ops obj_ops_synproxy = {
.name = "synproxy",
.type = NFT_OBJECT_SYNPROXY,
.alloc_len = sizeof(struct nftnl_obj_synproxy),
- .max_attr = NFTA_SYNPROXY_MAX,
+ .nftnl_max_attr = __NFTNL_OBJ_SYNPROXY_MAX - 1,
+ .attr_policy = obj_synproxy_attr_policy,
.set = nftnl_obj_synproxy_set,
.get = nftnl_obj_synproxy_get,
.parse = nftnl_obj_synproxy_parse,
.build = nftnl_obj_synproxy_build,
- .snprintf = nftnl_obj_synproxy_snprintf,
+ .output = nftnl_obj_synproxy_snprintf,
};
diff --git a/src/obj/tunnel.c b/src/obj/tunnel.c
index 5ede6bd..0309410 100644
--- a/src/obj/tunnel.c
+++ b/src/obj/tunnel.c
@@ -29,55 +29,53 @@ nftnl_obj_tunnel_set(struct nftnl_obj *e, uint16_t type,
switch (type) {
case NFTNL_OBJ_TUNNEL_ID:
- memcpy(&tun->id, data, sizeof(tun->id));
+ memcpy(&tun->id, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_IPV4_SRC:
- memcpy(&tun->src_v4, data, sizeof(tun->src_v4));
+ memcpy(&tun->src_v4, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_IPV4_DST:
- memcpy(&tun->dst_v4, data, sizeof(tun->dst_v4));
+ memcpy(&tun->dst_v4, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_IPV6_SRC:
- memcpy(&tun->src_v6, data, sizeof(struct in6_addr));
+ memcpy(&tun->src_v6, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_IPV6_DST:
- memcpy(&tun->dst_v6, data, sizeof(struct in6_addr));
+ memcpy(&tun->dst_v6, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_IPV6_FLOWLABEL:
- memcpy(&tun->flowlabel, data, sizeof(tun->flowlabel));
+ memcpy(&tun->flowlabel, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_SPORT:
- memcpy(&tun->sport, data, sizeof(tun->sport));
+ memcpy(&tun->sport, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_DPORT:
- memcpy(&tun->dport, data, sizeof(tun->dport));
+ memcpy(&tun->dport, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_FLAGS:
- memcpy(&tun->tun_flags, data, sizeof(tun->tun_flags));
+ memcpy(&tun->tun_flags, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_TOS:
- memcpy(&tun->tun_tos, data, sizeof(tun->tun_tos));
+ memcpy(&tun->tun_tos, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_TTL:
- memcpy(&tun->tun_ttl, data, sizeof(tun->tun_ttl));
+ memcpy(&tun->tun_ttl, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_VXLAN_GBP:
- memcpy(&tun->u.tun_vxlan.gbp, data, sizeof(tun->u.tun_vxlan.gbp));
+ memcpy(&tun->u.tun_vxlan.gbp, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_ERSPAN_VERSION:
- memcpy(&tun->u.tun_erspan.version, data, sizeof(tun->u.tun_erspan.version));
+ memcpy(&tun->u.tun_erspan.version, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_ERSPAN_V1_INDEX:
- memcpy(&tun->u.tun_erspan.u.v1_index, data, sizeof(tun->u.tun_erspan.u.v1_index));
+ memcpy(&tun->u.tun_erspan.u.v1_index, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_ERSPAN_V2_HWID:
- memcpy(&tun->u.tun_erspan.u.v2.hwid, data, sizeof(tun->u.tun_erspan.u.v2.hwid));
+ memcpy(&tun->u.tun_erspan.u.v2.hwid, data, data_len);
break;
case NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR:
- memcpy(&tun->u.tun_erspan.u.v2.dir, data, sizeof(tun->u.tun_erspan.u.v2.dir));
+ memcpy(&tun->u.tun_erspan.u.v2.dir, data, data_len);
break;
- default:
- return -1;
}
return 0;
}
@@ -538,14 +536,34 @@ static int nftnl_obj_tunnel_snprintf(char *buf, size_t len,
return snprintf(buf, len, "id %u ", tun->id);
}
+static struct attr_policy obj_tunnel_attr_policy[__NFTNL_OBJ_TUNNEL_MAX] = {
+ [NFTNL_OBJ_TUNNEL_ID] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_OBJ_TUNNEL_IPV4_SRC] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_OBJ_TUNNEL_IPV4_DST] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_OBJ_TUNNEL_IPV6_SRC] = { .maxlen = sizeof(struct in6_addr) },
+ [NFTNL_OBJ_TUNNEL_IPV6_DST] = { .maxlen = sizeof(struct in6_addr) },
+ [NFTNL_OBJ_TUNNEL_IPV6_FLOWLABEL] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_OBJ_TUNNEL_SPORT] = { .maxlen = sizeof(uint16_t) },
+ [NFTNL_OBJ_TUNNEL_DPORT] = { .maxlen = sizeof(uint16_t) },
+ [NFTNL_OBJ_TUNNEL_FLAGS] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_OBJ_TUNNEL_TOS] = { .maxlen = sizeof(uint8_t) },
+ [NFTNL_OBJ_TUNNEL_TTL] = { .maxlen = sizeof(uint8_t) },
+ [NFTNL_OBJ_TUNNEL_VXLAN_GBP] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_OBJ_TUNNEL_ERSPAN_VERSION] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_OBJ_TUNNEL_ERSPAN_V1_INDEX] = { .maxlen = sizeof(uint32_t) },
+ [NFTNL_OBJ_TUNNEL_ERSPAN_V2_HWID] = { .maxlen = sizeof(uint8_t) },
+ [NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR] = { .maxlen = sizeof(uint8_t) },
+};
+
struct obj_ops obj_ops_tunnel = {
.name = "tunnel",
.type = NFT_OBJECT_TUNNEL,
.alloc_len = sizeof(struct nftnl_obj_tunnel),
- .max_attr = NFTA_TUNNEL_KEY_MAX,
+ .nftnl_max_attr = __NFTNL_OBJ_TUNNEL_MAX - 1,
+ .attr_policy = obj_tunnel_attr_policy,
.set = nftnl_obj_tunnel_set,
.get = nftnl_obj_tunnel_get,
.parse = nftnl_obj_tunnel_parse,
.build = nftnl_obj_tunnel_build,
- .snprintf = nftnl_obj_tunnel_snprintf,
+ .output = nftnl_obj_tunnel_snprintf,
};