From d83fb7b10de7d88194a7a40652db7d8ad38eefcf Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 8 Nov 2012 17:01:41 +0100 Subject: table: support NFTA_TABLE_FLAGS This patch adds support for the table flags, only one is possible at the moment (NFT_TABLE_F_DORMANT). Signed-off-by: Pablo Neira Ayuso --- include/libnftables/table.h | 1 + include/linux/netfilter/nf_tables.h | 1 + src/table.c | 34 ++++++++++++++++++++++++++++++---- 3 files changed, 32 insertions(+), 4 deletions(-) diff --git a/include/libnftables/table.h b/include/libnftables/table.h index de34c42..fd187b4 100644 --- a/include/libnftables/table.h +++ b/include/libnftables/table.h @@ -15,6 +15,7 @@ void nft_table_free(struct nft_table *); enum { NFT_TABLE_ATTR_NAME = 0, NFT_TABLE_ATTR_FAMILY, + NFT_TABLE_ATTR_FLAGS, }; void nft_table_attr_set(struct nft_table *t, uint16_t attr, void *data); diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 9255dbe..8cd19c8 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -58,6 +58,7 @@ enum nft_hook_attributes { enum nft_table_attributes { NFTA_TABLE_UNSPEC, NFTA_TABLE_NAME, + NFTA_TABLE_FLAGS, __NFTA_TABLE_MAX }; #define NFTA_TABLE_MAX (__NFTA_TABLE_MAX - 1) diff --git a/src/table.c b/src/table.c index 6e8cd33..25c46a7 100644 --- a/src/table.c +++ b/src/table.c @@ -28,6 +28,7 @@ struct nft_table { char *name; uint8_t family; + uint32_t table_flags; uint32_t flags; }; @@ -56,6 +57,10 @@ void nft_table_attr_set(struct nft_table *t, uint16_t attr, void *data) t->name = strdup(data); t->flags |= (1 << NFT_TABLE_ATTR_NAME); break; + case NFT_TABLE_ATTR_FLAGS: + t->table_flags = *((uint32_t *)data); + t->flags |= (1 << NFT_TABLE_ATTR_FLAGS); + break; } } EXPORT_SYMBOL(nft_table_attr_set); @@ -69,6 +74,10 @@ const void *nft_table_attr_get(struct nft_table *t, uint16_t attr) if (t->flags & (1 << NFT_TABLE_ATTR_NAME)) ret = t->name; break; + case NFT_TABLE_ATTR_FLAGS: + if (t->flags & (1 << NFT_TABLE_ATTR_FLAGS)) + ret = &t->table_flags; + break; } return ret; } @@ -99,6 +108,8 @@ void nft_table_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_table { if (t->flags & (1 << NFT_TABLE_ATTR_NAME)) mnl_attr_put_strz(nlh, NFTA_TABLE_NAME, t->name); + if (t->flags & (1 << NFT_TABLE_ATTR_FLAGS)) + mnl_attr_put_u32(nlh, NFTA_TABLE_FLAGS, htonl(t->table_flags)); } EXPORT_SYMBOL(nft_table_nlmsg_build_payload); @@ -110,9 +121,19 @@ static int nft_table_parse_attr_cb(const struct nlattr *attr, void *data) if (mnl_attr_type_valid(attr, NFTA_TABLE_MAX) < 0) return MNL_CB_OK; - if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) { - perror("mnl_attr_validate"); - return MNL_CB_ERROR; + switch(type) { + case NFTA_TABLE_NAME: + if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) { + perror("mnl_attr_validate"); + return MNL_CB_ERROR; + } + break; + case NFTA_TABLE_FLAGS: + if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { + perror("mnl_attr_validate"); + return MNL_CB_ERROR; + } + break; } tb[type] = attr; @@ -129,6 +150,10 @@ int nft_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_table *t) t->name = strdup(mnl_attr_get_str(tb[NFTA_TABLE_NAME])); t->flags |= (1 << NFT_TABLE_ATTR_NAME); } + if (tb[NFTA_TABLE_FLAGS]) { + t->table_flags = ntohl(mnl_attr_get_u32(tb[NFTA_TABLE_FLAGS])); + t->flags |= (1 << NFT_TABLE_ATTR_FLAGS); + } t->family = nfg->nfgen_family; @@ -139,7 +164,8 @@ EXPORT_SYMBOL(nft_table_nlmsg_parse); int nft_table_snprintf(char *buf, size_t size, struct nft_table *t, uint32_t type, uint32_t flags) { - return snprintf(buf, size, "table=%s family=%u\n", t->name, t->family); + return snprintf(buf, size, "table=%s family=%u flags=%x\n", + t->name, t->family, t->table_flags); } EXPORT_SYMBOL(nft_table_snprintf); -- cgit v1.2.3