From e34cb276fe5c6cf075e0a8790d005e6889c77b9d Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sat, 29 Dec 2012 20:50:39 +0100 Subject: chain: support Patrick's chain rename approach Support the new approach for chain renaming based on the chain handle. Signed-off-by: Pablo Neira Ayuso --- include/libnftables/chain.h | 2 +- include/linux/netfilter/nf_tables.h | 2 +- src/chain.c | 30 +++++++++++++++++------------- 3 files changed, 19 insertions(+), 15 deletions(-) diff --git a/include/libnftables/chain.h b/include/libnftables/chain.h index 7f071c6..c4952c1 100644 --- a/include/libnftables/chain.h +++ b/include/libnftables/chain.h @@ -22,7 +22,7 @@ enum { NFT_CHAIN_ATTR_USE, NFT_CHAIN_ATTR_BYTES, NFT_CHAIN_ATTR_PACKETS = 8, - NFT_CHAIN_ATTR_NEW_NAME, + NFT_CHAIN_ATTR_HANDLE, NFT_CHAIN_ATTR_TYPE, }; diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 5d995d6..0c4765e 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -75,11 +75,11 @@ enum nft_table_attributes { enum nft_chain_attributes { NFTA_CHAIN_UNSPEC, NFTA_CHAIN_TABLE, + NFTA_CHAIN_HANDLE, NFTA_CHAIN_NAME, NFTA_CHAIN_HOOK, NFTA_CHAIN_POLICY, NFTA_CHAIN_USE, - NFTA_CHAIN_NEW_NAME, NFTA_CHAIN_TYPE, NFTA_CHAIN_COUNTERS, __NFTA_CHAIN_MAX diff --git a/src/chain.c b/src/chain.c index db970a7..29bc724 100644 --- a/src/chain.c +++ b/src/chain.c @@ -36,8 +36,8 @@ struct nft_chain { uint32_t use; uint64_t packets; uint64_t bytes; + uint64_t handle; uint32_t flags; - char new_name[NFT_CHAIN_MAXNAMELEN]; }; struct nft_chain *nft_chain_alloc(void) @@ -87,8 +87,8 @@ void nft_chain_attr_set(struct nft_chain *c, uint16_t attr, void *data) case NFT_CHAIN_ATTR_PACKETS: c->bytes = *((uint64_t *)data); break; - case NFT_CHAIN_ATTR_NEW_NAME: - strncpy(c->new_name, data, NFT_CHAIN_MAXNAMELEN); + case NFT_CHAIN_ATTR_HANDLE: + c->handle = *((uint64_t *)data); break; case NFT_CHAIN_ATTR_TYPE: if (c->type) @@ -171,9 +171,9 @@ void *nft_chain_attr_get(struct nft_chain *c, uint16_t attr) else return NULL; break; - case NFT_CHAIN_ATTR_NEW_NAME: - if (c->flags & (1 << NFT_CHAIN_ATTR_NEW_NAME)) - return c->new_name; + case NFT_CHAIN_ATTR_HANDLE: + if (c->flags & (1 << NFT_CHAIN_ATTR_HANDLE)) + return &c->handle; else return NULL; break; @@ -263,8 +263,8 @@ void nft_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_chain mnl_attr_put_u64(nlh, NFTA_COUNTER_BYTES, be64toh(c->bytes)); mnl_attr_nest_end(nlh, nest); } - if (c->flags & (1 << NFT_CHAIN_ATTR_NEW_NAME)) - mnl_attr_put_strz(nlh, NFTA_CHAIN_NEW_NAME, c->new_name); + if (c->flags & (1 << NFT_CHAIN_ATTR_HANDLE)) + mnl_attr_put_u64(nlh, NFTA_CHAIN_HANDLE, be64toh(c->handle)); if (c->flags & (1 << NFT_CHAIN_ATTR_TYPE)) mnl_attr_put_strz(nlh, NFTA_CHAIN_TYPE, c->type); } @@ -281,7 +281,6 @@ static int nft_chain_parse_attr_cb(const struct nlattr *attr, void *data) switch(type) { case NFTA_CHAIN_NAME: case NFTA_CHAIN_TABLE: - case NFTA_CHAIN_NEW_NAME: case NFTA_CHAIN_TYPE: if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) { perror("mnl_attr_validate"); @@ -302,6 +301,12 @@ static int nft_chain_parse_attr_cb(const struct nlattr *attr, void *data) return MNL_CB_ERROR; } break; + case NFTA_CHAIN_HANDLE: + if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0) { + perror("mnl_attr_validate"); + return MNL_CB_ERROR; + } + break; } tb[type] = attr; @@ -417,10 +422,9 @@ int nft_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_chain *c) } if (tb[NFTA_CHAIN_COUNTERS]) ret = nft_chain_parse_counters(tb[NFTA_CHAIN_COUNTERS], c); - if (tb[NFTA_CHAIN_NEW_NAME]) { - strncpy(c->new_name, mnl_attr_get_str(tb[NFTA_CHAIN_NEW_NAME]), - NFT_CHAIN_MAXNAMELEN); - c->flags |= (1 << NFT_CHAIN_ATTR_NEW_NAME); + if (tb[NFTA_CHAIN_HANDLE]) { + c->handle = be64toh(mnl_attr_get_u64(tb[NFTA_CHAIN_HANDLE])); + c->flags |= (1 << NFT_CHAIN_ATTR_HANDLE); } if (tb[NFTA_CHAIN_TYPE]) { c->type = strdup(mnl_attr_get_str(tb[NFTA_CHAIN_TYPE])); -- cgit v1.2.3