From e046e39725859d6efc0cb7588694e4983ec46251 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 19 Jan 2013 20:12:15 +0100
Subject: rule: add support for rule flags

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/rule.c | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

(limited to 'src/rule.c')

diff --git a/src/rule.c b/src/rule.c
index f87600d..4d61fbd 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -34,6 +34,7 @@ struct nft_rule {
 	char		*table;
 	char		*chain;
 	uint8_t		family;
+	uint32_t	rule_flags;
 	uint64_t	handle;
 
 	struct list_head expr_list;
@@ -82,6 +83,9 @@ void nft_rule_attr_set(struct nft_rule *r, uint16_t attr, void *data)
 	case NFT_RULE_ATTR_HANDLE:
 		r->handle = *((uint64_t *)data);
 		break;
+	case NFT_RULE_ATTR_FLAGS:
+		r->rule_flags = *((uint32_t *)data);
+		break;
 	default:
 		return;
 	}
@@ -89,6 +93,12 @@ void nft_rule_attr_set(struct nft_rule *r, uint16_t attr, void *data)
 }
 EXPORT_SYMBOL(nft_rule_attr_set);
 
+void nft_rule_attr_set_u32(struct nft_rule *r, uint16_t attr, uint32_t val)
+{
+	nft_rule_attr_set(r, attr, &val);
+}
+EXPORT_SYMBOL(nft_rule_attr_set_u32);
+
 void nft_rule_attr_set_u64(struct nft_rule *r, uint16_t attr, uint64_t val)
 {
 	nft_rule_attr_set(r, attr, &val);
@@ -127,6 +137,12 @@ void *nft_rule_attr_get(struct nft_rule *r, uint16_t attr)
 		else
 			return NULL;
 		break;
+	case NFT_RULE_ATTR_FLAGS:
+		if (r->flags & (1 << NFT_RULE_ATTR_FLAGS))
+			return &r->rule_flags;
+		else
+			return NULL;
+		break;
 	default:
 		return NULL;
 	}
@@ -139,6 +155,13 @@ const char *nft_rule_attr_get_str(struct nft_rule *r, uint16_t attr)
 }
 EXPORT_SYMBOL(nft_rule_attr_get_str);
 
+uint32_t nft_rule_attr_get_u32(struct nft_rule *r, uint16_t attr)
+{
+	uint32_t val = *((uint32_t *)nft_rule_attr_get(r, attr));
+	return val;
+}
+EXPORT_SYMBOL(nft_rule_attr_get_u64);
+
 uint64_t nft_rule_attr_get_u64(struct nft_rule *r, uint16_t attr)
 {
 	uint64_t val = *((uint64_t *)nft_rule_attr_get(r, attr));
@@ -185,6 +208,8 @@ void nft_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_rule *r)
 		mnl_attr_put_strz(nlh, NFTA_RULE_CHAIN, r->chain);
 	if (r->flags & (1 << NFT_RULE_ATTR_HANDLE))
 		mnl_attr_put_u64(nlh, NFTA_RULE_HANDLE, htobe64(r->handle));
+	if (r->flags & (1 << NFT_RULE_ATTR_FLAGS))
+		mnl_attr_put_u32(nlh, NFTA_RULE_FLAGS, htonl(r->rule_flags));
 
 	nest = mnl_attr_nest_start(nlh, NFTA_RULE_EXPRESSIONS);
 	list_for_each_entry(expr, &r->expr_list, head) {
@@ -222,6 +247,12 @@ static int nft_rule_parse_attr_cb(const struct nlattr *attr, void *data)
 			return MNL_CB_ERROR;
 		}
 		break;
+	case NFTA_RULE_FLAGS:
+		if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) {
+			perror("mnl_attr_validate");
+			return MNL_CB_ERROR;
+		}
+		break;
 	}
 
 	tb[type] = attr;
@@ -327,9 +358,10 @@ int nft_rule_snprintf(char *buf, size_t size, struct nft_rule *r,
 	struct nft_rule_expr *expr;
 	int len = size, offset = 0;
 
-	ret = snprintf(buf, size, "family=%u table=%s chain=%s handle=%llu ",
+	ret = snprintf(buf, size, "family=%u table=%s chain=%s handle=%llu "
+				  "flags=%x ",
 			r->family, r->table, r->chain,
-			(unsigned long long)r->handle);
+			(unsigned long long)r->handle, r->rule_flags);
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	list_for_each_entry(expr, &r->expr_list, head) {
-- 
cgit v1.2.3