libnftnl 1.3.1
set.c
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * (C) 2012-2013 by Pablo Neira Ayuso <pablo@netfilter.org>
4 *
5 * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
6 */
7#include "internal.h"
8
9#include <time.h>
10#include <endian.h>
11#include <stdint.h>
12#include <stdlib.h>
13#include <string.h>
14#include <inttypes.h>
15#include <netinet/in.h>
16#include <limits.h>
17#include <errno.h>
18
19#include <libmnl/libmnl.h>
20#include <linux/netfilter/nfnetlink.h>
21#include <linux/netfilter/nf_tables.h>
22
23#include <libnftnl/set.h>
24#include <libnftnl/expr.h>
25
26EXPORT_SYMBOL(nftnl_set_alloc);
27struct nftnl_set *nftnl_set_alloc(void)
28{
29 struct nftnl_set *s;
30
31 s = calloc(1, sizeof(struct nftnl_set));
32 if (s == NULL)
33 return NULL;
34
35 INIT_LIST_HEAD(&s->element_list);
36 INIT_LIST_HEAD(&s->expr_list);
37 return s;
38}
39
40EXPORT_SYMBOL(nftnl_set_free);
41void nftnl_set_free(const struct nftnl_set *s)
42{
43 struct nftnl_set_elem *elem, *tmp;
44 struct nftnl_expr *expr, *next;
45
46 if (s->flags & (1 << NFTNL_SET_TABLE))
47 xfree(s->table);
48 if (s->flags & (1 << NFTNL_SET_NAME))
49 xfree(s->name);
50 if (s->flags & (1 << NFTNL_SET_USERDATA))
51 xfree(s->user.data);
52
53 list_for_each_entry_safe(expr, next, &s->expr_list, head) {
54 list_del(&expr->head);
55 nftnl_expr_free(expr);
56 }
57
58 list_for_each_entry_safe(elem, tmp, &s->element_list, head) {
59 list_del(&elem->head);
60 nftnl_set_elem_free(elem);
61 }
62
63 xfree(s->type);
64 xfree(s);
65}
66
67EXPORT_SYMBOL(nftnl_set_is_set);
68bool nftnl_set_is_set(const struct nftnl_set *s, uint16_t attr)
69{
70 return s->flags & (1 << attr);
71}
72
73EXPORT_SYMBOL(nftnl_set_unset);
74void nftnl_set_unset(struct nftnl_set *s, uint16_t attr)
75{
76 struct nftnl_expr *expr, *tmp;
77
78 if (!(s->flags & (1 << attr)))
79 return;
80
81 switch (attr) {
82 case NFTNL_SET_TABLE:
83 xfree(s->table);
84 break;
85 case NFTNL_SET_NAME:
86 xfree(s->name);
87 break;
88 case NFTNL_SET_HANDLE:
89 case NFTNL_SET_FLAGS:
90 case NFTNL_SET_KEY_TYPE:
91 case NFTNL_SET_KEY_LEN:
92 case NFTNL_SET_DATA_TYPE:
93 case NFTNL_SET_DATA_LEN:
94 case NFTNL_SET_OBJ_TYPE:
95 case NFTNL_SET_FAMILY:
96 case NFTNL_SET_ID:
97 case NFTNL_SET_POLICY:
98 case NFTNL_SET_DESC_SIZE:
99 case NFTNL_SET_DESC_CONCAT:
100 case NFTNL_SET_TIMEOUT:
101 case NFTNL_SET_GC_INTERVAL:
102 case NFTNL_SET_COUNT:
103 break;
104 case NFTNL_SET_USERDATA:
105 xfree(s->user.data);
106 break;
107 case NFTNL_SET_EXPR:
108 case NFTNL_SET_EXPRESSIONS:
109 list_for_each_entry_safe(expr, tmp, &s->expr_list, head) {
110 list_del(&expr->head);
111 nftnl_expr_free(expr);
112 }
113 break;
114 default:
115 return;
116 }
117
118 s->flags &= ~(1 << attr);
119}
120
121static uint32_t nftnl_set_validate[NFTNL_SET_MAX + 1] = {
122 [NFTNL_SET_HANDLE] = sizeof(uint64_t),
123 [NFTNL_SET_FLAGS] = sizeof(uint32_t),
124 [NFTNL_SET_KEY_TYPE] = sizeof(uint32_t),
125 [NFTNL_SET_KEY_LEN] = sizeof(uint32_t),
126 [NFTNL_SET_DATA_TYPE] = sizeof(uint32_t),
127 [NFTNL_SET_DATA_LEN] = sizeof(uint32_t),
128 [NFTNL_SET_OBJ_TYPE] = sizeof(uint32_t),
129 [NFTNL_SET_FAMILY] = sizeof(uint32_t),
130 [NFTNL_SET_ID] = sizeof(uint32_t),
131 [NFTNL_SET_POLICY] = sizeof(uint32_t),
132 [NFTNL_SET_DESC_SIZE] = sizeof(uint32_t),
133 [NFTNL_SET_TIMEOUT] = sizeof(uint64_t),
134 [NFTNL_SET_GC_INTERVAL] = sizeof(uint32_t),
135 [NFTNL_SET_COUNT] = sizeof(uint32_t),
136};
137
138EXPORT_SYMBOL(nftnl_set_set_data);
139int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data,
140 uint32_t data_len)
141{
142 struct nftnl_expr *expr, *tmp;
143
144 nftnl_assert_attr_exists(attr, NFTNL_SET_MAX);
145 nftnl_assert_validate(data, nftnl_set_validate, attr, data_len);
146
147 switch(attr) {
148 case NFTNL_SET_TABLE:
149 return nftnl_set_str_attr(&s->table, &s->flags,
150 attr, data, data_len);
151 case NFTNL_SET_NAME:
152 return nftnl_set_str_attr(&s->name, &s->flags,
153 attr, data, data_len);
154 case NFTNL_SET_HANDLE:
155 memcpy(&s->handle, data, sizeof(s->handle));
156 break;
157 case NFTNL_SET_FLAGS:
158 memcpy(&s->set_flags, data, sizeof(s->set_flags));
159 break;
160 case NFTNL_SET_KEY_TYPE:
161 memcpy(&s->key_type, data, sizeof(s->key_type));
162 break;
163 case NFTNL_SET_KEY_LEN:
164 memcpy(&s->key_len, data, sizeof(s->key_len));
165 break;
166 case NFTNL_SET_DATA_TYPE:
167 memcpy(&s->data_type, data, sizeof(s->data_type));
168 break;
169 case NFTNL_SET_DATA_LEN:
170 memcpy(&s->data_len, data, sizeof(s->data_len));
171 break;
172 case NFTNL_SET_OBJ_TYPE:
173 memcpy(&s->obj_type, data, sizeof(s->obj_type));
174 break;
175 case NFTNL_SET_FAMILY:
176 memcpy(&s->family, data, sizeof(s->family));
177 break;
178 case NFTNL_SET_ID:
179 memcpy(&s->id, data, sizeof(s->id));
180 break;
181 case NFTNL_SET_POLICY:
182 memcpy(&s->policy, data, sizeof(s->policy));
183 break;
184 case NFTNL_SET_DESC_SIZE:
185 memcpy(&s->desc.size, data, sizeof(s->desc.size));
186 break;
187 case NFTNL_SET_DESC_CONCAT:
188 if (data_len > sizeof(s->desc.field_len))
189 return -1;
190
191 memcpy(&s->desc.field_len, data, data_len);
192 for (s->desc.field_count = 0;
193 s->desc.field_count < NFT_REG32_COUNT;
194 s->desc.field_count++) {
195 if (!s->desc.field_len[s->desc.field_count])
196 break;
197 }
198 break;
199 case NFTNL_SET_TIMEOUT:
200 memcpy(&s->timeout, data, sizeof(s->timeout));
201 break;
202 case NFTNL_SET_GC_INTERVAL:
203 memcpy(&s->gc_interval, data, sizeof(s->gc_interval));
204 break;
205 case NFTNL_SET_COUNT:
206 memcpy(&s->elemcount, data, sizeof(s->elemcount));
207 break;
208 case NFTNL_SET_USERDATA:
209 if (s->flags & (1 << NFTNL_SET_USERDATA))
210 xfree(s->user.data);
211
212 s->user.data = malloc(data_len);
213 if (!s->user.data)
214 return -1;
215 memcpy(s->user.data, data, data_len);
216 s->user.len = data_len;
217 break;
218 case NFTNL_SET_EXPR:
219 list_for_each_entry_safe(expr, tmp, &s->expr_list, head) {
220 list_del(&expr->head);
221 nftnl_expr_free(expr);
222 }
223
224 expr = (void *)data;
225 list_add(&expr->head, &s->expr_list);
226 break;
227 }
228 s->flags |= (1 << attr);
229 return 0;
230}
231
232int nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data) __visible;
233int nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data)
234{
235 return nftnl_set_set_data(s, attr, data, nftnl_set_validate[attr]);
236}
237
238EXPORT_SYMBOL(nftnl_set_set_u32);
239void nftnl_set_set_u32(struct nftnl_set *s, uint16_t attr, uint32_t val)
240{
241 nftnl_set_set_data(s, attr, &val, sizeof(uint32_t));
242}
243
244EXPORT_SYMBOL(nftnl_set_set_u64);
245void nftnl_set_set_u64(struct nftnl_set *s, uint16_t attr, uint64_t val)
246{
247 nftnl_set_set_data(s, attr, &val, sizeof(uint64_t));
248}
249
250EXPORT_SYMBOL(nftnl_set_set_str);
251int nftnl_set_set_str(struct nftnl_set *s, uint16_t attr, const char *str)
252{
253 return nftnl_set_set_data(s, attr, str, strlen(str) + 1);
254}
255
256EXPORT_SYMBOL(nftnl_set_get_data);
257const void *nftnl_set_get_data(const struct nftnl_set *s, uint16_t attr,
258 uint32_t *data_len)
259{
260 struct nftnl_expr *expr;
261
262 if (!(s->flags & (1 << attr)))
263 return NULL;
264
265 switch(attr) {
266 case NFTNL_SET_TABLE:
267 *data_len = strlen(s->table) + 1;
268 return s->table;
269 case NFTNL_SET_NAME:
270 *data_len = strlen(s->name) + 1;
271 return s->name;
272 case NFTNL_SET_HANDLE:
273 *data_len = sizeof(uint64_t);
274 return &s->handle;
275 case NFTNL_SET_FLAGS:
276 *data_len = sizeof(uint32_t);
277 return &s->set_flags;
278 case NFTNL_SET_KEY_TYPE:
279 *data_len = sizeof(uint32_t);
280 return &s->key_type;
281 case NFTNL_SET_KEY_LEN:
282 *data_len = sizeof(uint32_t);
283 return &s->key_len;
284 case NFTNL_SET_DATA_TYPE:
285 *data_len = sizeof(uint32_t);
286 return &s->data_type;
287 case NFTNL_SET_DATA_LEN:
288 *data_len = sizeof(uint32_t);
289 return &s->data_len;
290 case NFTNL_SET_OBJ_TYPE:
291 *data_len = sizeof(uint32_t);
292 return &s->obj_type;
293 case NFTNL_SET_FAMILY:
294 *data_len = sizeof(uint32_t);
295 return &s->family;
296 case NFTNL_SET_ID:
297 *data_len = sizeof(uint32_t);
298 return &s->id;
299 case NFTNL_SET_POLICY:
300 *data_len = sizeof(uint32_t);
301 return &s->policy;
302 case NFTNL_SET_DESC_SIZE:
303 *data_len = sizeof(uint32_t);
304 return &s->desc.size;
305 case NFTNL_SET_DESC_CONCAT:
306 *data_len = s->desc.field_count;
307 return s->desc.field_len;
308 case NFTNL_SET_TIMEOUT:
309 *data_len = sizeof(uint64_t);
310 return &s->timeout;
311 case NFTNL_SET_GC_INTERVAL:
312 *data_len = sizeof(uint32_t);
313 return &s->gc_interval;
314 case NFTNL_SET_COUNT:
315 *data_len = sizeof(uint32_t);
316 return &s->elemcount;
317 case NFTNL_SET_USERDATA:
318 *data_len = s->user.len;
319 return s->user.data;
320 case NFTNL_SET_EXPR:
321 list_for_each_entry(expr, &s->expr_list, head)
322 break;
323 return expr;
324 }
325 return NULL;
326}
327
328EXPORT_SYMBOL(nftnl_set_get);
329const void *nftnl_set_get(const struct nftnl_set *s, uint16_t attr)
330{
331 uint32_t data_len;
332 return nftnl_set_get_data(s, attr, &data_len);
333}
334
335EXPORT_SYMBOL(nftnl_set_get_str);
336const char *nftnl_set_get_str(const struct nftnl_set *s, uint16_t attr)
337{
338 return nftnl_set_get(s, attr);
339}
340
341EXPORT_SYMBOL(nftnl_set_get_u32);
342uint32_t nftnl_set_get_u32(const struct nftnl_set *s, uint16_t attr)
343{
344 uint32_t data_len;
345 const uint32_t *val = nftnl_set_get_data(s, attr, &data_len);
346
347 nftnl_assert(val, attr, data_len == sizeof(uint32_t));
348
349 return val ? *val : 0;
350}
351
352EXPORT_SYMBOL(nftnl_set_get_u64);
353uint64_t nftnl_set_get_u64(const struct nftnl_set *s, uint16_t attr)
354{
355 uint32_t data_len;
356 const uint64_t *val = nftnl_set_get_data(s, attr, &data_len);
357
358 nftnl_assert(val, attr, data_len == sizeof(uint64_t));
359
360 return val ? *val : 0;
361}
362
363struct nftnl_set *nftnl_set_clone(const struct nftnl_set *set)
364{
365 struct nftnl_set *newset;
366 struct nftnl_set_elem *elem, *newelem;
367
368 newset = nftnl_set_alloc();
369 if (newset == NULL)
370 return NULL;
371
372 memcpy(newset, set, sizeof(*set));
373
374 if (set->flags & (1 << NFTNL_SET_TABLE)) {
375 newset->table = strdup(set->table);
376 if (!newset->table)
377 goto err;
378 }
379 if (set->flags & (1 << NFTNL_SET_NAME)) {
380 newset->name = strdup(set->name);
381 if (!newset->name)
382 goto err;
383 }
384
385 INIT_LIST_HEAD(&newset->element_list);
386 list_for_each_entry(elem, &set->element_list, head) {
387 newelem = nftnl_set_elem_clone(elem);
388 if (newelem == NULL)
389 goto err;
390
391 list_add_tail(&newelem->head, &newset->element_list);
392 }
393
394 newset->type = NULL;
395
396 return newset;
397err:
398 nftnl_set_free(newset);
399 return NULL;
400}
401
402static void nftnl_set_nlmsg_build_desc_size_payload(struct nlmsghdr *nlh,
403 struct nftnl_set *s)
404{
405 mnl_attr_put_u32(nlh, NFTA_SET_DESC_SIZE, htonl(s->desc.size));
406}
407
408static void nftnl_set_nlmsg_build_desc_concat_payload(struct nlmsghdr *nlh,
409 struct nftnl_set *s)
410{
411 struct nlattr *nest;
412 int i;
413
414 nest = mnl_attr_nest_start(nlh, NFTA_SET_DESC_CONCAT);
415 for (i = 0; i < NFT_REG32_COUNT && i < s->desc.field_count; i++) {
416 struct nlattr *nest_elem;
417
418 nest_elem = mnl_attr_nest_start(nlh, NFTA_LIST_ELEM);
419 mnl_attr_put_u32(nlh, NFTA_SET_FIELD_LEN,
420 htonl(s->desc.field_len[i]));
421 mnl_attr_nest_end(nlh, nest_elem);
422 }
423 mnl_attr_nest_end(nlh, nest);
424}
425
426static void
427nftnl_set_nlmsg_build_desc_payload(struct nlmsghdr *nlh, struct nftnl_set *s)
428{
429 struct nlattr *nest;
430
431 nest = mnl_attr_nest_start(nlh, NFTA_SET_DESC);
432
433 if (s->flags & (1 << NFTNL_SET_DESC_SIZE))
434 nftnl_set_nlmsg_build_desc_size_payload(nlh, s);
435 if (s->flags & (1 << NFTNL_SET_DESC_CONCAT))
436 nftnl_set_nlmsg_build_desc_concat_payload(nlh, s);
437
438 mnl_attr_nest_end(nlh, nest);
439}
440
441EXPORT_SYMBOL(nftnl_set_nlmsg_build_payload);
442void nftnl_set_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set *s)
443{
444 int num_exprs = 0;
445
446 if (s->flags & (1 << NFTNL_SET_TABLE))
447 mnl_attr_put_strz(nlh, NFTA_SET_TABLE, s->table);
448 if (s->flags & (1 << NFTNL_SET_NAME))
449 mnl_attr_put_strz(nlh, NFTA_SET_NAME, s->name);
450 if (s->flags & (1 << NFTNL_SET_HANDLE))
451 mnl_attr_put_u64(nlh, NFTA_SET_HANDLE, htobe64(s->handle));
452 if (s->flags & (1 << NFTNL_SET_FLAGS))
453 mnl_attr_put_u32(nlh, NFTA_SET_FLAGS, htonl(s->set_flags));
454 if (s->flags & (1 << NFTNL_SET_KEY_TYPE))
455 mnl_attr_put_u32(nlh, NFTA_SET_KEY_TYPE, htonl(s->key_type));
456 if (s->flags & (1 << NFTNL_SET_KEY_LEN))
457 mnl_attr_put_u32(nlh, NFTA_SET_KEY_LEN, htonl(s->key_len));
458 /* These are only used to map matching -> action (1:1) */
459 if (s->flags & (1 << NFTNL_SET_DATA_TYPE))
460 mnl_attr_put_u32(nlh, NFTA_SET_DATA_TYPE, htonl(s->data_type));
461 if (s->flags & (1 << NFTNL_SET_DATA_LEN))
462 mnl_attr_put_u32(nlh, NFTA_SET_DATA_LEN, htonl(s->data_len));
463 if (s->flags & (1 << NFTNL_SET_OBJ_TYPE))
464 mnl_attr_put_u32(nlh, NFTA_SET_OBJ_TYPE, htonl(s->obj_type));
465 if (s->flags & (1 << NFTNL_SET_ID))
466 mnl_attr_put_u32(nlh, NFTA_SET_ID, htonl(s->id));
467 if (s->flags & (1 << NFTNL_SET_POLICY))
468 mnl_attr_put_u32(nlh, NFTA_SET_POLICY, htonl(s->policy));
469 if (s->flags & (1 << NFTNL_SET_DESC_SIZE | 1 << NFTNL_SET_DESC_CONCAT))
470 nftnl_set_nlmsg_build_desc_payload(nlh, s);
471 if (s->flags & (1 << NFTNL_SET_TIMEOUT))
472 mnl_attr_put_u64(nlh, NFTA_SET_TIMEOUT, htobe64(s->timeout));
473 if (s->flags & (1 << NFTNL_SET_GC_INTERVAL))
474 mnl_attr_put_u32(nlh, NFTA_SET_GC_INTERVAL, htonl(s->gc_interval));
475 if (s->flags & (1 << NFTNL_SET_USERDATA))
476 mnl_attr_put(nlh, NFTA_SET_USERDATA, s->user.len, s->user.data);
477 if (!list_empty(&s->expr_list)) {
478 struct nftnl_expr *expr;
479
480 list_for_each_entry(expr, &s->expr_list, head)
481 num_exprs++;
482
483 if (num_exprs == 1) {
484 struct nlattr *nest1;
485
486 nest1 = mnl_attr_nest_start(nlh, NFTA_SET_EXPR);
487 list_for_each_entry(expr, &s->expr_list, head)
488 nftnl_expr_build_payload(nlh, expr);
489
490 mnl_attr_nest_end(nlh, nest1);
491 } else if (num_exprs > 1) {
492 struct nlattr *nest1, *nest2;
493
494 nest1 = mnl_attr_nest_start(nlh, NFTA_SET_EXPRESSIONS);
495 list_for_each_entry(expr, &s->expr_list, head) {
496 nest2 = mnl_attr_nest_start(nlh, NFTA_LIST_ELEM);
497 nftnl_expr_build_payload(nlh, expr);
498 mnl_attr_nest_end(nlh, nest2);
499 }
500 mnl_attr_nest_end(nlh, nest1);
501 }
502 }
503}
504
505EXPORT_SYMBOL(nftnl_set_add_expr);
506void nftnl_set_add_expr(struct nftnl_set *s, struct nftnl_expr *expr)
507{
508 list_add_tail(&expr->head, &s->expr_list);
509}
510
511EXPORT_SYMBOL(nftnl_set_expr_foreach);
512int nftnl_set_expr_foreach(const struct nftnl_set *s,
513 int (*cb)(struct nftnl_expr *e, void *data),
514 void *data)
515{
516 struct nftnl_expr *cur, *tmp;
517 int ret;
518
519 list_for_each_entry_safe(cur, tmp, &s->expr_list, head) {
520 ret = cb(cur, data);
521 if (ret < 0)
522 return ret;
523 }
524 return 0;
525}
526
527static int nftnl_set_parse_attr_cb(const struct nlattr *attr, void *data)
528{
529 const struct nlattr **tb = data;
530 int type = mnl_attr_get_type(attr);
531
532 if (mnl_attr_type_valid(attr, NFTA_SET_MAX) < 0)
533 return MNL_CB_OK;
534
535 switch(type) {
536 case NFTA_SET_TABLE:
537 case NFTA_SET_NAME:
538 case NFTA_SET_TYPE:
539 if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0)
540 abi_breakage();
541 break;
542 case NFTA_SET_HANDLE:
543 if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0)
544 abi_breakage();
545 break;
546 case NFTA_SET_FLAGS:
547 case NFTA_SET_KEY_TYPE:
548 case NFTA_SET_KEY_LEN:
549 case NFTA_SET_DATA_TYPE:
550 case NFTA_SET_DATA_LEN:
551 case NFTA_SET_ID:
552 case NFTA_SET_POLICY:
553 case NFTA_SET_GC_INTERVAL:
554 case NFTA_SET_COUNT:
555 if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
556 abi_breakage();
557 break;
558 case NFTA_SET_USERDATA:
559 if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
560 abi_breakage();
561 break;
562 case NFTA_SET_TIMEOUT:
563 if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0)
564 abi_breakage();
565 break;
566 case NFTA_SET_DESC:
567 case NFTA_SET_EXPR:
568 case NFTA_SET_EXPRESSIONS:
569 if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0)
570 abi_breakage();
571 break;
572 }
573
574 tb[type] = attr;
575 return MNL_CB_OK;
576}
577
578static int
579nftnl_set_desc_concat_field_parse_attr_cb(const struct nlattr *attr, void *data)
580{
581 int type = mnl_attr_get_type(attr);
582 struct nftnl_set *s = data;
583
584 if (type != NFTA_SET_FIELD_LEN)
585 return MNL_CB_OK;
586
587 if (mnl_attr_validate(attr, MNL_TYPE_U32))
588 return MNL_CB_ERROR;
589
590 s->desc.field_len[s->desc.field_count] = ntohl(mnl_attr_get_u32(attr));
591 s->desc.field_count++;
592
593 return MNL_CB_OK;
594}
595
596static int
597nftnl_set_desc_concat_parse_attr_cb(const struct nlattr *attr, void *data)
598{
599 int type = mnl_attr_get_type(attr);
600 struct nftnl_set *s = data;
601
602 if (type != NFTA_LIST_ELEM)
603 return MNL_CB_OK;
604
605 return mnl_attr_parse_nested(attr,
606 nftnl_set_desc_concat_field_parse_attr_cb,
607 s);
608}
609
610static int nftnl_set_desc_parse_attr_cb(const struct nlattr *attr, void *data)
611{
612 int type = mnl_attr_get_type(attr), err;
613 struct nftnl_set *s = data;
614
615 if (mnl_attr_type_valid(attr, NFTA_SET_DESC_MAX) < 0)
616 return MNL_CB_OK;
617
618 switch (type) {
619 case NFTA_SET_DESC_SIZE:
620 if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) {
621 abi_breakage();
622 break;
623 }
624
625 s->desc.size = ntohl(mnl_attr_get_u32(attr));
626 s->flags |= (1 << NFTNL_SET_DESC_SIZE);
627 break;
628 case NFTA_SET_DESC_CONCAT:
629 err = mnl_attr_parse_nested(attr,
630 nftnl_set_desc_concat_parse_attr_cb,
631 s);
632 if (err != MNL_CB_OK)
633 abi_breakage();
634
635 s->flags |= (1 << NFTNL_SET_DESC_CONCAT);
636 break;
637 default:
638 break;
639 }
640
641 return MNL_CB_OK;
642}
643
644static int nftnl_set_desc_parse(struct nftnl_set *s, const struct nlattr *attr)
645{
646 return mnl_attr_parse_nested(attr, nftnl_set_desc_parse_attr_cb, s);
647}
648
649EXPORT_SYMBOL(nftnl_set_nlmsg_parse);
650int nftnl_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_set *s)
651{
652 struct nlattr *tb[NFTA_SET_MAX+1] = {};
653 struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh);
654 struct nftnl_expr *expr, *next;
655 int ret;
656
657 if (mnl_attr_parse(nlh, sizeof(*nfg), nftnl_set_parse_attr_cb, tb) < 0)
658 return -1;
659
660 if (nftnl_parse_str_attr(tb[NFTA_SET_TABLE], NFTNL_SET_TABLE,
661 &s->table, &s->flags) < 0)
662 return -1;
663 if (nftnl_parse_str_attr(tb[NFTA_SET_NAME], NFTNL_SET_NAME,
664 &s->name, &s->flags) < 0)
665 return -1;
666 if (tb[NFTA_SET_HANDLE]) {
667 s->handle = be64toh(mnl_attr_get_u64(tb[NFTA_SET_HANDLE]));
668 s->flags |= (1 << NFTNL_SET_HANDLE);
669 }
670 if (tb[NFTA_SET_FLAGS]) {
671 s->set_flags = ntohl(mnl_attr_get_u32(tb[NFTA_SET_FLAGS]));
672 s->flags |= (1 << NFTNL_SET_FLAGS);
673 }
674 if (tb[NFTA_SET_KEY_TYPE]) {
675 s->key_type = ntohl(mnl_attr_get_u32(tb[NFTA_SET_KEY_TYPE]));
676 s->flags |= (1 << NFTNL_SET_KEY_TYPE);
677 }
678 if (tb[NFTA_SET_KEY_LEN]) {
679 s->key_len = ntohl(mnl_attr_get_u32(tb[NFTA_SET_KEY_LEN]));
680 s->flags |= (1 << NFTNL_SET_KEY_LEN);
681 }
682 if (tb[NFTA_SET_DATA_TYPE]) {
683 s->data_type = ntohl(mnl_attr_get_u32(tb[NFTA_SET_DATA_TYPE]));
684 s->flags |= (1 << NFTNL_SET_DATA_TYPE);
685 }
686 if (tb[NFTA_SET_DATA_LEN]) {
687 s->data_len = ntohl(mnl_attr_get_u32(tb[NFTA_SET_DATA_LEN]));
688 s->flags |= (1 << NFTNL_SET_DATA_LEN);
689 }
690 if (tb[NFTA_SET_OBJ_TYPE]) {
691 s->obj_type = ntohl(mnl_attr_get_u32(tb[NFTA_SET_OBJ_TYPE]));
692 s->flags |= (1 << NFTNL_SET_OBJ_TYPE);
693 }
694 if (tb[NFTA_SET_ID]) {
695 s->id = ntohl(mnl_attr_get_u32(tb[NFTA_SET_ID]));
696 s->flags |= (1 << NFTNL_SET_ID);
697 }
698 if (tb[NFTA_SET_POLICY]) {
699 s->policy = ntohl(mnl_attr_get_u32(tb[NFTA_SET_POLICY]));
700 s->flags |= (1 << NFTNL_SET_POLICY);
701 }
702 if (tb[NFTA_SET_TIMEOUT]) {
703 s->timeout = be64toh(mnl_attr_get_u64(tb[NFTA_SET_TIMEOUT]));
704 s->flags |= (1 << NFTNL_SET_TIMEOUT);
705 }
706 if (tb[NFTA_SET_GC_INTERVAL]) {
707 s->gc_interval = ntohl(mnl_attr_get_u32(tb[NFTA_SET_GC_INTERVAL]));
708 s->flags |= (1 << NFTNL_SET_GC_INTERVAL);
709 }
710 if (tb[NFTA_SET_USERDATA]) {
711 ret = nftnl_set_set_data(s, NFTNL_SET_USERDATA,
712 mnl_attr_get_payload(tb[NFTA_SET_USERDATA]),
713 mnl_attr_get_payload_len(tb[NFTA_SET_USERDATA]));
714 if (ret < 0)
715 return ret;
716 }
717 if (tb[NFTA_SET_DESC]) {
718 ret = nftnl_set_desc_parse(s, tb[NFTA_SET_DESC]);
719 if (ret < 0)
720 return ret;
721 }
722 if (tb[NFTA_SET_EXPR]) {
723 expr = nftnl_expr_parse(tb[NFTA_SET_EXPR]);
724 if (!expr)
725 goto out_set_expr;
726
727 list_add(&expr->head, &s->expr_list);
728 s->flags |= (1 << NFTNL_SET_EXPR);
729 } else if (tb[NFTA_SET_EXPRESSIONS]) {
730 struct nlattr *attr;
731
732 mnl_attr_for_each_nested(attr, tb[NFTA_SET_EXPRESSIONS]) {
733 if (mnl_attr_get_type(attr) != NFTA_LIST_ELEM)
734 goto out_set_expr;
735
736 expr = nftnl_expr_parse(attr);
737 if (expr == NULL)
738 goto out_set_expr;
739
740 list_add_tail(&expr->head, &s->expr_list);
741 }
742 s->flags |= (1 << NFTNL_SET_EXPRESSIONS);
743 }
744
745 if (tb[NFTA_SET_TYPE]) {
746 xfree(s->type);
747 s->type = strdup(mnl_attr_get_str(tb[NFTA_SET_TYPE]));
748 }
749
750 if (tb[NFTA_SET_COUNT]) {
751 s->elemcount = ntohl(mnl_attr_get_u32(tb[NFTA_SET_COUNT]));
752 s->flags |= (1 << NFTNL_SET_COUNT);
753 }
754
755 s->family = nfg->nfgen_family;
756 s->flags |= (1 << NFTNL_SET_FAMILY);
757
758 return 0;
759out_set_expr:
760 list_for_each_entry_safe(expr, next, &s->expr_list, head) {
761 list_del(&expr->head);
762 nftnl_expr_free(expr);
763 }
764
765 return -1;
766}
767
768EXPORT_SYMBOL(nftnl_set_parse);
769int nftnl_set_parse(struct nftnl_set *s, enum nftnl_parse_type type,
770 const char *data, struct nftnl_parse_err *err)
771{
772 errno = EOPNOTSUPP;
773
774 return -1;
775}
776
777EXPORT_SYMBOL(nftnl_set_parse_file);
778int nftnl_set_parse_file(struct nftnl_set *s, enum nftnl_parse_type type,
779 FILE *fp, struct nftnl_parse_err *err)
780{
781 errno = EOPNOTSUPP;
782
783 return -1;
784}
785
786static int nftnl_set_snprintf_default(char *buf, size_t remain,
787 const struct nftnl_set *s,
788 uint32_t type, uint32_t flags)
789{
790 struct nftnl_set_elem *elem;
791 int ret, offset = 0;
792
793 ret = snprintf(buf, remain, "%s %s %x",
794 s->name, s->table, s->set_flags);
795 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
796
797 if (s->flags & (1 << NFTNL_SET_TIMEOUT)) {
798 ret = snprintf(buf + offset, remain, " timeout %"PRIu64"ms",
799 s->timeout);
800 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
801 }
802
803 if (s->flags & (1 << NFTNL_SET_GC_INTERVAL)) {
804 ret = snprintf(buf + offset, remain, " gc_interval %ums",
805 s->gc_interval);
806 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
807 }
808
809 if (s->flags & (1 << NFTNL_SET_POLICY)) {
810 ret = snprintf(buf + offset, remain, " policy %u", s->policy);
811 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
812 }
813
814 if (s->flags & (1 << NFTNL_SET_DESC_SIZE)) {
815 ret = snprintf(buf + offset, remain, " size %u", s->desc.size);
816 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
817 }
818
819 if (s->type) {
820 ret = snprintf(buf + offset, remain, " backend %s", s->type);
821 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
822 }
823
824 if (s->elemcount) {
825 ret = snprintf(buf + offset, remain, " count %u", s->elemcount);
826 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
827 }
828
829 /* Empty set? Skip printinf of elements */
830 if (list_empty(&s->element_list))
831 return offset;
832
833 ret = snprintf(buf + offset, remain, "\n");
834 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
835
836 list_for_each_entry(elem, &s->element_list, head) {
837 ret = snprintf(buf + offset, remain, "\t");
838 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
839
840 ret = nftnl_set_elem_snprintf_default(buf + offset, remain,
841 elem);
842 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
843 }
844
845 return offset;
846}
847
848static int nftnl_set_cmd_snprintf(char *buf, size_t remain,
849 const struct nftnl_set *s, uint32_t cmd,
850 uint32_t type, uint32_t flags)
851{
852 uint32_t inner_flags = flags;
853 int ret, offset = 0;
854
855 if (type != NFTNL_OUTPUT_DEFAULT)
856 return -1;
857
858 /* prevent set_elems to print as events */
859 inner_flags &= ~NFTNL_OF_EVENT_ANY;
860
861 ret = nftnl_set_snprintf_default(buf + offset, remain, s, type,
862 inner_flags);
863 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
864 return offset;
865}
866
867EXPORT_SYMBOL(nftnl_set_snprintf);
868int nftnl_set_snprintf(char *buf, size_t size, const struct nftnl_set *s,
869 uint32_t type, uint32_t flags)
870{
871 if (size)
872 buf[0] = '\0';
873
874 return nftnl_set_cmd_snprintf(buf, size, s, nftnl_flag2cmd(flags), type,
875 flags);
876}
877
878static int nftnl_set_do_snprintf(char *buf, size_t size, const void *s,
879 uint32_t cmd, uint32_t type, uint32_t flags)
880{
881 return nftnl_set_snprintf(buf, size, s, type, flags);
882}
883
884EXPORT_SYMBOL(nftnl_set_fprintf);
885int nftnl_set_fprintf(FILE *fp, const struct nftnl_set *s, uint32_t type,
886 uint32_t flags)
887{
888 return nftnl_fprintf(fp, s, NFTNL_CMD_UNSPEC, type, flags,
889 nftnl_set_do_snprintf);
890}
891
892EXPORT_SYMBOL(nftnl_set_elem_add);
893void nftnl_set_elem_add(struct nftnl_set *s, struct nftnl_set_elem *elem)
894{
895 list_add_tail(&elem->head, &s->element_list);
896}
897
898#define SET_NAME_HSIZE 512
899
900struct nftnl_set_list {
901 struct list_head list;
902 struct hlist_head name_hash[SET_NAME_HSIZE];
903};
904
905EXPORT_SYMBOL(nftnl_set_list_alloc);
906struct nftnl_set_list *nftnl_set_list_alloc(void)
907{
908 struct nftnl_set_list *list;
909 int i;
910
911 list = calloc(1, sizeof(struct nftnl_set_list));
912 if (list == NULL)
913 return NULL;
914
915 INIT_LIST_HEAD(&list->list);
916 for (i = 0; i < SET_NAME_HSIZE; i++)
917 INIT_HLIST_HEAD(&list->name_hash[i]);
918
919 return list;
920}
921
922EXPORT_SYMBOL(nftnl_set_list_free);
923void nftnl_set_list_free(struct nftnl_set_list *list)
924{
925 struct nftnl_set *s, *tmp;
926
927 list_for_each_entry_safe(s, tmp, &list->list, head) {
928 list_del(&s->head);
929 hlist_del(&s->hnode);
930 nftnl_set_free(s);
931 }
932 xfree(list);
933}
934
935EXPORT_SYMBOL(nftnl_set_list_is_empty);
936int nftnl_set_list_is_empty(const struct nftnl_set_list *list)
937{
938 return list_empty(&list->list);
939}
940
941static uint32_t djb_hash(const char *key)
942{
943 uint32_t i, hash = 5381;
944
945 for (i = 0; i < strlen(key); i++)
946 hash = ((hash << 5) + hash) + key[i];
947
948 return hash;
949}
950
951EXPORT_SYMBOL(nftnl_set_list_add);
952void nftnl_set_list_add(struct nftnl_set *s, struct nftnl_set_list *list)
953{
954 int key = djb_hash(s->name) % SET_NAME_HSIZE;
955
956 hlist_add_head(&s->hnode, &list->name_hash[key]);
957 list_add(&s->head, &list->list);
958}
959
960EXPORT_SYMBOL(nftnl_set_list_add_tail);
961void nftnl_set_list_add_tail(struct nftnl_set *s, struct nftnl_set_list *list)
962{
963 int key = djb_hash(s->name) % SET_NAME_HSIZE;
964
965 hlist_add_head(&s->hnode, &list->name_hash[key]);
966 list_add_tail(&s->head, &list->list);
967}
968
969EXPORT_SYMBOL(nftnl_set_list_del);
970void nftnl_set_list_del(struct nftnl_set *s)
971{
972 list_del(&s->head);
973 hlist_del(&s->hnode);
974}
975
976EXPORT_SYMBOL(nftnl_set_list_foreach);
977int nftnl_set_list_foreach(struct nftnl_set_list *set_list,
978 int (*cb)(struct nftnl_set *t, void *data), void *data)
979{
980 struct nftnl_set *cur, *tmp;
981 int ret;
982
983 list_for_each_entry_safe(cur, tmp, &set_list->list, head) {
984 ret = cb(cur, data);
985 if (ret < 0)
986 return ret;
987 }
988 return 0;
989}
990
991struct nftnl_set_list_iter {
992 const struct nftnl_set_list *list;
993 struct nftnl_set *cur;
994};
995
996EXPORT_SYMBOL(nftnl_set_list_iter_create);
997struct nftnl_set_list_iter *
998nftnl_set_list_iter_create(const struct nftnl_set_list *l)
999{
1000 struct nftnl_set_list_iter *iter;
1001
1002 iter = calloc(1, sizeof(struct nftnl_set_list_iter));
1003 if (iter == NULL)
1004 return NULL;
1005
1006 iter->list = l;
1007 if (nftnl_set_list_is_empty(l))
1008 iter->cur = NULL;
1009 else
1010 iter->cur = list_entry(l->list.next, struct nftnl_set, head);
1011
1012 return iter;
1013}
1014
1015EXPORT_SYMBOL(nftnl_set_list_iter_cur);
1016struct nftnl_set *
1017nftnl_set_list_iter_cur(const struct nftnl_set_list_iter *iter)
1018{
1019 return iter->cur;
1020}
1021
1022EXPORT_SYMBOL(nftnl_set_list_iter_next);
1023struct nftnl_set *nftnl_set_list_iter_next(struct nftnl_set_list_iter *iter)
1024{
1025 struct nftnl_set *s = iter->cur;
1026
1027 if (s == NULL)
1028 return NULL;
1029
1030 /* get next rule, if any */
1031 iter->cur = list_entry(iter->cur->head.next, struct nftnl_set, head);
1032 if (&iter->cur->head == iter->list->list.next)
1033 return NULL;
1034
1035 return s;
1036}
1037
1038EXPORT_SYMBOL(nftnl_set_list_iter_destroy);
1039void nftnl_set_list_iter_destroy(const struct nftnl_set_list_iter *iter)
1040{
1041 xfree(iter);
1042}
1043
1044EXPORT_SYMBOL(nftnl_set_list_lookup_byname);
1045struct nftnl_set *
1046nftnl_set_list_lookup_byname(struct nftnl_set_list *set_list, const char *set)
1047{
1048 int key = djb_hash(set) % SET_NAME_HSIZE;
1049 struct hlist_node *n;
1050 struct nftnl_set *s;
1051
1052 hlist_for_each_entry(s, n, &set_list->name_hash[key], hnode) {
1053 if (!strcmp(set, s->name))
1054 return s;
1055 }
1056 return NULL;
1057}
1058
1059int nftnl_set_lookup_id(struct nftnl_expr *e,
1060 struct nftnl_set_list *set_list, uint32_t *set_id)
1061{
1062 const char *set_name;
1063 struct nftnl_set *s;
1064
1065 set_name = nftnl_expr_get_str(e, NFTNL_EXPR_LOOKUP_SET);
1066 if (set_name == NULL)
1067 return 0;
1068
1069 s = nftnl_set_list_lookup_byname(set_list, set_name);
1070 if (s == NULL)
1071 return 0;
1072
1073 *set_id = nftnl_set_get_u32(s, NFTNL_SET_ID);
1074 return 1;
1075}
nftnl_set_list_iter
Definition set.c:991
nftnl_set_list
Definition set.c:900
Generated by doxygen 1.15.0