libnftnl 1.3.1
set_elem.c
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * (C) 2012-2013 by Pablo Neira Ayuso <pablo@netfilter.org>
4 *
5 * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
6 */
7#include "internal.h"
8
9#include <time.h>
10#include <endian.h>
11#include <stdint.h>
12#include <stdlib.h>
13#include <string.h>
14#include <netinet/in.h>
15#include <errno.h>
16#include <ctype.h>
17
18#include <libmnl/libmnl.h>
19#include <linux/netfilter/nfnetlink.h>
20#include <linux/netfilter/nf_tables.h>
21
22#include <libnftnl/set.h>
23#include <libnftnl/rule.h>
24#include <libnftnl/expr.h>
25
26EXPORT_SYMBOL(nftnl_set_elem_alloc);
27struct nftnl_set_elem *nftnl_set_elem_alloc(void)
28{
29 struct nftnl_set_elem *s;
30
31 s = calloc(1, sizeof(struct nftnl_set_elem));
32 if (s == NULL)
33 return NULL;
34
35 INIT_LIST_HEAD(&s->expr_list);
36
37 return s;
38}
39
40EXPORT_SYMBOL(nftnl_set_elem_free);
41void nftnl_set_elem_free(struct nftnl_set_elem *s)
42{
43 struct nftnl_expr *e, *tmp;
44
45 if (s->flags & (1 << NFTNL_SET_ELEM_CHAIN))
46 xfree(s->data.chain);
47
48 list_for_each_entry_safe(e, tmp, &s->expr_list, head)
49 nftnl_expr_free(e);
50
51 if (s->flags & (1 << NFTNL_SET_ELEM_USERDATA))
52 xfree(s->user.data);
53
54 if (s->flags & (1 << NFTNL_SET_ELEM_OBJREF))
55 xfree(s->objref);
56
57 xfree(s);
58}
59
60EXPORT_SYMBOL(nftnl_set_elem_is_set);
61bool nftnl_set_elem_is_set(const struct nftnl_set_elem *s, uint16_t attr)
62{
63 return s->flags & (1 << attr);
64}
65
66EXPORT_SYMBOL(nftnl_set_elem_unset);
67void nftnl_set_elem_unset(struct nftnl_set_elem *s, uint16_t attr)
68{
69 struct nftnl_expr *expr, *tmp;
70
71 if (!(s->flags & (1 << attr)))
72 return;
73
74 switch (attr) {
75 case NFTNL_SET_ELEM_CHAIN:
76 xfree(s->data.chain);
77 break;
78 case NFTNL_SET_ELEM_FLAGS:
79 case NFTNL_SET_ELEM_KEY: /* NFTA_SET_ELEM_KEY */
80 case NFTNL_SET_ELEM_KEY_END: /* NFTA_SET_ELEM_KEY_END */
81 case NFTNL_SET_ELEM_VERDICT: /* NFTA_SET_ELEM_DATA */
82 case NFTNL_SET_ELEM_DATA: /* NFTA_SET_ELEM_DATA */
83 case NFTNL_SET_ELEM_TIMEOUT: /* NFTA_SET_ELEM_TIMEOUT */
84 case NFTNL_SET_ELEM_EXPIRATION: /* NFTA_SET_ELEM_EXPIRATION */
85 break;
86 case NFTNL_SET_ELEM_USERDATA: /* NFTA_SET_ELEM_USERDATA */
87 xfree(s->user.data);
88 break;
89 case NFTNL_SET_ELEM_EXPR:
90 case NFTNL_SET_ELEM_EXPRESSIONS:
91 list_for_each_entry_safe(expr, tmp, &s->expr_list, head)
92 nftnl_expr_free(expr);
93 break;
94 case NFTNL_SET_ELEM_OBJREF:
95 xfree(s->objref);
96 break;
97 default:
98 return;
99 }
100
101 s->flags &= ~(1 << attr);
102}
103
104static uint32_t nftnl_set_elem_validate[NFTNL_SET_ELEM_MAX + 1] = {
105 [NFTNL_SET_ELEM_FLAGS] = sizeof(uint32_t),
106 [NFTNL_SET_ELEM_VERDICT] = sizeof(uint32_t),
107 [NFTNL_SET_ELEM_TIMEOUT] = sizeof(uint64_t),
108 [NFTNL_SET_ELEM_EXPIRATION] = sizeof(uint64_t),
109};
110
111EXPORT_SYMBOL(nftnl_set_elem_set);
112int nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr,
113 const void *data, uint32_t data_len)
114{
115 struct nftnl_expr *expr, *tmp;
116
117 nftnl_assert_attr_exists(attr, NFTNL_SET_ELEM_MAX);
118 nftnl_assert_validate(data, nftnl_set_elem_validate, attr, data_len);
119
120 switch(attr) {
121 case NFTNL_SET_ELEM_FLAGS:
122 memcpy(&s->set_elem_flags, data, sizeof(s->set_elem_flags));
123 break;
124 case NFTNL_SET_ELEM_KEY: /* NFTA_SET_ELEM_KEY */
125 if (nftnl_data_cpy(&s->key, data, data_len) < 0)
126 return -1;
127 break;
128 case NFTNL_SET_ELEM_KEY_END: /* NFTA_SET_ELEM_KEY_END */
129 if (nftnl_data_cpy(&s->key_end, data, data_len) < 0)
130 return -1;
131 break;
132 case NFTNL_SET_ELEM_VERDICT: /* NFTA_SET_ELEM_DATA */
133 memcpy(&s->data.verdict, data, sizeof(s->data.verdict));
134 break;
135 case NFTNL_SET_ELEM_CHAIN: /* NFTA_SET_ELEM_DATA */
136 if (s->flags & (1 << NFTNL_SET_ELEM_CHAIN))
137 xfree(s->data.chain);
138
139 s->data.chain = strdup(data);
140 if (!s->data.chain)
141 return -1;
142 break;
143 case NFTNL_SET_ELEM_DATA: /* NFTA_SET_ELEM_DATA */
144 if (nftnl_data_cpy(&s->data, data, data_len) < 0)
145 return -1;
146 break;
147 case NFTNL_SET_ELEM_TIMEOUT: /* NFTA_SET_ELEM_TIMEOUT */
148 memcpy(&s->timeout, data, sizeof(s->timeout));
149 break;
150 case NFTNL_SET_ELEM_EXPIRATION: /* NFTA_SET_ELEM_EXPIRATION */
151 memcpy(&s->expiration, data, sizeof(s->expiration));
152 break;
153 case NFTNL_SET_ELEM_USERDATA: /* NFTA_SET_ELEM_USERDATA */
154 if (s->flags & (1 << NFTNL_SET_ELEM_USERDATA))
155 xfree(s->user.data);
156
157 s->user.data = malloc(data_len);
158 if (!s->user.data)
159 return -1;
160 memcpy(s->user.data, data, data_len);
161 s->user.len = data_len;
162 break;
163 case NFTNL_SET_ELEM_OBJREF:
164 if (s->flags & (1 << NFTNL_SET_ELEM_OBJREF))
165 xfree(s->objref);
166
167 s->objref = strdup(data);
168 if (!s->objref)
169 return -1;
170 break;
171 case NFTNL_SET_ELEM_EXPR:
172 list_for_each_entry_safe(expr, tmp, &s->expr_list, head)
173 nftnl_expr_free(expr);
174
175 expr = (void *)data;
176 list_add(&expr->head, &s->expr_list);
177 break;
178 }
179 s->flags |= (1 << attr);
180 return 0;
181}
182
183EXPORT_SYMBOL(nftnl_set_elem_set_u32);
184void nftnl_set_elem_set_u32(struct nftnl_set_elem *s, uint16_t attr, uint32_t val)
185{
186 nftnl_set_elem_set(s, attr, &val, sizeof(uint32_t));
187}
188
189EXPORT_SYMBOL(nftnl_set_elem_set_u64);
190void nftnl_set_elem_set_u64(struct nftnl_set_elem *s, uint16_t attr, uint64_t val)
191{
192 nftnl_set_elem_set(s, attr, &val, sizeof(uint64_t));
193}
194
195EXPORT_SYMBOL(nftnl_set_elem_set_str);
196int nftnl_set_elem_set_str(struct nftnl_set_elem *s, uint16_t attr, const char *str)
197{
198 return nftnl_set_elem_set(s, attr, str, strlen(str) + 1);
199}
200
201EXPORT_SYMBOL(nftnl_set_elem_get);
202const void *nftnl_set_elem_get(struct nftnl_set_elem *s, uint16_t attr, uint32_t *data_len)
203{
204 struct nftnl_expr *expr;
205
206 if (!(s->flags & (1 << attr)))
207 return NULL;
208
209 switch(attr) {
210 case NFTNL_SET_ELEM_FLAGS:
211 *data_len = sizeof(s->set_elem_flags);
212 return &s->set_elem_flags;
213 case NFTNL_SET_ELEM_KEY: /* NFTA_SET_ELEM_KEY */
214 *data_len = s->key.len;
215 return &s->key.val;
216 case NFTNL_SET_ELEM_KEY_END: /* NFTA_SET_ELEM_KEY_END */
217 *data_len = s->key_end.len;
218 return &s->key_end.val;
219 case NFTNL_SET_ELEM_VERDICT: /* NFTA_SET_ELEM_DATA */
220 *data_len = sizeof(s->data.verdict);
221 return &s->data.verdict;
222 case NFTNL_SET_ELEM_CHAIN: /* NFTA_SET_ELEM_DATA */
223 *data_len = strlen(s->data.chain) + 1;
224 return s->data.chain;
225 case NFTNL_SET_ELEM_DATA: /* NFTA_SET_ELEM_DATA */
226 *data_len = s->data.len;
227 return &s->data.val;
228 case NFTNL_SET_ELEM_TIMEOUT: /* NFTA_SET_ELEM_TIMEOUT */
229 *data_len = sizeof(s->timeout);
230 return &s->timeout;
231 case NFTNL_SET_ELEM_EXPIRATION: /* NFTA_SET_ELEM_EXPIRATION */
232 *data_len = sizeof(s->expiration);
233 return &s->expiration;
234 case NFTNL_SET_ELEM_USERDATA:
235 *data_len = s->user.len;
236 return s->user.data;
237 case NFTNL_SET_ELEM_EXPR:
238 list_for_each_entry(expr, &s->expr_list, head)
239 break;
240 return expr;
241 case NFTNL_SET_ELEM_OBJREF:
242 *data_len = strlen(s->objref) + 1;
243 return s->objref;
244 }
245 return NULL;
246}
247
248EXPORT_SYMBOL(nftnl_set_elem_get_str);
249const char *nftnl_set_elem_get_str(struct nftnl_set_elem *s, uint16_t attr)
250{
251 uint32_t size;
252
253 return nftnl_set_elem_get(s, attr, &size);
254}
255
256EXPORT_SYMBOL(nftnl_set_elem_get_u32);
257uint32_t nftnl_set_elem_get_u32(struct nftnl_set_elem *s, uint16_t attr)
258{
259 uint32_t size, val;
260
261 memcpy(&val, nftnl_set_elem_get(s, attr, &size), sizeof(val));
262
263 return val;
264}
265
266EXPORT_SYMBOL(nftnl_set_elem_get_u64);
267uint64_t nftnl_set_elem_get_u64(struct nftnl_set_elem *s, uint16_t attr)
268{
269 uint32_t size;
270 uint64_t val;
271
272 memcpy(&val, nftnl_set_elem_get(s, attr, &size), sizeof(val));
273
274 return val;
275}
276
277struct nftnl_set_elem *nftnl_set_elem_clone(struct nftnl_set_elem *elem)
278{
279 struct nftnl_set_elem *newelem;
280
281 newelem = nftnl_set_elem_alloc();
282 if (newelem == NULL)
283 return NULL;
284
285 memcpy(newelem, elem, sizeof(*elem));
286
287 if (elem->flags & (1 << NFTNL_SET_ELEM_CHAIN)) {
288 newelem->data.chain = strdup(elem->data.chain);
289 if (!newelem->data.chain)
290 goto err;
291 }
292
293 return newelem;
294err:
295 nftnl_set_elem_free(newelem);
296 return NULL;
297}
298
299EXPORT_SYMBOL(nftnl_set_elem_nlmsg_build_payload);
300void nftnl_set_elem_nlmsg_build_payload(struct nlmsghdr *nlh,
301 struct nftnl_set_elem *e)
302{
303 struct nftnl_expr *expr;
304 int num_exprs = 0;
305
306 if (e->flags & (1 << NFTNL_SET_ELEM_FLAGS))
307 mnl_attr_put_u32(nlh, NFTA_SET_ELEM_FLAGS, htonl(e->set_elem_flags));
308 if (e->flags & (1 << NFTNL_SET_ELEM_TIMEOUT))
309 mnl_attr_put_u64(nlh, NFTA_SET_ELEM_TIMEOUT, htobe64(e->timeout));
310 if (e->flags & (1 << NFTNL_SET_ELEM_EXPIRATION))
311 mnl_attr_put_u64(nlh, NFTA_SET_ELEM_EXPIRATION, htobe64(e->expiration));
312 if (e->flags & (1 << NFTNL_SET_ELEM_KEY)) {
313 struct nlattr *nest1;
314
315 nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_KEY);
316 mnl_attr_put(nlh, NFTA_DATA_VALUE, e->key.len, e->key.val);
317 mnl_attr_nest_end(nlh, nest1);
318 }
319 if (e->flags & (1 << NFTNL_SET_ELEM_KEY_END)) {
320 struct nlattr *nest1;
321
322 nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_KEY_END);
323 mnl_attr_put(nlh, NFTA_DATA_VALUE, e->key_end.len,
324 e->key_end.val);
325 mnl_attr_nest_end(nlh, nest1);
326 }
327 if (e->flags & (1 << NFTNL_SET_ELEM_VERDICT)) {
328 struct nlattr *nest1, *nest2;
329
330 nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_DATA);
331 nest2 = mnl_attr_nest_start(nlh, NFTA_DATA_VERDICT);
332 mnl_attr_put_u32(nlh, NFTA_VERDICT_CODE, htonl(e->data.verdict));
333 if (e->flags & (1 << NFTNL_SET_ELEM_CHAIN))
334 mnl_attr_put_strz(nlh, NFTA_VERDICT_CHAIN, e->data.chain);
335
336 mnl_attr_nest_end(nlh, nest1);
337 mnl_attr_nest_end(nlh, nest2);
338 }
339 if (e->flags & (1 << NFTNL_SET_ELEM_DATA)) {
340 struct nlattr *nest1;
341
342 nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_DATA);
343 mnl_attr_put(nlh, NFTA_DATA_VALUE, e->data.len, e->data.val);
344 mnl_attr_nest_end(nlh, nest1);
345 }
346 if (e->flags & (1 << NFTNL_SET_ELEM_USERDATA))
347 mnl_attr_put(nlh, NFTA_SET_ELEM_USERDATA, e->user.len, e->user.data);
348 if (e->flags & (1 << NFTNL_SET_ELEM_OBJREF))
349 mnl_attr_put_strz(nlh, NFTA_SET_ELEM_OBJREF, e->objref);
350
351 if (!list_empty(&e->expr_list)) {
352 list_for_each_entry(expr, &e->expr_list, head)
353 num_exprs++;
354
355 if (num_exprs == 1) {
356 struct nlattr *nest1;
357
358 nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_EXPR);
359 list_for_each_entry(expr, &e->expr_list, head)
360 nftnl_expr_build_payload(nlh, expr);
361
362 mnl_attr_nest_end(nlh, nest1);
363 } else if (num_exprs > 1) {
364 struct nlattr *nest1, *nest2;
365
366 nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_EXPRESSIONS);
367 list_for_each_entry(expr, &e->expr_list, head) {
368 nest2 = mnl_attr_nest_start(nlh, NFTA_LIST_ELEM);
369 nftnl_expr_build_payload(nlh, expr);
370 mnl_attr_nest_end(nlh, nest2);
371 }
372 mnl_attr_nest_end(nlh, nest1);
373 }
374 }
375}
376
377static void nftnl_set_elem_nlmsg_build_def(struct nlmsghdr *nlh,
378 const struct nftnl_set *s)
379{
380 if (s->flags & (1 << NFTNL_SET_NAME))
381 mnl_attr_put_strz(nlh, NFTA_SET_ELEM_LIST_SET, s->name);
382 if (s->flags & (1 << NFTNL_SET_ID))
383 mnl_attr_put_u32(nlh, NFTA_SET_ELEM_LIST_SET_ID, htonl(s->id));
384 if (s->flags & (1 << NFTNL_SET_TABLE))
385 mnl_attr_put_strz(nlh, NFTA_SET_ELEM_LIST_TABLE, s->table);
386}
387
388EXPORT_SYMBOL(nftnl_set_elem_nlmsg_build);
389struct nlattr *nftnl_set_elem_nlmsg_build(struct nlmsghdr *nlh,
390 struct nftnl_set_elem *elem, int i)
391{
392 struct nlattr *nest2;
393
394 nest2 = mnl_attr_nest_start(nlh, i);
395 nftnl_set_elem_nlmsg_build_payload(nlh, elem);
396 mnl_attr_nest_end(nlh, nest2);
397
398 return nest2;
399}
400
401EXPORT_SYMBOL(nftnl_set_elems_nlmsg_build_payload);
402void nftnl_set_elems_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set *s)
403{
404 struct nftnl_set_elem *elem;
405 struct nlattr *nest1;
406 int i = 0;
407
408 nftnl_set_elem_nlmsg_build_def(nlh, s);
409
410 if (list_empty(&s->element_list))
411 return;
412
413 nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_LIST_ELEMENTS);
414 list_for_each_entry(elem, &s->element_list, head)
415 nftnl_set_elem_nlmsg_build(nlh, elem, ++i);
416
417 mnl_attr_nest_end(nlh, nest1);
418}
419
420EXPORT_SYMBOL(nftnl_set_elem_add_expr);
421void nftnl_set_elem_add_expr(struct nftnl_set_elem *e, struct nftnl_expr *expr)
422{
423 list_add_tail(&expr->head, &e->expr_list);
424}
425
426EXPORT_SYMBOL(nftnl_set_elem_expr_foreach);
427int nftnl_set_elem_expr_foreach(struct nftnl_set_elem *e,
428 int (*cb)(struct nftnl_expr *e, void *data),
429 void *data)
430{
431 struct nftnl_expr *cur, *tmp;
432 int ret;
433
434 list_for_each_entry_safe(cur, tmp, &e->expr_list, head) {
435 ret = cb(cur, data);
436 if (ret < 0)
437 return ret;
438 }
439 return 0;
440}
441
442static int nftnl_set_elem_parse_attr_cb(const struct nlattr *attr, void *data)
443{
444 const struct nlattr **tb = data;
445 int type = mnl_attr_get_type(attr);
446
447 if (mnl_attr_type_valid(attr, NFTA_SET_MAX) < 0)
448 return MNL_CB_OK;
449
450 switch(type) {
451 case NFTA_SET_ELEM_FLAGS:
452 if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
453 abi_breakage();
454 break;
455 case NFTA_SET_ELEM_TIMEOUT:
456 case NFTA_SET_ELEM_EXPIRATION:
457 if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0)
458 abi_breakage();
459 break;
460 case NFTA_SET_ELEM_KEY:
461 case NFTA_SET_ELEM_KEY_END:
462 case NFTA_SET_ELEM_DATA:
463 case NFTA_SET_ELEM_EXPR:
464 case NFTA_SET_ELEM_EXPRESSIONS:
465 if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0)
466 abi_breakage();
467 break;
468 case NFTA_SET_ELEM_USERDATA:
469 if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
470 abi_breakage();
471 break;
472 }
473
474 tb[type] = attr;
475 return MNL_CB_OK;
476}
477
478static int nftnl_set_elems_parse2(struct nftnl_set *s, const struct nlattr *nest)
479{
480 struct nlattr *tb[NFTA_SET_ELEM_MAX+1] = {};
481 struct nftnl_set_elem *e;
482 int ret, type;
483
484 e = nftnl_set_elem_alloc();
485 if (e == NULL)
486 return -1;
487
488 ret = mnl_attr_parse_nested(nest, nftnl_set_elem_parse_attr_cb, tb);
489 if (ret < 0)
490 goto out_set_elem;
491
492 if (tb[NFTA_SET_ELEM_FLAGS]) {
493 e->set_elem_flags =
494 ntohl(mnl_attr_get_u32(tb[NFTA_SET_ELEM_FLAGS]));
495 e->flags |= (1 << NFTNL_SET_ELEM_FLAGS);
496 }
497 if (tb[NFTA_SET_ELEM_TIMEOUT]) {
498 e->timeout = be64toh(mnl_attr_get_u64(tb[NFTA_SET_ELEM_TIMEOUT]));
499 e->flags |= (1 << NFTNL_SET_ELEM_TIMEOUT);
500 }
501 if (tb[NFTA_SET_ELEM_EXPIRATION]) {
502 e->expiration = be64toh(mnl_attr_get_u64(tb[NFTA_SET_ELEM_EXPIRATION]));
503 e->flags |= (1 << NFTNL_SET_ELEM_EXPIRATION);
504 }
505 if (tb[NFTA_SET_ELEM_KEY]) {
506 ret = nftnl_parse_data(&e->key, tb[NFTA_SET_ELEM_KEY], &type);
507 if (ret < 0)
508 goto out_set_elem;
509 e->flags |= (1 << NFTNL_SET_ELEM_KEY);
510 }
511 if (tb[NFTA_SET_ELEM_KEY_END]) {
512 ret = nftnl_parse_data(&e->key_end, tb[NFTA_SET_ELEM_KEY_END],
513 &type);
514 if (ret < 0)
515 goto out_set_elem;
516 e->flags |= (1 << NFTNL_SET_ELEM_KEY_END);
517 }
518 if (tb[NFTA_SET_ELEM_DATA]) {
519 ret = nftnl_parse_data(&e->data, tb[NFTA_SET_ELEM_DATA], &type);
520 if (ret < 0)
521 goto out_set_elem;
522 switch(type) {
523 case DATA_VERDICT:
524 e->flags |= (1 << NFTNL_SET_ELEM_VERDICT);
525 break;
526 case DATA_CHAIN:
527 e->flags |= (1 << NFTNL_SET_ELEM_VERDICT) |
528 (1 << NFTNL_SET_ELEM_CHAIN);
529 break;
530 case DATA_VALUE:
531 e->flags |= (1 << NFTNL_SET_ELEM_DATA);
532 break;
533 }
534 }
535 if (tb[NFTA_SET_ELEM_EXPR]) {
536 struct nftnl_expr *expr;
537
538 expr = nftnl_expr_parse(tb[NFTA_SET_ELEM_EXPR]);
539 if (expr == NULL) {
540 ret = -1;
541 goto out_set_elem;
542 }
543 list_add_tail(&expr->head, &e->expr_list);
544 e->flags |= (1 << NFTNL_SET_ELEM_EXPR);
545 } else if (tb[NFTA_SET_ELEM_EXPRESSIONS]) {
546 struct nftnl_expr *expr;
547 struct nlattr *attr;
548
549 mnl_attr_for_each_nested(attr, tb[NFTA_SET_ELEM_EXPRESSIONS]) {
550 if (mnl_attr_get_type(attr) != NFTA_LIST_ELEM) {
551 ret = -1;
552 goto out_set_elem;
553 }
554 expr = nftnl_expr_parse(attr);
555 if (expr == NULL) {
556 ret = -1;
557 goto out_set_elem;
558 }
559 list_add_tail(&expr->head, &e->expr_list);
560 }
561 e->flags |= (1 << NFTNL_SET_ELEM_EXPRESSIONS);
562 }
563 if (tb[NFTA_SET_ELEM_USERDATA]) {
564 const void *udata =
565 mnl_attr_get_payload(tb[NFTA_SET_ELEM_USERDATA]);
566
567 if (e->flags & (1 << NFTNL_RULE_USERDATA))
568 xfree(e->user.data);
569
570 e->user.len = mnl_attr_get_payload_len(tb[NFTA_SET_ELEM_USERDATA]);
571 e->user.data = malloc(e->user.len);
572 if (e->user.data == NULL) {
573 ret = -1;
574 goto out_set_elem;
575 }
576 memcpy(e->user.data, udata, e->user.len);
577 e->flags |= (1 << NFTNL_RULE_USERDATA);
578 }
579 if (nftnl_parse_str_attr(tb[NFTA_SET_ELEM_OBJREF],
580 NFTNL_SET_ELEM_OBJREF,
581 &e->objref, &e->flags) < 0) {
582 ret = -1;
583 goto out_set_elem;
584 }
585
586 /* Add this new element to this set */
587 list_add_tail(&e->head, &s->element_list);
588
589 return 0;
590out_set_elem:
591 nftnl_set_elem_free(e);
592 return ret;
593}
594
595static int
596nftnl_set_elem_list_parse_attr_cb(const struct nlattr *attr, void *data)
597{
598 const struct nlattr **tb = data;
599 int type = mnl_attr_get_type(attr);
600
601 if (mnl_attr_type_valid(attr, NFTA_SET_ELEM_LIST_MAX) < 0)
602 return MNL_CB_OK;
603
604 switch(type) {
605 case NFTA_SET_ELEM_LIST_TABLE:
606 case NFTA_SET_ELEM_LIST_SET:
607 if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0)
608 abi_breakage();
609 break;
610 case NFTA_SET_ELEM_LIST_ELEMENTS:
611 if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0)
612 abi_breakage();
613 break;
614 }
615
616 tb[type] = attr;
617 return MNL_CB_OK;
618}
619
620static int nftnl_set_elems_parse(struct nftnl_set *s, const struct nlattr *nest)
621{
622 struct nlattr *attr;
623 int ret = 0;
624
625 mnl_attr_for_each_nested(attr, nest) {
626 if (mnl_attr_get_type(attr) != NFTA_LIST_ELEM)
627 return -1;
628
629 ret = nftnl_set_elems_parse2(s, attr);
630 if (ret < 0)
631 return ret;
632 }
633 return ret;
634}
635
636EXPORT_SYMBOL(nftnl_set_elems_nlmsg_parse);
637int nftnl_set_elems_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_set *s)
638{
639 struct nlattr *tb[NFTA_SET_ELEM_LIST_MAX+1] = {};
640 struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh);
641 int ret;
642
643 if (mnl_attr_parse(nlh, sizeof(*nfg),
644 nftnl_set_elem_list_parse_attr_cb, tb) < 0)
645 return -1;
646
647 if (nftnl_parse_str_attr(tb[NFTA_SET_ELEM_LIST_TABLE],
648 NFTNL_SET_TABLE,
649 &s->table, &s->flags) < 0)
650 return -1;
651 if (nftnl_parse_str_attr(tb[NFTA_SET_ELEM_LIST_SET],
652 NFTNL_SET_NAME,
653 &s->name, &s->flags) < 0)
654 return -1;
655 if (tb[NFTA_SET_ELEM_LIST_SET_ID]) {
656 s->id = ntohl(mnl_attr_get_u32(tb[NFTA_SET_ELEM_LIST_SET_ID]));
657 s->flags |= (1 << NFTNL_SET_ID);
658 }
659 if (tb[NFTA_SET_ELEM_LIST_ELEMENTS]) {
660 ret = nftnl_set_elems_parse(s, tb[NFTA_SET_ELEM_LIST_ELEMENTS]);
661 if (ret < 0)
662 return ret;
663 }
664
665 s->family = nfg->nfgen_family;
666 s->flags |= (1 << NFTNL_SET_FAMILY);
667
668 return 0;
669}
670
671EXPORT_SYMBOL(nftnl_set_elem_parse);
672int nftnl_set_elem_parse(struct nftnl_set_elem *e, enum nftnl_parse_type type,
673 const char *data, struct nftnl_parse_err *err)
674{
675 errno = EOPNOTSUPP;
676 return -1;
677}
678
679EXPORT_SYMBOL(nftnl_set_elem_parse_file);
680int nftnl_set_elem_parse_file(struct nftnl_set_elem *e, enum nftnl_parse_type type,
681 FILE *fp, struct nftnl_parse_err *err)
682{
683 errno = EOPNOTSUPP;
684 return -1;
685}
686
687int nftnl_set_elem_snprintf_default(char *buf, size_t remain,
688 const struct nftnl_set_elem *e)
689{
690 int ret, dregtype = DATA_VALUE, offset = 0, i;
691
692 ret = snprintf(buf, remain, "element ");
693 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
694
695 ret = nftnl_data_reg_snprintf(buf + offset, remain, &e->key,
696 DATA_F_NOPFX, DATA_VALUE);
697 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
698
699 if (e->flags & (1 << NFTNL_SET_ELEM_KEY_END)) {
700 ret = snprintf(buf + offset, remain, " - ");
701 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
702
703 ret = nftnl_data_reg_snprintf(buf + offset, remain, &e->key_end,
704 DATA_F_NOPFX, DATA_VALUE);
705 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
706 }
707
708 ret = snprintf(buf + offset, remain, " : ");
709 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
710
711 if (e->flags & (1 << NFTNL_SET_ELEM_VERDICT))
712 dregtype = DATA_VERDICT;
713
714 ret = nftnl_data_reg_snprintf(buf + offset, remain, &e->data,
715 DATA_F_NOPFX, dregtype);
716 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
717
718 ret = snprintf(buf + offset, remain, "%u [end]", e->set_elem_flags);
719 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
720
721 if (e->user.len) {
722 ret = snprintf(buf + offset, remain, " userdata = { ");
723 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
724
725 for (i = 0; i < e->user.len; i++) {
726 char *c = e->user.data;
727
728 ret = snprintf(buf + offset, remain,
729 isprint(c[i]) ? "%c" : "\\x%02hhx",
730 c[i]);
731 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
732 }
733
734 ret = snprintf(buf + offset, remain, " }");
735 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
736 }
737
738 return offset;
739}
740
741static int nftnl_set_elem_cmd_snprintf(char *buf, size_t remain,
742 const struct nftnl_set_elem *e,
743 uint32_t cmd, uint32_t type,
744 uint32_t flags)
745{
746 int ret, offset = 0;
747
748 if (type != NFTNL_OUTPUT_DEFAULT)
749 return -1;
750
751 ret = nftnl_set_elem_snprintf_default(buf + offset, remain, e);
752 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
753
754 return offset;
755}
756
757EXPORT_SYMBOL(nftnl_set_elem_snprintf);
758int nftnl_set_elem_snprintf(char *buf, size_t size,
759 const struct nftnl_set_elem *e,
760 uint32_t type, uint32_t flags)
761{
762 if (size)
763 buf[0] = '\0';
764
765 return nftnl_set_elem_cmd_snprintf(buf, size, e, nftnl_flag2cmd(flags),
766 type, flags);
767}
768
769static int nftnl_set_elem_do_snprintf(char *buf, size_t size, const void *e,
770 uint32_t cmd, uint32_t type,
771 uint32_t flags)
772{
773 return nftnl_set_elem_snprintf(buf, size, e, type, flags);
774}
775
776EXPORT_SYMBOL(nftnl_set_elem_fprintf);
777int nftnl_set_elem_fprintf(FILE *fp, const struct nftnl_set_elem *se, uint32_t type,
778 uint32_t flags)
779{
780 return nftnl_fprintf(fp, se, NFTNL_CMD_UNSPEC, type, flags,
781 nftnl_set_elem_do_snprintf);
782}
783
784EXPORT_SYMBOL(nftnl_set_elem_foreach);
785int nftnl_set_elem_foreach(struct nftnl_set *s,
786 int (*cb)(struct nftnl_set_elem *e, void *data),
787 void *data)
788{
789 struct nftnl_set_elem *elem;
790 int ret;
791
792 list_for_each_entry(elem, &s->element_list, head) {
793 ret = cb(elem, data);
794 if (ret < 0)
795 return ret;
796 }
797 return 0;
798}
799
800struct nftnl_set_elems_iter {
801 const struct nftnl_set *set;
802 const struct list_head *list;
803 struct nftnl_set_elem *cur;
804};
805
806EXPORT_SYMBOL(nftnl_set_elems_iter_create);
807struct nftnl_set_elems_iter *
808nftnl_set_elems_iter_create(const struct nftnl_set *s)
809{
810 struct nftnl_set_elems_iter *iter;
811
812 iter = calloc(1, sizeof(struct nftnl_set_elems_iter));
813 if (iter == NULL)
814 return NULL;
815
816 iter->set = s;
817 iter->list = &s->element_list;
818 if (list_empty(&s->element_list))
819 iter->cur = NULL;
820 else
821 iter->cur = list_entry(s->element_list.next,
822 struct nftnl_set_elem, head);
823
824 return iter;
825}
826
827EXPORT_SYMBOL(nftnl_set_elems_iter_cur);
828struct nftnl_set_elem *
829nftnl_set_elems_iter_cur(const struct nftnl_set_elems_iter *iter)
830{
831 return iter->cur;
832}
833
834EXPORT_SYMBOL(nftnl_set_elems_iter_next);
835struct nftnl_set_elem *nftnl_set_elems_iter_next(struct nftnl_set_elems_iter *iter)
836{
837 struct nftnl_set_elem *s = iter->cur;
838
839 if (s == NULL)
840 return NULL;
841
842 iter->cur = list_entry(iter->cur->head.next, struct nftnl_set_elem, head);
843 if (&iter->cur->head == iter->list->next)
844 return NULL;
845
846 return s;
847}
848
849EXPORT_SYMBOL(nftnl_set_elems_iter_destroy);
850void nftnl_set_elems_iter_destroy(struct nftnl_set_elems_iter *iter)
851{
852 xfree(iter);
853}
854
855static bool nftnl_attr_nest_overflow(struct nlmsghdr *nlh,
856 const struct nlattr *from,
857 const struct nlattr *to)
858{
859 int len = (void *)to + to->nla_len - (void *)from;
860
861 /* The attribute length field is 16 bits long, thus the maximum payload
862 * that an attribute can convey is UINT16_MAX. In case of overflow,
863 * discard the last that did not fit into the attribute.
864 */
865 if (len > UINT16_MAX) {
866 nlh->nlmsg_len -= to->nla_len;
867 return true;
868 }
869 return false;
870}
871
872EXPORT_SYMBOL(nftnl_set_elems_nlmsg_build_payload_iter);
873int nftnl_set_elems_nlmsg_build_payload_iter(struct nlmsghdr *nlh,
874 struct nftnl_set_elems_iter *iter)
875{
876 struct nftnl_set_elem *elem;
877 struct nlattr *nest1, *nest2;
878 int i = 0, ret = 0;
879
880 nftnl_set_elem_nlmsg_build_def(nlh, iter->set);
881
882 /* This set is empty, don't add an empty list element nest. */
883 if (list_empty(&iter->set->element_list))
884 return ret;
885
886 nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_LIST_ELEMENTS);
887 elem = nftnl_set_elems_iter_next(iter);
888 while (elem != NULL) {
889 nest2 = nftnl_set_elem_nlmsg_build(nlh, elem, ++i);
890 if (nftnl_attr_nest_overflow(nlh, nest1, nest2)) {
891 /* Go back to previous not to miss this element */
892 iter->cur = list_entry(iter->cur->head.prev,
893 struct nftnl_set_elem, head);
894 ret = 1;
895 break;
896 }
897 elem = nftnl_set_elems_iter_next(iter);
898 }
899 mnl_attr_nest_end(nlh, nest1);
900
901 return ret;
902}
nftnl_set_elems_iter
Definition set_elem.c:800
Generated by doxygen 1.15.0