libnftnl  1.2.9
reject.c
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /*
3  * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
4  *
5  * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
6  */
7 
8 #include <stdio.h>
9 #include <stdint.h>
10 #include <string.h>
11 #include <arpa/inet.h>
12 #include <errno.h>
13 #include <linux/netfilter/nf_tables.h>
14 
15 #include "internal.h"
16 #include <libmnl/libmnl.h>
17 #include <libnftnl/expr.h>
18 #include <libnftnl/rule.h>
19 
21  uint32_t type;
22  uint8_t icmp_code;
23 };
24 
25 static int nftnl_expr_reject_set(struct nftnl_expr *e, uint16_t type,
26  const void *data, uint32_t data_len)
27 {
28  struct nftnl_expr_reject *reject = nftnl_expr_data(e);
29 
30  switch(type) {
31  case NFTNL_EXPR_REJECT_TYPE:
32  memcpy(&reject->type, data, data_len);
33  break;
34  case NFTNL_EXPR_REJECT_CODE:
35  memcpy(&reject->icmp_code, data, data_len);
36  break;
37  }
38  return 0;
39 }
40 
41 static const void *
42 nftnl_expr_reject_get(const struct nftnl_expr *e, uint16_t type,
43  uint32_t *data_len)
44 {
45  struct nftnl_expr_reject *reject = nftnl_expr_data(e);
46 
47  switch(type) {
48  case NFTNL_EXPR_REJECT_TYPE:
49  *data_len = sizeof(reject->type);
50  return &reject->type;
51  case NFTNL_EXPR_REJECT_CODE:
52  *data_len = sizeof(reject->icmp_code);
53  return &reject->icmp_code;
54  }
55  return NULL;
56 }
57 
58 static int nftnl_expr_reject_cb(const struct nlattr *attr, void *data)
59 {
60  const struct nlattr **tb = data;
61  int type = mnl_attr_get_type(attr);
62 
63  if (mnl_attr_type_valid(attr, NFTA_REJECT_MAX) < 0)
64  return MNL_CB_OK;
65 
66  switch(type) {
67  case NFTA_REJECT_TYPE:
68  if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
69  abi_breakage();
70  break;
71  case NFTA_REJECT_ICMP_CODE:
72  if (mnl_attr_validate(attr, MNL_TYPE_U8) < 0)
73  abi_breakage();
74  break;
75  }
76 
77  tb[type] = attr;
78  return MNL_CB_OK;
79 }
80 
81 static void
82 nftnl_expr_reject_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
83 {
84  struct nftnl_expr_reject *reject = nftnl_expr_data(e);
85 
86  if (e->flags & (1 << NFTNL_EXPR_REJECT_TYPE))
87  mnl_attr_put_u32(nlh, NFTA_REJECT_TYPE, htonl(reject->type));
88  if (e->flags & (1 << NFTNL_EXPR_REJECT_CODE))
89  mnl_attr_put_u8(nlh, NFTA_REJECT_ICMP_CODE, reject->icmp_code);
90 }
91 
92 static int
93 nftnl_expr_reject_parse(struct nftnl_expr *e, struct nlattr *attr)
94 {
95  struct nftnl_expr_reject *reject = nftnl_expr_data(e);
96  struct nlattr *tb[NFTA_REJECT_MAX+1] = {};
97 
98  if (mnl_attr_parse_nested(attr, nftnl_expr_reject_cb, tb) < 0)
99  return -1;
100 
101  if (tb[NFTA_REJECT_TYPE]) {
102  reject->type = ntohl(mnl_attr_get_u32(tb[NFTA_REJECT_TYPE]));
103  e->flags |= (1 << NFTNL_EXPR_REJECT_TYPE);
104  }
105  if (tb[NFTA_REJECT_ICMP_CODE]) {
106  reject->icmp_code = mnl_attr_get_u8(tb[NFTA_REJECT_ICMP_CODE]);
107  e->flags |= (1 << NFTNL_EXPR_REJECT_CODE);
108  }
109 
110  return 0;
111 }
112 
113 static int
114 nftnl_expr_reject_snprintf(char *buf, size_t len,
115  uint32_t flags, const struct nftnl_expr *e)
116 {
117  struct nftnl_expr_reject *reject = nftnl_expr_data(e);
118 
119  return snprintf(buf, len, "type %u code %u ",
120  reject->type, reject->icmp_code);
121 }
122 
123 static struct attr_policy reject_attr_policy[__NFTNL_EXPR_REJECT_MAX] = {
124  [NFTNL_EXPR_REJECT_TYPE] = { .maxlen = sizeof(uint32_t) },
125  [NFTNL_EXPR_REJECT_CODE] = { .maxlen = sizeof(uint8_t) },
126 };
127 
128 struct expr_ops expr_ops_reject = {
129  .name = "reject",
130  .alloc_len = sizeof(struct nftnl_expr_reject),
131  .nftnl_max_attr = __NFTNL_EXPR_REJECT_MAX - 1,
132  .attr_policy = reject_attr_policy,
133  .set = nftnl_expr_reject_set,
134  .get = nftnl_expr_reject_get,
135  .parse = nftnl_expr_reject_parse,
136  .build = nftnl_expr_reject_build,
137  .output = nftnl_expr_reject_snprintf,
138 };