13 #include <arpa/inet.h>
15 #include <linux/netfilter/nf_tables.h>
18 #include <libmnl/libmnl.h>
19 #include <libnftnl/expr.h>
20 #include <libnftnl/rule.h>
23 enum nft_socket_keys key;
24 enum nft_registers dreg;
28 nftnl_expr_socket_set(
struct nftnl_expr *e, uint16_t type,
29 const void *data, uint32_t data_len)
34 case NFTNL_EXPR_SOCKET_KEY:
35 memcpy(&socket->key, data,
sizeof(socket->key));
37 case NFTNL_EXPR_SOCKET_DREG:
38 memcpy(&socket->dreg, data,
sizeof(socket->dreg));
47 nftnl_expr_socket_get(
const struct nftnl_expr *e, uint16_t type,
53 case NFTNL_EXPR_SOCKET_KEY:
54 *data_len =
sizeof(socket->key);
56 case NFTNL_EXPR_SOCKET_DREG:
57 *data_len =
sizeof(socket->dreg);
63 static int nftnl_expr_socket_cb(
const struct nlattr *attr,
void *data)
65 const struct nlattr **tb = data;
66 int type = mnl_attr_get_type(attr);
68 if (mnl_attr_type_valid(attr, NFTA_SOCKET_MAX) < 0)
73 case NFTA_SOCKET_DREG:
74 if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
84 nftnl_expr_socket_build(
struct nlmsghdr *nlh,
const struct nftnl_expr *e)
88 if (e->flags & (1 << NFTNL_EXPR_SOCKET_KEY))
89 mnl_attr_put_u32(nlh, NFTA_SOCKET_KEY, htonl(socket->key));
90 if (e->flags & (1 << NFTNL_EXPR_SOCKET_DREG))
91 mnl_attr_put_u32(nlh, NFTA_SOCKET_DREG, htonl(socket->dreg));
95 nftnl_expr_socket_parse(
struct nftnl_expr *e,
struct nlattr *attr)
98 struct nlattr *tb[NFTA_SOCKET_MAX+1] = {};
100 if (mnl_attr_parse_nested(attr, nftnl_expr_socket_cb, tb) < 0)
103 if (tb[NFTA_SOCKET_KEY]) {
104 socket->key = ntohl(mnl_attr_get_u32(tb[NFTA_SOCKET_KEY]));
105 e->flags |= (1 << NFTNL_EXPR_SOCKET_KEY);
107 if (tb[NFTA_SOCKET_DREG]) {
108 socket->dreg = ntohl(mnl_attr_get_u32(tb[NFTA_SOCKET_DREG]));
109 e->flags |= (1 << NFTNL_EXPR_SOCKET_DREG);
115 static const char *socket_key2str_array[NFT_SOCKET_MAX + 1] = {
116 [NFT_SOCKET_TRANSPARENT] =
"transparent",
117 [NFT_SOCKET_MARK] =
"mark",
120 static const char *socket_key2str(uint8_t key)
122 if (key < NFT_SOCKET_MAX + 1)
123 return socket_key2str_array[key];
128 static inline int str2socket_key(
const char *str)
132 for (i = 0; i < NFT_SOCKET_MAX + 1; i++) {
133 if (strcmp(str, socket_key2str_array[i]) == 0)
142 nftnl_expr_socket_snprintf_default(
char *buf,
size_t len,
143 const struct nftnl_expr *e)
147 if (e->flags & (1 << NFTNL_EXPR_SOCKET_DREG)) {
148 return snprintf(buf, len,
"load %s => reg %u ",
149 socket_key2str(socket->key), socket->dreg);
155 nftnl_expr_socket_snprintf(
char *buf,
size_t len, uint32_t type,
156 uint32_t flags,
const struct nftnl_expr *e)
159 case NFTNL_OUTPUT_DEFAULT:
160 return nftnl_expr_socket_snprintf_default(buf, len, e);
161 case NFTNL_OUTPUT_XML:
162 case NFTNL_OUTPUT_JSON:
169 struct expr_ops expr_ops_socket = {
172 .max_attr = NFTA_SOCKET_MAX,
173 .set = nftnl_expr_socket_set,
174 .get = nftnl_expr_socket_get,
175 .parse = nftnl_expr_socket_parse,
176 .build = nftnl_expr_socket_build,
177 .snprintf = nftnl_expr_socket_snprintf,