libnftnl  1.2.8
reject.c
1 /*
2  * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published
6  * by the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
10  */
11 
12 #include <stdio.h>
13 #include <stdint.h>
14 #include <string.h>
15 #include <arpa/inet.h>
16 #include <errno.h>
17 #include <linux/netfilter/nf_tables.h>
18 
19 #include "internal.h"
20 #include <libmnl/libmnl.h>
21 #include <libnftnl/expr.h>
22 #include <libnftnl/rule.h>
23 
25  uint32_t type;
26  uint8_t icmp_code;
27 };
28 
29 static int nftnl_expr_reject_set(struct nftnl_expr *e, uint16_t type,
30  const void *data, uint32_t data_len)
31 {
32  struct nftnl_expr_reject *reject = nftnl_expr_data(e);
33 
34  switch(type) {
35  case NFTNL_EXPR_REJECT_TYPE:
36  memcpy(&reject->type, data, data_len);
37  break;
38  case NFTNL_EXPR_REJECT_CODE:
39  memcpy(&reject->icmp_code, data, data_len);
40  break;
41  }
42  return 0;
43 }
44 
45 static const void *
46 nftnl_expr_reject_get(const struct nftnl_expr *e, uint16_t type,
47  uint32_t *data_len)
48 {
49  struct nftnl_expr_reject *reject = nftnl_expr_data(e);
50 
51  switch(type) {
52  case NFTNL_EXPR_REJECT_TYPE:
53  *data_len = sizeof(reject->type);
54  return &reject->type;
55  case NFTNL_EXPR_REJECT_CODE:
56  *data_len = sizeof(reject->icmp_code);
57  return &reject->icmp_code;
58  }
59  return NULL;
60 }
61 
62 static int nftnl_expr_reject_cb(const struct nlattr *attr, void *data)
63 {
64  const struct nlattr **tb = data;
65  int type = mnl_attr_get_type(attr);
66 
67  if (mnl_attr_type_valid(attr, NFTA_REJECT_MAX) < 0)
68  return MNL_CB_OK;
69 
70  switch(type) {
71  case NFTA_REJECT_TYPE:
72  if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
73  abi_breakage();
74  break;
75  case NFTA_REJECT_ICMP_CODE:
76  if (mnl_attr_validate(attr, MNL_TYPE_U8) < 0)
77  abi_breakage();
78  break;
79  }
80 
81  tb[type] = attr;
82  return MNL_CB_OK;
83 }
84 
85 static void
86 nftnl_expr_reject_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
87 {
88  struct nftnl_expr_reject *reject = nftnl_expr_data(e);
89 
90  if (e->flags & (1 << NFTNL_EXPR_REJECT_TYPE))
91  mnl_attr_put_u32(nlh, NFTA_REJECT_TYPE, htonl(reject->type));
92  if (e->flags & (1 << NFTNL_EXPR_REJECT_CODE))
93  mnl_attr_put_u8(nlh, NFTA_REJECT_ICMP_CODE, reject->icmp_code);
94 }
95 
96 static int
97 nftnl_expr_reject_parse(struct nftnl_expr *e, struct nlattr *attr)
98 {
99  struct nftnl_expr_reject *reject = nftnl_expr_data(e);
100  struct nlattr *tb[NFTA_REJECT_MAX+1] = {};
101 
102  if (mnl_attr_parse_nested(attr, nftnl_expr_reject_cb, tb) < 0)
103  return -1;
104 
105  if (tb[NFTA_REJECT_TYPE]) {
106  reject->type = ntohl(mnl_attr_get_u32(tb[NFTA_REJECT_TYPE]));
107  e->flags |= (1 << NFTNL_EXPR_REJECT_TYPE);
108  }
109  if (tb[NFTA_REJECT_ICMP_CODE]) {
110  reject->icmp_code = mnl_attr_get_u8(tb[NFTA_REJECT_ICMP_CODE]);
111  e->flags |= (1 << NFTNL_EXPR_REJECT_CODE);
112  }
113 
114  return 0;
115 }
116 
117 static int
118 nftnl_expr_reject_snprintf(char *buf, size_t len,
119  uint32_t flags, const struct nftnl_expr *e)
120 {
121  struct nftnl_expr_reject *reject = nftnl_expr_data(e);
122 
123  return snprintf(buf, len, "type %u code %u ",
124  reject->type, reject->icmp_code);
125 }
126 
127 static struct attr_policy reject_attr_policy[__NFTNL_EXPR_REJECT_MAX] = {
128  [NFTNL_EXPR_REJECT_TYPE] = { .maxlen = sizeof(uint32_t) },
129  [NFTNL_EXPR_REJECT_CODE] = { .maxlen = sizeof(uint8_t) },
130 };
131 
132 struct expr_ops expr_ops_reject = {
133  .name = "reject",
134  .alloc_len = sizeof(struct nftnl_expr_reject),
135  .nftnl_max_attr = __NFTNL_EXPR_REJECT_MAX - 1,
136  .attr_policy = reject_attr_policy,
137  .set = nftnl_expr_reject_set,
138  .get = nftnl_expr_reject_get,
139  .parse = nftnl_expr_reject_parse,
140  .build = nftnl_expr_reject_build,
141  .output = nftnl_expr_reject_snprintf,
142 };