libnftnl  1.2.8
connlimit.c
1 /*
2  * (C) 2018 by Pablo Neira Ayuso <pablo@netfilter.org>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published
6  * by the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  */
9 
10 #include <stdio.h>
11 #include <stdint.h>
12 #include <arpa/inet.h>
13 #include <errno.h>
14 #include <inttypes.h>
15 
16 #include <linux/netfilter/nf_tables.h>
17 
18 #include "internal.h"
19 #include <libmnl/libmnl.h>
20 #include <libnftnl/expr.h>
21 #include <libnftnl/rule.h>
22 
24  uint32_t count;
25  uint32_t flags;
26 };
27 
28 static int
29 nftnl_expr_connlimit_set(struct nftnl_expr *e, uint16_t type,
30  const void *data, uint32_t data_len)
31 {
32  struct nftnl_expr_connlimit *connlimit = nftnl_expr_data(e);
33 
34  switch(type) {
35  case NFTNL_EXPR_CONNLIMIT_COUNT:
36  memcpy(&connlimit->count, data, data_len);
37  break;
38  case NFTNL_EXPR_CONNLIMIT_FLAGS:
39  memcpy(&connlimit->flags, data, data_len);
40  break;
41  }
42  return 0;
43 }
44 
45 static const void *
46 nftnl_expr_connlimit_get(const struct nftnl_expr *e, uint16_t type,
47  uint32_t *data_len)
48 {
49  struct nftnl_expr_connlimit *connlimit = nftnl_expr_data(e);
50 
51  switch(type) {
52  case NFTNL_EXPR_CONNLIMIT_COUNT:
53  *data_len = sizeof(connlimit->count);
54  return &connlimit->count;
55  case NFTNL_EXPR_CONNLIMIT_FLAGS:
56  *data_len = sizeof(connlimit->flags);
57  return &connlimit->flags;
58  }
59  return NULL;
60 }
61 
62 static int nftnl_expr_connlimit_cb(const struct nlattr *attr, void *data)
63 {
64  const struct nlattr **tb = data;
65  int type = mnl_attr_get_type(attr);
66 
67  if (mnl_attr_type_valid(attr, NFTA_CONNLIMIT_MAX) < 0)
68  return MNL_CB_OK;
69 
70  switch(type) {
71  case NFTA_CONNLIMIT_COUNT:
72  case NFTA_CONNLIMIT_FLAGS:
73  if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
74  abi_breakage();
75  break;
76  }
77 
78  tb[type] = attr;
79  return MNL_CB_OK;
80 }
81 
82 static void
83 nftnl_expr_connlimit_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
84 {
85  struct nftnl_expr_connlimit *connlimit = nftnl_expr_data(e);
86 
87  if (e->flags & (1 << NFTNL_EXPR_CONNLIMIT_COUNT))
88  mnl_attr_put_u32(nlh, NFTA_CONNLIMIT_COUNT,
89  htonl(connlimit->count));
90  if (e->flags & (1 << NFTNL_EXPR_CONNLIMIT_FLAGS))
91  mnl_attr_put_u32(nlh, NFTA_CONNLIMIT_FLAGS,
92  htonl(connlimit->flags));
93 }
94 
95 static int
96 nftnl_expr_connlimit_parse(struct nftnl_expr *e, struct nlattr *attr)
97 {
98  struct nftnl_expr_connlimit *connlimit = nftnl_expr_data(e);
99  struct nlattr *tb[NFTA_CONNLIMIT_MAX+1] = {};
100 
101  if (mnl_attr_parse_nested(attr, nftnl_expr_connlimit_cb, tb) < 0)
102  return -1;
103 
104  if (tb[NFTA_CONNLIMIT_COUNT]) {
105  connlimit->count =
106  ntohl(mnl_attr_get_u32(tb[NFTA_CONNLIMIT_COUNT]));
107  e->flags |= (1 << NFTNL_EXPR_CONNLIMIT_COUNT);
108  }
109  if (tb[NFTA_CONNLIMIT_FLAGS]) {
110  connlimit->flags =
111  ntohl(mnl_attr_get_u32(tb[NFTA_CONNLIMIT_FLAGS]));
112  e->flags |= (1 << NFTNL_EXPR_CONNLIMIT_FLAGS);
113  }
114 
115  return 0;
116 }
117 
118 static int nftnl_expr_connlimit_snprintf(char *buf, size_t len,
119  uint32_t flags,
120  const struct nftnl_expr *e)
121 {
122  struct nftnl_expr_connlimit *connlimit = nftnl_expr_data(e);
123 
124  return snprintf(buf, len, "count %u flags %x ",
125  connlimit->count, connlimit->flags);
126 }
127 
128 static struct attr_policy connlimit_attr_policy[__NFTNL_EXPR_CONNLIMIT_MAX] = {
129  [NFTNL_EXPR_CONNLIMIT_COUNT] = { .maxlen = sizeof(uint32_t) },
130  [NFTNL_EXPR_CONNLIMIT_FLAGS] = { .maxlen = sizeof(uint32_t) },
131 };
132 
133 struct expr_ops expr_ops_connlimit = {
134  .name = "connlimit",
135  .alloc_len = sizeof(struct nftnl_expr_connlimit),
136  .nftnl_max_attr = __NFTNL_EXPR_CONNLIMIT_MAX - 1,
137  .attr_policy = connlimit_attr_policy,
138  .set = nftnl_expr_connlimit_set,
139  .get = nftnl_expr_connlimit_get,
140  .parse = nftnl_expr_connlimit_parse,
141  .build = nftnl_expr_connlimit_build,
142  .output = nftnl_expr_connlimit_snprintf,
143 };