libnftnl  1.2.9
match.c
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /*
3  * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
4  *
5  * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
6  */
7 
8 #include "internal.h"
9 
10 #include <stdio.h>
11 #include <stdint.h>
12 #include <string.h> /* for memcpy */
13 #include <arpa/inet.h>
14 #include <errno.h>
15 #include <libmnl/libmnl.h>
16 
17 #include <linux/netfilter/nf_tables.h>
18 #include <linux/netfilter/nf_tables_compat.h>
19 
20 #include <libnftnl/expr.h>
21 #include <libnftnl/rule.h>
22 
23 /* From include/linux/netfilter/x_tables.h */
24 #define XT_EXTENSION_MAXNAMELEN 29
25 
27  char name[XT_EXTENSION_MAXNAMELEN];
28  uint32_t rev;
29  uint32_t data_len;
30  const void *data;
31 };
32 
33 static int
34 nftnl_expr_match_set(struct nftnl_expr *e, uint16_t type,
35  const void *data, uint32_t data_len)
36 {
37  struct nftnl_expr_match *mt = nftnl_expr_data(e);
38 
39  switch(type) {
40  case NFTNL_EXPR_MT_NAME:
41  snprintf(mt->name, sizeof(mt->name), "%.*s", data_len,
42  (const char *)data);
43  break;
44  case NFTNL_EXPR_MT_REV:
45  memcpy(&mt->rev, data, data_len);
46  break;
47  case NFTNL_EXPR_MT_INFO:
48  if (e->flags & (1 << NFTNL_EXPR_MT_INFO))
49  xfree(mt->data);
50 
51  mt->data = data;
52  mt->data_len = data_len;
53  break;
54  }
55  return 0;
56 }
57 
58 static const void *
59 nftnl_expr_match_get(const struct nftnl_expr *e, uint16_t type,
60  uint32_t *data_len)
61 {
62  struct nftnl_expr_match *mt = nftnl_expr_data(e);
63 
64  switch(type) {
65  case NFTNL_EXPR_MT_NAME:
66  *data_len = sizeof(mt->name);
67  return mt->name;
68  case NFTNL_EXPR_MT_REV:
69  *data_len = sizeof(mt->rev);
70  return &mt->rev;
71  case NFTNL_EXPR_MT_INFO:
72  *data_len = mt->data_len;
73  return mt->data;
74  }
75  return NULL;
76 }
77 
78 static int nftnl_expr_match_cb(const struct nlattr *attr, void *data)
79 {
80  const struct nlattr **tb = data;
81  int type = mnl_attr_get_type(attr);
82 
83  if (mnl_attr_type_valid(attr, NFTA_MATCH_MAX) < 0)
84  return MNL_CB_OK;
85 
86  switch(type) {
87  case NFTA_MATCH_NAME:
88  if (mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0)
89  abi_breakage();
90  break;
91  case NFTA_MATCH_REV:
92  if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
93  abi_breakage();
94  break;
95  case NFTA_MATCH_INFO:
96  if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
97  abi_breakage();
98  break;
99  }
100 
101  tb[type] = attr;
102  return MNL_CB_OK;
103 }
104 
105 static void
106 nftnl_expr_match_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
107 {
108  struct nftnl_expr_match *mt = nftnl_expr_data(e);
109 
110  if (e->flags & (1 << NFTNL_EXPR_MT_NAME))
111  mnl_attr_put_strz(nlh, NFTA_MATCH_NAME, mt->name);
112  if (e->flags & (1 << NFTNL_EXPR_MT_REV))
113  mnl_attr_put_u32(nlh, NFTA_MATCH_REV, htonl(mt->rev));
114  if (e->flags & (1 << NFTNL_EXPR_MT_INFO))
115  mnl_attr_put(nlh, NFTA_MATCH_INFO, mt->data_len, mt->data);
116 }
117 
118 static int nftnl_expr_match_parse(struct nftnl_expr *e, struct nlattr *attr)
119 {
120  struct nftnl_expr_match *match = nftnl_expr_data(e);
121  struct nlattr *tb[NFTA_MATCH_MAX+1] = {};
122 
123  if (mnl_attr_parse_nested(attr, nftnl_expr_match_cb, tb) < 0)
124  return -1;
125 
126  if (tb[NFTA_MATCH_NAME]) {
127  snprintf(match->name, XT_EXTENSION_MAXNAMELEN, "%s",
128  mnl_attr_get_str(tb[NFTA_MATCH_NAME]));
129 
130  match->name[XT_EXTENSION_MAXNAMELEN-1] = '\0';
131  e->flags |= (1 << NFTNL_EXPR_MT_NAME);
132  }
133 
134  if (tb[NFTA_MATCH_REV]) {
135  match->rev = ntohl(mnl_attr_get_u32(tb[NFTA_MATCH_REV]));
136  e->flags |= (1 << NFTNL_EXPR_MT_REV);
137  }
138 
139  if (tb[NFTA_MATCH_INFO]) {
140  uint32_t len = mnl_attr_get_payload_len(tb[NFTA_MATCH_INFO]);
141  void *match_data;
142 
143  if (e->flags & (1 << NFTNL_EXPR_MT_INFO))
144  xfree(match->data);
145 
146  match_data = calloc(1, len);
147  if (match_data == NULL)
148  return -1;
149 
150  memcpy(match_data, mnl_attr_get_payload(tb[NFTA_MATCH_INFO]), len);
151 
152  match->data = match_data;
153  match->data_len = len;
154 
155  e->flags |= (1 << NFTNL_EXPR_MT_INFO);
156  }
157 
158  return 0;
159 }
160 
161 static int
162 nftnl_expr_match_snprintf(char *buf, size_t len,
163  uint32_t flags, const struct nftnl_expr *e)
164 {
165  struct nftnl_expr_match *match = nftnl_expr_data(e);
166 
167  return snprintf(buf, len, "name %s rev %u ", match->name, match->rev);
168 }
169 
170 static void nftnl_expr_match_free(const struct nftnl_expr *e)
171 {
172  struct nftnl_expr_match *match = nftnl_expr_data(e);
173 
174  xfree(match->data);
175 }
176 
177 static struct attr_policy match_attr_policy[__NFTNL_EXPR_MT_MAX] = {
178  [NFTNL_EXPR_MT_NAME] = { .maxlen = XT_EXTENSION_MAXNAMELEN },
179  [NFTNL_EXPR_MT_REV] = { .maxlen = sizeof(uint32_t) },
180  [NFTNL_EXPR_MT_INFO] = { .maxlen = 0 },
181 };
182 
183 struct expr_ops expr_ops_match = {
184  .name = "match",
185  .alloc_len = sizeof(struct nftnl_expr_match),
186  .nftnl_max_attr = __NFTNL_EXPR_MT_MAX - 1,
187  .attr_policy = match_attr_policy,
188  .free = nftnl_expr_match_free,
189  .set = nftnl_expr_match_set,
190  .get = nftnl_expr_match_get,
191  .parse = nftnl_expr_match_parse,
192  .build = nftnl_expr_match_build,
193  .output = nftnl_expr_match_snprintf,
194 };