libnftnl  1.2.9
target.c
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /*
3  * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
4  *
5  * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
6  */
7 
8 #include "internal.h"
9 
10 #include <stdio.h>
11 #include <stdint.h>
12 #include <string.h> /* for memcpy */
13 #include <arpa/inet.h>
14 #include <errno.h>
15 #include <libmnl/libmnl.h>
16 
17 #include <linux/netfilter/nf_tables.h>
18 #include <linux/netfilter/nf_tables_compat.h>
19 
20 #include <libnftnl/expr.h>
21 #include <libnftnl/rule.h>
22 
23 /* From include/linux/netfilter/x_tables.h */
24 #define XT_EXTENSION_MAXNAMELEN 29
25 
27  char name[XT_EXTENSION_MAXNAMELEN];
28  uint32_t rev;
29  uint32_t data_len;
30  const void *data;
31 };
32 
33 static int
34 nftnl_expr_target_set(struct nftnl_expr *e, uint16_t type,
35  const void *data, uint32_t data_len)
36 {
37  struct nftnl_expr_target *tg = nftnl_expr_data(e);
38 
39  switch(type) {
40  case NFTNL_EXPR_TG_NAME:
41  snprintf(tg->name, sizeof(tg->name), "%.*s", data_len,
42  (const char *) data);
43  break;
44  case NFTNL_EXPR_TG_REV:
45  memcpy(&tg->rev, data, data_len);
46  break;
47  case NFTNL_EXPR_TG_INFO:
48  if (e->flags & (1 << NFTNL_EXPR_TG_INFO))
49  xfree(tg->data);
50 
51  tg->data = data;
52  tg->data_len = data_len;
53  break;
54  }
55  return 0;
56 }
57 
58 static const void *
59 nftnl_expr_target_get(const struct nftnl_expr *e, uint16_t type,
60  uint32_t *data_len)
61 {
62  struct nftnl_expr_target *tg = nftnl_expr_data(e);
63 
64  switch(type) {
65  case NFTNL_EXPR_TG_NAME:
66  *data_len = sizeof(tg->name);
67  return tg->name;
68  case NFTNL_EXPR_TG_REV:
69  *data_len = sizeof(tg->rev);
70  return &tg->rev;
71  case NFTNL_EXPR_TG_INFO:
72  *data_len = tg->data_len;
73  return tg->data;
74  }
75  return NULL;
76 }
77 
78 static int nftnl_expr_target_cb(const struct nlattr *attr, void *data)
79 {
80  const struct nlattr **tb = data;
81  int type = mnl_attr_get_type(attr);
82 
83  if (mnl_attr_type_valid(attr, NFTA_TARGET_MAX) < 0)
84  return MNL_CB_OK;
85 
86  switch(type) {
87  case NFTA_TARGET_NAME:
88  if (mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0)
89  abi_breakage();
90  break;
91  case NFTA_TARGET_REV:
92  if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
93  abi_breakage();
94  break;
95  case NFTA_TARGET_INFO:
96  if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
97  abi_breakage();
98  break;
99  }
100 
101  tb[type] = attr;
102  return MNL_CB_OK;
103 }
104 
105 static void
106 nftnl_expr_target_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
107 {
108  struct nftnl_expr_target *tg = nftnl_expr_data(e);
109 
110  if (e->flags & (1 << NFTNL_EXPR_TG_NAME))
111  mnl_attr_put_strz(nlh, NFTA_TARGET_NAME, tg->name);
112  if (e->flags & (1 << NFTNL_EXPR_TG_REV))
113  mnl_attr_put_u32(nlh, NFTA_TARGET_REV, htonl(tg->rev));
114  if (e->flags & (1 << NFTNL_EXPR_TG_INFO))
115  mnl_attr_put(nlh, NFTA_TARGET_INFO, tg->data_len, tg->data);
116 }
117 
118 static int nftnl_expr_target_parse(struct nftnl_expr *e, struct nlattr *attr)
119 {
120  struct nftnl_expr_target *target = nftnl_expr_data(e);
121  struct nlattr *tb[NFTA_TARGET_MAX+1] = {};
122 
123  if (mnl_attr_parse_nested(attr, nftnl_expr_target_cb, tb) < 0)
124  return -1;
125 
126  if (tb[NFTA_TARGET_NAME]) {
127  snprintf(target->name, XT_EXTENSION_MAXNAMELEN, "%s",
128  mnl_attr_get_str(tb[NFTA_TARGET_NAME]));
129 
130  target->name[XT_EXTENSION_MAXNAMELEN-1] = '\0';
131  e->flags |= (1 << NFTNL_EXPR_TG_NAME);
132  }
133 
134  if (tb[NFTA_TARGET_REV]) {
135  target->rev = ntohl(mnl_attr_get_u32(tb[NFTA_TARGET_REV]));
136  e->flags |= (1 << NFTNL_EXPR_TG_REV);
137  }
138 
139  if (tb[NFTA_TARGET_INFO]) {
140  uint32_t len = mnl_attr_get_payload_len(tb[NFTA_TARGET_INFO]);
141  void *target_data;
142 
143  if (target->data)
144  xfree(target->data);
145 
146  target_data = calloc(1, len);
147  if (target_data == NULL)
148  return -1;
149 
150  memcpy(target_data, mnl_attr_get_payload(tb[NFTA_TARGET_INFO]), len);
151 
152  target->data = target_data;
153  target->data_len = len;
154 
155  e->flags |= (1 << NFTNL_EXPR_TG_INFO);
156  }
157 
158  return 0;
159 }
160 
161 static int
162 nftnl_expr_target_snprintf(char *buf, size_t len,
163  uint32_t flags, const struct nftnl_expr *e)
164 {
165  struct nftnl_expr_target *target = nftnl_expr_data(e);
166 
167  return snprintf(buf, len, "name %s rev %u ", target->name, target->rev);
168 }
169 
170 static void nftnl_expr_target_free(const struct nftnl_expr *e)
171 {
172  struct nftnl_expr_target *target = nftnl_expr_data(e);
173 
174  xfree(target->data);
175 }
176 
177 static struct attr_policy target_attr_policy[__NFTNL_EXPR_TG_MAX] = {
178  [NFTNL_EXPR_TG_NAME] = { .maxlen = XT_EXTENSION_MAXNAMELEN },
179  [NFTNL_EXPR_TG_REV] = { .maxlen = sizeof(uint32_t) },
180  [NFTNL_EXPR_TG_INFO] = { .maxlen = 0 },
181 };
182 
183 struct expr_ops expr_ops_target = {
184  .name = "target",
185  .alloc_len = sizeof(struct nftnl_expr_target),
186  .nftnl_max_attr = __NFTNL_EXPR_TG_MAX - 1,
187  .attr_policy = target_attr_policy,
188  .free = nftnl_expr_target_free,
189  .set = nftnl_expr_target_set,
190  .get = nftnl_expr_target_get,
191  .parse = nftnl_expr_target_parse,
192  .build = nftnl_expr_target_build,
193  .output = nftnl_expr_target_snprintf,
194 };