libnftnl  1.2.2
cmp.c
1 /*
2  * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published
6  * by the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
10  */
11 
12 #include "internal.h"
13 
14 #include <stdio.h>
15 #include <stdint.h>
16 #include <string.h>
17 #include <arpa/inet.h>
18 #include <errno.h>
19 
20 #include <libmnl/libmnl.h>
21 #include <linux/netfilter/nf_tables.h>
22 #include <libnftnl/expr.h>
23 #include <libnftnl/rule.h>
24 
26  union nftnl_data_reg data;
27  enum nft_registers sreg;
28  enum nft_cmp_ops op;
29 };
30 
31 static int
32 nftnl_expr_cmp_set(struct nftnl_expr *e, uint16_t type,
33  const void *data, uint32_t data_len)
34 {
35  struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
36 
37  switch(type) {
38  case NFTNL_EXPR_CMP_SREG:
39  memcpy(&cmp->sreg, data, sizeof(cmp->sreg));
40  break;
41  case NFTNL_EXPR_CMP_OP:
42  memcpy(&cmp->op, data, sizeof(cmp->op));
43  break;
44  case NFTNL_EXPR_CMP_DATA:
45  memcpy(&cmp->data.val, data, data_len);
46  cmp->data.len = data_len;
47  break;
48  default:
49  return -1;
50  }
51  return 0;
52 }
53 
54 static const void *
55 nftnl_expr_cmp_get(const struct nftnl_expr *e, uint16_t type,
56  uint32_t *data_len)
57 {
58  struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
59 
60  switch(type) {
61  case NFTNL_EXPR_CMP_SREG:
62  *data_len = sizeof(cmp->sreg);
63  return &cmp->sreg;
64  case NFTNL_EXPR_CMP_OP:
65  *data_len = sizeof(cmp->op);
66  return &cmp->op;
67  case NFTNL_EXPR_CMP_DATA:
68  *data_len = cmp->data.len;
69  return &cmp->data.val;
70  }
71  return NULL;
72 }
73 
74 static int nftnl_expr_cmp_cb(const struct nlattr *attr, void *data)
75 {
76  const struct nlattr **tb = data;
77  int type = mnl_attr_get_type(attr);
78 
79  if (mnl_attr_type_valid(attr, NFTA_CMP_MAX) < 0)
80  return MNL_CB_OK;
81 
82  switch(type) {
83  case NFTA_CMP_SREG:
84  case NFTA_CMP_OP:
85  if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
86  abi_breakage();
87  break;
88  case NFTA_CMP_DATA:
89  if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
90  abi_breakage();
91  break;
92  }
93 
94  tb[type] = attr;
95  return MNL_CB_OK;
96 }
97 
98 static void
99 nftnl_expr_cmp_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
100 {
101  struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
102 
103  if (e->flags & (1 << NFTNL_EXPR_CMP_SREG))
104  mnl_attr_put_u32(nlh, NFTA_CMP_SREG, htonl(cmp->sreg));
105  if (e->flags & (1 << NFTNL_EXPR_CMP_OP))
106  mnl_attr_put_u32(nlh, NFTA_CMP_OP, htonl(cmp->op));
107  if (e->flags & (1 << NFTNL_EXPR_CMP_DATA)) {
108  struct nlattr *nest;
109 
110  nest = mnl_attr_nest_start(nlh, NFTA_CMP_DATA);
111  mnl_attr_put(nlh, NFTA_DATA_VALUE, cmp->data.len, cmp->data.val);
112  mnl_attr_nest_end(nlh, nest);
113  }
114 }
115 
116 static int
117 nftnl_expr_cmp_parse(struct nftnl_expr *e, struct nlattr *attr)
118 {
119  struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
120  struct nlattr *tb[NFTA_CMP_MAX+1] = {};
121  int ret = 0;
122 
123  if (mnl_attr_parse_nested(attr, nftnl_expr_cmp_cb, tb) < 0)
124  return -1;
125 
126  if (tb[NFTA_CMP_SREG]) {
127  cmp->sreg = ntohl(mnl_attr_get_u32(tb[NFTA_CMP_SREG]));
128  e->flags |= (1 << NFTA_CMP_SREG);
129  }
130  if (tb[NFTA_CMP_OP]) {
131  cmp->op = ntohl(mnl_attr_get_u32(tb[NFTA_CMP_OP]));
132  e->flags |= (1 << NFTA_CMP_OP);
133  }
134  if (tb[NFTA_CMP_DATA]) {
135  ret = nftnl_parse_data(&cmp->data, tb[NFTA_CMP_DATA], NULL);
136  e->flags |= (1 << NFTA_CMP_DATA);
137  }
138 
139  return ret;
140 }
141 
142 static const char *expr_cmp_str[] = {
143  [NFT_CMP_EQ] = "eq",
144  [NFT_CMP_NEQ] = "neq",
145  [NFT_CMP_LT] = "lt",
146  [NFT_CMP_LTE] = "lte",
147  [NFT_CMP_GT] = "gt",
148  [NFT_CMP_GTE] = "gte",
149 };
150 
151 static const char *cmp2str(uint32_t op)
152 {
153  if (op > NFT_CMP_GTE)
154  return "unknown";
155 
156  return expr_cmp_str[op];
157 }
158 
159 static inline int nftnl_str2cmp(const char *op)
160 {
161  if (strcmp(op, "eq") == 0)
162  return NFT_CMP_EQ;
163  else if (strcmp(op, "neq") == 0)
164  return NFT_CMP_NEQ;
165  else if (strcmp(op, "lt") == 0)
166  return NFT_CMP_LT;
167  else if (strcmp(op, "lte") == 0)
168  return NFT_CMP_LTE;
169  else if (strcmp(op, "gt") == 0)
170  return NFT_CMP_GT;
171  else if (strcmp(op, "gte") == 0)
172  return NFT_CMP_GTE;
173  else {
174  errno = EINVAL;
175  return -1;
176  }
177 }
178 
179 static int
180 nftnl_expr_cmp_snprintf(char *buf, size_t remain,
181  uint32_t flags, const struct nftnl_expr *e)
182 {
183  struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
184  int offset = 0, ret;
185 
186  ret = snprintf(buf, remain, "%s reg %u ",
187  cmp2str(cmp->op), cmp->sreg);
188  SNPRINTF_BUFFER_SIZE(ret, remain, offset);
189 
190  ret = nftnl_data_reg_snprintf(buf + offset, remain, &cmp->data,
191  0, DATA_VALUE);
192  SNPRINTF_BUFFER_SIZE(ret, remain, offset);
193 
194  return offset;
195 }
196 
197 struct expr_ops expr_ops_cmp = {
198  .name = "cmp",
199  .alloc_len = sizeof(struct nftnl_expr_cmp),
200  .max_attr = NFTA_CMP_MAX,
201  .set = nftnl_expr_cmp_set,
202  .get = nftnl_expr_cmp_get,
203  .parse = nftnl_expr_cmp_parse,
204  .build = nftnl_expr_cmp_build,
205  .snprintf = nftnl_expr_cmp_snprintf,
206 };