13 #include <netinet/in.h>
16 #include <libmnl/libmnl.h>
17 #include <linux/netfilter/nfnetlink.h>
18 #include <linux/netfilter/nf_tables.h>
20 #include <libnftnl/object.h>
23 static struct obj_ops *obj_ops[__NFT_OBJECT_MAX] = {
24 [NFT_OBJECT_COUNTER] = &obj_ops_counter,
25 [NFT_OBJECT_QUOTA] = &obj_ops_quota,
26 [NFT_OBJECT_CT_HELPER] = &obj_ops_ct_helper,
27 [NFT_OBJECT_LIMIT] = &obj_ops_limit,
28 [NFT_OBJECT_TUNNEL] = &obj_ops_tunnel,
29 [NFT_OBJECT_CT_TIMEOUT] = &obj_ops_ct_timeout,
30 [NFT_OBJECT_SECMARK] = &obj_ops_secmark,
31 [NFT_OBJECT_CT_EXPECT] = &obj_ops_ct_expect,
32 [NFT_OBJECT_SYNPROXY] = &obj_ops_synproxy,
35 static struct obj_ops *nftnl_obj_ops_lookup(uint32_t type)
37 if (type > NFT_OBJECT_MAX)
43 EXPORT_SYMBOL(nftnl_obj_alloc);
44 struct nftnl_obj *nftnl_obj_alloc(
void)
46 return calloc(1,
sizeof(
struct nftnl_obj));
49 EXPORT_SYMBOL(nftnl_obj_free);
50 void nftnl_obj_free(
const struct nftnl_obj *obj)
52 if (obj->flags & (1 << NFTNL_OBJ_TABLE))
54 if (obj->flags & (1 << NFTNL_OBJ_NAME))
56 if (obj->flags & (1 << NFTNL_OBJ_USERDATA))
57 xfree(obj->user.data);
58 if (obj->flags & (1 << NFTNL_OBJ_TUNNEL_OPTS)) {
59 nftnl_tunnel_opts_free(obj->data.tunnel.tun_opts);
60 xfree(obj->data.tunnel.tun_opts);
66 EXPORT_SYMBOL(nftnl_obj_is_set);
67 bool nftnl_obj_is_set(
const struct nftnl_obj *obj, uint16_t attr)
69 return obj->flags & (1 << attr);
72 EXPORT_SYMBOL(nftnl_obj_unset);
73 void nftnl_obj_unset(
struct nftnl_obj *obj, uint16_t attr)
75 if (!(obj->flags & (1 << attr)))
85 case NFTNL_OBJ_USERDATA:
86 xfree(obj->user.data);
89 case NFTNL_OBJ_FAMILY:
91 case NFTNL_OBJ_HANDLE:
97 obj->flags &= ~(1 << attr);
100 static uint32_t nftnl_obj_validate[NFTNL_OBJ_MAX + 1] = {
101 [NFTNL_OBJ_TYPE] =
sizeof(uint32_t),
102 [NFTNL_OBJ_FAMILY] =
sizeof(uint32_t),
103 [NFTNL_OBJ_USE] =
sizeof(uint32_t),
104 [NFTNL_OBJ_HANDLE] =
sizeof(uint64_t),
107 EXPORT_SYMBOL(nftnl_obj_set_data);
108 int nftnl_obj_set_data(
struct nftnl_obj *obj, uint16_t attr,
109 const void *data, uint32_t data_len)
111 if (attr < NFTNL_OBJ_MAX)
112 nftnl_assert_validate(data, nftnl_obj_validate, attr, data_len);
115 case NFTNL_OBJ_TABLE:
116 return nftnl_set_str_attr(&obj->table, &obj->flags,
117 attr, data, data_len);
120 return nftnl_set_str_attr(&obj->name, &obj->flags,
121 attr, data, data_len);
123 obj->ops = nftnl_obj_ops_lookup(*((uint32_t *)data));
127 case NFTNL_OBJ_FAMILY:
128 memcpy(&obj->family, data,
sizeof(obj->family));
131 memcpy(&obj->use, data,
sizeof(obj->use));
133 case NFTNL_OBJ_HANDLE:
134 memcpy(&obj->handle, data,
sizeof(obj->handle));
136 case NFTNL_OBJ_USERDATA:
137 if (obj->flags & (1 << NFTNL_OBJ_USERDATA))
138 xfree(obj->user.data);
140 obj->user.data = malloc(data_len);
143 memcpy(obj->user.data, data, data_len);
144 obj->user.len = data_len;
148 attr < NFTNL_OBJ_BASE ||
149 attr > obj->ops->nftnl_max_attr ||
150 !obj->ops->attr_policy)
153 if (obj->ops->attr_policy[attr].maxlen &&
154 obj->ops->attr_policy[attr].maxlen < data_len)
157 if (obj->ops->set(obj, attr, data, data_len) < 0)
160 obj->flags |= (1 << attr);
164 void nftnl_obj_set(
struct nftnl_obj *obj, uint16_t attr,
const void *data) __visible;
165 void nftnl_obj_set(
struct nftnl_obj *obj, uint16_t attr,
const void *data)
167 nftnl_obj_set_data(obj, attr, data, nftnl_obj_validate[attr]);
170 EXPORT_SYMBOL(nftnl_obj_set_u8);
171 int nftnl_obj_set_u8(
struct nftnl_obj *obj, uint16_t attr, uint8_t val)
173 return nftnl_obj_set_data(obj, attr, &val,
sizeof(uint8_t));
176 EXPORT_SYMBOL(nftnl_obj_set_u16);
177 int nftnl_obj_set_u16(
struct nftnl_obj *obj, uint16_t attr, uint16_t val)
179 return nftnl_obj_set_data(obj, attr, &val,
sizeof(uint16_t));
182 EXPORT_SYMBOL(nftnl_obj_set_u32);
183 int nftnl_obj_set_u32(
struct nftnl_obj *obj, uint16_t attr, uint32_t val)
185 return nftnl_obj_set_data(obj, attr, &val,
sizeof(uint32_t));
188 EXPORT_SYMBOL(nftnl_obj_set_u64);
189 int nftnl_obj_set_u64(
struct nftnl_obj *obj, uint16_t attr, uint64_t val)
191 return nftnl_obj_set_data(obj, attr, &val,
sizeof(uint64_t));
194 EXPORT_SYMBOL(nftnl_obj_set_str);
195 int nftnl_obj_set_str(
struct nftnl_obj *obj, uint16_t attr,
const char *str)
197 return nftnl_obj_set_data(obj, attr, str, strlen(str) + 1);
200 EXPORT_SYMBOL(nftnl_obj_get_data);
201 const void *nftnl_obj_get_data(
const struct nftnl_obj *obj, uint16_t attr,
204 if (!(obj->flags & (1 << attr)))
208 case NFTNL_OBJ_TABLE:
216 *data_len =
sizeof(uint32_t);
217 return &obj->ops->type;
218 case NFTNL_OBJ_FAMILY:
219 *data_len =
sizeof(uint32_t);
222 *data_len =
sizeof(uint32_t);
224 case NFTNL_OBJ_HANDLE:
225 *data_len =
sizeof(uint64_t);
227 case NFTNL_OBJ_USERDATA:
228 *data_len = obj->user.len;
229 return obj->user.data;
232 return obj->ops->get(obj, attr, data_len);
238 EXPORT_SYMBOL(nftnl_obj_get);
239 const void *nftnl_obj_get(
const struct nftnl_obj *obj, uint16_t attr)
242 return nftnl_obj_get_data(obj, attr, &data_len);
245 EXPORT_SYMBOL(nftnl_obj_get_u8);
246 uint8_t nftnl_obj_get_u8(
const struct nftnl_obj *obj, uint16_t attr)
248 const void *ret = nftnl_obj_get(obj, attr);
249 return ret == NULL ? 0 : *((uint8_t *)ret);
252 EXPORT_SYMBOL(nftnl_obj_get_u16);
253 uint16_t nftnl_obj_get_u16(
const struct nftnl_obj *obj, uint16_t attr)
255 const void *ret = nftnl_obj_get(obj, attr);
256 return ret == NULL ? 0 : *((uint16_t *)ret);
259 EXPORT_SYMBOL(nftnl_obj_get_u32);
260 uint32_t nftnl_obj_get_u32(
const struct nftnl_obj *obj, uint16_t attr)
262 const void *ret = nftnl_obj_get(obj, attr);
263 return ret == NULL ? 0 : *((uint32_t *)ret);
266 EXPORT_SYMBOL(nftnl_obj_get_u64);
267 uint64_t nftnl_obj_get_u64(
const struct nftnl_obj *obj, uint16_t attr)
269 const void *ret = nftnl_obj_get(obj, attr);
270 return ret == NULL ? 0 : *((uint64_t *)ret);
273 EXPORT_SYMBOL(nftnl_obj_get_str);
274 const char *nftnl_obj_get_str(
const struct nftnl_obj *obj, uint16_t attr)
276 return nftnl_obj_get(obj, attr);
279 EXPORT_SYMBOL(nftnl_obj_nlmsg_build_payload);
280 void nftnl_obj_nlmsg_build_payload(
struct nlmsghdr *nlh,
281 const struct nftnl_obj *obj)
283 if (obj->flags & (1 << NFTNL_OBJ_TABLE))
284 mnl_attr_put_strz(nlh, NFTA_OBJ_TABLE, obj->table);
285 if (obj->flags & (1 << NFTNL_OBJ_NAME))
286 mnl_attr_put_strz(nlh, NFTA_OBJ_NAME, obj->name);
287 if (obj->flags & (1 << NFTNL_OBJ_TYPE))
288 mnl_attr_put_u32(nlh, NFTA_OBJ_TYPE, htonl(obj->ops->type));
289 if (obj->flags & (1 << NFTNL_OBJ_HANDLE))
290 mnl_attr_put_u64(nlh, NFTA_OBJ_HANDLE, htobe64(obj->handle));
291 if (obj->flags & (1 << NFTNL_OBJ_USERDATA))
292 mnl_attr_put(nlh, NFTA_OBJ_USERDATA, obj->user.len, obj->user.data);
294 struct nlattr *nest = mnl_attr_nest_start(nlh, NFTA_OBJ_DATA);
296 obj->ops->build(nlh, obj);
297 mnl_attr_nest_end(nlh, nest);
301 static int nftnl_obj_parse_attr_cb(
const struct nlattr *attr,
void *data)
303 const struct nlattr **tb = data;
304 int type = mnl_attr_get_type(attr);
306 if (mnl_attr_type_valid(attr, NFTA_OBJ_MAX) < 0)
312 if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0)
315 case NFTA_OBJ_HANDLE:
316 if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0)
320 if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0)
324 if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
327 case NFTA_OBJ_USERDATA:
328 if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
337 EXPORT_SYMBOL(nftnl_obj_nlmsg_parse);
338 int nftnl_obj_nlmsg_parse(
const struct nlmsghdr *nlh,
struct nftnl_obj *obj)
340 struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh);
341 struct nlattr *tb[NFTA_OBJ_MAX + 1] = {};
344 if (mnl_attr_parse(nlh,
sizeof(*nfg), nftnl_obj_parse_attr_cb, tb) < 0)
347 if (nftnl_parse_str_attr(tb[NFTA_OBJ_TABLE], NFTNL_OBJ_TABLE,
348 &obj->table, &obj->flags) < 0)
350 if (nftnl_parse_str_attr(tb[NFTA_OBJ_NAME], NFTNL_OBJ_NAME,
351 &obj->name, &obj->flags) < 0)
353 if (tb[NFTA_OBJ_TYPE]) {
354 uint32_t type = ntohl(mnl_attr_get_u32(tb[NFTA_OBJ_TYPE]));
356 obj->ops = nftnl_obj_ops_lookup(type);
358 obj->flags |= (1 << NFTNL_OBJ_TYPE);
360 if (tb[NFTA_OBJ_DATA]) {
362 err = obj->ops->parse(obj, tb[NFTA_OBJ_DATA]);
367 if (tb[NFTA_OBJ_USE]) {
368 obj->use = ntohl(mnl_attr_get_u32(tb[NFTA_OBJ_USE]));
369 obj->flags |= (1 << NFTNL_OBJ_USE);
371 if (tb[NFTA_OBJ_HANDLE]) {
372 obj->handle = be64toh(mnl_attr_get_u64(tb[NFTA_OBJ_HANDLE]));
373 obj->flags |= (1 << NFTNL_OBJ_HANDLE);
375 if (tb[NFTA_OBJ_USERDATA]) {
376 nftnl_obj_set_data(obj, NFTNL_OBJ_USERDATA,
377 mnl_attr_get_payload(tb[NFTA_OBJ_USERDATA]),
378 mnl_attr_get_payload_len(tb[NFTA_OBJ_USERDATA]));
381 obj->family = nfg->nfgen_family;
382 obj->flags |= (1 << NFTNL_OBJ_FAMILY);
387 EXPORT_SYMBOL(nftnl_obj_parse);
388 int nftnl_obj_parse(
struct nftnl_obj *obj,
enum nftnl_parse_type type,
389 const char *data,
struct nftnl_parse_err *err)
396 EXPORT_SYMBOL(nftnl_obj_parse_file);
397 int nftnl_obj_parse_file(
struct nftnl_obj *obj,
enum nftnl_parse_type type,
398 FILE *fp,
struct nftnl_parse_err *err)
405 static int nftnl_obj_snprintf_dflt(
char *buf,
size_t remain,
406 const struct nftnl_obj *obj,
407 uint32_t type, uint32_t flags)
409 const char *name = obj->ops ? obj->ops->name :
"(unknown)";
412 ret = snprintf(buf, remain,
"table %s name %s use %u [ %s ",
413 obj->table, obj->name, obj->use, name);
414 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
417 ret = obj->ops->output(buf + offset, remain, flags, obj);
418 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
420 ret = snprintf(buf + offset, remain,
"]");
421 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
426 static int nftnl_obj_cmd_snprintf(
char *buf,
size_t remain,
427 const struct nftnl_obj *obj, uint32_t cmd,
428 uint32_t type, uint32_t flags)
432 if (type != NFTNL_OUTPUT_DEFAULT)
435 ret = nftnl_obj_snprintf_dflt(buf + offset, remain, obj, type, flags);
436 SNPRINTF_BUFFER_SIZE(ret, remain, offset);
440 EXPORT_SYMBOL(nftnl_obj_snprintf);
441 int nftnl_obj_snprintf(
char *buf,
size_t size,
const struct nftnl_obj *obj,
442 uint32_t type, uint32_t flags)
447 return nftnl_obj_cmd_snprintf(buf, size, obj, nftnl_flag2cmd(flags),
451 static int nftnl_obj_do_snprintf(
char *buf,
size_t size,
const void *obj,
452 uint32_t cmd, uint32_t type, uint32_t flags)
454 return nftnl_obj_snprintf(buf, size, obj, type, flags);
457 EXPORT_SYMBOL(nftnl_obj_fprintf);
458 int nftnl_obj_fprintf(FILE *fp,
const struct nftnl_obj *obj, uint32_t type,
461 return nftnl_fprintf(fp, obj, NFTNL_CMD_UNSPEC, type, flags,
462 nftnl_obj_do_snprintf);
466 struct list_head list;
469 EXPORT_SYMBOL(nftnl_obj_list_alloc);
478 INIT_LIST_HEAD(&list->list);
483 EXPORT_SYMBOL(nftnl_obj_list_free);
486 struct nftnl_obj *r, *tmp;
488 list_for_each_entry_safe(r, tmp, &list->list, head) {
495 EXPORT_SYMBOL(nftnl_obj_list_is_empty);
498 return list_empty(&list->list);
501 EXPORT_SYMBOL(nftnl_obj_list_add);
502 void nftnl_obj_list_add(
struct nftnl_obj *r,
struct nftnl_obj_list *list)
504 list_add(&r->head, &list->list);
507 EXPORT_SYMBOL(nftnl_obj_list_add_tail);
508 void nftnl_obj_list_add_tail(
struct nftnl_obj *r,
511 list_add_tail(&r->head, &list->list);
514 EXPORT_SYMBOL(nftnl_obj_list_del);
515 void nftnl_obj_list_del(
struct nftnl_obj *t)
520 EXPORT_SYMBOL(nftnl_obj_list_foreach);
522 int (*cb)(
struct nftnl_obj *t,
void *data),
525 struct nftnl_obj *cur, *tmp;
528 list_for_each_entry_safe(cur, tmp, &table_list->list, head) {
538 struct nftnl_obj *cur;
541 EXPORT_SYMBOL(nftnl_obj_list_iter_create);
552 if (nftnl_obj_list_is_empty(l))
555 iter->cur = list_entry(l->list.next,
struct nftnl_obj, head);
560 EXPORT_SYMBOL(nftnl_obj_list_iter_next);
563 struct nftnl_obj *r = iter->cur;
569 iter->cur = list_entry(iter->cur->head.next,
struct nftnl_obj, head);
570 if (&iter->cur->head == iter->list->list.next)
576 EXPORT_SYMBOL(nftnl_obj_list_iter_destroy);
