libnftnl  1.0.8
cmp.c
1 /*
2  * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published
6  * by the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
10  */
11 
12 #include "internal.h"
13 
14 #include <stdio.h>
15 #include <stdint.h>
16 #include <string.h>
17 #include <arpa/inet.h>
18 #include <errno.h>
19 
20 #include <libmnl/libmnl.h>
21 #include <linux/netfilter/nf_tables.h>
22 #include <libnftnl/expr.h>
23 #include <libnftnl/rule.h>
24 
26  union nftnl_data_reg data;
27  enum nft_registers sreg;
28  enum nft_cmp_ops op;
29 };
30 
31 static int
32 nftnl_expr_cmp_set(struct nftnl_expr *e, uint16_t type,
33  const void *data, uint32_t data_len)
34 {
35  struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
36 
37  switch(type) {
38  case NFTNL_EXPR_CMP_SREG:
39  cmp->sreg = *((uint32_t *)data);
40  break;
41  case NFTNL_EXPR_CMP_OP:
42  cmp->op = *((uint32_t *)data);
43  break;
44  case NFTNL_EXPR_CMP_DATA:
45  memcpy(&cmp->data.val, data, data_len);
46  cmp->data.len = data_len;
47  break;
48  default:
49  return -1;
50  }
51  return 0;
52 }
53 
54 static const void *
55 nftnl_expr_cmp_get(const struct nftnl_expr *e, uint16_t type,
56  uint32_t *data_len)
57 {
58  struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
59 
60  switch(type) {
61  case NFTNL_EXPR_CMP_SREG:
62  *data_len = sizeof(cmp->sreg);
63  return &cmp->sreg;
64  case NFTNL_EXPR_CMP_OP:
65  *data_len = sizeof(cmp->op);
66  return &cmp->op;
67  case NFTNL_EXPR_CMP_DATA:
68  *data_len = cmp->data.len;
69  return &cmp->data.val;
70  }
71  return NULL;
72 }
73 
74 static int nftnl_expr_cmp_cb(const struct nlattr *attr, void *data)
75 {
76  const struct nlattr **tb = data;
77  int type = mnl_attr_get_type(attr);
78 
79  if (mnl_attr_type_valid(attr, NFTA_CMP_MAX) < 0)
80  return MNL_CB_OK;
81 
82  switch(type) {
83  case NFTA_CMP_SREG:
84  case NFTA_CMP_OP:
85  if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
86  abi_breakage();
87  break;
88  case NFTA_CMP_DATA:
89  if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
90  abi_breakage();
91  break;
92  }
93 
94  tb[type] = attr;
95  return MNL_CB_OK;
96 }
97 
98 static void
99 nftnl_expr_cmp_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
100 {
101  struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
102 
103  if (e->flags & (1 << NFTNL_EXPR_CMP_SREG))
104  mnl_attr_put_u32(nlh, NFTA_CMP_SREG, htonl(cmp->sreg));
105  if (e->flags & (1 << NFTNL_EXPR_CMP_OP))
106  mnl_attr_put_u32(nlh, NFTA_CMP_OP, htonl(cmp->op));
107  if (e->flags & (1 << NFTNL_EXPR_CMP_DATA)) {
108  struct nlattr *nest;
109 
110  nest = mnl_attr_nest_start(nlh, NFTA_CMP_DATA);
111  mnl_attr_put(nlh, NFTA_DATA_VALUE, cmp->data.len, cmp->data.val);
112  mnl_attr_nest_end(nlh, nest);
113  }
114 }
115 
116 static int
117 nftnl_expr_cmp_parse(struct nftnl_expr *e, struct nlattr *attr)
118 {
119  struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
120  struct nlattr *tb[NFTA_CMP_MAX+1] = {};
121  int ret = 0;
122 
123  if (mnl_attr_parse_nested(attr, nftnl_expr_cmp_cb, tb) < 0)
124  return -1;
125 
126  if (tb[NFTA_CMP_SREG]) {
127  cmp->sreg = ntohl(mnl_attr_get_u32(tb[NFTA_CMP_SREG]));
128  e->flags |= (1 << NFTA_CMP_SREG);
129  }
130  if (tb[NFTA_CMP_OP]) {
131  cmp->op = ntohl(mnl_attr_get_u32(tb[NFTA_CMP_OP]));
132  e->flags |= (1 << NFTA_CMP_OP);
133  }
134  if (tb[NFTA_CMP_DATA]) {
135  ret = nftnl_parse_data(&cmp->data, tb[NFTA_CMP_DATA], NULL);
136  e->flags |= (1 << NFTA_CMP_DATA);
137  }
138 
139  return ret;
140 }
141 
142 static const char *expr_cmp_str[] = {
143  [NFT_CMP_EQ] = "eq",
144  [NFT_CMP_NEQ] = "neq",
145  [NFT_CMP_LT] = "lt",
146  [NFT_CMP_LTE] = "lte",
147  [NFT_CMP_GT] = "gt",
148  [NFT_CMP_GTE] = "gte",
149 };
150 
151 static const char *cmp2str(uint32_t op)
152 {
153  if (op > NFT_CMP_GTE)
154  return "unknown";
155 
156  return expr_cmp_str[op];
157 }
158 
159 static inline int nftnl_str2cmp(const char *op)
160 {
161  if (strcmp(op, "eq") == 0)
162  return NFT_CMP_EQ;
163  else if (strcmp(op, "neq") == 0)
164  return NFT_CMP_NEQ;
165  else if (strcmp(op, "lt") == 0)
166  return NFT_CMP_LT;
167  else if (strcmp(op, "lte") == 0)
168  return NFT_CMP_LTE;
169  else if (strcmp(op, "gt") == 0)
170  return NFT_CMP_GT;
171  else if (strcmp(op, "gte") == 0)
172  return NFT_CMP_GTE;
173  else {
174  errno = EINVAL;
175  return -1;
176  }
177 }
178 
179 static int nftnl_expr_cmp_json_parse(struct nftnl_expr *e, json_t *root,
180  struct nftnl_parse_err *err)
181 {
182 #ifdef JSON_PARSING
183  struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
184  const char *op;
185  uint32_t uval32;
186  int base;
187 
188  if (nftnl_jansson_parse_val(root, "sreg", NFTNL_TYPE_U32, &uval32,
189  err) == 0)
190  nftnl_expr_set_u32(e, NFTNL_EXPR_CMP_SREG, uval32);
191 
192  op = nftnl_jansson_parse_str(root, "op", err);
193  if (op != NULL) {
194  base = nftnl_str2cmp(op);
195  if (base < 0)
196  return -1;
197 
198  nftnl_expr_set_u32(e, NFTNL_EXPR_CMP_OP, base);
199  }
200 
201  if (nftnl_jansson_data_reg_parse(root, "data",
202  &cmp->data, err) == DATA_VALUE)
203  e->flags |= (1 << NFTNL_EXPR_CMP_DATA);
204 
205  return 0;
206 #else
207  errno = EOPNOTSUPP;
208  return -1;
209 #endif
210 }
211 
212 static int nftnl_expr_cmp_export(char *buf, size_t size,
213  const struct nftnl_expr *e, int type)
214 {
215  struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
216  NFTNL_BUF_INIT(b, buf, size);
217 
218  if (e->flags & (1 << NFTNL_EXPR_CMP_SREG))
219  nftnl_buf_u32(&b, type, cmp->sreg, SREG);
220  if (e->flags & (1 << NFTNL_EXPR_CMP_OP))
221  nftnl_buf_str(&b, type, cmp2str(cmp->op), OP);
222  if (e->flags & (1 << NFTNL_EXPR_CMP_DATA))
223  nftnl_buf_reg(&b, type, &cmp->data, DATA_VALUE, DATA);
224 
225  return nftnl_buf_done(&b);
226 }
227 
228 static int nftnl_expr_cmp_snprintf_default(char *buf, size_t size,
229  const struct nftnl_expr *e)
230 {
231  struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
232  int remain = size, offset = 0, ret;
233 
234  ret = snprintf(buf, remain, "%s reg %u ",
235  cmp2str(cmp->op), cmp->sreg);
236  SNPRINTF_BUFFER_SIZE(ret, remain, offset);
237 
238  ret = nftnl_data_reg_snprintf(buf + offset, remain, &cmp->data,
239  NFTNL_OUTPUT_DEFAULT, 0, DATA_VALUE);
240  SNPRINTF_BUFFER_SIZE(ret, remain, offset);
241 
242  return offset;
243 }
244 
245 static int
246 nftnl_expr_cmp_snprintf(char *buf, size_t size, uint32_t type,
247  uint32_t flags, const struct nftnl_expr *e)
248 {
249  switch (type) {
250  case NFTNL_OUTPUT_DEFAULT:
251  return nftnl_expr_cmp_snprintf_default(buf, size, e);
252  case NFTNL_OUTPUT_XML:
253  case NFTNL_OUTPUT_JSON:
254  return nftnl_expr_cmp_export(buf, size, e, type);
255  default:
256  break;
257  }
258  return -1;
259 }
260 
261 static bool nftnl_expr_cmp_cmp(const struct nftnl_expr *e1,
262  const struct nftnl_expr *e2)
263 {
264  struct nftnl_expr_cmp *c1 = nftnl_expr_data(e1);
265  struct nftnl_expr_cmp *c2 = nftnl_expr_data(e2);
266  bool eq = true;
267 
268  if (e1->flags & (1 << NFTNL_EXPR_CMP_DATA))
269  eq &= nftnl_data_reg_cmp(&c1->data, &c2->data, DATA_VALUE);
270  if (e1->flags & (1 << NFTNL_EXPR_CMP_SREG))
271  eq &= (c1->sreg == c2->sreg);
272  if (e1->flags & (1 << NFTNL_EXPR_CMP_OP))
273  eq &= (c1->op == c2->op);
274 
275  return eq;
276 }
277 
278 struct expr_ops expr_ops_cmp = {
279  .name = "cmp",
280  .alloc_len = sizeof(struct nftnl_expr_cmp),
281  .max_attr = NFTA_CMP_MAX,
282  .cmp = nftnl_expr_cmp_cmp,
283  .set = nftnl_expr_cmp_set,
284  .get = nftnl_expr_cmp_get,
285  .parse = nftnl_expr_cmp_parse,
286  .build = nftnl_expr_cmp_build,
287  .snprintf = nftnl_expr_cmp_snprintf,
288  .json_parse = nftnl_expr_cmp_json_parse,
289 };