libnftnl  1.0.8
utils.c
1 /*
2  * (C) 2012-2013 by Pablo Neira Ayuso <pablo@netfilter.org>
3  * (C) 2013 by Arturo Borrero Gonzalez <arturo@debian.org>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published
7  * by the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  */
10 
11 #include <internal.h>
12 #include <stdlib.h>
13 #include <string.h>
14 #include <limits.h>
15 #include <stdint.h>
16 #include <arpa/inet.h>
17 #include <errno.h>
18 #include <inttypes.h>
19 
20 #include <libnftnl/common.h>
21 
22 #include <linux/netfilter.h>
23 #include <linux/netfilter/nf_tables.h>
24 
25 static const char *const nftnl_family_str[NFPROTO_NUMPROTO] = {
26  [NFPROTO_INET] = "inet",
27  [NFPROTO_IPV4] = "ip",
28  [NFPROTO_ARP] = "arp",
29  [NFPROTO_NETDEV] = "netdev",
30  [NFPROTO_BRIDGE] = "bridge",
31  [NFPROTO_IPV6] = "ip6",
32 };
33 
34 const char *nftnl_family2str(uint32_t family)
35 {
36  if (family >= NFPROTO_NUMPROTO || !nftnl_family_str[family])
37  return "unknown";
38 
39  return nftnl_family_str[family];
40 }
41 
42 int nftnl_str2family(const char *family)
43 {
44  int i;
45 
46  for (i = 0; i < NFPROTO_NUMPROTO; i++) {
47  if (nftnl_family_str[i] == NULL)
48  continue;
49 
50  if (strcmp(nftnl_family_str[i], family) == 0)
51  return i;
52  }
53 
54  errno = EAFNOSUPPORT;
55  return -1;
56 }
57 
58 static struct {
59  int len;
60  int64_t min;
61  uint64_t max;
62 } basetype[] = {
63  [NFTNL_TYPE_U8] = { .len = sizeof(uint8_t), .max = UINT8_MAX },
64  [NFTNL_TYPE_U16] = { .len = sizeof(uint16_t), .max = UINT16_MAX },
65  [NFTNL_TYPE_U32] = { .len = sizeof(uint32_t), .max = UINT32_MAX },
66  [NFTNL_TYPE_U64] = { .len = sizeof(uint64_t), .max = UINT64_MAX },
67  [NFTNL_TYPE_S8] = { .len = sizeof(int8_t), .min = INT8_MIN, .max = INT8_MAX },
68  [NFTNL_TYPE_S16] = { .len = sizeof(int16_t), .min = INT16_MIN, .max = INT16_MAX },
69  [NFTNL_TYPE_S32] = { .len = sizeof(int32_t), .min = INT32_MIN, .max = INT32_MAX },
70  [NFTNL_TYPE_S64] = { .len = sizeof(int64_t), .min = INT64_MIN, .max = INT64_MAX },
71 };
72 
73 int nftnl_get_value(enum nftnl_type type, void *val, void *out)
74 {
75  int64_t sval;
76  uint64_t uval;
77 
78  switch (type) {
79  case NFTNL_TYPE_U8:
80  case NFTNL_TYPE_U16:
81  case NFTNL_TYPE_U32:
82  case NFTNL_TYPE_U64:
83  uval = *((uint64_t *)val);
84  if (uval > basetype[type].max) {
85  errno = ERANGE;
86  return -1;
87  }
88  memcpy(out, &uval, basetype[type].len);
89  break;
90  case NFTNL_TYPE_S8:
91  case NFTNL_TYPE_S16:
92  case NFTNL_TYPE_S32:
93  case NFTNL_TYPE_S64:
94  sval = *((int64_t *)val);
95  if (sval < basetype[type].min ||
96  sval > (int64_t)basetype[type].max) {
97  errno = ERANGE;
98  return -1;
99  }
100  memcpy(out, &sval, basetype[type].len);
101  break;
102  }
103 
104  return 0;
105 }
106 
107 int nftnl_strtoi(const char *string, int base, void *out, enum nftnl_type type)
108 {
109  int ret;
110  int64_t sval = 0;
111  uint64_t uval = -1;
112  char *endptr;
113 
114  switch (type) {
115  case NFTNL_TYPE_U8:
116  case NFTNL_TYPE_U16:
117  case NFTNL_TYPE_U32:
118  case NFTNL_TYPE_U64:
119  uval = strtoll(string, &endptr, base);
120  ret = nftnl_get_value(type, &uval, out);
121  break;
122  case NFTNL_TYPE_S8:
123  case NFTNL_TYPE_S16:
124  case NFTNL_TYPE_S32:
125  case NFTNL_TYPE_S64:
126  sval = strtoull(string, &endptr, base);
127  ret = nftnl_get_value(type, &sval, out);
128  break;
129  default:
130  errno = EINVAL;
131  return -1;
132  }
133 
134  if (*endptr) {
135  errno = EINVAL;
136  return -1;
137  }
138 
139  return ret;
140 }
141 
142 const char *nftnl_verdict2str(uint32_t verdict)
143 {
144  switch (verdict) {
145  case NF_ACCEPT:
146  return "accept";
147  case NF_DROP:
148  return "drop";
149  case NF_STOLEN:
150  return "stolen";
151  case NF_QUEUE:
152  return "queue";
153  case NF_REPEAT:
154  return "repeat";
155  case NF_STOP:
156  return "stop";
157  case NFT_RETURN:
158  return "return";
159  case NFT_JUMP:
160  return "jump";
161  case NFT_GOTO:
162  return "goto";
163  case NFT_CONTINUE:
164  return "continue";
165  case NFT_BREAK:
166  return "break";
167  default:
168  return "unknown";
169  }
170 }
171 
172 int nftnl_str2verdict(const char *verdict, int *verdict_num)
173 {
174  if (strcmp(verdict, "accept") == 0) {
175  *verdict_num = NF_ACCEPT;
176  return 0;
177  } else if (strcmp(verdict, "drop") == 0) {
178  *verdict_num = NF_DROP;
179  return 0;
180  } else if (strcmp(verdict, "return") == 0) {
181  *verdict_num = NFT_RETURN;
182  return 0;
183  } else if (strcmp(verdict, "jump") == 0) {
184  *verdict_num = NFT_JUMP;
185  return 0;
186  } else if (strcmp(verdict, "goto") == 0) {
187  *verdict_num = NFT_GOTO;
188  return 0;
189  }
190 
191  return -1;
192 }
193 
194 enum nftnl_cmd_type nftnl_flag2cmd(uint32_t flags)
195 {
196  if (flags & NFTNL_OF_EVENT_NEW)
197  return NFTNL_CMD_ADD;
198  else if (flags & NFTNL_OF_EVENT_DEL)
199  return NFTNL_CMD_DELETE;
200 
201  return NFTNL_CMD_UNSPEC;
202 }
203 
204 static const char *cmd2tag[NFTNL_CMD_MAX] = {
205  [NFTNL_CMD_ADD] = ADD,
206  [NFTNL_CMD_INSERT] = INSERT,
207  [NFTNL_CMD_DELETE] = DELETE,
208  [NFTNL_CMD_REPLACE] = REPLACE,
209  [NFTNL_CMD_FLUSH] = FLUSH,
210 };
211 
212 const char *nftnl_cmd2tag(enum nftnl_cmd_type cmd)
213 {
214  if (cmd >= NFTNL_CMD_MAX)
215  return "unknown";
216 
217  return cmd2tag[cmd];
218 }
219 
220 uint32_t nftnl_str2cmd(const char *cmd)
221 {
222  if (strcmp(cmd, ADD) == 0)
223  return NFTNL_CMD_ADD;
224  else if (strcmp(cmd, INSERT) == 0)
225  return NFTNL_CMD_INSERT;
226  else if (strcmp(cmd, DELETE) == 0)
227  return NFTNL_CMD_DELETE;
228  else if (strcmp(cmd, REPLACE) == 0)
229  return NFTNL_CMD_REPLACE;
230  else if (strcmp(cmd, FLUSH) == 0)
231  return NFTNL_CMD_FLUSH;
232 
233  return NFTNL_CMD_UNSPEC;
234 }
235 
236 int nftnl_fprintf(FILE *fp, const void *obj, uint32_t cmd, uint32_t type,
237  uint32_t flags,
238  int (*snprintf_cb)(char *buf, size_t bufsiz, const void *obj,
239  uint32_t cmd, uint32_t type,
240  uint32_t flags))
241 {
242  char _buf[NFTNL_SNPRINTF_BUFSIZ];
243  char *buf = _buf;
244  size_t bufsiz = sizeof(_buf);
245  int ret;
246 
247  ret = snprintf_cb(buf, bufsiz, obj, cmd, type, flags);
248  if (ret <= 0)
249  goto out;
250 
251  if (ret >= NFTNL_SNPRINTF_BUFSIZ) {
252  bufsiz = ret + 1;
253 
254  buf = malloc(bufsiz);
255  if (buf == NULL)
256  return -1;
257 
258  ret = snprintf_cb(buf, bufsiz, obj, cmd, type, flags);
259  if (ret <= 0)
260  goto out;
261  }
262 
263  ret = fprintf(fp, "%s", buf);
264 
265 out:
266  if (buf != _buf)
267  xfree(buf);
268 
269  return ret;
270 }
271 
272 void __nftnl_assert_attr_exists(uint16_t attr, uint16_t attr_max,
273  const char *filename, int line)
274 {
275  fprintf(stderr, "libnftnl: attribute %d > %d (maximum) assertion failed in %s:%d\n",
276  attr, attr_max, filename, line);
277  exit(EXIT_FAILURE);
278 }
279 
280 void __nftnl_assert_fail(uint16_t attr, const char *filename, int line)
281 {
282  fprintf(stderr, "libnftnl: attribute %d assertion failed in %s:%d\n",
283  attr, filename, line);
284  exit(EXIT_FAILURE);
285 }
286 
287 void __noreturn __abi_breakage(const char *file, int line, const char *reason)
288 {
289  fprintf(stderr, "nf_tables kernel ABI is broken, contact your vendor.\n"
290  "%s:%d reason: %s\n", file, line, reason);
291  exit(EXIT_FAILURE);
292 }