[PATCH 2/2 libnftnl] expr: payload: add NFTNL_EXPR_PAYLOAD_FLAGS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So we can include the new NFT_PAYLOAD_L4CSUM_PSEUDOHDR flag.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 include/libnftnl/expr.h             |  1 +
 include/linux/netfilter/nf_tables.h |  6 ++++++
 src/expr/payload.c                  | 22 ++++++++++++++++++++--
 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
index edf86a966fc0..c4a6d53a3559 100644
--- a/include/libnftnl/expr.h
+++ b/include/libnftnl/expr.h
@@ -48,6 +48,7 @@ enum {
 	NFTNL_EXPR_PAYLOAD_SREG,
 	NFTNL_EXPR_PAYLOAD_CSUM_TYPE,
 	NFTNL_EXPR_PAYLOAD_CSUM_OFFSET,
+	NFTNL_EXPR_PAYLOAD_FLAGS,
 };
 
 enum {
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 14e5f619167e..f030e59aa2ec 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -659,6 +659,10 @@ enum nft_payload_csum_types {
 	NFT_PAYLOAD_CSUM_INET,
 };
 
+enum nft_payload_csum_flags {
+	NFT_PAYLOAD_L4CSUM_PSEUDOHDR = (1 << 0),
+};
+
 /**
  * enum nft_payload_attributes - nf_tables payload expression netlink attributes
  *
@@ -669,6 +673,7 @@ enum nft_payload_csum_types {
  * @NFTA_PAYLOAD_SREG: source register to load data from (NLA_U32: nft_registers)
  * @NFTA_PAYLOAD_CSUM_TYPE: checksum type (NLA_U32)
  * @NFTA_PAYLOAD_CSUM_OFFSET: checksum offset relative to base (NLA_U32)
+ * @NFTA_PAYLOAD_CSUM_FLAGS: checksum flags (NLA_U32)
  */
 enum nft_payload_attributes {
 	NFTA_PAYLOAD_UNSPEC,
@@ -679,6 +684,7 @@ enum nft_payload_attributes {
 	NFTA_PAYLOAD_SREG,
 	NFTA_PAYLOAD_CSUM_TYPE,
 	NFTA_PAYLOAD_CSUM_OFFSET,
+	NFTA_PAYLOAD_CSUM_FLAGS,
 	__NFTA_PAYLOAD_MAX
 };
 #define NFTA_PAYLOAD_MAX	(__NFTA_PAYLOAD_MAX - 1)
diff --git a/src/expr/payload.c b/src/expr/payload.c
index 17dd4cd6409b..d65585711bd1 100644
--- a/src/expr/payload.c
+++ b/src/expr/payload.c
@@ -32,6 +32,7 @@ struct nftnl_expr_payload {
 	uint32_t		len;
 	uint32_t		csum_type;
 	uint32_t		csum_offset;
+	uint32_t		csum_flags;
 };
 
 static int
@@ -62,6 +63,9 @@ nftnl_expr_payload_set(struct nftnl_expr *e, uint16_t type,
 	case NFTNL_EXPR_PAYLOAD_CSUM_OFFSET:
 		payload->csum_offset = *((uint32_t *)data);
 		break;
+	case NFTNL_EXPR_PAYLOAD_FLAGS:
+		payload->csum_flags = *((uint32_t *)data);
+		break;
 	default:
 		return -1;
 	}
@@ -96,6 +100,9 @@ nftnl_expr_payload_get(const struct nftnl_expr *e, uint16_t type,
 	case NFTNL_EXPR_PAYLOAD_CSUM_OFFSET:
 		*data_len = sizeof(payload->csum_offset);
 		return &payload->csum_offset;
+	case NFTNL_EXPR_PAYLOAD_FLAGS:
+		*data_len = sizeof(payload->csum_flags);
+		return &payload->csum_flags;
 	}
 	return NULL;
 }
@@ -116,6 +123,7 @@ static int nftnl_expr_payload_cb(const struct nlattr *attr, void *data)
 	case NFTA_PAYLOAD_LEN:
 	case NFTA_PAYLOAD_CSUM_TYPE:
 	case NFTA_PAYLOAD_CSUM_OFFSET:
+	case NFTA_PAYLOAD_CSUM_FLAGS:
 		if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
 			abi_breakage();
 		break;
@@ -146,6 +154,9 @@ nftnl_expr_payload_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
 	if (e->flags & (1 << NFTNL_EXPR_PAYLOAD_CSUM_OFFSET))
 		mnl_attr_put_u32(nlh, NFTA_PAYLOAD_CSUM_OFFSET,
 				 htonl(payload->csum_offset));
+	if (e->flags & (1 << NFTNL_EXPR_PAYLOAD_FLAGS))
+		mnl_attr_put_u32(nlh, NFTA_PAYLOAD_CSUM_FLAGS,
+				 htonl(payload->csum_flags));
 }
 
 static int
@@ -185,6 +196,10 @@ nftnl_expr_payload_parse(struct nftnl_expr *e, struct nlattr *attr)
 		payload->csum_offset = ntohl(mnl_attr_get_u32(tb[NFTA_PAYLOAD_CSUM_OFFSET]));
 		e->flags |= (1 << NFTNL_EXPR_PAYLOAD_CSUM_OFFSET);
 	}
+	if (tb[NFTA_PAYLOAD_CSUM_FLAGS]) {
+		payload->csum_flags = ntohl(mnl_attr_get_u32(tb[NFTA_PAYLOAD_CSUM_FLAGS]));
+		e->flags |= (1 << NFTNL_EXPR_PAYLOAD_FLAGS);
+	}
 	return 0;
 }
 
@@ -278,11 +293,12 @@ nftnl_expr_payload_snprintf(char *buf, size_t len, uint32_t type,
 	switch (type) {
 	case NFTNL_OUTPUT_DEFAULT:
 		if (payload->sreg)
-			return snprintf(buf, len, "write reg %u => %ub @ %s header + %u csum_type %u csum_off %u ",
+			return snprintf(buf, len, "write reg %u => %ub @ %s header + %u csum_type %u csum_off %u csum_flags 0x%x ",
 					payload->sreg,
 					payload->len, base2str(payload->base),
 					payload->offset, payload->csum_type,
-					payload->csum_offset);
+					payload->csum_offset,
+					payload->csum_flags);
 		else
 			return snprintf(buf, len, "load %ub @ %s header + %u => reg %u ",
 					payload->len, base2str(payload->base),
@@ -317,6 +333,8 @@ static bool nftnl_expr_payload_cmp(const struct nftnl_expr *e1,
 		eq &= (p1->csum_type == p2->csum_type);
 	if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_CSUM_OFFSET))
 		eq &= (p1->csum_offset == p2->csum_offset);
+	if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_FLAGS))
+		eq &= (p1->csum_flags == p2->csum_flags);
 
 	return eq;
 }
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux