[PATCH libnftnl] expr: add map lookups for numgen statements

Laura Garcia Liebana <nevola@xxxxxxxxx> · Sun, 22 Apr 2018 11:04:56 +0200

This patch introduces two new attributes for numgen to allow map
lookups where the number generator will be the key.

Two new attributes needs to be included: NFTNL_EXPR_NG_SET_NAME and
NFTNL_EXPR_NG_SET_ID in order to identify the given map.

Signed-off-by: Laura Garcia Liebana <nevola@xxxxxxxxx>
---
 include/libnftnl/expr.h             |  2 ++
 include/linux/netfilter/nf_tables.h |  4 +++
 src/expr/numgen.c                   | 49 +++++++++++++++++++++++++++++++++++++
 3 files changed, 55 insertions(+)

diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
index 76df942..25d4103 100644
--- a/include/libnftnl/expr.h
+++ b/include/libnftnl/expr.h
@@ -57,6 +57,8 @@ enum {
 	NFTNL_EXPR_NG_MODULUS,
 	NFTNL_EXPR_NG_TYPE,
 	NFTNL_EXPR_NG_OFFSET,
+	NFTNL_EXPR_NG_SET_NAME,
+	NFTNL_EXPR_NG_SET_ID,
 };
 
 enum {
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index b904e33..54e35c1 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -1448,6 +1448,8 @@ enum nft_trace_types {
  * @NFTA_NG_MODULUS: maximum counter value (NLA_U32)
  * @NFTA_NG_TYPE: operation type (NLA_U32)
  * @NFTA_NG_OFFSET: offset to be added to the counter (NLA_U32)
+ * @NFTA_NG_SET_NAME: name of the map to lookup (NLA_STRING)
+ * @NFTA_NG_SET_ID: if of the map (NLA_U32)
  */
 enum nft_ng_attributes {
 	NFTA_NG_UNSPEC,
@@ -1455,6 +1457,8 @@ enum nft_ng_attributes {
 	NFTA_NG_MODULUS,
 	NFTA_NG_TYPE,
 	NFTA_NG_OFFSET,
+	NFTA_NG_SET_NAME,
+	NFTA_NG_SET_ID,
 	__NFTA_NG_MAX
 };
 #define NFTA_NG_MAX	(__NFTA_NG_MAX - 1)
diff --git a/src/expr/numgen.c b/src/expr/numgen.c
index 1369b01..5336fde 100644
--- a/src/expr/numgen.c
+++ b/src/expr/numgen.c
@@ -25,6 +25,10 @@ struct nftnl_expr_ng {
 	unsigned int		modulus;
 	enum nft_ng_types	type;
 	unsigned int		offset;
+	struct {
+		const char	*name;
+		uint32_t	id;
+	} map;
 };
 
 static int
@@ -46,6 +50,14 @@ nftnl_expr_ng_set(struct nftnl_expr *e, uint16_t type,
 	case NFTNL_EXPR_NG_OFFSET:
 		ng->offset = *((uint32_t *)data);
 		break;
+	case NFTNL_EXPR_NG_SET_NAME:
+		ng->map.name = strdup(data);
+		if (!ng->map.name)
+			return -1;
+		break;
+	case NFTNL_EXPR_NG_SET_ID:
+		ng->map.id = *((uint32_t *)data);
+		break;
 	default:
 		return -1;
 	}
@@ -71,6 +83,12 @@ nftnl_expr_ng_get(const struct nftnl_expr *e, uint16_t type,
 	case NFTNL_EXPR_NG_OFFSET:
 		*data_len = sizeof(ng->offset);
 		return &ng->offset;
+	case NFTNL_EXPR_NG_SET_NAME:
+		*data_len = strlen(ng->map.name) + 1;
+		return ng->map.name;
+	case NFTNL_EXPR_NG_SET_ID:
+		*data_len = sizeof(ng->map.id);
+		return &ng->map.id;
 	}
 	return NULL;
 }
@@ -88,9 +106,14 @@ static int nftnl_expr_ng_cb(const struct nlattr *attr, void *data)
 	case NFTA_NG_MODULUS:
 	case NFTA_NG_TYPE:
 	case NFTA_NG_OFFSET:
+	case NFTA_NG_SET_ID:
 		if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
 			abi_breakage();
 		break;
+	case NFTA_NG_SET_NAME:
+		if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0)
+			abi_breakage();
+		break;
 	}
 
 	tb[type] = attr;
@@ -110,6 +133,10 @@ nftnl_expr_ng_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
 		mnl_attr_put_u32(nlh, NFTA_NG_TYPE, htonl(ng->type));
 	if (e->flags & (1 << NFTNL_EXPR_NG_OFFSET))
 		mnl_attr_put_u32(nlh, NFTA_NG_OFFSET, htonl(ng->offset));
+	if (e->flags & (1 << NFTNL_EXPR_NG_SET_NAME))
+		mnl_attr_put_str(nlh, NFTA_NG_SET_NAME, ng->map.name);
+	if (e->flags & (1 << NFTNL_EXPR_NG_SET_ID))
+		mnl_attr_put_u32(nlh, NFTA_NG_SET_ID, htonl(ng->map.id));
 }
 
 static int
@@ -138,6 +165,16 @@ nftnl_expr_ng_parse(struct nftnl_expr *e, struct nlattr *attr)
 		ng->offset = ntohl(mnl_attr_get_u32(tb[NFTA_NG_OFFSET]));
 		e->flags |= (1 << NFTNL_EXPR_NG_OFFSET);
 	}
+	if (tb[NFTA_NG_SET_NAME]) {
+		ng->map.name =
+			strdup(mnl_attr_get_str(tb[NFTA_NG_SET_NAME]));
+		e->flags |= (1 << NFTNL_EXPR_NG_SET_NAME);
+	}
+	if (tb[NFTA_NG_SET_ID]) {
+		ng->map.id =
+			ntohl(mnl_attr_get_u32(tb[NFTA_NG_SET_ID]));
+		e->flags |= (1 << NFTNL_EXPR_NG_SET_ID);
+	}
 
 	return ret;
 }
@@ -198,6 +235,12 @@ nftnl_expr_ng_snprintf_default(char *buf, size_t size,
 		SNPRINTF_BUFFER_SIZE(ret, remain, offset);
 	}
 
+	if (ng->map.id) {
+		ret = snprintf(buf + offset, remain, "set %s id %u ",
+			       ng->map.name, ng->map.id);
+		SNPRINTF_BUFFER_SIZE(ret, remain, offset);
+	}
+
 	return offset;
 }
 
@@ -216,6 +259,8 @@ static int nftnl_expr_ng_export(char *buf, size_t size,
 		nftnl_buf_u32(&b, type, ng->type, TYPE);
 	if (e->flags & (1 << NFTNL_EXPR_NG_OFFSET))
 		nftnl_buf_u32(&b, type, ng->type, OFFSET);
+	if (e->flags & (1 << NFTNL_EXPR_NG_SET_NAME))
+		nftnl_buf_str(&b, type, ng->map.name, SET);
 
 	return nftnl_buf_done(&b);
 }
@@ -251,6 +296,10 @@ static bool nftnl_expr_ng_cmp(const struct nftnl_expr *e1,
 		eq &= (n1->type == n2->type);
 	if (e1->flags & (1 << NFTNL_EXPR_NG_OFFSET))
 		eq &= (n1->offset == n2->offset);
+	if (e1->flags & (1 << NFTNL_EXPR_NG_SET_NAME))
+		eq &= !strcmp(n1->map.name, n2->map.name);
+	if (e1->flags & (1 << NFTNL_EXPR_NG_SET_ID))
+		eq &= (n1->map.id == n2->map.id);
 
 	return eq;
 }
-- 
2.11.0

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






