The new set element attribute maps to the netlink attribute NFTA_SET_ELEM_KEY_END in the same way as NFTNL_SET_ELEM_KEY maps to NFTA_SET_ELEM_KEY, and represents the key data used to express the upper bound of a range, in concatenations. v3: New patch Suggested-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Signed-off-by: Stefano Brivio <sbrivio@xxxxxxxxxx> --- include/libnftnl/set.h | 1 + include/set_elem.h | 1 + src/set_elem.c | 24 ++++++++++++++++++++++++ 3 files changed, 26 insertions(+) diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h index dcae354b76c4..58d1e7c52f40 100644 --- a/include/libnftnl/set.h +++ b/include/libnftnl/set.h @@ -105,6 +105,7 @@ enum { NFTNL_SET_ELEM_USERDATA, NFTNL_SET_ELEM_EXPR, NFTNL_SET_ELEM_OBJREF, + NFTNL_SET_ELEM_KEY_END, __NFTNL_SET_ELEM_MAX }; #define NFTNL_SET_ELEM_MAX (__NFTNL_SET_ELEM_MAX - 1) diff --git a/include/set_elem.h b/include/set_elem.h index cc4d52943272..52f185aa11be 100644 --- a/include/set_elem.h +++ b/include/set_elem.h @@ -8,6 +8,7 @@ struct nftnl_set_elem { uint32_t set_elem_flags; uint32_t flags; union nftnl_data_reg key; + union nftnl_data_reg key_end; union nftnl_data_reg data; struct nftnl_expr *expr; uint64_t timeout; diff --git a/src/set_elem.c b/src/set_elem.c index d3ce807d838c..22031938ebbc 100644 --- a/src/set_elem.c +++ b/src/set_elem.c @@ -75,6 +75,7 @@ void nftnl_set_elem_unset(struct nftnl_set_elem *s, uint16_t attr) break; case NFTNL_SET_ELEM_FLAGS: case NFTNL_SET_ELEM_KEY: /* NFTA_SET_ELEM_KEY */ + case NFTNL_SET_ELEM_KEY_END: /* NFTA_SET_ELEM_KEY_END */ case NFTNL_SET_ELEM_VERDICT: /* NFTA_SET_ELEM_DATA */ case NFTNL_SET_ELEM_DATA: /* NFTA_SET_ELEM_DATA */ case NFTNL_SET_ELEM_TIMEOUT: /* NFTA_SET_ELEM_TIMEOUT */ @@ -118,6 +119,10 @@ int nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr, memcpy(&s->key.val, data, data_len); s->key.len = data_len; break; + case NFTNL_SET_ELEM_KEY_END: /* NFTA_SET_ELEM_KEY_END */ + memcpy(&s->key_end.val, data, data_len); + s->key_end.len = data_len; + break; case NFTNL_SET_ELEM_VERDICT: /* NFTA_SET_ELEM_DATA */ memcpy(&s->data.verdict, data, sizeof(s->data.verdict)); break; @@ -193,6 +198,9 @@ const void *nftnl_set_elem_get(struct nftnl_set_elem *s, uint16_t attr, uint32_t case NFTNL_SET_ELEM_KEY: /* NFTA_SET_ELEM_KEY */ *data_len = s->key.len; return &s->key.val; + case NFTNL_SET_ELEM_KEY_END: /* NFTA_SET_ELEM_KEY_END */ + *data_len = s->key_end.len; + return &s->key_end.val; case NFTNL_SET_ELEM_VERDICT: /* NFTA_SET_ELEM_DATA */ *data_len = sizeof(s->data.verdict); return &s->data.verdict; @@ -287,6 +295,14 @@ void nftnl_set_elem_nlmsg_build_payload(struct nlmsghdr *nlh, mnl_attr_put(nlh, NFTA_DATA_VALUE, e->key.len, e->key.val); mnl_attr_nest_end(nlh, nest1); } + if (e->flags & (1 << NFTNL_SET_ELEM_KEY_END)) { + struct nlattr *nest1; + + nest1 = mnl_attr_nest_start(nlh, NFTA_SET_ELEM_KEY_END); + mnl_attr_put(nlh, NFTA_DATA_VALUE, e->key_end.len, + e->key_end.val); + mnl_attr_nest_end(nlh, nest1); + } if (e->flags & (1 << NFTNL_SET_ELEM_VERDICT)) { struct nlattr *nest1, *nest2; @@ -373,6 +389,7 @@ static int nftnl_set_elem_parse_attr_cb(const struct nlattr *attr, void *data) abi_breakage(); break; case NFTA_SET_ELEM_KEY: + case NFTA_SET_ELEM_KEY_END: case NFTA_SET_ELEM_DATA: case NFTA_SET_ELEM_EXPR: if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) @@ -421,6 +438,13 @@ static int nftnl_set_elems_parse2(struct nftnl_set *s, const struct nlattr *nest goto out_set_elem; e->flags |= (1 << NFTNL_SET_ELEM_KEY); } + if (tb[NFTA_SET_ELEM_KEY_END]) { + ret = nftnl_parse_data(&e->key_end, tb[NFTA_SET_ELEM_KEY_END], + &type); + if (ret < 0) + goto out_set_elem; + e->flags |= (1 << NFTNL_SET_ELEM_KEY_END); + } if (tb[NFTA_SET_ELEM_DATA]) { ret = nftnl_parse_data(&e->data, tb[NFTA_SET_ELEM_DATA], &type); if (ret < 0) -- 2.24.1