This patch adds support for chain flags. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- include/libnftnl/chain.h | 1 + src/chain.c | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/include/libnftnl/chain.h b/include/libnftnl/chain.h index 2eb22cc4bc94..291bf22a2fdd 100644 --- a/include/libnftnl/chain.h +++ b/include/libnftnl/chain.h @@ -32,6 +32,7 @@ enum nftnl_chain_attr { NFTNL_CHAIN_TYPE, NFTNL_CHAIN_DEV, NFTNL_CHAIN_DEVICES, + NFTNL_CHAIN_FLAGS, __NFTNL_CHAIN_MAX }; #define NFTNL_CHAIN_MAX (__NFTNL_CHAIN_MAX - 1) diff --git a/src/chain.c b/src/chain.c index c43ba2236673..5f1213013e53 100644 --- a/src/chain.c +++ b/src/chain.c @@ -43,6 +43,7 @@ struct nftnl_chain { uint32_t policy; uint32_t hooknum; int32_t prio; + uint32_t chain_flags; uint32_t use; uint64_t packets; uint64_t bytes; @@ -165,6 +166,7 @@ void nftnl_chain_unset(struct nftnl_chain *c, uint16_t attr) case NFTNL_CHAIN_PACKETS: case NFTNL_CHAIN_HANDLE: case NFTNL_CHAIN_FAMILY: + case NFTNL_CHAIN_FLAGS: break; case NFTNL_CHAIN_DEV: xfree(c->dev); @@ -189,6 +191,7 @@ static uint32_t nftnl_chain_validate[NFTNL_CHAIN_MAX + 1] = { [NFTNL_CHAIN_PACKETS] = sizeof(uint64_t), [NFTNL_CHAIN_HANDLE] = sizeof(uint64_t), [NFTNL_CHAIN_FAMILY] = sizeof(uint32_t), + [NFTNL_CHAIN_FLAGS] = sizeof(uint32_t), }; EXPORT_SYMBOL(nftnl_chain_set_data); @@ -278,6 +281,9 @@ int nftnl_chain_set_data(struct nftnl_chain *c, uint16_t attr, c->dev_array_len = len; break; + case NFTNL_CHAIN_FLAGS: + memcpy(&c->chain_flags, data, sizeof(c->chain_flags)); + break; } c->flags |= (1 << attr); return 0; @@ -373,6 +379,9 @@ const void *nftnl_chain_get_data(const struct nftnl_chain *c, uint16_t attr, case NFTNL_CHAIN_DEVICES: *data_len = 0; return &c->dev_array[0]; + case NFTNL_CHAIN_FLAGS: + *data_len = sizeof(uint32_t); + return &c->chain_flags; } return NULL; } @@ -491,6 +500,8 @@ void nftnl_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nftnl_ch mnl_attr_put_u64(nlh, NFTA_CHAIN_HANDLE, be64toh(c->handle)); if (c->flags & (1 << NFTNL_CHAIN_TYPE)) mnl_attr_put_strz(nlh, NFTA_CHAIN_TYPE, c->type); + if (c->flags & (1 << NFTNL_CHAIN_FLAGS)) + mnl_attr_put_u32(nlh, NFTA_CHAIN_FLAGS, htonl(c->chain_flags)); } EXPORT_SYMBOL(nftnl_chain_rule_add); @@ -545,6 +556,7 @@ static int nftnl_chain_parse_attr_cb(const struct nlattr *attr, void *data) break; case NFTA_CHAIN_POLICY: case NFTA_CHAIN_USE: + case NFTA_CHAIN_FLAGS: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) abi_breakage(); break; @@ -745,6 +757,10 @@ int nftnl_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_chain *c) return -1; c->flags |= (1 << NFTNL_CHAIN_TYPE); } + if (tb[NFTA_CHAIN_FLAGS]) { + c->chain_flags = ntohl(mnl_attr_get_u32(tb[NFTA_CHAIN_FLAGS])); + c->flags |= (1 << NFTNL_CHAIN_FLAGS); + } c->family = nfg->nfgen_family; c->flags |= (1 << NFTNL_CHAIN_FAMILY); @@ -806,6 +822,11 @@ static int nftnl_chain_snprintf_default(char *buf, size_t size, ret = snprintf(buf + offset, remain, " } "); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } + if (c->flags & (1 << NFTNL_CHAIN_FLAGS)) { + ret = snprintf(buf + offset, remain, " flags %x", + c->chain_flags); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); + } } return offset; -- 2.11.0