This is the former RFC turned into a complete implementation including Florian's suggested improvements. Patch 1 is fallout, took me a while debugging the segfaulting test case until I noticed it wasn't my fault! :) Patch 2 is the same as in the RFC. Patch 3 separates the type value checking from patch 2 and drops expressions' default switch cases where all possible values are handled. Patch 4 is prep work for patch 5. Patch 5 adds the new struct expr_ops field and defines policies for all expressions. Patch 6 then enables policy checking. Some remarks for consideration: * This adds kernel-internal knowledge to libnftnl, namely in max name lengths. Maybe not ideal, but I found it more sensible than Florian's suggested alternative of using 65528 to just not exceed netlink limits. * nftnl_expr_set_u*() setters start failing when they would happily overstep boundaries before. This is intentional, but getting the policy values right (at first I thought 'sizeof(enum nft_registers)' was a good idea) showed how hard to diagnose bugs in that area are. I think we should make the setters return success/fail like nftnl_expr_set_str does already, even if that breaks ABI (does it?). nftables probably benefits from setter wrappers which call netlink_abi_error() if the setter fails. Phil Sutter (6): tests: Fix objref test case expr: Repurpose struct expr_ops::max_attr field expr: Call expr_ops::set with legal types only include: Sync nf_log.h with kernel headers expr: Introduce struct expr_ops::attr_policy expr: Enforce attr_policy compliance in nftnl_expr_set() include/expr_ops.h | 7 +++++- include/libnftnl/expr.h | 39 ++++++++++++++++++++++++++++++++ include/linux/netfilter/nf_log.h | 3 +++ src/expr.c | 10 ++++++++ src/expr/bitwise.c | 15 +++++++++--- src/expr/byteorder.c | 13 ++++++++--- src/expr/cmp.c | 11 ++++++--- src/expr/connlimit.c | 10 +++++--- src/expr/counter.c | 10 +++++--- src/expr/ct.c | 12 +++++++--- src/expr/dup.c | 10 +++++--- src/expr/dynset.c | 15 +++++++++++- src/expr/exthdr.c | 15 +++++++++--- src/expr/fib.c | 11 ++++++--- src/expr/flow_offload.c | 9 +++++--- src/expr/fwd.c | 11 ++++++--- src/expr/hash.c | 13 ++++++++++- src/expr/immediate.c | 13 ++++++++--- src/expr/inner.c | 12 +++++++--- src/expr/last.c | 10 +++++--- src/expr/limit.c | 13 ++++++++--- src/expr/log.c | 14 +++++++++--- src/expr/lookup.c | 13 ++++++++--- src/expr/masq.c | 11 ++++++--- src/expr/match.c | 11 ++++++--- src/expr/meta.c | 11 ++++++--- src/expr/nat.c | 15 +++++++++--- src/expr/numgen.c | 10 +++++++- src/expr/objref.c | 13 ++++++++--- src/expr/osf.c | 9 +++++++- src/expr/payload.c | 16 ++++++++++--- src/expr/queue.c | 12 +++++++--- src/expr/quota.c | 11 ++++++--- src/expr/range.c | 12 +++++++--- src/expr/redir.c | 11 ++++++--- src/expr/reject.c | 10 +++++--- src/expr/rt.c | 10 +++++--- src/expr/socket.c | 11 ++++++--- src/expr/synproxy.c | 9 +++++++- src/expr/target.c | 11 ++++++--- src/expr/tproxy.c | 11 ++++++--- src/expr/tunnel.c | 10 +++++--- src/expr/xfrm.c | 11 ++++++++- tests/nft-expr_objref-test.c | 2 +- 44 files changed, 409 insertions(+), 107 deletions(-) -- 2.43.0
