[PATCH nft 4/5] netlink: tell user if libnftnl detected unknown attributes/features

Florian Westphal <fw@xxxxxxxxx> · Mon, 7 Oct 2024 11:49:37 +0200

Add a warning in case libnftl failed to decode all attributes coming
from the kernel.

Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
 include/netlink.h         |  1 +
 src/netlink_delinearize.c | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/include/netlink.h b/include/netlink.h
index cf7ba3693885..66fd6b414a0b 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -42,6 +42,7 @@ struct netlink_parse_ctx {
 	struct netlink_ctx	*nlctx;
 	bool			inner;
 	uint8_t			inner_reg;
+	uint8_t			incomplete_exprs;
 };
 
 
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index e3d9cfbbede5..5c7c11352abf 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1915,6 +1915,23 @@ static const struct expr_handler netlink_parsers[] = {
 	{ .name = "synproxy",	.parse = netlink_parse_synproxy },
 };
 
+static void netlink_incomplete_expr(struct netlink_parse_ctx *ctx)
+{
+	static const char incomplete[] = "# Unknown features used (old nft version?)";
+	struct stmt *stmt;
+	struct expr *e;
+
+	netlink_error(ctx, &ctx->rule->location, incomplete);
+
+	e = constant_expr_alloc(&ctx->rule->location, &string_type,
+				BYTEORDER_HOST_ENDIAN,
+				sizeof(incomplete) * BITS_PER_BYTE, incomplete);
+
+	__mpz_switch_byteorder(e->value, sizeof(incomplete));
+	stmt = expr_stmt_alloc(&ctx->rule->location, e);
+	rule_stmt_append(ctx->rule, stmt);
+}
+
 static int netlink_parse_expr(const struct nftnl_expr *nle,
 			      struct netlink_parse_ctx *ctx)
 {
@@ -1947,6 +1964,10 @@ static int netlink_parse_rule_expr(struct nftnl_expr *nle, void *arg)
 	err = netlink_parse_expr(nle, ctx);
 	if (err < 0)
 		return err;
+
+	if (!nftnl_expr_complete(nle))
+		ctx->incomplete_exprs++;
+
 	if (ctx->stmt != NULL) {
 		rule_stmt_append(ctx->rule, ctx->stmt);
 		ctx->stmt = NULL;
@@ -3508,6 +3529,9 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
 
 	nftnl_expr_foreach(nlr, netlink_parse_rule_expr, pctx);
 
+	if (pctx->incomplete_exprs)
+		netlink_incomplete_expr(pctx);
+
 	rule_parse_postprocess(pctx, pctx->rule);
 	netlink_release_registers(pctx);
 	return pctx->rule;
-- 
2.45.2








