libnftnl 1.2.9
reject.c
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
4 *
5 * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
6 */
7
8#include <stdio.h>
9#include <stdint.h>
10#include <string.h>
11#include <arpa/inet.h>
12#include <errno.h>
13#include <linux/netfilter/nf_tables.h>
14
15#include "internal.h"
16#include <libmnl/libmnl.h>
17#include <libnftnl/expr.h>
18#include <libnftnl/rule.h>
19
21 uint32_t type;
22 uint8_t icmp_code;
23};
24
25static int nftnl_expr_reject_set(struct nftnl_expr *e, uint16_t type,
26 const void *data, uint32_t data_len)
27{
28 struct nftnl_expr_reject *reject = nftnl_expr_data(e);
29
30 switch(type) {
31 case NFTNL_EXPR_REJECT_TYPE:
32 memcpy(&reject->type, data, data_len);
33 break;
34 case NFTNL_EXPR_REJECT_CODE:
35 memcpy(&reject->icmp_code, data, data_len);
36 break;
37 }
38 return 0;
39}
40
41static const void *
42nftnl_expr_reject_get(const struct nftnl_expr *e, uint16_t type,
43 uint32_t *data_len)
44{
45 struct nftnl_expr_reject *reject = nftnl_expr_data(e);
46
47 switch(type) {
48 case NFTNL_EXPR_REJECT_TYPE:
49 *data_len = sizeof(reject->type);
50 return &reject->type;
51 case NFTNL_EXPR_REJECT_CODE:
52 *data_len = sizeof(reject->icmp_code);
53 return &reject->icmp_code;
54 }
55 return NULL;
56}
57
58static int nftnl_expr_reject_cb(const struct nlattr *attr, void *data)
59{
60 const struct nlattr **tb = data;
61 int type = mnl_attr_get_type(attr);
62
63 if (mnl_attr_type_valid(attr, NFTA_REJECT_MAX) < 0)
64 return MNL_CB_OK;
65
66 switch(type) {
67 case NFTA_REJECT_TYPE:
68 if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
69 abi_breakage();
70 break;
71 case NFTA_REJECT_ICMP_CODE:
72 if (mnl_attr_validate(attr, MNL_TYPE_U8) < 0)
73 abi_breakage();
74 break;
75 }
76
77 tb[type] = attr;
78 return MNL_CB_OK;
79}
80
81static void
82nftnl_expr_reject_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
83{
84 struct nftnl_expr_reject *reject = nftnl_expr_data(e);
85
86 if (e->flags & (1 << NFTNL_EXPR_REJECT_TYPE))
87 mnl_attr_put_u32(nlh, NFTA_REJECT_TYPE, htonl(reject->type));
88 if (e->flags & (1 << NFTNL_EXPR_REJECT_CODE))
89 mnl_attr_put_u8(nlh, NFTA_REJECT_ICMP_CODE, reject->icmp_code);
90}
91
92static int
93nftnl_expr_reject_parse(struct nftnl_expr *e, struct nlattr *attr)
94{
95 struct nftnl_expr_reject *reject = nftnl_expr_data(e);
96 struct nlattr *tb[NFTA_REJECT_MAX+1] = {};
97
98 if (mnl_attr_parse_nested(attr, nftnl_expr_reject_cb, tb) < 0)
99 return -1;
100
101 if (tb[NFTA_REJECT_TYPE]) {
102 reject->type = ntohl(mnl_attr_get_u32(tb[NFTA_REJECT_TYPE]));
103 e->flags |= (1 << NFTNL_EXPR_REJECT_TYPE);
104 }
105 if (tb[NFTA_REJECT_ICMP_CODE]) {
106 reject->icmp_code = mnl_attr_get_u8(tb[NFTA_REJECT_ICMP_CODE]);
107 e->flags |= (1 << NFTNL_EXPR_REJECT_CODE);
108 }
109
110 return 0;
111}
112
113static int
114nftnl_expr_reject_snprintf(char *buf, size_t len,
115 uint32_t flags, const struct nftnl_expr *e)
116{
117 struct nftnl_expr_reject *reject = nftnl_expr_data(e);
118
119 return snprintf(buf, len, "type %u code %u ",
120 reject->type, reject->icmp_code);
121}
122
123static struct attr_policy reject_attr_policy[__NFTNL_EXPR_REJECT_MAX] = {
124 [NFTNL_EXPR_REJECT_TYPE] = { .maxlen = sizeof(uint32_t) },
125 [NFTNL_EXPR_REJECT_CODE] = { .maxlen = sizeof(uint8_t) },
126};
127
128struct expr_ops expr_ops_reject = {
129 .name = "reject",
130 .alloc_len = sizeof(struct nftnl_expr_reject),
131 .nftnl_max_attr = __NFTNL_EXPR_REJECT_MAX - 1,
132 .attr_policy = reject_attr_policy,
133 .set = nftnl_expr_reject_set,
134 .get = nftnl_expr_reject_get,
135 .parse = nftnl_expr_reject_parse,
136 .build = nftnl_expr_reject_build,
137 .output = nftnl_expr_reject_snprintf,
138};