libnftnl 1.2.9
connlimit.c
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * (C) 2018 by Pablo Neira Ayuso <pablo@netfilter.org>
4 */
5
6#include <stdio.h>
7#include <stdint.h>
8#include <arpa/inet.h>
9#include <errno.h>
10#include <inttypes.h>
11
12#include <linux/netfilter/nf_tables.h>
13
14#include "internal.h"
15#include <libmnl/libmnl.h>
16#include <libnftnl/expr.h>
17#include <libnftnl/rule.h>
18
20 uint32_t count;
21 uint32_t flags;
22};
23
24static int
25nftnl_expr_connlimit_set(struct nftnl_expr *e, uint16_t type,
26 const void *data, uint32_t data_len)
27{
28 struct nftnl_expr_connlimit *connlimit = nftnl_expr_data(e);
29
30 switch(type) {
31 case NFTNL_EXPR_CONNLIMIT_COUNT:
32 memcpy(&connlimit->count, data, data_len);
33 break;
34 case NFTNL_EXPR_CONNLIMIT_FLAGS:
35 memcpy(&connlimit->flags, data, data_len);
36 break;
37 }
38 return 0;
39}
40
41static const void *
42nftnl_expr_connlimit_get(const struct nftnl_expr *e, uint16_t type,
43 uint32_t *data_len)
44{
45 struct nftnl_expr_connlimit *connlimit = nftnl_expr_data(e);
46
47 switch(type) {
48 case NFTNL_EXPR_CONNLIMIT_COUNT:
49 *data_len = sizeof(connlimit->count);
50 return &connlimit->count;
51 case NFTNL_EXPR_CONNLIMIT_FLAGS:
52 *data_len = sizeof(connlimit->flags);
53 return &connlimit->flags;
54 }
55 return NULL;
56}
57
58static int nftnl_expr_connlimit_cb(const struct nlattr *attr, void *data)
59{
60 const struct nlattr **tb = data;
61 int type = mnl_attr_get_type(attr);
62
63 if (mnl_attr_type_valid(attr, NFTA_CONNLIMIT_MAX) < 0)
64 return MNL_CB_OK;
65
66 switch(type) {
67 case NFTA_CONNLIMIT_COUNT:
68 case NFTA_CONNLIMIT_FLAGS:
69 if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
70 abi_breakage();
71 break;
72 }
73
74 tb[type] = attr;
75 return MNL_CB_OK;
76}
77
78static void
79nftnl_expr_connlimit_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
80{
81 struct nftnl_expr_connlimit *connlimit = nftnl_expr_data(e);
82
83 if (e->flags & (1 << NFTNL_EXPR_CONNLIMIT_COUNT))
84 mnl_attr_put_u32(nlh, NFTA_CONNLIMIT_COUNT,
85 htonl(connlimit->count));
86 if (e->flags & (1 << NFTNL_EXPR_CONNLIMIT_FLAGS))
87 mnl_attr_put_u32(nlh, NFTA_CONNLIMIT_FLAGS,
88 htonl(connlimit->flags));
89}
90
91static int
92nftnl_expr_connlimit_parse(struct nftnl_expr *e, struct nlattr *attr)
93{
94 struct nftnl_expr_connlimit *connlimit = nftnl_expr_data(e);
95 struct nlattr *tb[NFTA_CONNLIMIT_MAX+1] = {};
96
97 if (mnl_attr_parse_nested(attr, nftnl_expr_connlimit_cb, tb) < 0)
98 return -1;
99
100 if (tb[NFTA_CONNLIMIT_COUNT]) {
101 connlimit->count =
102 ntohl(mnl_attr_get_u32(tb[NFTA_CONNLIMIT_COUNT]));
103 e->flags |= (1 << NFTNL_EXPR_CONNLIMIT_COUNT);
104 }
105 if (tb[NFTA_CONNLIMIT_FLAGS]) {
106 connlimit->flags =
107 ntohl(mnl_attr_get_u32(tb[NFTA_CONNLIMIT_FLAGS]));
108 e->flags |= (1 << NFTNL_EXPR_CONNLIMIT_FLAGS);
109 }
110
111 return 0;
112}
113
114static int nftnl_expr_connlimit_snprintf(char *buf, size_t len,
115 uint32_t flags,
116 const struct nftnl_expr *e)
117{
118 struct nftnl_expr_connlimit *connlimit = nftnl_expr_data(e);
119
120 return snprintf(buf, len, "count %u flags %x ",
121 connlimit->count, connlimit->flags);
122}
123
124static struct attr_policy connlimit_attr_policy[__NFTNL_EXPR_CONNLIMIT_MAX] = {
125 [NFTNL_EXPR_CONNLIMIT_COUNT] = { .maxlen = sizeof(uint32_t) },
126 [NFTNL_EXPR_CONNLIMIT_FLAGS] = { .maxlen = sizeof(uint32_t) },
127};
128
129struct expr_ops expr_ops_connlimit = {
130 .name = "connlimit",
131 .alloc_len = sizeof(struct nftnl_expr_connlimit),
132 .nftnl_max_attr = __NFTNL_EXPR_CONNLIMIT_MAX - 1,
133 .attr_policy = connlimit_attr_policy,
134 .set = nftnl_expr_connlimit_set,
135 .get = nftnl_expr_connlimit_get,
136 .parse = nftnl_expr_connlimit_parse,
137 .build = nftnl_expr_connlimit_build,
138 .output = nftnl_expr_connlimit_snprintf,
139};