From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH libnftnl 3/5] libnftnl: add api to query dissection state
Date: Mon, 7 Oct 2024 11:49:36 +0200 [thread overview]
Message-ID: <20241007094943.7544-4-fw@strlen.de> (raw)
In-Reply-To: <20241007094943.7544-1-fw@strlen.de>
Allow to check if the set / expression was decoded as-expected.
These two functions return false in case libnftl had to ignore
new attributes that it did not expect.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
include/libnftnl/expr.h | 2 ++
include/libnftnl/set.h | 1 +
src/expr.c | 6 ++++++
src/libnftnl.map | 5 +++++
src/rule.c | 5 +++++
src/set.c | 6 ++++++
6 files changed, 25 insertions(+)
diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
index fba121062244..d938475394ec 100644
--- a/include/libnftnl/expr.h
+++ b/include/libnftnl/expr.h
@@ -47,6 +47,8 @@ int nftnl_expr_expr_foreach(const struct nftnl_expr *e,
int nftnl_expr_snprintf(char *buf, size_t buflen, const struct nftnl_expr *expr, uint32_t type, uint32_t flags);
int nftnl_expr_fprintf(FILE *fp, const struct nftnl_expr *expr, uint32_t type, uint32_t flags);
+bool nftnl_expr_complete(const struct nftnl_expr *expr);
+
enum {
NFTNL_EXPR_PAYLOAD_DREG = NFTNL_EXPR_BASE,
NFTNL_EXPR_PAYLOAD_BASE,
diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h
index e2e5795aa9b4..2e624c3e7e66 100644
--- a/include/libnftnl/set.h
+++ b/include/libnftnl/set.h
@@ -171,6 +171,7 @@ void nftnl_set_elems_iter_destroy(struct nftnl_set_elems_iter *iter);
int nftnl_set_elems_nlmsg_build_payload_iter(struct nlmsghdr *nlh,
struct nftnl_set_elems_iter *iter);
+bool nftnl_set_complete(const struct nftnl_set *set);
#ifdef __cplusplus
} /* extern "C" */
#endif
diff --git a/src/expr.c b/src/expr.c
index 4e32189c6e8d..99078dcd058e 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -311,3 +311,9 @@ int nftnl_expr_fprintf(FILE *fp, const struct nftnl_expr *expr, uint32_t type,
return nftnl_fprintf(fp, expr, NFTNL_CMD_UNSPEC, type, flags,
nftnl_expr_do_snprintf);
}
+
+EXPORT_SYMBOL(nftnl_expr_complete);
+bool nftnl_expr_complete(const struct nftnl_expr *expr)
+{
+ return !expr->incomplete;
+}
diff --git a/src/libnftnl.map b/src/libnftnl.map
index 8fffff19eb2e..90eb4a92fca4 100644
--- a/src/libnftnl.map
+++ b/src/libnftnl.map
@@ -383,3 +383,8 @@ LIBNFTNL_16 {
LIBNFTNL_17 {
nftnl_set_elem_nlmsg_build;
} LIBNFTNL_16;
+
+LIBNFTNL_18 {
+ nftnl_set_complete;
+ nftnl_expr_complete;
+} LIBNFTNL_17;
diff --git a/src/rule.c b/src/rule.c
index c22918a8f352..aa969ad5f876 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -582,6 +582,11 @@ static int nftnl_rule_snprintf_default(char *buf, size_t remain,
type, flags);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
+ if (!nftnl_expr_complete(expr)) {
+ ret = snprintf(buf + offset, remain, "[incomplete]");
+ SNPRINTF_BUFFER_SIZE(ret, remain, offset);
+ }
+
ret = snprintf(buf + offset, remain, "]");
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
}
diff --git a/src/set.c b/src/set.c
index 75ad64e03850..40f5e1a955fd 100644
--- a/src/set.c
+++ b/src/set.c
@@ -1051,3 +1051,9 @@ int nftnl_set_lookup_id(struct nftnl_expr *e,
*set_id = nftnl_set_get_u32(s, NFTNL_SET_ID);
return 1;
}
+
+EXPORT_SYMBOL(nftnl_set_complete);
+bool nftnl_set_complete(const struct nftnl_set *set)
+{
+ return !set->incomplete;
+}
--
2.45.2
next prev parent reply other threads:[~2024-10-07 10:23 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-07 9:49 [RFC libnftnl/nft 0/5] nftables: indicate presence of unsupported netlink attributes Florian Westphal
2024-10-07 9:49 ` [PATCH libnftnl 1/5] expr: add and use incomplete tag Florian Westphal
2024-10-08 11:13 ` Pablo Neira Ayuso
2024-10-08 12:17 ` Florian Westphal
2024-10-08 14:43 ` Pablo Neira Ayuso
2024-10-08 16:11 ` Florian Westphal
2024-10-07 9:49 ` [PATCH libnftnl 2/5] sets: " Florian Westphal
2024-10-07 9:49 ` Florian Westphal [this message]
2024-10-07 9:49 ` [PATCH nft 4/5] netlink: tell user if libnftnl detected unknown attributes/features Florian Westphal
2024-10-07 9:49 ` [PATCH nft 5/5] sets: inform user when set definition contains unknown attributes Florian Westphal
2024-10-16 17:07 ` [RFC libnftnl/nft 0/5] nftables: indicate presence of unsupported netlink attributes Phil Sutter
2024-10-16 18:34 ` Pablo Neira Ayuso
2024-10-16 19:04 ` Phil Sutter
2024-10-16 19:41 ` Jan Engelhardt
2024-10-16 19:28 ` Jan Engelhardt
2024-10-16 20:05 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241007094943.7544-4-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.