[libnftables - v2 PATCH 0/2] Fixed chain name and add support for NFTA_CHAIN_NEW_NAME attribute

[libnftables - v2 PATCH 0/2] Fixed chain name and add support for NFTA_CHAIN_NEW_NAME attribute

[Tomasz Bursztyka]

A rework of "[libnftables - PATCH] chain: Add support for NFTA_CHAIN_NEW_NAME attribute" according to
the change of chain's name which becomes fixed sized.

Tomasz Bursztyka (2):
  chain: Handle fixed sized name
  chain: Add support for NFTA_CHAIN_NEW_NAME attribute

 include/libnftables/chain.h         |  1 +
 include/linux/netfilter/nf_tables.h |  3 +++
 src/chain.c                         | 30 ++++++++++++++++++++++--------
 3 files changed, 26 insertions(+), 8 deletions(-)

-- 
1.7.12.4

[libnftables - v2 PATCH 1/2] chain: Handle fixed sized name

[Tomasz Bursztyka]

---
 include/linux/netfilter/nf_tables.h |  2 ++
 src/chain.c                         | 12 ++++--------
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 791072b..a41f73a 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -1,6 +1,8 @@
 #ifndef _LINUX_NF_TABLES_H
 #define _LINUX_NF_TABLES_H
 
+#define NFT_CHAIN_MAXNAMELEN 32
+
 enum nft_registers {
 	NFT_REG_VERDICT,
 	NFT_REG_1,
diff --git a/src/chain.c b/src/chain.c
index fd95a64..bdda01c 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -26,7 +26,7 @@
 struct nft_chain {
 	struct list_head head;
 
-	char		*name;
+	char		name[NFT_CHAIN_MAXNAMELEN];
 	char		*table;
 	uint8_t		family;
 	uint32_t	policy;
@@ -46,8 +46,6 @@ EXPORT_SYMBOL(nft_chain_alloc);
 
 void nft_chain_free(struct nft_chain *c)
 {
-	if (c->name != NULL)
-		free(c->name);
 	if (c->table != NULL)
 		free(c->table);
 
@@ -59,10 +57,7 @@ void nft_chain_attr_set(struct nft_chain *c, uint16_t attr, void *data)
 {
 	switch(attr) {
 	case NFT_CHAIN_ATTR_NAME:
-		if (c->name)
-			free(c->name);
-
-		c->name = strdup(data);
+		strncpy(c->name, data, NFT_CHAIN_MAXNAMELEN);
 		break;
 	case NFT_CHAIN_ATTR_TABLE:
 		if (c->table)
@@ -371,7 +366,8 @@ int nft_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_chain *c)
 
 	mnl_attr_parse(nlh, sizeof(*nfg), nft_chain_parse_attr_cb, tb);
 	if (tb[NFTA_CHAIN_NAME]) {
-		c->name = strdup(mnl_attr_get_str(tb[NFTA_CHAIN_NAME]));
+		strncpy(c->name, mnl_attr_get_str(tb[NFTA_CHAIN_NAME]),
+			NFT_CHAIN_MAXNAMELEN);
 		c->flags |= (1 << NFT_CHAIN_ATTR_NAME);
 	}
 	if (tb[NFTA_CHAIN_TABLE]) {
-- 
1.7.12.4

[libnftables - v2 PATCH 2/2] chain: Add support for NFTA_CHAIN_NEW_NAME attribute

[Tomasz Bursztyka]

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
---
 include/libnftables/chain.h         |  1 +
 include/linux/netfilter/nf_tables.h |  1 +
 src/chain.c                         | 18 ++++++++++++++++++
 3 files changed, 20 insertions(+)

diff --git a/include/libnftables/chain.h b/include/libnftables/chain.h
index 4325fad..39e4b9a 100644
--- a/include/libnftables/chain.h
+++ b/include/libnftables/chain.h
@@ -22,6 +22,7 @@ enum {
 	NFT_CHAIN_ATTR_USE,
 	NFT_CHAIN_ATTR_BYTES,
 	NFT_CHAIN_ATTR_PACKETS	= 8,
+	NFT_CHAIN_ATTR_NEW_NAME,
 };
 
 void nft_chain_attr_set(struct nft_chain *t, uint16_t attr, void *data);
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index a41f73a..aa84cea 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -69,6 +69,7 @@ enum nft_chain_attributes {
 	NFTA_CHAIN_HOOK,
 	NFTA_CHAIN_POLICY,
 	NFTA_CHAIN_USE,
+	NFTA_CHAIN_NEW_NAME,
 	NFTA_CHAIN_COUNTERS,
 	__NFTA_CHAIN_MAX
 };
diff --git a/src/chain.c b/src/chain.c
index bdda01c..3b61d92 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -36,6 +36,7 @@ struct nft_chain {
 	uint64_t	packets;
 	uint64_t	bytes;
 	uint32_t	flags;
+	char            new_name[NFT_CHAIN_MAXNAMELEN];
 };
 
 struct nft_chain *nft_chain_alloc(void)
@@ -83,6 +84,9 @@ void nft_chain_attr_set(struct nft_chain *c, uint16_t attr, void *data)
 	case NFT_CHAIN_ATTR_PACKETS:
 		c->bytes = *((uint64_t *)data);
 		break;
+	case NFT_CHAIN_ATTR_NEW_NAME:
+		strncpy(c->new_name, data, NFT_CHAIN_MAXNAMELEN);
+		break;
 	default:
 		return;
 	}
@@ -158,6 +162,12 @@ void *nft_chain_attr_get(struct nft_chain *c, uint16_t attr)
 		else
 			return NULL;
 		break;
+	case NFT_CHAIN_ATTR_NEW_NAME:
+		if (c->flags & (1 << NFT_CHAIN_ATTR_NEW_NAME))
+			return c->new_name;
+		else
+			return NULL;
+		break;
 	default:
 		return NULL;
 	}
@@ -238,6 +248,8 @@ void nft_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_chain
 		mnl_attr_put_u64(nlh, NFTA_COUNTER_BYTES, be64toh(c->bytes));
 		mnl_attr_nest_end(nlh, nest);
 	}
+	if (c->flags & (1 << NFT_CHAIN_ATTR_NEW_NAME))
+		mnl_attr_put_strz(nlh, NFTA_CHAIN_NEW_NAME, c->new_name);
 }
 EXPORT_SYMBOL(nft_chain_nlmsg_build_payload);
 
@@ -252,6 +264,7 @@ static int nft_chain_parse_attr_cb(const struct nlattr *attr, void *data)
 	switch(type) {
 	case NFTA_CHAIN_NAME:
 	case NFTA_CHAIN_TABLE:
+	case NFTA_CHAIN_NEW_NAME:
 		if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) {
 			perror("mnl_attr_validate");
 			return MNL_CB_ERROR;
@@ -386,6 +399,11 @@ int nft_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_chain *c)
 	}
 	if (tb[NFTA_CHAIN_COUNTERS])
 		ret = nft_chain_parse_counters(tb[NFTA_CHAIN_COUNTERS], c);
+	if (tb[NFTA_CHAIN_NEW_NAME]) {
+		strncpy(c->new_name, mnl_attr_get_str(tb[NFTA_CHAIN_NEW_NAME]),
+			NFT_CHAIN_MAXNAMELEN);
+		c->flags |= (1 << NFT_CHAIN_ATTR_NEW_NAME);
+	}
 
 	c->family = nfg->nfgen_family;
 
-- 
1.7.12.4

Re: [libnftables - v2 PATCH 0/2] Fixed chain name and add support for NFTA_CHAIN_NEW_NAME attribute

[Pablo Neira Ayuso]

On Thu, Nov 01, 2012 at 02:20:35PM +0200, Tomasz Bursztyka wrote:
> A rework of "[libnftables - PATCH] chain: Add support for
> NFTA_CHAIN_NEW_NAME attribute" according to the change of chain's
> name which becomes fixed sized.
> 
> Tomasz Bursztyka (2):
>   chain: Handle fixed sized name
>   chain: Add support for NFTA_CHAIN_NEW_NAME attribute

Applied, thanks!