From: Yuxuan Shui <yshuiv7@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: pablo@netfilter.org, tomasz.bursztyka@linux.intel.com,
Yuxuan Shui <yshuiv7@gmail.com>
Subject: [libnftnl PATCH] lookup: Add support for the flag attribute
Date: Thu, 17 Jul 2014 23:17:29 +0800 [thread overview]
Message-ID: <1405610250-6631-3-git-send-email-yshuiv7@gmail.com> (raw)
In-Reply-To: <1405610250-6631-1-git-send-email-yshuiv7@gmail.com>
Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com>
---
include/libnftnl/expr.h | 1 +
include/linux/netfilter/nf_tables.h | 10 +++++++++
src/expr/lookup.c | 44 +++++++++++++++++++++++++++++++++++--
3 files changed, 53 insertions(+), 2 deletions(-)
diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
index cfa5c66..e3c045b 100644
--- a/include/libnftnl/expr.h
+++ b/include/libnftnl/expr.h
@@ -107,6 +107,7 @@ enum {
NFT_EXPR_LOOKUP_DREG,
NFT_EXPR_LOOKUP_SET,
NFT_EXPR_LOOKUP_SET_ID,
+ NFT_EXPR_LOOKUP_FLAG,
};
enum {
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index cea17d4..008022c 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -483,6 +483,15 @@ enum nft_cmp_attributes {
#define NFTA_CMP_MAX (__NFTA_CMP_MAX - 1)
/**
+ * enum nft_lookup_flags - flags for nft_lookup operator
+ *
+ * @NFT_LOOKUP_FLAG_NEGATE: negate the result
+ */
+enum nft_lookup_flags {
+ NFT_LOOKUP_F_NEG = 1,
+};
+
+/**
* enum nft_lookup_attributes - nf_tables set lookup expression netlink attributes
*
* @NFTA_LOOKUP_SET: name of the set where to look for (NLA_STRING)
@@ -496,6 +505,7 @@ enum nft_lookup_attributes {
NFTA_LOOKUP_SREG,
NFTA_LOOKUP_DREG,
NFTA_LOOKUP_SET_ID,
+ NFTA_LOOKUP_FLAG,
__NFTA_LOOKUP_MAX
};
#define NFTA_LOOKUP_MAX (__NFTA_LOOKUP_MAX - 1)
diff --git a/src/expr/lookup.c b/src/expr/lookup.c
index 3f77228..ba0df64 100644
--- a/src/expr/lookup.c
+++ b/src/expr/lookup.c
@@ -32,6 +32,7 @@ struct nft_expr_lookup {
enum nft_registers dreg;
char set_name[IFNAMSIZ];
uint32_t set_id;
+ uint32_t flag;
};
static int
@@ -54,6 +55,9 @@ nft_rule_expr_lookup_set(struct nft_rule_expr *e, uint16_t type,
case NFT_EXPR_LOOKUP_SET_ID:
lookup->set_id = *((uint32_t *)data);
break;
+ case NFT_EXPR_LOOKUP_FLAG:
+ lookup->flag = *((uint32_t *)data);
+ break;
default:
return -1;
}
@@ -77,6 +81,8 @@ nft_rule_expr_lookup_get(const struct nft_rule_expr *e, uint16_t type,
return lookup->set_name;
case NFT_EXPR_LOOKUP_SET_ID:
return &lookup->set_id;
+ case NFT_EXPR_LOOKUP_FLAG:
+ return &lookup->flag;
}
return NULL;
}
@@ -104,6 +110,12 @@ static int nft_rule_expr_lookup_cb(const struct nlattr *attr, void *data)
return MNL_CB_ERROR;
}
break;
+ case NFTA_LOOKUP_FLAG:
+ if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) {
+ perror("mnl_attr_validate");
+ return MNL_CB_ERROR;
+ }
+ break;
}
tb[type] = attr;
@@ -121,6 +133,8 @@ nft_rule_expr_lookup_build(struct nlmsghdr *nlh, struct nft_rule_expr *e)
mnl_attr_put_u32(nlh, NFTA_LOOKUP_DREG, htonl(lookup->dreg));
if (e->flags & (1 << NFT_EXPR_LOOKUP_SET))
mnl_attr_put_strz(nlh, NFTA_LOOKUP_SET, lookup->set_name);
+ if (e->flags & (1 << NFT_EXPR_LOOKUP_FLAG))
+ mnl_attr_put_u32(nlh, NFTA_LOOKUP_FLAG, htonl(lookup->flag));
if (e->flags & (1 << NFT_EXPR_LOOKUP_SET_ID)) {
mnl_attr_put_u32(nlh, NFTA_LOOKUP_SET_ID,
htonl(lookup->set_id));
@@ -154,6 +168,11 @@ nft_rule_expr_lookup_parse(struct nft_rule_expr *e, struct nlattr *attr)
ntohl(mnl_attr_get_u32(tb[NFTA_LOOKUP_SET_ID]));
e->flags |= (1 << NFT_EXPR_LOOKUP_SET_ID);
}
+ if (tb[NFTA_LOOKUP_FLAG]) {
+ lookup->flag =
+ ntohl(mnl_attr_get_u32(tb[NFTA_LOOKUP_FLAG]));
+ e->flags |= (1 << NFT_EXPR_LOOKUP_FLAG);
+ }
return ret;
}
@@ -164,7 +183,7 @@ nft_rule_expr_lookup_json_parse(struct nft_rule_expr *e, json_t *root,
{
#ifdef JSON_PARSING
const char *set_name;
- uint32_t sreg, dreg;
+ uint32_t sreg, dreg, flag;
set_name = nft_jansson_parse_str(root, "set", err);
if (set_name != NULL)
@@ -176,6 +195,9 @@ nft_rule_expr_lookup_json_parse(struct nft_rule_expr *e, json_t *root,
if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, &dreg, err) == 0)
nft_rule_expr_set_u32(e, NFT_EXPR_LOOKUP_DREG, dreg);
+ if (nft_jansson_parse_val(root, "flag", NFT_TYPE_U32, &flag, err) == 0)
+ nft_rule_expr_set_u32(e, NFT_EXPR_LOOKUP_FLAG, flag);
+
return 0;
#else
errno = EOPNOTSUPP;
@@ -189,7 +211,7 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
{
#ifdef XML_PARSING
const char *set_name;
- uint32_t sreg, dreg;
+ uint32_t sreg, dreg, flag;
set_name = nft_mxml_str_parse(tree, "set", MXML_DESCEND_FIRST,
NFT_XML_MAND, err);
@@ -204,6 +226,10 @@ nft_rule_expr_lookup_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree,
err) == 0)
nft_rule_expr_set_u32(e, NFT_EXPR_LOOKUP_DREG, dreg);
+ if (nft_mxml_num_parse(root, "flag", MXML_DESCEND, 10, &flag,
+ NFT_TYPE_U32, NFT_XML_OPT, err) == 0) {
+ nft_rule_expr_set_u32(e, NFT_EXPR_LOOKUP_FLAG, flag);
+
return 0;
#else
errno = EOPNOTSUPP;
@@ -230,6 +256,10 @@ nft_rule_expr_lookup_snprintf_json(char *buf, size_t size,
ret = snprintf(buf + offset, len, "\"dreg\":%u,", l->dreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
+ if (e->flags & (1 << NFT_EXPR_LOOKUP_FLAG)) {
+ ret = snprintf(buf + offset, len, "\"flag\":%u,", l->flag);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
/* Remove the last comma characther */
if (offset > 0)
offset--;
@@ -257,6 +287,11 @@ nft_rule_expr_lookup_snprintf_xml(char *buf, size_t size,
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
+ if (e->flags & (1 << NFT_EXPR_LOOKUP_FLAG)) {
+ ret = snprintf(buf + offset, len, "<flag>%u</flag>", l->flag);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
return offset;
}
@@ -276,6 +311,11 @@ nft_rule_expr_lookup_snprintf_default(char *buf, size_t size,
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
+ if (e->flags & (1 << NFT_EXPR_LOOKUP_FLAG)) {
+ ret = snprintf(buf+offset, len, "flag %u", l->flag);
+ SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+ }
+
return offset;
}
--
2.0.1
next prev parent reply other threads:[~2014-07-17 15:17 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-17 15:17 [PATCH] Add support for negated lookup operator Yuxuan Shui
2014-07-17 15:17 ` [PATCH] nftables: Add a flags attribute for " Yuxuan Shui
2014-07-17 15:17 ` Yuxuan Shui [this message]
2014-07-17 15:40 ` [libnftnl PATCH] lookup: Add support for the flag attribute Pablo Neira Ayuso
2014-07-17 15:17 ` [nftables PATCH] expr: Interpret OP_NEQ against a set as OP_LOOKUP Yuxuan Shui
-- strict thread matches above, loose matches on Subject: below --
2014-07-31 16:40 [PATCH] nftables: Add a flags attribute for lookup operator Yuxuan Shui
2014-07-31 16:40 ` [libnftnl PATCH] lookup: Add support for the flag attribute Yuxuan Shui
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1405610250-6631-3-git-send-email-yshuiv7@gmail.com \
--to=yshuiv7@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=tomasz.bursztyka@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).