[PATCH libnftnl 2/9] src: assert when setting unknown attributes

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH libnftnl 2/9] src: assert when setting unknown attributes
Date: Tue, 14 Jun 2016 15:18:38 +0200	[thread overview]
Message-ID: <1465910325-13286-2-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1465910325-13286-1-git-send-email-pablo@netfilter.org>

If this attribute is not supported by the library, we should rise an
assertion so the client knows something is wrong, instead of silently
going through.

The only case I can think may hit this problem is version mismatch
between library and tools. This should not ever really happen, so better
bail out from the library itself in this case.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/utils.h | 9 +++++++++
 src/chain.c     | 4 +---
 src/gen.c       | 4 +---
 src/rule.c      | 4 +---
 src/set.c       | 4 +---
 src/table.c     | 4 +---
 src/utils.c     | 8 ++++++++
 7 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/include/utils.h b/include/utils.h
index 1684b5a..c7472be 100644
--- a/include/utils.h
+++ b/include/utils.h
@@ -41,6 +41,15 @@ void __nftnl_assert_fail(uint16_t attr, const char *filename, int line);
 		nftnl_assert(data, attr, _validate_array[_attr] == _data_len);	\
 })
 
+void __nftnl_assert_attr_exists(uint16_t attr, uint16_t attr_max,
+				const char *filename, int line);
+
+#define nftnl_assert_attr_exists(_attr, _attr_max)					\
+({											\
+	if (_attr > _attr_max)								\
+		__nftnl_assert_attr_exists(_attr, _attr_max, __FILE__, __LINE__);	\
+})
+
 #define SNPRINTF_BUFFER_SIZE(ret, size, len, offset)	\
 	if (ret < 0)					\
 		return ret;				\
diff --git a/src/chain.c b/src/chain.c
index 70daaf3..4c487cc 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -168,9 +168,7 @@ static uint32_t nftnl_chain_validate[NFTNL_CHAIN_MAX + 1] = {
 void nftnl_chain_set_data(struct nftnl_chain *c, uint16_t attr,
 			     const void *data, uint32_t data_len)
 {
-	if (attr > NFTNL_CHAIN_MAX)
-		return;
-
+	nftnl_assert_attr_exists(attr, NFTNL_CHAIN_MAX);
 	nftnl_assert_validate(data, nftnl_chain_validate, attr, data_len);
 
 	switch(attr) {
diff --git a/src/gen.c b/src/gen.c
index 8533f38..698b9b9 100644
--- a/src/gen.c
+++ b/src/gen.c
@@ -67,9 +67,7 @@ static uint32_t nftnl_gen_validate[NFTNL_GEN_MAX + 1] = {
 void nftnl_gen_set_data(struct nftnl_gen *gen, uint16_t attr,
 			   const void *data, uint32_t data_len)
 {
-	if (attr > NFTNL_GEN_MAX)
-		return;
-
+	nftnl_assert_attr_exists(attr, NFTNL_GEN_MAX);
 	nftnl_assert_validate(data, nftnl_gen_validate, attr, data_len);
 
 	switch (attr) {
diff --git a/src/rule.c b/src/rule.c
index 1e1a138..21d94aa 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -130,9 +130,7 @@ static uint32_t nftnl_rule_validate[NFTNL_RULE_MAX + 1] = {
 void nftnl_rule_set_data(struct nftnl_rule *r, uint16_t attr,
 			    const void *data, uint32_t data_len)
 {
-	if (attr > NFTNL_RULE_MAX)
-		return;
-
+	nftnl_assert_attr_exists(attr, NFTNL_RULE_MAX);
 	nftnl_assert_validate(data, nftnl_rule_validate, attr, data_len);
 
 	switch(attr) {
diff --git a/src/set.c b/src/set.c
index 3caaf39..bc8c8bc 100644
--- a/src/set.c
+++ b/src/set.c
@@ -116,9 +116,7 @@ static uint32_t nftnl_set_validate[NFTNL_SET_MAX + 1] = {
 void nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data,
 			   uint32_t data_len)
 {
-	if (attr > NFTNL_SET_MAX)
-		return;
-
+	nftnl_assert_attr_exists(attr, NFTNL_SET_MAX);
 	nftnl_assert_validate(data, nftnl_set_validate, attr, data_len);
 
 	switch(attr) {
diff --git a/src/table.c b/src/table.c
index 6e5e267..406babf 100644
--- a/src/table.c
+++ b/src/table.c
@@ -87,9 +87,7 @@ static uint32_t nftnl_table_validate[NFTNL_TABLE_MAX + 1] = {
 void nftnl_table_set_data(struct nftnl_table *t, uint16_t attr,
 			     const void *data, uint32_t data_len)
 {
-	if (attr > NFTNL_TABLE_MAX)
-		return;
-
+	nftnl_assert_attr_exists(attr, NFTNL_TABLE_MAX);
 	nftnl_assert_validate(data, nftnl_table_validate, attr, data_len);
 
 	switch (attr) {
diff --git a/src/utils.c b/src/utils.c
index 22710b9..e2715a2 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -269,6 +269,14 @@ out:
 	return ret;
 }
 
+void __nftnl_assert_attr_exists(uint16_t attr, uint16_t attr_max,
+				const char *filename, int line)
+{
+	fprintf(stderr, "libnftnl: attribute %d > %d (maximum) assertion failed in %s:%d\n",
+		attr, attr_max, filename, line);
+	exit(EXIT_FAILURE);
+}
+
 void __nftnl_assert_fail(uint16_t attr, const char *filename, int line)
 {
 	fprintf(stderr, "libnftnl: attribute %d assertion failed in %s:%d\n",
-- 
2.1.4

next prev parent reply	other threads:[~2016-06-14 13:18 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-14 13:18 [PATCH libnftnl 1/9] src: get rid of aliases Pablo Neira Ayuso
2016-06-14 13:18 ` Pablo Neira Ayuso [this message]
2016-06-14 13:18 ` [PATCH libnftnl 3/9] src: return value on setters that internally allocate memory Pablo Neira Ayuso
2016-06-14 13:18 ` [PATCH libnftnl 4/9] src: check for strdup() errors from setters and parsers Pablo Neira Ayuso
2016-06-14 13:18 ` [PATCH libnftnl 5/9] expr: data_reg: get rid of leftover perror() calls Pablo Neira Ayuso
2016-06-14 13:18 ` [PATCH libnftnl 6/9] src: simplify unsetters Pablo Neira Ayuso
2016-06-14 13:18 ` [PATCH libnftnl 7/9] src: check for flags before releasing attributes Pablo Neira Ayuso
2016-06-14 13:18 ` [PATCH libnftnl 8/9] tests: shuffle values that are injected Pablo Neira Ayuso
2016-06-14 13:18 ` [PATCH libnftnl 9/9] chain: dynamically allocate name Pablo Neira Ayuso

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1684b5a dfblob:c7472be dfblob:70daaf3 dfblob:4c487cc
dfblob:8533f38 dfblob:698b9b9 dfblob:1e1a138 dfblob:21d94aa
dfblob:3caaf39 dfblob:bc8c8bc dfblob:6e5e267 dfblob:406babf
dfblob:22710b9 dfblob:e2715a2 )
 OR (
bs:"[PATCH libnftnl 2/9] src: assert when setting unknown attributes" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1465910325-13286-2-git-send-email-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).