From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pablo Neira Ayuso Subject: Re: [PATCH 2/3 v2] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer. Date: Wed, 2 Mar 2016 19:41:29 +0100 Message-ID: <20160302184129.GC1351@salvia> References: <1456763140-15121-1-git-send-email-carlosfg@riseup.net> <1456763140-15121-2-git-send-email-carlosfg@riseup.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: netfilter-devel@vger.kernel.org, kaber@trash.net To: Carlos Falgueras =?iso-8859-1?Q?Garc=EDa?= Return-path: Received: from mail.us.es ([193.147.175.20]:38768 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753109AbcCBSle (ORCPT ); Wed, 2 Mar 2016 13:41:34 -0500 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id D76C3E6655 for ; Wed, 2 Mar 2016 19:41:32 +0100 (CET) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id C396991E1 for ; Wed, 2 Mar 2016 19:41:32 +0100 (CET) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 5B5E7CA0F7 for ; Wed, 2 Mar 2016 19:41:30 +0100 (CET) Content-Disposition: inline In-Reply-To: <1456763140-15121-2-git-send-email-carlosfg@riseup.net> Sender: netfilter-devel-owner@vger.kernel.org List-ID: On Mon, Feb 29, 2016 at 05:25:39PM +0100, Carlos Falgueras Garc=EDa wro= te: > Now is it possible to store multiple variable length user data into a= rule. > Modify XML and JSON parsers to support this new feature. >=20 > Signed-off-by: Carlos Falgueras Garc=EDa > --- > include/json.h | 7 ++ > include/utils.h | 2 + > include/xml.h | 5 ++ > src/jansson.c | 41 +++++++++ > src/mxml.c | 39 ++++++++ > src/rule.c | 271 ++++++++++++++++++++++++++++++++++++++++++++++= ++++------ > src/utils.c | 45 ++++++++++ > 7 files changed, 385 insertions(+), 25 deletions(-) >=20 > diff --git a/include/json.h b/include/json.h > index bd70cec..8b64f00 100644 > --- a/include/json.h > +++ b/include/json.h > @@ -3,6 +3,7 @@ > =20 > #ifdef JSON_PARSING > #include > +#include > #include > #include "common.h" > =20 > @@ -51,6 +52,12 @@ int nftnl_jansson_parse_elem(struct nftnl_set *s, = json_t *tree, > =20 > int nftnl_data_reg_json_parse(union nftnl_data_reg *reg, json_t *dat= a, > struct nftnl_parse_err *err); > + > +int nftnl_jansson_attr_parse(struct nftnl_attrbuf *attrbuf, > + json_t *root, > + struct nftnl_parse_err *err, > + struct nftnl_set_list *set_list); > + > #else > #define json_t void > #endif > diff --git a/include/utils.h b/include/utils.h > index 0087dbb..1bbabff 100644 > --- a/include/utils.h > +++ b/include/utils.h > @@ -69,6 +69,8 @@ enum nftnl_type { > int nftnl_strtoi(const char *string, int base, void *number, enum nf= tnl_type type); > int nftnl_get_value(enum nftnl_type type, void *val, void *out); > =20 > +char *str2value(const char *str, size_t strlen); > + > const char *nftnl_verdict2str(uint32_t verdict); > int nftnl_str2verdict(const char *verdict, int *verdict_num); > =20 > diff --git a/include/xml.h b/include/xml.h > index 7b33a83..a43ea57 100644 > --- a/include/xml.h > +++ b/include/xml.h > @@ -4,6 +4,7 @@ > #ifdef XML_PARSING > #include > #include "common.h" > +#include > =20 > #define NFTNL_XML_MAND 0 > #define NFTNL_XML_OPT (1 << 0) > @@ -51,6 +52,10 @@ int nftnl_mxml_set_parse(mxml_node_t *tree, struct= nftnl_set *s, > =20 > int nftnl_data_reg_xml_parse(union nftnl_data_reg *reg, mxml_node_t = *tree, > struct nftnl_parse_err *err); > + > +int nftnl_mxml_attr_parse(struct nftnl_attrbuf *attrbuf, mxml_node_t= *tree, > + uint32_t mxml_flags, uint16_t flags, > + struct nftnl_parse_err *err); > #else > #define mxml_node_t void > #endif > diff --git a/src/jansson.c b/src/jansson.c > index 3476ed2..9fff7b5 100644 > --- a/src/jansson.c > +++ b/src/jansson.c > @@ -19,6 +19,7 @@ > #include > =20 > #include > +#include > #include > =20 > #ifdef JSON_PARSING > @@ -276,4 +277,44 @@ int nftnl_jansson_set_elem_parse(struct nftnl_se= t_elem *e, json_t *root, > =20 > return 0; > } > + > +int nftnl_jansson_attr_parse(struct nftnl_attrbuf *attrbuf, > + json_t *root, > + struct nftnl_parse_err *err, > + struct nftnl_set_list *set_list) > +{ > + int ret =3D 0; > + uint8_t type; > + uint8_t len; > + const char *value_str; > + char *value =3D NULL; > + > + ret =3D nftnl_jansson_parse_val(root, "type", NFTNL_TYPE_U8, &type,= err); > + if (ret !=3D 0) > + return -1; > + > + ret =3D nftnl_jansson_parse_val(root, "length", NFTNL_TYPE_U8, &len= , err); > + if (ret !=3D 0) > + return -1; > + > + value_str =3D nftnl_jansson_parse_str(root, "value", err); > + if (ret !=3D 0) > + return -1; > + > + if (strlen(value_str) !=3D 2*len) > + return -1; > + > + value =3D str2value(value_str, 2*len); > + if (!value) { > + perror("nftnl_jansson_attr_parse"); > + exit(EXIT_FAILURE); You shouldn't call exit() in a library. Please, pass up the error code as return value. > + } > + > + if (!nftnl_attr_put_check(attrbuf, type, len, (void *)value)) > + ret =3D -1; > + > + free(value); > + return ret; > +} > + > #endif > diff --git a/src/mxml.c b/src/mxml.c > index 51dbf1b..793a89d 100644 > --- a/src/mxml.c > +++ b/src/mxml.c > @@ -229,4 +229,43 @@ int nftnl_mxml_family_parse(mxml_node_t *tree, c= onst char *node_name, > =20 > return family; > } > + > +int nftnl_mxml_attr_parse(struct nftnl_attrbuf *attrbuf, mxml_node_t= *tree, > + uint32_t mxml_flags, uint16_t flags, > + struct nftnl_parse_err *err) > +{ > + int ret =3D 0; > + uint8_t len; > + uint8_t type; > + const char *value_str; > + char *value =3D NULL; > + > + if (nftnl_mxml_num_parse(tree, "type", mxml_flags, BASE_DEC, &type, > + NFTNL_TYPE_U8, flags, err) < 0) > + return -1; > + > + if (nftnl_mxml_num_parse(tree, "length", mxml_flags, BASE_DEC, &len= , > + NFTNL_TYPE_U8, flags, err) < 0) > + return -1; > + > + value_str =3D nftnl_mxml_str_parse(tree, "value", mxml_flags, flags= , err); > + if (value_str =3D=3D NULL) > + return -1; > + > + if (strlen(value_str) !=3D 2*len) > + return -1; > + > + value =3D str2value(value_str, 2*len); > + if (!value) { > + perror("nftnl_mxml_attr_parse"); > + exit(EXIT_FAILURE); > + } > + > + if (!nftnl_attr_put_check(attrbuf, type, len, (void *)value)) > + ret =3D -1; > + > + free(value); > + return ret; > +} > + > #endif > diff --git a/src/rule.c b/src/rule.c > index 3a32bf6..4a5dc8c 100644 > --- a/src/rule.c > +++ b/src/rule.c > @@ -19,7 +19,6 @@ > #include > #include > #include > -#include > =20 > #include > #include > @@ -28,6 +27,7 @@ > #include > #include > #include > +#include > =20 > struct nftnl_rule { > struct list_head head; > @@ -38,10 +38,7 @@ struct nftnl_rule { > const char *chain; > uint64_t handle; > uint64_t position; > - struct { > - void *data; > - uint32_t len; > - } user; > + struct nftnl_attrbuf *userdata; > struct { > uint32_t flags; > uint32_t proto; > @@ -50,6 +47,15 @@ struct nftnl_rule { > struct list_head expr_list; > }; > =20 > +static size_t nftnl_rule_snprintf_data2str(char *buf, size_t size, > + const void *data, size_t datalen); > +static size_t nftnl_rule_snprintf_default_attr(char *buf, size_t siz= e, > + const struct nftnl_attr *attr); > +static size_t nftnl_rule_snprintf_xml_attr(char *buf, size_t size, > + const struct nftnl_attr *attr); > +static size_t nftnl_rule_snprintf_json_attr(char *buf, size_t size, > + const struct nftnl_attr *attr); > + > struct nftnl_rule *nftnl_rule_alloc(void) > { > struct nftnl_rule *r; > @@ -75,6 +81,8 @@ void nftnl_rule_free(struct nftnl_rule *r) > xfree(r->table); > if (r->chain !=3D NULL) > xfree(r->chain); > + if (r->flags & (1 << NFTNL_RULE_USERDATA)) > + nftnl_attrbuf_free(r->userdata); > =20 > xfree(r); > } > @@ -162,8 +170,12 @@ void nftnl_rule_set_data(struct nftnl_rule *r, u= int16_t attr, > r->position =3D *((uint64_t *)data); > break; > case NFTNL_RULE_USERDATA: > - r->user.data =3D (void *)data; > - r->user.len =3D data_len; > + (r->userdata =3D nftnl_attrbuf_alloc(data_len)); > + if (!r->userdata) { > + perror("nftnl_rule_set_data - userdata"); > + exit(EXIT_FAILURE); > + } > + nftnl_attrbuf_copy_data(r->userdata, data, data_len); > break; > } > r->flags |=3D (1 << attr); > @@ -221,8 +233,8 @@ const void *nftnl_rule_get_data(const struct nftn= l_rule *r, uint16_t attr, > *data_len =3D sizeof(uint64_t); > return &r->position; > case NFTNL_RULE_USERDATA: > - *data_len =3D r->user.len; > - return r->user.data; > + *data_len =3D nftnl_attrbuf_get_len(r->userdata); > + return (void *)nftnl_attrbuf_get_data(r->userdata); > } > return NULL; > } > @@ -288,8 +300,9 @@ void nftnl_rule_nlmsg_build_payload(struct nlmsgh= dr *nlh, struct nftnl_rule *r) > if (r->flags & (1 << NFTNL_RULE_POSITION)) > mnl_attr_put_u64(nlh, NFTA_RULE_POSITION, htobe64(r->position)); > if (r->flags & (1 << NFTNL_RULE_USERDATA)) { > - mnl_attr_put(nlh, NFTA_RULE_USERDATA, r->user.len, > - r->user.data); > + mnl_attr_put(nlh, NFTA_RULE_USERDATA, > + nftnl_attrbuf_get_len(r->userdata), > + nftnl_attrbuf_get_data(r->userdata)); > } > =20 > if (!list_empty(&r->expr_list)) { > @@ -447,19 +460,17 @@ int nftnl_rule_nlmsg_parse(const struct nlmsghd= r *nlh, struct nftnl_rule *r) > r->flags |=3D (1 << NFTNL_RULE_POSITION); > } > if (tb[NFTA_RULE_USERDATA]) { > + uint16_t udata_size; > const void *udata =3D > mnl_attr_get_payload(tb[NFTA_RULE_USERDATA]); > =20 > - if (r->user.data) > - xfree(r->user.data); > - > - r->user.len =3D mnl_attr_get_payload_len(tb[NFTA_RULE_USERDATA]); > + udata_size =3D mnl_attr_get_payload_len(tb[NFTA_RULE_USERDATA]); > =20 > - r->user.data =3D malloc(r->user.len); > - if (r->user.data =3D=3D NULL) > + (r->userdata =3D nftnl_attrbuf_alloc(udata_size)); > + if (!r->userdata) > return -1; > + nftnl_attrbuf_copy_data(r->userdata, udata, udata_size); > =20 > - memcpy(r->user.data, udata, r->user.len); > r->flags |=3D (1 << NFTNL_RULE_USERDATA); > } > =20 > @@ -481,6 +492,7 @@ int nftnl_jansson_parse_rule(struct nftnl_rule *r= , json_t *tree, > uint64_t uval64; > uint32_t uval32; > int i, family; > + struct nftnl_attrbuf *attrbuf; > =20 > root =3D nftnl_jansson_get_node(tree, "rule", err); > if (root =3D=3D NULL) > @@ -557,6 +569,31 @@ int nftnl_jansson_parse_rule(struct nftnl_rule *= r, json_t *tree, > nftnl_rule_add_expr(r, e); > } > =20 Please, wrap these code below into a function, eg. nftnl_jansson_udata_= parse() > + array =3D json_object_get(root, "userdata"); > + if (array =3D=3D NULL) { > + err->error =3D NFTNL_PARSE_EMISSINGNODE; > + err->node_name =3D "userdata"; > + goto err; > + } > + > + attrbuf =3D nftnl_attrbuf_alloc(NFT_USERDATA_MAXLEN); > + if (!attrbuf) { > + perror("nftnl_jansson_parse_rule"); > + exit(EXIT_FAILURE); > + } > + > + for (i =3D 0; i < json_array_size(array); ++i) { > + if (nftnl_jansson_attr_parse(attrbuf, > + json_array_get(array, i), > + err, > + set_list) < 0) > + goto err; > + } > + > + nftnl_rule_set_data(r, NFTNL_RULE_USERDATA, > + nftnl_attrbuf_get_data(attrbuf), > + nftnl_attrbuf_get_len(attrbuf)); > + > return 0; > err: > return -1; > @@ -592,7 +629,7 @@ int nftnl_mxml_rule_parse(mxml_node_t *tree, stru= ct nftnl_rule *r, > struct nftnl_parse_err *err, > struct nftnl_set_list *set_list) > { > - mxml_node_t *node; > + mxml_node_t *node, *node_ud; > struct nftnl_expr *e; > const char *table, *chain; > int family; > @@ -649,6 +686,35 @@ int nftnl_mxml_rule_parse(mxml_node_t *tree, str= uct nftnl_rule *r, > nftnl_rule_add_expr(r, e); > } > =20 > + node_ud =3D mxmlFindElement(tree, tree, "userdata", NULL, NULL, > + MXML_DESCEND); > + if (node_ud) { Please, wrap these code below into a function, eg. nftnl_mxml_udata_par= se() > + struct nftnl_attrbuf *attrbuf; > + > + attrbuf =3D nftnl_attrbuf_alloc(NFT_USERDATA_MAXLEN); > + if (!attrbuf) { > + perror("nftnl_mxml_rule_parse"); > + exit(EXIT_FAILURE); > + } > + > + /* Iterate over attributes */ > + for ( > + node =3D mxmlFindElement(node_ud, node_ud, "attr", NULL, > + NULL, MXML_DESCEND); > + node !=3D NULL; > + node =3D mxmlFindElement(node, node_ud, "attr", NULL, > + NULL, MXML_DESCEND) > + ) { > + if (nftnl_mxml_attr_parse(attrbuf, node, > + MXML_DESCEND_FIRST, r->flags, err) < 0) > + return -1; > + } > + > + nftnl_rule_set_data(r, NFTNL_RULE_USERDATA, > + nftnl_attrbuf_get_data(attrbuf), > + nftnl_attrbuf_get_len(attrbuf)); > + } > + > return 0; > } > #endif > @@ -711,6 +777,21 @@ int nftnl_rule_parse_file(struct nftnl_rule *r, = enum nftnl_parse_type type, > } > EXPORT_SYMBOL_ALIAS(nftnl_rule_parse_file, nft_rule_parse_file); > =20 > +static size_t nftnl_rule_snprintf_data2str(char *buf, size_t size, > + const void *data, size_t datalen) > +{ > + int i; > + size_t ret, len =3D size, offset =3D 0; > + const unsigned char *str =3D data; > + > + for (i =3D 0; i < datalen; i++) { > + ret =3D snprintf(buf+offset, len, "%02X", str[i]); > + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > + } > + > + return offset; > +} > + > static int nftnl_rule_snprintf_json(char *buf, size_t size, struct n= ftnl_rule *r, > uint32_t type, uint32_t flags) > { > @@ -757,6 +838,31 @@ static int nftnl_rule_snprintf_json(char *buf, s= ize_t size, struct nftnl_rule *r > SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > } > =20 > + if (r->flags & (1 << NFTNL_RULE_USERDATA)) { > + const struct nftnl_attr *attr; > + > + ret =3D snprintf(buf+offset, len, "\"userdata\":["); > + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > + > + nftnl_attr_for_each(attr, r->userdata) { > + ret =3D nftnl_rule_snprintf_json_attr(buf+offset, len, > + attr); > + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > + > + ret =3D snprintf(buf+offset, len, ","); > + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > + } > + /* delete last comma */ > + buf[offset-1] =3D '\0'; > + offset--; > + size--; > + len++; > + > + ret =3D snprintf(buf+offset, len, "],\n"); > + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > + > + } > + > ret =3D snprintf(buf+offset, len, "\"expr\":["); > SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > =20 > @@ -849,17 +955,123 @@ static int nftnl_rule_snprintf_xml(char *buf, = size_t size, struct nftnl_rule *r, > SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > =20 > } > + > + if (r->flags & (1 << NFTNL_RULE_USERDATA)) { > + const struct nftnl_attr *attr; > + > + ret =3D snprintf(buf+offset, len, ""); > + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > + > + nftnl_attr_for_each(attr, r->userdata) { > + ret =3D snprintf(buf+offset, len, ""); > + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > + > + ret =3D nftnl_rule_snprintf_xml_attr(buf+offset, len, > + attr); > + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > + > + ret =3D snprintf(buf+offset, len, ""); > + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > + } > + > + ret =3D snprintf(buf+offset, len, ""); > + SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > + } > + > ret =3D snprintf(buf+offset, len, ""); > SNPRINTF_BUFFER_SIZE(ret, size, len, offset); > =20 > return offset; > } > =20 > +static size_t nftnl_rule_snprintf_xml_attr(char *buf, size_t size, > + const struct nftnl_attr *attr) [...] > +static size_t nftnl_rule_snprintf_json_attr(char *buf, size_t size, > + const struct nftnl_attr *attr) You can consolidate these two functions into one using the NFTNL_BUF_* API. > diff --git a/src/utils.c b/src/utils.c > index ba36bc4..0cac4b6 100644 > --- a/src/utils.c > +++ b/src/utils.c > @@ -139,6 +139,51 @@ int nftnl_strtoi(const char *string, int base, v= oid *out, enum nftnl_type type) > return ret; > } > =20 > +static int hex2char(char *out, char c) > +{ > + /* numbers */ > + if (c >=3D 0x30 && c <=3D 0x39) > + *out =3D c - 0x30; > + /* lowercase characters */ > + else if (c >=3D 0x61 && c <=3D 0x66) > + *out =3D c - 0x61 + 10; > + /* uppercase characters */ > + else if (c >=3D 0x41 && c <=3D 0x46) > + *out =3D c - 0x41 + 10; > + else { > + errno =3D EINVAL; > + return 0; > + } You can just print data in hexadecimal, so we can get rid of this. -- To unsubscribe from this list: send the line "unsubscribe netfilter-dev= el" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html