[PATCH 1/3 v2] libnftnl: Implement new buffer of TLV objects.

[PATCH 1/3 v2] libnftnl: Implement new buffer of TLV objects.

[Carlos Falgueras García]

These functions allow to create a buffer (nftnl_attrbuf) of TLV objects
(nftnl_attr). It is inspired by libmnl/src/attr.c. It can be used to store
several variable length user data into an object.

Example usage:
	```
	struct nftnl_attrbuf *attrbuf;
	struct nftnl_attr *attr;
	const char str[] = "Hello World!";

	attrbuf = nftnl_attrbuf_alloc(ATTRBUF_SIZE);
	if (!nftnl_attr_put_check(attrbuf, NFTNL_ATTR_TYPE_COMMENT,
				  strlen(str), str)
	) {
		fprintf(stderr, "Can't put attribute \"%s\"", str);
	}

	nftnl_attr_for_each(attr, attrbuf) {
		printf("%s\n", (char *)nftnl_attr_get_value(attr));
	}

	nftnl_attr_free(attrbuf);
	```

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
---
 include/Makefile.am          |   1 +
 include/attr.h               |  40 +++++++++++++
 include/libnftnl/Makefile.am |   1 +
 include/libnftnl/attr.h      |  53 +++++++++++++++++
 src/Makefile.am              |   1 +
 src/attr.c                   | 132 +++++++++++++++++++++++++++++++++++++++++++
 src/libnftnl.map             |  16 ++++++
 7 files changed, 244 insertions(+)
 create mode 100644 include/attr.h
 create mode 100644 include/libnftnl/attr.h
 create mode 100644 src/attr.c

diff --git a/include/Makefile.am b/include/Makefile.am
index be9eb9b..785ec15 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -12,4 +12,5 @@ noinst_HEADERS = internal.h	\
 		 expr.h		\
 		 json.h		\
 		 set_elem.h	\
+		 attr.h		\
 		 utils.h
diff --git a/include/attr.h b/include/attr.h
new file mode 100644
index 0000000..2a29fa0
--- /dev/null
+++ b/include/attr.h
@@ -0,0 +1,40 @@
+#ifndef _LIBNFTNL_ATTR_INTERNAL_H_
+#define _LIBNFTNL_ATTR_INTERNAL_H_
+
+#include <stdint.h>
+#include <stddef.h>
+
+/*
+ * TLV structures:
+ * nftnl_attr
+ *  <-------- HEADER --------> <------ PAYLOAD ------>
+ * +------------+-------------+- - - - - - - - - - - -+
+ * |    type    |     len     |         value         |
+ * |  (1 byte)  |   (1 byte)  |                       |
+ * +--------------------------+- - - - - - - - - - - -+
+ *  <-- sizeof(nftnl_attr) --> <-- nftnl_attr->len -->
+ */
+struct __attribute__((__packed__)) nftnl_attr {
+	uint8_t type;
+	uint8_t len;
+	unsigned char value[];
+};
+
+/*
+ *              +-------------------------------------------++
+ *              |           data[]                          ||
+ *              |             ||                            ||
+ *              |             \/                            \/
+ *  +-------+-------+- - - - -+-------+-------+ ... +-------+- - - - - - -+
+ *  | size  |  end  | padding |  TLV  |  TLV  |     |  TLV  |    Empty    |
+ *  +-------+-------+- - - - -+-------+-------+ ... +-------+- - - - - - -+
+ *                            |<- nftnl_attrbuf_get_len() ->|
+ *                            |<-------- nftnl_attrbuf_get_size() ------->|
+ */
+struct nftnl_attrbuf {
+	size_t size;
+	char  *end;
+	char   data[] __attribute__((aligned(64)));
+};
+
+#endif
diff --git a/include/libnftnl/Makefile.am b/include/libnftnl/Makefile.am
index 84f01b6..a3a6fb3 100644
--- a/include/libnftnl/Makefile.am
+++ b/include/libnftnl/Makefile.am
@@ -7,4 +7,5 @@ pkginclude_HEADERS = batch.h		\
 		     set.h		\
 		     ruleset.h		\
 		     common.h		\
+		     attr.h		\
 		     gen.h
diff --git a/include/libnftnl/attr.h b/include/libnftnl/attr.h
new file mode 100644
index 0000000..cc3689e
--- /dev/null
+++ b/include/libnftnl/attr.h
@@ -0,0 +1,53 @@
+#ifndef _LIBNFTNL_ATTR_H_
+#define _LIBNFTNL_ATTR_H_
+
+#include <stdio.h>
+#include <stdint.h>
+
+/*
+ * nftnl attributes API
+ */
+struct nftnl_attr;
+struct nftnl_attrbuf;
+
+/* nftnl_attrbuf */
+struct nftnl_attrbuf *nftnl_attrbuf_alloc(size_t data_size);
+void nftnl_attrbuf_free(struct nftnl_attrbuf *attrbuf);
+size_t nftnl_attrbuf_get_len(const struct nftnl_attrbuf *attrbuf);
+size_t nftnl_attrbuf_get_size(const struct nftnl_attrbuf *attrbuf);
+void *nftnl_attrbuf_get_data(const struct nftnl_attrbuf *attrbuf);
+void nftnl_attrbuf_copy_data(struct nftnl_attrbuf *attrbuf,
+			     const void *data, size_t len);
+struct nftnl_attr *nftnl_attrbuf_get_start(const struct nftnl_attrbuf *attrbuf);
+struct nftnl_attr *nftnl_attrbuf_get_end(const struct nftnl_attrbuf *attrbuf);
+
+/* TLV attribute getters */
+uint8_t nftnl_attr_get_type(const struct nftnl_attr *attr);
+uint8_t nftnl_attr_get_len(const struct nftnl_attr *attr);
+void *nftnl_attr_get_value(const struct nftnl_attr *attr);
+
+/* TLV attribute putters */
+struct nftnl_attr *nftnl_attr_put(struct nftnl_attrbuf *attrbuf,
+				  uint8_t type, uint8_t len, const void *value);
+struct nftnl_attr *nftnl_attr_put_check(struct nftnl_attrbuf *attrbuf,
+					uint8_t type, size_t len,
+					const void *value);
+
+/* TLV iterators */
+struct nftnl_attr *nftnl_attr_next(const struct nftnl_attr *attr);
+
+#define nftnl_attr_for_each(attr, attrbuf)                              \
+	for ((attr) = nftnl_attrbuf_get_start(attrbuf);                 \
+	     (char *)(nftnl_attrbuf_get_end(attrbuf)) > (char *)(attr); \
+	     (attr) = nftnl_attr_next(attr))
+
+/* TLV callback-based attribute parsers */
+#define NFTNL_CB_ERROR	-1
+#define NFTNL_CB_STOP	 0
+#define NFTNL_CB_OK	 1
+
+typedef int (*nftnl_attr_cb_t)(const struct nftnl_attr *attr, void *data);
+int nftnl_attr_parse(const struct nftnl_attrbuf *attrbuf, nftnl_attr_cb_t cb,
+		     void *data);
+
+#endif /* _LIBNFTNL_ATTR_H_ */
diff --git a/src/Makefile.am b/src/Makefile.am
index a27e292..621dd69 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -19,6 +19,7 @@ libnftnl_la_SOURCES = utils.c		\
 		      ruleset.c		\
 		      mxml.c		\
 		      jansson.c		\
+		      attr.c		\
 		      expr.c		\
 		      expr_ops.c	\
 		      expr/bitwise.c	\
diff --git a/src/attr.c b/src/attr.c
new file mode 100644
index 0000000..82c63aa
--- /dev/null
+++ b/src/attr.c
@@ -0,0 +1,132 @@
+#include <libnftnl/attr.h>
+#include <attr.h>
+#include <utils.h>
+
+#include <stdlib.h>
+#include <stdint.h>
+
+
+struct nftnl_attrbuf *nftnl_attrbuf_alloc(size_t data_size)
+{
+	struct nftnl_attrbuf *attrbuf;
+
+	attrbuf = (struct nftnl_attrbuf *)
+		malloc(sizeof(struct nftnl_attrbuf) + data_size);
+	attrbuf->size = data_size;
+	attrbuf->end = attrbuf->data;
+
+	return attrbuf;
+}
+EXPORT_SYMBOL(nftnl_attrbuf_alloc);
+
+void nftnl_attrbuf_free(struct nftnl_attrbuf *attrbuf)
+{
+	attrbuf->size = 0;
+	attrbuf->end = NULL;
+	free((void *)attrbuf);
+}
+EXPORT_SYMBOL(nftnl_attrbuf_free);
+
+size_t nftnl_attrbuf_get_len(const struct nftnl_attrbuf *attrbuf)
+{
+	return (size_t)(attrbuf->end - attrbuf->data);
+}
+EXPORT_SYMBOL(nftnl_attrbuf_get_len);
+
+size_t nftnl_attrbuf_get_size(const struct nftnl_attrbuf *attrbuf)
+{
+	return attrbuf->size;
+}
+EXPORT_SYMBOL(nftnl_attrbuf_get_size);
+
+struct nftnl_attr *nftnl_attrbuf_get_start(const struct nftnl_attrbuf *attrbuf)
+{
+	return (struct nftnl_attr *)attrbuf->data;
+}
+EXPORT_SYMBOL(nftnl_attrbuf_get_start);
+
+struct nftnl_attr *nftnl_attrbuf_get_end(const struct nftnl_attrbuf *attrbuf)
+{
+	return (struct nftnl_attr *)attrbuf->end;
+}
+EXPORT_SYMBOL(nftnl_attrbuf_get_end);
+
+void *nftnl_attrbuf_get_data(const struct nftnl_attrbuf *attrbuf)
+{
+	return (void *)attrbuf->data;
+}
+EXPORT_SYMBOL(nftnl_attrbuf_get_data);
+
+void nftnl_attrbuf_copy_data(struct nftnl_attrbuf *attrbuf,
+			    const void *data, size_t len)
+{
+	memcpy(attrbuf->data, data, len <= attrbuf->size ? len : attrbuf->size);
+	attrbuf->end = attrbuf->data + len;
+}
+EXPORT_SYMBOL(nftnl_attrbuf_copy_data);
+
+uint8_t nftnl_attr_get_type(const struct nftnl_attr *attr)
+{
+	return attr->type;
+}
+EXPORT_SYMBOL(nftnl_attr_get_type);
+
+uint8_t nftnl_attr_get_len(const struct nftnl_attr *attr)
+{
+	return attr->len;
+}
+EXPORT_SYMBOL(nftnl_attr_get_len);
+
+void *nftnl_attr_get_value(const struct nftnl_attr *attr)
+{
+	return (void *)attr->value;
+}
+EXPORT_SYMBOL(nftnl_attr_get_value);
+
+struct nftnl_attr *nftnl_attr_put(struct nftnl_attrbuf *attrbuf,
+				  uint8_t type, uint8_t len, const void *value)
+{
+	struct nftnl_attr *attr = (struct nftnl_attr *)attrbuf->end;
+
+	attr->len  = len;
+	attr->type = type;
+	memcpy(attr->value, value, len);
+
+	attrbuf->end = (char *)nftnl_attr_next(attr);
+
+	return attr;
+}
+EXPORT_SYMBOL(nftnl_attr_put);
+
+struct nftnl_attr *nftnl_attr_put_check(struct nftnl_attrbuf *attrbuf,
+					uint8_t type, size_t len,
+					const void *value)
+{
+	/* Check if there is enough space */
+	if (attrbuf->size < len + sizeof(struct nftnl_attr))
+		return NULL;
+
+	return nftnl_attr_put(attrbuf, type, len, value);
+}
+EXPORT_SYMBOL(nftnl_attr_put_check);
+
+struct nftnl_attr *nftnl_attr_next(const struct nftnl_attr *attr)
+{
+	return (struct nftnl_attr *)&attr->value[attr->len];
+}
+EXPORT_SYMBOL(nftnl_attr_next);
+
+int nftnl_attr_parse(const struct nftnl_attrbuf *attrbuf, nftnl_attr_cb_t cb,
+		     void *data)
+{
+	int ret = NFTNL_CB_OK;
+	const struct nftnl_attr *attr;
+
+	nftnl_attr_for_each(attr, attrbuf) {
+		ret = cb(attr, data);
+		if (ret <= NFTNL_CB_STOP)
+			return ret;
+	}
+	return ret;
+}
+EXPORT_SYMBOL(nftnl_attr_parse);
diff --git a/src/libnftnl.map b/src/libnftnl.map
index 2e193b7..65bd37e 100644
--- a/src/libnftnl.map
+++ b/src/libnftnl.map
@@ -336,6 +336,22 @@ global:
   nftnl_set_snprintf;
   nftnl_set_fprintf;
 
+  nftnl_attrbuf_alloc;
+  nftnl_attrbuf_free;
+  nftnl_attrbuf_get_len;
+  nftnl_attrbuf_get_size;
+  nftnl_attrbuf_get_data;
+  nftnl_attrbuf_copy_data;
+  nftnl_attrbuf_get_start;
+  nftnl_attrbuf_get_end;
+  nftnl_attr_get_type;
+  nftnl_attr_get_len;
+  nftnl_attr_get_value;
+  nftnl_attr_put;
+  nftnl_attr_put_check;
+  nftnl_attr_next;
+  nftnl_attr_parse;
+
   nftnl_set_list_alloc;
   nftnl_set_list_free;
   nftnl_set_list_add;
-- 
2.7.0

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/3 v2] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer.

[Carlos Falgueras García]

Now is it possible to store multiple variable length user data into a rule.
Modify XML and JSON parsers to support this new feature.

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
---
 include/json.h  |   7 ++
 include/utils.h |   2 +
 include/xml.h   |   5 ++
 src/jansson.c   |  41 +++++++++
 src/mxml.c      |  39 ++++++++
 src/rule.c      | 271 ++++++++++++++++++++++++++++++++++++++++++++++++++------
 src/utils.c     |  45 ++++++++++
 7 files changed, 385 insertions(+), 25 deletions(-)

diff --git a/include/json.h b/include/json.h
index bd70cec..8b64f00 100644
--- a/include/json.h
+++ b/include/json.h
@@ -3,6 +3,7 @@
 
 #ifdef JSON_PARSING
 #include <jansson.h>
+#include <libnftnl/attr.h>
 #include <stdbool.h>
 #include "common.h"
 
@@ -51,6 +52,12 @@ int nftnl_jansson_parse_elem(struct nftnl_set *s, json_t *tree,
 
 int nftnl_data_reg_json_parse(union nftnl_data_reg *reg, json_t *data,
 			    struct nftnl_parse_err *err);
+
+int nftnl_jansson_attr_parse(struct nftnl_attrbuf *attrbuf,
+			     json_t *root,
+			     struct nftnl_parse_err *err,
+			     struct nftnl_set_list *set_list);
+
 #else
 #define json_t void
 #endif
diff --git a/include/utils.h b/include/utils.h
index 0087dbb..1bbabff 100644
--- a/include/utils.h
+++ b/include/utils.h
@@ -69,6 +69,8 @@ enum nftnl_type {
 int nftnl_strtoi(const char *string, int base, void *number, enum nftnl_type type);
 int nftnl_get_value(enum nftnl_type type, void *val, void *out);
 
+char *str2value(const char *str, size_t strlen);
+
 const char *nftnl_verdict2str(uint32_t verdict);
 int nftnl_str2verdict(const char *verdict, int *verdict_num);
 
diff --git a/include/xml.h b/include/xml.h
index 7b33a83..a43ea57 100644
--- a/include/xml.h
+++ b/include/xml.h
@@ -4,6 +4,7 @@
 #ifdef XML_PARSING
 #include <mxml.h>
 #include "common.h"
+#include <libnftnl/attr.h>
 
 #define NFTNL_XML_MAND 0
 #define NFTNL_XML_OPT (1 << 0)
@@ -51,6 +52,10 @@ int nftnl_mxml_set_parse(mxml_node_t *tree, struct nftnl_set *s,
 
 int nftnl_data_reg_xml_parse(union nftnl_data_reg *reg, mxml_node_t *tree,
 			   struct nftnl_parse_err *err);
+
+int nftnl_mxml_attr_parse(struct nftnl_attrbuf *attrbuf, mxml_node_t *tree,
+			  uint32_t mxml_flags, uint16_t flags,
+			  struct nftnl_parse_err *err);
 #else
 #define mxml_node_t void
 #endif
diff --git a/src/jansson.c b/src/jansson.c
index 3476ed2..9fff7b5 100644
--- a/src/jansson.c
+++ b/src/jansson.c
@@ -19,6 +19,7 @@
 #include <libnftnl/set.h>
 
 #include <libnftnl/expr.h>
+#include <libnftnl/attr.h>
 #include <linux/netfilter/nf_tables.h>
 
 #ifdef JSON_PARSING
@@ -276,4 +277,44 @@ int nftnl_jansson_set_elem_parse(struct nftnl_set_elem *e, json_t *root,
 
 	return 0;
 }
+
+int nftnl_jansson_attr_parse(struct nftnl_attrbuf *attrbuf,
+			     json_t *root,
+			     struct nftnl_parse_err *err,
+			     struct nftnl_set_list *set_list)
+{
+	int ret = 0;
+	uint8_t type;
+	uint8_t len;
+	const char *value_str;
+	char *value = NULL;
+
+	ret = nftnl_jansson_parse_val(root, "type", NFTNL_TYPE_U8, &type, err);
+	if (ret != 0)
+		return -1;
+
+	ret = nftnl_jansson_parse_val(root, "length", NFTNL_TYPE_U8, &len, err);
+	if (ret != 0)
+		return -1;
+
+	value_str = nftnl_jansson_parse_str(root, "value", err);
+	if (ret != 0)
+		return -1;
+
+	if (strlen(value_str) != 2*len)
+		return -1;
+
+	value = str2value(value_str, 2*len);
+	if (!value) {
+		perror("nftnl_jansson_attr_parse");
+		exit(EXIT_FAILURE);
+	}
+
+	if (!nftnl_attr_put_check(attrbuf, type, len, (void *)value))
+		ret = -1;
+
+	free(value);
+	return ret;
+}
+
 #endif
diff --git a/src/mxml.c b/src/mxml.c
index 51dbf1b..793a89d 100644
--- a/src/mxml.c
+++ b/src/mxml.c
@@ -229,4 +229,43 @@ int nftnl_mxml_family_parse(mxml_node_t *tree, const char *node_name,
 
 	return family;
 }
+
+int nftnl_mxml_attr_parse(struct nftnl_attrbuf *attrbuf, mxml_node_t *tree,
+			  uint32_t mxml_flags, uint16_t flags,
+			  struct nftnl_parse_err *err)
+{
+	int ret = 0;
+	uint8_t len;
+	uint8_t type;
+	const char *value_str;
+	char *value = NULL;
+
+	if (nftnl_mxml_num_parse(tree, "type", mxml_flags, BASE_DEC, &type,
+				 NFTNL_TYPE_U8, flags, err) < 0)
+		return -1;
+
+	if (nftnl_mxml_num_parse(tree, "length", mxml_flags, BASE_DEC, &len,
+				 NFTNL_TYPE_U8, flags, err) < 0)
+		return -1;
+
+	value_str = nftnl_mxml_str_parse(tree, "value", mxml_flags, flags, err);
+	if (value_str == NULL)
+		return -1;
+
+	if (strlen(value_str) != 2*len)
+		return -1;
+
+	value = str2value(value_str, 2*len);
+	if (!value) {
+		perror("nftnl_mxml_attr_parse");
+		exit(EXIT_FAILURE);
+	}
+
+	if (!nftnl_attr_put_check(attrbuf, type, len, (void *)value))
+		ret = -1;
+
+	free(value);
+	return ret;
+}
+
 #endif
diff --git a/src/rule.c b/src/rule.c
index 3a32bf6..4a5dc8c 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -19,7 +19,6 @@
 #include <netinet/in.h>
 #include <errno.h>
 #include <inttypes.h>
-#include <ctype.h>
 
 #include <libmnl/libmnl.h>
 #include <linux/netfilter/nfnetlink.h>
@@ -28,6 +27,7 @@
 #include <libnftnl/rule.h>
 #include <libnftnl/set.h>
 #include <libnftnl/expr.h>
+#include <libnftnl/attr.h>
 
 struct nftnl_rule {
 	struct list_head head;
@@ -38,10 +38,7 @@ struct nftnl_rule {
 	const char	*chain;
 	uint64_t	handle;
 	uint64_t	position;
-	struct {
-			void		*data;
-			uint32_t	len;
-	} user;
+	struct nftnl_attrbuf	*userdata;
 	struct {
 			uint32_t	flags;
 			uint32_t	proto;
@@ -50,6 +47,15 @@ struct nftnl_rule {
 	struct list_head expr_list;
 };
 
+static size_t nftnl_rule_snprintf_data2str(char *buf, size_t size,
+					   const void *data, size_t datalen);
+static size_t nftnl_rule_snprintf_default_attr(char *buf, size_t size,
+					       const struct nftnl_attr *attr);
+static size_t nftnl_rule_snprintf_xml_attr(char *buf, size_t size,
+					   const struct nftnl_attr *attr);
+static size_t nftnl_rule_snprintf_json_attr(char *buf, size_t size,
+					    const struct nftnl_attr *attr);
+
 struct nftnl_rule *nftnl_rule_alloc(void)
 {
 	struct nftnl_rule *r;
@@ -75,6 +81,8 @@ void nftnl_rule_free(struct nftnl_rule *r)
 		xfree(r->table);
 	if (r->chain != NULL)
 		xfree(r->chain);
+	if (r->flags & (1 << NFTNL_RULE_USERDATA))
+		nftnl_attrbuf_free(r->userdata);
 
 	xfree(r);
 }
@@ -162,8 +170,12 @@ void nftnl_rule_set_data(struct nftnl_rule *r, uint16_t attr,
 		r->position = *((uint64_t *)data);
 		break;
 	case NFTNL_RULE_USERDATA:
-		r->user.data = (void *)data;
-		r->user.len = data_len;
+		(r->userdata = nftnl_attrbuf_alloc(data_len));
+		if (!r->userdata) {
+			perror("nftnl_rule_set_data - userdata");
+			exit(EXIT_FAILURE);
+		}
+		nftnl_attrbuf_copy_data(r->userdata, data, data_len);
 		break;
 	}
 	r->flags |= (1 << attr);
@@ -221,8 +233,8 @@ const void *nftnl_rule_get_data(const struct nftnl_rule *r, uint16_t attr,
 		*data_len = sizeof(uint64_t);
 		return &r->position;
 	case NFTNL_RULE_USERDATA:
-		*data_len = r->user.len;
-		return r->user.data;
+		*data_len = nftnl_attrbuf_get_len(r->userdata);
+		return (void *)nftnl_attrbuf_get_data(r->userdata);
 	}
 	return NULL;
 }
@@ -288,8 +300,9 @@ void nftnl_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_rule *r)
 	if (r->flags & (1 << NFTNL_RULE_POSITION))
 		mnl_attr_put_u64(nlh, NFTA_RULE_POSITION, htobe64(r->position));
 	if (r->flags & (1 << NFTNL_RULE_USERDATA)) {
-		mnl_attr_put(nlh, NFTA_RULE_USERDATA, r->user.len,
-			     r->user.data);
+		mnl_attr_put(nlh, NFTA_RULE_USERDATA,
+			     nftnl_attrbuf_get_len(r->userdata),
+			     nftnl_attrbuf_get_data(r->userdata));
 	}
 
 	if (!list_empty(&r->expr_list)) {
@@ -447,19 +460,17 @@ int nftnl_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_rule *r)
 		r->flags |= (1 << NFTNL_RULE_POSITION);
 	}
 	if (tb[NFTA_RULE_USERDATA]) {
+		uint16_t udata_size;
 		const void *udata =
 			mnl_attr_get_payload(tb[NFTA_RULE_USERDATA]);
 
-		if (r->user.data)
-			xfree(r->user.data);
-
-		r->user.len = mnl_attr_get_payload_len(tb[NFTA_RULE_USERDATA]);
+		udata_size = mnl_attr_get_payload_len(tb[NFTA_RULE_USERDATA]);
 
-		r->user.data = malloc(r->user.len);
-		if (r->user.data == NULL)
+		(r->userdata = nftnl_attrbuf_alloc(udata_size));
+		if (!r->userdata)
 			return -1;
+		nftnl_attrbuf_copy_data(r->userdata, udata, udata_size);
 
-		memcpy(r->user.data, udata, r->user.len);
 		r->flags |= (1 << NFTNL_RULE_USERDATA);
 	}
 
@@ -481,6 +492,7 @@ int nftnl_jansson_parse_rule(struct nftnl_rule *r, json_t *tree,
 	uint64_t uval64;
 	uint32_t uval32;
 	int i, family;
+	struct nftnl_attrbuf *attrbuf;
 
 	root = nftnl_jansson_get_node(tree, "rule", err);
 	if (root == NULL)
@@ -557,6 +569,31 @@ int nftnl_jansson_parse_rule(struct nftnl_rule *r, json_t *tree,
 		nftnl_rule_add_expr(r, e);
 	}
 
+	array = json_object_get(root, "userdata");
+	if (array == NULL) {
+		err->error = NFTNL_PARSE_EMISSINGNODE;
+		err->node_name = "userdata";
+		goto err;
+	}
+
+	attrbuf = nftnl_attrbuf_alloc(NFT_USERDATA_MAXLEN);
+	if (!attrbuf) {
+		perror("nftnl_jansson_parse_rule");
+		exit(EXIT_FAILURE);
+	}
+
+	for (i = 0; i < json_array_size(array); ++i) {
+		if (nftnl_jansson_attr_parse(attrbuf,
+					     json_array_get(array, i),
+					     err,
+					     set_list) < 0)
+			goto err;
+	}
+
+	nftnl_rule_set_data(r, NFTNL_RULE_USERDATA,
+			    nftnl_attrbuf_get_data(attrbuf),
+			    nftnl_attrbuf_get_len(attrbuf));
+
 	return 0;
 err:
 	return -1;
@@ -592,7 +629,7 @@ int nftnl_mxml_rule_parse(mxml_node_t *tree, struct nftnl_rule *r,
 			struct nftnl_parse_err *err,
 			struct nftnl_set_list *set_list)
 {
-	mxml_node_t *node;
+	mxml_node_t *node, *node_ud;
 	struct nftnl_expr *e;
 	const char *table, *chain;
 	int family;
@@ -649,6 +686,35 @@ int nftnl_mxml_rule_parse(mxml_node_t *tree, struct nftnl_rule *r,
 		nftnl_rule_add_expr(r, e);
 	}
 
+	node_ud = mxmlFindElement(tree, tree, "userdata", NULL, NULL,
+				  MXML_DESCEND);
+	if (node_ud) {
+		struct nftnl_attrbuf *attrbuf;
+
+		attrbuf = nftnl_attrbuf_alloc(NFT_USERDATA_MAXLEN);
+		if (!attrbuf) {
+			perror("nftnl_mxml_rule_parse");
+			exit(EXIT_FAILURE);
+		}
+
+		/* Iterate over attributes */
+		for (
+			node = mxmlFindElement(node_ud, node_ud, "attr", NULL,
+				NULL, MXML_DESCEND);
+			node != NULL;
+			node = mxmlFindElement(node, node_ud, "attr", NULL,
+				NULL, MXML_DESCEND)
+		) {
+			if (nftnl_mxml_attr_parse(attrbuf, node,
+					MXML_DESCEND_FIRST, r->flags, err) < 0)
+				return -1;
+		}
+
+		nftnl_rule_set_data(r, NFTNL_RULE_USERDATA,
+				    nftnl_attrbuf_get_data(attrbuf),
+				    nftnl_attrbuf_get_len(attrbuf));
+	}
+
 	return 0;
 }
 #endif
@@ -711,6 +777,21 @@ int nftnl_rule_parse_file(struct nftnl_rule *r, enum nftnl_parse_type type,
 }
 EXPORT_SYMBOL_ALIAS(nftnl_rule_parse_file, nft_rule_parse_file);
 
+static size_t nftnl_rule_snprintf_data2str(char *buf, size_t size,
+					   const void *data, size_t datalen)
+{
+	int i;
+	size_t ret, len = size, offset = 0;
+	const unsigned char *str = data;
+
+	for (i = 0; i < datalen; i++) {
+		ret = snprintf(buf+offset, len, "%02X", str[i]);
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
+	return offset;
+}
+
 static int nftnl_rule_snprintf_json(char *buf, size_t size, struct nftnl_rule *r,
 					 uint32_t type, uint32_t flags)
 {
@@ -757,6 +838,31 @@ static int nftnl_rule_snprintf_json(char *buf, size_t size, struct nftnl_rule *r
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
+	if (r->flags & (1 << NFTNL_RULE_USERDATA)) {
+		const struct nftnl_attr *attr;
+
+		ret = snprintf(buf+offset, len, "\"userdata\":[");
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+		nftnl_attr_for_each(attr, r->userdata) {
+			ret = nftnl_rule_snprintf_json_attr(buf+offset, len,
+							    attr);
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+			ret = snprintf(buf+offset, len, ",");
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+		}
+		/* delete last comma */
+		buf[offset-1] = '\0';
+		offset--;
+		size--;
+		len++;
+
+		ret = snprintf(buf+offset, len, "],\n");
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	}
+
 	ret = snprintf(buf+offset, len, "\"expr\":[");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
@@ -849,17 +955,123 @@ static int nftnl_rule_snprintf_xml(char *buf, size_t size, struct nftnl_rule *r,
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	}
+
+	if (r->flags & (1 << NFTNL_RULE_USERDATA)) {
+		const struct nftnl_attr *attr;
+
+		ret = snprintf(buf+offset, len, "<userdata>");
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+		nftnl_attr_for_each(attr, r->userdata) {
+			ret = snprintf(buf+offset, len, "<attr>");
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+			ret = nftnl_rule_snprintf_xml_attr(buf+offset, len,
+							    attr);
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+			ret = snprintf(buf+offset, len, "</attr>");
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+		}
+
+		ret = snprintf(buf+offset, len, "</userdata>");
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
 	ret = snprintf(buf+offset, len, "</rule>");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	return offset;
 }
 
+static size_t nftnl_rule_snprintf_xml_attr(char *buf, size_t size,
+					   const struct nftnl_attr *attr)
+{
+	size_t ret, len = size, offset = 0;
+
+	uint8_t atype = nftnl_attr_get_type(attr);
+	uint8_t alen  = nftnl_attr_get_len(attr);
+	void   *aval  = nftnl_attr_get_value(attr);
+
+	/* type */
+	ret = snprintf(buf+offset, len, "<type>%d</type>", atype);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	/* len */
+	ret = snprintf(buf+offset, len, "<length>%d</length>", alen);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	/* value */
+	ret = snprintf(buf+offset, len, "<value>\"");
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	ret = nftnl_rule_snprintf_data2str(buf+offset, len, aval, alen);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	ret = snprintf(buf+offset, len, "\"</value>");
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	return offset;
+}
+
+static size_t nftnl_rule_snprintf_json_attr(char *buf, size_t size,
+					    const struct nftnl_attr *attr)
+{
+	size_t ret, len = size, offset = 0;
+
+	uint8_t atype = nftnl_attr_get_type(attr);
+	uint8_t alen  = nftnl_attr_get_len(attr);
+	void   *aval  = nftnl_attr_get_value(attr);
+
+	/* type */
+	ret = snprintf(buf+offset, len, "{\"type\":%d,", atype);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	/* len */
+	ret = snprintf(buf+offset, len, "\"length\":%d,", alen);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	/* value */
+	ret = snprintf(buf+offset, len, "\"value\":\"");
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	ret = nftnl_rule_snprintf_data2str(buf+offset, len, aval, alen);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	ret = snprintf(buf+offset, len, "\"}");
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	return offset;
+}
+
+static size_t nftnl_rule_snprintf_default_attr(char *buf, size_t size,
+					       const struct nftnl_attr *attr)
+{
+	size_t ret, len = size, offset = 0;
+
+	uint8_t atype = nftnl_attr_get_type(attr);
+	uint8_t alen  = nftnl_attr_get_len(attr);
+	void   *aval  = nftnl_attr_get_value(attr);
+
+	/* type */
+	ret = snprintf(buf+offset, len, "{%d:\"", atype);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	/* value */
+	ret = nftnl_rule_snprintf_data2str(buf+offset, len, aval, alen);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	ret = snprintf(buf+offset, len, "\"}");
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	return offset;
+}
+
 static int nftnl_rule_snprintf_default(char *buf, size_t size, struct nftnl_rule *r,
 				     uint32_t type, uint32_t flags)
 {
 	struct nftnl_expr *expr;
-	int ret, len = size, offset = 0, i;
+	int ret, len = size, offset = 0;
 
 	if (r->flags & (1 << NFTNL_RULE_FAMILY)) {
 		ret = snprintf(buf+offset, len, "%s ",
@@ -905,17 +1117,26 @@ static int nftnl_rule_snprintf_default(char *buf, size_t size, struct nftnl_rule
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
-	if (r->user.len) {
+
+	if (r->flags & (1 << NFTNL_RULE_USERDATA)) {
+		const struct nftnl_attr *attr;
+
 		ret = snprintf(buf+offset, len, "  userdata = { ");
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-		for (i = 0; i < r->user.len; i++) {
-			char *c = r->user.data;
+		nftnl_attr_for_each(attr, r->userdata) {
+			ret = nftnl_rule_snprintf_default_attr(buf+offset,
+							       len, attr);
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-			ret = snprintf(buf+offset, len, "%c",
-				       isalnum(c[i]) ? c[i] : 0);
+			ret = snprintf(buf+offset, len, ",");
 			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 		}
+		/* delete last comma */
+		buf[offset-1] = '\0';
+		offset--;
+		size--;
+		len++;
 
 		ret = snprintf(buf+offset, len, " }\n");
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
diff --git a/src/utils.c b/src/utils.c
index ba36bc4..0cac4b6 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -139,6 +139,51 @@ int nftnl_strtoi(const char *string, int base, void *out, enum nftnl_type type)
 	return ret;
 }
 
+static int hex2char(char *out, char c)
+{
+	/* numbers */
+	if (c >= 0x30 && c <= 0x39)
+		*out = c - 0x30;
+	/* lowercase characters */
+	else if (c >= 0x61 && c <= 0x66)
+		*out = c - 0x61 + 10;
+	/* uppercase characters */
+	else if (c >= 0x41 && c <= 0x46)
+		*out = c - 0x41 + 10;
+	else {
+		errno = EINVAL;
+		return 0;
+	}
+
+	return 1;
+}
+
+char *str2value(const char *str, size_t strlen)
+{
+	char *value;
+	size_t i;
+	char d0;
+	char d1;
+
+
+	value = (char *)malloc(strlen/2);
+	if (!value)
+		return NULL;
+
+	for (i = 0; i < strlen/2; i++) {
+		if (!hex2char(&d0, str[2*i + 0]) ||
+		    !hex2char(&d1, str[2*i + 1])
+		) {
+			free(value);
+			return NULL;
+		}
+
+		value[i] = d0*16 + d1;
+	}
+
+	return value;
+}
+
 const char *nftnl_verdict2str(uint32_t verdict)
 {
 	switch (verdict) {
-- 
2.7.0

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/3 v2] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer.

[Pablo Neira Ayuso]

On Mon, Feb 29, 2016 at 05:25:39PM +0100, Carlos Falgueras García wrote:
> Now is it possible to store multiple variable length user data into a rule.
> Modify XML and JSON parsers to support this new feature.
> 
> Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
> ---
>  include/json.h  |   7 ++
>  include/utils.h |   2 +
>  include/xml.h   |   5 ++
>  src/jansson.c   |  41 +++++++++
>  src/mxml.c      |  39 ++++++++
>  src/rule.c      | 271 ++++++++++++++++++++++++++++++++++++++++++++++++++------
>  src/utils.c     |  45 ++++++++++
>  7 files changed, 385 insertions(+), 25 deletions(-)
> 
> diff --git a/include/json.h b/include/json.h
> index bd70cec..8b64f00 100644
> --- a/include/json.h
> +++ b/include/json.h
> @@ -3,6 +3,7 @@
>  
>  #ifdef JSON_PARSING
>  #include <jansson.h>
> +#include <libnftnl/attr.h>
>  #include <stdbool.h>
>  #include "common.h"
>  
> @@ -51,6 +52,12 @@ int nftnl_jansson_parse_elem(struct nftnl_set *s, json_t *tree,
>  
>  int nftnl_data_reg_json_parse(union nftnl_data_reg *reg, json_t *data,
>  			    struct nftnl_parse_err *err);
> +
> +int nftnl_jansson_attr_parse(struct nftnl_attrbuf *attrbuf,
> +			     json_t *root,
> +			     struct nftnl_parse_err *err,
> +			     struct nftnl_set_list *set_list);
> +
>  #else
>  #define json_t void
>  #endif
> diff --git a/include/utils.h b/include/utils.h
> index 0087dbb..1bbabff 100644
> --- a/include/utils.h
> +++ b/include/utils.h
> @@ -69,6 +69,8 @@ enum nftnl_type {
>  int nftnl_strtoi(const char *string, int base, void *number, enum nftnl_type type);
>  int nftnl_get_value(enum nftnl_type type, void *val, void *out);
>  
> +char *str2value(const char *str, size_t strlen);
> +
>  const char *nftnl_verdict2str(uint32_t verdict);
>  int nftnl_str2verdict(const char *verdict, int *verdict_num);
>  
> diff --git a/include/xml.h b/include/xml.h
> index 7b33a83..a43ea57 100644
> --- a/include/xml.h
> +++ b/include/xml.h
> @@ -4,6 +4,7 @@
>  #ifdef XML_PARSING
>  #include <mxml.h>
>  #include "common.h"
> +#include <libnftnl/attr.h>
>  
>  #define NFTNL_XML_MAND 0
>  #define NFTNL_XML_OPT (1 << 0)
> @@ -51,6 +52,10 @@ int nftnl_mxml_set_parse(mxml_node_t *tree, struct nftnl_set *s,
>  
>  int nftnl_data_reg_xml_parse(union nftnl_data_reg *reg, mxml_node_t *tree,
>  			   struct nftnl_parse_err *err);
> +
> +int nftnl_mxml_attr_parse(struct nftnl_attrbuf *attrbuf, mxml_node_t *tree,
> +			  uint32_t mxml_flags, uint16_t flags,
> +			  struct nftnl_parse_err *err);
>  #else
>  #define mxml_node_t void
>  #endif
> diff --git a/src/jansson.c b/src/jansson.c
> index 3476ed2..9fff7b5 100644
> --- a/src/jansson.c
> +++ b/src/jansson.c
> @@ -19,6 +19,7 @@
>  #include <libnftnl/set.h>
>  
>  #include <libnftnl/expr.h>
> +#include <libnftnl/attr.h>
>  #include <linux/netfilter/nf_tables.h>
>  
>  #ifdef JSON_PARSING
> @@ -276,4 +277,44 @@ int nftnl_jansson_set_elem_parse(struct nftnl_set_elem *e, json_t *root,
>  
>  	return 0;
>  }
> +
> +int nftnl_jansson_attr_parse(struct nftnl_attrbuf *attrbuf,
> +			     json_t *root,
> +			     struct nftnl_parse_err *err,
> +			     struct nftnl_set_list *set_list)
> +{
> +	int ret = 0;
> +	uint8_t type;
> +	uint8_t len;
> +	const char *value_str;
> +	char *value = NULL;
> +
> +	ret = nftnl_jansson_parse_val(root, "type", NFTNL_TYPE_U8, &type, err);
> +	if (ret != 0)
> +		return -1;
> +
> +	ret = nftnl_jansson_parse_val(root, "length", NFTNL_TYPE_U8, &len, err);
> +	if (ret != 0)
> +		return -1;
> +
> +	value_str = nftnl_jansson_parse_str(root, "value", err);
> +	if (ret != 0)
> +		return -1;
> +
> +	if (strlen(value_str) != 2*len)
> +		return -1;
> +
> +	value = str2value(value_str, 2*len);
> +	if (!value) {
> +		perror("nftnl_jansson_attr_parse");
> +		exit(EXIT_FAILURE);

You shouldn't call exit() in a library.

Please, pass up the error code as return value.

> +	}
> +
> +	if (!nftnl_attr_put_check(attrbuf, type, len, (void *)value))
> +		ret = -1;
> +
> +	free(value);
> +	return ret;
> +}
> +
>  #endif
> diff --git a/src/mxml.c b/src/mxml.c
> index 51dbf1b..793a89d 100644
> --- a/src/mxml.c
> +++ b/src/mxml.c
> @@ -229,4 +229,43 @@ int nftnl_mxml_family_parse(mxml_node_t *tree, const char *node_name,
>  
>  	return family;
>  }
> +
> +int nftnl_mxml_attr_parse(struct nftnl_attrbuf *attrbuf, mxml_node_t *tree,
> +			  uint32_t mxml_flags, uint16_t flags,
> +			  struct nftnl_parse_err *err)
> +{
> +	int ret = 0;
> +	uint8_t len;
> +	uint8_t type;
> +	const char *value_str;
> +	char *value = NULL;
> +
> +	if (nftnl_mxml_num_parse(tree, "type", mxml_flags, BASE_DEC, &type,
> +				 NFTNL_TYPE_U8, flags, err) < 0)
> +		return -1;
> +
> +	if (nftnl_mxml_num_parse(tree, "length", mxml_flags, BASE_DEC, &len,
> +				 NFTNL_TYPE_U8, flags, err) < 0)
> +		return -1;
> +
> +	value_str = nftnl_mxml_str_parse(tree, "value", mxml_flags, flags, err);
> +	if (value_str == NULL)
> +		return -1;
> +
> +	if (strlen(value_str) != 2*len)
> +		return -1;
> +
> +	value = str2value(value_str, 2*len);
> +	if (!value) {
> +		perror("nftnl_mxml_attr_parse");
> +		exit(EXIT_FAILURE);
> +	}
> +
> +	if (!nftnl_attr_put_check(attrbuf, type, len, (void *)value))
> +		ret = -1;
> +
> +	free(value);
> +	return ret;
> +}
> +
>  #endif
> diff --git a/src/rule.c b/src/rule.c
> index 3a32bf6..4a5dc8c 100644
> --- a/src/rule.c
> +++ b/src/rule.c
> @@ -19,7 +19,6 @@
>  #include <netinet/in.h>
>  #include <errno.h>
>  #include <inttypes.h>
> -#include <ctype.h>
>  
>  #include <libmnl/libmnl.h>
>  #include <linux/netfilter/nfnetlink.h>
> @@ -28,6 +27,7 @@
>  #include <libnftnl/rule.h>
>  #include <libnftnl/set.h>
>  #include <libnftnl/expr.h>
> +#include <libnftnl/attr.h>
>  
>  struct nftnl_rule {
>  	struct list_head head;
> @@ -38,10 +38,7 @@ struct nftnl_rule {
>  	const char	*chain;
>  	uint64_t	handle;
>  	uint64_t	position;
> -	struct {
> -			void		*data;
> -			uint32_t	len;
> -	} user;
> +	struct nftnl_attrbuf	*userdata;
>  	struct {
>  			uint32_t	flags;
>  			uint32_t	proto;
> @@ -50,6 +47,15 @@ struct nftnl_rule {
>  	struct list_head expr_list;
>  };
>  
> +static size_t nftnl_rule_snprintf_data2str(char *buf, size_t size,
> +					   const void *data, size_t datalen);
> +static size_t nftnl_rule_snprintf_default_attr(char *buf, size_t size,
> +					       const struct nftnl_attr *attr);
> +static size_t nftnl_rule_snprintf_xml_attr(char *buf, size_t size,
> +					   const struct nftnl_attr *attr);
> +static size_t nftnl_rule_snprintf_json_attr(char *buf, size_t size,
> +					    const struct nftnl_attr *attr);
> +
>  struct nftnl_rule *nftnl_rule_alloc(void)
>  {
>  	struct nftnl_rule *r;
> @@ -75,6 +81,8 @@ void nftnl_rule_free(struct nftnl_rule *r)
>  		xfree(r->table);
>  	if (r->chain != NULL)
>  		xfree(r->chain);
> +	if (r->flags & (1 << NFTNL_RULE_USERDATA))
> +		nftnl_attrbuf_free(r->userdata);
>  
>  	xfree(r);
>  }
> @@ -162,8 +170,12 @@ void nftnl_rule_set_data(struct nftnl_rule *r, uint16_t attr,
>  		r->position = *((uint64_t *)data);
>  		break;
>  	case NFTNL_RULE_USERDATA:
> -		r->user.data = (void *)data;
> -		r->user.len = data_len;
> +		(r->userdata = nftnl_attrbuf_alloc(data_len));
> +		if (!r->userdata) {
> +			perror("nftnl_rule_set_data - userdata");
> +			exit(EXIT_FAILURE);
> +		}
> +		nftnl_attrbuf_copy_data(r->userdata, data, data_len);
>  		break;
>  	}
>  	r->flags |= (1 << attr);
> @@ -221,8 +233,8 @@ const void *nftnl_rule_get_data(const struct nftnl_rule *r, uint16_t attr,
>  		*data_len = sizeof(uint64_t);
>  		return &r->position;
>  	case NFTNL_RULE_USERDATA:
> -		*data_len = r->user.len;
> -		return r->user.data;
> +		*data_len = nftnl_attrbuf_get_len(r->userdata);
> +		return (void *)nftnl_attrbuf_get_data(r->userdata);
>  	}
>  	return NULL;
>  }
> @@ -288,8 +300,9 @@ void nftnl_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_rule *r)
>  	if (r->flags & (1 << NFTNL_RULE_POSITION))
>  		mnl_attr_put_u64(nlh, NFTA_RULE_POSITION, htobe64(r->position));
>  	if (r->flags & (1 << NFTNL_RULE_USERDATA)) {
> -		mnl_attr_put(nlh, NFTA_RULE_USERDATA, r->user.len,
> -			     r->user.data);
> +		mnl_attr_put(nlh, NFTA_RULE_USERDATA,
> +			     nftnl_attrbuf_get_len(r->userdata),
> +			     nftnl_attrbuf_get_data(r->userdata));
>  	}
>  
>  	if (!list_empty(&r->expr_list)) {
> @@ -447,19 +460,17 @@ int nftnl_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_rule *r)
>  		r->flags |= (1 << NFTNL_RULE_POSITION);
>  	}
>  	if (tb[NFTA_RULE_USERDATA]) {
> +		uint16_t udata_size;
>  		const void *udata =
>  			mnl_attr_get_payload(tb[NFTA_RULE_USERDATA]);
>  
> -		if (r->user.data)
> -			xfree(r->user.data);
> -
> -		r->user.len = mnl_attr_get_payload_len(tb[NFTA_RULE_USERDATA]);
> +		udata_size = mnl_attr_get_payload_len(tb[NFTA_RULE_USERDATA]);
>  
> -		r->user.data = malloc(r->user.len);
> -		if (r->user.data == NULL)
> +		(r->userdata = nftnl_attrbuf_alloc(udata_size));
> +		if (!r->userdata)
>  			return -1;
> +		nftnl_attrbuf_copy_data(r->userdata, udata, udata_size);
>  
> -		memcpy(r->user.data, udata, r->user.len);
>  		r->flags |= (1 << NFTNL_RULE_USERDATA);
>  	}
>  
> @@ -481,6 +492,7 @@ int nftnl_jansson_parse_rule(struct nftnl_rule *r, json_t *tree,
>  	uint64_t uval64;
>  	uint32_t uval32;
>  	int i, family;
> +	struct nftnl_attrbuf *attrbuf;
>  
>  	root = nftnl_jansson_get_node(tree, "rule", err);
>  	if (root == NULL)
> @@ -557,6 +569,31 @@ int nftnl_jansson_parse_rule(struct nftnl_rule *r, json_t *tree,
>  		nftnl_rule_add_expr(r, e);
>  	}
>  

Please, wrap these code below into a function, eg. nftnl_jansson_udata_parse()

> +	array = json_object_get(root, "userdata");
> +	if (array == NULL) {
> +		err->error = NFTNL_PARSE_EMISSINGNODE;
> +		err->node_name = "userdata";
> +		goto err;
> +	}
> +
> +	attrbuf = nftnl_attrbuf_alloc(NFT_USERDATA_MAXLEN);
> +	if (!attrbuf) {
> +		perror("nftnl_jansson_parse_rule");
> +		exit(EXIT_FAILURE);
> +	}
> +
> +	for (i = 0; i < json_array_size(array); ++i) {
> +		if (nftnl_jansson_attr_parse(attrbuf,
> +					     json_array_get(array, i),
> +					     err,
> +					     set_list) < 0)
> +			goto err;
> +	}
> +
> +	nftnl_rule_set_data(r, NFTNL_RULE_USERDATA,
> +			    nftnl_attrbuf_get_data(attrbuf),
> +			    nftnl_attrbuf_get_len(attrbuf));
> +
>  	return 0;
>  err:
>  	return -1;
> @@ -592,7 +629,7 @@ int nftnl_mxml_rule_parse(mxml_node_t *tree, struct nftnl_rule *r,
>  			struct nftnl_parse_err *err,
>  			struct nftnl_set_list *set_list)
>  {
> -	mxml_node_t *node;
> +	mxml_node_t *node, *node_ud;
>  	struct nftnl_expr *e;
>  	const char *table, *chain;
>  	int family;
> @@ -649,6 +686,35 @@ int nftnl_mxml_rule_parse(mxml_node_t *tree, struct nftnl_rule *r,
>  		nftnl_rule_add_expr(r, e);
>  	}
>  
> +	node_ud = mxmlFindElement(tree, tree, "userdata", NULL, NULL,
> +				  MXML_DESCEND);
> +	if (node_ud) {

Please, wrap these code below into a function, eg. nftnl_mxml_udata_parse()

> +		struct nftnl_attrbuf *attrbuf;
> +
> +		attrbuf = nftnl_attrbuf_alloc(NFT_USERDATA_MAXLEN);
> +		if (!attrbuf) {
> +			perror("nftnl_mxml_rule_parse");
> +			exit(EXIT_FAILURE);
> +		}
> +
> +		/* Iterate over attributes */
> +		for (
> +			node = mxmlFindElement(node_ud, node_ud, "attr", NULL,
> +				NULL, MXML_DESCEND);
> +			node != NULL;
> +			node = mxmlFindElement(node, node_ud, "attr", NULL,
> +				NULL, MXML_DESCEND)
> +		) {
> +			if (nftnl_mxml_attr_parse(attrbuf, node,
> +					MXML_DESCEND_FIRST, r->flags, err) < 0)
> +				return -1;
> +		}
> +
> +		nftnl_rule_set_data(r, NFTNL_RULE_USERDATA,
> +				    nftnl_attrbuf_get_data(attrbuf),
> +				    nftnl_attrbuf_get_len(attrbuf));
> +	}
> +
>  	return 0;
>  }
>  #endif
> @@ -711,6 +777,21 @@ int nftnl_rule_parse_file(struct nftnl_rule *r, enum nftnl_parse_type type,
>  }
>  EXPORT_SYMBOL_ALIAS(nftnl_rule_parse_file, nft_rule_parse_file);
>  
> +static size_t nftnl_rule_snprintf_data2str(char *buf, size_t size,
> +					   const void *data, size_t datalen)
> +{
> +	int i;
> +	size_t ret, len = size, offset = 0;
> +	const unsigned char *str = data;
> +
> +	for (i = 0; i < datalen; i++) {
> +		ret = snprintf(buf+offset, len, "%02X", str[i]);
> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +	}
> +
> +	return offset;
> +}
> +
>  static int nftnl_rule_snprintf_json(char *buf, size_t size, struct nftnl_rule *r,
>  					 uint32_t type, uint32_t flags)
>  {
> @@ -757,6 +838,31 @@ static int nftnl_rule_snprintf_json(char *buf, size_t size, struct nftnl_rule *r
>  		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>  	}
>  
> +	if (r->flags & (1 << NFTNL_RULE_USERDATA)) {
> +		const struct nftnl_attr *attr;
> +
> +		ret = snprintf(buf+offset, len, "\"userdata\":[");
> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +
> +		nftnl_attr_for_each(attr, r->userdata) {
> +			ret = nftnl_rule_snprintf_json_attr(buf+offset, len,
> +							    attr);
> +			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +
> +			ret = snprintf(buf+offset, len, ",");
> +			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +		}
> +		/* delete last comma */
> +		buf[offset-1] = '\0';
> +		offset--;
> +		size--;
> +		len++;
> +
> +		ret = snprintf(buf+offset, len, "],\n");
> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +
> +	}
> +
>  	ret = snprintf(buf+offset, len, "\"expr\":[");
>  	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>  
> @@ -849,17 +955,123 @@ static int nftnl_rule_snprintf_xml(char *buf, size_t size, struct nftnl_rule *r,
>  		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>  
>  	}
> +
> +	if (r->flags & (1 << NFTNL_RULE_USERDATA)) {
> +		const struct nftnl_attr *attr;
> +
> +		ret = snprintf(buf+offset, len, "<userdata>");
> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +
> +		nftnl_attr_for_each(attr, r->userdata) {
> +			ret = snprintf(buf+offset, len, "<attr>");
> +			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +
> +			ret = nftnl_rule_snprintf_xml_attr(buf+offset, len,
> +							    attr);
> +			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +
> +			ret = snprintf(buf+offset, len, "</attr>");
> +			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +		}
> +
> +		ret = snprintf(buf+offset, len, "</userdata>");
> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +	}
> +
>  	ret = snprintf(buf+offset, len, "</rule>");
>  	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>  
>  	return offset;
>  }
>  
> +static size_t nftnl_rule_snprintf_xml_attr(char *buf, size_t size,
> +					   const struct nftnl_attr *attr)
[...]
> +static size_t nftnl_rule_snprintf_json_attr(char *buf, size_t size,
> +					    const struct nftnl_attr *attr)

You can consolidate these two functions into one using the NFTNL_BUF_*
API.

> diff --git a/src/utils.c b/src/utils.c
> index ba36bc4..0cac4b6 100644
> --- a/src/utils.c
> +++ b/src/utils.c
> @@ -139,6 +139,51 @@ int nftnl_strtoi(const char *string, int base, void *out, enum nftnl_type type)
>  	return ret;
>  }
>  
> +static int hex2char(char *out, char c)
> +{
> +	/* numbers */
> +	if (c >= 0x30 && c <= 0x39)
> +		*out = c - 0x30;
> +	/* lowercase characters */
> +	else if (c >= 0x61 && c <= 0x66)
> +		*out = c - 0x61 + 10;
> +	/* uppercase characters */
> +	else if (c >= 0x41 && c <= 0x46)
> +		*out = c - 0x41 + 10;
> +	else {
> +		errno = EINVAL;
> +		return 0;
> +	}

You can just print data in hexadecimal, so we can get rid of this.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/3 v2] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer.

[Carlos Falgueras García]

On 02/03/16 19:41, Pablo Neira Ayuso wrote:
> On Mon, Feb 29, 2016 at 05:25:39PM +0100, Carlos Falgueras García wrote:
>
> Please, wrap these code below into a function, eg. nftnl_jansson_udata_parse()
>
>> +	array = json_object_get(root, "userdata");
>> +	if (array == NULL) {
>> +		err->error = NFTNL_PARSE_EMISSINGNODE;
>> +		err->node_name = "userdata";
>> +		goto err;
>> +	}
>> +
>> +	attrbuf = nftnl_attrbuf_alloc(NFT_USERDATA_MAXLEN);
>> +	if (!attrbuf) {
>> +		perror("nftnl_jansson_parse_rule");
>> +		exit(EXIT_FAILURE);
>> +	}
>> +
>> +	for (i = 0; i < json_array_size(array); ++i) {
>> +		if (nftnl_jansson_attr_parse(attrbuf,
>> +					     json_array_get(array, i),
>> +					     err,
>> +					     set_list) < 0)
>> +			goto err;
>> +	}
>> +
>> +	nftnl_rule_set_data(r, NFTNL_RULE_USERDATA,
>> +			    nftnl_attrbuf_get_data(attrbuf),
>> +			    nftnl_attrbuf_get_len(attrbuf));
>> +
>>   	return 0;
>>   err:
>>   	return -1;
>> @@ -592,7 +629,7 @@ int nftnl_mxml_rule_parse(mxml_node_t *tree, struct nftnl_rule *r,
>>   			struct nftnl_parse_err *err,
>>   			struct nftnl_set_list *set_list)
>>   {
>> -	mxml_node_t *node;
>> +	mxml_node_t *node, *node_ud;
>>   	struct nftnl_expr *e;
>>   	const char *table, *chain;
>>   	int family;
>> @@ -649,6 +686,35 @@ int nftnl_mxml_rule_parse(mxml_node_t *tree, struct nftnl_rule *r,
>>   		nftnl_rule_add_expr(r, e);
>>   	}
>>
>> +	node_ud = mxmlFindElement(tree, tree, "userdata", NULL, NULL,
>> +				  MXML_DESCEND);
>> +	if (node_ud) {
>
> Please, wrap these code below into a function, eg. nftnl_mxml_udata_parse()
>
>> +		struct nftnl_attrbuf *attrbuf;
>> +
>> +		attrbuf = nftnl_attrbuf_alloc(NFT_USERDATA_MAXLEN);
>> +		if (!attrbuf) {
>> +			perror("nftnl_mxml_rule_parse");
>> +			exit(EXIT_FAILURE);
>> +		}
>> +
>> +		/* Iterate over attributes */
>> +		for (
>> +			node = mxmlFindElement(node_ud, node_ud, "attr", NULL,
>> +				NULL, MXML_DESCEND);
>> +			node != NULL;
>> +			node = mxmlFindElement(node, node_ud, "attr", NULL,
>> +				NULL, MXML_DESCEND)
>> +		) {
>> +			if (nftnl_mxml_attr_parse(attrbuf, node,
>> +					MXML_DESCEND_FIRST, r->flags, err) < 0)
>> +				return -1;
>> +		}
>> +
>> +		nftnl_rule_set_data(r, NFTNL_RULE_USERDATA,
>> +				    nftnl_attrbuf_get_data(attrbuf),
>> +				    nftnl_attrbuf_get_len(attrbuf));
>> +	}
>> +
>>   	return 0;
>>   }
>>   #endif
>> @@ -711,6 +777,21 @@ int nftnl_rule_parse_file(struct nftnl_rule *r, enum nftnl_parse_type type,
>>   }
>>   EXPORT_SYMBOL_ALIAS(nftnl_rule_parse_file, nft_rule_parse_file);
>>
>> +static size_t nftnl_rule_snprintf_data2str(char *buf, size_t size,
>> +					   const void *data, size_t datalen)
>> +{
>> +	int i;
>> +	size_t ret, len = size, offset = 0;
>> +	const unsigned char *str = data;
>> +
>> +	for (i = 0; i < datalen; i++) {
>> +		ret = snprintf(buf+offset, len, "%02X", str[i]);
>> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>> +	}
>> +
>> +	return offset;
>> +}
>> +
>>   static int nftnl_rule_snprintf_json(char *buf, size_t size, struct nftnl_rule *r,
>>   					 uint32_t type, uint32_t flags)
>>   {
>> @@ -757,6 +838,31 @@ static int nftnl_rule_snprintf_json(char *buf, size_t size, struct nftnl_rule *r
>>   		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>>   	}
>>
>> +	if (r->flags & (1 << NFTNL_RULE_USERDATA)) {
>> +		const struct nftnl_attr *attr;
>> +
>> +		ret = snprintf(buf+offset, len, "\"userdata\":[");
>> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>> +
>> +		nftnl_attr_for_each(attr, r->userdata) {
>> +			ret = nftnl_rule_snprintf_json_attr(buf+offset, len,
>> +							    attr);
>> +			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>> +
>> +			ret = snprintf(buf+offset, len, ",");
>> +			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>> +		}
>> +		/* delete last comma */
>> +		buf[offset-1] = '\0';
>> +		offset--;
>> +		size--;
>> +		len++;
>> +
>> +		ret = snprintf(buf+offset, len, "],\n");
>> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>> +
>> +	}
>> +
>>   	ret = snprintf(buf+offset, len, "\"expr\":[");
>>   	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>>
>> @@ -849,17 +955,123 @@ static int nftnl_rule_snprintf_xml(char *buf, size_t size, struct nftnl_rule *r,
>>   		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>>
>>   	}
>> +
>> +	if (r->flags & (1 << NFTNL_RULE_USERDATA)) {
>> +		const struct nftnl_attr *attr;
>> +
>> +		ret = snprintf(buf+offset, len, "<userdata>");
>> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>> +
>> +		nftnl_attr_for_each(attr, r->userdata) {
>> +			ret = snprintf(buf+offset, len, "<attr>");
>> +			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>> +
>> +			ret = nftnl_rule_snprintf_xml_attr(buf+offset, len,
>> +							    attr);
>> +			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>> +
>> +			ret = snprintf(buf+offset, len, "</attr>");
>> +			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>> +		}
>> +
>> +		ret = snprintf(buf+offset, len, "</userdata>");
>> +		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>> +	}
>> +
>>   	ret = snprintf(buf+offset, len, "</rule>");
>>   	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
>>
>>   	return offset;
>>   }
>>
>> +static size_t nftnl_rule_snprintf_xml_attr(char *buf, size_t size,
>> +					   const struct nftnl_attr *attr)
> [...]
>> +static size_t nftnl_rule_snprintf_json_attr(char *buf, size_t size,
>> +					    const struct nftnl_attr *attr)
>
> You can consolidate these two functions into one using the NFTNL_BUF_*
> API.
>

If I wrap these functions in this patch, the new code structure will 
differ from the one already there. Maybe it is better if I do a complete 
refactor in a different patch?

>> diff --git a/src/utils.c b/src/utils.c
>> index ba36bc4..0cac4b6 100644
>> --- a/src/utils.c
>> +++ b/src/utils.c
>> @@ -139,6 +139,51 @@ int nftnl_strtoi(const char *string, int base, void *out, enum nftnl_type type)
>>   	return ret;
>>   }
>>
>> +static int hex2char(char *out, char c)
>> +{
>> +	/* numbers */
>> +	if (c >= 0x30 && c <= 0x39)
>> +		*out = c - 0x30;
>> +	/* lowercase characters */
>> +	else if (c >= 0x61 && c <= 0x66)
>> +		*out = c - 0x61 + 10;
>> +	/* uppercase characters */
>> +	else if (c >= 0x41 && c <= 0x46)
>> +		*out = c - 0x41 + 10;
>> +	else {
>> +		errno = EINVAL;
>> +		return 0;
>> +	}
>
> You can just print data in hexadecimal, so we can get rid of this.
>

This functions is not for print, it is for parse an hexadecimal 
character (maybe i must find a better name?). I'm printing the user data 
in hexadecimal with snprintf("%02X") and later I'm parsing it character 
by character with this function. There is other possible solutions with 
strtoul, atoi or sscanf, but these can't convert a single byte so they 
are endian dependient.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/3 v2] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer.

[Pablo Neira Ayuso]

On Tue, Mar 08, 2016 at 10:58:11AM +0100, Carlos Falgueras García wrote:
> On 02/03/16 19:41, Pablo Neira Ayuso wrote:
> >You can consolidate these two functions into one using the NFTNL_BUF_*
> >API.
> 
> If I wrap these functions in this patch, the new code structure will differ
> from the one already there. Maybe it is better if I do a complete refactor
> in a different patch?

OK, you follow up to clean up/consolidate this code.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 3/3 v2] nftables: rule: Change the field "rule->comment" for an nftnl_attrbuf.

[Carlos Falgueras García]

Now it is possible to store multiple variable length user data into rule.
Modify the parser in order to fill the nftnl_attrbuf with the comment, and
the print function for extract these commentary and print it to user.

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
---
 include/rule.h            | 11 +++++++++--
 src/netlink_delinearize.c |  7 +++++--
 src/netlink_linearize.c   |  6 ++++--
 src/parser_bison.y        | 17 ++++++++++++++++-
 src/rule.c                | 40 +++++++++++++++++++++++++++++++++++++---
 5 files changed, 71 insertions(+), 10 deletions(-)

diff --git a/include/rule.h b/include/rule.h
index c848f0f..e079aa1 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -4,6 +4,7 @@
 #include <stdint.h>
 #include <nftables.h>
 #include <list.h>
+#include <libnftnl/attr.h>
 
 /**
  * struct handle - handle for tables, chains, rules and sets
@@ -155,7 +156,7 @@ extern void chain_print_plain(const struct chain *chain);
  * @location:	location the rule was defined at
  * @stmt:	list of statements
  * @num_stmts:	number of statements in stmts list
- * @comment:	comment
+ * @udata:	user data
  */
 struct rule {
 	struct list_head	list;
@@ -163,7 +164,7 @@ struct rule {
 	struct location		location;
 	struct list_head	stmts;
 	unsigned int		num_stmts;
-	const char		*comment;
+	struct nftnl_attrbuf	*udata;
 };
 
 extern struct rule *rule_alloc(const struct location *loc,
@@ -396,4 +397,10 @@ extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
 extern int cache_update(enum cmd_ops cmd, struct list_head *msgs);
 extern void cache_release(void);
 
+enum udata_type {
+	UDATA_TYPE_COMMENT,
+	__UDATA_TYPE_MAX,
+};
+#define UDATA_TYPE_MAX (__UDATA_TYPE_MAX - 1)
+
 #endif /* NFTABLES_RULE_H */
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index ae6abb0..c7448d3 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -25,6 +25,7 @@
 #include <utils.h>
 #include <erec.h>
 #include <sys/socket.h>
+#include <libnftnl/attr.h>
 
 struct netlink_parse_ctx {
 	struct list_head	*msgs;
@@ -1738,8 +1739,10 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
 		uint32_t len;
 
 		data = nftnl_rule_get_data(nlr, NFTNL_RULE_USERDATA, &len);
-		pctx->rule->comment = xmalloc(len);
-		memcpy((char *)pctx->rule->comment, data, len);
+		pctx->rule->udata = nftnl_attrbuf_alloc(len);
+		if (!pctx->rule->udata)
+			memory_allocation_error();
+		nftnl_attrbuf_copy_data(pctx->rule->udata, data, len);
 	}
 
 	nftnl_expr_foreach((struct nftnl_rule *)nlr, netlink_parse_expr, pctx);
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 86b49c6..7b33f33 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -21,6 +21,7 @@
 #include <netinet/in.h>
 
 #include <linux/netfilter.h>
+#include <libnftnl/attr.h>
 
 
 struct netlink_linearize_ctx {
@@ -1108,9 +1109,10 @@ void netlink_linearize_rule(struct netlink_ctx *ctx, struct nftnl_rule *nlr,
 	list_for_each_entry(stmt, &rule->stmts, list)
 		netlink_gen_stmt(&lctx, stmt);
 
-	if (rule->comment)
+	if (rule->udata)
 		nftnl_rule_set_data(nlr, NFTNL_RULE_USERDATA,
-				    rule->comment, strlen(rule->comment) + 1);
+				    nftnl_attrbuf_get_data(rule->udata),
+				    nftnl_attrbuf_get_len(rule->udata));
 
 	netlink_dump_rule(nlr);
 }
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 05ade0f..019e9a2 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -24,6 +24,7 @@
 #include <netinet/icmp6.h>
 #include <libnftnl/common.h>
 #include <libnftnl/set.h>
+#include <libnftnl/attr.h>
 
 #include <rule.h>
 #include <statement.h>
@@ -1304,7 +1305,21 @@ rule			:	stmt_list	comment_spec
 				struct stmt *i;
 
 				$$ = rule_alloc(&@$, NULL);
-				$$->comment = $2;
+
+				if ($2) {
+					if (!($$->udata = nftnl_attrbuf_alloc(NFT_USERDATA_MAXLEN)))
+						memory_allocation_error();
+
+					if (!(nftnl_attr_put_check($$->udata,
+						UDATA_TYPE_COMMENT,
+						strlen($2) + 1, $2))
+					) {
+						erec_queue(error(&@2, "Comment too long: \"%s\"", $2),
+							state->msgs);
+						YYERROR;
+					}
+				}
+
 				list_for_each_entry(i, $1, list)
 					$$->num_stmts++;
 				list_splice_tail($1, &$$->stmts);
diff --git a/src/rule.c b/src/rule.c
index 18ff592..499fa7b 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -23,6 +23,7 @@
 
 #include <libnftnl/common.h>
 #include <libnftnl/ruleset.h>
+#include <libnftnl/attr.h>
 #include <netinet/ip.h>
 #include <linux/netfilter.h>
 #include <linux/netfilter_arp.h>
@@ -366,6 +367,7 @@ struct rule *rule_alloc(const struct location *loc, const struct handle *h)
 	rule->location = *loc;
 	init_list_head(&rule->list);
 	init_list_head(&rule->stmts);
+	rule->udata = NULL;
 	if (h != NULL)
 		rule->handle = *h;
 	return rule;
@@ -375,21 +377,53 @@ void rule_free(struct rule *rule)
 {
 	stmt_list_free(&rule->stmts);
 	handle_free(&rule->handle);
-	xfree(rule->comment);
+	nftnl_attrbuf_free(rule->udata);
 	xfree(rule);
 }
 
+static int rule_parse_userdata_cb(const struct nftnl_attr *attr,
+				  void *data)
+{
+	const struct nftnl_attr **tb = data;
+	uint8_t type = nftnl_attr_get_type(attr);
+	uint8_t len = nftnl_attr_get_len(attr);
+	unsigned char *value = nftnl_attr_get_value(attr);
+
+	/* Validation */
+	switch (type) {
+	case UDATA_TYPE_COMMENT:
+		if (value[len-1] != '\0')
+			return NFTNL_CB_ERROR;
+		break;
+	default:
+		break;
+	};
+
+	tb[type] = attr;
+	return NFTNL_CB_OK;
+}
+
+
 void rule_print(const struct rule *rule)
 {
 	const struct stmt *stmt;
+	const struct nftnl_attr *tb[UDATA_TYPE_MAX+1] = {};
+	const struct nftnl_attr *attr;
 
 	list_for_each_entry(stmt, &rule->stmts, list) {
 		stmt->ops->print(stmt);
 		printf(" ");
 	}
 
-	if (rule->comment)
-		printf("comment \"%s\" ", rule->comment);
+	if (rule->udata) {
+		if (nftnl_attr_parse(rule->udata, rule_parse_userdata_cb, tb)
+			!= NFTNL_CB_ERROR
+		) {
+			attr = tb[UDATA_TYPE_COMMENT];
+			printf("comment \"%s\" ",
+					(char *)nftnl_attr_get_value(attr));
+		}
+	}
 
 	if (handle_output > 0)
 		printf("# handle %" PRIu64, rule->handle.handle);
-- 
2.7.0

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 3/3 v2] nftables: rule: Change the field "rule->comment" for an nftnl_attrbuf.

[Pablo Neira Ayuso]

On Mon, Feb 29, 2016 at 05:25:40PM +0100, Carlos Falgueras García wrote:
> Now it is possible to store multiple variable length user data into rule.
> Modify the parser in order to fill the nftnl_attrbuf with the comment, and
> the print function for extract these commentary and print it to user.
> 
> Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
> ---
>  include/rule.h            | 11 +++++++++--
>  src/netlink_delinearize.c |  7 +++++--
>  src/netlink_linearize.c   |  6 ++++--
>  src/parser_bison.y        | 17 ++++++++++++++++-
>  src/rule.c                | 40 +++++++++++++++++++++++++++++++++++++---
>  5 files changed, 71 insertions(+), 10 deletions(-)
> 
> diff --git a/include/rule.h b/include/rule.h
> index c848f0f..e079aa1 100644
> --- a/include/rule.h
> +++ b/include/rule.h
> @@ -4,6 +4,7 @@
>  #include <stdint.h>
>  #include <nftables.h>
>  #include <list.h>
> +#include <libnftnl/attr.h>
>  
>  /**
>   * struct handle - handle for tables, chains, rules and sets
> @@ -155,7 +156,7 @@ extern void chain_print_plain(const struct chain *chain);
>   * @location:	location the rule was defined at
>   * @stmt:	list of statements
>   * @num_stmts:	number of statements in stmts list
> - * @comment:	comment
> + * @udata:	user data
>   */
>  struct rule {
>  	struct list_head	list;
> @@ -163,7 +164,7 @@ struct rule {
>  	struct location		location;
>  	struct list_head	stmts;
>  	unsigned int		num_stmts;
> -	const char		*comment;
> +	struct nftnl_attrbuf	*udata;
>  };
>  
>  extern struct rule *rule_alloc(const struct location *loc,
> @@ -396,4 +397,10 @@ extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
>  extern int cache_update(enum cmd_ops cmd, struct list_head *msgs);
>  extern void cache_release(void);
>  
> +enum udata_type {
> +	UDATA_TYPE_COMMENT,
> +	__UDATA_TYPE_MAX,
> +};
> +#define UDATA_TYPE_MAX (__UDATA_TYPE_MAX - 1)
> +
>  #endif /* NFTABLES_RULE_H */
> diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
> index ae6abb0..c7448d3 100644
> --- a/src/netlink_delinearize.c
> +++ b/src/netlink_delinearize.c
> @@ -25,6 +25,7 @@
>  #include <utils.h>
>  #include <erec.h>
>  #include <sys/socket.h>
> +#include <libnftnl/attr.h>
>  
>  struct netlink_parse_ctx {
>  	struct list_head	*msgs;
> @@ -1738,8 +1739,10 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
>  		uint32_t len;
>  
>  		data = nftnl_rule_get_data(nlr, NFTNL_RULE_USERDATA, &len);
> -		pctx->rule->comment = xmalloc(len);
> -		memcpy((char *)pctx->rule->comment, data, len);
> +		pctx->rule->udata = nftnl_attrbuf_alloc(len);
> +		if (!pctx->rule->udata)
> +			memory_allocation_error();
> +		nftnl_attrbuf_copy_data(pctx->rule->udata, data, len);
>  	}
>  
>  	nftnl_expr_foreach((struct nftnl_rule *)nlr, netlink_parse_expr, pctx);
> diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
> index 86b49c6..7b33f33 100644
> --- a/src/netlink_linearize.c
> +++ b/src/netlink_linearize.c
> @@ -21,6 +21,7 @@
>  #include <netinet/in.h>
>  
>  #include <linux/netfilter.h>
> +#include <libnftnl/attr.h>
>  
>  
>  struct netlink_linearize_ctx {
> @@ -1108,9 +1109,10 @@ void netlink_linearize_rule(struct netlink_ctx *ctx, struct nftnl_rule *nlr,
>  	list_for_each_entry(stmt, &rule->stmts, list)
>  		netlink_gen_stmt(&lctx, stmt);
>  
> -	if (rule->comment)
> +	if (rule->udata)
>  		nftnl_rule_set_data(nlr, NFTNL_RULE_USERDATA,
> -				    rule->comment, strlen(rule->comment) + 1);
> +				    nftnl_attrbuf_get_data(rule->udata),
> +				    nftnl_attrbuf_get_len(rule->udata));
>  
>  	netlink_dump_rule(nlr);
>  }
> diff --git a/src/parser_bison.y b/src/parser_bison.y
> index 05ade0f..019e9a2 100644
> --- a/src/parser_bison.y
> +++ b/src/parser_bison.y
> @@ -24,6 +24,7 @@
>  #include <netinet/icmp6.h>
>  #include <libnftnl/common.h>
>  #include <libnftnl/set.h>
> +#include <libnftnl/attr.h>
>  
>  #include <rule.h>
>  #include <statement.h>
> @@ -1304,7 +1305,21 @@ rule			:	stmt_list	comment_spec
>  				struct stmt *i;
>  
>  				$$ = rule_alloc(&@$, NULL);
> -				$$->comment = $2;
> +
> +				if ($2) {
> +					if (!($$->udata = nftnl_attrbuf_alloc(NFT_USERDATA_MAXLEN)))
> +						memory_allocation_error();
> +
> +					if (!(nftnl_attr_put_check($$->udata,
> +						UDATA_TYPE_COMMENT,
> +						strlen($2) + 1, $2))
> +					) {

					if (!(nftnl_attr_put_check($$->udata,
                                                                   UDATA_TYPE_COMMENT,
						strlen($2) + 1, $2))
					) {

Please, check coding style.

You can add a helper function, eg.
					if (!(nftnl_udata_put_strz($$->udata,
                                                                   UDATA_TYPE_COMMENT, $2) {


> +						erec_queue(error(&@2, "Comment too long: \"%s\"", $2),
> +							state->msgs);
> +						YYERROR;
> +					}
> +				}
> +
>  				list_for_each_entry(i, $1, list)
>  					$$->num_stmts++;
>  				list_splice_tail($1, &$$->stmts);
> diff --git a/src/rule.c b/src/rule.c
> index 18ff592..499fa7b 100644
> --- a/src/rule.c
> +++ b/src/rule.c
> @@ -23,6 +23,7 @@
>  
>  #include <libnftnl/common.h>
>  #include <libnftnl/ruleset.h>
> +#include <libnftnl/attr.h>
>  #include <netinet/ip.h>
>  #include <linux/netfilter.h>
>  #include <linux/netfilter_arp.h>
> @@ -366,6 +367,7 @@ struct rule *rule_alloc(const struct location *loc, const struct handle *h)
>  	rule->location = *loc;
>  	init_list_head(&rule->list);
>  	init_list_head(&rule->stmts);
> +	rule->udata = NULL;
>  	if (h != NULL)
>  		rule->handle = *h;
>  	return rule;
> @@ -375,21 +377,53 @@ void rule_free(struct rule *rule)
>  {
>  	stmt_list_free(&rule->stmts);
>  	handle_free(&rule->handle);
> -	xfree(rule->comment);
> +	nftnl_attrbuf_free(rule->udata);

I would rename this function to:

        nftnl_udata_free();

So all functions that now refer to nftnl_attrbuf_* look like:

        nftnl_udata_*()

then, to push/retrieve attributes, I would use the prefix:

        nftnl_udata_attr_*()

>  	xfree(rule);
>  }
>  
> +static int rule_parse_userdata_cb(const struct nftnl_attr *attr,
> +				  void *data)
> +{
> +	const struct nftnl_attr **tb = data;
> +	uint8_t type = nftnl_attr_get_type(attr);
> +	uint8_t len = nftnl_attr_get_len(attr);
> +	unsigned char *value = nftnl_attr_get_value(attr);
> +
> +	/* Validation */
> +	switch (type) {
> +	case UDATA_TYPE_COMMENT:
> +		if (value[len-1] != '\0')
> +			return NFTNL_CB_ERROR;
> +		break;
> +	default:
> +		break;
> +	};
> +
> +	tb[type] = attr;
> +	return NFTNL_CB_OK;
> +}
> +
> +
>  void rule_print(const struct rule *rule)
>  {
>  	const struct stmt *stmt;
> +	const struct nftnl_attr *tb[UDATA_TYPE_MAX+1] = {};

const struct nftnl_attr *tb[UDATA_TYPE_MAX + 1] = {};
                                          ^ ^
                                This space is preferred.

> +	const struct nftnl_attr *attr;
>  
>  	list_for_each_entry(stmt, &rule->stmts, list) {
>  		stmt->ops->print(stmt);
>  		printf(" ");
>  	}
>  
> -	if (rule->comment)
> -		printf("comment \"%s\" ", rule->comment);
> +	if (rule->udata) {
> +		if (nftnl_attr_parse(rule->udata, rule_parse_userdata_cb, tb)
> +			!= NFTNL_CB_ERROR
> +		) {
> +			attr = tb[UDATA_TYPE_COMMENT];

You have to check here for the attribute:

                        if (tb[UDATA_COMMENT]) {
        			printf("comment \"%s\" ",
				        (char *)nftnl_attr_get_value(attr));
                        }

Otherwise this will break once we get new attributes.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 3/3 v2] nftables: rule: Change the field "rule->comment" for an nftnl_attrbuf.

[Carlos Falgueras García]

On 02/03/16 19:37, Pablo Neira Ayuso wrote:
> On Mon, Feb 29, 2016 at 05:25:40PM +0100, Carlos Falgueras García wrote:
>> diff --git a/src/rule.c b/src/rule.c
>> index 18ff592..499fa7b 100644
>> --- a/src/rule.c
>> +++ b/src/rule.c
>> @@ -23,6 +23,7 @@
>>
>>   #include <libnftnl/common.h>
>>   #include <libnftnl/ruleset.h>
>> +#include <libnftnl/attr.h>
>>   #include <netinet/ip.h>
>>   #include <linux/netfilter.h>
>>   #include <linux/netfilter_arp.h>
>> @@ -366,6 +367,7 @@ struct rule *rule_alloc(const struct location *loc, const struct handle *h)
>>   	rule->location = *loc;
>>   	init_list_head(&rule->list);
>>   	init_list_head(&rule->stmts);
>> +	rule->udata = NULL;
>>   	if (h != NULL)
>>   		rule->handle = *h;
>>   	return rule;
>> @@ -375,21 +377,53 @@ void rule_free(struct rule *rule)
>>   {
>>   	stmt_list_free(&rule->stmts);
>>   	handle_free(&rule->handle);
>> -	xfree(rule->comment);
>> +	nftnl_attrbuf_free(rule->udata);
>
> I would rename this function to:
>
>          nftnl_udata_free();
>
> So all functions that now refer to nftnl_attrbuf_* look like:
>
>          nftnl_udata_*()
>
> then, to push/retrieve attributes, I would use the prefix:
>
>          nftnl_udata_attr_*()

I renamed all functions following these rule except 
"nftnl_udata_attr_put" which I changed to "nftnl_udata_put" because 
functions like "nftnl_udata_attr_put_strz" would have very long name. It 
is ok?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 3/3 v2] nftables: rule: Change the field "rule->comment" for an nftnl_attrbuf.

[Pablo Neira Ayuso]

On Tue, Mar 08, 2016 at 10:58:19AM +0100, Carlos Falgueras García wrote:
> On 02/03/16 19:37, Pablo Neira Ayuso wrote:
> >On Mon, Feb 29, 2016 at 05:25:40PM +0100, Carlos Falgueras García wrote:
> >>diff --git a/src/rule.c b/src/rule.c
> >>index 18ff592..499fa7b 100644
> >>--- a/src/rule.c
> >>+++ b/src/rule.c
> >>@@ -23,6 +23,7 @@
> >>
> >>  #include <libnftnl/common.h>
> >>  #include <libnftnl/ruleset.h>
> >>+#include <libnftnl/attr.h>
> >>  #include <netinet/ip.h>
> >>  #include <linux/netfilter.h>
> >>  #include <linux/netfilter_arp.h>
> >>@@ -366,6 +367,7 @@ struct rule *rule_alloc(const struct location *loc, const struct handle *h)
> >>  	rule->location = *loc;
> >>  	init_list_head(&rule->list);
> >>  	init_list_head(&rule->stmts);
> >>+	rule->udata = NULL;
> >>  	if (h != NULL)
> >>  		rule->handle = *h;
> >>  	return rule;
> >>@@ -375,21 +377,53 @@ void rule_free(struct rule *rule)
> >>  {
> >>  	stmt_list_free(&rule->stmts);
> >>  	handle_free(&rule->handle);
> >>-	xfree(rule->comment);
> >>+	nftnl_attrbuf_free(rule->udata);
> >
> >I would rename this function to:
> >
> >         nftnl_udata_free();
> >
> >So all functions that now refer to nftnl_attrbuf_* look like:
> >
> >         nftnl_udata_*()
> >
> >then, to push/retrieve attributes, I would use the prefix:
> >
> >         nftnl_udata_attr_*()
> 
> I renamed all functions following these rule except "nftnl_udata_attr_put"
> which I changed to "nftnl_udata_put" because functions like
> "nftnl_udata_attr_put_strz" would have very long name. It is ok?

Yes, that's a good idea :)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/3 v2] libnftnl: Implement new buffer of TLV objects.

[Pablo Neira Ayuso]

On Mon, Feb 29, 2016 at 05:25:38PM +0100, Carlos Falgueras García wrote:
> These functions allow to create a buffer (nftnl_attrbuf) of TLV objects
> (nftnl_attr). It is inspired by libmnl/src/attr.c. It can be used to store
> several variable length user data into an object.
> 
> Example usage:
> 	```
> 	struct nftnl_attrbuf *attrbuf;
> 	struct nftnl_attr *attr;
> 	const char str[] = "Hello World!";
> 
> 	attrbuf = nftnl_attrbuf_alloc(ATTRBUF_SIZE);
> 	if (!nftnl_attr_put_check(attrbuf, NFTNL_ATTR_TYPE_COMMENT,
> 				  strlen(str), str)
> 	) {

Please, mind your coding style.

    if (!nftnl_attr_put(attrbuf, NFTNL_ATTR_TYPE_COMMENT, strlen(str), str) {

BTW, NFTNL_ATTR_TYPE_COMMENT doesn't exist in this tree.

> 		fprintf(stderr, "Can't put attribute \"%s\"", str);

On this snippet, on error you should:

                perror("Can't put attribute \"%s\"", str);
                exit(EXIT_FAILURE);

> 	}
> 
> 	nftnl_attr_for_each(attr, attrbuf) {
> 		printf("%s\n", (char *)nftnl_attr_get_value(attr));
> 	}
> 
> 	nftnl_attr_free(attrbuf);
> 	```
> 
> Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
> ---
>  include/Makefile.am          |   1 +
>  include/attr.h               |  40 +++++++++++++
>  include/libnftnl/Makefile.am |   1 +
>  include/libnftnl/attr.h      |  53 +++++++++++++++++
>  src/Makefile.am              |   1 +
>  src/attr.c                   | 132 +++++++++++++++++++++++++++++++++++++++++++
>  src/libnftnl.map             |  16 ++++++
>  7 files changed, 244 insertions(+)
>  create mode 100644 include/attr.h
>  create mode 100644 include/libnftnl/attr.h
>  create mode 100644 src/attr.c
> 
> diff --git a/include/Makefile.am b/include/Makefile.am
> index be9eb9b..785ec15 100644
> --- a/include/Makefile.am
> +++ b/include/Makefile.am
> @@ -12,4 +12,5 @@ noinst_HEADERS = internal.h	\
>  		 expr.h		\
>  		 json.h		\
>  		 set_elem.h	\
> +		 attr.h		\
>  		 utils.h
> diff --git a/include/attr.h b/include/attr.h
> new file mode 100644
> index 0000000..2a29fa0
> --- /dev/null
> +++ b/include/attr.h
> @@ -0,0 +1,40 @@
> +#ifndef _LIBNFTNL_ATTR_INTERNAL_H_
> +#define _LIBNFTNL_ATTR_INTERNAL_H_
> +
> +#include <stdint.h>
> +#include <stddef.h>
> +
> +/*
> + * TLV structures:
> + * nftnl_attr
> + *  <-------- HEADER --------> <------ PAYLOAD ------>
> + * +------------+-------------+- - - - - - - - - - - -+
> + * |    type    |     len     |         value         |
> + * |  (1 byte)  |   (1 byte)  |                       |
> + * +--------------------------+- - - - - - - - - - - -+
> + *  <-- sizeof(nftnl_attr) --> <-- nftnl_attr->len -->
> + */
> +struct __attribute__((__packed__)) nftnl_attr {
> +	uint8_t type;
> +	uint8_t len;
> +	unsigned char value[];
> +};

struct nftnl_attr {
      ...
} __attribute__((__packed__));

> +/*
> + *              +-------------------------------------------++
> + *              |           data[]                          ||
> + *              |             ||                            ||
> + *              |             \/                            \/
> + *  +-------+-------+- - - - -+-------+-------+ ... +-------+- - - - - - -+
> + *  | size  |  end  | padding |  TLV  |  TLV  |     |  TLV  |    Empty    |
> + *  +-------+-------+- - - - -+-------+-------+ ... +-------+- - - - - - -+
> + *                            |<- nftnl_attrbuf_get_len() ->|
> + *                            |<-------- nftnl_attrbuf_get_size() ------->|
> + */
> +struct nftnl_attrbuf {
> +	size_t size;
> +	char  *end;
> +	char   data[] __attribute__((aligned(64)));

No need for this aligned for a control structure.

> +};
> +
> +#endif
> diff --git a/include/libnftnl/Makefile.am b/include/libnftnl/Makefile.am
> index 84f01b6..a3a6fb3 100644
> --- a/include/libnftnl/Makefile.am
> +++ b/include/libnftnl/Makefile.am
> @@ -7,4 +7,5 @@ pkginclude_HEADERS = batch.h		\
>  		     set.h		\
>  		     ruleset.h		\
>  		     common.h		\
> +		     attr.h		\
>  		     gen.h
> diff --git a/include/libnftnl/attr.h b/include/libnftnl/attr.h
> new file mode 100644
> index 0000000..cc3689e
> --- /dev/null
> +++ b/include/libnftnl/attr.h
> @@ -0,0 +1,53 @@
> +#ifndef _LIBNFTNL_ATTR_H_
> +#define _LIBNFTNL_ATTR_H_
> +
> +#include <stdio.h>
> +#include <stdint.h>
> +
> +/*
> + * nftnl attributes API
> + */
> +struct nftnl_attr;

Could you rename this to:

        struct nftnl_udata;

since this will be used for rule and set udata areas.

> +struct nftnl_attrbuf;

struct nftnl_udata_buf;

> +/* nftnl_attrbuf */
> +struct nftnl_attrbuf *nftnl_attrbuf_alloc(size_t data_size);
> +void nftnl_attrbuf_free(struct nftnl_attrbuf *attrbuf);
> +size_t nftnl_attrbuf_get_len(const struct nftnl_attrbuf *attrbuf);
> +size_t nftnl_attrbuf_get_size(const struct nftnl_attrbuf *attrbuf);
> +void *nftnl_attrbuf_get_data(const struct nftnl_attrbuf *attrbuf);
> +void nftnl_attrbuf_copy_data(struct nftnl_attrbuf *attrbuf,
> +			     const void *data, size_t len);
> +struct nftnl_attr *nftnl_attrbuf_get_start(const struct nftnl_attrbuf *attrbuf);
> +struct nftnl_attr *nftnl_attrbuf_get_end(const struct nftnl_attrbuf *attrbuf);
> +
> +/* TLV attribute getters */
> +uint8_t nftnl_attr_get_type(const struct nftnl_attr *attr);
> +uint8_t nftnl_attr_get_len(const struct nftnl_attr *attr);
> +void *nftnl_attr_get_value(const struct nftnl_attr *attr);
> +
> +/* TLV attribute putters */
> +struct nftnl_attr *nftnl_attr_put(struct nftnl_attrbuf *attrbuf,
> +				  uint8_t type, uint8_t len, const void *value);

Please, remove tis nftnl_attr_put() and rename nftnl_attr_put_check to
become nftnl_attr_put().

> +struct nftnl_attr *nftnl_attr_put_check(struct nftnl_attrbuf *attrbuf,
> +					uint8_t type, size_t len,
> +					const void *value);
> +
> +/* TLV iterators */
> +struct nftnl_attr *nftnl_attr_next(const struct nftnl_attr *attr);
> +
> +#define nftnl_attr_for_each(attr, attrbuf)                              \
> +	for ((attr) = nftnl_attrbuf_get_start(attrbuf);                 \
> +	     (char *)(nftnl_attrbuf_get_end(attrbuf)) > (char *)(attr); \
> +	     (attr) = nftnl_attr_next(attr))
> +
> +/* TLV callback-based attribute parsers */
> +#define NFTNL_CB_ERROR	-1
> +#define NFTNL_CB_STOP	 0
> +#define NFTNL_CB_OK	 1
> +
> +typedef int (*nftnl_attr_cb_t)(const struct nftnl_attr *attr, void *data);
> +int nftnl_attr_parse(const struct nftnl_attrbuf *attrbuf, nftnl_attr_cb_t cb,
> +		     void *data);
> +
> +#endif /* _LIBNFTNL_ATTR_H_ */
> diff --git a/src/Makefile.am b/src/Makefile.am
> index a27e292..621dd69 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -19,6 +19,7 @@ libnftnl_la_SOURCES = utils.c		\
>  		      ruleset.c		\
>  		      mxml.c		\
>  		      jansson.c		\
> +		      attr.c		\
>  		      expr.c		\
>  		      expr_ops.c	\
>  		      expr/bitwise.c	\
> diff --git a/src/attr.c b/src/attr.c
> new file mode 100644
> index 0000000..82c63aa
> --- /dev/null
> +++ b/src/attr.c
> @@ -0,0 +1,132 @@
> +#include <libnftnl/attr.h>
> +#include <attr.h>
> +#include <utils.h>
> +
> +#include <stdlib.h>
> +#include <stdint.h>
> +
> +
> +struct nftnl_attrbuf *nftnl_attrbuf_alloc(size_t data_size)
> +{
> +	struct nftnl_attrbuf *attrbuf;
> +
> +	attrbuf = (struct nftnl_attrbuf *)
> +		malloc(sizeof(struct nftnl_attrbuf) + data_size);
> +	attrbuf->size = data_size;
> +	attrbuf->end = attrbuf->data;
> +
> +	return attrbuf;
> +}
> +EXPORT_SYMBOL(nftnl_attrbuf_alloc);
> +
> +void nftnl_attrbuf_free(struct nftnl_attrbuf *attrbuf)
> +{
> +	attrbuf->size = 0;
> +	attrbuf->end = NULL;
> +	free((void *)attrbuf);
> +}
> +EXPORT_SYMBOL(nftnl_attrbuf_free);
> +
> +size_t nftnl_attrbuf_get_len(const struct nftnl_attrbuf *attrbuf)
> +{
> +	return (size_t)(attrbuf->end - attrbuf->data);
> +}
> +EXPORT_SYMBOL(nftnl_attrbuf_get_len);
> +
> +size_t nftnl_attrbuf_get_size(const struct nftnl_attrbuf *attrbuf)
> +{
> +	return attrbuf->size;
> +}
> +EXPORT_SYMBOL(nftnl_attrbuf_get_size);
> +
> +struct nftnl_attr *nftnl_attrbuf_get_start(const struct nftnl_attrbuf *attrbuf)
> +{
> +	return (struct nftnl_attr *)attrbuf->data;
> +}
> +EXPORT_SYMBOL(nftnl_attrbuf_get_start);
> +
> +struct nftnl_attr *nftnl_attrbuf_get_end(const struct nftnl_attrbuf *attrbuf)
> +{
> +	return (struct nftnl_attr *)attrbuf->end;
> +}
> +EXPORT_SYMBOL(nftnl_attrbuf_get_end);
> +
> +void *nftnl_attrbuf_get_data(const struct nftnl_attrbuf *attrbuf)
> +{
> +	return (void *)attrbuf->data;
> +}
> +EXPORT_SYMBOL(nftnl_attrbuf_get_data);
> +
> +void nftnl_attrbuf_copy_data(struct nftnl_attrbuf *attrbuf,
> +			    const void *data, size_t len)
> +{
> +	memcpy(attrbuf->data, data, len <= attrbuf->size ? len : attrbuf->size);
> +	attrbuf->end = attrbuf->data + len;
> +}
> +EXPORT_SYMBOL(nftnl_attrbuf_copy_data);
> +
> +uint8_t nftnl_attr_get_type(const struct nftnl_attr *attr)
> +{
> +	return attr->type;
> +}
> +EXPORT_SYMBOL(nftnl_attr_get_type);
> +
> +uint8_t nftnl_attr_get_len(const struct nftnl_attr *attr)
> +{
> +	return attr->len;
> +}
> +EXPORT_SYMBOL(nftnl_attr_get_len);
> +
> +void *nftnl_attr_get_value(const struct nftnl_attr *attr)
> +{
> +	return (void *)attr->value;
> +}
> +EXPORT_SYMBOL(nftnl_attr_get_value);
> +
> +struct nftnl_attr *nftnl_attr_put(struct nftnl_attrbuf *attrbuf,
> +				  uint8_t type, uint8_t len, const void *value)
> +{
> +	struct nftnl_attr *attr = (struct nftnl_attr *)attrbuf->end;
> +
> +	attr->len  = len;
> +	attr->type = type;
> +	memcpy(attr->value, value, len);
> +
> +	attrbuf->end = (char *)nftnl_attr_next(attr);
> +
> +	return attr;
> +}
> +EXPORT_SYMBOL(nftnl_attr_put);
> +
> +struct nftnl_attr *nftnl_attr_put_check(struct nftnl_attrbuf *attrbuf,
> +					uint8_t type, size_t len,
> +					const void *value)
> +{
> +	/* Check if there is enough space */
> +	if (attrbuf->size < len + sizeof(struct nftnl_attr))
> +		return NULL;
> +
> +	return nftnl_attr_put(attrbuf, type, len, value);
> +}
> +EXPORT_SYMBOL(nftnl_attr_put_check);
> +
> +struct nftnl_attr *nftnl_attr_next(const struct nftnl_attr *attr)
> +{
> +	return (struct nftnl_attr *)&attr->value[attr->len];
> +}
> +EXPORT_SYMBOL(nftnl_attr_next);
> +
> +int nftnl_attr_parse(const struct nftnl_attrbuf *attrbuf, nftnl_attr_cb_t cb,
> +		     void *data)
> +{
> +	int ret = NFTNL_CB_OK;
> +	const struct nftnl_attr *attr;
> +
> +	nftnl_attr_for_each(attr, attrbuf) {
> +		ret = cb(attr, data);
> +		if (ret <= NFTNL_CB_STOP)
> +			return ret;
> +	}
> +	return ret;
> +}
> +EXPORT_SYMBOL(nftnl_attr_parse);
> diff --git a/src/libnftnl.map b/src/libnftnl.map
> index 2e193b7..65bd37e 100644
> --- a/src/libnftnl.map
> +++ b/src/libnftnl.map
> @@ -336,6 +336,22 @@ global:
>    nftnl_set_snprintf;
>    nftnl_set_fprintf;
>  
> +  nftnl_attrbuf_alloc;
> +  nftnl_attrbuf_free;
> +  nftnl_attrbuf_get_len;
> +  nftnl_attrbuf_get_size;
> +  nftnl_attrbuf_get_data;
> +  nftnl_attrbuf_copy_data;
> +  nftnl_attrbuf_get_start;
> +  nftnl_attrbuf_get_end;
> +  nftnl_attr_get_type;
> +  nftnl_attr_get_len;
> +  nftnl_attr_get_value;
> +  nftnl_attr_put;
> +  nftnl_attr_put_check;
> +  nftnl_attr_next;
> +  nftnl_attr_parse;

Are you sure we need to export all these? Please only export those
functions that we really need at this stage for nft.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/3 v2] libnftnl: Implement new buffer of TLV objects.

[Carlos Falgueras García]

On 02/03/16 19:32, Pablo Neira Ayuso wrote:
> On Mon, Feb 29, 2016 at 05:25:38PM +0100, Carlos Falgueras García wrote:
>> diff --git a/include/attr.h b/include/attr.h
>> new file mode 100644
>> index 0000000..2a29fa0
>> --- /dev/null
>> +++ b/include/attr.h
>> @@ -0,0 +1,40 @@
>> +#ifndef _LIBNFTNL_ATTR_INTERNAL_H_
>> +#define _LIBNFTNL_ATTR_INTERNAL_H_
>> +
>> +#include <stdint.h>
>> +#include <stddef.h>
>> +
>> +/*
>> + * TLV structures:
>> + * nftnl_attr
>> + *  <-------- HEADER --------> <------ PAYLOAD ------>
>> + * +------------+-------------+- - - - - - - - - - - -+
>> + * |    type    |     len     |         value         |
>> + * |  (1 byte)  |   (1 byte)  |                       |
>> + * +--------------------------+- - - - - - - - - - - -+
>> + *  <-- sizeof(nftnl_attr) --> <-- nftnl_attr->len -->
>> + */
>> +struct __attribute__((__packed__)) nftnl_attr {
>> +	uint8_t type;
>> +	uint8_t len;
>> +	unsigned char value[];
>> +};
>
> struct nftnl_attr {
>        ...
> } __attribute__((__packed__));
>

I forgot these, sorry. I'll send a new versión now.

>> diff --git a/src/libnftnl.map b/src/libnftnl.map
>> index 2e193b7..65bd37e 100644
>> --- a/src/libnftnl.map
>> +++ b/src/libnftnl.map
>> @@ -336,6 +336,22 @@ global:
>>     nftnl_set_snprintf;
>>     nftnl_set_fprintf;
>>
>> +  nftnl_attrbuf_alloc;
>> +  nftnl_attrbuf_free;
>> +  nftnl_attrbuf_get_len;
>> +  nftnl_attrbuf_get_size;
>> +  nftnl_attrbuf_get_data;
>> +  nftnl_attrbuf_copy_data;
>> +  nftnl_attrbuf_get_start;
>> +  nftnl_attrbuf_get_end;
>> +  nftnl_attr_get_type;
>> +  nftnl_attr_get_len;
>> +  nftnl_attr_get_value;
>> +  nftnl_attr_put;
>> +  nftnl_attr_put_check;
>> +  nftnl_attr_next;
>> +  nftnl_attr_parse;
>
> Are you sure we need to export all these? Please only export those
> functions that we really need at this stage for nft.

The only function that is not being used now is "nftnl_udata_size". But 
I left it because "size" is an attribute of the object and I think it is 
right to allow the access to it. I must remove it anyway?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/3 v2] libnftnl: Implement new buffer of TLV objects.

[Pablo Neira Ayuso]

On Tue, Mar 08, 2016 at 10:57:50AM +0100, Carlos Falgueras García wrote:
> On 02/03/16 19:32, Pablo Neira Ayuso wrote:
> >On Mon, Feb 29, 2016 at 05:25:38PM +0100, Carlos Falgueras García wrote:
> >>diff --git a/include/attr.h b/include/attr.h
> >>new file mode 100644
> >>index 0000000..2a29fa0
> >>--- /dev/null
> >>+++ b/include/attr.h
> >>@@ -0,0 +1,40 @@
> >>+#ifndef _LIBNFTNL_ATTR_INTERNAL_H_
> >>+#define _LIBNFTNL_ATTR_INTERNAL_H_
> >>+
> >>+#include <stdint.h>
> >>+#include <stddef.h>
> >>+
> >>+/*
> >>+ * TLV structures:
> >>+ * nftnl_attr
> >>+ *  <-------- HEADER --------> <------ PAYLOAD ------>
> >>+ * +------------+-------------+- - - - - - - - - - - -+
> >>+ * |    type    |     len     |         value         |
> >>+ * |  (1 byte)  |   (1 byte)  |                       |
> >>+ * +--------------------------+- - - - - - - - - - - -+
> >>+ *  <-- sizeof(nftnl_attr) --> <-- nftnl_attr->len -->
> >>+ */
> >>+struct __attribute__((__packed__)) nftnl_attr {
> >>+	uint8_t type;
> >>+	uint8_t len;
> >>+	unsigned char value[];
> >>+};
> >
> >struct nftnl_attr {
> >       ...
> >} __attribute__((__packed__));
> >
> 
> I forgot these, sorry. I'll send a new versión now.

Thanks Carlos.

> >>diff --git a/src/libnftnl.map b/src/libnftnl.map
> >>index 2e193b7..65bd37e 100644
> >>--- a/src/libnftnl.map
> >>+++ b/src/libnftnl.map
> >>@@ -336,6 +336,22 @@ global:
> >>    nftnl_set_snprintf;
> >>    nftnl_set_fprintf;
> >>
> >>+  nftnl_attrbuf_alloc;
> >>+  nftnl_attrbuf_free;
> >>+  nftnl_attrbuf_get_len;
> >>+  nftnl_attrbuf_get_size;
> >>+  nftnl_attrbuf_get_data;
> >>+  nftnl_attrbuf_copy_data;
> >>+  nftnl_attrbuf_get_start;
> >>+  nftnl_attrbuf_get_end;
> >>+  nftnl_attr_get_type;
> >>+  nftnl_attr_get_len;
> >>+  nftnl_attr_get_value;
> >>+  nftnl_attr_put;
> >>+  nftnl_attr_put_check;
> >>+  nftnl_attr_next;
> >>+  nftnl_attr_parse;
> >
> >Are you sure we need to export all these? Please only export those
> >functions that we really need at this stage for nft.
> 
> The only function that is not being used now is "nftnl_udata_size". But I
> left it because "size" is an attribute of the object and I think it is right
> to allow the access to it. I must remove it anyway?

OK, keep it.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html