[PATCH 1/4 v4] libnftnl: Implement new buffer of TLV objects

[PATCH 1/4 v4] libnftnl: Implement new buffer of TLV objects

[Carlos Falgueras García]

These functions allow to create a buffer (nftnl_udata_buf) of TLV objects
(nftnl_udata). It is inspired by libmnl/src/attr.c. It can be used to store
several variable length user data into an object.

Example usage:
	```
	struct nftnl_udata_buf *buf;
	struct nftnl_udata *attr;
	const char str[] = "Hello World!";

	buf = nftnl_udata_alloc(UDATA_SIZE);
	if (!buf) {
		perror("OOM");
		exit(EXIT_FAILURE);
	}

	if (!nftnl_udata_put_strz(buf, MY_TYPE, str)) {
		perror("Can't put attribute \"%s\"", str);
		exit(EXIT_FAILURE);
	}

	nftnl_udata_for_each(buf, attr) {
		printf("%s\n", (char *)nftnl_udata_attr_value(attr));
	}

	nftnl_udata_free(buf);
	```

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
---
 include/Makefile.am          |   1 +
 include/libnftnl/Makefile.am |   1 +
 include/libnftnl/udata.h     |  48 ++++++++++++++++
 include/udata.h              |  40 +++++++++++++
 src/Makefile.am              |   1 +
 src/libnftnl.map             |  16 ++++++
 src/udata.c                  | 134 +++++++++++++++++++++++++++++++++++++++++++
 7 files changed, 241 insertions(+)
 create mode 100644 include/libnftnl/udata.h
 create mode 100644 include/udata.h
 create mode 100644 src/udata.c

diff --git a/include/Makefile.am b/include/Makefile.am
index be9eb9b..9f55737 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -12,4 +12,5 @@ noinst_HEADERS = internal.h	\
 		 expr.h		\
 		 json.h		\
 		 set_elem.h	\
+		 udata.h	\
 		 utils.h
diff --git a/include/libnftnl/Makefile.am b/include/libnftnl/Makefile.am
index 84f01b6..457ec95 100644
--- a/include/libnftnl/Makefile.am
+++ b/include/libnftnl/Makefile.am
@@ -7,4 +7,5 @@ pkginclude_HEADERS = batch.h		\
 		     set.h		\
 		     ruleset.h		\
 		     common.h		\
+		     udata.h		\
 		     gen.h
diff --git a/include/libnftnl/udata.h b/include/libnftnl/udata.h
new file mode 100644
index 0000000..a74e54c
--- /dev/null
+++ b/include/libnftnl/udata.h
@@ -0,0 +1,48 @@
+#ifndef _LIBNFTNL_UDATA_H_
+#define _LIBNFTNL_UDATA_H_
+
+#include <stdio.h>
+#include <stdint.h>
+
+/*
+ * nftnl user data attributes API
+ */
+struct nftnl_udata;
+struct nftnl_udata_buf;
+
+/* nftnl_udata_buf */
+struct nftnl_udata_buf *nftnl_udata_alloc(size_t data_size);
+void nftnl_udata_free(struct nftnl_udata_buf *buf);
+size_t nftnl_udata_len(const struct nftnl_udata_buf *buf);
+size_t nftnl_udata_size(const struct nftnl_udata_buf *buf);
+void *nftnl_udata_data(const struct nftnl_udata_buf *buf);
+void nftnl_udata_copy_data(struct nftnl_udata_buf *buf, const void *data,
+			   size_t len);
+struct nftnl_udata *nftnl_udata_start(const struct nftnl_udata_buf *buf);
+struct nftnl_udata *nftnl_udata_end(const struct nftnl_udata_buf *buf);
+
+/* putters */
+struct nftnl_udata *nftnl_udata_put(struct nftnl_udata_buf *buf, uint8_t type,
+				    size_t len, const void *value);
+struct nftnl_udata *nftnl_udata_put_strz(struct nftnl_udata_buf *buf,
+					 uint8_t type, const char *strz);
+
+/* nftnl_udata_attr */
+uint8_t nftnl_udata_attr_type(const struct nftnl_udata *attr);
+uint8_t nftnl_udata_attr_len(const struct nftnl_udata *attr);
+void *nftnl_udata_attr_value(const struct nftnl_udata *attr);
+
+/* iterator */
+struct nftnl_udata *nftnl_udata_attr_next(const struct nftnl_udata *attr);
+
+#define nftnl_udata_for_each(buf, attr)                       \
+	for ((attr) = nftnl_udata_start(buf);                 \
+	     (char *)(nftnl_udata_end(buf)) > (char *)(attr); \
+	     (attr) = nftnl_udata_attr_next(attr))
+
+typedef int (*nftnl_udata_cb_t)(const struct nftnl_udata *attr,
+				void *data);
+int nftnl_udata_parse(const struct nftnl_udata_buf *buf, nftnl_udata_cb_t cb,
+		      void *data);
+
+#endif /* _LIBNFTNL_UDATA_H_ */
diff --git a/include/udata.h b/include/udata.h
new file mode 100644
index 0000000..271ee50
--- /dev/null
+++ b/include/udata.h
@@ -0,0 +1,40 @@
+#ifndef _LIBNFTNL_UDATA_INTERNAL_H_
+#define _LIBNFTNL_UDATA_INTERNAL_H_
+
+#include <stdint.h>
+#include <stddef.h>
+
+/*
+ * TLV structures:
+ * nftnl_udata
+ *  <-------- HEADER --------> <------ PAYLOAD ------>
+ * +------------+-------------+- - - - - - - - - - - -+
+ * |    type    |     len     |         value         |
+ * |  (1 byte)  |   (1 byte)  |                       |
+ * +--------------------------+- - - - - - - - - - - -+
+ *  <-- sizeof(nftnl_udata) -> <-- nftnl_udata->len -->
+ */
+struct nftnl_udata {
+	uint8_t type;
+	uint8_t len;
+	unsigned char value[];
+} __attribute__((__packed__));
+
+/*
+ *              +---------------------------------++
+ *              | data[]                          ||
+ *              |   ||                            ||
+ *              |   \/                            \/
+ *  +-------+-------+-------+-------+ ... +-------+- - - - - - -+
+ *  | size  |  end  |  TLV  |  TLV  |     |  TLV  |    Empty    |
+ *  +-------+-------+-------+-------+ ... +-------+- - - - - - -+
+ *                  |<---- nftnl_udata_len() ---->|
+ *                  |<----------- nftnl_udata_size() ---------->|
+ */
+struct nftnl_udata_buf {
+	size_t size;
+	char  *end;
+	char   data[];
+};
+
+#endif /* _LIBNFTNL_UDATA_INTERNAL_H_ */
diff --git a/src/Makefile.am b/src/Makefile.am
index a27e292..7e580e4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -19,6 +19,7 @@ libnftnl_la_SOURCES = utils.c		\
 		      ruleset.c		\
 		      mxml.c		\
 		      jansson.c		\
+		      udata.c		\
 		      expr.c		\
 		      expr_ops.c	\
 		      expr/bitwise.c	\
diff --git a/src/libnftnl.map b/src/libnftnl.map
index 2e193b7..d6cd2a7 100644
--- a/src/libnftnl.map
+++ b/src/libnftnl.map
@@ -336,6 +336,22 @@ global:
   nftnl_set_snprintf;
   nftnl_set_fprintf;
 
+  nftnl_udata_alloc;
+  nftnl_udata_free;
+  nftnl_udata_len;
+  nftnl_udata_size;
+  nftnl_udata_data;
+  nftnl_udata_copy_data;
+  nftnl_udata_start;
+  nftnl_udata_end;
+  nftnl_udata_put;
+  nftnl_udata_put_strz;
+  nftnl_udata_attr_type;
+  nftnl_udata_attr_len;
+  nftnl_udata_attr_value;
+  nftnl_udata_attr_next;
+  nftnl_udata_parse;
+
   nftnl_set_list_alloc;
   nftnl_set_list_free;
   nftnl_set_list_add;
diff --git a/src/udata.c b/src/udata.c
new file mode 100644
index 0000000..0503ca3
--- /dev/null
+++ b/src/udata.c
@@ -0,0 +1,134 @@
+#include <libnftnl/udata.h>
+#include <udata.h>
+#include <utils.h>
+
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+
+struct nftnl_udata_buf *nftnl_udata_alloc(size_t data_size)
+{
+	struct nftnl_udata_buf *buf;
+
+	buf = (struct nftnl_udata_buf *)
+		malloc(sizeof(struct nftnl_udata_buf) + data_size);
+	if (!buf)
+		return NULL;
+	buf->size = data_size;
+	buf->end = buf->data;
+
+	return buf;
+}
+EXPORT_SYMBOL(nftnl_udata_alloc);
+
+void nftnl_udata_free(struct nftnl_udata_buf *buf)
+{
+	buf->size = 0;
+	buf->end = NULL;
+	free((void *)buf);
+}
+EXPORT_SYMBOL(nftnl_udata_free);
+
+size_t nftnl_udata_len(const struct nftnl_udata_buf *buf)
+{
+	return (size_t)(buf->end - buf->data);
+}
+EXPORT_SYMBOL(nftnl_udata_len);
+
+size_t nftnl_udata_size(const struct nftnl_udata_buf *buf)
+{
+	return buf->size;
+}
+EXPORT_SYMBOL(nftnl_udata_size);
+
+void *nftnl_udata_data(const struct nftnl_udata_buf *buf)
+{
+	return (void *)buf->data;
+}
+EXPORT_SYMBOL(nftnl_udata_data);
+
+void nftnl_udata_copy_data(struct nftnl_udata_buf *buf,
+			   const void *data, size_t len)
+{
+	memcpy(buf->data, data, len <= buf->size ? len : buf->size);
+	buf->end = buf->data + len;
+}
+EXPORT_SYMBOL(nftnl_udata_copy_data);
+
+struct nftnl_udata *nftnl_udata_start(const struct nftnl_udata_buf *buf)
+{
+	return (struct nftnl_udata *)buf->data;
+}
+EXPORT_SYMBOL(nftnl_udata_start);
+
+struct nftnl_udata *nftnl_udata_end(const struct nftnl_udata_buf *buf)
+{
+	return (struct nftnl_udata *)buf->end;
+}
+EXPORT_SYMBOL(nftnl_udata_end);
+
+struct nftnl_udata *nftnl_udata_put(struct nftnl_udata_buf *buf,
+				    uint8_t type, size_t len, const void *value)
+{
+	struct nftnl_udata *attr = NULL;
+
+	/* Check if there is enough space */
+	if (buf->size >= len + sizeof(struct nftnl_udata)) {
+		attr = (struct nftnl_udata *)buf->end;
+		attr->len  = len;
+		attr->type = type;
+		memcpy(attr->value, value, len);
+
+		buf->end = (char *)nftnl_udata_attr_next(attr);
+	}
+
+	return attr;
+}
+EXPORT_SYMBOL(nftnl_udata_put);
+
+struct nftnl_udata *nftnl_udata_put_strz(struct nftnl_udata_buf *buf,
+					 uint8_t type, const char *strz)
+{
+	return nftnl_udata_put(buf, type, strlen(strz) + 1, strz);
+}
+EXPORT_SYMBOL(nftnl_udata_put_strz);
+
+uint8_t nftnl_udata_attr_type(const struct nftnl_udata *attr)
+{
+	return attr->type;
+}
+EXPORT_SYMBOL(nftnl_udata_attr_type);
+
+uint8_t nftnl_udata_attr_len(const struct nftnl_udata *attr)
+{
+	return attr->len;
+}
+EXPORT_SYMBOL(nftnl_udata_attr_len);
+
+void *nftnl_udata_attr_value(const struct nftnl_udata *attr)
+{
+	return (void *)attr->value;
+}
+EXPORT_SYMBOL(nftnl_udata_attr_value);
+
+struct nftnl_udata *nftnl_udata_attr_next(const struct nftnl_udata *attr)
+{
+	return (struct nftnl_udata *)&attr->value[attr->len];
+}
+EXPORT_SYMBOL(nftnl_udata_attr_next);
+
+int nftnl_udata_parse(const struct nftnl_udata_buf *buf, nftnl_udata_cb_t cb,
+		      void *data)
+{
+	int ret = 0;
+	const struct nftnl_udata *attr;
+
+	nftnl_udata_for_each(buf, attr) {
+		ret = cb(attr, data);
+		if (ret <= 0)
+			return ret;
+	}
+
+	return ret;
+}
+EXPORT_SYMBOL(nftnl_udata_parse);
-- 
2.7.2

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/4 v4] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer

[Carlos Falgueras García]

Now is it possible to store multiple variable length user data into a rule.
Modify XML and JSON parsers to support this new feature.

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
---
 include/json.h  |   7 ++
 include/utils.h |   2 +
 include/xml.h   |   6 ++
 src/jansson.c   |  66 +++++++++++++++
 src/mxml.c      |  72 ++++++++++++++++
 src/rule.c      | 249 ++++++++++++++++++++++++++++++++++++++++++++++++++------
 src/utils.c     |  44 ++++++++++
 7 files changed, 420 insertions(+), 26 deletions(-)

diff --git a/include/json.h b/include/json.h
index bd70cec..2526a5b 100644
--- a/include/json.h
+++ b/include/json.h
@@ -3,6 +3,7 @@
 
 #ifdef JSON_PARSING
 #include <jansson.h>
+#include <libnftnl/udata.h>
 #include <stdbool.h>
 #include "common.h"
 
@@ -51,6 +52,12 @@ int nftnl_jansson_parse_elem(struct nftnl_set *s, json_t *tree,
 
 int nftnl_data_reg_json_parse(union nftnl_data_reg *reg, json_t *data,
 			    struct nftnl_parse_err *err);
+
+struct nftnl_udata_buf *nftnl_jansson_udata_parse(json_t *attr_array,
+						  json_t *root,
+						  struct nftnl_parse_err *err,
+						  struct nftnl_set_list *set_list);
+
 #else
 #define json_t void
 #endif
diff --git a/include/utils.h b/include/utils.h
index 0087dbb..1bbabff 100644
--- a/include/utils.h
+++ b/include/utils.h
@@ -69,6 +69,8 @@ enum nftnl_type {
 int nftnl_strtoi(const char *string, int base, void *number, enum nftnl_type type);
 int nftnl_get_value(enum nftnl_type type, void *val, void *out);
 
+char *str2value(const char *str, size_t strlen);
+
 const char *nftnl_verdict2str(uint32_t verdict);
 int nftnl_str2verdict(const char *verdict, int *verdict_num);
 
diff --git a/include/xml.h b/include/xml.h
index 7b33a83..b23b318 100644
--- a/include/xml.h
+++ b/include/xml.h
@@ -4,6 +4,7 @@
 #ifdef XML_PARSING
 #include <mxml.h>
 #include "common.h"
+#include <libnftnl/udata.h>
 
 #define NFTNL_XML_MAND 0
 #define NFTNL_XML_OPT (1 << 0)
@@ -51,6 +52,11 @@ int nftnl_mxml_set_parse(mxml_node_t *tree, struct nftnl_set *s,
 
 int nftnl_data_reg_xml_parse(union nftnl_data_reg *reg, mxml_node_t *tree,
 			   struct nftnl_parse_err *err);
+
+struct nftnl_udata_buf *nftnl_mxml_udata_parse(mxml_node_t *rootn,
+					       uint32_t mxml_flags,
+					       uint16_t flags,
+					       struct nftnl_parse_err *err);
 #else
 #define mxml_node_t void
 #endif
diff --git a/src/jansson.c b/src/jansson.c
index 3476ed2..750ebfc 100644
--- a/src/jansson.c
+++ b/src/jansson.c
@@ -19,6 +19,7 @@
 #include <libnftnl/set.h>
 
 #include <libnftnl/expr.h>
+#include <libnftnl/udata.h>
 #include <linux/netfilter/nf_tables.h>
 
 #ifdef JSON_PARSING
@@ -276,4 +277,69 @@ int nftnl_jansson_set_elem_parse(struct nftnl_set_elem *e, json_t *root,
 
 	return 0;
 }
+
+static int nftnl_jansson_udata_attr_parse(struct nftnl_udata_buf *buf,
+					  json_t *root,
+					  struct nftnl_parse_err *err,
+					  struct nftnl_set_list *set_list)
+{
+	const char *value_str;
+	char *value = NULL;
+	uint8_t type;
+	uint8_t len;
+	int ret;
+
+	ret = nftnl_jansson_parse_val(root, "type", NFTNL_TYPE_U8, &type, err);
+	if (ret != 0)
+		return 0;
+
+	ret = nftnl_jansson_parse_val(root, "length", NFTNL_TYPE_U8, &len, err);
+	if (ret != 0)
+		return 0;
+
+	value_str = nftnl_jansson_parse_str(root, "value", err);
+	if (ret != 0)
+		return 0;
+
+	if (strlen(value_str) != 2 * len)
+		return 0;
+
+	value = str2value(value_str, 2 * len);
+	if (!value) {
+		err->error = NFTNL_PARSE_EBADTYPE;
+		err->node_name = "value";
+		errno = ERANGE;
+		return 0;
+	}
+
+	if (!nftnl_udata_put(buf, type, len, (void *)value))
+		ret = 0;
+
+	free(value);
+	return 1;
+}
+
+struct nftnl_udata_buf *nftnl_jansson_udata_parse(json_t *attr_array,
+						  json_t *root,
+						  struct nftnl_parse_err *err,
+						  struct nftnl_set_list *set_list)
+{
+	struct nftnl_udata_buf *buf = NULL;
+	json_t *jattr;
+	int i;
+
+	buf = nftnl_udata_alloc(NFT_USERDATA_MAXLEN);
+	if (!buf) {
+		free((void *)buf);
+		return NULL;
+	}
+
+	for (i = 0; (jattr = json_array_get(attr_array, i)); ++i) {
+		if (!nftnl_jansson_udata_attr_parse(buf, jattr, err, set_list))
+			return NULL;
+	}
+
+	return buf;
+}
+
 #endif
diff --git a/src/mxml.c b/src/mxml.c
index 51dbf1b..a78e193 100644
--- a/src/mxml.c
+++ b/src/mxml.c
@@ -20,6 +20,7 @@
 #include <libnftnl/rule.h>
 #include <libnftnl/expr.h>
 #include <libnftnl/set.h>
+#include <libnftnl/udata.h>
 
 #ifdef XML_PARSING
 mxml_node_t *nftnl_mxml_build_tree(const void *data, const char *treename,
@@ -229,4 +230,75 @@ int nftnl_mxml_family_parse(mxml_node_t *tree, const char *node_name,
 
 	return family;
 }
+
+static int nftnl_mxml_udata_attr_parse(struct nftnl_udata_buf *buf,
+				       mxml_node_t *tree,
+				       uint32_t mxml_flags, uint16_t flags,
+				       struct nftnl_parse_err *err)
+{
+	uint8_t len;
+	uint8_t type;
+	const char *value_str;
+	char *value = NULL;
+
+	if (nftnl_mxml_num_parse(tree, "type", mxml_flags, BASE_DEC, &type,
+				 NFTNL_TYPE_U8, flags, err) < 0)
+		return 0;
+
+	if (nftnl_mxml_num_parse(tree, "length", mxml_flags, BASE_DEC, &len,
+				 NFTNL_TYPE_U8, flags, err) < 0)
+		return 0;
+
+	value_str = nftnl_mxml_str_parse(tree, "value", mxml_flags, flags, err);
+	if (!value_str)
+		return 0;
+
+	if (strlen(value_str) != 2 * len)
+		return 0;
+
+	value = str2value(value_str, 2 * len);
+	if (!value) {
+		err->error = NFTNL_PARSE_EBADTYPE;
+		err->node_name = "value";
+		errno = ERANGE;
+		return 0;
+	}
+
+	if (!nftnl_udata_put(buf, type, len, (void *)value))
+		return 0;
+
+	free(value);
+	return 1;
+}
+
+struct nftnl_udata_buf *nftnl_mxml_udata_parse(mxml_node_t *rootn,
+					       uint32_t mxml_flags,
+					       uint16_t flags,
+					       struct nftnl_parse_err *err)
+{
+		mxml_node_t *attrn;
+		struct nftnl_udata_buf *buf;
+
+		buf = nftnl_udata_alloc(NFT_USERDATA_MAXLEN);
+		if (!buf) {
+			free((void *)buf);
+			return NULL;
+		}
+
+		/* Iterate over attributes */
+		for (
+			attrn = mxmlFindElement(rootn, rootn, "attr", NULL,
+						NULL, mxml_flags);
+			attrn;
+			attrn = mxmlFindElement(attrn, rootn, "attr", NULL,
+						NULL, mxml_flags)
+		) {
+			if (!nftnl_mxml_udata_attr_parse(buf, attrn, mxml_flags,
+							 flags, err))
+				return NULL;
+		}
+
+	return buf;
+}
+
 #endif
diff --git a/src/rule.c b/src/rule.c
index 3a32bf6..5ae3e0b 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -28,6 +28,7 @@
 #include <libnftnl/rule.h>
 #include <libnftnl/set.h>
 #include <libnftnl/expr.h>
+#include <libnftnl/udata.h>
 
 struct nftnl_rule {
 	struct list_head head;
@@ -38,10 +39,7 @@ struct nftnl_rule {
 	const char	*chain;
 	uint64_t	handle;
 	uint64_t	position;
-	struct {
-			void		*data;
-			uint32_t	len;
-	} user;
+	struct nftnl_udata_buf	*userdata;
 	struct {
 			uint32_t	flags;
 			uint32_t	proto;
@@ -50,6 +48,15 @@ struct nftnl_rule {
 	struct list_head expr_list;
 };
 
+static size_t nftnl_rule_snprintf_data2str(char *buf, size_t size,
+					   const void *data, size_t datalen);
+static size_t nftnl_rule_snprintf_default_udata(char *buf, size_t size,
+						const struct nftnl_udata *attr);
+static size_t nftnl_rule_snprintf_xml_attr(char *buf, size_t size,
+					   const struct nftnl_udata *attr);
+static size_t nftnl_rule_snprintf_json_attr(char *buf, size_t size,
+					    const struct nftnl_udata *attr);
+
 struct nftnl_rule *nftnl_rule_alloc(void)
 {
 	struct nftnl_rule *r;
@@ -75,6 +82,8 @@ void nftnl_rule_free(struct nftnl_rule *r)
 		xfree(r->table);
 	if (r->chain != NULL)
 		xfree(r->chain);
+	if (r->flags & (1 << NFTNL_RULE_USERDATA))
+		nftnl_udata_free(r->userdata);
 
 	xfree(r);
 }
@@ -162,8 +171,14 @@ void nftnl_rule_set_data(struct nftnl_rule *r, uint16_t attr,
 		r->position = *((uint64_t *)data);
 		break;
 	case NFTNL_RULE_USERDATA:
-		r->user.data = (void *)data;
-		r->user.len = data_len;
+		if (r->flags & (1 << NFTNL_RULE_USERDATA))
+			nftnl_udata_free(r->userdata);
+		r->userdata = nftnl_udata_alloc(data_len);
+		if (!r->userdata) {
+			perror("nftnl_rule_set_data - userdata");
+			return;
+		}
+		nftnl_udata_copy_data(r->userdata, data, data_len);
 		break;
 	}
 	r->flags |= (1 << attr);
@@ -221,8 +236,8 @@ const void *nftnl_rule_get_data(const struct nftnl_rule *r, uint16_t attr,
 		*data_len = sizeof(uint64_t);
 		return &r->position;
 	case NFTNL_RULE_USERDATA:
-		*data_len = r->user.len;
-		return r->user.data;
+		*data_len = nftnl_udata_len(r->userdata);
+		return (void *)nftnl_udata_data(r->userdata);
 	}
 	return NULL;
 }
@@ -288,8 +303,9 @@ void nftnl_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_rule *r)
 	if (r->flags & (1 << NFTNL_RULE_POSITION))
 		mnl_attr_put_u64(nlh, NFTA_RULE_POSITION, htobe64(r->position));
 	if (r->flags & (1 << NFTNL_RULE_USERDATA)) {
-		mnl_attr_put(nlh, NFTA_RULE_USERDATA, r->user.len,
-			     r->user.data);
+		mnl_attr_put(nlh, NFTA_RULE_USERDATA,
+			     nftnl_udata_len(r->userdata),
+			     nftnl_udata_data(r->userdata));
 	}
 
 	if (!list_empty(&r->expr_list)) {
@@ -447,19 +463,20 @@ int nftnl_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_rule *r)
 		r->flags |= (1 << NFTNL_RULE_POSITION);
 	}
 	if (tb[NFTA_RULE_USERDATA]) {
+		uint16_t udata_size;
+
 		const void *udata =
 			mnl_attr_get_payload(tb[NFTA_RULE_USERDATA]);
 
-		if (r->user.data)
-			xfree(r->user.data);
+		udata_size = mnl_attr_get_payload_len(tb[NFTA_RULE_USERDATA]);
 
-		r->user.len = mnl_attr_get_payload_len(tb[NFTA_RULE_USERDATA]);
-
-		r->user.data = malloc(r->user.len);
-		if (r->user.data == NULL)
+		if (r->flags & (1 << NFTNL_RULE_USERDATA))
+			nftnl_udata_free(r->userdata);
+		r->userdata = nftnl_udata_alloc(udata_size);
+		if (!r->userdata)
 			return -1;
+		nftnl_udata_copy_data(r->userdata, udata, udata_size);
 
-		memcpy(r->user.data, udata, r->user.len);
 		r->flags |= (1 << NFTNL_RULE_USERDATA);
 	}
 
@@ -481,6 +498,7 @@ int nftnl_jansson_parse_rule(struct nftnl_rule *r, json_t *tree,
 	uint64_t uval64;
 	uint32_t uval32;
 	int i, family;
+	struct nftnl_udata_buf *buf;
 
 	root = nftnl_jansson_get_node(tree, "rule", err);
 	if (root == NULL)
@@ -557,6 +575,17 @@ int nftnl_jansson_parse_rule(struct nftnl_rule *r, json_t *tree,
 		nftnl_rule_add_expr(r, e);
 	}
 
+	array = json_object_get(root, "userdata");
+	if (array) {
+		buf = nftnl_jansson_udata_parse(array, root, err, set_list);
+		if (!buf)
+			goto err;
+
+		nftnl_rule_set_data(r, NFTNL_RULE_USERDATA,
+				    nftnl_udata_data(buf),
+				    nftnl_udata_len(buf));
+	}
+
 	return 0;
 err:
 	return -1;
@@ -596,6 +625,7 @@ int nftnl_mxml_rule_parse(mxml_node_t *tree, struct nftnl_rule *r,
 	struct nftnl_expr *e;
 	const char *table, *chain;
 	int family;
+	struct nftnl_udata_buf *buf;
 
 	family = nftnl_mxml_family_parse(tree, "family", MXML_DESCEND_FIRST,
 				       NFTNL_XML_MAND, err);
@@ -649,6 +679,18 @@ int nftnl_mxml_rule_parse(mxml_node_t *tree, struct nftnl_rule *r,
 		nftnl_rule_add_expr(r, e);
 	}
 
+	node = mxmlFindElement(tree, tree, "userdata", NULL, NULL,
+			       MXML_DESCEND);
+	if (node) {
+		buf = nftnl_mxml_udata_parse(node, MXML_DESCEND, r->flags, err);
+		if (!buf)
+			return -1;
+
+		nftnl_rule_set_data(r, NFTNL_RULE_USERDATA,
+				    nftnl_udata_data(buf),
+				    nftnl_udata_len(buf));
+	}
+
 	return 0;
 }
 #endif
@@ -711,6 +753,21 @@ int nftnl_rule_parse_file(struct nftnl_rule *r, enum nftnl_parse_type type,
 }
 EXPORT_SYMBOL_ALIAS(nftnl_rule_parse_file, nft_rule_parse_file);
 
+static size_t nftnl_rule_snprintf_data2str(char *buf, size_t size,
+					   const void *data, size_t datalen)
+{
+	int i;
+	size_t ret, len = size, offset = 0;
+	const unsigned char *str = data;
+
+	for (i = 0; i < datalen; i++) {
+		ret = snprintf(buf + offset, len, "%02X", str[i]);
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
+	return offset;
+}
+
 static int nftnl_rule_snprintf_json(char *buf, size_t size, struct nftnl_rule *r,
 					 uint32_t type, uint32_t flags)
 {
@@ -783,7 +840,34 @@ static int nftnl_rule_snprintf_json(char *buf, size_t size, struct nftnl_rule *r
 	}
 	/* Remove comma from last element */
 	offset--;
-	ret = snprintf(buf+offset, len, "]}}");
+	ret = snprintf(buf + offset, len, "]");
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	if (r->flags & (1 << NFTNL_RULE_USERDATA)) {
+		const struct nftnl_udata *attr;
+
+		ret = snprintf(buf + offset, len, ",\"userdata\":[");
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+		nftnl_udata_for_each(r->userdata, attr) {
+			ret = nftnl_rule_snprintf_json_attr(buf + offset, len,
+							    attr);
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+			ret = snprintf(buf + offset, len, ",");
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+		}
+		/* delete last comma */
+		buf[offset - 1] = '\0';
+		offset--;
+		size--;
+		len++;
+
+		ret = snprintf(buf + offset, len, "]");
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
+	ret = snprintf(buf + offset, len, "}}");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	return offset;
@@ -849,17 +933,123 @@ static int nftnl_rule_snprintf_xml(char *buf, size_t size, struct nftnl_rule *r,
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	}
+
+	if (r->flags & (1 << NFTNL_RULE_USERDATA)) {
+		const struct nftnl_udata *attr;
+
+		ret = snprintf(buf + offset, len, "<userdata>");
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+		nftnl_udata_for_each(r->userdata, attr) {
+			ret = snprintf(buf + offset, len, "<attr>");
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+			ret = nftnl_rule_snprintf_xml_attr(buf + offset, len,
+							   attr);
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+			ret = snprintf(buf + offset, len, "</attr>");
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+		}
+
+		ret = snprintf(buf + offset, len, "</userdata>");
+		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+	}
+
 	ret = snprintf(buf+offset, len, "</rule>");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
 	return offset;
 }
 
+static size_t nftnl_rule_snprintf_xml_attr(char *buf, size_t size,
+					   const struct nftnl_udata *attr)
+{
+	size_t ret, len = size, offset = 0;
+
+	uint8_t atype = nftnl_udata_attr_type(attr);
+	uint8_t alen  = nftnl_udata_attr_len(attr);
+	void   *aval  = nftnl_udata_attr_value(attr);
+
+	/* type */
+	ret = snprintf(buf + offset, len, "<type>%d</type>", atype);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	/* len */
+	ret = snprintf(buf + offset, len, "<length>%d</length>", alen);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	/* value */
+	ret = snprintf(buf + offset, len, "<value>");
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	ret = nftnl_rule_snprintf_data2str(buf + offset, len, aval, alen);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	ret = snprintf(buf + offset, len, "</value>");
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	return offset;
+}
+
+static size_t nftnl_rule_snprintf_json_attr(char *buf, size_t size,
+					    const struct nftnl_udata *attr)
+{
+	size_t ret, len = size, offset = 0;
+
+	uint8_t atype = nftnl_udata_attr_type(attr);
+	uint8_t alen  = nftnl_udata_attr_len(attr);
+	void   *aval  = nftnl_udata_attr_value(attr);
+
+	/* type */
+	ret = snprintf(buf + offset, len, "{\"type\":%d,", atype);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	/* len */
+	ret = snprintf(buf + offset, len, "\"length\":%d,", alen);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	/* value */
+	ret = snprintf(buf + offset, len, "\"value\":\"");
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	ret = nftnl_rule_snprintf_data2str(buf + offset, len, aval, alen);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	ret = snprintf(buf + offset, len, "\"}");
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	return offset;
+}
+
+static size_t nftnl_rule_snprintf_default_udata(char *buf, size_t size,
+						const struct nftnl_udata *attr)
+{
+	size_t ret, len = size, offset = 0;
+
+	uint8_t atype = nftnl_udata_attr_type(attr);
+	uint8_t alen  = nftnl_udata_attr_len(attr);
+	void   *aval  = nftnl_udata_attr_value(attr);
+
+	/* type */
+	ret = snprintf(buf + offset, len, "{%d:\"", atype);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	/* value */
+	ret = nftnl_rule_snprintf_data2str(buf + offset, len, aval, alen);
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	ret = snprintf(buf + offset, len, "\"}");
+	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
+
+	return offset;
+}
+
 static int nftnl_rule_snprintf_default(char *buf, size_t size, struct nftnl_rule *r,
 				     uint32_t type, uint32_t flags)
 {
 	struct nftnl_expr *expr;
-	int ret, len = size, offset = 0, i;
+	int ret, len = size, offset = 0;
 
 	if (r->flags & (1 << NFTNL_RULE_FAMILY)) {
 		ret = snprintf(buf+offset, len, "%s ",
@@ -905,21 +1095,28 @@ static int nftnl_rule_snprintf_default(char *buf, size_t size, struct nftnl_rule
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
-	if (r->user.len) {
-		ret = snprintf(buf+offset, len, "  userdata = { ");
+	if (r->flags & (1 << NFTNL_RULE_USERDATA)) {
+		const struct nftnl_udata *attr;
+
+		ret = snprintf(buf + offset, len, "  userdata = { ");
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-		for (i = 0; i < r->user.len; i++) {
-			char *c = r->user.data;
+		nftnl_udata_for_each(r->userdata, attr) {
+			ret = nftnl_rule_snprintf_default_udata(buf + offset,
+								len, attr);
+			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 
-			ret = snprintf(buf+offset, len, "%c",
-				       isalnum(c[i]) ? c[i] : 0);
+			ret = snprintf(buf + offset, len, ",");
 			SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 		}
+		/* delete last comma */
+		buf[offset - 1] = '\0';
+		offset--;
+		size--;
+		len++;
 
 		ret = snprintf(buf+offset, len, " }\n");
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
-
 	}
 
 	return offset;
diff --git a/src/utils.c b/src/utils.c
index ba36bc4..8e646c4 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -139,6 +139,50 @@ int nftnl_strtoi(const char *string, int base, void *out, enum nftnl_type type)
 	return ret;
 }
 
+static int hex2char(char *out, char c)
+{
+	/* numbers */
+	if (c >= '0' && c <= '9')
+		*out = c - '0';
+	/* lowercase characters */
+	else if (c >= 'a' && c <= 'z')
+		*out = c - 'a' + 10;
+	/* uppercase characters */
+	else if (c >= 'A' && c <= 'Z')
+		*out = c - 'A' + 10;
+	else {
+		errno = EINVAL;
+		return 0;
+	}
+
+	return 1;
+}
+
+char *str2value(const char *str, size_t strlen)
+{
+	char *value;
+	size_t i;
+	char d0;
+	char d1;
+
+	value = (char *)malloc(strlen / 2);
+	if (!value)
+		return NULL;
+
+	for (i = 0; i < strlen / 2; i++) {
+		if (!hex2char(&d0, str[2 * i + 0]) ||
+		    !hex2char(&d1, str[2 * i + 1])
+		) {
+			free(value);
+			return NULL;
+		}
+
+		value[i] = d0 * 16 + d1;
+	}
+
+	return value;
+}
+
 const char *nftnl_verdict2str(uint32_t verdict)
 {
 	switch (verdict) {
-- 
2.7.2

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 3/4 v4] libnftnl: test: Actualize test to check new nftnl_udata features of nftnl_rule

[Carlos Falgueras García]

Modify nft-rule-test.c to check TLV attribute inclusion in nftnl_rule.
Add "*-rule-udata.[json|xml]" to check parsers.

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
---
 tests/jsonfiles/71-rule-udata.json |  1 +
 tests/nft-rule-test.c              | 21 +++++++++++++++++++++
 tests/xmlfiles/82-rule-udata.xml   |  1 +
 3 files changed, 23 insertions(+)
 create mode 100644 tests/jsonfiles/71-rule-udata.json
 create mode 100644 tests/xmlfiles/82-rule-udata.xml

diff --git a/tests/jsonfiles/71-rule-udata.json b/tests/jsonfiles/71-rule-udata.json
new file mode 100644
index 0000000..02d7903
--- /dev/null
+++ b/tests/jsonfiles/71-rule-udata.json
@@ -0,0 +1 @@
+{"nftables":[{"add":[{"rule":{"family":"ip","table":"filter","chain":"input","handle":71,"expr":[{"type":"counter","pkts":135,"bytes":21655}],"userdata":[{"type":0,"length":12,"value":"68656C6C6F20776F726C6400"},{"type":1,"length":9,"value":"627920776F726C6400"}]}}]}]}
diff --git a/tests/nft-rule-test.c b/tests/nft-rule-test.c
index dff9634..eb10270 100644
--- a/tests/nft-rule-test.c
+++ b/tests/nft-rule-test.c
@@ -15,6 +15,7 @@
 #include <netinet/in.h>
 #include <linux/netfilter/nf_tables.h>
 #include <libnftnl/rule.h>
+#include <libnftnl/udata.h>
 
 static int test_ok = 1;
 
@@ -26,6 +27,9 @@ static void print_err(const char *msg)
 
 static void cmp_nftnl_rule(struct nftnl_rule *a, struct nftnl_rule *b)
 {
+	const void *udata_a, *udata_b;
+	uint32_t len_a, len_b;
+
 	if (nftnl_rule_get_u32(a, NFTNL_RULE_FAMILY) !=
 	    nftnl_rule_get_u32(b, NFTNL_RULE_FAMILY))
 		print_err("Rule family mismatches");
@@ -47,6 +51,12 @@ static void cmp_nftnl_rule(struct nftnl_rule *a, struct nftnl_rule *b)
 	if (nftnl_rule_get_u64(a, NFTNL_RULE_POSITION) !=
 	    nftnl_rule_get_u64(b, NFTNL_RULE_POSITION))
 		print_err("Rule compat_position mismatches");
+
+	udata_a = nftnl_rule_get_data(a, NFTNL_RULE_USERDATA, &len_a);
+	udata_b = nftnl_rule_get_data(b, NFTNL_RULE_USERDATA, &len_b);
+
+	if (len_a != len_b || memcmp(udata_a, udata_b, len_a) != 0)
+		print_err("Rule userdata mismatches");
 }
 
 int main(int argc, char *argv[])
@@ -54,12 +64,20 @@ int main(int argc, char *argv[])
 	struct nftnl_rule *a, *b;
 	char buf[4096];
 	struct nlmsghdr *nlh;
+	struct nftnl_udata_buf *udata;
 
 	a = nftnl_rule_alloc();
 	b = nftnl_rule_alloc();
 	if (a == NULL || b == NULL)
 		print_err("OOM");
 
+	udata = nftnl_udata_alloc(NFT_USERDATA_MAXLEN);
+	if (!udata)
+		print_err("OOM");
+
+	if (!nftnl_udata_put_strz(udata, 0, "hello world"))
+		print_err("User data too big");
+
 	nftnl_rule_set_u32(a, NFTNL_RULE_FAMILY, AF_INET);
 	nftnl_rule_set_str(a, NFTNL_RULE_TABLE, "table");
 	nftnl_rule_set_str(a, NFTNL_RULE_CHAIN, "chain");
@@ -67,6 +85,9 @@ int main(int argc, char *argv[])
 	nftnl_rule_set_u32(a, NFTNL_RULE_COMPAT_PROTO, 0x12345678);
 	nftnl_rule_set_u32(a, NFTNL_RULE_COMPAT_FLAGS, 0x12345678);
 	nftnl_rule_set_u64(a, NFTNL_RULE_POSITION, 0x1234567812345678);
+	nftnl_rule_set_data(a, NFTNL_RULE_USERDATA,
+			    nftnl_udata_data(udata),
+			    nftnl_udata_len(udata));
 
 	nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234);
 	nftnl_rule_nlmsg_build_payload(nlh, a);
diff --git a/tests/xmlfiles/82-rule-udata.xml b/tests/xmlfiles/82-rule-udata.xml
new file mode 100644
index 0000000..b986926
--- /dev/null
+++ b/tests/xmlfiles/82-rule-udata.xml
@@ -0,0 +1 @@
+<nftables><add><rule><family>ip6</family><table>filter</table><chain>input</chain><handle>82</handle><expr type="counter"><pkts>3</pkts><bytes>177</bytes></expr><userdata><attr><type>0</type><length>12</length><value>68656C6C6F20776F726C6400</value></attr><attr><type>1</type><length>9</length><value>627920776F726C6400</value></attr></userdata></rule></add></nftables>
-- 
2.7.2

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 4/4 v4] nftables: rule: Change the field "rule->comment" for an nftnl_udata_buf

[Carlos Falgueras García]

Now it is possible to store multiple variable length user data into rule.
Modify the parser in order to fill the nftnl_udata with the comment, and
the print function for extract these commentary and print it to user.

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
---
 include/rule.h            | 11 +++++++++--
 src/netlink_delinearize.c |  7 +++++--
 src/netlink_linearize.c   |  6 ++++--
 src/parser_bison.y        | 14 +++++++++++++-
 src/rule.c                | 45 ++++++++++++++++++++++++++++++++++++++++++---
 5 files changed, 73 insertions(+), 10 deletions(-)

diff --git a/include/rule.h b/include/rule.h
index c848f0f..c500e88 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -4,6 +4,7 @@
 #include <stdint.h>
 #include <nftables.h>
 #include <list.h>
+#include <libnftnl/udata.h>
 
 /**
  * struct handle - handle for tables, chains, rules and sets
@@ -155,7 +156,7 @@ extern void chain_print_plain(const struct chain *chain);
  * @location:	location the rule was defined at
  * @stmt:	list of statements
  * @num_stmts:	number of statements in stmts list
- * @comment:	comment
+ * @udata:	user data
  */
 struct rule {
 	struct list_head	list;
@@ -163,7 +164,7 @@ struct rule {
 	struct location		location;
 	struct list_head	stmts;
 	unsigned int		num_stmts;
-	const char		*comment;
+	struct nftnl_udata_buf	*udata;
 };
 
 extern struct rule *rule_alloc(const struct location *loc,
@@ -396,4 +397,10 @@ extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
 extern int cache_update(enum cmd_ops cmd, struct list_head *msgs);
 extern void cache_release(void);
 
+enum udata_type {
+	UDATA_TYPE_COMMENT,
+	__UDATA_TYPE_MAX,
+};
+#define UDATA_TYPE_MAX (__UDATA_TYPE_MAX - 1)
+
 #endif /* NFTABLES_RULE_H */
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index d431588..e655e00 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -25,6 +25,7 @@
 #include <utils.h>
 #include <erec.h>
 #include <sys/socket.h>
+#include <libnftnl/udata.h>
 
 struct netlink_parse_ctx {
 	struct list_head	*msgs;
@@ -1773,8 +1774,10 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
 		uint32_t len;
 
 		data = nftnl_rule_get_data(nlr, NFTNL_RULE_USERDATA, &len);
-		pctx->rule->comment = xmalloc(len);
-		memcpy((char *)pctx->rule->comment, data, len);
+		pctx->rule->udata = nftnl_udata_alloc(len);
+		if (!pctx->rule->udata)
+			memory_allocation_error();
+		nftnl_udata_copy_data(pctx->rule->udata, data, len);
 	}
 
 	nftnl_expr_foreach((struct nftnl_rule *)nlr, netlink_parse_expr, pctx);
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index bb51de7..5ac438e 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -21,6 +21,7 @@
 #include <netinet/in.h>
 
 #include <linux/netfilter.h>
+#include <libnftnl/udata.h>
 
 
 struct netlink_linearize_ctx {
@@ -1171,9 +1172,10 @@ void netlink_linearize_rule(struct netlink_ctx *ctx, struct nftnl_rule *nlr,
 	list_for_each_entry(stmt, &rule->stmts, list)
 		netlink_gen_stmt(&lctx, stmt);
 
-	if (rule->comment)
+	if (rule->udata)
 		nftnl_rule_set_data(nlr, NFTNL_RULE_USERDATA,
-				    rule->comment, strlen(rule->comment) + 1);
+				    nftnl_udata_data(rule->udata),
+				    nftnl_udata_len(rule->udata));
 
 	netlink_dump_rule(nlr);
 }
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 90978ab..9f8c005 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -24,6 +24,7 @@
 #include <netinet/icmp6.h>
 #include <libnftnl/common.h>
 #include <libnftnl/set.h>
+#include <libnftnl/udata.h>
 
 #include <rule.h>
 #include <statement.h>
@@ -1303,7 +1304,18 @@ rule			:	stmt_list	comment_spec
 				struct stmt *i;
 
 				$$ = rule_alloc(&@$, NULL);
-				$$->comment = $2;
+
+				if ($2) {
+					if (!($$->udata = nftnl_udata_alloc(NFT_USERDATA_MAXLEN)))
+						memory_allocation_error();
+
+					if (!nftnl_udata_put_strz($$->udata, UDATA_TYPE_COMMENT, $2)) {
+						erec_queue(error(&@2, "Comment too long: \"%s\"", $2),
+							state->msgs);
+						YYERROR;
+					}
+				}
+
 				list_for_each_entry(i, $1, list)
 					$$->num_stmts++;
 				list_splice_tail($1, &$$->stmts);
diff --git a/src/rule.c b/src/rule.c
index 0b78549..112ae85 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -23,6 +23,7 @@
 
 #include <libnftnl/common.h>
 #include <libnftnl/ruleset.h>
+#include <libnftnl/udata.h>
 #include <netinet/ip.h>
 #include <linux/netfilter.h>
 #include <linux/netfilter_arp.h>
@@ -375,21 +376,59 @@ void rule_free(struct rule *rule)
 {
 	stmt_list_free(&rule->stmts);
 	handle_free(&rule->handle);
-	xfree(rule->comment);
+	nftnl_udata_free(rule->udata);
 	xfree(rule);
 }
 
+static int rule_parse_udata_cb(const struct nftnl_udata *attr, void *data)
+{
+	unsigned char *value = nftnl_udata_attr_value(attr);
+	uint8_t type = nftnl_udata_attr_type(attr);
+	uint8_t len = nftnl_udata_attr_len(attr);
+	const struct nftnl_udata **tb = data;
+
+	switch (type) {
+	case UDATA_TYPE_COMMENT:
+		if (value[len - 1] != '\0')
+			return -1;
+		break;
+	default:
+		break;
+	};
+
+	tb[type] = attr;
+	return 1;
+}
+
+static void rule_print_udata(const struct nftnl_udata *tb[], uint8_t type)
+{
+	if (!tb[type])
+		return;
+
+	switch (type) {
+	case UDATA_TYPE_COMMENT:
+		printf("comment \"%s\" ",
+		       (char *)nftnl_udata_attr_value(tb[type]));
+		break;
+	default:
+		break;
+	}
+}
+
 void rule_print(const struct rule *rule)
 {
 	const struct stmt *stmt;
+	const struct nftnl_udata *tb[UDATA_TYPE_MAX + 1] = {};
 
 	list_for_each_entry(stmt, &rule->stmts, list) {
 		stmt->ops->print(stmt);
 		printf(" ");
 	}
 
-	if (rule->comment)
-		printf("comment \"%s\" ", rule->comment);
+	if (rule->udata) {
+		if (nftnl_udata_parse(rule->udata, rule_parse_udata_cb, tb) > 0)
+			rule_print_udata(tb, UDATA_TYPE_COMMENT);
+	}
 
 	if (handle_output > 0)
 		printf("# handle %" PRIu64, rule->handle.handle);
-- 
2.7.2

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/4 v4] nftables: rule: Change the field "rule->comment" for an nftnl_udata_buf

[Pablo Neira Ayuso]

On Thu, Mar 10, 2016 at 10:37:16PM +0100, Carlos Falgueras García wrote:
> Now it is possible to store multiple variable length user data into rule.
> Modify the parser in order to fill the nftnl_udata with the comment, and
> the print function for extract these commentary and print it to user.
> 
> Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
> ---
>  include/rule.h            | 11 +++++++++--
>  src/netlink_delinearize.c |  7 +++++--
>  src/netlink_linearize.c   |  6 ++++--
>  src/parser_bison.y        | 14 +++++++++++++-
>  src/rule.c                | 45 ++++++++++++++++++++++++++++++++++++++++++---
>  5 files changed, 73 insertions(+), 10 deletions(-)
> 
> diff --git a/include/rule.h b/include/rule.h
> index c848f0f..c500e88 100644
> --- a/include/rule.h
> +++ b/include/rule.h
> @@ -4,6 +4,7 @@
>  #include <stdint.h>
>  #include <nftables.h>
>  #include <list.h>
> +#include <libnftnl/udata.h>
>  
>  /**
>   * struct handle - handle for tables, chains, rules and sets
> @@ -155,7 +156,7 @@ extern void chain_print_plain(const struct chain *chain);
>   * @location:	location the rule was defined at
>   * @stmt:	list of statements
>   * @num_stmts:	number of statements in stmts list
> - * @comment:	comment
> + * @udata:	user data
>   */
>  struct rule {
>  	struct list_head	list;
> @@ -163,7 +164,7 @@ struct rule {
>  	struct location		location;
>  	struct list_head	stmts;
>  	unsigned int		num_stmts;
> -	const char		*comment;
> +	struct nftnl_udata_buf	*udata;

I think we should keep the:

        const char              *comment;

The nftnl_udata_buf should only be used when building the TLV area
from the netlink_linearize step, and when parsing the TLV and covert
it to attribute from netlink_delinearize. Otherwise, we have to deal
with this internal layout from other parts of nft that are not netlink
specific.

>  };
>  
>  extern struct rule *rule_alloc(const struct location *loc,
> @@ -396,4 +397,10 @@ extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
>  extern int cache_update(enum cmd_ops cmd, struct list_head *msgs);
>  extern void cache_release(void);
>  
> +enum udata_type {
> +	UDATA_TYPE_COMMENT,
> +	__UDATA_TYPE_MAX,
> +};
> +#define UDATA_TYPE_MAX (__UDATA_TYPE_MAX - 1)
> +
>  #endif /* NFTABLES_RULE_H */
> diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
> index d431588..e655e00 100644
> --- a/src/netlink_delinearize.c
> +++ b/src/netlink_delinearize.c
> @@ -25,6 +25,7 @@
>  #include <utils.h>
>  #include <erec.h>
>  #include <sys/socket.h>
> +#include <libnftnl/udata.h>
>  
>  struct netlink_parse_ctx {
>  	struct list_head	*msgs;
> @@ -1773,8 +1774,10 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
>  		uint32_t len;
>  
>  		data = nftnl_rule_get_data(nlr, NFTNL_RULE_USERDATA, &len);
> -		pctx->rule->comment = xmalloc(len);
> -		memcpy((char *)pctx->rule->comment, data, len);
> +		pctx->rule->udata = nftnl_udata_alloc(len);
> +		if (!pctx->rule->udata)
> +			memory_allocation_error();
> +		nftnl_udata_copy_data(pctx->rule->udata, data, len);

Therefore, here you should extract the data from the udata and set
pctx->rule->comment.

>  	}
>  
>  	nftnl_expr_foreach((struct nftnl_rule *)nlr, netlink_parse_expr, pctx);
> diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
> index bb51de7..5ac438e 100644
> --- a/src/netlink_linearize.c
> +++ b/src/netlink_linearize.c
> @@ -21,6 +21,7 @@
>  #include <netinet/in.h>
>  
>  #include <linux/netfilter.h>
> +#include <libnftnl/udata.h>
>  
>  
>  struct netlink_linearize_ctx {
> @@ -1171,9 +1172,10 @@ void netlink_linearize_rule(struct netlink_ctx *ctx, struct nftnl_rule *nlr,
>  	list_for_each_entry(stmt, &rule->stmts, list)
>  		netlink_gen_stmt(&lctx, stmt);
>  
> -	if (rule->comment)
> +	if (rule->udata)
>  		nftnl_rule_set_data(nlr, NFTNL_RULE_USERDATA,
> -				    rule->comment, strlen(rule->comment) + 1);
> +				    nftnl_udata_data(rule->udata),
> +				    nftnl_udata_len(rule->udata));

When linearizing, you should do something like:

if (rule->comment) {
	udata = nftnl_udata_alloc(NFT_USERDATA_MAXLEN));
        if (!udata)
                memory_allocation_error();

	if (!nftnl_udata_put_strz(udata, UDATA_TYPE_COMMENT, rule->comment))
                memory_allocation_error();

        nftnl_rule_set_data(nlr, NFTNL_RULE_USERDATA,
                            nftnl_udata_data(udata),
                            nftnl_udata_len(udata));
}

>
>  	netlink_dump_rule(nlr);
>  }
> diff --git a/src/parser_bison.y b/src/parser_bison.y
> index 90978ab..9f8c005 100644
> --- a/src/parser_bison.y
> +++ b/src/parser_bison.y
> @@ -24,6 +24,7 @@
>  #include <netinet/icmp6.h>
>  #include <libnftnl/common.h>
>  #include <libnftnl/set.h>
> +#include <libnftnl/udata.h>
>  
>  #include <rule.h>
>  #include <statement.h>
> @@ -1303,7 +1304,18 @@ rule			:	stmt_list	comment_spec
>  				struct stmt *i;
>  
>  				$$ = rule_alloc(&@$, NULL);
> -				$$->comment = $2;
> +
> +				if ($2) {
> +					if (!($$->udata = nftnl_udata_alloc(NFT_USERDATA_MAXLEN)))
> +						memory_allocation_error();
> +
> +					if (!nftnl_udata_put_strz($$->udata, UDATA_TYPE_COMMENT, $2)) {
> +						erec_queue(error(&@2, "Comment too long: \"%s\"", $2),
> +							state->msgs);
> +						YYERROR;
> +					}
> +				}

With the change I propose above, you don't need to update the parser
anymore.

> +
>  				list_for_each_entry(i, $1, list)
>  					$$->num_stmts++;
>  				list_splice_tail($1, &$$->stmts);
> diff --git a/src/rule.c b/src/rule.c
> index 0b78549..112ae85 100644
> --- a/src/rule.c
> +++ b/src/rule.c
> @@ -23,6 +23,7 @@
>  
>  #include <libnftnl/common.h>
>  #include <libnftnl/ruleset.h>
> +#include <libnftnl/udata.h>
>  #include <netinet/ip.h>
>  #include <linux/netfilter.h>
>  #include <linux/netfilter_arp.h>
> @@ -375,21 +376,59 @@ void rule_free(struct rule *rule)
>  {
>  	stmt_list_free(&rule->stmts);
>  	handle_free(&rule->handle);
> -	xfree(rule->comment);
> +	nftnl_udata_free(rule->udata);

This change, you will not need it with the change I'm proposing.

>  	xfree(rule);
>  }
>  
> +static int rule_parse_udata_cb(const struct nftnl_udata *attr, void *data)
> +{
> +	unsigned char *value = nftnl_udata_attr_value(attr);
> +	uint8_t type = nftnl_udata_attr_type(attr);
> +	uint8_t len = nftnl_udata_attr_len(attr);
> +	const struct nftnl_udata **tb = data;
> +
> +	switch (type) {
> +	case UDATA_TYPE_COMMENT:
> +		if (value[len - 1] != '\0')
> +			return -1;
> +		break;
> +	default:
> +		break;
> +	};
> +
> +	tb[type] = attr;
> +	return 1;
> +}
> +
> +static void rule_print_udata(const struct nftnl_udata *tb[], uint8_t type)
> +{
> +	if (!tb[type])
> +		return;
> +
> +	switch (type) {
> +	case UDATA_TYPE_COMMENT:
> +		printf("comment \"%s\" ",
> +		       (char *)nftnl_udata_attr_value(tb[type]));
> +		break;
> +	default:
> +		break;
> +	}
> +}

... And these functions, you will place them in netlink_delinearize.c,
which is where they belong since they are dealing with a low-level
netlink aspect.

>  void rule_print(const struct rule *rule)
>  {
>  	const struct stmt *stmt;
> +	const struct nftnl_udata *tb[UDATA_TYPE_MAX + 1] = {};
>  
>  	list_for_each_entry(stmt, &rule->stmts, list) {
>  		stmt->ops->print(stmt);
>  		printf(" ");
>  	}
>  
> -	if (rule->comment)
> -		printf("comment \"%s\" ", rule->comment);
> +	if (rule->udata) {
> +		if (nftnl_udata_parse(rule->udata, rule_parse_udata_cb, tb) > 0)
> +			rule_print_udata(tb, UDATA_TYPE_COMMENT);
> +	}

With the change I'm proposing above, you will not need this either.

>  	if (handle_output > 0)
>  		printf("# handle %" PRIu64, rule->handle.handle);
> -- 
> 2.7.2
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/4 v4] nftables: rule: Change the field "rule->comment" for an nftnl_udata_buf

[Carlos Falgueras García]

Thanks Pablo. I will send all of these changes now.

Re: [PATCH 1/4 v4] libnftnl: Implement new buffer of TLV objects

[Pablo Neira Ayuso]

Hi Carlos,

Almost there, just a bit more small incremental changes.

On Thu, Mar 10, 2016 at 10:37:13PM +0100, Carlos Falgueras García wrote:
> These functions allow to create a buffer (nftnl_udata_buf) of TLV objects
> (nftnl_udata). It is inspired by libmnl/src/attr.c. It can be used to store
> several variable length user data into an object.
> 
> Example usage:
> 	```
> 	struct nftnl_udata_buf *buf;
> 	struct nftnl_udata *attr;
> 	const char str[] = "Hello World!";
> 
> 	buf = nftnl_udata_alloc(UDATA_SIZE);
> 	if (!buf) {
> 		perror("OOM");
> 		exit(EXIT_FAILURE);
> 	}
> 
> 	if (!nftnl_udata_put_strz(buf, MY_TYPE, str)) {
> 		perror("Can't put attribute \"%s\"", str);
> 		exit(EXIT_FAILURE);
> 	}
> 
> 	nftnl_udata_for_each(buf, attr) {
> 		printf("%s\n", (char *)nftnl_udata_attr_value(attr));
> 	}
> 
> 	nftnl_udata_free(buf);
> 	```
> 
> Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
> ---
>  include/Makefile.am          |   1 +
>  include/libnftnl/Makefile.am |   1 +
>  include/libnftnl/udata.h     |  48 ++++++++++++++++
>  include/udata.h              |  40 +++++++++++++
>  src/Makefile.am              |   1 +
>  src/libnftnl.map             |  16 ++++++
>  src/udata.c                  | 134 +++++++++++++++++++++++++++++++++++++++++++
>  7 files changed, 241 insertions(+)
>  create mode 100644 include/libnftnl/udata.h
>  create mode 100644 include/udata.h
>  create mode 100644 src/udata.c
> 
> diff --git a/include/Makefile.am b/include/Makefile.am
> index be9eb9b..9f55737 100644
> --- a/include/Makefile.am
> +++ b/include/Makefile.am
> @@ -12,4 +12,5 @@ noinst_HEADERS = internal.h	\
>  		 expr.h		\
>  		 json.h		\
>  		 set_elem.h	\
> +		 udata.h	\
>  		 utils.h
> diff --git a/include/libnftnl/Makefile.am b/include/libnftnl/Makefile.am
> index 84f01b6..457ec95 100644
> --- a/include/libnftnl/Makefile.am
> +++ b/include/libnftnl/Makefile.am
> @@ -7,4 +7,5 @@ pkginclude_HEADERS = batch.h		\
>  		     set.h		\
>  		     ruleset.h		\
>  		     common.h		\
> +		     udata.h		\
>  		     gen.h
> diff --git a/include/libnftnl/udata.h b/include/libnftnl/udata.h
> new file mode 100644
> index 0000000..a74e54c
> --- /dev/null
> +++ b/include/libnftnl/udata.h
> @@ -0,0 +1,48 @@
> +#ifndef _LIBNFTNL_UDATA_H_
> +#define _LIBNFTNL_UDATA_H_
> +
> +#include <stdio.h>
> +#include <stdint.h>
> +
> +/*
> + * nftnl user data attributes API
> + */
> +struct nftnl_udata;
> +struct nftnl_udata_buf;
> +
> +/* nftnl_udata_buf */
> +struct nftnl_udata_buf *nftnl_udata_alloc(size_t data_size);
> +void nftnl_udata_free(struct nftnl_udata_buf *buf);
> +size_t nftnl_udata_len(const struct nftnl_udata_buf *buf);
> +size_t nftnl_udata_size(const struct nftnl_udata_buf *buf);
> +void *nftnl_udata_data(const struct nftnl_udata_buf *buf);
> +void nftnl_udata_copy_data(struct nftnl_udata_buf *buf, const void *data,
> +			   size_t len);
> +struct nftnl_udata *nftnl_udata_start(const struct nftnl_udata_buf *buf);
> +struct nftnl_udata *nftnl_udata_end(const struct nftnl_udata_buf *buf);
> +
> +/* putters */
> +struct nftnl_udata *nftnl_udata_put(struct nftnl_udata_buf *buf, uint8_t type,
> +				    size_t len, const void *value);
> +struct nftnl_udata *nftnl_udata_put_strz(struct nftnl_udata_buf *buf,
> +					 uint8_t type, const char *strz);
> +
> +/* nftnl_udata_attr */
> +uint8_t nftnl_udata_attr_type(const struct nftnl_udata *attr);
> +uint8_t nftnl_udata_attr_len(const struct nftnl_udata *attr);
> +void *nftnl_udata_attr_value(const struct nftnl_udata *attr);
> +
> +/* iterator */
> +struct nftnl_udata *nftnl_udata_attr_next(const struct nftnl_udata *attr);
> +
> +#define nftnl_udata_for_each(buf, attr)                       \
> +	for ((attr) = nftnl_udata_start(buf);                 \
> +	     (char *)(nftnl_udata_end(buf)) > (char *)(attr); \
> +	     (attr) = nftnl_udata_attr_next(attr))
> +
> +typedef int (*nftnl_udata_cb_t)(const struct nftnl_udata *attr,
> +				void *data);
> +int nftnl_udata_parse(const struct nftnl_udata_buf *buf, nftnl_udata_cb_t cb,
> +		      void *data);
> +
> +#endif /* _LIBNFTNL_UDATA_H_ */
> diff --git a/include/udata.h b/include/udata.h
> new file mode 100644
> index 0000000..271ee50
> --- /dev/null
> +++ b/include/udata.h
> @@ -0,0 +1,40 @@
> +#ifndef _LIBNFTNL_UDATA_INTERNAL_H_
> +#define _LIBNFTNL_UDATA_INTERNAL_H_
> +
> +#include <stdint.h>
> +#include <stddef.h>
> +
> +/*
> + * TLV structures:
> + * nftnl_udata
> + *  <-------- HEADER --------> <------ PAYLOAD ------>
> + * +------------+-------------+- - - - - - - - - - - -+
> + * |    type    |     len     |         value         |
> + * |  (1 byte)  |   (1 byte)  |                       |
> + * +--------------------------+- - - - - - - - - - - -+
> + *  <-- sizeof(nftnl_udata) -> <-- nftnl_udata->len -->
> + */
> +struct nftnl_udata {
> +	uint8_t type;
> +	uint8_t len;
> +	unsigned char value[];
> +} __attribute__((__packed__));
> +
> +/*
> + *              +---------------------------------++
> + *              | data[]                          ||
> + *              |   ||                            ||
> + *              |   \/                            \/
> + *  +-------+-------+-------+-------+ ... +-------+- - - - - - -+
> + *  | size  |  end  |  TLV  |  TLV  |     |  TLV  |    Empty    |
> + *  +-------+-------+-------+-------+ ... +-------+- - - - - - -+
> + *                  |<---- nftnl_udata_len() ---->|
> + *                  |<----------- nftnl_udata_size() ---------->|
> + */
> +struct nftnl_udata_buf {
> +	size_t size;
> +	char  *end;
> +	char   data[];
> +};
> +
> +#endif /* _LIBNFTNL_UDATA_INTERNAL_H_ */
> diff --git a/src/Makefile.am b/src/Makefile.am
> index a27e292..7e580e4 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -19,6 +19,7 @@ libnftnl_la_SOURCES = utils.c		\
>  		      ruleset.c		\
>  		      mxml.c		\
>  		      jansson.c		\
> +		      udata.c		\
>  		      expr.c		\
>  		      expr_ops.c	\
>  		      expr/bitwise.c	\
> diff --git a/src/libnftnl.map b/src/libnftnl.map
> index 2e193b7..d6cd2a7 100644
> --- a/src/libnftnl.map
> +++ b/src/libnftnl.map
> @@ -336,6 +336,22 @@ global:
>    nftnl_set_snprintf;
>    nftnl_set_fprintf;
>  
> +  nftnl_udata_alloc;
> +  nftnl_udata_free;
> +  nftnl_udata_len;
> +  nftnl_udata_size;
> +  nftnl_udata_data;
> +  nftnl_udata_copy_data;
> +  nftnl_udata_start;
> +  nftnl_udata_end;
> +  nftnl_udata_put;
> +  nftnl_udata_put_strz;
> +  nftnl_udata_attr_type;
> +  nftnl_udata_attr_len;
> +  nftnl_udata_attr_value;
> +  nftnl_udata_attr_next;
> +  nftnl_udata_parse;

Please, add these new symbols to LIBNFTNL_4.1.

>    nftnl_set_list_alloc;
>    nftnl_set_list_free;
>    nftnl_set_list_add;
> diff --git a/src/udata.c b/src/udata.c
> new file mode 100644
> index 0000000..0503ca3
> --- /dev/null
> +++ b/src/udata.c
> @@ -0,0 +1,134 @@
> +#include <libnftnl/udata.h>
> +#include <udata.h>
> +#include <utils.h>
> +
> +#include <stdlib.h>
> +#include <stdint.h>
> +#include <string.h>
> +
> +struct nftnl_udata_buf *nftnl_udata_alloc(size_t data_size)
> +{
> +	struct nftnl_udata_buf *buf;
> +
> +	buf = (struct nftnl_udata_buf *)
> +		malloc(sizeof(struct nftnl_udata_buf) + data_size);

No need for casting, ie.

	buf = malloc(sizeof(struct nftnl_udata_buf) + data_size);

> +	if (!buf)
> +		return NULL;
> +	buf->size = data_size;
> +	buf->end = buf->data;
> +
> +	return buf;
> +}
> +EXPORT_SYMBOL(nftnl_udata_alloc);
> +
> +void nftnl_udata_free(struct nftnl_udata_buf *buf)
> +{
> +	buf->size = 0;
> +	buf->end = NULL;
> +	free((void *)buf);
             ^^^^^^^^
No need for cast this either here.

> +}
> +EXPORT_SYMBOL(nftnl_udata_free);
> +
> +size_t nftnl_udata_len(const struct nftnl_udata_buf *buf)

Better use uint32_t instead of size_t. This type depends on the arch
so in 32 bit will be u32 and in 64 bit will be u64.

And uint32_t should be sufficient for this, same thing here and
everywhere else.

> +{
> +	return (size_t)(buf->end - buf->data);
> +}
> +EXPORT_SYMBOL(nftnl_udata_len);
> +
> +size_t nftnl_udata_size(const struct nftnl_udata_buf *buf)

Same thing here.

> +{
> +	return buf->size;
> +}
> +EXPORT_SYMBOL(nftnl_udata_size);
> +
> +void *nftnl_udata_data(const struct nftnl_udata_buf *buf)
> +{
> +	return (void *)buf->data;
> +}
> +EXPORT_SYMBOL(nftnl_udata_data);
> +
> +void nftnl_udata_copy_data(struct nftnl_udata_buf *buf,
> +			   const void *data, size_t len)
> +{
> +	memcpy(buf->data, data, len <= buf->size ? len : buf->size);
> +	buf->end = buf->data + len;
> +}
> +EXPORT_SYMBOL(nftnl_udata_copy_data);
> +
> +struct nftnl_udata *nftnl_udata_start(const struct nftnl_udata_buf *buf)
> +{
> +	return (struct nftnl_udata *)buf->data;
> +}
> +EXPORT_SYMBOL(nftnl_udata_start);
> +
> +struct nftnl_udata *nftnl_udata_end(const struct nftnl_udata_buf *buf)
> +{
> +	return (struct nftnl_udata *)buf->end;
> +}
> +EXPORT_SYMBOL(nftnl_udata_end);
> +
> +struct nftnl_udata *nftnl_udata_put(struct nftnl_udata_buf *buf,
> +				    uint8_t type, size_t len, const void *value)
> +{
> +	struct nftnl_udata *attr = NULL;
> +
> +	/* Check if there is enough space */

Remove this comment.

> +	if (buf->size >= len + sizeof(struct nftnl_udata)) {
> +		attr = (struct nftnl_udata *)buf->end;
> +		attr->len  = len;
> +		attr->type = type;
> +		memcpy(attr->value, value, len);
> +
> +		buf->end = (char *)nftnl_udata_attr_next(attr);
> +	}
> +
> +	return attr;

Why return the nftnl_udata? You can just return a boolean instead.
Same thing in nftnl_udata_put_strz().
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/4 v4] libnftnl: Implement new buffer of TLV objects

[Carlos Falgueras García]

Thank you Pablo for the feedback. I will send now the version 5 with all 
changes you have asked me.

On 12/03/16 12:09, Pablo Neira Ayuso wrote:
>> diff --git a/src/libnftnl.map b/src/libnftnl.map
>> index 2e193b7..d6cd2a7 100644
>> --- a/src/libnftnl.map
>> +++ b/src/libnftnl.map
>> @@ -336,6 +336,22 @@ global:
>>     nftnl_set_snprintf;
>>     nftnl_set_fprintf;
>>
>> +  nftnl_udata_alloc;
>> +  nftnl_udata_free;
>> +  nftnl_udata_len;
>> +  nftnl_udata_size;
>> +  nftnl_udata_data;
>> +  nftnl_udata_copy_data;
>> +  nftnl_udata_start;
>> +  nftnl_udata_end;
>> +  nftnl_udata_put;
>> +  nftnl_udata_put_strz;
>> +  nftnl_udata_attr_type;
>> +  nftnl_udata_attr_len;
>> +  nftnl_udata_attr_value;
>> +  nftnl_udata_attr_next;
>> +  nftnl_udata_parse;
>
> Please, add these new symbols to LIBNFTNL_4.1.
Done

>> diff --git a/src/udata.c b/src/udata.c
>> new file mode 100644
>> index 0000000..0503ca3
>> --- /dev/null
>> +++ b/src/udata.c
>> @@ -0,0 +1,134 @@
>> +#include <libnftnl/udata.h>
>> +#include <udata.h>
>> +#include <utils.h>
>> +
>> +#include <stdlib.h>
>> +#include <stdint.h>
>> +#include <string.h>
>> +
>> +struct nftnl_udata_buf *nftnl_udata_alloc(size_t data_size)
>> +{
>> +	struct nftnl_udata_buf *buf;
>> +
>> +	buf = (struct nftnl_udata_buf *)
>> +		malloc(sizeof(struct nftnl_udata_buf) + data_size);
>
> No need for casting, ie.
>
> 	buf = malloc(sizeof(struct nftnl_udata_buf) + data_size);
>
>> +	if (!buf)
>> +		return NULL;
>> +	buf->size = data_size;
>> +	buf->end = buf->data;
>> +
>> +	return buf;
>> +}
>> +EXPORT_SYMBOL(nftnl_udata_alloc);
>> +
>> +void nftnl_udata_free(struct nftnl_udata_buf *buf)
>> +{
>> +	buf->size = 0;
>> +	buf->end = NULL;
>> +	free((void *)buf);
>               ^^^^^^^^
> No need for cast this either here.
>

I have changed this everywere.

>> +}
>> +EXPORT_SYMBOL(nftnl_udata_free);
>> +
>> +size_t nftnl_udata_len(const struct nftnl_udata_buf *buf)
>
> Better use uint32_t instead of size_t. This type depends on the arch
> so in 32 bit will be u32 and in 64 bit will be u64.
>
> And uint32_t should be sufficient for this, same thing here and
> everywhere else.
>
>> +{
>> +	return (size_t)(buf->end - buf->data);
>> +}
>> +EXPORT_SYMBOL(nftnl_udata_len);
>> +
>> +size_t nftnl_udata_size(const struct nftnl_udata_buf *buf)
>
> Same thing here.

Done.

>
>> +{
>> +	return buf->size;
>> +}
>> +EXPORT_SYMBOL(nftnl_udata_size);
>> +
>> +void *nftnl_udata_data(const struct nftnl_udata_buf *buf)
>> +{
>> +	return (void *)buf->data;
>> +}
>> +EXPORT_SYMBOL(nftnl_udata_data);
>> +
>> +void nftnl_udata_copy_data(struct nftnl_udata_buf *buf,
>> +			   const void *data, size_t len)
>> +{
>> +	memcpy(buf->data, data, len <= buf->size ? len : buf->size);
>> +	buf->end = buf->data + len;
>> +}
>> +EXPORT_SYMBOL(nftnl_udata_copy_data);
>> +
>> +struct nftnl_udata *nftnl_udata_start(const struct nftnl_udata_buf *buf)
>> +{
>> +	return (struct nftnl_udata *)buf->data;
>> +}
>> +EXPORT_SYMBOL(nftnl_udata_start);
>> +
>> +struct nftnl_udata *nftnl_udata_end(const struct nftnl_udata_buf *buf)
>> +{
>> +	return (struct nftnl_udata *)buf->end;
>> +}
>> +EXPORT_SYMBOL(nftnl_udata_end);
>> +
>> +struct nftnl_udata *nftnl_udata_put(struct nftnl_udata_buf *buf,
>> +				    uint8_t type, size_t len, const void *value)
>> +{
>> +	struct nftnl_udata *attr = NULL;
>> +
>> +	/* Check if there is enough space */
>
> Remove this comment.

Done.

>
>> +	if (buf->size >= len + sizeof(struct nftnl_udata)) {
>> +		attr = (struct nftnl_udata *)buf->end;
>> +		attr->len  = len;
>> +		attr->type = type;
>> +		memcpy(attr->value, value, len);
>> +
>> +		buf->end = (char *)nftnl_udata_attr_next(attr);
>> +	}
>> +
>> +	return attr;
>
> Why return the nftnl_udata? You can just return a boolean instead.
> Same thing in nftnl_udata_put_strz().

I thought it would be useful, actually it is not. I deleted it.