[PATCH 1/2 libnftnl] set_elem: Copy user data memory

[PATCH 1/2 libnftnl] set_elem: Copy user data memory

[Carlos Falgueras García]

All attributes are passed by copy, so user data should be copied too.

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
---
 src/set_elem.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/set_elem.c b/src/set_elem.c
index 990be24..b9c7e1e 100644
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -125,8 +125,14 @@ void nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr,
 		s->timeout = *((uint64_t *)data);
 		break;
 	case NFTNL_SET_ELEM_USERDATA: /* NFTA_SET_ELEM_USERDATA */
-		s->user.data = (void *)data;
-		s->user.len  = data_len;
+		if (s->user.data != NULL)
+			xfree(s->user.data);
+
+		s->user.data = malloc(data_len);
+		if (!s->user.data)
+			return;
+		memcpy(s->user.data, data, data_len);
+		s->user.len = data_len;
 		break;
 	default:
 		return;
-- 
2.8.2

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/2 nft] set_elem: Use libnftnl/udata to store set element comment

[Carlos Falgueras García]

The set element comment is stored in nftnl_set_elem->user.data using
libnftnl/udata infrastructure. This allows store multiple variable length
user data into set element.

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
---
 src/netlink.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 46 insertions(+), 4 deletions(-)

diff --git a/src/netlink.c b/src/netlink.c
index b0dcb90..f82d4fa 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -22,6 +22,7 @@
 #include <libnftnl/chain.h>
 #include <libnftnl/expr.h>
 #include <libnftnl/set.h>
+#include <libnftnl/udata.h>
 #include <libnftnl/common.h>
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nf_tables.h>
@@ -208,6 +209,7 @@ static struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *expr)
 	const struct expr *elem, *key, *data;
 	struct nftnl_set_elem *nlse;
 	struct nft_data_linearize nld;
+	struct nftnl_udata_buf *udbuf;
 
 	nlse = nftnl_set_elem_alloc();
 	if (nlse == NULL)
@@ -228,9 +230,18 @@ static struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *expr)
 	if (elem->timeout)
 		nftnl_set_elem_set_u64(nlse, NFTNL_SET_ELEM_TIMEOUT,
 				       elem->timeout);
-	if (elem->comment)
+	if (elem->comment) {
+		udbuf = nftnl_udata_buf_alloc(NFT_USERDATA_MAXLEN);
+		if (!udbuf)
+			memory_allocation_error();
+		if (!nftnl_udata_put_strz(udbuf, UDATA_TYPE_COMMENT,
+					  elem->comment))
+			memory_allocation_error();
 		nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_USERDATA,
-				   elem->comment, strlen(elem->comment) + 1);
+				   nftnl_udata_buf_data(udbuf),
+				   nftnl_udata_buf_len(udbuf));
+		nftnl_udata_buf_free(udbuf);
+	}
 
 	if (data != NULL) {
 		netlink_gen_data(data, &nld);
@@ -1421,6 +1432,38 @@ static struct expr *netlink_parse_concat_elem(const struct datatype *dtype,
 	return concat;
 }
 
+static int parse_udata_cb(const struct nftnl_udata *attr, void *data)
+{
+	unsigned char *value = nftnl_udata_get(attr);
+	uint8_t type = nftnl_udata_type(attr);
+	uint8_t len = nftnl_udata_len(attr);
+	const struct nftnl_udata **tb = data;
+
+	switch (type) {
+	case UDATA_TYPE_COMMENT:
+		if (value[len - 1] != '\0')
+			return -1;
+		break;
+	default:
+		return 0;
+	}
+	tb[type] = attr;
+	return 0;
+}
+
+static char *udata_get_comment(const void *data, uint32_t data_len)
+{
+	const struct nftnl_udata *tb[UDATA_TYPE_MAX + 1] = {};
+
+	if (nftnl_udata_parse(data, data_len, parse_udata_cb, tb) < 0)
+		return NULL;
+
+	if (!tb[UDATA_TYPE_COMMENT])
+		return NULL;
+
+	return xstrdup(nftnl_udata_get(tb[UDATA_TYPE_COMMENT]));
+}
+
 static int netlink_delinearize_setelem(struct nftnl_set_elem *nlse,
 				       const struct set *set)
 {
@@ -1457,8 +1500,7 @@ static int netlink_delinearize_setelem(struct nftnl_set_elem *nlse,
 		uint32_t len;
 
 		data = nftnl_set_elem_get(nlse, NFTNL_SET_ELEM_USERDATA, &len);
-		expr->comment = xmalloc(len);
-		memcpy((char *)expr->comment, data, len);
+		expr->comment = udata_get_comment(data, len);
 	}
 	if (nftnl_set_elem_is_set(nlse, NFT_SET_ELEM_ATTR_EXPR)) {
 		const struct nftnl_expr *nle;
-- 
2.8.2

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/2 libnftnl] set_elem: Copy user data memory

[Pablo Neira Ayuso]

On Fri, May 27, 2016 at 04:56:54PM +0200, Carlos Falgueras García wrote:
> All attributes are passed by copy, so user data should be copied too.

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 2/2 nft] set_elem: Use libnftnl/udata to store set element comment

[Pablo Neira Ayuso]

On Fri, May 27, 2016 at 04:56:55PM +0200, Carlos Falgueras García wrote:
> The set element comment is stored in nftnl_set_elem->user.data using
> libnftnl/udata infrastructure. This allows store multiple variable length
> user data into set element.

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html