[PATCH 4/4 v5] nftables: rule: Change the field "rule->comment" for an nftnl_udata_buf

From: "Carlos Falgueras García" <carlosfg@riseup.net>
To: netfilter-devel@vger.kernel.org
Cc: pablo@netfilter.org, kaber@trash.net
Subject: [PATCH 4/4 v5] nftables: rule: Change the field "rule->comment" for an nftnl_udata_buf
Date: Tue, 15 Mar 2016 21:28:07 +0100	[thread overview]
Message-ID: <1458073687-23870-4-git-send-email-carlosfg@riseup.net> (raw)
In-Reply-To: <1458073687-23870-1-git-send-email-carlosfg@riseup.net>

Now it is possible to store multiple variable length user data into rule.
Modify the parser in order to fill the nftnl_udata with the comment, and
the print function for extract these commentary and print it to user.

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
---
 include/rule.h            |  7 +++++++
 src/netlink_delinearize.c | 52 +++++++++++++++++++++++++++++++++++++++++++++--
 src/netlink_linearize.c   | 16 +++++++++++++--
 3 files changed, 71 insertions(+), 4 deletions(-)

diff --git a/include/rule.h b/include/rule.h
index c848f0f..b52f0ac 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -4,6 +4,7 @@
 #include <stdint.h>
 #include <nftables.h>
 #include <list.h>
+#include <libnftnl/udata.h>
 
 /**
  * struct handle - handle for tables, chains, rules and sets
@@ -396,4 +397,10 @@ extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
 extern int cache_update(enum cmd_ops cmd, struct list_head *msgs);
 extern void cache_release(void);
 
+enum udata_type {
+	UDATA_TYPE_COMMENT,
+	__UDATA_TYPE_MAX,
+};
+#define UDATA_TYPE_MAX (__UDATA_TYPE_MAX - 1)
+
 #endif /* NFTABLES_RULE_H */
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index d431588..5fcb5c1 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -25,6 +25,7 @@
 #include <utils.h>
 #include <erec.h>
 #include <sys/socket.h>
+#include <libnftnl/udata.h>
 
 struct netlink_parse_ctx {
 	struct list_head	*msgs;
@@ -1746,6 +1747,54 @@ static void rule_parse_postprocess(struct netlink_parse_ctx *ctx, struct rule *r
 	}
 }
 
+static int parse_udata_cb(const struct nftnl_udata *attr, void *data)
+{
+	unsigned char *value = nftnl_udata_attr_value(attr);
+	uint8_t type = nftnl_udata_attr_type(attr);
+	uint8_t len = nftnl_udata_attr_len(attr);
+	const struct nftnl_udata **tb = data;
+
+	switch (type) {
+	case UDATA_TYPE_COMMENT:
+		if (value[len - 1] != '\0')
+			return -1;
+		break;
+	default:
+		break;
+	};
+
+	tb[type] = attr;
+	return 1;
+}
+
+static char *udata_get_comment(const void *data, uint32_t data_len)
+{
+	const struct nftnl_udata *tb[UDATA_TYPE_MAX + 1] = {};
+	struct nftnl_udata_buf *udata;
+	uint8_t attr_len;
+	char *comment = NULL;
+
+	udata = nftnl_udata_alloc(data_len);
+	if (!udata)
+		memory_allocation_error();
+	nftnl_udata_copy_data(udata, data, data_len);
+
+	if (nftnl_udata_parse(udata, parse_udata_cb, tb) <= 0)
+		goto exit;
+
+	if (!tb[UDATA_TYPE_COMMENT])
+		goto exit;
+
+	attr_len = nftnl_udata_attr_len(tb[UDATA_TYPE_COMMENT]);
+	comment = xmalloc(attr_len);
+	memcpy(comment, nftnl_udata_attr_value(tb[UDATA_TYPE_COMMENT]),
+	       attr_len);
+
+exit:
+	nftnl_udata_free(udata);
+	return comment;
+}
+
 struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
 				      const struct nftnl_rule *nlr)
 {
@@ -1773,8 +1822,7 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
 		uint32_t len;
 
 		data = nftnl_rule_get_data(nlr, NFTNL_RULE_USERDATA, &len);
-		pctx->rule->comment = xmalloc(len);
-		memcpy((char *)pctx->rule->comment, data, len);
+		pctx->rule->comment = udata_get_comment(data, len);
 	}
 
 	nftnl_expr_foreach((struct nftnl_rule *)nlr, netlink_parse_expr, pctx);
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index bb51de7..ddf0cd3 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -21,6 +21,7 @@
 #include <netinet/in.h>
 
 #include <linux/netfilter.h>
+#include <libnftnl/udata.h>
 
 
 struct netlink_linearize_ctx {
@@ -1162,6 +1163,7 @@ void netlink_linearize_rule(struct netlink_ctx *ctx, struct nftnl_rule *nlr,
 			    const struct rule *rule)
 {
 	struct netlink_linearize_ctx lctx;
+	struct nftnl_udata_buf *udata;
 	const struct stmt *stmt;
 
 	memset(&lctx, 0, sizeof(lctx));
@@ -1171,9 +1173,19 @@ void netlink_linearize_rule(struct netlink_ctx *ctx, struct nftnl_rule *nlr,
 	list_for_each_entry(stmt, &rule->stmts, list)
 		netlink_gen_stmt(&lctx, stmt);
 
-	if (rule->comment)
+	if (rule->comment) {
+		udata = nftnl_udata_alloc(NFT_USERDATA_MAXLEN);
+		if (!udata)
+			memory_allocation_error();
+
+		if (!nftnl_udata_put_strz(udata, UDATA_TYPE_COMMENT,
+					  rule->comment))
+			memory_allocation_error();
+
 		nftnl_rule_set_data(nlr, NFTNL_RULE_USERDATA,
-				    rule->comment, strlen(rule->comment) + 1);
+				    nftnl_udata_data(udata),
+				    nftnl_udata_len(udata));
+	}
 
 	netlink_dump_rule(nlr);
 }
-- 
2.7.2

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
