From: Eric Jallot <ejallot@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: Eric Jallot <ejallot@gmail.com>
Subject: [PATCH libnftnl] flowtable: add support for handle attribute
Date: Mon, 4 Nov 2019 21:19:58 +0100 [thread overview]
Message-ID: <20191104201958.25815-1-ejallot@gmail.com> (raw)
Add code to implement NFTA_FLOWTABLE_HANDLE
Signed-off-by: Eric Jallot <ejallot@gmail.com>
---
include/libnftnl/flowtable.h | 3 +++
src/flowtable.c | 36 ++++++++++++++++++++++++++++++++++++
src/libnftnl.map | 2 ++
tests/nft-flowtable-test.c | 20 ++++++++++++--------
4 files changed, 53 insertions(+), 8 deletions(-)
diff --git a/include/libnftnl/flowtable.h b/include/libnftnl/flowtable.h
index 028095ec106c..bdff114aba54 100644
--- a/include/libnftnl/flowtable.h
+++ b/include/libnftnl/flowtable.h
@@ -27,6 +27,7 @@ enum nftnl_flowtable_attr {
NFTNL_FLOWTABLE_DEVICES,
NFTNL_FLOWTABLE_SIZE,
NFTNL_FLOWTABLE_FLAGS,
+ NFTNL_FLOWTABLE_HANDLE,
__NFTNL_FLOWTABLE_MAX
};
#define NFTNL_FLOWTABLE_MAX (__NFTNL_FLOWTABLE_MAX - 1)
@@ -38,6 +39,7 @@ int nftnl_flowtable_set_data(struct nftnl_flowtable *t, uint16_t attr,
const void *data, uint32_t data_len);
void nftnl_flowtable_set_u32(struct nftnl_flowtable *t, uint16_t attr, uint32_t data);
void nftnl_flowtable_set_s32(struct nftnl_flowtable *t, uint16_t attr, int32_t data);
+void nftnl_flowtable_set_u64(struct nftnl_flowtable *t, uint16_t attr, uint64_t data);
int nftnl_flowtable_set_str(struct nftnl_flowtable *t, uint16_t attr, const char *str);
void nftnl_flowtable_set_array(struct nftnl_flowtable *t, uint16_t attr, const char **data);
@@ -47,6 +49,7 @@ const void *nftnl_flowtable_get_data(const struct nftnl_flowtable *c, uint16_t a
const char *nftnl_flowtable_get_str(const struct nftnl_flowtable *c, uint16_t attr);
uint32_t nftnl_flowtable_get_u32(const struct nftnl_flowtable *c, uint16_t attr);
int32_t nftnl_flowtable_get_s32(const struct nftnl_flowtable *c, uint16_t attr);
+uint64_t nftnl_flowtable_get_u64(const struct nftnl_flowtable *c, uint16_t attr);
const char **nftnl_flowtable_get_array(const struct nftnl_flowtable *t, uint16_t attr);
struct nlmsghdr;
diff --git a/src/flowtable.c b/src/flowtable.c
index ed91357a8c45..ec89b952e47d 100644
--- a/src/flowtable.c
+++ b/src/flowtable.c
@@ -32,6 +32,7 @@ struct nftnl_flowtable {
uint32_t ft_flags;
uint32_t use;
uint32_t flags;
+ uint64_t handle;
};
EXPORT_SYMBOL(nftnl_flowtable_alloc);
@@ -84,6 +85,7 @@ void nftnl_flowtable_unset(struct nftnl_flowtable *c, uint16_t attr)
case NFTNL_FLOWTABLE_USE:
case NFTNL_FLOWTABLE_FAMILY:
case NFTNL_FLOWTABLE_FLAGS:
+ case NFTNL_FLOWTABLE_HANDLE:
break;
case NFTNL_FLOWTABLE_DEVICES:
for (i = 0; i < c->dev_array_len; i++)
@@ -102,6 +104,7 @@ static uint32_t nftnl_flowtable_validate[NFTNL_FLOWTABLE_MAX + 1] = {
[NFTNL_FLOWTABLE_PRIO] = sizeof(int32_t),
[NFTNL_FLOWTABLE_FAMILY] = sizeof(uint32_t),
[NFTNL_FLOWTABLE_FLAGS] = sizeof(uint32_t),
+ [NFTNL_FLOWTABLE_HANDLE] = sizeof(uint64_t),
};
EXPORT_SYMBOL(nftnl_flowtable_set_data);
@@ -166,6 +169,9 @@ int nftnl_flowtable_set_data(struct nftnl_flowtable *c, uint16_t attr,
case NFTNL_FLOWTABLE_FLAGS:
memcpy(&c->ft_flags, data, sizeof(c->ft_flags));
break;
+ case NFTNL_FLOWTABLE_HANDLE:
+ memcpy(&c->handle, data, sizeof(c->handle));
+ break;
}
c->flags |= (1 << attr);
return 0;
@@ -195,6 +201,12 @@ int nftnl_flowtable_set_str(struct nftnl_flowtable *c, uint16_t attr, const char
return nftnl_flowtable_set_data(c, attr, str, strlen(str) + 1);
}
+EXPORT_SYMBOL(nftnl_flowtable_set_u64);
+void nftnl_flowtable_set_u64(struct nftnl_flowtable *c, uint16_t attr, uint64_t data)
+{
+ nftnl_flowtable_set_data(c, attr, &data, sizeof(uint64_t));
+}
+
EXPORT_SYMBOL(nftnl_flowtable_get_data);
const void *nftnl_flowtable_get_data(const struct nftnl_flowtable *c,
uint16_t attr, uint32_t *data_len)
@@ -226,6 +238,9 @@ const void *nftnl_flowtable_get_data(const struct nftnl_flowtable *c,
case NFTNL_FLOWTABLE_FLAGS:
*data_len = sizeof(int32_t);
return &c->ft_flags;
+ case NFTNL_FLOWTABLE_HANDLE:
+ *data_len = sizeof(uint64_t);
+ return &c->handle;
}
return NULL;
}
@@ -254,6 +269,17 @@ uint32_t nftnl_flowtable_get_u32(const struct nftnl_flowtable *c, uint16_t attr)
return val ? *val : 0;
}
+EXPORT_SYMBOL(nftnl_flowtable_get_u64);
+uint64_t nftnl_flowtable_get_u64(const struct nftnl_flowtable *c, uint16_t attr)
+{
+ uint32_t data_len = 0;
+ const uint64_t *val = nftnl_flowtable_get_data(c, attr, &data_len);
+
+ nftnl_assert(val, attr, data_len == sizeof(uint64_t));
+
+ return val ? *val : 0;
+}
+
EXPORT_SYMBOL(nftnl_flowtable_get_s32);
int32_t nftnl_flowtable_get_s32(const struct nftnl_flowtable *c, uint16_t attr)
{
@@ -300,6 +326,8 @@ void nftnl_flowtable_nlmsg_build_payload(struct nlmsghdr *nlh,
mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_USE, htonl(c->use));
if (c->flags & (1 << NFTNL_FLOWTABLE_SIZE))
mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_SIZE, htonl(c->size));
+ if (c->flags & (1 << NFTNL_FLOWTABLE_HANDLE))
+ mnl_attr_put_u64(nlh, NFTA_FLOWTABLE_HANDLE, htobe64(c->handle));
}
static int nftnl_flowtable_parse_attr_cb(const struct nlattr *attr, void *data)
@@ -325,6 +353,10 @@ static int nftnl_flowtable_parse_attr_cb(const struct nlattr *attr, void *data)
if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
abi_breakage();
break;
+ case NFTA_FLOWTABLE_HANDLE:
+ if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0)
+ abi_breakage();
+ break;
}
tb[type] = attr;
@@ -461,6 +493,10 @@ int nftnl_flowtable_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_flowtab
c->size = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_SIZE]));
c->flags |= (1 << NFTNL_FLOWTABLE_SIZE);
}
+ if (tb[NFTA_FLOWTABLE_HANDLE]) {
+ c->handle = be64toh(mnl_attr_get_u64(tb[NFTA_FLOWTABLE_HANDLE]));
+ c->flags |= (1 << NFTNL_FLOWTABLE_HANDLE);
+ }
c->family = nfg->nfgen_family;
c->flags |= (1 << NFTNL_FLOWTABLE_FAMILY);
diff --git a/src/libnftnl.map b/src/libnftnl.map
index e810c4de445f..8230d1519e8e 100644
--- a/src/libnftnl.map
+++ b/src/libnftnl.map
@@ -314,10 +314,12 @@ global:
nftnl_flowtable_set_u32;
nftnl_flowtable_set_s32;
nftnl_flowtable_set_str;
+ nftnl_flowtable_set_u64;
nftnl_flowtable_get;
nftnl_flowtable_get_u32;
nftnl_flowtable_get_s32;
nftnl_flowtable_get_str;
+ nftnl_flowtable_get_u64;
nftnl_flowtable_parse;
nftnl_flowtable_parse_file;
nftnl_flowtable_snprintf;
diff --git a/tests/nft-flowtable-test.c b/tests/nft-flowtable-test.c
index 1311cf2e4594..3edb00ddf319 100644
--- a/tests/nft-flowtable-test.c
+++ b/tests/nft-flowtable-test.c
@@ -17,28 +17,31 @@ static void cmp_nftnl_flowtable(struct nftnl_flowtable *a, struct nftnl_flowtabl
{
if (strcmp(nftnl_flowtable_get_str(a, NFTNL_FLOWTABLE_NAME),
nftnl_flowtable_get_str(b, NFTNL_FLOWTABLE_NAME)) != 0)
- print_err("Chain name mismatches");
+ print_err("Flowtable name mismatches");
if (strcmp(nftnl_flowtable_get_str(a, NFTNL_FLOWTABLE_TABLE),
nftnl_flowtable_get_str(b, NFTNL_FLOWTABLE_TABLE)) != 0)
- print_err("Chain table mismatches");
+ print_err("Flowtable table mismatches");
if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_FAMILY) !=
nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_FAMILY))
- print_err("Chain family mismatches");
+ print_err("Flowtable family mismatches");
if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_HOOKNUM) !=
nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_HOOKNUM))
- print_err("Chain hooknum mismatches");
+ print_err("Flowtable hooknum mismatches");
if (nftnl_flowtable_get_s32(a, NFTNL_FLOWTABLE_PRIO) !=
nftnl_flowtable_get_s32(b, NFTNL_FLOWTABLE_PRIO))
- print_err("Chain Prio mismatches");
+ print_err("Flowtable prio mismatches");
if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_USE) !=
nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_USE))
- print_err("Chain use mismatches");
+ print_err("Flowtable use mismatches");
if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_SIZE) !=
nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_SIZE))
- print_err("Chain use mismatches");
+ print_err("Flowtable size mismatches");
if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_FLAGS) !=
nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_FLAGS))
- print_err("Chain use mismatches");
+ print_err("Flowtable flags mismatches");
+ if (nftnl_flowtable_get_u64(a, NFTNL_FLOWTABLE_HANDLE) !=
+ nftnl_flowtable_get_u64(b, NFTNL_FLOWTABLE_HANDLE))
+ print_err("Flowtable handle mismatches");
}
int main(int argc, char *argv[])
@@ -60,6 +63,7 @@ int main(int argc, char *argv[])
nftnl_flowtable_set_u32(a, NFTNL_FLOWTABLE_USE, 0x78123456);
nftnl_flowtable_set_u32(a, NFTNL_FLOWTABLE_SIZE, 0x89016745);
nftnl_flowtable_set_u32(a, NFTNL_FLOWTABLE_FLAGS, 0x45016723);
+ nftnl_flowtable_set_u64(a, NFTNL_FLOWTABLE_HANDLE, 0x2345016789);
nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWFLOWTABLE, AF_INET,
0, 1234);
--
2.11.0
next reply other threads:[~2019-11-04 20:21 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-04 20:19 Eric Jallot [this message]
2019-11-06 11:39 ` [PATCH libnftnl] flowtable: add support for handle attribute Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191104201958.25815-1-ejallot@gmail.com \
--to=ejallot@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).