static int parse_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = (const struct nlattr **)data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTRL_ATTR_MAX) < 0) { dbgprintf("mnl_attr_type_valid"); return MNL_CB_ERROR; } switch(type) { case CTRL_ATTR_FAMILY_ID: if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) { dbgprintf("mnl_attr_validate"); return MNL_CB_ERROR; } break; case CTRL_ATTR_MCAST_GROUPS: if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) { dbgprintf("mnl_attr_validate"); return MNL_CB_ERROR; } break; } tb[type] = attr; return MNL_CB_OK; }
static int nftnl_expr_target_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, NFTA_TARGET_MAX) < 0) return MNL_CB_OK; switch(type) { case NFTA_TARGET_NAME: if (mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0) abi_breakage(); break; case NFTA_TARGET_REV: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) abi_breakage(); break; case NFTA_TARGET_INFO: if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0) abi_breakage(); break; } tb[type] = attr; return MNL_CB_OK; }
static int parse_mc_grps_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); /* skip unsupported attribute in user-space */ if (mnl_attr_type_valid(attr, CTRL_ATTR_MCAST_GRP_MAX) < 0) return MNL_CB_OK; switch(type) { case CTRL_ATTR_MCAST_GRP_ID: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; case CTRL_ATTR_MCAST_GRP_NAME: if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; } tb[type] = attr; return MNL_CB_OK; }
static int parse_ip_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTA_IP_MAX) < 0) return MNL_CB_OK; switch(type) { case CTA_IP_V4_SRC: case CTA_IP_V4_DST: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; case CTA_IP_V6_SRC: case CTA_IP_V6_DST: if (mnl_attr_validate2(attr, MNL_TYPE_BINARY, sizeof(struct in6_addr)) < 0) { perror("mnl_attr_validate2"); return MNL_CB_ERROR; } break; } tb[type] = attr; return MNL_CB_OK; }
static int data_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTA_MAX) < 0) return MNL_CB_OK; switch(type) { case CTA_TUPLE_ORIG: case CTA_COUNTERS_ORIG: case CTA_COUNTERS_REPLY: if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; case CTA_TIMEOUT: case CTA_MARK: case CTA_SECMARK: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; } tb[type] = attr; return MNL_CB_OK; }
static int data_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); /* skip unsupported attribute in user-space */ if (mnl_attr_type_valid(attr, IFLA_MAX) < 0) return MNL_CB_OK; switch(type) { case IFLA_MTU: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; case IFLA_IFNAME: if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; } tb[type] = attr; return MNL_CB_OK; }
static int parse_tuple_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTA_TUPLE_MAX) < 0) return MNL_CB_OK; switch(type) { case CTA_TUPLE_IP: if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; case CTA_TUPLE_PROTO: if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; } tb[type] = attr; return MNL_CB_OK; }
static int nfct_parse_proto_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTA_PROTO_MAX) < 0) return MNL_CB_OK; switch(type) { case CTA_PROTO_SRC_PORT: case CTA_PROTO_DST_PORT: case CTA_PROTO_ICMP_ID: case CTA_PROTO_ICMPV6_ID: if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) return MNL_CB_ERROR; break; case CTA_PROTO_NUM: case CTA_PROTO_ICMP_TYPE: case CTA_PROTO_ICMP_CODE: case CTA_PROTO_ICMPV6_TYPE: case CTA_PROTO_ICMPV6_CODE: if (mnl_attr_validate(attr, MNL_TYPE_U8) < 0) return MNL_CB_ERROR; break; } tb[type] = attr; return MNL_CB_OK; }
static int nlmsg_parse_expection_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); /* skip unsupported attribute in user-space */ if (mnl_attr_type_valid(attr, CTA_EXPECT_MAX) < 0) return MNL_CB_OK; switch(type) { case CTA_EXPECT_MASTER: case CTA_EXPECT_TUPLE: case CTA_EXPECT_MASK: if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) return MNL_CB_ERROR; break; case CTA_EXPECT_TIMEOUT: case CTA_EXPECT_FLAGS: case CTA_EXPECT_ID: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) return MNL_CB_ERROR; break; case CTA_EXPECT_HELP_NAME: if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) return MNL_CB_ERROR; break; case CTA_EXPECT_ZONE: if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) return MNL_CB_ERROR; break; } tb[type] = attr; return MNL_CB_OK; }
static int nfct_parse_pinfo_tcp_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTA_PROTOINFO_TCP_MAX) < 0) return MNL_CB_OK; switch(type) { case CTA_PROTOINFO_TCP_STATE: case CTA_PROTOINFO_TCP_WSCALE_ORIGINAL: case CTA_PROTOINFO_TCP_WSCALE_REPLY: if (mnl_attr_validate(attr, MNL_TYPE_U8) < 0) return MNL_CB_ERROR; break; case CTA_PROTOINFO_TCP_FLAGS_ORIGINAL: case CTA_PROTOINFO_TCP_FLAGS_REPLY: if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC, sizeof(struct nf_ct_tcp_flags)) < 0) { return MNL_CB_ERROR; } break; } tb[type] = attr; return MNL_CB_OK; }
static int data_ipv4_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); /* skip unsupported attribute in user-space */ if (mnl_attr_type_valid(attr, RTA_MAX) < 0) return MNL_CB_OK; switch(type) { case RTA_TABLE: case RTA_DST: case RTA_SRC: case RTA_OIF: case RTA_FLOW: case RTA_PREFSRC: case RTA_GATEWAY: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; case RTA_METRICS: if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; } tb[type] = attr; return MNL_CB_OK; }
static int nfct_parse_ip_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); /* skip unsupported attribute in user-space */ if (mnl_attr_type_valid(attr, CTA_IP_MAX) < 0) return MNL_CB_OK; switch(type) { case CTA_IP_V4_SRC: case CTA_IP_V4_DST: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) return MNL_CB_ERROR; break; case CTA_IP_V6_SRC: case CTA_IP_V6_DST: if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC, sizeof(struct in6_addr)) < 0) { return MNL_CB_ERROR; } break; } tb[type] = attr; return MNL_CB_OK; }
static int nfacct_nlmsg_parse_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, NFACCT_MAX) < 0) return MNL_CB_OK; switch(type) { case NFACCT_NAME: if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; case NFACCT_PKTS: case NFACCT_BYTES: if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; } tb[type] = attr; return MNL_CB_OK; }
static int nft_rule_expr_log_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, NFTA_LOG_MAX) < 0) return MNL_CB_OK; switch(type) { case NFTA_LOG_PREFIX: if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) abi_breakage(); break; case NFTA_LOG_GROUP: case NFTA_LOG_QTHRESHOLD: if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) abi_breakage(); break; case NFTA_LOG_SNAPLEN: case NFTA_LOG_LEVEL: case NFTA_LOG_FLAGS: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) abi_breakage(); break; } tb[type] = attr; return MNL_CB_OK; }
static int nft_rule_expr_bitwise_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, NFTA_BITWISE_MAX) < 0) return MNL_CB_OK; switch(type) { case NFTA_BITWISE_SREG: case NFTA_BITWISE_DREG: case NFTA_BITWISE_LEN: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) abi_breakage(); break; case NFTA_BITWISE_MASK: case NFTA_BITWISE_XOR: if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0) abi_breakage(); break; } tb[type] = attr; return MNL_CB_OK; }
static int nflog_parse_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); /* skip unsupported attribute in user-space */ if (mnl_attr_type_valid(attr, NFULA_MAX) < 0) return MNL_CB_OK; switch(type) { case NFULA_HWTYPE: /* hardware type */ case NFULA_HWLEN: /* hardware header length */ if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) return MNL_CB_ERROR; break; case NFULA_MARK: /* __u32 nfmark */ case NFULA_IFINDEX_INDEV: /* __u32 ifindex */ case NFULA_IFINDEX_OUTDEV: /* __u32 ifindex */ case NFULA_IFINDEX_PHYSINDEV: /* __u32 ifindex */ case NFULA_IFINDEX_PHYSOUTDEV: /* __u32 ifindex */ case NFULA_UID: /* user id of socket */ case NFULA_SEQ: /* instance-local sequence number */ case NFULA_SEQ_GLOBAL: /* global sequence number */ case NFULA_GID: /* group id of socket */ if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) return MNL_CB_ERROR; break; case NFULA_PACKET_HDR: if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC, sizeof(struct nfulnl_msg_packet_hdr)) < 0) { return MNL_CB_ERROR; } break; case NFULA_TIMESTAMP: /* nfulnl_msg_packet_timestamp */ if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC, sizeof(struct nfulnl_msg_packet_timestamp)) < 0) { return MNL_CB_ERROR; } break; case NFULA_HWADDR: /* nfulnl_msg_packet_hw */ if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC, sizeof(struct nfulnl_msg_packet_hw)) < 0) { return MNL_CB_ERROR; } break; case NFULA_PREFIX: /* string prefix */ if (mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0) return MNL_CB_ERROR; break; case NFULA_HWHEADER: /* hardware header */ case NFULA_PAYLOAD: /* opaque data payload */ break; } tb[type] = attr; return MNL_CB_OK; }
//Helper function for parsing netfilter attributes static int neat_linux_parse_nlattr(const struct nlattr *attr, void *data) { struct nlattr_storage *storage = (struct nlattr_storage*) data; int32_t type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, storage->limit) < 0) return MNL_CB_OK; storage->tb[type] = attr; return MNL_CB_OK; }
static int data_attr_cb2(const struct nlattr *attr, void *data) { /* skip unsupported attribute in user-space */ if (mnl_attr_type_valid(attr, RTAX_MAX) < 0) return MNL_CB_OK; if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } return MNL_CB_OK; }
static int get_family_id_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTRL_ATTR_MAX) < 0) return MNL_CB_ERROR; if (type == CTRL_ATTR_FAMILY_ID && mnl_attr_validate(attr, MNL_TYPE_U16) < 0) return MNL_CB_ERROR; tb[type] = attr; return MNL_CB_OK; }
static int get_group_id_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTRL_ATTR_MAX) < 0) return MNL_CB_ERROR; if (type == CTRL_ATTR_MCAST_GROUPS && mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) return MNL_CB_ERROR; tb[type] = attr; return MNL_CB_OK; }
static int parse_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); /* skip unsupported attribute in user-space */ if (mnl_attr_type_valid(attr, NFULA_MAX) < 0) return MNL_CB_OK; switch(type) { case NFULA_MARK: case NFULA_IFINDEX_INDEV: case NFULA_IFINDEX_OUTDEV: case NFULA_IFINDEX_PHYSINDEV: case NFULA_IFINDEX_PHYSOUTDEV: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; case NFULA_TIMESTAMP: if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC, sizeof(struct nfulnl_msg_packet_timestamp)) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; case NFULA_HWADDR: if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC, sizeof(struct nfulnl_msg_packet_hw)) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; case NFULA_PREFIX: if (mnl_attr_validate(attr, MNL_TYPE_NUL_STRING) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; case NFULA_PAYLOAD: break; } tb[type] = attr; return MNL_CB_OK; }
static int nfct_parse_conntrack_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTA_MAX) < 0) return MNL_CB_OK; switch(type) { case CTA_TUPLE_ORIG: case CTA_TUPLE_REPLY: case CTA_TUPLE_MASTER: case CTA_NAT_SEQ_ADJ_ORIG: case CTA_NAT_SEQ_ADJ_REPLY: case CTA_PROTOINFO: case CTA_COUNTERS_ORIG: case CTA_COUNTERS_REPLY: case CTA_HELP: case CTA_SECCTX: case CTA_TIMESTAMP: if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) return MNL_CB_ERROR; break; case CTA_STATUS: case CTA_TIMEOUT: case CTA_MARK: case CTA_SECMARK: case CTA_USE: case CTA_ID: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) return MNL_CB_ERROR; break; case CTA_ZONE: if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) return MNL_CB_ERROR; break; case CTA_NAT_SRC: case CTA_NAT_DST: /* deprecated */ break; } tb[type] = attr; return MNL_CB_OK; }
static int nftnl_gen_parse_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, NFTA_GEN_MAX) < 0) return MNL_CB_OK; switch(type) { case NFTA_GEN_ID: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) abi_breakage(); break; } tb[type] = attr; return MNL_CB_OK; }
static int nfct_parse_secctx_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTA_SECCTX_MAX) < 0) return MNL_CB_OK; switch(type) { case CTA_SECCTX_NAME: if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) return MNL_CB_ERROR; break; } tb[type] = attr; return MNL_CB_OK; }
static int data_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, NLE_MYVAR) < 0) return MNL_CB_OK; switch(type) { case NLE_MYVAR: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; } tb[NLE_MYVAR] = attr; return MNL_CB_OK; }
static int genl_ctrl_validate_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTRL_ATTR_MAX) < 0) return MNL_CB_OK; switch(type) { case CTRL_ATTR_FAMILY_ID: if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; } tb[type] = attr; return MNL_CB_OK; }
static int nfct_parse_timestamp_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTA_TIMESTAMP_MAX) < 0) return MNL_CB_OK; switch(type) { case CTA_TIMESTAMP_START: case CTA_TIMESTAMP_STOP: if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0) return MNL_CB_ERROR; break; } tb[type] = attr; return MNL_CB_OK; }
static int nfct_parse_protoinfo_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTA_PROTOINFO_TCP_MAX) < 0) return MNL_CB_OK; switch(type) { case CTA_PROTOINFO_TCP: case CTA_PROTOINFO_SCTP: case CTA_PROTOINFO_DCCP: if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) return MNL_CB_ERROR; break; } tb[type] = attr; return MNL_CB_OK; }
static int nftnl_expr_queue_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, NFTA_QUEUE_MAX) < 0) return MNL_CB_OK; switch(type) { case NFTA_QUEUE_NUM: case NFTA_QUEUE_TOTAL: case NFTA_QUEUE_FLAGS: if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) abi_breakage(); break; } tb[type] = attr; return MNL_CB_OK; }
static int nfct_parse_nat_seq_attr_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; int type = mnl_attr_get_type(attr); if (mnl_attr_type_valid(attr, CTA_NAT_SEQ_MAX) < 0) return MNL_CB_OK; switch(type) { case CTA_NAT_SEQ_CORRECTION_POS: case CTA_NAT_SEQ_OFFSET_BEFORE: case CTA_NAT_SEQ_OFFSET_AFTER: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) return MNL_CB_ERROR; break; } tb[type] = attr; return MNL_CB_OK; }