struct nl_msg *nfnl_queue_msg_build_verdict(const struct nfnl_queue_msg *msg)
{
struct nl_msg *nlmsg;
struct nfqnl_msg_verdict_hdr verdict;
nlmsg = nfnlmsg_alloc_simple(NFNL_SUBSYS_QUEUE, NFQNL_MSG_VERDICT, 0,
nfnl_queue_msg_get_family(msg),
nfnl_queue_msg_get_group(msg));
if (nlmsg == NULL)
return NULL;
verdict.id = htonl(nfnl_queue_msg_get_packetid(msg));
verdict.verdict = htonl(nfnl_queue_msg_get_verdict(msg));
if (nla_put(nlmsg, NFQA_VERDICT_HDR, sizeof(verdict), &verdict) < 0)
goto nla_put_failure;
if (nfnl_queue_msg_test_mark(msg) &&
nla_put_u32(nlmsg, NFQA_MARK,
ntohl(nfnl_queue_msg_get_mark(msg))) < 0)
goto nla_put_failure;
return nlmsg;
nla_put_failure:
nlmsg_free(nlmsg);
return NULL;
}
static int nfnl_log_build_request(const struct nfnl_log *log,
struct nl_msg **result)
{
struct nl_msg *msg;
if (!nfnl_log_test_group(log))
return -NLE_MISSING_ATTR;
msg = nfnlmsg_alloc_simple(NFNL_SUBSYS_ULOG, NFULNL_MSG_CONFIG, 0,
0, nfnl_log_get_group(log));
if (msg == NULL)
return -NLE_NOMEM;
/* This sucks. The nfnetlink_log interface always expects both
* parameters to be present. Needs to be done properly.
*/
if (nfnl_log_test_copy_mode(log)) {
struct nfulnl_msg_config_mode mode;
switch (nfnl_log_get_copy_mode(log)) {
case NFNL_LOG_COPY_NONE:
mode.copy_mode = NFULNL_COPY_NONE;
break;
case NFNL_LOG_COPY_META:
mode.copy_mode = NFULNL_COPY_META;
break;
case NFNL_LOG_COPY_PACKET:
mode.copy_mode = NFULNL_COPY_PACKET;
break;
}
mode.copy_range = htonl(nfnl_log_get_copy_range(log));
mode._pad = 0;
if (nla_put(msg, NFULA_CFG_MODE, sizeof(mode), &mode) < 0)
goto nla_put_failure;
}
if (nfnl_log_test_flush_timeout(log) &&
nla_put_u32(msg, NFULA_CFG_TIMEOUT,
htonl(nfnl_log_get_flush_timeout(log))) < 0)
goto nla_put_failure;
if (nfnl_log_test_alloc_size(log) &&
nla_put_u32(msg, NFULA_CFG_NLBUFSIZ,
htonl(nfnl_log_get_alloc_size(log))) < 0)
goto nla_put_failure;
if (nfnl_log_test_queue_threshold(log) &&
nla_put_u32(msg, NFULA_CFG_QTHRESH,
htonl(nfnl_log_get_queue_threshold(log))) < 0)
goto nla_put_failure;
*result = msg;
return 0;
nla_put_failure:
nlmsg_free(msg);
return -NLE_MSGSIZE;
}
static int nfnl_exp_build_message(const struct nfnl_exp *exp, int cmd, int flags,
struct nl_msg **result)
{
struct nl_msg *msg;
int err;
msg = nfnlmsg_alloc_simple(NFNL_SUBSYS_CTNETLINK_EXP, cmd, flags,
nfnl_exp_get_family(exp), 0);
if (msg == NULL)
return -NLE_NOMEM;
if ((err = nfnl_exp_build_tuple(msg, exp, CTA_EXPECT_TUPLE)) < 0)
goto err_out;
if ((err = nfnl_exp_build_tuple(msg, exp, CTA_EXPECT_MASTER)) < 0)
goto err_out;
if ((err = nfnl_exp_build_tuple(msg, exp, CTA_EXPECT_MASK)) < 0)
goto err_out;
if (nfnl_exp_test_src(exp, NFNL_EXP_TUPLE_NAT)) {
if ((err = nfnl_exp_build_nat(msg, exp)) < 0)
goto err_out;
}
if (nfnl_exp_test_class(exp))
NLA_PUT_U32(msg, CTA_EXPECT_CLASS, htonl(nfnl_exp_get_class(exp)));
if (nfnl_exp_test_fn(exp))
NLA_PUT_STRING(msg, CTA_EXPECT_FN, nfnl_exp_get_fn(exp));
if (nfnl_exp_test_id(exp))
NLA_PUT_U32(msg, CTA_EXPECT_ID, htonl(nfnl_exp_get_id(exp)));
if (nfnl_exp_test_timeout(exp))
NLA_PUT_U32(msg, CTA_EXPECT_TIMEOUT, htonl(nfnl_exp_get_timeout(exp)));
if (nfnl_exp_test_helper_name(exp))
NLA_PUT_STRING(msg, CTA_EXPECT_HELP_NAME, nfnl_exp_get_helper_name(exp));
if (nfnl_exp_test_zone(exp))
NLA_PUT_U16(msg, CTA_EXPECT_ZONE, htons(nfnl_exp_get_zone(exp)));
if (nfnl_exp_test_flags(exp))
NLA_PUT_U32(msg, CTA_EXPECT_FLAGS, htonl(nfnl_exp_get_flags(exp)));
*result = msg;
return 0;
nla_put_failure:
err_out:
nlmsg_free(msg);
return err;
}
static int nfnl_ct_build_message(const struct nfnl_ct *ct, int cmd, int flags,
struct nl_msg **result)
{
struct nl_msg *msg;
int err;
msg = nfnlmsg_alloc_simple(NFNL_SUBSYS_CTNETLINK, cmd, flags,
nfnl_ct_get_family(ct), 0);
if (msg == NULL)
return -NLE_NOMEM;
if ((err = nfnl_ct_build_tuple(msg, ct, 0)) < 0)
goto err_out;
/* REPLY tuple is optional, dont add unless at least src/dst specified */
if ( nfnl_ct_get_src(ct, 1) && nfnl_ct_get_dst(ct, 1) )
if ((err = nfnl_ct_build_tuple(msg, ct, 1)) < 0)
goto err_out;
if (nfnl_ct_test_status(ct))
NLA_PUT_U32(msg, CTA_STATUS, htonl(nfnl_ct_get_status(ct)));
if (nfnl_ct_test_timeout(ct))
NLA_PUT_U32(msg, CTA_TIMEOUT, htonl(nfnl_ct_get_timeout(ct)));
if (nfnl_ct_test_mark(ct))
NLA_PUT_U32(msg, CTA_MARK, htonl(nfnl_ct_get_mark(ct)));
if (nfnl_ct_test_id(ct))
NLA_PUT_U32(msg, CTA_ID, htonl(nfnl_ct_get_id(ct)));
if (nfnl_ct_test_zone(ct))
NLA_PUT_U16(msg, CTA_ZONE, htons(nfnl_ct_get_zone(ct)));
*result = msg;
return 0;
nla_put_failure:
err_out:
nlmsg_free(msg);
return err;
}
static int nfnl_ct_build_message(const struct nfnl_ct *ct, int cmd, int flags,
struct nl_msg **result)
{
struct nl_msg *msg;
int err;
msg = nfnlmsg_alloc_simple(NFNL_SUBSYS_CTNETLINK, cmd, flags,
nfnl_ct_get_family(ct), 0);
if (msg == NULL)
return -NLE_NOMEM;
if ((err = nfnl_ct_build_tuple(msg, ct, 0)) < 0)
goto err_out;
*result = msg;
return 0;
err_out:
nlmsg_free(msg);
return err;
}
static struct nl_msg *build_log_cmd_msg(uint8_t family, uint16_t queuenum,
uint8_t command)
{
struct nl_msg *msg;
struct nfulnl_msg_config_cmd cmd;
msg = nfnlmsg_alloc_simple(NFNL_SUBSYS_ULOG, NFULNL_MSG_CONFIG, 0,
family, queuenum);
if (msg == NULL)
return NULL;
cmd.command = command;
if (nla_put(msg, NFULA_CFG_CMD, sizeof(cmd), &cmd) < 0)
goto nla_put_failure;
return msg;
nla_put_failure:
nlmsg_free(msg);
return NULL;
}
static int build_log_cmd_request(uint8_t family, uint16_t queuenum,
uint8_t command, struct nl_msg **result)
{
struct nl_msg *msg;
struct nfulnl_msg_config_cmd cmd;
msg = nfnlmsg_alloc_simple(NFNL_SUBSYS_ULOG, NFULNL_MSG_CONFIG, 0,
family, queuenum);
if (msg == NULL)
return -NLE_NOMEM;
cmd.command = command;
if (nla_put(msg, NFULA_CFG_CMD, sizeof(cmd), &cmd) < 0)
goto nla_put_failure;
*result = msg;
return 0;
nla_put_failure:
nlmsg_free(msg);
return -NLE_MSGSIZE;
}
struct nl_msg *nfnl_log_build_mode(uint16_t queuenum, uint8_t copy_mode,
uint32_t copy_range)
{
struct nl_msg *msg;
struct nfulnl_msg_config_mode mode;
msg = nfnlmsg_alloc_simple(NFNL_SUBSYS_ULOG, NFULNL_MSG_CONFIG, 0,
0, queuenum);
if (msg == NULL)
return NULL;
mode.copy_mode = copy_mode;
mode.copy_range = htonl(copy_range);
if (nla_put(msg, NFULA_CFG_MODE, sizeof(mode), &mode) < 0)
goto nla_put_failure;
return msg;
nla_put_failure:
nlmsg_free(msg);
return NULL;
}
