static int nft_quota_do_init(const struct nlattr * const tb[],
struct nft_quota *priv)
{
unsigned long flags = 0;
u64 quota, consumed = 0;
if (!tb[NFTA_QUOTA_BYTES])
return -EINVAL;
quota = be64_to_cpu(nla_get_be64(tb[NFTA_QUOTA_BYTES]));
if (quota > S64_MAX)
return -EOVERFLOW;
if (tb[NFTA_QUOTA_CONSUMED]) {
consumed = be64_to_cpu(nla_get_be64(tb[NFTA_QUOTA_CONSUMED]));
if (consumed > quota)
return -EINVAL;
}
if (tb[NFTA_QUOTA_FLAGS]) {
flags = ntohl(nla_get_be32(tb[NFTA_QUOTA_FLAGS]));
if (flags & ~NFT_QUOTA_F_INV)
return -EINVAL;
if (flags & NFT_QUOTA_F_DEPLETED)
return -EOPNOTSUPP;
}
priv->quota = quota;
priv->flags = flags;
atomic64_set(&priv->consumed, consumed);
return 0;
}
static int nft_quota_init(const struct nft_ctx *ctx,
const struct nft_expr *expr,
const struct nlattr * const tb[])
{
struct nft_quota *priv = nft_expr_priv(expr);
u32 flags = 0;
u64 quota;
if (!tb[NFTA_QUOTA_BYTES])
return -EINVAL;
quota = be64_to_cpu(nla_get_be64(tb[NFTA_QUOTA_BYTES]));
if (quota > S64_MAX)
return -EOVERFLOW;
if (tb[NFTA_QUOTA_FLAGS]) {
flags = ntohl(nla_get_be32(tb[NFTA_QUOTA_FLAGS]));
if (flags & ~NFT_QUOTA_F_INV)
return -EINVAL;
}
priv->quota = quota;
priv->invert = (flags & NFT_QUOTA_F_INV) ? true : false;
atomic64_set(&priv->remain, quota);
return 0;
}
static int nft_limit_init(const struct nft_ctx *ctx,
const struct nft_expr *expr,
const struct nlattr * const tb[])
{
struct nft_limit *priv = nft_expr_priv(expr);
if (tb[NFTA_LIMIT_RATE] == NULL ||
tb[NFTA_LIMIT_UNIT] == NULL)
return -EINVAL;
priv->rate = be64_to_cpu(nla_get_be64(tb[NFTA_LIMIT_RATE]));
priv->unit = be64_to_cpu(nla_get_be64(tb[NFTA_LIMIT_UNIT]));
priv->stamp = jiffies + priv->unit * HZ;
priv->tokens = priv->rate;
return 0;
}
static int ip_tun_build_state(struct nlattr *attr,
unsigned int family, const void *cfg,
struct lwtunnel_state **ts,
struct netlink_ext_ack *extack)
{
struct ip_tunnel_info *tun_info;
struct lwtunnel_state *new_state;
struct nlattr *tb[LWTUNNEL_IP_MAX + 1];
int err;
err = nla_parse_nested_deprecated(tb, LWTUNNEL_IP_MAX, attr,
ip_tun_policy, extack);
if (err < 0)
return err;
new_state = lwtunnel_state_alloc(sizeof(*tun_info));
if (!new_state)
return -ENOMEM;
new_state->type = LWTUNNEL_ENCAP_IP;
tun_info = lwt_tun_info(new_state);
#ifdef CONFIG_DST_CACHE
err = dst_cache_init(&tun_info->dst_cache, GFP_KERNEL);
if (err) {
lwtstate_free(new_state);
return err;
}
#endif
if (tb[LWTUNNEL_IP_ID])
tun_info->key.tun_id = nla_get_be64(tb[LWTUNNEL_IP_ID]);
if (tb[LWTUNNEL_IP_DST])
tun_info->key.u.ipv4.dst = nla_get_in_addr(tb[LWTUNNEL_IP_DST]);
if (tb[LWTUNNEL_IP_SRC])
tun_info->key.u.ipv4.src = nla_get_in_addr(tb[LWTUNNEL_IP_SRC]);
if (tb[LWTUNNEL_IP_TTL])
tun_info->key.ttl = nla_get_u8(tb[LWTUNNEL_IP_TTL]);
if (tb[LWTUNNEL_IP_TOS])
tun_info->key.tos = nla_get_u8(tb[LWTUNNEL_IP_TOS]);
if (tb[LWTUNNEL_IP_FLAGS])
tun_info->key.tun_flags = nla_get_be16(tb[LWTUNNEL_IP_FLAGS]);
tun_info->mode = IP_TUNNEL_INFO_TX;
tun_info->options_len = 0;
*ts = new_state;
return 0;
}
static int nft_limit_init(struct nft_limit *limit,
const struct nlattr * const tb[])
{
u64 unit;
if (tb[NFTA_LIMIT_RATE] == NULL ||
tb[NFTA_LIMIT_UNIT] == NULL)
return -EINVAL;
limit->rate = be64_to_cpu(nla_get_be64(tb[NFTA_LIMIT_RATE]));
unit = be64_to_cpu(nla_get_be64(tb[NFTA_LIMIT_UNIT]));
limit->nsecs = unit * NSEC_PER_SEC;
if (limit->rate == 0 || limit->nsecs < unit)
return -EOVERFLOW;
limit->tokens = limit->tokens_max = limit->nsecs;
if (tb[NFTA_LIMIT_BURST]) {
u64 rate;
limit->burst = ntohl(nla_get_be32(tb[NFTA_LIMIT_BURST]));
rate = limit->rate + limit->burst;
if (rate < limit->rate)
return -EOVERFLOW;
limit->rate = rate;
}
if (tb[NFTA_LIMIT_FLAGS]) {
u32 flags = ntohl(nla_get_be32(tb[NFTA_LIMIT_FLAGS]));
if (flags & NFT_LIMIT_F_INV)
limit->invert = true;
}
limit->last = ktime_get_ns();
spin_lock_init(&limit->lock);
return 0;
}
static int execute_set_action(struct sk_buff *skb,
const struct nlattr *nested_attr,
struct ovs_key_ipv4_tunnel *tun_key)
{
int err = 0;
switch (nla_type(nested_attr)) {
case OVS_KEY_ATTR_PRIORITY:
skb->priority = nla_get_u32(nested_attr);
break;
case OVS_KEY_ATTR_TUN_ID:
/* If we're only using the TUN_ID action, store the value in a
* temporary instance of struct ovs_key_ipv4_tunnel on the stack.
* If both IPV4_TUNNEL and TUN_ID are being used together we
* can't write into the IPV4_TUNNEL action, so make a copy and
* write into that version.
*/
if (!OVS_CB(skb)->tun_key)
memset(tun_key, 0, sizeof(*tun_key));
else if (OVS_CB(skb)->tun_key != tun_key)
memcpy(tun_key, OVS_CB(skb)->tun_key, sizeof(*tun_key));
OVS_CB(skb)->tun_key = tun_key;
OVS_CB(skb)->tun_key->tun_id = nla_get_be64(nested_attr);
break;
case OVS_KEY_ATTR_IPV4_TUNNEL:
OVS_CB(skb)->tun_key = nla_data(nested_attr);
break;
case OVS_KEY_ATTR_ETHERNET:
err = set_eth_addr(skb, nla_data(nested_attr));
break;
case OVS_KEY_ATTR_IPV4:
err = set_ipv4(skb, nla_data(nested_attr));
break;
case OVS_KEY_ATTR_TCP:
err = set_tcp(skb, nla_data(nested_attr));
break;
case OVS_KEY_ATTR_UDP:
err = set_udp(skb, nla_data(nested_attr));
break;
}
return err;
}
static int execute_set_action(struct sk_buff *skb,
const struct nlattr *nested_attr,
struct ovs_key_ipv4_tunnel *tun_key)
{
int err = 0;
switch (nla_type(nested_attr)) {
case OVS_KEY_ATTR_PRIORITY:
skb->priority = nla_get_u32(nested_attr);
break;
case OVS_KEY_ATTR_TUN_ID:
if (!OVS_CB(skb)->tun_key) {
/* If tun_key is NULL for this skb, assign it to
* a value the caller passed in for action processing
* and output. This can disappear once we drop support
* for setting tun_id outside of tun_key.
*/
memset(tun_key, 0, sizeof(struct ovs_key_ipv4_tunnel));
OVS_CB(skb)->tun_key = tun_key;
}
OVS_CB(skb)->tun_key->tun_id = nla_get_be64(nested_attr);
OVS_CB(skb)->tun_key->tun_flags |= OVS_FLOW_TNL_F_KEY;
break;
case OVS_KEY_ATTR_IPV4_TUNNEL:
OVS_CB(skb)->tun_key = nla_data(nested_attr);
break;
case OVS_KEY_ATTR_ETHERNET:
err = set_eth_addr(skb, nla_data(nested_attr));
break;
case OVS_KEY_ATTR_IPV4:
err = set_ipv4(skb, nla_data(nested_attr));
break;
case OVS_KEY_ATTR_TCP:
err = set_tcp(skb, nla_data(nested_attr));
break;
case OVS_KEY_ATTR_UDP:
err = set_udp(skb, nla_data(nested_attr));
break;
}
return err;
}
static int nft_counter_do_init(const struct nlattr * const tb[],
struct nft_counter_percpu_priv *priv)
{
struct nft_counter __percpu *cpu_stats;
struct nft_counter *this_cpu;
cpu_stats = alloc_percpu(struct nft_counter);
if (cpu_stats == NULL)
return -ENOMEM;
preempt_disable();
this_cpu = this_cpu_ptr(cpu_stats);
if (tb[NFTA_COUNTER_PACKETS]) {
this_cpu->packets =
be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_PACKETS]));
}
if (tb[NFTA_COUNTER_BYTES]) {
this_cpu->bytes =
be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_BYTES]));
}
preempt_enable();
priv->counter = cpu_stats;
return 0;
}
static int ip6_tun_build_state(struct nlattr *attr,
unsigned int family, const void *cfg,
struct lwtunnel_state **ts,
struct netlink_ext_ack *extack)
{
struct ip_tunnel_info *tun_info;
struct lwtunnel_state *new_state;
struct nlattr *tb[LWTUNNEL_IP6_MAX + 1];
int err;
err = nla_parse_nested_deprecated(tb, LWTUNNEL_IP6_MAX, attr,
ip6_tun_policy, extack);
if (err < 0)
return err;
new_state = lwtunnel_state_alloc(sizeof(*tun_info));
if (!new_state)
return -ENOMEM;
new_state->type = LWTUNNEL_ENCAP_IP6;
tun_info = lwt_tun_info(new_state);
if (tb[LWTUNNEL_IP6_ID])
tun_info->key.tun_id = nla_get_be64(tb[LWTUNNEL_IP6_ID]);
if (tb[LWTUNNEL_IP6_DST])
tun_info->key.u.ipv6.dst = nla_get_in6_addr(tb[LWTUNNEL_IP6_DST]);
if (tb[LWTUNNEL_IP6_SRC])
tun_info->key.u.ipv6.src = nla_get_in6_addr(tb[LWTUNNEL_IP6_SRC]);
if (tb[LWTUNNEL_IP6_HOPLIMIT])
tun_info->key.ttl = nla_get_u8(tb[LWTUNNEL_IP6_HOPLIMIT]);
if (tb[LWTUNNEL_IP6_TC])
tun_info->key.tos = nla_get_u8(tb[LWTUNNEL_IP6_TC]);
if (tb[LWTUNNEL_IP6_FLAGS])
tun_info->key.tun_flags = nla_get_be16(tb[LWTUNNEL_IP6_FLAGS]);
tun_info->mode = IP_TUNNEL_INFO_TX | IP_TUNNEL_INFO_IPV6;
tun_info->options_len = 0;
*ts = new_state;
return 0;
}
static int ip_tun_build_state(struct net_device *dev, struct nlattr *attr,
unsigned int family, const void *cfg,
struct lwtunnel_state **ts)
{
struct ip_tunnel_info *tun_info;
struct lwtunnel_state *new_state;
struct nlattr *tb[LWTUNNEL_IP_MAX + 1];
int err;
err = nla_parse_nested(tb, LWTUNNEL_IP_MAX, attr, ip_tun_policy);
if (err < 0)
return err;
new_state = lwtunnel_state_alloc(sizeof(*tun_info));
if (!new_state)
return -ENOMEM;
new_state->type = LWTUNNEL_ENCAP_IP;
tun_info = lwt_tun_info(new_state);
if (tb[LWTUNNEL_IP_ID])
tun_info->key.tun_id = nla_get_be64(tb[LWTUNNEL_IP_ID]);
if (tb[LWTUNNEL_IP_DST])
tun_info->key.u.ipv4.dst = nla_get_be32(tb[LWTUNNEL_IP_DST]);
if (tb[LWTUNNEL_IP_SRC])
tun_info->key.u.ipv4.src = nla_get_be32(tb[LWTUNNEL_IP_SRC]);
if (tb[LWTUNNEL_IP_TTL])
tun_info->key.ttl = nla_get_u8(tb[LWTUNNEL_IP_TTL]);
if (tb[LWTUNNEL_IP_TOS])
tun_info->key.tos = nla_get_u8(tb[LWTUNNEL_IP_TOS]);
if (tb[LWTUNNEL_IP_FLAGS])
tun_info->key.tun_flags = nla_get_be16(tb[LWTUNNEL_IP_FLAGS]);
tun_info->mode = IP_TUNNEL_INFO_TX;
tun_info->options_len = 0;
*ts = new_state;
return 0;
}
static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct)
{
struct nlattr *attr = cda[CTA_PROTOINFO_DCCP];
struct nlattr *tb[CTA_PROTOINFO_DCCP_MAX + 1];
int err;
if (!attr)
return 0;
err = nla_parse_nested(tb, CTA_PROTOINFO_DCCP_MAX, attr,
dccp_nla_policy);
if (err < 0)
return err;
if (!tb[CTA_PROTOINFO_DCCP_STATE] ||
!tb[CTA_PROTOINFO_DCCP_ROLE] ||
nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) > CT_DCCP_ROLE_MAX ||
nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]) >= CT_DCCP_IGNORE) {
return -EINVAL;
}
spin_lock_bh(&ct->lock);
ct->proto.dccp.state = nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]);
if (nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) == CT_DCCP_ROLE_CLIENT) {
ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT;
ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER;
} else {
ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_SERVER;
ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_CLIENT;
}
if (tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ]) {
ct->proto.dccp.handshake_seq =
be64_to_cpu(nla_get_be64(tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ]));
}
spin_unlock_bh(&ct->lock);
return 0;
}
nfct_t *nfct_create(ginkgo_ctx *ctx, int grps, nfct_notify cb, void *ud)
{
nfct_t *ct;
char name[20];
ginkgo_src src = {
.name = name,
.fd = -1,
.rd = NULL,
.wr = NULL,
.pars = nl_parse,
.resp = nfct_response,
.hand = nfct_handler,
.ud = NULL,
};
int fd;
if(! ctx) return NULL;
if((fd = nl_open(NETLINK_NETFILTER, grps)) < 0)
return NULL;
if(! instantiate(ct)) {
close(fd);
return NULL;
}
ct->ginkgo = ctx;
ct->nlfd = fd;
ct->nlgrps = grps;
ct->nlseq = 0;
ct->cb = cb;
ct->ud = ud;
src.fd = fd;
src.ud = ct;
sprintf(name, "nfct-%d", fd);
if(ginkgo_src_register(ctx, &src, &ct->id, 0) < 0) {
close(fd);
free(ct);
return NULL;
}
return ct;
}
void nfct_destroy(nfct_t *ct)
{
if(ct) {
ginkgo_src_deregister(ct->ginkgo, ct->id, 1, 1);
close(ct->nlfd);
free(ct);
}
}
int nfct_conn_get_counter(const conn_entry *e, conn_counter *counter)
{
const struct nlattr *orig = e->nla[CTA_COUNTERS_ORIG];
const struct nlattr *rep = e->nla[CTA_COUNTERS_REPLY];
struct nlattr *arr[CTA_COUNTERS_MAX + 1];
if(orig && rep) {
nla_parse_nested(arr, CTA_COUNTERS_MAX, orig);
if(! arr[CTA_COUNTERS_PACKETS] || ! arr[CTA_COUNTERS_BYTES])
return -1;
counter->orig_pkts = be64toh(nla_get_be64(arr[CTA_COUNTERS_PACKETS]));
counter->orig_bytes = be64toh(nla_get_be64(arr[CTA_COUNTERS_BYTES]));
nla_parse_nested(arr, CTA_COUNTERS_MAX, rep);
if(! arr[CTA_COUNTERS_PACKETS] || ! arr[CTA_COUNTERS_BYTES])
return -1;
counter->rep_pkts = be64toh(nla_get_be64(arr[CTA_COUNTERS_PACKETS]));
counter->rep_bytes = be64toh(nla_get_be64(arr[CTA_COUNTERS_BYTES]));
return 0;
}
return -1;
}
int nfct_conn_get_tcpinfo(const conn_entry *e, conn_tcpinfo *info)
{
const struct nlattr *proto = e->nla[CTA_PROTOINFO];
const struct nlattr *tcp;
struct nlattr *arr[CTA_PROTOINFO_TCP_MAX + 1];
if(proto) {
tcp = (const struct nlattr *)nla_data(proto);
if(nla_type(tcp) != CTA_PROTOINFO_TCP)
return -1;
nla_parse_nested(arr, CTA_PROTOINFO_TCP_MAX, tcp);
if(arr[CTA_PROTOINFO_TCP_STATE]
|| arr[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL]
|| arr[CTA_PROTOINFO_TCP_WSCALE_REPLY]
|| arr[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL]
|| arr[CTA_PROTOINFO_TCP_FLAGS_REPLY]) {
info->state = nla_get_u8(arr[CTA_PROTOINFO_TCP_STATE]);
info->wscale_orig = nla_get_u8(arr[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL]);
info->wscale_rep = nla_get_u8(arr[CTA_PROTOINFO_TCP_WSCALE_REPLY]);
nla_get_mem(arr[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL], &info->flags_orig, sizeof(info->flags_orig));
nla_get_mem(arr[CTA_PROTOINFO_TCP_FLAGS_REPLY], &info->flags_rep, sizeof(info->flags_rep));
return 0;
}
}
return -1;
}
int nfct_conn_get_sctpinfo(const conn_entry *e, conn_sctpinfo *info)
{
const struct nlattr *proto = e->nla[CTA_PROTOINFO];
const struct nlattr *sctp;
struct nlattr *arr[CTA_PROTOINFO_SCTP_MAX + 1];
if(proto) {
sctp = (const struct nlattr *)nla_data(proto);
if(nla_type(sctp) != CTA_PROTOINFO_SCTP)
return -1;
nla_parse_nested(arr, CTA_PROTOINFO_SCTP_MAX, sctp);
if(! arr[CTA_PROTOINFO_SCTP_STATE]
|| ! arr[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL]
|| ! arr[CTA_PROTOINFO_SCTP_VTAG_REPLY]) {
info->state = nla_get_u8(arr[CTA_PROTOINFO_SCTP_STATE]);
info->vtag_orig = ntohl(nla_get_u8(arr[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL]));
info->vtag_rep = ntohl(nla_get_u8(arr[CTA_PROTOINFO_SCTP_VTAG_REPLY]));
return 0;
}
}
return -1;
}
int __nfct_conn_get_tuple(const conn_entry *e, int type, conn_tuple *tuple)
{
struct nlattr *arr[CTA_TUPLE_MAX + 1];
struct nlattr *ip[CTA_IP_MAX + 1];
struct nlattr *proto[CTA_PROTO_MAX + 1];
if(! e->nla[type])
return -1;
memset(tuple, 0, sizeof(*tuple));
nla_parse_nested(arr, CTA_TUPLE_MAX, e->nla[type]);
if(! arr[CTA_TUPLE_IP] || ! arr[CTA_TUPLE_PROTO]) {
PR_WARN("unexpected NULL tuple IP or proto");
return-1;
}
nla_parse_nested(ip, CTA_IP_MAX, arr[CTA_TUPLE_IP]);
tuple->src.l3num = e->l3num;
if(e->l3num == AF_INET) {
if(! ip[CTA_IP_V4_SRC] || ! ip[CTA_IP_V4_DST])
return -1;
tuple->src.u3.ip = nla_get_be32(ip[CTA_IP_V4_SRC]);
tuple->dst.u3.ip = nla_get_be32(ip[CTA_IP_V4_DST]);
}else if(e->l3num == AF_INET6) {
if(! ip[CTA_IP_V6_SRC] || ! ip[CTA_IP_V6_DST])
return -1;
nla_get_mem(ip[CTA_IP_V6_SRC], &tuple->src.u3.in6, sizeof(tuple->src.u3.in6));
nla_get_mem(ip[CTA_IP_V6_DST], &tuple->dst.u3.in6, sizeof(tuple->dst.u3.in6));
}else {
PR_WARN("unexpected l3num while parsing tuple:%d", e->l3num);
return -1;
}
nla_parse_nested(proto, CTA_PROTO_MAX, arr[CTA_TUPLE_PROTO]);
if(! proto[CTA_PROTO_NUM]) {
PR_WARN("unexpected NULL proto num while parsing tuple");
return -1;
}
tuple->dst.protonum = nla_get_u8(proto[CTA_PROTO_NUM]);
switch(tuple->dst.protonum) {
case IPPROTO_TCP:
case IPPROTO_UDP:
case IPPROTO_UDPLITE:
if(! proto[CTA_PROTO_SRC_PORT] || ! proto[CTA_PROTO_DST_PORT]) {
PR_WARN("unexpected NULL port while parsing tuple");
return -1;
}
tuple->src.u.tcp.port = nla_get_be16(proto[CTA_PROTO_SRC_PORT]);
tuple->dst.u.tcp.port = nla_get_be16(proto[CTA_PROTO_DST_PORT]);
break;
case IPPROTO_ICMP:
if(! proto[CTA_PROTO_ICMP_ID] || ! proto[CTA_PROTO_ICMP_TYPE] || ! proto[CTA_PROTO_ICMP_CODE]) {
PR_WARN("unexpected NULL icmp attr while parsing tuple");
return -1;
}
tuple->src.u.icmp.id = nla_get_be16(proto[CTA_PROTO_ICMP_ID]);
tuple->dst.u.icmp.type = nla_get_u8(proto[CTA_PROTO_ICMP_TYPE]);
tuple->dst.u.icmp.code = nla_get_u8(proto[CTA_PROTO_ICMP_CODE]);
break;
case IPPROTO_ICMPV6:
if(! proto[CTA_PROTO_ICMPV6_ID]
|| ! proto[CTA_PROTO_ICMPV6_TYPE]
|| ! proto[CTA_PROTO_ICMPV6_CODE]) {
PR_WARN("unexpected NULL icmpv6 attr while parsing tuple");
return -1;
}
tuple->src.u.icmp.id = nla_get_be16(proto[CTA_PROTO_ICMPV6_ID]);
tuple->dst.u.icmp.type = nla_get_u8(proto[CTA_PROTO_ICMPV6_TYPE]);
tuple->dst.u.icmp.code = nla_get_u8(proto[CTA_PROTO_ICMPV6_CODE]);
break;
default:
PR_INFO("unsupported proto %d while parsing tuple", tuple->dst.protonum);
return -1;
}
return 0;
}
/* fixme: nat seq adj */
nfct_msg *nfct_msg_new(__u8 l3num, int flags)
{
ginkgo_msg *msg;
struct nlmsghdr *nlh;
struct nfgenmsg *nfmsg;
nfct_msg_ctl *ctl;
conn_entry *e;
if((msg = ginkgo_new_msg(0, NFCT_MSG_GOOD_SIZE))) {
if(! instantiate(e)) {
free(msg);
return NULL;
}
nlh = NL_HEADER(msg);
BZERO(nlh);
nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
if(flags & NFCT_F_CREATE)
nlh->nlmsg_flags |= NLM_F_CREATE;
if(flags & NFCT_F_EXCL)
nlh->nlmsg_flags |= NLM_F_EXCL;
if(flags & NFCT_F_DUMP)
nlh->nlmsg_flags |= NLM_F_DUMP;
nfmsg = (struct nfgenmsg *)NLMSG_DATA(nlh);
nfmsg->nfgen_family = l3num;
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = 0;
BZERO(e);
e->l3num = l3num;
ctl = msg_ctl(msg);
BZERO(ctl);
ctl->base.entry = e;
ctl->ctx = (char *)nfmsg + NLMSG_ALIGN(sizeof(struct nfgenmsg));
ctl->sz = NFCT_MSG_GOOD_SIZE;
return (nfct_msg *)ctl;
}
return NULL;
}
