static int nft_rule_expr_match_set(struct nft_rule_expr *e, uint16_t type, const void *data, uint32_t data_len) { struct nft_expr_match *mt = nft_expr_data(e); switch(type) { case NFT_EXPR_MT_NAME: snprintf(mt->name, sizeof(mt->name), "%.*s", data_len, (const char *)data); break; case NFT_EXPR_MT_REV: mt->rev = *((uint32_t *)data); break; case NFT_EXPR_MT_INFO: if (mt->data) xfree(mt->data); mt->data = data; mt->data_len = data_len; break; default: return -1; } return 0; }
static const void * nft_rule_expr_nat_get(const struct nft_rule_expr *e, uint16_t type, uint32_t *data_len) { struct nft_expr_nat *nat = nft_expr_data(e); switch(type) { case NFT_EXPR_NAT_TYPE: *data_len = sizeof(nat->type); return &nat->type; case NFT_EXPR_NAT_FAMILY: *data_len = sizeof(nat->family); return &nat->family; case NFT_EXPR_NAT_REG_ADDR_MIN: *data_len = sizeof(nat->sreg_addr_min); return &nat->sreg_addr_min; case NFT_EXPR_NAT_REG_ADDR_MAX: *data_len = sizeof(nat->sreg_addr_max); return &nat->sreg_addr_max; case NFT_EXPR_NAT_REG_PROTO_MIN: *data_len = sizeof(nat->sreg_proto_min); return &nat->sreg_proto_min; case NFT_EXPR_NAT_REG_PROTO_MAX: *data_len = sizeof(nat->sreg_proto_max); return &nat->sreg_proto_max; case NFT_EXPR_NAT_FLAGS: *data_len = sizeof(nat->flags); return &nat->flags; } return NULL; }
static int nft_rule_expr_bitwise_parse(struct nft_rule_expr *e, struct nlattr *attr) { struct nft_expr_bitwise *bitwise = nft_expr_data(e); struct nlattr *tb[NFTA_BITWISE_MAX+1] = {}; int ret = 0; if (mnl_attr_parse_nested(attr, nft_rule_expr_bitwise_cb, tb) < 0) return -1; if (tb[NFTA_BITWISE_SREG]) { bitwise->sreg = ntohl(mnl_attr_get_u32(tb[NFTA_BITWISE_SREG])); e->flags |= (1 << NFT_EXPR_BITWISE_SREG); } if (tb[NFTA_BITWISE_DREG]) { bitwise->dreg = ntohl(mnl_attr_get_u32(tb[NFTA_BITWISE_DREG])); e->flags |= (1 << NFT_EXPR_BITWISE_DREG); } if (tb[NFTA_BITWISE_LEN]) { bitwise->len = ntohl(mnl_attr_get_u32(tb[NFTA_BITWISE_LEN])); e->flags |= (1 << NFT_EXPR_BITWISE_LEN); } if (tb[NFTA_BITWISE_MASK]) { ret = nft_parse_data(&bitwise->mask, tb[NFTA_BITWISE_MASK], NULL); e->flags |= (1 << NFTA_BITWISE_MASK); } if (tb[NFTA_BITWISE_XOR]) { ret = nft_parse_data(&bitwise->xor, tb[NFTA_BITWISE_XOR], NULL); e->flags |= (1 << NFTA_BITWISE_XOR); } return ret; }
static int nft_rule_expr_queue_snprintf_default(char *buf, size_t len, struct nft_rule_expr *e) { struct nft_expr_queue *queue = nft_expr_data(e); int ret, size = len, offset = 0; uint16_t total_queues; total_queues = queue->queuenum + queue->queues_total -1; ret = snprintf(buf + offset, len, "num %u", queue->queuenum); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); if (queue->queues_total && total_queues != queue->queuenum) { ret = snprintf(buf + offset, len, "-%u", total_queues); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } if (e->flags & (1 << NFT_EXPR_QUEUE_FLAGS)) { if (queue->flags & (NFT_QUEUE_FLAG_BYPASS)) { ret = snprintf(buf + offset, len, " bypass"); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } if (queue->flags & (NFT_QUEUE_FLAG_CPU_FANOUT)) { ret = snprintf(buf + offset, len, " fanout"); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } } return offset; }
static int nft_rule_expr_byteorder_set(struct nft_rule_expr *e, uint16_t type, const void *data, uint32_t data_len) { struct nft_expr_byteorder *byteorder = nft_expr_data(e); switch(type) { case NFT_EXPR_BYTEORDER_SREG: byteorder->sreg = *((uint32_t *)data); break; case NFT_EXPR_BYTEORDER_DREG: byteorder->dreg = *((uint32_t *)data); break; case NFT_EXPR_BYTEORDER_OP: byteorder->op = *((uint32_t *)data); break; case NFT_EXPR_BYTEORDER_LEN: byteorder->len = *((unsigned int *)data); break; case NFT_EXPR_BYTEORDER_SIZE: byteorder->size = *((unsigned int *)data); break; default: return -1; } return 0; }
static int nft_rule_expr_log_set(struct nft_rule_expr *e, uint16_t type, const void *data, uint32_t data_len) { struct nft_expr_log *log = nft_expr_data(e); switch(type) { case NFT_EXPR_LOG_PREFIX: if (log->prefix) xfree(log->prefix); log->prefix = strdup(data); break; case NFT_EXPR_LOG_GROUP: log->group = *((uint16_t *)data); break; case NFT_EXPR_LOG_SNAPLEN: log->snaplen = *((uint32_t *)data); break; case NFT_EXPR_LOG_QTHRESHOLD: log->qthreshold = *((uint16_t *)data); break; case NFT_EXPR_LOG_LEVEL: log->level = *((uint32_t *)data); break; case NFT_EXPR_LOG_FLAGS: log->flags = *((uint32_t *)data); break; default: return -1; } return 0; }
static const void * nft_rule_expr_bitwise_get(const struct nft_rule_expr *e, uint16_t type, uint32_t *data_len) { struct nft_expr_bitwise *bitwise = nft_expr_data(e); switch(type) { case NFT_EXPR_BITWISE_SREG: *data_len = sizeof(bitwise->sreg); return &bitwise->sreg; case NFT_EXPR_BITWISE_DREG: *data_len = sizeof(bitwise->dreg); return &bitwise->dreg; case NFT_EXPR_BITWISE_LEN: *data_len = sizeof(bitwise->len); return &bitwise->len; case NFT_EXPR_BITWISE_MASK: *data_len = bitwise->mask.len; return &bitwise->mask.val; case NFT_EXPR_BITWISE_XOR: *data_len = bitwise->xor.len; return &bitwise->xor.val; } return NULL; }
static int nft_rule_expr_bitwise_json_parse(struct nft_rule_expr *e, json_t *root, struct nft_parse_err *err) { #ifdef JSON_PARSING struct nft_expr_bitwise *bitwise = nft_expr_data(e); uint32_t reg, len; if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, ®, err) == 0) nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_SREG, reg); if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, err) == 0) nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_DREG, reg); if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &len, err) == 0) nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_LEN, len); if (nft_jansson_data_reg_parse(root, "mask", &bitwise->mask, err) == DATA_VALUE) e->flags |= (1 << NFT_EXPR_BITWISE_MASK); if (nft_jansson_data_reg_parse(root, "xor", &bitwise->xor, err) == DATA_VALUE) e->flags |= (1 << NFT_EXPR_BITWISE_XOR); if (bitwise->mask.len != bitwise->xor.len) return -1; return 0; #else errno = EOPNOTSUPP; return -1; #endif }
static int nft_rule_expr_ct_parse(struct nft_rule_expr *e, struct nlattr *attr) { struct nft_expr_ct *ct = nft_expr_data(e); struct nlattr *tb[NFTA_CT_MAX+1] = {}; if (mnl_attr_parse_nested(attr, nft_rule_expr_ct_cb, tb) < 0) return -1; if (tb[NFTA_CT_KEY]) { ct->key = ntohl(mnl_attr_get_u32(tb[NFTA_CT_KEY])); e->flags |= (1 << NFT_EXPR_CT_KEY); } if (tb[NFTA_CT_DREG]) { ct->dreg = ntohl(mnl_attr_get_u32(tb[NFTA_CT_DREG])); e->flags |= (1 << NFT_EXPR_CT_DREG); } if (tb[NFTA_CT_SREG]) { ct->sreg = ntohl(mnl_attr_get_u32(tb[NFTA_CT_SREG])); e->flags |= (1 << NFT_EXPR_CT_SREG); } if (tb[NFTA_CT_DIRECTION]) { ct->dir = mnl_attr_get_u8(tb[NFTA_CT_DIRECTION]); e->flags |= (1 << NFT_EXPR_CT_DIR); } return 0; }
static int nft_expr_ct_snprintf_default(char *buf, size_t size, struct nft_rule_expr *e) { int ret, len = size, offset = 0; struct nft_expr_ct *ct = nft_expr_data(e); if (e->flags & (1 << NFT_EXPR_CT_SREG)) { ret = snprintf(buf, size, "set %s with reg %u ", ctkey2str(ct->key), ct->sreg); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } if (e->flags & (1 << NFT_EXPR_CT_DREG)) { ret = snprintf(buf, len, "load %s => reg %u ", ctkey2str(ct->key), ct->dreg); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) { ret = snprintf(buf+offset, len, ", dir %s ", ctdir2str(ct->dir)); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } return offset; }
static const void * nft_rule_expr_byteorder_get(const struct nft_rule_expr *e, uint16_t type, uint32_t *data_len) { struct nft_expr_byteorder *byteorder = nft_expr_data(e); switch(type) { case NFT_EXPR_BYTEORDER_SREG: *data_len = sizeof(byteorder->sreg); return &byteorder->sreg; case NFT_EXPR_BYTEORDER_DREG: *data_len = sizeof(byteorder->dreg); return &byteorder->dreg; case NFT_EXPR_BYTEORDER_OP: *data_len = sizeof(byteorder->op); return &byteorder->op; case NFT_EXPR_BYTEORDER_LEN: *data_len = sizeof(byteorder->len); return &byteorder->len; case NFT_EXPR_BYTEORDER_SIZE: *data_len = sizeof(byteorder->size); return &byteorder->size; } return NULL; }
static int nft_rule_expr_nat_snprintf_default(char *buf, size_t size, struct nft_rule_expr *e) { struct nft_expr_nat *nat = nft_expr_data(e); int len = size, offset = 0, ret = 0; ret = snprintf(buf, len, "%s ", nat2str(nat->type)); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); ret = snprintf(buf+offset, len, "%s ", nft_family2str(nat->family)); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) { ret = snprintf(buf+offset, len, "addr_min reg %u addr_max reg %u ", nat->sreg_addr_min, nat->sreg_addr_max); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } if (e->flags & (1 << NFT_EXPR_NAT_REG_PROTO_MIN)) { ret = snprintf(buf+offset, len, "proto_min reg %u proto_max reg %u ", nat->sreg_proto_min, nat->sreg_proto_max); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } if (e->flags & (1 << NFT_EXPR_NAT_FLAGS)) { ret = snprintf(buf+offset, len, "flags %u", nat->flags); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); } return offset; }
static int nft_rule_expr_bitwise_set(struct nft_rule_expr *e, uint16_t type, const void *data, uint32_t data_len) { struct nft_expr_bitwise *bitwise = nft_expr_data(e); switch(type) { case NFT_EXPR_BITWISE_SREG: bitwise->sreg = *((uint32_t *)data); break; case NFT_EXPR_BITWISE_DREG: bitwise->dreg = *((uint32_t *)data); break; case NFT_EXPR_BITWISE_LEN: bitwise->len = *((unsigned int *)data); break; case NFT_EXPR_BITWISE_MASK: memcpy(&bitwise->mask.val, data, data_len); bitwise->mask.len = data_len; break; case NFT_EXPR_BITWISE_XOR: memcpy(&bitwise->xor.val, data, data_len); bitwise->xor.len = data_len; break; default: return -1; } return 0; }
static const void * nft_rule_expr_log_get(const struct nft_rule_expr *e, uint16_t type, uint32_t *data_len) { struct nft_expr_log *log = nft_expr_data(e); switch(type) { case NFT_EXPR_LOG_PREFIX: *data_len = strlen(log->prefix)+1; return log->prefix; case NFT_EXPR_LOG_GROUP: *data_len = sizeof(log->group); return &log->group; case NFT_EXPR_LOG_SNAPLEN: *data_len = sizeof(log->snaplen); return &log->snaplen; case NFT_EXPR_LOG_QTHRESHOLD: *data_len = sizeof(log->qthreshold); return &log->qthreshold; case NFT_EXPR_LOG_LEVEL: *data_len = sizeof(log->level); return &log->level; case NFT_EXPR_LOG_FLAGS: *data_len = sizeof(log->flags); return &log->flags; } return NULL; }
static void nft_rule_expr_bitwise_build(struct nlmsghdr *nlh, struct nft_rule_expr *e) { struct nft_expr_bitwise *bitwise = nft_expr_data(e); if (e->flags & (1 << NFT_EXPR_BITWISE_SREG)) mnl_attr_put_u32(nlh, NFTA_BITWISE_SREG, htonl(bitwise->sreg)); if (e->flags & (1 << NFT_EXPR_BITWISE_DREG)) mnl_attr_put_u32(nlh, NFTA_BITWISE_DREG, htonl(bitwise->dreg)); if (e->flags & (1 << NFT_EXPR_BITWISE_LEN)) mnl_attr_put_u32(nlh, NFTA_BITWISE_LEN, htonl(bitwise->len)); if (e->flags & (1 << NFT_EXPR_BITWISE_MASK)) { struct nlattr *nest; nest = mnl_attr_nest_start(nlh, NFTA_BITWISE_MASK); mnl_attr_put(nlh, NFTA_DATA_VALUE, bitwise->mask.len, bitwise->mask.val); mnl_attr_nest_end(nlh, nest); } if (e->flags & (1 << NFT_EXPR_BITWISE_XOR)) { struct nlattr *nest; nest = mnl_attr_nest_start(nlh, NFTA_BITWISE_XOR); mnl_attr_put(nlh, NFTA_DATA_VALUE, bitwise->xor.len, bitwise->xor.val); mnl_attr_nest_end(nlh, nest); } }
static int nft_rule_expr_nat_set(struct nft_rule_expr *e, uint16_t type, const void *data, uint32_t data_len) { struct nft_expr_nat *nat = nft_expr_data(e); switch(type) { case NFT_EXPR_NAT_TYPE: nat->type = *((uint32_t *)data); break; case NFT_EXPR_NAT_FAMILY: nat->family = *((uint32_t *)data); break; case NFT_EXPR_NAT_REG_ADDR_MIN: nat->sreg_addr_min = *((uint32_t *)data); break; case NFT_EXPR_NAT_REG_ADDR_MAX: nat->sreg_addr_max = *((uint32_t *)data); break; case NFT_EXPR_NAT_REG_PROTO_MIN: nat->sreg_proto_min = *((uint32_t *)data); break; case NFT_EXPR_NAT_REG_PROTO_MAX: nat->sreg_proto_max = *((uint32_t *)data); break; case NFT_EXPR_NAT_FLAGS: nat->flags = *((uint32_t *)data); break; default: return -1; } return 0; }
static void nft_rule_expr_byteorder_build(struct nlmsghdr *nlh, struct nft_rule_expr *e) { struct nft_expr_byteorder *byteorder = nft_expr_data(e); if (e->flags & (1 << NFT_EXPR_BYTEORDER_SREG)) { mnl_attr_put_u32(nlh, NFTA_BYTEORDER_SREG, htonl(byteorder->sreg)); } if (e->flags & (1 << NFT_EXPR_BYTEORDER_DREG)) { mnl_attr_put_u32(nlh, NFTA_BYTEORDER_DREG, htonl(byteorder->dreg)); } if (e->flags & (1 << NFT_EXPR_BYTEORDER_OP)) { mnl_attr_put_u32(nlh, NFTA_BYTEORDER_OP, htonl(byteorder->op)); } if (e->flags & (1 << NFT_EXPR_BYTEORDER_LEN)) { mnl_attr_put_u32(nlh, NFTA_BYTEORDER_LEN, htonl(byteorder->len)); } if (e->flags & (1 << NFT_EXPR_BYTEORDER_SIZE)) { mnl_attr_put_u32(nlh, NFTA_BYTEORDER_SIZE, htonl(byteorder->size)); } }
static int nft_rule_expr_match_export(char *buf, size_t size, struct nft_rule_expr *e, int type) { struct nft_expr_match *mt = nft_expr_data(e); NFT_BUF_INIT(b, buf, size); if (e->flags & (1 << NFT_EXPR_MT_NAME)) nft_buf_str(&b, type, mt->name, NAME); return nft_buf_done(&b); }
static void nft_rule_expr_queue_build(struct nlmsghdr *nlh, struct nft_rule_expr *e) { struct nft_expr_queue *queue = nft_expr_data(e); if (e->flags & (1 << NFT_EXPR_QUEUE_NUM)) mnl_attr_put_u16(nlh, NFTA_QUEUE_NUM, htons(queue->queuenum)); if (e->flags & (1 << NFT_EXPR_QUEUE_TOTAL)) mnl_attr_put_u16(nlh, NFTA_QUEUE_TOTAL, htons(queue->queues_total)); if (e->flags & (1 << NFT_EXPR_QUEUE_FLAGS)) mnl_attr_put_u16(nlh, NFTA_QUEUE_FLAGS, htons(queue->flags)); }
static void nft_rule_expr_match_build(struct nlmsghdr *nlh, struct nft_rule_expr *e) { struct nft_expr_match *mt = nft_expr_data(e); if (e->flags & (1 << NFT_EXPR_MT_NAME)) mnl_attr_put_strz(nlh, NFTA_MATCH_NAME, mt->name); if (e->flags & (1 << NFT_EXPR_MT_REV)) mnl_attr_put_u32(nlh, NFTA_MATCH_REV, htonl(mt->rev)); if (e->flags & (1 << NFT_EXPR_MT_INFO)) mnl_attr_put(nlh, NFTA_MATCH_INFO, mt->data_len, mt->data); }
static int nft_rule_expr_byteorder_snprintf_default(char *buf, size_t size, struct nft_rule_expr *e) { struct nft_expr_byteorder *byteorder = nft_expr_data(e); int len = size, offset = 0, ret; ret = snprintf(buf, len, "reg %u = %s(reg %u, %u, %u) ", byteorder->dreg, bo2str(byteorder->op), byteorder->sreg, byteorder->size, byteorder->len); SNPRINTF_BUFFER_SIZE(ret, size, len, offset); return offset; }
static void nft_rule_expr_ct_build(struct nlmsghdr *nlh, struct nft_rule_expr *e) { struct nft_expr_ct *ct = nft_expr_data(e); if (e->flags & (1 << NFT_EXPR_CT_KEY)) mnl_attr_put_u32(nlh, NFTA_CT_KEY, htonl(ct->key)); if (e->flags & (1 << NFT_EXPR_CT_DREG)) mnl_attr_put_u32(nlh, NFTA_CT_DREG, htonl(ct->dreg)); if (e->flags & (1 << NFT_EXPR_CT_DIR)) mnl_attr_put_u8(nlh, NFTA_CT_DIRECTION, ct->dir); if (e->flags & (1 << NFT_EXPR_CT_SREG)) mnl_attr_put_u32(nlh, NFTA_CT_SREG, htonl(ct->sreg)); }
static int nft_rule_expr_queue_export(char *buf, size_t size, struct nft_rule_expr *e, int type) { struct nft_expr_queue *queue = nft_expr_data(e); NFT_BUF_INIT(b, buf, size); if (e->flags & (1 << NFT_EXPR_QUEUE_NUM)) nft_buf_u32(&b, type, queue->queuenum, NUM); if (e->flags & (1 << NFT_EXPR_QUEUE_TOTAL)) nft_buf_u32(&b, type, queue->queues_total, TOTAL); if (e->flags & (1 << NFT_EXPR_QUEUE_FLAGS)) nft_buf_u32(&b, type, queue->flags, FLAGS); return nft_buf_done(&b); }
static int nft_expr_ct_export(char *buf, size_t size, struct nft_rule_expr *e, int type) { struct nft_expr_ct *ct = nft_expr_data(e); NFT_BUF_INIT(b, buf, size); if (e->flags & (1 << NFT_EXPR_CT_SREG)) nft_buf_u32(&b, type, ct->sreg, SREG); if (e->flags & (1 << NFT_EXPR_CT_DREG)) nft_buf_u32(&b, type, ct->dreg, DREG); if (e->flags & (1 << NFT_EXPR_CT_KEY)) nft_buf_str(&b, type, ctkey2str(ct->key), KEY); if (e->flags & (1 << NFT_EXPR_CT_DIR)) nft_buf_str(&b, type, ctdir2str(ct->dir), DIR); return nft_buf_done(&b); }
static int nft_rule_expr_match_snprintf(char *buf, size_t len, uint32_t type, uint32_t flags, struct nft_rule_expr *e) { struct nft_expr_match *match = nft_expr_data(e); switch (type) { case NFT_OUTPUT_DEFAULT: return snprintf(buf, len, "name %s rev %u ", match->name, match->rev); case NFT_OUTPUT_XML: case NFT_OUTPUT_JSON: return nft_rule_expr_match_export(buf, len, e, type); default: break; } return -1; }
static void nft_rule_expr_log_build(struct nlmsghdr *nlh, struct nft_rule_expr *e) { struct nft_expr_log *log = nft_expr_data(e); if (e->flags & (1 << NFT_EXPR_LOG_PREFIX)) mnl_attr_put_strz(nlh, NFTA_LOG_PREFIX, log->prefix); if (e->flags & (1 << NFT_EXPR_LOG_GROUP)) mnl_attr_put_u16(nlh, NFTA_LOG_GROUP, htons(log->group)); if (e->flags & (1 << NFT_EXPR_LOG_SNAPLEN)) mnl_attr_put_u32(nlh, NFTA_LOG_SNAPLEN, htonl(log->snaplen)); if (e->flags & (1 << NFT_EXPR_LOG_QTHRESHOLD)) mnl_attr_put_u16(nlh, NFTA_LOG_QTHRESHOLD, htons(log->qthreshold)); if (e->flags & (1 << NFT_EXPR_LOG_LEVEL)) mnl_attr_put_u32(nlh, NFTA_LOG_LEVEL, htonl(log->level)); if (e->flags & (1 << NFT_EXPR_LOG_FLAGS)) mnl_attr_put_u32(nlh, NFTA_LOG_FLAGS, htonl(log->flags)); }
static int nft_rule_expr_nat_parse(struct nft_rule_expr *e, struct nlattr *attr) { struct nft_expr_nat *nat = nft_expr_data(e); struct nlattr *tb[NFTA_NAT_MAX+1] = {}; if (mnl_attr_parse_nested(attr, nft_rule_expr_nat_cb, tb) < 0) return -1; if (tb[NFTA_NAT_TYPE]) { nat->type = ntohl(mnl_attr_get_u32(tb[NFTA_NAT_TYPE])); e->flags |= (1 << NFT_EXPR_NAT_TYPE); } if (tb[NFTA_NAT_FAMILY]) { nat->family = ntohl(mnl_attr_get_u32(tb[NFTA_NAT_FAMILY])); e->flags |= (1 << NFT_EXPR_NAT_FAMILY); } if (tb[NFTA_NAT_REG_ADDR_MIN]) { nat->sreg_addr_min = ntohl(mnl_attr_get_u32(tb[NFTA_NAT_REG_ADDR_MIN])); e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MIN); } if (tb[NFTA_NAT_REG_ADDR_MAX]) { nat->sreg_addr_max = ntohl(mnl_attr_get_u32(tb[NFTA_NAT_REG_ADDR_MAX])); e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MAX); } if (tb[NFTA_NAT_REG_PROTO_MIN]) { nat->sreg_proto_min = ntohl(mnl_attr_get_u32(tb[NFTA_NAT_REG_PROTO_MIN])); e->flags |= (1 << NFT_EXPR_NAT_REG_PROTO_MIN); } if (tb[NFTA_NAT_REG_PROTO_MAX]) { nat->sreg_proto_max = ntohl(mnl_attr_get_u32(tb[NFTA_NAT_REG_PROTO_MAX])); e->flags |= (1 << NFT_EXPR_NAT_REG_PROTO_MAX); } if (tb[NFTA_NAT_FLAGS]) { nat->flags = ntohl(mnl_attr_get_u32(tb[NFTA_NAT_FLAGS])); e->flags |= (1 << NFT_EXPR_NAT_FLAGS); } return 0; }
static const void * nft_rule_expr_match_get(const struct nft_rule_expr *e, uint16_t type, uint32_t *data_len) { struct nft_expr_match *mt = nft_expr_data(e); switch(type) { case NFT_EXPR_MT_NAME: *data_len = sizeof(mt->name); return mt->name; case NFT_EXPR_MT_REV: *data_len = sizeof(mt->rev); return &mt->rev; case NFT_EXPR_MT_INFO: *data_len = mt->data_len; return mt->data; } return NULL; }
static int nft_rule_expr_byteorder_export(char *buf, size_t size, struct nft_rule_expr *e, int type) { struct nft_expr_byteorder *byteorder = nft_expr_data(e); NFT_BUF_INIT(b, buf, size); if (e->flags & (1 << NFT_EXPR_BYTEORDER_SREG)) nft_buf_u32(&b, type, byteorder->sreg, SREG); if (e->flags & (1 << NFT_EXPR_BYTEORDER_DREG)) nft_buf_u32(&b, type, byteorder->dreg, DREG); if (e->flags & (1 << NFT_EXPR_BYTEORDER_OP)) nft_buf_str(&b, type, bo2str(byteorder->op), OP); if (e->flags & (1 << NFT_EXPR_BYTEORDER_LEN)) nft_buf_u32(&b, type, byteorder->len, LEN); if (e->flags & (1 << NFT_EXPR_BYTEORDER_SIZE)) nft_buf_u32(&b, type, byteorder->size, SIZE); return nft_buf_done(&b); }
static int nft_rule_expr_bitwise_export(char *buf, size_t size, struct nft_rule_expr *e, int type) { struct nft_expr_bitwise *bitwise = nft_expr_data(e); NFT_BUF_INIT(b, buf, size); if (e->flags & (1 << NFT_EXPR_BITWISE_SREG)) nft_buf_u32(&b, type, bitwise->sreg, SREG); if (e->flags & (1 << NFT_EXPR_BITWISE_DREG)) nft_buf_u32(&b, type, bitwise->dreg, DREG); if (e->flags & (1 << NFT_EXPR_BITWISE_LEN)) nft_buf_u32(&b, type, bitwise->len, LEN); if (e->flags & (1 << NFT_EXPR_BITWISE_MASK)) nft_buf_reg(&b, type, &bitwise->mask, DATA_VALUE, MASK); if (e->flags & (1 << NFT_EXPR_BITWISE_XOR)) nft_buf_reg(&b, type, &bitwise->xor, DATA_VALUE, XOR); return nft_buf_done(&b); }