static int
nft_rule_expr_match_set(struct nft_rule_expr *e, uint16_t type,
const void *data, uint32_t data_len)
{
struct nft_expr_match *mt = nft_expr_data(e);
switch(type) {
case NFT_EXPR_MT_NAME:
snprintf(mt->name, sizeof(mt->name), "%.*s", data_len,
(const char *)data);
break;
case NFT_EXPR_MT_REV:
mt->rev = *((uint32_t *)data);
break;
case NFT_EXPR_MT_INFO:
if (mt->data)
xfree(mt->data);
mt->data = data;
mt->data_len = data_len;
break;
default:
return -1;
}
return 0;
}
static const void *
nft_rule_expr_nat_get(const struct nft_rule_expr *e, uint16_t type,
uint32_t *data_len)
{
struct nft_expr_nat *nat = nft_expr_data(e);
switch(type) {
case NFT_EXPR_NAT_TYPE:
*data_len = sizeof(nat->type);
return &nat->type;
case NFT_EXPR_NAT_FAMILY:
*data_len = sizeof(nat->family);
return &nat->family;
case NFT_EXPR_NAT_REG_ADDR_MIN:
*data_len = sizeof(nat->sreg_addr_min);
return &nat->sreg_addr_min;
case NFT_EXPR_NAT_REG_ADDR_MAX:
*data_len = sizeof(nat->sreg_addr_max);
return &nat->sreg_addr_max;
case NFT_EXPR_NAT_REG_PROTO_MIN:
*data_len = sizeof(nat->sreg_proto_min);
return &nat->sreg_proto_min;
case NFT_EXPR_NAT_REG_PROTO_MAX:
*data_len = sizeof(nat->sreg_proto_max);
return &nat->sreg_proto_max;
case NFT_EXPR_NAT_FLAGS:
*data_len = sizeof(nat->flags);
return &nat->flags;
}
return NULL;
}
static int
nft_rule_expr_bitwise_parse(struct nft_rule_expr *e, struct nlattr *attr)
{
struct nft_expr_bitwise *bitwise = nft_expr_data(e);
struct nlattr *tb[NFTA_BITWISE_MAX+1] = {};
int ret = 0;
if (mnl_attr_parse_nested(attr, nft_rule_expr_bitwise_cb, tb) < 0)
return -1;
if (tb[NFTA_BITWISE_SREG]) {
bitwise->sreg = ntohl(mnl_attr_get_u32(tb[NFTA_BITWISE_SREG]));
e->flags |= (1 << NFT_EXPR_BITWISE_SREG);
}
if (tb[NFTA_BITWISE_DREG]) {
bitwise->dreg = ntohl(mnl_attr_get_u32(tb[NFTA_BITWISE_DREG]));
e->flags |= (1 << NFT_EXPR_BITWISE_DREG);
}
if (tb[NFTA_BITWISE_LEN]) {
bitwise->len = ntohl(mnl_attr_get_u32(tb[NFTA_BITWISE_LEN]));
e->flags |= (1 << NFT_EXPR_BITWISE_LEN);
}
if (tb[NFTA_BITWISE_MASK]) {
ret = nft_parse_data(&bitwise->mask, tb[NFTA_BITWISE_MASK], NULL);
e->flags |= (1 << NFTA_BITWISE_MASK);
}
if (tb[NFTA_BITWISE_XOR]) {
ret = nft_parse_data(&bitwise->xor, tb[NFTA_BITWISE_XOR], NULL);
e->flags |= (1 << NFTA_BITWISE_XOR);
}
return ret;
}
static int nft_rule_expr_queue_snprintf_default(char *buf, size_t len,
struct nft_rule_expr *e)
{
struct nft_expr_queue *queue = nft_expr_data(e);
int ret, size = len, offset = 0;
uint16_t total_queues;
total_queues = queue->queuenum + queue->queues_total -1;
ret = snprintf(buf + offset, len, "num %u", queue->queuenum);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
if (queue->queues_total && total_queues != queue->queuenum) {
ret = snprintf(buf + offset, len, "-%u", total_queues);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
if (e->flags & (1 << NFT_EXPR_QUEUE_FLAGS)) {
if (queue->flags & (NFT_QUEUE_FLAG_BYPASS)) {
ret = snprintf(buf + offset, len, " bypass");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
if (queue->flags & (NFT_QUEUE_FLAG_CPU_FANOUT)) {
ret = snprintf(buf + offset, len, " fanout");
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
}
return offset;
}
static int
nft_rule_expr_byteorder_set(struct nft_rule_expr *e, uint16_t type,
const void *data, uint32_t data_len)
{
struct nft_expr_byteorder *byteorder = nft_expr_data(e);
switch(type) {
case NFT_EXPR_BYTEORDER_SREG:
byteorder->sreg = *((uint32_t *)data);
break;
case NFT_EXPR_BYTEORDER_DREG:
byteorder->dreg = *((uint32_t *)data);
break;
case NFT_EXPR_BYTEORDER_OP:
byteorder->op = *((uint32_t *)data);
break;
case NFT_EXPR_BYTEORDER_LEN:
byteorder->len = *((unsigned int *)data);
break;
case NFT_EXPR_BYTEORDER_SIZE:
byteorder->size = *((unsigned int *)data);
break;
default:
return -1;
}
return 0;
}
static int nft_rule_expr_log_set(struct nft_rule_expr *e, uint16_t type,
const void *data, uint32_t data_len)
{
struct nft_expr_log *log = nft_expr_data(e);
switch(type) {
case NFT_EXPR_LOG_PREFIX:
if (log->prefix)
xfree(log->prefix);
log->prefix = strdup(data);
break;
case NFT_EXPR_LOG_GROUP:
log->group = *((uint16_t *)data);
break;
case NFT_EXPR_LOG_SNAPLEN:
log->snaplen = *((uint32_t *)data);
break;
case NFT_EXPR_LOG_QTHRESHOLD:
log->qthreshold = *((uint16_t *)data);
break;
case NFT_EXPR_LOG_LEVEL:
log->level = *((uint32_t *)data);
break;
case NFT_EXPR_LOG_FLAGS:
log->flags = *((uint32_t *)data);
break;
default:
return -1;
}
return 0;
}
static const void *
nft_rule_expr_bitwise_get(const struct nft_rule_expr *e, uint16_t type,
uint32_t *data_len)
{
struct nft_expr_bitwise *bitwise = nft_expr_data(e);
switch(type) {
case NFT_EXPR_BITWISE_SREG:
*data_len = sizeof(bitwise->sreg);
return &bitwise->sreg;
case NFT_EXPR_BITWISE_DREG:
*data_len = sizeof(bitwise->dreg);
return &bitwise->dreg;
case NFT_EXPR_BITWISE_LEN:
*data_len = sizeof(bitwise->len);
return &bitwise->len;
case NFT_EXPR_BITWISE_MASK:
*data_len = bitwise->mask.len;
return &bitwise->mask.val;
case NFT_EXPR_BITWISE_XOR:
*data_len = bitwise->xor.len;
return &bitwise->xor.val;
}
return NULL;
}
static int
nft_rule_expr_bitwise_json_parse(struct nft_rule_expr *e, json_t *root,
struct nft_parse_err *err)
{
#ifdef JSON_PARSING
struct nft_expr_bitwise *bitwise = nft_expr_data(e);
uint32_t reg, len;
if (nft_jansson_parse_reg(root, "sreg", NFT_TYPE_U32, ®, err) == 0)
nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_SREG, reg);
if (nft_jansson_parse_reg(root, "dreg", NFT_TYPE_U32, ®, err) == 0)
nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_DREG, reg);
if (nft_jansson_parse_val(root, "len", NFT_TYPE_U32, &len, err) == 0)
nft_rule_expr_set_u32(e, NFT_EXPR_BITWISE_LEN, len);
if (nft_jansson_data_reg_parse(root, "mask", &bitwise->mask,
err) == DATA_VALUE)
e->flags |= (1 << NFT_EXPR_BITWISE_MASK);
if (nft_jansson_data_reg_parse(root, "xor", &bitwise->xor,
err) == DATA_VALUE)
e->flags |= (1 << NFT_EXPR_BITWISE_XOR);
if (bitwise->mask.len != bitwise->xor.len)
return -1;
return 0;
#else
errno = EOPNOTSUPP;
return -1;
#endif
}
static int
nft_rule_expr_ct_parse(struct nft_rule_expr *e, struct nlattr *attr)
{
struct nft_expr_ct *ct = nft_expr_data(e);
struct nlattr *tb[NFTA_CT_MAX+1] = {};
if (mnl_attr_parse_nested(attr, nft_rule_expr_ct_cb, tb) < 0)
return -1;
if (tb[NFTA_CT_KEY]) {
ct->key = ntohl(mnl_attr_get_u32(tb[NFTA_CT_KEY]));
e->flags |= (1 << NFT_EXPR_CT_KEY);
}
if (tb[NFTA_CT_DREG]) {
ct->dreg = ntohl(mnl_attr_get_u32(tb[NFTA_CT_DREG]));
e->flags |= (1 << NFT_EXPR_CT_DREG);
}
if (tb[NFTA_CT_SREG]) {
ct->sreg = ntohl(mnl_attr_get_u32(tb[NFTA_CT_SREG]));
e->flags |= (1 << NFT_EXPR_CT_SREG);
}
if (tb[NFTA_CT_DIRECTION]) {
ct->dir = mnl_attr_get_u8(tb[NFTA_CT_DIRECTION]);
e->flags |= (1 << NFT_EXPR_CT_DIR);
}
return 0;
}
static int
nft_expr_ct_snprintf_default(char *buf, size_t size, struct nft_rule_expr *e)
{
int ret, len = size, offset = 0;
struct nft_expr_ct *ct = nft_expr_data(e);
if (e->flags & (1 << NFT_EXPR_CT_SREG)) {
ret = snprintf(buf, size, "set %s with reg %u ",
ctkey2str(ct->key), ct->sreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
if (e->flags & (1 << NFT_EXPR_CT_DREG)) {
ret = snprintf(buf, len, "load %s => reg %u ",
ctkey2str(ct->key), ct->dreg);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
if (nft_rule_expr_is_set(e, NFT_EXPR_CT_DIR)) {
ret = snprintf(buf+offset, len, ", dir %s ",
ctdir2str(ct->dir));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
return offset;
}
static const void *
nft_rule_expr_byteorder_get(const struct nft_rule_expr *e, uint16_t type,
uint32_t *data_len)
{
struct nft_expr_byteorder *byteorder = nft_expr_data(e);
switch(type) {
case NFT_EXPR_BYTEORDER_SREG:
*data_len = sizeof(byteorder->sreg);
return &byteorder->sreg;
case NFT_EXPR_BYTEORDER_DREG:
*data_len = sizeof(byteorder->dreg);
return &byteorder->dreg;
case NFT_EXPR_BYTEORDER_OP:
*data_len = sizeof(byteorder->op);
return &byteorder->op;
case NFT_EXPR_BYTEORDER_LEN:
*data_len = sizeof(byteorder->len);
return &byteorder->len;
case NFT_EXPR_BYTEORDER_SIZE:
*data_len = sizeof(byteorder->size);
return &byteorder->size;
}
return NULL;
}
static int
nft_rule_expr_nat_snprintf_default(char *buf, size_t size,
struct nft_rule_expr *e)
{
struct nft_expr_nat *nat = nft_expr_data(e);
int len = size, offset = 0, ret = 0;
ret = snprintf(buf, len, "%s ", nat2str(nat->type));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
ret = snprintf(buf+offset, len, "%s ", nft_family2str(nat->family));
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
if (e->flags & (1 << NFT_EXPR_NAT_REG_ADDR_MIN)) {
ret = snprintf(buf+offset, len,
"addr_min reg %u addr_max reg %u ",
nat->sreg_addr_min, nat->sreg_addr_max);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
if (e->flags & (1 << NFT_EXPR_NAT_REG_PROTO_MIN)) {
ret = snprintf(buf+offset, len,
"proto_min reg %u proto_max reg %u ",
nat->sreg_proto_min, nat->sreg_proto_max);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
if (e->flags & (1 << NFT_EXPR_NAT_FLAGS)) {
ret = snprintf(buf+offset, len, "flags %u", nat->flags);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
}
return offset;
}
static int
nft_rule_expr_bitwise_set(struct nft_rule_expr *e, uint16_t type,
const void *data, uint32_t data_len)
{
struct nft_expr_bitwise *bitwise = nft_expr_data(e);
switch(type) {
case NFT_EXPR_BITWISE_SREG:
bitwise->sreg = *((uint32_t *)data);
break;
case NFT_EXPR_BITWISE_DREG:
bitwise->dreg = *((uint32_t *)data);
break;
case NFT_EXPR_BITWISE_LEN:
bitwise->len = *((unsigned int *)data);
break;
case NFT_EXPR_BITWISE_MASK:
memcpy(&bitwise->mask.val, data, data_len);
bitwise->mask.len = data_len;
break;
case NFT_EXPR_BITWISE_XOR:
memcpy(&bitwise->xor.val, data, data_len);
bitwise->xor.len = data_len;
break;
default:
return -1;
}
return 0;
}
static const void *
nft_rule_expr_log_get(const struct nft_rule_expr *e, uint16_t type,
uint32_t *data_len)
{
struct nft_expr_log *log = nft_expr_data(e);
switch(type) {
case NFT_EXPR_LOG_PREFIX:
*data_len = strlen(log->prefix)+1;
return log->prefix;
case NFT_EXPR_LOG_GROUP:
*data_len = sizeof(log->group);
return &log->group;
case NFT_EXPR_LOG_SNAPLEN:
*data_len = sizeof(log->snaplen);
return &log->snaplen;
case NFT_EXPR_LOG_QTHRESHOLD:
*data_len = sizeof(log->qthreshold);
return &log->qthreshold;
case NFT_EXPR_LOG_LEVEL:
*data_len = sizeof(log->level);
return &log->level;
case NFT_EXPR_LOG_FLAGS:
*data_len = sizeof(log->flags);
return &log->flags;
}
return NULL;
}
static void
nft_rule_expr_bitwise_build(struct nlmsghdr *nlh, struct nft_rule_expr *e)
{
struct nft_expr_bitwise *bitwise = nft_expr_data(e);
if (e->flags & (1 << NFT_EXPR_BITWISE_SREG))
mnl_attr_put_u32(nlh, NFTA_BITWISE_SREG, htonl(bitwise->sreg));
if (e->flags & (1 << NFT_EXPR_BITWISE_DREG))
mnl_attr_put_u32(nlh, NFTA_BITWISE_DREG, htonl(bitwise->dreg));
if (e->flags & (1 << NFT_EXPR_BITWISE_LEN))
mnl_attr_put_u32(nlh, NFTA_BITWISE_LEN, htonl(bitwise->len));
if (e->flags & (1 << NFT_EXPR_BITWISE_MASK)) {
struct nlattr *nest;
nest = mnl_attr_nest_start(nlh, NFTA_BITWISE_MASK);
mnl_attr_put(nlh, NFTA_DATA_VALUE, bitwise->mask.len,
bitwise->mask.val);
mnl_attr_nest_end(nlh, nest);
}
if (e->flags & (1 << NFT_EXPR_BITWISE_XOR)) {
struct nlattr *nest;
nest = mnl_attr_nest_start(nlh, NFTA_BITWISE_XOR);
mnl_attr_put(nlh, NFTA_DATA_VALUE, bitwise->xor.len,
bitwise->xor.val);
mnl_attr_nest_end(nlh, nest);
}
}
static int
nft_rule_expr_nat_set(struct nft_rule_expr *e, uint16_t type,
const void *data, uint32_t data_len)
{
struct nft_expr_nat *nat = nft_expr_data(e);
switch(type) {
case NFT_EXPR_NAT_TYPE:
nat->type = *((uint32_t *)data);
break;
case NFT_EXPR_NAT_FAMILY:
nat->family = *((uint32_t *)data);
break;
case NFT_EXPR_NAT_REG_ADDR_MIN:
nat->sreg_addr_min = *((uint32_t *)data);
break;
case NFT_EXPR_NAT_REG_ADDR_MAX:
nat->sreg_addr_max = *((uint32_t *)data);
break;
case NFT_EXPR_NAT_REG_PROTO_MIN:
nat->sreg_proto_min = *((uint32_t *)data);
break;
case NFT_EXPR_NAT_REG_PROTO_MAX:
nat->sreg_proto_max = *((uint32_t *)data);
break;
case NFT_EXPR_NAT_FLAGS:
nat->flags = *((uint32_t *)data);
break;
default:
return -1;
}
return 0;
}
static void
nft_rule_expr_byteorder_build(struct nlmsghdr *nlh, struct nft_rule_expr *e)
{
struct nft_expr_byteorder *byteorder = nft_expr_data(e);
if (e->flags & (1 << NFT_EXPR_BYTEORDER_SREG)) {
mnl_attr_put_u32(nlh, NFTA_BYTEORDER_SREG,
htonl(byteorder->sreg));
}
if (e->flags & (1 << NFT_EXPR_BYTEORDER_DREG)) {
mnl_attr_put_u32(nlh, NFTA_BYTEORDER_DREG,
htonl(byteorder->dreg));
}
if (e->flags & (1 << NFT_EXPR_BYTEORDER_OP)) {
mnl_attr_put_u32(nlh, NFTA_BYTEORDER_OP,
htonl(byteorder->op));
}
if (e->flags & (1 << NFT_EXPR_BYTEORDER_LEN)) {
mnl_attr_put_u32(nlh, NFTA_BYTEORDER_LEN,
htonl(byteorder->len));
}
if (e->flags & (1 << NFT_EXPR_BYTEORDER_SIZE)) {
mnl_attr_put_u32(nlh, NFTA_BYTEORDER_SIZE,
htonl(byteorder->size));
}
}
static int nft_rule_expr_match_export(char *buf, size_t size,
struct nft_rule_expr *e, int type)
{
struct nft_expr_match *mt = nft_expr_data(e);
NFT_BUF_INIT(b, buf, size);
if (e->flags & (1 << NFT_EXPR_MT_NAME))
nft_buf_str(&b, type, mt->name, NAME);
return nft_buf_done(&b);
}
static void
nft_rule_expr_queue_build(struct nlmsghdr *nlh, struct nft_rule_expr *e)
{
struct nft_expr_queue *queue = nft_expr_data(e);
if (e->flags & (1 << NFT_EXPR_QUEUE_NUM))
mnl_attr_put_u16(nlh, NFTA_QUEUE_NUM, htons(queue->queuenum));
if (e->flags & (1 << NFT_EXPR_QUEUE_TOTAL))
mnl_attr_put_u16(nlh, NFTA_QUEUE_TOTAL, htons(queue->queues_total));
if (e->flags & (1 << NFT_EXPR_QUEUE_FLAGS))
mnl_attr_put_u16(nlh, NFTA_QUEUE_FLAGS, htons(queue->flags));
}
static void
nft_rule_expr_match_build(struct nlmsghdr *nlh, struct nft_rule_expr *e)
{
struct nft_expr_match *mt = nft_expr_data(e);
if (e->flags & (1 << NFT_EXPR_MT_NAME))
mnl_attr_put_strz(nlh, NFTA_MATCH_NAME, mt->name);
if (e->flags & (1 << NFT_EXPR_MT_REV))
mnl_attr_put_u32(nlh, NFTA_MATCH_REV, htonl(mt->rev));
if (e->flags & (1 << NFT_EXPR_MT_INFO))
mnl_attr_put(nlh, NFTA_MATCH_INFO, mt->data_len, mt->data);
}
static int nft_rule_expr_byteorder_snprintf_default(char *buf, size_t size,
struct nft_rule_expr *e)
{
struct nft_expr_byteorder *byteorder = nft_expr_data(e);
int len = size, offset = 0, ret;
ret = snprintf(buf, len, "reg %u = %s(reg %u, %u, %u) ",
byteorder->dreg, bo2str(byteorder->op),
byteorder->sreg, byteorder->size, byteorder->len);
SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
return offset;
}
static void
nft_rule_expr_ct_build(struct nlmsghdr *nlh, struct nft_rule_expr *e)
{
struct nft_expr_ct *ct = nft_expr_data(e);
if (e->flags & (1 << NFT_EXPR_CT_KEY))
mnl_attr_put_u32(nlh, NFTA_CT_KEY, htonl(ct->key));
if (e->flags & (1 << NFT_EXPR_CT_DREG))
mnl_attr_put_u32(nlh, NFTA_CT_DREG, htonl(ct->dreg));
if (e->flags & (1 << NFT_EXPR_CT_DIR))
mnl_attr_put_u8(nlh, NFTA_CT_DIRECTION, ct->dir);
if (e->flags & (1 << NFT_EXPR_CT_SREG))
mnl_attr_put_u32(nlh, NFTA_CT_SREG, htonl(ct->sreg));
}
static int nft_rule_expr_queue_export(char *buf, size_t size,
struct nft_rule_expr *e, int type)
{
struct nft_expr_queue *queue = nft_expr_data(e);
NFT_BUF_INIT(b, buf, size);
if (e->flags & (1 << NFT_EXPR_QUEUE_NUM))
nft_buf_u32(&b, type, queue->queuenum, NUM);
if (e->flags & (1 << NFT_EXPR_QUEUE_TOTAL))
nft_buf_u32(&b, type, queue->queues_total, TOTAL);
if (e->flags & (1 << NFT_EXPR_QUEUE_FLAGS))
nft_buf_u32(&b, type, queue->flags, FLAGS);
return nft_buf_done(&b);
}
static int
nft_expr_ct_export(char *buf, size_t size, struct nft_rule_expr *e, int type)
{
struct nft_expr_ct *ct = nft_expr_data(e);
NFT_BUF_INIT(b, buf, size);
if (e->flags & (1 << NFT_EXPR_CT_SREG))
nft_buf_u32(&b, type, ct->sreg, SREG);
if (e->flags & (1 << NFT_EXPR_CT_DREG))
nft_buf_u32(&b, type, ct->dreg, DREG);
if (e->flags & (1 << NFT_EXPR_CT_KEY))
nft_buf_str(&b, type, ctkey2str(ct->key), KEY);
if (e->flags & (1 << NFT_EXPR_CT_DIR))
nft_buf_str(&b, type, ctdir2str(ct->dir), DIR);
return nft_buf_done(&b);
}
static int
nft_rule_expr_match_snprintf(char *buf, size_t len, uint32_t type,
uint32_t flags, struct nft_rule_expr *e)
{
struct nft_expr_match *match = nft_expr_data(e);
switch (type) {
case NFT_OUTPUT_DEFAULT:
return snprintf(buf, len, "name %s rev %u ",
match->name, match->rev);
case NFT_OUTPUT_XML:
case NFT_OUTPUT_JSON:
return nft_rule_expr_match_export(buf, len, e, type);
default:
break;
}
return -1;
}
static void
nft_rule_expr_log_build(struct nlmsghdr *nlh, struct nft_rule_expr *e)
{
struct nft_expr_log *log = nft_expr_data(e);
if (e->flags & (1 << NFT_EXPR_LOG_PREFIX))
mnl_attr_put_strz(nlh, NFTA_LOG_PREFIX, log->prefix);
if (e->flags & (1 << NFT_EXPR_LOG_GROUP))
mnl_attr_put_u16(nlh, NFTA_LOG_GROUP, htons(log->group));
if (e->flags & (1 << NFT_EXPR_LOG_SNAPLEN))
mnl_attr_put_u32(nlh, NFTA_LOG_SNAPLEN, htonl(log->snaplen));
if (e->flags & (1 << NFT_EXPR_LOG_QTHRESHOLD))
mnl_attr_put_u16(nlh, NFTA_LOG_QTHRESHOLD, htons(log->qthreshold));
if (e->flags & (1 << NFT_EXPR_LOG_LEVEL))
mnl_attr_put_u32(nlh, NFTA_LOG_LEVEL, htonl(log->level));
if (e->flags & (1 << NFT_EXPR_LOG_FLAGS))
mnl_attr_put_u32(nlh, NFTA_LOG_FLAGS, htonl(log->flags));
}
static int
nft_rule_expr_nat_parse(struct nft_rule_expr *e, struct nlattr *attr)
{
struct nft_expr_nat *nat = nft_expr_data(e);
struct nlattr *tb[NFTA_NAT_MAX+1] = {};
if (mnl_attr_parse_nested(attr, nft_rule_expr_nat_cb, tb) < 0)
return -1;
if (tb[NFTA_NAT_TYPE]) {
nat->type = ntohl(mnl_attr_get_u32(tb[NFTA_NAT_TYPE]));
e->flags |= (1 << NFT_EXPR_NAT_TYPE);
}
if (tb[NFTA_NAT_FAMILY]) {
nat->family = ntohl(mnl_attr_get_u32(tb[NFTA_NAT_FAMILY]));
e->flags |= (1 << NFT_EXPR_NAT_FAMILY);
}
if (tb[NFTA_NAT_REG_ADDR_MIN]) {
nat->sreg_addr_min =
ntohl(mnl_attr_get_u32(tb[NFTA_NAT_REG_ADDR_MIN]));
e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MIN);
}
if (tb[NFTA_NAT_REG_ADDR_MAX]) {
nat->sreg_addr_max =
ntohl(mnl_attr_get_u32(tb[NFTA_NAT_REG_ADDR_MAX]));
e->flags |= (1 << NFT_EXPR_NAT_REG_ADDR_MAX);
}
if (tb[NFTA_NAT_REG_PROTO_MIN]) {
nat->sreg_proto_min =
ntohl(mnl_attr_get_u32(tb[NFTA_NAT_REG_PROTO_MIN]));
e->flags |= (1 << NFT_EXPR_NAT_REG_PROTO_MIN);
}
if (tb[NFTA_NAT_REG_PROTO_MAX]) {
nat->sreg_proto_max =
ntohl(mnl_attr_get_u32(tb[NFTA_NAT_REG_PROTO_MAX]));
e->flags |= (1 << NFT_EXPR_NAT_REG_PROTO_MAX);
}
if (tb[NFTA_NAT_FLAGS]) {
nat->flags = ntohl(mnl_attr_get_u32(tb[NFTA_NAT_FLAGS]));
e->flags |= (1 << NFT_EXPR_NAT_FLAGS);
}
return 0;
}
static const void *
nft_rule_expr_match_get(const struct nft_rule_expr *e, uint16_t type,
uint32_t *data_len)
{
struct nft_expr_match *mt = nft_expr_data(e);
switch(type) {
case NFT_EXPR_MT_NAME:
*data_len = sizeof(mt->name);
return mt->name;
case NFT_EXPR_MT_REV:
*data_len = sizeof(mt->rev);
return &mt->rev;
case NFT_EXPR_MT_INFO:
*data_len = mt->data_len;
return mt->data;
}
return NULL;
}
static int nft_rule_expr_byteorder_export(char *buf, size_t size,
struct nft_rule_expr *e, int type)
{
struct nft_expr_byteorder *byteorder = nft_expr_data(e);
NFT_BUF_INIT(b, buf, size);
if (e->flags & (1 << NFT_EXPR_BYTEORDER_SREG))
nft_buf_u32(&b, type, byteorder->sreg, SREG);
if (e->flags & (1 << NFT_EXPR_BYTEORDER_DREG))
nft_buf_u32(&b, type, byteorder->dreg, DREG);
if (e->flags & (1 << NFT_EXPR_BYTEORDER_OP))
nft_buf_str(&b, type, bo2str(byteorder->op), OP);
if (e->flags & (1 << NFT_EXPR_BYTEORDER_LEN))
nft_buf_u32(&b, type, byteorder->len, LEN);
if (e->flags & (1 << NFT_EXPR_BYTEORDER_SIZE))
nft_buf_u32(&b, type, byteorder->size, SIZE);
return nft_buf_done(&b);
}
static int nft_rule_expr_bitwise_export(char *buf, size_t size,
struct nft_rule_expr *e, int type)
{
struct nft_expr_bitwise *bitwise = nft_expr_data(e);
NFT_BUF_INIT(b, buf, size);
if (e->flags & (1 << NFT_EXPR_BITWISE_SREG))
nft_buf_u32(&b, type, bitwise->sreg, SREG);
if (e->flags & (1 << NFT_EXPR_BITWISE_DREG))
nft_buf_u32(&b, type, bitwise->dreg, DREG);
if (e->flags & (1 << NFT_EXPR_BITWISE_LEN))
nft_buf_u32(&b, type, bitwise->len, LEN);
if (e->flags & (1 << NFT_EXPR_BITWISE_MASK))
nft_buf_reg(&b, type, &bitwise->mask, DATA_VALUE, MASK);
if (e->flags & (1 << NFT_EXPR_BITWISE_XOR))
nft_buf_reg(&b, type, &bitwise->xor, DATA_VALUE, XOR);
return nft_buf_done(&b);
}
