]> git.ipfire.org Git - thirdparty/nftables.git/blob - include/expression.h
projects / thirdparty / nftables.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
datatype: fix leak and cleanup reference counting for struct datatype
[thirdparty/nftables.git] / include / expression.h
1 #ifndef NFTABLES_EXPRESSION_H
2 #define NFTABLES_EXPRESSION_H
3
4 #include <gmputil.h>
5 #include <linux/netfilter/nf_tables.h>
6
7 #include <nftables.h>
8 #include <datatype.h>
9 #include <utils.h>
10 #include <list.h>
11 #include <json.h>
12 #include <libnftnl/udata.h>
13
14 /**
15 * enum expr_types
16 *
17 * @EXPR_INVALID: uninitialized type, should not happen
18 * @EXPR_VERDICT: nftables verdict expression
19 * @EXPR_SYMBOL: unparsed symbol
20 * @EXPR_VARIABLE: variable
21 * @EXPR_VALUE: literal numeric or string expression
22 * @EXPR_PREFIX: prefixed expression
23 * @EXPR_RANGE: literal range
24 * @EXPR_PAYLOAD: payload expression
25 * @EXPR_EXTHDR: exthdr expression
26 * @EXPR_META: meta expression
27 * @EXPR_SOCKET: socket expression
28 * @EXPR_OSF: osf expression
29 * @EXPR_CT: conntrack expression
30 * @EXPR_CONCAT: concatenation
31 * @EXPR_LIST: list of expressions
32 * @EXPR_SET: literal set
33 * @EXPR_SET_REF: set reference
34 * @EXPR_SET_ELEM: set element
35 * @EXPR_MAPPING: a single mapping (key : value)
36 * @EXPR_MAP: map operation (expr map { EXPR_MAPPING, ... })
37 * @EXPR_UNARY: byteorder conversion, generated during evaluation
38 * @EXPR_BINOP: binary operations (bitwise, shifts)
39 * @EXPR_RELATIONAL: equality and relational expressions
40 * @EXPR_NUMGEN: number generation expression
41 * @EXPR_HASH: hash expression
42 * @EXPR_RT: routing expression
43 * @EXPR_FIB forward information base expression
44 * @EXPR_XFRM XFRM (ipsec) expression
45 * @EXPR_SET_ELEM_CATCHALL catchall element expression
46 * @EXPR_FLAGCMP flagcmp expression
47 */
48 enum expr_types {
49 EXPR_INVALID,
50 EXPR_VERDICT,
51 EXPR_SYMBOL,
52 EXPR_VARIABLE,
53 EXPR_VALUE,
54 EXPR_PREFIX,
55 EXPR_RANGE,
56 EXPR_PAYLOAD,
57 EXPR_EXTHDR,
58 EXPR_META,
59 EXPR_SOCKET,
60 EXPR_OSF,
61 EXPR_CT,
62 EXPR_CONCAT,
63 EXPR_LIST,
64 EXPR_SET,
65 EXPR_SET_REF,
66 EXPR_SET_ELEM,
67 EXPR_MAPPING,
68 EXPR_MAP,
69 EXPR_UNARY,
70 EXPR_BINOP,
71 EXPR_RELATIONAL,
72 EXPR_NUMGEN,
73 EXPR_HASH,
74 EXPR_RT,
75 EXPR_FIB,
76 EXPR_XFRM,
77 EXPR_SET_ELEM_CATCHALL,
78 EXPR_FLAGCMP,
79
80 EXPR_MAX = EXPR_FLAGCMP
81 };
82
83 enum ops {
84 OP_INVALID,
85 OP_IMPLICIT,
86 /* Unary operations */
87 OP_HTON,
88 OP_NTOH,
89 /* Binary operations */
90 OP_LSHIFT,
91 OP_RSHIFT,
92 OP_AND,
93 OP_XOR,
94 OP_OR,
95 /* Relational operations */
96 OP_EQ,
97 OP_NEQ,
98 OP_LT,
99 OP_GT,
100 OP_LTE,
101 OP_GTE,
102 OP_NEG,
103 __OP_MAX
104 };
105 #define OP_MAX (__OP_MAX - 1)
106
107 extern const char *expr_op_symbols[];
108
109 enum symbol_types {
110 SYMBOL_VALUE,
111 SYMBOL_SET,
112 };
113
114 /**
115 * struct expr_ctx - type context for symbol parsing during evaluation
116 *
117 * @dtype: expected datatype
118 * @byteorder: expected byteorder
119 * @len: expected len
120 * @maxval: expected maximum value
121 */
122 struct expr_ctx {
123 /* expr_ctx does not own the reference to dtype. The caller must ensure
124 * the valid lifetime.
125 */
126 const struct datatype *dtype;
127
128 enum byteorder byteorder;
129 unsigned int len;
130 unsigned int maxval;
131 const struct expr *key;
132 };
133
134 static inline void __expr_set_context(struct expr_ctx *ctx,
135 const struct datatype *dtype,
136 enum byteorder byteorder,
137 unsigned int len, unsigned int maxval)
138 {
139 ctx->dtype = dtype;
140 ctx->byteorder = byteorder;
141 ctx->len = len;
142 ctx->maxval = maxval;
143 ctx->key = NULL;
144 }
145
146 static inline void expr_set_context(struct expr_ctx *ctx,
147 const struct datatype *dtype,
148 unsigned int len)
149 {
150 __expr_set_context(ctx, dtype,
151 dtype ? dtype->byteorder : BYTEORDER_INVALID,
152 len, 0);
153 }
154
155 /**
156 * struct expr_ops
157 *
158 * @type: expression type
159 * @name: expression name for diagnostics
160 * @clone: function to clone type specific data
161 * @destroy: destructor, must release inner expressions
162 * @set_type: function to promote type and byteorder of inner types
163 * @print: function to print the expression
164 * @cmp: function to compare two expressions of the same types
165 * @pctx_update:update protocol context
166 */
167 struct proto_ctx;
168 struct expr_ops {
169 enum expr_types type;
170 const char *name;
171 void (*clone)(struct expr *new, const struct expr *expr);
172 void (*destroy)(struct expr *expr);
173 void (*set_type)(const struct expr *expr,
174 const struct datatype *dtype,
175 enum byteorder byteorder);
176 void (*print)(const struct expr *expr,
177 struct output_ctx *octx);
178 json_t *(*json)(const struct expr *expr,
179 struct output_ctx *octx);
180 bool (*cmp)(const struct expr *e1,
181 const struct expr *e2);
182 void (*pctx_update)(struct proto_ctx *ctx,
183 const struct location *loc,
184 const struct expr *left,
185 const struct expr *right);
186 int (*build_udata)(struct nftnl_udata_buf *udbuf,
187 const struct expr *expr);
188 struct expr * (*parse_udata)(const struct nftnl_udata *ud);
189 };
190
191 const struct expr_ops *expr_ops(const struct expr *e);
192 const struct expr_ops *expr_ops_by_type(enum expr_types etype);
193
194 /**
195 * enum expr_flags
196 *
197 * @EXPR_F_CONSTANT: constant expression
198 * @EXPR_F_SINGLETON: singleton (implies primary and constant)
199 * @EXPR_F_PROTOCOL: expressions describes upper layer protocol
200 * @EXPR_F_INTERVAL_END: set member ends an open interval
201 * @EXPR_F_BOOLEAN: expression is boolean (set by relational expr on LHS)
202 * @EXPR_F_INTERVAL: expression describes a interval
203 * @EXPR_F_KERNEL: expression resides in the kernel
204 */
205 enum expr_flags {
206 EXPR_F_CONSTANT = 0x1,
207 EXPR_F_SINGLETON = 0x2,
208 EXPR_F_PROTOCOL = 0x4,
209 EXPR_F_INTERVAL_END = 0x8,
210 EXPR_F_BOOLEAN = 0x10,
211 EXPR_F_INTERVAL = 0x20,
212 EXPR_F_KERNEL = 0x40,
213 EXPR_F_REMOVE = 0x80,
214 };
215
216 #include <payload.h>
217 #include <exthdr.h>
218 #include <fib.h>
219 #include <numgen.h>
220 #include <meta.h>
221 #include <rt.h>
222 #include <hash.h>
223 #include <ct.h>
224 #include <socket.h>
225 #include <osf.h>
226 #include <xfrm.h>
227
228 /**
229 * struct expr
230 *
231 * @list: list node
232 * @location: location from parser
233 * @refcnt: reference count
234 * @flags: mask of enum expr_flags
235 * @dtype: data type of expression
236 * @byteorder: byteorder of expression
237 * @etype: expression type
238 * @op: operation for unary, binary and relational expressions
239 * @len: length of expression
240 * @union: type specific data
241 */
242 struct expr {
243 struct list_head list;
244 struct location location;
245
246 unsigned int refcnt;
247 unsigned int flags;
248
249 const struct datatype *dtype;
250 enum byteorder byteorder:8;
251 enum expr_types etype:8;
252 enum ops op:8;
253 unsigned int len;
254 struct cmd *cmd;
255
256 union {
257 struct {
258 /* EXPR_SYMBOL */
259 const struct scope *scope;
260 const char *identifier;
261 enum symbol_types symtype;
262 };
263 struct {
264 /* EXPR_VARIABLE */
265 struct symbol *sym;
266 };
267 struct {
268 /* EXPR_VERDICT */
269 int verdict;
270 struct expr *chain;
271 uint32_t chain_id;
272 };
273 struct {
274 /* EXPR_VALUE */
275 mpz_t value;
276 };
277 struct {
278 /* EXPR_PREFIX */
279 struct expr *prefix;
280 unsigned int prefix_len;
281 };
282 struct {
283 /* EXPR_CONCAT, EXPR_LIST, EXPR_SET */
284 struct list_head expressions;
285 unsigned int size;
286 uint32_t set_flags;
287 uint8_t field_len[NFT_REG32_COUNT];
288 uint8_t field_count;
289 };
290 struct {
291 /* EXPR_SET_REF */
292 struct set *set;
293 };
294 struct {
295 /* EXPR_SET_ELEM */
296 struct expr *key;
297 uint64_t timeout;
298 uint64_t expiration;
299 const char *comment;
300 struct list_head stmt_list;
301 uint32_t elem_flags;
302 };
303 struct {
304 /* EXPR_UNARY */
305 struct expr *arg;
306 };
307 struct {
308 /* EXPR_RANGE, EXPR_BINOP, EXPR_MAPPING, EXPR_RELATIONAL */
309 struct expr *left;
310 struct expr *right;
311 };
312 struct {
313 /* EXPR_MAP */
314 struct expr *map;
315 struct expr *mappings;
316 };
317
318 struct {
319 /* EXPR_PAYLOAD */
320 const struct proto_desc *desc;
321 const struct proto_hdr_template *tmpl;
322 const struct proto_desc *inner_desc;
323 enum proto_bases base;
324 unsigned int offset;
325 bool is_raw;
326 bool evaluated;
327 } payload;
328 struct {
329 /* EXPR_EXTHDR */
330 const struct exthdr_desc *desc;
331 const struct proto_hdr_template *tmpl;
332 uint16_t offset;
333 uint8_t raw_type;
334 enum nft_exthdr_op op;
335 unsigned int flags;
336 } exthdr;
337 struct {
338 /* EXPR_META */
339 enum nft_meta_keys key;
340 enum proto_bases base;
341 const struct proto_desc *inner_desc;
342 } meta;
343 struct {
344 /* SOCKET */
345 enum nft_socket_keys key;
346 uint32_t level;
347 } socket;
348 struct {
349 /* EXPR_RT */
350 enum nft_rt_keys key;
351 } rt;
352 struct {
353 /* EXPR_CT */
354 enum nft_ct_keys key;
355 enum proto_bases base;
356 int8_t direction;
357 uint8_t nfproto;
358 } ct;
359 struct {
360 /* EXPR_NUMGEN */
361 enum nft_ng_types type;
362 uint32_t mod;
363 uint32_t offset;
364 } numgen;
365 struct {
366 /* EXPR_HASH */
367 struct expr *expr;
368 uint32_t mod;
369 bool seed_set;
370 uint32_t seed;
371 uint32_t offset;
372 enum nft_hash_types type;
373 } hash;
374 struct {
375 /* EXPR_FIB */
376 uint32_t flags;
377 uint32_t result;
378 } fib;
379 struct {
380 /* EXPR_XFRM */
381 enum nft_xfrm_keys key;
382 uint8_t direction;
383 uint8_t spnum;
384 } xfrm;
385 struct {
386 /* EXPR_OSF */
387 uint8_t ttl;
388 uint32_t flags;
389 } osf;
390 struct {
391 /* EXPR_FLAGCMP */
392 struct expr *expr;
393 struct expr *mask;
394 struct expr *value;
395 } flagcmp;
396 };
397 };
398
399 extern struct expr *expr_alloc(const struct location *loc,
400 enum expr_types etype,
401 const struct datatype *dtype,
402 enum byteorder byteorder, unsigned int len);
403 extern struct expr *expr_clone(const struct expr *expr);
404 extern struct expr *expr_get(struct expr *expr);
405 extern void expr_free(struct expr *expr);
406 extern void expr_print(const struct expr *expr, struct output_ctx *octx);
407 extern bool expr_cmp(const struct expr *e1, const struct expr *e2);
408 extern void expr_describe(const struct expr *expr, struct output_ctx *octx);
409
410 extern const struct datatype *expr_basetype(const struct expr *expr);
411 extern void expr_set_type(struct expr *expr, const struct datatype *dtype,
412 enum byteorder byteorder);
413
414 void expr_to_string(const struct expr *expr, char *string);
415
416 struct eval_ctx;
417 extern int expr_binary_error(struct list_head *msgs,
418 const struct expr *e1, const struct expr *e2,
419 const char *fmt, ...) __gmp_fmtstring(4, 5);
420
421 #define expr_error(msgs, expr, fmt, args...) \
422 expr_binary_error(msgs, expr, NULL, fmt, ## args)
423
424 static inline bool expr_is_constant(const struct expr *expr)
425 {
426 return expr->flags & EXPR_F_CONSTANT ? true : false;
427 }
428
429 static inline bool expr_is_singleton(const struct expr *expr)
430 {
431 return expr->flags & EXPR_F_SINGLETON ? true : false;
432 }
433
434 extern struct expr *unary_expr_alloc(const struct location *loc,
435 enum ops op, struct expr *arg);
436
437 extern struct expr *binop_expr_alloc(const struct location *loc, enum ops op,
438 struct expr *left, struct expr *right);
439
440 extern bool must_print_eq_op(const struct expr *expr);
441
442 extern struct expr *relational_expr_alloc(const struct location *loc, enum ops op,
443 struct expr *left, struct expr *right);
444
445 extern void relational_expr_pctx_update(struct proto_ctx *ctx,
446 const struct expr *expr);
447
448 extern struct expr *verdict_expr_alloc(const struct location *loc,
449 int verdict, struct expr *chain);
450
451 extern struct expr *symbol_expr_alloc(const struct location *loc,
452 enum symbol_types type, struct scope *scope,
453 const char *identifier);
454
455 const char *expr_name(const struct expr *e);
456
457 static inline void symbol_expr_set_type(struct expr *expr,
458 const struct datatype *dtype)
459 {
460 if (expr->etype == EXPR_SYMBOL)
461 datatype_set(expr, dtype);
462 }
463
464 struct expr *variable_expr_alloc(const struct location *loc,
465 struct scope *scope, struct symbol *sym);
466
467 extern struct expr *constant_expr_alloc(const struct location *loc,
468 const struct datatype *dtype,
469 enum byteorder byteorder,
470 unsigned int len, const void *data);
471 extern struct expr *constant_expr_join(const struct expr *e1,
472 const struct expr *e2);
473 extern struct expr *constant_expr_splice(struct expr *expr, unsigned int len);
474
475 extern struct expr *flag_expr_alloc(const struct location *loc,
476 const struct datatype *dtype,
477 enum byteorder byteorder,
478 unsigned int len, unsigned long n);
479 extern struct expr *bitmask_expr_to_binops(struct expr *expr);
480
481 extern struct expr *prefix_expr_alloc(const struct location *loc,
482 struct expr *expr,
483 unsigned int prefix_len);
484
485 extern struct expr *range_expr_alloc(const struct location *loc,
486 struct expr *low, struct expr *high);
487 struct expr *range_expr_to_prefix(struct expr *range);
488
489 extern struct expr *compound_expr_alloc(const struct location *loc,
490 enum expr_types etypes);
491 extern void compound_expr_add(struct expr *compound, struct expr *expr);
492 extern void compound_expr_remove(struct expr *compound, struct expr *expr);
493 extern void list_expr_sort(struct list_head *head);
494 extern void list_splice_sorted(struct list_head *list, struct list_head *head);
495
496 extern struct expr *concat_expr_alloc(const struct location *loc);
497
498 extern struct expr *list_expr_alloc(const struct location *loc);
499
500 extern struct expr *set_expr_alloc(const struct location *loc,
501 const struct set *set);
502 extern void concat_range_aggregate(struct expr *set);
503 extern void interval_map_decompose(struct expr *set);
504
505 extern struct expr *get_set_intervals(const struct set *set,
506 const struct expr *init);
507 struct table;
508 extern int get_set_decompose(struct set *cache_set, struct set *set);
509
510 extern struct expr *mapping_expr_alloc(const struct location *loc,
511 struct expr *from, struct expr *to);
512 extern struct expr *map_expr_alloc(const struct location *loc,
513 struct expr *arg, struct expr *list);
514
515 extern struct expr *set_ref_expr_alloc(const struct location *loc,
516 struct set *set);
517
518 extern struct expr *set_elem_expr_alloc(const struct location *loc,
519 struct expr *key);
520
521 struct expr *set_elem_catchall_expr_alloc(const struct location *loc);
522
523 struct expr *flagcmp_expr_alloc(const struct location *loc, enum ops op,
524 struct expr *expr, struct expr *mask,
525 struct expr *value);
526
527 extern void range_expr_value_low(mpz_t rop, const struct expr *expr);
528 extern void range_expr_value_high(mpz_t rop, const struct expr *expr);
529
530 #endif /* NFTABLES_EXPRESSION_H */
Mirror of git://git.netfilter.org/nftables