expr: osf: add ttl option support

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
index 6285c6fc87224b601dbafc523d663980c7d43815..6988c62979338b4384b8efb7e7af2abb9c72294a 100644 (file)
--- a/include/libnftnl/expr.h
+++ b/include/libnftnl/expr.h
@@ -281,6 +281,7 @@ enum {
 
 enum {
        NFTNL_EXPR_OSF_DREG     = NFTNL_EXPR_BASE,
+       NFTNL_EXPR_OSF_TTL,
 };
 
 enum {

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index f2ee638a551ebe2d4e0428891a2de7f7c85e1350..40c71c9f97a9c3d0a3d50da8f3472662723888ed 100644 (file)
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -936,11 +936,13 @@ enum nft_socket_keys {
 /**
  * enum nft_osf_attributes - nf_tables osf expression netlink attributes
  *
- * @NFTA_OSF_DREG: OS to match
+ * @NFTA_OSF_DREG: destination register (NLA_U32)
+ * @NFTA_OSF_TTL: Value of the TTL osf option (NLA_U8)
  */
 enum nft_osf_attributes {
        NFTA_OSF_UNSPEC,
        NFTA_OSF_DREG,
+       NFTA_OSF_TTL,
        __NFTA_OSF_MAX,
 };
 #define NFTA_OSF_MAX (__NFTA_OSF_MAX - 1)

diff --git a/src/expr/osf.c b/src/expr/osf.c
index 372ebe1a8588645bb8e9b59f9f74e2c315505dc9..a90620de18b058edb7b45d941cddd3c0cd67f56a 100644 (file)
--- a/src/expr/osf.c
+++ b/src/expr/osf.c
@@ -14,6 +14,7 @@
 
 struct nftnl_expr_osf {
        enum nft_registers      dreg;
+       uint8_t                 ttl;
 };
 
 static int nftnl_expr_osf_set(struct nftnl_expr *e, uint16_t type,
@@ -25,6 +26,9 @@ static int nftnl_expr_osf_set(struct nftnl_expr *e, uint16_t type,
        case NFTNL_EXPR_OSF_DREG:
                osf->dreg = *((uint32_t *)data);
                break;
+       case NFTNL_EXPR_OSF_TTL:
+               osf->ttl = *((uint8_t *)data);
+               break;
        }
        return 0;
 }
@@ -39,6 +43,9 @@ nftnl_expr_osf_get(const struct nftnl_expr *e, uint16_t type,
        case NFTNL_EXPR_OSF_DREG:
                *data_len = sizeof(osf->dreg);
                return &osf->dreg;
+       case NFTNL_EXPR_OSF_TTL:
+               *data_len = sizeof(osf->ttl);
+               return &osf->ttl;
        }
        return NULL;
 }
@@ -56,6 +63,11 @@ static int nftnl_expr_osf_cb(const struct nlattr *attr, void *data)
                if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
                        abi_breakage();
                break;
+
+       case NFTNL_EXPR_OSF_TTL:
+               if (mnl_attr_validate(attr, MNL_TYPE_U8) < 0)
+                       abi_breakage();
+               break;
        }
 
        tb[type] = attr;
@@ -69,6 +81,8 @@ nftnl_expr_osf_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
 
        if (e->flags & (1 << NFTNL_EXPR_OSF_DREG))
                mnl_attr_put_u32(nlh, NFTNL_EXPR_OSF_DREG, htonl(osf->dreg));
+       if (e->flags & (1 << NFTNL_EXPR_OSF_TTL))
+               mnl_attr_put_u8(nlh, NFTNL_EXPR_OSF_TTL, osf->ttl);
 }
 
 static int
@@ -85,6 +99,11 @@ nftnl_expr_osf_parse(struct nftnl_expr *e, struct nlattr *attr)
                e->flags |= (1 << NFTNL_EXPR_OSF_DREG);
        }
 
+       if (tb[NFTA_OSF_TTL]) {
+               osf->ttl = mnl_attr_get_u8(tb[NFTA_OSF_TTL]);
+               e->flags |= (1 << NFTNL_EXPR_OSF_TTL);
+       }
+
        return 0;
 }
 
@@ -127,6 +146,9 @@ static bool nftnl_expr_osf_cmp(const struct nftnl_expr *e1,
        if (e1->flags & (1 << NFTNL_EXPR_OSF_DREG))
                eq &= (l1->dreg == l2->dreg);
 
+       if (e1->flags & (1 << NFTNL_EXPR_OSF_TTL))
+               eq &= (l1->ttl == l2->ttl);
+
        return eq;
 }