exthdr: Add support for exthdr flags

Along with the actual support for exthdr expression specific flags, this
also declares NFT_EXTHDR_F_PRESENT used for exthdr existence match.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
index f5e9cc133b7aa0b69c1f02d1caedf0bdc95c7d8c..7d327eaf457d0c5de893dd024d00c7e06e3489cc 100644 (file)
--- a/include/libnftnl/expr.h
+++ b/include/libnftnl/expr.h
@@ -156,6 +156,7 @@ enum {
        NFTNL_EXPR_EXTHDR_TYPE,
        NFTNL_EXPR_EXTHDR_OFFSET,
        NFTNL_EXPR_EXTHDR_LEN,
+       NFTNL_EXPR_EXTHDR_FLAGS,
        NFTNL_EXPR_EXTHDR_OP,
 };
 

diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index a64c1bb81cb5fea4effa6ceeccc3745b0b5e37fb..143ad549ee1ea6588d0ffcf5359f1d44c7295173 100644 (file)
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -34,6 +34,7 @@ struct nftnl_expr_exthdr {
        uint32_t                len;
        uint8_t                 type;
        uint32_t                op;
+       uint32_t                flags;
 };
 
 static int
@@ -58,6 +59,9 @@ nftnl_expr_exthdr_set(struct nftnl_expr *e, uint16_t type,
        case NFTNL_EXPR_EXTHDR_OP:
                exthdr->op = *((uint32_t *)data);
                break;
+       case NFTNL_EXPR_EXTHDR_FLAGS:
+               exthdr->flags = *((uint32_t *)data);
+               break;
        default:
                return -1;
        }
@@ -86,6 +90,9 @@ nftnl_expr_exthdr_get(const struct nftnl_expr *e, uint16_t type,
        case NFTNL_EXPR_EXTHDR_OP:
                *data_len = sizeof(exthdr->op);
                return &exthdr->op;
+       case NFTNL_EXPR_EXTHDR_FLAGS:
+               *data_len = sizeof(exthdr->flags);
+               return &exthdr->flags;
        }
        return NULL;
 }
@@ -107,6 +114,7 @@ static int nftnl_expr_exthdr_cb(const struct nlattr *attr, void *data)
        case NFTA_EXTHDR_OFFSET:
        case NFTA_EXTHDR_LEN:
        case NFTA_EXTHDR_OP:
+       case NFTA_EXTHDR_FLAGS:
                if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
                        abi_breakage();
                break;
@@ -131,6 +139,8 @@ nftnl_expr_exthdr_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
                mnl_attr_put_u32(nlh, NFTA_EXTHDR_LEN, htonl(exthdr->len));
        if (e->flags & (1 << NFTNL_EXPR_EXTHDR_OP))
                mnl_attr_put_u32(nlh, NFTA_EXTHDR_OP, htonl(exthdr->op));
+       if (e->flags & (1 << NFTNL_EXPR_EXTHDR_FLAGS))
+               mnl_attr_put_u32(nlh, NFTA_EXTHDR_FLAGS, htonl(exthdr->flags));
 }
 
 static int
@@ -162,6 +172,10 @@ nftnl_expr_exthdr_parse(struct nftnl_expr *e, struct nlattr *attr)
                exthdr->op = ntohl(mnl_attr_get_u32(tb[NFTA_EXTHDR_OP]));
                e->flags |= (1 << NFTNL_EXPR_EXTHDR_OP);
        }
+       if (tb[NFTA_EXTHDR_FLAGS]) {
+               exthdr->flags = ntohl(mnl_attr_get_u32(tb[NFTA_EXTHDR_FLAGS]));
+               e->flags |= (1 << NFTNL_EXPR_EXTHDR_FLAGS);
+       }
 
        return 0;
 }
@@ -252,6 +266,9 @@ nftnl_expr_exthdr_json_parse(struct nftnl_expr *e, json_t *root,
        if (nftnl_jansson_parse_val(root, "op", NFTNL_TYPE_U32, &uval32, err) == 0)
                nftnl_expr_set_u32(e, NFTNL_EXPR_EXTHDR_OP, uval32);
 
+       if (nftnl_jansson_parse_val(root, "flags", NFTNL_TYPE_U32, &uval32, err) == 0)
+               nftnl_expr_set_u32(e, NFTNL_EXPR_EXTHDR_FLAGS, uval32);
+
        return 0;
 #else
        errno = EOPNOTSUPP;