set_elem: add NFTNL_SET_ELEM_OBJREF attribute

This new attribute allows us to attach stateful objects to elements for
map lookups. This new attribute identifies the object through its name.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h
index 0c978d916e4e0a5c13ecfd4ecbcdd4988ed22937..4c59ab27946fb786c20defe51e101589e60dbdd7 100644 (file)
--- a/include/libnftnl/set.h
+++ b/include/libnftnl/set.h
@@ -96,6 +96,7 @@ enum {
        NFTNL_SET_ELEM_EXPIRATION,
        NFTNL_SET_ELEM_USERDATA,
        NFTNL_SET_ELEM_EXPR,
+       NFTNL_SET_ELEM_OBJREF,
 };
 
 struct nftnl_set_elem;

diff --git a/include/set_elem.h b/include/set_elem.h
index 60cecc939016f4ea62e0b1760f5d8982e8cdb2ad..d6244e60873a234636f4ab3d35815b3f758af9b6 100644 (file)
--- a/include/set_elem.h
+++ b/include/set_elem.h
@@ -12,6 +12,7 @@ struct nftnl_set_elem {
        uint32_t                flags;
        uint64_t                timeout;
        uint64_t                expiration;
+       const char              *objref;
        struct {
                void            *data;
                uint32_t        len;

diff --git a/src/set_elem.c b/src/set_elem.c
index 083c597e2f8e7c4b39c4b8cd5ffc307a4b61775f..fa8747641ee05841d88d33877c460d82d78c06bb 100644 (file)
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -50,6 +50,9 @@ void nftnl_set_elem_free(struct nftnl_set_elem *s)
        if (s->flags & (1 << NFTNL_SET_ELEM_USERDATA))
                xfree(s->user.data);
 
+       if (s->flags & (1 << NFTNL_SET_ELEM_OBJREF))
+               xfree(s->objref);
+
        xfree(s);
 }
 EXPORT_SYMBOL_ALIAS(nftnl_set_elem_free, nft_set_elem_free);
@@ -82,6 +85,9 @@ void nftnl_set_elem_unset(struct nftnl_set_elem *s, uint16_t attr)
        case NFTNL_SET_ELEM_EXPR:
                nftnl_expr_free(s->expr);
                break;
+       case NFTNL_SET_ELEM_OBJREF:
+               xfree(s->objref);
+               break;
        default:
                return;
        }
@@ -129,6 +135,14 @@ int nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr,
                memcpy(s->user.data, data, data_len);
                s->user.len = data_len;
                break;
+       case NFTNL_SET_ELEM_OBJREF:
+               if (s->flags & (1 << NFTNL_SET_ELEM_OBJREF))
+                       xfree(s->objref);
+
+               s->objref = strdup(data);
+               if (!s->objref)
+                       return -1;
+               break;
        }
        s->flags |= (1 << attr);
        return -1;
@@ -185,6 +199,9 @@ const void *nftnl_set_elem_get(struct nftnl_set_elem *s, uint16_t attr, uint32_t
                return s->user.data;
        case NFTNL_SET_ELEM_EXPR:
                return s->expr;
+       case NFTNL_SET_ELEM_OBJREF:
+               *data_len = strlen(s->objref) + 1;
+               return s->objref;
        }
        return NULL;
 }
@@ -271,6 +288,8 @@ void nftnl_set_elem_nlmsg_build_payload(struct nlmsghdr *nlh,
        }
        if (e->flags & (1 << NFTNL_SET_ELEM_USERDATA))
                mnl_attr_put(nlh, NFTA_SET_ELEM_USERDATA, e->user.len, e->user.data);
+       if (e->flags & (1 << NFTNL_SET_ELEM_OBJREF))
+               mnl_attr_put_strz(nlh, NFTA_SET_ELEM_OBJREF, e->objref);
 }
 
 static void nftnl_set_elem_nlmsg_build_def(struct nlmsghdr *nlh,
@@ -423,6 +442,14 @@ static int nftnl_set_elems_parse2(struct nftnl_set *s, const struct nlattr *nest
                memcpy(e->user.data, udata, e->user.len);
                e->flags |= (1 << NFTNL_RULE_USERDATA);
        }
+       if (tb[NFTA_SET_ELEM_OBJREF]) {
+               e->objref = strdup(mnl_attr_get_str(tb[NFTA_SET_ELEM_OBJREF]));
+               if (e->objref == NULL) {
+                       ret = -1;
+                       goto out_set_elem;
+               }
+               e->flags |= (1 << NFTNL_SET_ELEM_OBJREF);
+       }
 
        /* Add this new element to this set */
        list_add_tail(&e->head, &s->element_list);