table: Add support for NFTA_TABLE_USE attribute

author Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>

Thu, 12 Dec 2013 13:12:59 +0000 (15:12 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 17 Dec 2013 13:44:48 +0000 (14:44 +0100)
author Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Thu, 12 Dec 2013 13:12:59 +0000 (15:12 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 17 Dec 2013 13:44:48 +0000 (14:44 +0100)
diff --git a/include/libnftables/table.h b/include/libnftables/table.h

index be60da91fbeacfccd2afb3743c47b753219ec59d..1d2be07157a083a6962002a5864a5d71898b709d 100644 (file)
--- a/include/libnftables/table.h
+++ b/include/libnftables/table.h
@@ -21,6 +21,7 @@ enum {
         NFT_TABLE_ATTR_NAME     = 0,
         NFT_TABLE_ATTR_FAMILY,
         NFT_TABLE_ATTR_FLAGS,
+       NFT_TABLE_ATTR_USE,
  };
  
  bool nft_table_attr_is_set(const struct nft_table *t, uint16_t attr);
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h

index b58990e130013e59aef41dce0486efe7e4e6b8d5..f79ce77660f5115f19606d197d751c19e4df674f 100644 (file)
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -95,6 +95,7 @@ enum nft_table_attributes {
         NFTA_TABLE_UNSPEC,
         NFTA_TABLE_NAME,
         NFTA_TABLE_FLAGS,
+       NFTA_TABLE_USE,
         __NFTA_TABLE_MAX
  };
  #define NFTA_TABLE_MAX         (__NFTA_TABLE_MAX - 1)
diff --git a/src/table.c b/src/table.c

index 9e20768325eb40d8961167da7d2f4bde2ee69763..ba84264180a06f08607db426687871db196e2a79 100644 (file)
--- a/src/table.c
+++ b/src/table.c
@@ -31,6 +31,7 @@ struct nft_table {
         const char      *name;
         uint8_t         family;
         uint32_t        table_flags;
+       uint32_t        use;
         uint32_t        flags;
  };
  
@@ -70,6 +71,9 @@ void nft_table_attr_unset(struct nft_table *t, uint16_t attr)
         case NFT_TABLE_ATTR_FLAGS:
         case NFT_TABLE_ATTR_FAMILY:
                 break;
+       case NFT_TABLE_ATTR_USE:
+               /* Cannot be unset, ignoring it */
+               return;
         }
         t->flags &= ~(1 << attr);
  }
@@ -93,6 +97,9 @@ void nft_table_attr_set(struct nft_table *t, uint16_t attr, const void *data)
                 t->family = *((uint8_t *)data);
                 t->flags |= (1 << NFT_TABLE_ATTR_FAMILY);
                 break;
+       case NFT_TABLE_ATTR_USE:
+               /* Cannot be unset, ignoring it */
+               break;
         }
  }
  EXPORT_SYMBOL(nft_table_attr_set);
@@ -127,6 +134,8 @@ const void *nft_table_attr_get(struct nft_table *t, uint16_t attr)
                 return &t->table_flags;
         case NFT_TABLE_ATTR_FAMILY:
                 return &t->family;
+       case NFT_TABLE_ATTR_USE:
+               return &t->use;
         }
         return NULL;
  }
@@ -182,6 +191,12 @@ static int nft_table_parse_attr_cb(const struct nlattr *attr, void *data)
                         return MNL_CB_ERROR;
                 }
                 break;
+       case NFTA_TABLE_USE:
+               if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) {
+                       perror("mnl_attr_validate");
+                       return MNL_CB_ERROR;
+               }
+               break;
         }
  
         tb[type] = attr;
@@ -202,6 +217,10 @@ int nft_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_table *t)
                 t->table_flags = ntohl(mnl_attr_get_u32(tb[NFTA_TABLE_FLAGS]));
                 t->flags |= (1 << NFT_TABLE_ATTR_FLAGS);
         }
+       if (tb[NFTA_TABLE_USE]) {
+               t->use = ntohl(mnl_attr_get_u32(tb[NFTA_TABLE_USE]));
+               t->flags |= (1 << NFT_TABLE_ATTR_USE);
+       }
  
         t->family = nfg->nfgen_family;
         t->flags |= (1 << NFT_TABLE_ATTR_FAMILY);
@@ -344,23 +363,27 @@ static int nft_table_snprintf_json(char *buf, size_t size, struct nft_table *t)
                         "{\"table\":{"
                         "\"name\":\"%s\","
                         "\"family\":\"%s\","
-                       "\"flags\":%d"
+                       "\"flags\":%d,"
+                       "\"use\":%d"
                         "}"
                         "}" ,
-                       t->name, nft_family2str(t->family), t->table_flags);
+                       t->name, nft_family2str(t->family),
+                       t->table_flags, t->use);
  }
  
  static int nft_table_snprintf_xml(char *buf, size_t size, struct nft_table *t)
  {
         return snprintf(buf, size, "<table><name>%s</name><family>%s</family>"
-                       "<flags>%d</flags></table>",
-                       t->name, nft_family2str(t->family), t->table_flags);
+                       "<flags>%d</flags><use>%d</use></table>",
+                       t->name, nft_family2str(t->family),
+                       t->table_flags, t->use);
  }
  
  static int nft_table_snprintf_default(char *buf, size_t size, struct nft_table *t)
  {
-       return snprintf(buf, size, "table %s %s flags %x",
-                       t->name, nft_family2str(t->family), t->table_flags);
+       return snprintf(buf, size, "table %s %s flags %x use %d",
+                       t->name, nft_family2str(t->family),
+                       t->table_flags, t->use);
  }
  
  int nft_table_snprintf(char *buf, size_t size, struct nft_table *t,
author	Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
	Thu, 12 Dec 2013 13:12:59 +0000 (15:12 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 17 Dec 2013 13:44:48 +0000 (14:44 +0100)
include/libnftables/table.h		patch \| blob \| blame \| history
include/linux/netfilter/nf_tables.h		patch \| blob \| blame \| history
src/table.c		patch \| blob \| blame \| history