Hello community, here is the log from the commit of package libnftnl for openSUSE:Factory checked in at 2019-12-07 15:15:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libnftnl (Old) and /work/SRC/openSUSE:Factory/.libnftnl.new.4691 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libnftnl" Sat Dec 7 15:15:35 2019 rev:16 rq:752975 version:1.1.5 Changes: -------- --- /work/SRC/openSUSE:Factory/libnftnl/libnftnl.changes 2019-08-27 15:21:36.548834136 +0200 +++ /work/SRC/openSUSE:Factory/.libnftnl.new.4691/libnftnl.changes 2019-12-07 15:16:53.727783035 +0100 @@ -1,0 +2,7 @@ +Mon Dec 2 15:45:50 UTC 2019 - Jan Engelhardt <[email protected]> + +- Update to release 1.1.5 + * flowtable: add support for handle attribute + * obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data() + +------------------------------------------------------------------- Old: ---- libnftnl-1.1.4.tar.bz2 libnftnl-1.1.4.tar.bz2.sig New: ---- libnftnl-1.1.5.tar.bz2 libnftnl-1.1.5.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libnftnl.spec ++++++ --- /var/tmp/diff_new_pack.F0Uw2J/_old 2019-12-07 15:16:55.999782713 +0100 +++ /var/tmp/diff_new_pack.F0Uw2J/_new 2019-12-07 15:16:56.003782713 +0100 @@ -1,7 +1,7 @@ # # spec file for package libnftnl # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: libnftnl %define lname libnftnl11 -Version: 1.1.4 +Version: 1.1.5 Release: 0 Summary: Userspace library to access the nftables Netlink interface License: GPL-2.0-or-later ++++++ libnftnl-1.1.4.tar.bz2 -> libnftnl-1.1.5.tar.bz2 ++++++ ++++ 1706 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/Make_global.am new/libnftnl-1.1.5/Make_global.am --- old/libnftnl-1.1.4/Make_global.am 2019-08-19 11:18:14.303010167 +0200 +++ new/libnftnl-1.1.5/Make_global.am 2019-12-02 14:50:29.190748052 +0100 @@ -18,7 +18,7 @@ # set age to 0. # </snippet> # -LIBVERSION=12:0:1 +LIBVERSION=13:0:2 AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_srcdir}/include ${LIBMNL_CFLAGS} ${LIBMXML_CFLAGS} AM_CFLAGS = ${regular_CFLAGS} ${GCC_FVISIBILITY_HIDDEN} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/configure.ac new/libnftnl-1.1.5/configure.ac --- old/libnftnl-1.1.4/configure.ac 2019-08-19 11:18:14.303010167 +0200 +++ new/libnftnl-1.1.5/configure.ac 2019-12-02 14:50:29.190748052 +0100 @@ -1,6 +1,6 @@ dnl Process this file with autoconf to create configure. -AC_INIT([libnftnl], [1.1.4]) +AC_INIT([libnftnl], [1.1.5]) AC_CONFIG_AUX_DIR([build-aux]) AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/include/data_reg.h new/libnftnl-1.1.5/include/data_reg.h --- old/libnftnl-1.1.4/include/data_reg.h 2019-08-19 11:18:14.307010158 +0200 +++ new/libnftnl-1.1.5/include/data_reg.h 2019-12-02 14:50:29.194748048 +0100 @@ -19,7 +19,7 @@ uint32_t len; }; struct { - int verdict; + uint32_t verdict; const char *chain; }; }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/include/libnftnl/chain.h new/libnftnl-1.1.5/include/libnftnl/chain.h --- old/libnftnl-1.1.4/include/libnftnl/chain.h 2019-08-19 11:18:14.307010158 +0200 +++ new/libnftnl-1.1.5/include/libnftnl/chain.h 2019-12-02 14:50:29.194748048 +0100 @@ -31,13 +31,14 @@ NFTNL_CHAIN_HANDLE, NFTNL_CHAIN_TYPE, NFTNL_CHAIN_DEV, + NFTNL_CHAIN_DEVICES, __NFTNL_CHAIN_MAX }; #define NFTNL_CHAIN_MAX (__NFTNL_CHAIN_MAX - 1) bool nftnl_chain_is_set(const struct nftnl_chain *c, uint16_t attr); void nftnl_chain_unset(struct nftnl_chain *c, uint16_t attr); -void nftnl_chain_set(struct nftnl_chain *t, uint16_t attr, const void *data); +void nftnl_chain_set(struct nftnl_chain *t, uint16_t attr, const void *data) __attribute__((deprecated)); int nftnl_chain_set_data(struct nftnl_chain *t, uint16_t attr, const void *data, uint32_t data_len); void nftnl_chain_set_u8(struct nftnl_chain *t, uint16_t attr, uint8_t data); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/include/libnftnl/flowtable.h new/libnftnl-1.1.5/include/libnftnl/flowtable.h --- old/libnftnl-1.1.4/include/libnftnl/flowtable.h 2019-08-19 11:18:14.307010158 +0200 +++ new/libnftnl-1.1.5/include/libnftnl/flowtable.h 2019-12-02 14:50:29.194748048 +0100 @@ -27,17 +27,19 @@ NFTNL_FLOWTABLE_DEVICES, NFTNL_FLOWTABLE_SIZE, NFTNL_FLOWTABLE_FLAGS, + NFTNL_FLOWTABLE_HANDLE, __NFTNL_FLOWTABLE_MAX }; #define NFTNL_FLOWTABLE_MAX (__NFTNL_FLOWTABLE_MAX - 1) bool nftnl_flowtable_is_set(const struct nftnl_flowtable *c, uint16_t attr); void nftnl_flowtable_unset(struct nftnl_flowtable *c, uint16_t attr); -void nftnl_flowtable_set(struct nftnl_flowtable *t, uint16_t attr, const void *data); +void nftnl_flowtable_set(struct nftnl_flowtable *t, uint16_t attr, const void *data) __attribute__((deprecated)); int nftnl_flowtable_set_data(struct nftnl_flowtable *t, uint16_t attr, const void *data, uint32_t data_len); void nftnl_flowtable_set_u32(struct nftnl_flowtable *t, uint16_t attr, uint32_t data); void nftnl_flowtable_set_s32(struct nftnl_flowtable *t, uint16_t attr, int32_t data); +void nftnl_flowtable_set_u64(struct nftnl_flowtable *t, uint16_t attr, uint64_t data); int nftnl_flowtable_set_str(struct nftnl_flowtable *t, uint16_t attr, const char *str); void nftnl_flowtable_set_array(struct nftnl_flowtable *t, uint16_t attr, const char **data); @@ -47,6 +49,7 @@ const char *nftnl_flowtable_get_str(const struct nftnl_flowtable *c, uint16_t attr); uint32_t nftnl_flowtable_get_u32(const struct nftnl_flowtable *c, uint16_t attr); int32_t nftnl_flowtable_get_s32(const struct nftnl_flowtable *c, uint16_t attr); +uint64_t nftnl_flowtable_get_u64(const struct nftnl_flowtable *c, uint16_t attr); const char **nftnl_flowtable_get_array(const struct nftnl_flowtable *t, uint16_t attr); struct nlmsghdr; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/include/libnftnl/gen.h new/libnftnl-1.1.5/include/libnftnl/gen.h --- old/libnftnl-1.1.4/include/libnftnl/gen.h 2019-08-19 11:18:14.307010158 +0200 +++ new/libnftnl-1.1.5/include/libnftnl/gen.h 2019-12-02 14:50:29.194748048 +0100 @@ -25,7 +25,7 @@ bool nftnl_gen_is_set(const struct nftnl_gen *gen, uint16_t attr); void nftnl_gen_unset(struct nftnl_gen *gen, uint16_t attr); -int nftnl_gen_set(struct nftnl_gen *gen, uint16_t attr, const void *data); +int nftnl_gen_set(struct nftnl_gen *gen, uint16_t attr, const void *data) __attribute__((deprecated)); int nftnl_gen_set_data(struct nftnl_gen *gen, uint16_t attr, const void *data, uint32_t data_len); const void *nftnl_gen_get(const struct nftnl_gen *gen, uint16_t attr); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/include/libnftnl/object.h new/libnftnl-1.1.5/include/libnftnl/object.h --- old/libnftnl-1.1.4/include/libnftnl/object.h 2019-08-19 11:18:14.307010158 +0200 +++ new/libnftnl-1.1.5/include/libnftnl/object.h 2019-12-02 14:50:29.194748048 +0100 @@ -87,6 +87,12 @@ }; enum { + NFTNL_OBJ_SYNPROXY_MSS = NFTNL_OBJ_BASE, + NFTNL_OBJ_SYNPROXY_WSCALE, + NFTNL_OBJ_SYNPROXY_FLAGS, +}; + +enum { NFTNL_OBJ_TUNNEL_ID = NFTNL_OBJ_BASE, NFTNL_OBJ_TUNNEL_IPV4_SRC, NFTNL_OBJ_TUNNEL_IPV4_DST, @@ -118,7 +124,7 @@ void nftnl_obj_unset(struct nftnl_obj *ne, uint16_t attr); void nftnl_obj_set_data(struct nftnl_obj *ne, uint16_t attr, const void *data, uint32_t data_len); -void nftnl_obj_set(struct nftnl_obj *ne, uint16_t attr, const void *data); +void nftnl_obj_set(struct nftnl_obj *ne, uint16_t attr, const void *data) __attribute__((deprecated)); void nftnl_obj_set_u8(struct nftnl_obj *ne, uint16_t attr, uint8_t val); void nftnl_obj_set_u16(struct nftnl_obj *ne, uint16_t attr, uint16_t val); void nftnl_obj_set_u32(struct nftnl_obj *ne, uint16_t attr, uint32_t val); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/include/libnftnl/rule.h new/libnftnl-1.1.5/include/libnftnl/rule.h --- old/libnftnl-1.1.4/include/libnftnl/rule.h 2019-08-19 11:18:14.307010158 +0200 +++ new/libnftnl-1.1.5/include/libnftnl/rule.h 2019-12-02 14:50:29.194748048 +0100 @@ -35,7 +35,7 @@ void nftnl_rule_unset(struct nftnl_rule *r, uint16_t attr); bool nftnl_rule_is_set(const struct nftnl_rule *r, uint16_t attr); -int nftnl_rule_set(struct nftnl_rule *r, uint16_t attr, const void *data); +int nftnl_rule_set(struct nftnl_rule *r, uint16_t attr, const void *data) __attribute__((deprecated)); int nftnl_rule_set_data(struct nftnl_rule *r, uint16_t attr, const void *data, uint32_t data_len); void nftnl_rule_set_u32(struct nftnl_rule *r, uint16_t attr, uint32_t val); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/include/libnftnl/set.h new/libnftnl-1.1.5/include/libnftnl/set.h --- old/libnftnl-1.1.4/include/libnftnl/set.h 2019-08-19 11:18:14.307010158 +0200 +++ new/libnftnl-1.1.5/include/libnftnl/set.h 2019-12-02 14:50:29.194748048 +0100 @@ -42,7 +42,7 @@ bool nftnl_set_is_set(const struct nftnl_set *s, uint16_t attr); void nftnl_set_unset(struct nftnl_set *s, uint16_t attr); -int nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data); +int nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data) __attribute__((deprecated)); int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data, uint32_t data_len); void nftnl_set_set_u32(struct nftnl_set *s, uint16_t attr, uint32_t val); @@ -75,6 +75,8 @@ void nftnl_set_list_add_tail(struct nftnl_set *s, struct nftnl_set_list *list); void nftnl_set_list_del(struct nftnl_set *s); int nftnl_set_list_foreach(struct nftnl_set_list *set_list, int (*cb)(struct nftnl_set *t, void *data), void *data); +struct nftnl_set *nftnl_set_list_lookup_byname(struct nftnl_set_list *set_list, + const char *set); struct nftnl_set_list_iter; struct nftnl_set_list_iter *nftnl_set_list_iter_create(const struct nftnl_set_list *l); @@ -102,7 +104,9 @@ NFTNL_SET_ELEM_USERDATA, NFTNL_SET_ELEM_EXPR, NFTNL_SET_ELEM_OBJREF, + __NFTNL_SET_ELEM_MAX }; +#define NFTNL_SET_ELEM_MAX (__NFTNL_SET_ELEM_MAX - 1) struct nftnl_set_elem; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/include/libnftnl/table.h new/libnftnl-1.1.5/include/libnftnl/table.h --- old/libnftnl-1.1.4/include/libnftnl/table.h 2019-08-19 11:18:14.307010158 +0200 +++ new/libnftnl-1.1.5/include/libnftnl/table.h 2019-12-02 14:50:29.194748048 +0100 @@ -29,7 +29,7 @@ bool nftnl_table_is_set(const struct nftnl_table *t, uint16_t attr); void nftnl_table_unset(struct nftnl_table *t, uint16_t attr); -void nftnl_table_set(struct nftnl_table *t, uint16_t attr, const void *data); +void nftnl_table_set(struct nftnl_table *t, uint16_t attr, const void *data) __attribute__((deprecated)); int nftnl_table_set_data(struct nftnl_table *t, uint16_t attr, const void *data, uint32_t data_len); const void *nftnl_table_get(const struct nftnl_table *t, uint16_t attr); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/include/linux/netfilter/nf_tables.h new/libnftnl-1.1.5/include/linux/netfilter/nf_tables.h --- old/libnftnl-1.1.4/include/linux/netfilter/nf_tables.h 2019-08-19 11:18:14.307010158 +0200 +++ new/libnftnl-1.1.5/include/linux/netfilter/nf_tables.h 2019-12-02 14:50:29.194748048 +0100 @@ -144,12 +144,14 @@ * @NFTA_HOOK_HOOKNUM: netfilter hook number (NLA_U32) * @NFTA_HOOK_PRIORITY: netfilter hook priority (NLA_U32) * @NFTA_HOOK_DEV: netdevice name (NLA_STRING) + * @NFTA_HOOK_DEVS: list of netdevices (NLA_NESTED) */ enum nft_hook_attributes { NFTA_HOOK_UNSPEC, NFTA_HOOK_HOOKNUM, NFTA_HOOK_PRIORITY, NFTA_HOOK_DEV, + NFTA_HOOK_DEVS, __NFTA_HOOK_MAX }; #define NFTA_HOOK_MAX (__NFTA_HOOK_MAX - 1) @@ -636,6 +638,7 @@ enum nft_dynset_ops { NFT_DYNSET_OP_ADD, NFT_DYNSET_OP_UPDATE, + NFT_DYNSET_OP_DELETE, }; enum nft_dynset_flags { @@ -799,6 +802,9 @@ * @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind) * @NFT_META_BRI_IIFPVID: packet input bridge port pvid * @NFT_META_BRI_IIFVPROTO: packet input bridge vlan proto + * @NFT_META_TIME_NS: time since epoch (in nanoseconds) + * @NFT_META_TIME_DAY: day of week (from 0 = Sunday to 6 = Saturday) + * @NFT_META_TIME_HOUR: hour of day (in seconds) */ enum nft_meta_keys { NFT_META_LEN, @@ -831,6 +837,9 @@ NFT_META_OIFKIND, NFT_META_BRI_IIFPVID, NFT_META_BRI_IIFVPROTO, + NFT_META_TIME_NS, + NFT_META_TIME_DAY, + NFT_META_TIME_HOUR, }; /** @@ -1474,7 +1483,8 @@ #define NFT_OBJECT_CT_TIMEOUT 7 #define NFT_OBJECT_SECMARK 8 #define NFT_OBJECT_CT_EXPECT 9 -#define __NFT_OBJECT_MAX 10 +#define NFT_OBJECT_SYNPROXY 10 +#define __NFT_OBJECT_MAX 11 #define NFT_OBJECT_MAX (__NFT_OBJECT_MAX - 1) /** @@ -1508,7 +1518,6 @@ * @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32) * @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32) * @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64) - * @NFTA_FLOWTABLE_SIZE: maximum size (NLA_U32) * @NFTA_FLOWTABLE_FLAGS: flags (NLA_U32) */ enum nft_flowtable_attributes { @@ -1519,7 +1528,6 @@ NFTA_FLOWTABLE_USE, NFTA_FLOWTABLE_HANDLE, NFTA_FLOWTABLE_PAD, - NFTA_FLOWTABLE_SIZE, NFTA_FLOWTABLE_FLAGS, __NFTA_FLOWTABLE_MAX }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/include/obj.h new/libnftnl-1.1.5/include/obj.h --- old/libnftnl-1.1.4/include/obj.h 2019-08-19 11:18:14.311010150 +0200 +++ new/libnftnl-1.1.5/include/obj.h 2019-12-02 14:50:29.194748048 +0100 @@ -56,6 +56,11 @@ uint32_t type; uint32_t flags; } limit; + struct nftnl_obj_synproxy { + uint16_t mss; + uint8_t wscale; + uint32_t flags; + } synproxy; struct nftnl_obj_tunnel { uint32_t id; uint32_t src_v4; @@ -108,6 +113,7 @@ extern struct obj_ops obj_ops_ct_timeout; extern struct obj_ops obj_ops_ct_expect; extern struct obj_ops obj_ops_limit; +extern struct obj_ops obj_ops_synproxy; extern struct obj_ops obj_ops_tunnel; extern struct obj_ops obj_ops_secmark; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/include/set.h new/libnftnl-1.1.5/include/set.h --- old/libnftnl-1.1.4/include/set.h 2019-08-19 11:18:14.311010150 +0200 +++ new/libnftnl-1.1.5/include/set.h 2019-12-02 14:50:29.194748048 +0100 @@ -5,6 +5,7 @@ struct nftnl_set { struct list_head head; + struct hlist_node hnode; uint32_t family; uint32_t set_flags; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/include/utils.h new/libnftnl-1.1.5/include/utils.h --- old/libnftnl-1.1.4/include/utils.h 2019-08-19 11:18:14.311010150 +0200 +++ new/libnftnl-1.1.5/include/utils.h 2019-12-02 14:50:29.194748048 +0100 @@ -12,6 +12,7 @@ # define __visible __attribute__((visibility("default"))) # define EXPORT_SYMBOL(x) typeof(x) (x) __visible; #else +# define __visible # define EXPORT_SYMBOL #endif @@ -58,6 +59,14 @@ ret = remain; \ remain -= ret; \ + +#define BUILD_BUG_ON_ZERO(e) (sizeof(char[1 - 2 * !!(e)]) - 1) + +#define __must_be_array(a) \ + BUILD_BUG_ON_ZERO(__builtin_types_compatible_p(typeof(a), typeof(&a[0]))) + +#define array_size(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr)) + const char *nftnl_family2str(uint32_t family); int nftnl_str2family(const char *family); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/Makefile.am new/libnftnl-1.1.5/src/Makefile.am --- old/libnftnl-1.1.4/src/Makefile.am 2019-08-19 11:18:14.311010150 +0200 +++ new/libnftnl-1.1.5/src/Makefile.am 2019-12-02 14:50:29.194748048 +0100 @@ -64,6 +64,7 @@ obj/quota.c \ obj/tunnel.c \ obj/limit.c \ + obj/synproxy.c \ obj/ct_timeout.c \ obj/secmark.c \ obj/ct_expect.c \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/chain.c new/libnftnl-1.1.5/src/chain.c --- old/libnftnl-1.1.4/src/chain.c 2019-08-19 11:18:14.311010150 +0200 +++ new/libnftnl-1.1.5/src/chain.c 2019-12-02 14:50:29.194748048 +0100 @@ -38,6 +38,8 @@ const char *type; const char *table; const char *dev; + const char **dev_array; + int dev_array_len; uint32_t family; uint32_t policy; uint32_t hooknum; @@ -109,6 +111,7 @@ void nftnl_chain_free(const struct nftnl_chain *c) { struct nftnl_rule *r, *tmp; + int i; list_for_each_entry_safe(r, tmp, &c->rule_list, head) nftnl_rule_free(r); @@ -121,6 +124,12 @@ xfree(c->type); if (c->flags & (1 << NFTNL_CHAIN_DEV)) xfree(c->dev); + if (c->flags & (1 << NFTNL_CHAIN_DEVICES)) { + for (i = 0; i < c->dev_array_len; i++) + xfree(c->dev_array[i]); + + xfree(c->dev_array); + } xfree(c); } @@ -133,6 +142,8 @@ EXPORT_SYMBOL(nftnl_chain_unset); void nftnl_chain_unset(struct nftnl_chain *c, uint16_t attr) { + int i; + if (!(c->flags & (1 << attr))) return; @@ -159,6 +170,11 @@ case NFTNL_CHAIN_DEV: xfree(c->dev); break; + case NFTNL_CHAIN_DEVICES: + for (i = 0; i < c->dev_array_len; i++) + xfree(c->dev_array[i]); + xfree(c->dev_array); + break; default: return; } @@ -180,6 +196,9 @@ int nftnl_chain_set_data(struct nftnl_chain *c, uint16_t attr, const void *data, uint32_t data_len) { + const char **dev_array; + int len = 0, i; + nftnl_assert_attr_exists(attr, NFTNL_CHAIN_MAX); nftnl_assert_validate(data, nftnl_chain_validate, attr, data_len); @@ -240,12 +259,32 @@ if (!c->dev) return -1; break; + case NFTNL_CHAIN_DEVICES: + dev_array = (const char **)data; + while (dev_array[len] != NULL) + len++; + + if (c->flags & (1 << NFTNL_CHAIN_DEVICES)) { + for (i = 0; i < c->dev_array_len; i++) + xfree(c->dev_array[i]); + xfree(c->dev_array); + } + + c->dev_array = calloc(len + 1, sizeof(char *)); + if (!c->dev_array) + return -1; + + for (i = 0; i < len; i++) + c->dev_array[i] = strdup(dev_array[i]); + + c->dev_array_len = len; + break; } c->flags |= (1 << attr); return 0; } -EXPORT_SYMBOL(nftnl_chain_set); +void nftnl_chain_set(struct nftnl_chain *c, uint16_t attr, const void *data) __visible; void nftnl_chain_set(struct nftnl_chain *c, uint16_t attr, const void *data) { nftnl_chain_set_data(c, attr, data, nftnl_chain_validate[attr]); @@ -325,6 +364,8 @@ case NFTNL_CHAIN_DEV: *data_len = strlen(c->dev) + 1; return c->dev; + case NFTNL_CHAIN_DEVICES: + return &c->dev_array[0]; } return NULL; } @@ -389,6 +430,8 @@ EXPORT_SYMBOL(nftnl_chain_nlmsg_build_payload); void nftnl_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nftnl_chain *c) { + int i; + if (c->flags & (1 << NFTNL_CHAIN_TABLE)) mnl_attr_put_strz(nlh, NFTA_CHAIN_TABLE, c->table); if (c->flags & (1 << NFTNL_CHAIN_NAME)) @@ -402,6 +445,15 @@ mnl_attr_put_u32(nlh, NFTA_HOOK_PRIORITY, htonl(c->prio)); if (c->flags & (1 << NFTNL_CHAIN_DEV)) mnl_attr_put_strz(nlh, NFTA_HOOK_DEV, c->dev); + else if (c->flags & (1 << NFTNL_CHAIN_DEVICES)) { + struct nlattr *nest_dev; + + nest_dev = mnl_attr_nest_start(nlh, NFTA_HOOK_DEVS); + for (i = 0; i < c->dev_array_len; i++) + mnl_attr_put_strz(nlh, NFTA_DEVICE_NAME, + c->dev_array[i]); + mnl_attr_nest_end(nlh, nest_dev); + } mnl_attr_nest_end(nlh, nest); } if (c->flags & (1 << NFTNL_CHAIN_POLICY)) @@ -551,9 +603,46 @@ return MNL_CB_OK; } +static int nftnl_chain_parse_devs(struct nlattr *nest, struct nftnl_chain *c) +{ + const char **dev_array; + int len = 0, size = 8; + struct nlattr *attr; + + dev_array = calloc(8, sizeof(char *)); + if (!dev_array) + return -1; + + mnl_attr_for_each_nested(attr, nest) { + if (mnl_attr_get_type(attr) != NFTA_DEVICE_NAME) + goto err; + dev_array[len++] = strdup(mnl_attr_get_str(attr)); + if (len >= size) { + dev_array = realloc(dev_array, + size * 2 * sizeof(char *)); + if (!dev_array) + goto err; + + size *= 2; + memset(&dev_array[len], 0, + (size - len) * sizeof(char *)); + } + } + + c->dev_array = dev_array; + c->dev_array_len = len; + + return 0; +err: + while (len--) + xfree(dev_array[len]); + return -1; +} + static int nftnl_chain_parse_hook(struct nlattr *attr, struct nftnl_chain *c) { struct nlattr *tb[NFTA_HOOK_MAX+1] = {}; + int ret; if (mnl_attr_parse_nested(attr, nftnl_chain_parse_hook_cb, tb) < 0) return -1; @@ -572,6 +661,12 @@ return -1; c->flags |= (1 << NFTNL_CHAIN_DEV); } + if (tb[NFTA_HOOK_DEVS]) { + ret = nftnl_chain_parse_devs(tb[NFTA_HOOK_DEVS], c); + if (ret < 0) + return -1; + c->flags |= (1 << NFTNL_CHAIN_DEVICES); + } return 0; } @@ -653,7 +748,7 @@ static int nftnl_chain_snprintf_default(char *buf, size_t size, const struct nftnl_chain *c) { - int ret, remain = size, offset = 0; + int ret, remain = size, offset = 0, i; ret = snprintf(buf, remain, "%s %s %s use %u", nftnl_family2str(c->family), c->table, c->name, c->use); @@ -681,6 +776,18 @@ c->dev); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } + if (c->flags & (1 << NFTNL_CHAIN_DEVICES)) { + ret = snprintf(buf + offset, remain, " dev { "); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); + + for (i = 0; i < c->dev_array_len; i++) { + ret = snprintf(buf + offset, remain, " %s ", + c->dev_array[i]); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); + } + ret = snprintf(buf + offset, remain, " } "); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); + } } return offset; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/expr/dynset.c new/libnftnl-1.1.5/src/expr/dynset.c --- old/libnftnl-1.1.4/src/expr/dynset.c 2019-08-19 11:18:14.311010150 +0200 +++ new/libnftnl-1.1.5/src/expr/dynset.c 2019-12-02 14:50:29.198748044 +0100 @@ -208,11 +208,12 @@ static const char *op2str_array[] = { [NFT_DYNSET_OP_ADD] = "add", [NFT_DYNSET_OP_UPDATE] = "update", + [NFT_DYNSET_OP_DELETE] = "delete", }; static const char *op2str(enum nft_dynset_ops op) { - if (op > NFT_DYNSET_OP_UPDATE) + if (op > NFT_DYNSET_OP_DELETE) return "unknown"; return op2str_array[op]; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/expr/meta.c new/libnftnl-1.1.5/src/expr/meta.c --- old/libnftnl-1.1.4/src/expr/meta.c 2019-08-19 11:18:14.311010150 +0200 +++ new/libnftnl-1.1.5/src/expr/meta.c 2019-12-02 14:50:29.198748044 +0100 @@ -22,7 +22,7 @@ #include <libnftnl/rule.h> #ifndef NFT_META_MAX -#define NFT_META_MAX (NFT_META_BRI_IIFVPROTO + 1) +#define NFT_META_MAX (NFT_META_TIME_HOUR + 1) #endif struct nftnl_expr_meta { @@ -163,6 +163,9 @@ [NFT_META_OIFKIND] = "oifkind", [NFT_META_BRI_IIFPVID] = "bri_iifpvid", [NFT_META_BRI_IIFVPROTO] = "bri_iifvproto", + [NFT_META_TIME_NS] = "time", + [NFT_META_TIME_DAY] = "day", + [NFT_META_TIME_HOUR] = "hour", }; static const char *meta_key2str(uint8_t key) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/flowtable.c new/libnftnl-1.1.5/src/flowtable.c --- old/libnftnl-1.1.4/src/flowtable.c 2019-08-19 11:18:14.315010142 +0200 +++ new/libnftnl-1.1.5/src/flowtable.c 2019-12-02 14:50:29.198748044 +0100 @@ -32,14 +32,16 @@ uint32_t ft_flags; uint32_t use; uint32_t flags; + uint64_t handle; }; +EXPORT_SYMBOL(nftnl_flowtable_alloc); struct nftnl_flowtable *nftnl_flowtable_alloc(void) { return calloc(1, sizeof(struct nftnl_flowtable)); } -EXPORT_SYMBOL(nftnl_flowtable_alloc); +EXPORT_SYMBOL(nftnl_flowtable_free); void nftnl_flowtable_free(const struct nftnl_flowtable *c) { int i; @@ -56,14 +58,14 @@ } xfree(c); } -EXPORT_SYMBOL(nftnl_flowtable_free); +EXPORT_SYMBOL(nftnl_flowtable_is_set); bool nftnl_flowtable_is_set(const struct nftnl_flowtable *c, uint16_t attr) { return c->flags & (1 << attr); } -EXPORT_SYMBOL(nftnl_flowtable_is_set); +EXPORT_SYMBOL(nftnl_flowtable_unset); void nftnl_flowtable_unset(struct nftnl_flowtable *c, uint16_t attr) { int i; @@ -83,6 +85,7 @@ case NFTNL_FLOWTABLE_USE: case NFTNL_FLOWTABLE_FAMILY: case NFTNL_FLOWTABLE_FLAGS: + case NFTNL_FLOWTABLE_HANDLE: break; case NFTNL_FLOWTABLE_DEVICES: for (i = 0; i < c->dev_array_len; i++) @@ -95,15 +98,16 @@ c->flags &= ~(1 << attr); } -EXPORT_SYMBOL(nftnl_flowtable_unset); static uint32_t nftnl_flowtable_validate[NFTNL_FLOWTABLE_MAX + 1] = { [NFTNL_FLOWTABLE_HOOKNUM] = sizeof(uint32_t), [NFTNL_FLOWTABLE_PRIO] = sizeof(int32_t), [NFTNL_FLOWTABLE_FAMILY] = sizeof(uint32_t), [NFTNL_FLOWTABLE_FLAGS] = sizeof(uint32_t), + [NFTNL_FLOWTABLE_HANDLE] = sizeof(uint64_t), }; +EXPORT_SYMBOL(nftnl_flowtable_set_data); int nftnl_flowtable_set_data(struct nftnl_flowtable *c, uint16_t attr, const void *data, uint32_t data_len) { @@ -165,36 +169,45 @@ case NFTNL_FLOWTABLE_FLAGS: memcpy(&c->ft_flags, data, sizeof(c->ft_flags)); break; + case NFTNL_FLOWTABLE_HANDLE: + memcpy(&c->handle, data, sizeof(c->handle)); + break; } c->flags |= (1 << attr); return 0; } -EXPORT_SYMBOL(nftnl_flowtable_set_data); +void nftnl_flowtable_set(struct nftnl_flowtable *c, uint16_t attr, const void *data) __visible; void nftnl_flowtable_set(struct nftnl_flowtable *c, uint16_t attr, const void *data) { nftnl_flowtable_set_data(c, attr, data, nftnl_flowtable_validate[attr]); } -EXPORT_SYMBOL(nftnl_flowtable_set); +EXPORT_SYMBOL(nftnl_flowtable_set_u32); void nftnl_flowtable_set_u32(struct nftnl_flowtable *c, uint16_t attr, uint32_t data) { nftnl_flowtable_set_data(c, attr, &data, sizeof(uint32_t)); } -EXPORT_SYMBOL(nftnl_flowtable_set_u32); +EXPORT_SYMBOL(nftnl_flowtable_set_s32); void nftnl_flowtable_set_s32(struct nftnl_flowtable *c, uint16_t attr, int32_t data) { nftnl_flowtable_set_data(c, attr, &data, sizeof(int32_t)); } -EXPORT_SYMBOL(nftnl_flowtable_set_s32); +EXPORT_SYMBOL(nftnl_flowtable_set_str); int nftnl_flowtable_set_str(struct nftnl_flowtable *c, uint16_t attr, const char *str) { return nftnl_flowtable_set_data(c, attr, str, strlen(str) + 1); } -EXPORT_SYMBOL(nftnl_flowtable_set_str); +EXPORT_SYMBOL(nftnl_flowtable_set_u64); +void nftnl_flowtable_set_u64(struct nftnl_flowtable *c, uint16_t attr, uint64_t data) +{ + nftnl_flowtable_set_data(c, attr, &data, sizeof(uint64_t)); +} + +EXPORT_SYMBOL(nftnl_flowtable_get_data); const void *nftnl_flowtable_get_data(const struct nftnl_flowtable *c, uint16_t attr, uint32_t *data_len) { @@ -225,24 +238,27 @@ case NFTNL_FLOWTABLE_FLAGS: *data_len = sizeof(int32_t); return &c->ft_flags; + case NFTNL_FLOWTABLE_HANDLE: + *data_len = sizeof(uint64_t); + return &c->handle; } return NULL; } -EXPORT_SYMBOL(nftnl_flowtable_get_data); +EXPORT_SYMBOL(nftnl_flowtable_get); const void *nftnl_flowtable_get(const struct nftnl_flowtable *c, uint16_t attr) { uint32_t data_len; return nftnl_flowtable_get_data(c, attr, &data_len); } -EXPORT_SYMBOL(nftnl_flowtable_get); +EXPORT_SYMBOL(nftnl_flowtable_get_str); const char *nftnl_flowtable_get_str(const struct nftnl_flowtable *c, uint16_t attr) { return nftnl_flowtable_get(c, attr); } -EXPORT_SYMBOL(nftnl_flowtable_get_str); +EXPORT_SYMBOL(nftnl_flowtable_get_u32); uint32_t nftnl_flowtable_get_u32(const struct nftnl_flowtable *c, uint16_t attr) { uint32_t data_len = 0; @@ -252,8 +268,19 @@ return val ? *val : 0; } -EXPORT_SYMBOL(nftnl_flowtable_get_u32); +EXPORT_SYMBOL(nftnl_flowtable_get_u64); +uint64_t nftnl_flowtable_get_u64(const struct nftnl_flowtable *c, uint16_t attr) +{ + uint32_t data_len = 0; + const uint64_t *val = nftnl_flowtable_get_data(c, attr, &data_len); + + nftnl_assert(val, attr, data_len == sizeof(uint64_t)); + + return val ? *val : 0; +} + +EXPORT_SYMBOL(nftnl_flowtable_get_s32); int32_t nftnl_flowtable_get_s32(const struct nftnl_flowtable *c, uint16_t attr) { uint32_t data_len = 0; @@ -263,8 +290,8 @@ return val ? *val : 0; } -EXPORT_SYMBOL(nftnl_flowtable_get_s32); +EXPORT_SYMBOL(nftnl_flowtable_nlmsg_build_payload); void nftnl_flowtable_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nftnl_flowtable *c) { @@ -297,10 +324,9 @@ mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_FLAGS, htonl(c->ft_flags)); if (c->flags & (1 << NFTNL_FLOWTABLE_USE)) mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_USE, htonl(c->use)); - if (c->flags & (1 << NFTNL_FLOWTABLE_SIZE)) - mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_SIZE, htonl(c->size)); + if (c->flags & (1 << NFTNL_FLOWTABLE_HANDLE)) + mnl_attr_put_u64(nlh, NFTA_FLOWTABLE_HANDLE, htobe64(c->handle)); } -EXPORT_SYMBOL(nftnl_flowtable_nlmsg_build_payload); static int nftnl_flowtable_parse_attr_cb(const struct nlattr *attr, void *data) { @@ -325,6 +351,10 @@ if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) abi_breakage(); break; + case NFTA_FLOWTABLE_HANDLE: + if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0) + abi_breakage(); + break; } tb[type] = attr; @@ -358,30 +388,33 @@ static int nftnl_flowtable_parse_devs(struct nlattr *nest, struct nftnl_flowtable *c) { + const char **dev_array; + int len = 0, size = 8; struct nlattr *attr; - char *dev_array[8]; - int len = 0, i; + + dev_array = calloc(8, sizeof(char *)); + if (!dev_array) + return -1; mnl_attr_for_each_nested(attr, nest) { if (mnl_attr_get_type(attr) != NFTA_DEVICE_NAME) goto err; dev_array[len++] = strdup(mnl_attr_get_str(attr)); - if (len >= 8) - break; + if (len >= size) { + dev_array = realloc(dev_array, + size * 2 * sizeof(char *)); + if (!dev_array) + goto err; + + size *= 2; + memset(&dev_array[len], 0, + (size - len) * sizeof(char *)); + } } - if (!len) - return -1; - - c->dev_array = calloc(len + 1, sizeof(char *)); - if (!c->dev_array) - goto err; - + c->dev_array = dev_array; c->dev_array_len = len; - for (i = 0; i < len; i++) - c->dev_array[i] = dev_array[i]; - return 0; err: while (len--) @@ -415,6 +448,7 @@ return 0; } +EXPORT_SYMBOL(nftnl_flowtable_nlmsg_parse); int nftnl_flowtable_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_flowtable *c) { struct nlattr *tb[NFTA_FLOWTABLE_MAX + 1] = {}; @@ -453,9 +487,9 @@ c->use = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_USE])); c->flags |= (1 << NFTNL_FLOWTABLE_USE); } - if (tb[NFTA_FLOWTABLE_SIZE]) { - c->size = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_SIZE])); - c->flags |= (1 << NFTNL_FLOWTABLE_SIZE); + if (tb[NFTA_FLOWTABLE_HANDLE]) { + c->handle = be64toh(mnl_attr_get_u64(tb[NFTA_FLOWTABLE_HANDLE])); + c->flags |= (1 << NFTNL_FLOWTABLE_HANDLE); } c->family = nfg->nfgen_family; @@ -463,7 +497,6 @@ return ret; } -EXPORT_SYMBOL(nftnl_flowtable_nlmsg_parse); static const char *nftnl_hooknum2str(int family, int hooknum) { @@ -516,14 +549,15 @@ return -1; } +EXPORT_SYMBOL(nftnl_flowtable_parse); int nftnl_flowtable_parse(struct nftnl_flowtable *c, enum nftnl_parse_type type, const char *data, struct nftnl_parse_err *err) { errno = EOPNOTSUPP; return -1; } -EXPORT_SYMBOL(nftnl_flowtable_parse); +EXPORT_SYMBOL(nftnl_flowtable_parse_file); int nftnl_flowtable_parse_file(struct nftnl_flowtable *c, enum nftnl_parse_type type, FILE *fp, struct nftnl_parse_err *err) @@ -531,7 +565,6 @@ errno = EOPNOTSUPP; return -1; } -EXPORT_SYMBOL(nftnl_flowtable_parse_file); static int nftnl_flowtable_snprintf_default(char *buf, size_t size, const struct nftnl_flowtable *c) @@ -587,6 +620,7 @@ return offset; } +EXPORT_SYMBOL(nftnl_flowtable_snprintf); int nftnl_flowtable_snprintf(char *buf, size_t size, const struct nftnl_flowtable *c, uint32_t type, uint32_t flags) { @@ -596,7 +630,6 @@ return nftnl_flowtable_cmd_snprintf(buf, size, c, nftnl_flag2cmd(flags), type, flags); } -EXPORT_SYMBOL(nftnl_flowtable_snprintf); static int nftnl_flowtable_do_snprintf(char *buf, size_t size, const void *c, uint32_t cmd, uint32_t type, uint32_t flags) @@ -604,18 +637,19 @@ return nftnl_flowtable_snprintf(buf, size, c, type, flags); } +EXPORT_SYMBOL(nftnl_flowtable_fprintf); int nftnl_flowtable_fprintf(FILE *fp, const struct nftnl_flowtable *c, uint32_t type, uint32_t flags) { return nftnl_fprintf(fp, c, NFTNL_CMD_UNSPEC, type, flags, nftnl_flowtable_do_snprintf); } -EXPORT_SYMBOL(nftnl_flowtable_fprintf); struct nftnl_flowtable_list { struct list_head list; }; +EXPORT_SYMBOL(nftnl_flowtable_list_alloc); struct nftnl_flowtable_list *nftnl_flowtable_list_alloc(void) { struct nftnl_flowtable_list *list; @@ -628,8 +662,8 @@ return list; } -EXPORT_SYMBOL(nftnl_flowtable_list_alloc); +EXPORT_SYMBOL(nftnl_flowtable_list_free); void nftnl_flowtable_list_free(struct nftnl_flowtable_list *list) { struct nftnl_flowtable *s, *tmp; @@ -640,34 +674,34 @@ } xfree(list); } -EXPORT_SYMBOL(nftnl_flowtable_list_free); +EXPORT_SYMBOL(nftnl_flowtable_list_is_empty); int nftnl_flowtable_list_is_empty(const struct nftnl_flowtable_list *list) { return list_empty(&list->list); } -EXPORT_SYMBOL(nftnl_flowtable_list_is_empty); +EXPORT_SYMBOL(nftnl_flowtable_list_add); void nftnl_flowtable_list_add(struct nftnl_flowtable *s, struct nftnl_flowtable_list *list) { list_add(&s->head, &list->list); } -EXPORT_SYMBOL(nftnl_flowtable_list_add); +EXPORT_SYMBOL(nftnl_flowtable_list_add_tail); void nftnl_flowtable_list_add_tail(struct nftnl_flowtable *s, struct nftnl_flowtable_list *list) { list_add_tail(&s->head, &list->list); } -EXPORT_SYMBOL(nftnl_flowtable_list_add_tail); +EXPORT_SYMBOL(nftnl_flowtable_list_del); void nftnl_flowtable_list_del(struct nftnl_flowtable *s) { list_del(&s->head); } -EXPORT_SYMBOL(nftnl_flowtable_list_del); +EXPORT_SYMBOL(nftnl_flowtable_list_foreach); int nftnl_flowtable_list_foreach(struct nftnl_flowtable_list *flowtable_list, int (*cb)(struct nftnl_flowtable *t, void *data), void *data) { @@ -681,4 +715,3 @@ } return 0; } -EXPORT_SYMBOL(nftnl_flowtable_list_foreach); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/gen.c new/libnftnl-1.1.5/src/gen.c --- old/libnftnl-1.1.4/src/gen.c 2019-08-19 11:18:14.315010142 +0200 +++ new/libnftnl-1.1.5/src/gen.c 2019-12-02 14:50:29.198748044 +0100 @@ -80,7 +80,7 @@ return 0; } -EXPORT_SYMBOL(nftnl_gen_set); +int nftnl_gen_set(struct nftnl_gen *gen, uint16_t attr, const void *data) __visible; int nftnl_gen_set(struct nftnl_gen *gen, uint16_t attr, const void *data) { return nftnl_gen_set_data(gen, attr, data, nftnl_gen_validate[attr]); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/libnftnl.map new/libnftnl-1.1.5/src/libnftnl.map --- old/libnftnl-1.1.4/src/libnftnl.map 2019-08-19 11:18:14.315010142 +0200 +++ new/libnftnl-1.1.5/src/libnftnl.map 2019-12-02 14:50:29.198748044 +0100 @@ -314,10 +314,12 @@ nftnl_flowtable_set_u32; nftnl_flowtable_set_s32; nftnl_flowtable_set_str; + nftnl_flowtable_set_u64; nftnl_flowtable_get; nftnl_flowtable_get_u32; nftnl_flowtable_get_s32; nftnl_flowtable_get_str; + nftnl_flowtable_get_u64; nftnl_flowtable_parse; nftnl_flowtable_parse_file; nftnl_flowtable_snprintf; @@ -351,3 +353,9 @@ nftnl_chain_list_lookup_byname; nftnl_rule_lookup_byindex; } LIBNFTNL_11; + +LIBNFTNL_13 { + nftnl_set_list_lookup_byname; + nftnl_obj_set_data; + nftnl_flowtable_set_data; +} LIBNFTNL_12; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/obj/ct_timeout.c new/libnftnl-1.1.5/src/obj/ct_timeout.c --- old/libnftnl-1.1.4/src/obj/ct_timeout.c 2019-08-19 11:18:14.315010142 +0200 +++ new/libnftnl-1.1.5/src/obj/ct_timeout.c 2019-12-02 14:50:29.202748040 +0100 @@ -108,15 +108,15 @@ if (mnl_attr_type_valid(attr, data_cb->nlattr_max) < 0) return MNL_CB_OK; - if (type <= data_cb->nlattr_max) { + if (type > 0 && type <= data_cb->nlattr_max) { if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) abi_breakage(); - tb[type] = attr; + tb[type - 1] = attr; } return MNL_CB_OK; } -static void +static int timeout_parse_attr_data(struct nftnl_obj *e, const struct nlattr *nest) { @@ -131,14 +131,16 @@ memset(tb, 0, sizeof(struct nlattr *) * attr_max); - mnl_attr_parse_nested(nest, parse_timeout_attr_policy_cb, &cnt); + if (mnl_attr_parse_nested(nest, parse_timeout_attr_policy_cb, &cnt) < 0) + return -1; - for (i = 1; i <= attr_max; i++) { + for (i = 0; i < array_size(tb); i++) { if (tb[i]) { - nftnl_timeout_policy_attr_set_u32(e, i-1, + nftnl_timeout_policy_attr_set_u32(e, i, ntohl(mnl_attr_get_u32(tb[i]))); } } + return 0; } static int nftnl_obj_ct_timeout_set(struct nftnl_obj *e, uint16_t type, @@ -248,7 +250,8 @@ e->flags |= (1 << NFTNL_OBJ_CT_TIMEOUT_L4PROTO); } if (tb[NFTA_CT_TIMEOUT_DATA]) { - timeout_parse_attr_data(e, tb[NFTA_CT_TIMEOUT_DATA]); + if (timeout_parse_attr_data(e, tb[NFTA_CT_TIMEOUT_DATA]) < 0) + return -1; e->flags |= (1 << NFTNL_OBJ_CT_TIMEOUT_ARRAY); } return 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/obj/synproxy.c new/libnftnl-1.1.5/src/obj/synproxy.c --- old/libnftnl-1.1.4/src/obj/synproxy.c 1970-01-01 01:00:00.000000000 +0100 +++ new/libnftnl-1.1.5/src/obj/synproxy.c 2019-12-02 14:50:29.202748040 +0100 @@ -0,0 +1,161 @@ +#include <stdio.h> +#include <stdint.h> +#include <arpa/inet.h> +#include <errno.h> +#include <inttypes.h> + +#include <linux/netfilter/nf_tables.h> + +#include "internal.h" +#include <libmnl/libmnl.h> +#include <libnftnl/object.h> + +#include "obj.h" + +static int nftnl_obj_synproxy_set(struct nftnl_obj *e, uint16_t type, + const void *data, uint32_t data_len) +{ + struct nftnl_obj_synproxy *synproxy = nftnl_obj_data(e); + + switch (type) { + case NFTNL_OBJ_SYNPROXY_MSS: + synproxy->mss = *((uint16_t *)data); + break; + case NFTNL_OBJ_SYNPROXY_WSCALE: + synproxy->wscale = *((uint8_t *)data); + break; + case NFTNL_OBJ_SYNPROXY_FLAGS: + synproxy->flags = *((uint32_t *)data); + break; + default: + return -1; + } + return 0; +} + +static const void *nftnl_obj_synproxy_get(const struct nftnl_obj *e, + uint16_t type, uint32_t *data_len) +{ + struct nftnl_obj_synproxy *synproxy = nftnl_obj_data(e); + + switch (type) { + case NFTNL_OBJ_SYNPROXY_MSS: + *data_len = sizeof(synproxy->mss); + return &synproxy->mss; + case NFTNL_OBJ_SYNPROXY_WSCALE: + *data_len = sizeof(synproxy->wscale); + return &synproxy->wscale; + case NFTNL_OBJ_SYNPROXY_FLAGS: + *data_len = sizeof(synproxy->flags); + return &synproxy->flags; + } + return NULL; +} + +static int nftnl_obj_synproxy_cb(const struct nlattr *attr, void *data) +{ + int type = mnl_attr_get_type(attr); + const struct nlattr **tb = data; + + if (mnl_attr_type_valid(attr, NFTA_SYNPROXY_MAX) < 0) + return MNL_CB_OK; + + switch (type) { + case NFTA_SYNPROXY_MSS: + if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) + abi_breakage(); + break; + case NFTA_SYNPROXY_WSCALE: + if (mnl_attr_validate(attr, MNL_TYPE_U8) < 0) + abi_breakage(); + break; + case NFTA_SYNPROXY_FLAGS: + if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) + abi_breakage(); + break; + } + + tb[type] = attr; + return MNL_CB_OK; +} + +static void nftnl_obj_synproxy_build(struct nlmsghdr *nlh, + const struct nftnl_obj *e) +{ + struct nftnl_obj_synproxy *synproxy = nftnl_obj_data(e); + + if (e->flags & (1 << NFTNL_OBJ_SYNPROXY_MSS)) + mnl_attr_put_u16(nlh, NFTA_SYNPROXY_MSS, htons(synproxy->mss)); + if (e->flags & (1 << NFTNL_OBJ_SYNPROXY_WSCALE)) + mnl_attr_put_u8(nlh, NFTA_SYNPROXY_WSCALE, synproxy->wscale); + if (e->flags & (1 << NFTNL_OBJ_SYNPROXY_FLAGS)) + mnl_attr_put_u32(nlh, NFTA_SYNPROXY_FLAGS, + htonl(synproxy->flags)); +} + +static int nftnl_obj_synproxy_parse(struct nftnl_obj *e, struct nlattr *attr) +{ + struct nftnl_obj_synproxy *synproxy = nftnl_obj_data(e); + struct nlattr *tb[NFTA_SYNPROXY_MAX + 1] = {}; + + if (mnl_attr_parse_nested(attr, nftnl_obj_synproxy_cb, tb) < 0) + return -1; + + if (tb[NFTA_SYNPROXY_MSS]) { + synproxy->mss = ntohs(mnl_attr_get_u16(tb[NFTA_SYNPROXY_MSS])); + e->flags |= (1 << NFTNL_OBJ_SYNPROXY_MSS); + } + if (tb[NFTA_SYNPROXY_WSCALE]) { + synproxy->wscale = mnl_attr_get_u8(tb[NFTA_SYNPROXY_WSCALE]); + e->flags |= (1 << NFTNL_OBJ_SYNPROXY_WSCALE); + } + if (tb[NFTA_SYNPROXY_FLAGS]) { + synproxy->flags = ntohl(mnl_attr_get_u32(tb[NFTA_SYNPROXY_FLAGS])); + e->flags |= (1 << NFTNL_OBJ_SYNPROXY_FLAGS); + } + + return 0; +} + +static int nftnl_obj_synproxy_snprintf_default(char *buf, size_t size, + const struct nftnl_obj *e) +{ + struct nftnl_obj_synproxy *synproxy = nftnl_obj_data(e); + int ret, offset = 0, len = size; + + if (e->flags & (1 << NFTNL_OBJ_SYNPROXY_MSS) && + e->flags & (1 << NFTNL_OBJ_SYNPROXY_WSCALE)) { + ret = snprintf(buf, len, "mss %u wscale %u ", synproxy->mss, + synproxy->wscale); + SNPRINTF_BUFFER_SIZE(ret, len, offset); + } + + return offset; +} + +static int nftnl_obj_synproxy_snprintf(char *buf, size_t len, uint32_t type, + uint32_t flags, + const struct nftnl_obj *e) +{ + switch (type) { + case NFTNL_OUTPUT_DEFAULT: + return nftnl_obj_synproxy_snprintf_default(buf, len, e); + case NFTNL_OUTPUT_XML: + case NFTNL_OUTPUT_JSON: + default: + break; + } + return -1; +} + +struct obj_ops obj_ops_synproxy = { + .name = "synproxy", + .type = NFT_OBJECT_SYNPROXY, + .alloc_len = sizeof(struct nftnl_obj_synproxy), + .max_attr = NFTA_SYNPROXY_MAX, + .set = nftnl_obj_synproxy_set, + .get = nftnl_obj_synproxy_get, + .parse = nftnl_obj_synproxy_parse, + .build = nftnl_obj_synproxy_build, + .snprintf = nftnl_obj_synproxy_snprintf, +}; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/obj/tunnel.c new/libnftnl-1.1.5/src/obj/tunnel.c --- old/libnftnl-1.1.4/src/obj/tunnel.c 2019-08-19 11:18:14.315010142 +0200 +++ new/libnftnl-1.1.5/src/obj/tunnel.c 2019-12-02 14:50:29.202748040 +0100 @@ -227,7 +227,7 @@ if (e->flags & (1 << NFTNL_OBJ_TUNNEL_ERSPAN_VERSION) && (e->flags & (1 << NFTNL_OBJ_TUNNEL_ERSPAN_V1_INDEX) || (e->flags & (1 << NFTNL_OBJ_TUNNEL_ERSPAN_V2_HWID) && - e->flags & (1 << NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR)))) { + e->flags & (1u << NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR)))) { struct nlattr *nest_inner; nest = mnl_attr_nest_start(nlh, NFTA_TUNNEL_KEY_OPTS); @@ -240,7 +240,7 @@ if (e->flags & (1 << NFTNL_OBJ_TUNNEL_ERSPAN_V2_HWID)) mnl_attr_put_u8(nlh, NFTA_TUNNEL_KEY_ERSPAN_V2_HWID, tun->u.tun_erspan.u.v2.hwid); - if (e->flags & (1 << NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR)) + if (e->flags & (1u << NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR)) mnl_attr_put_u8(nlh, NFTA_TUNNEL_KEY_ERSPAN_V2_DIR, tun->u.tun_erspan.u.v2.dir); mnl_attr_nest_end(nlh, nest_inner); @@ -430,7 +430,7 @@ if (tb[NFTA_TUNNEL_KEY_ERSPAN_V2_DIR]) { tun->u.tun_erspan.u.v2.dir = mnl_attr_get_u8(tb[NFTA_TUNNEL_KEY_ERSPAN_V2_DIR]); - e->flags |= (1 << NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR); + e->flags |= (1u << NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR); } return 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/object.c new/libnftnl-1.1.5/src/object.c --- old/libnftnl-1.1.4/src/object.c 2019-08-19 11:18:14.315010142 +0200 +++ new/libnftnl-1.1.5/src/object.c 2019-12-02 14:50:29.202748040 +0100 @@ -34,6 +34,7 @@ [NFT_OBJECT_CT_TIMEOUT] = &obj_ops_ct_timeout, [NFT_OBJECT_SECMARK] = &obj_ops_secmark, [NFT_OBJECT_CT_EXPECT] = &obj_ops_ct_expect, + [NFT_OBJECT_SYNPROXY] = &obj_ops_synproxy, }; static struct obj_ops *nftnl_obj_ops_lookup(uint32_t type) @@ -111,7 +112,7 @@ obj->flags |= (1 << attr); } -EXPORT_SYMBOL(nftnl_obj_set); +void nftnl_obj_set(struct nftnl_obj *obj, uint16_t attr, const void *data) __visible; void nftnl_obj_set(struct nftnl_obj *obj, uint16_t attr, const void *data) { nftnl_obj_set_data(obj, attr, data, nftnl_obj_validate[attr]); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/rule.c new/libnftnl-1.1.5/src/rule.c --- old/libnftnl-1.1.4/src/rule.c 2019-08-19 11:18:14.315010142 +0200 +++ new/libnftnl-1.1.5/src/rule.c 2019-12-02 14:50:29.202748040 +0100 @@ -168,7 +168,7 @@ return 0; } -EXPORT_SYMBOL(nftnl_rule_set); +int nftnl_rule_set(struct nftnl_rule *r, uint16_t attr, const void *data) __visible; int nftnl_rule_set(struct nftnl_rule *r, uint16_t attr, const void *data) { return nftnl_rule_set_data(r, attr, data, nftnl_rule_validate[attr]); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/set.c new/libnftnl-1.1.5/src/set.c --- old/libnftnl-1.1.4/src/set.c 2019-08-19 11:18:14.315010142 +0200 +++ new/libnftnl-1.1.5/src/set.c 2019-12-02 14:50:29.202748040 +0100 @@ -195,7 +195,7 @@ return 0; } -EXPORT_SYMBOL(nftnl_set_set); +int nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data) __visible; int nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data) { return nftnl_set_set_data(s, attr, data, nftnl_set_validate[attr]); @@ -204,13 +204,13 @@ EXPORT_SYMBOL(nftnl_set_set_u32); void nftnl_set_set_u32(struct nftnl_set *s, uint16_t attr, uint32_t val) { - nftnl_set_set(s, attr, &val); + nftnl_set_set_data(s, attr, &val, sizeof(uint32_t)); } EXPORT_SYMBOL(nftnl_set_set_u64); void nftnl_set_set_u64(struct nftnl_set *s, uint16_t attr, uint64_t val) { - nftnl_set_set(s, attr, &val); + nftnl_set_set_data(s, attr, &val, sizeof(uint64_t)); } EXPORT_SYMBOL(nftnl_set_set_str); @@ -715,20 +715,26 @@ list_add_tail(&elem->head, &s->element_list); } +#define SET_NAME_HSIZE 512 + struct nftnl_set_list { struct list_head list; + struct hlist_head name_hash[SET_NAME_HSIZE]; }; EXPORT_SYMBOL(nftnl_set_list_alloc); struct nftnl_set_list *nftnl_set_list_alloc(void) { struct nftnl_set_list *list; + int i; list = calloc(1, sizeof(struct nftnl_set_list)); if (list == NULL) return NULL; INIT_LIST_HEAD(&list->list); + for (i = 0; i < SET_NAME_HSIZE; i++) + INIT_HLIST_HEAD(&list->name_hash[i]); return list; } @@ -740,6 +746,7 @@ list_for_each_entry_safe(s, tmp, &list->list, head) { list_del(&s->head); + hlist_del(&s->hnode); nftnl_set_free(s); } xfree(list); @@ -751,15 +758,31 @@ return list_empty(&list->list); } +static uint32_t djb_hash(const char *key) +{ + uint32_t i, hash = 5381; + + for (i = 0; i < strlen(key); i++) + hash = ((hash << 5) + hash) + key[i]; + + return hash; +} + EXPORT_SYMBOL(nftnl_set_list_add); void nftnl_set_list_add(struct nftnl_set *s, struct nftnl_set_list *list) { + int key = djb_hash(s->name) % SET_NAME_HSIZE; + + hlist_add_head(&s->hnode, &list->name_hash[key]); list_add(&s->head, &list->list); } EXPORT_SYMBOL(nftnl_set_list_add_tail); void nftnl_set_list_add_tail(struct nftnl_set *s, struct nftnl_set_list *list) { + int key = djb_hash(s->name) % SET_NAME_HSIZE; + + hlist_add_head(&s->hnode, &list->name_hash[key]); list_add_tail(&s->head, &list->list); } @@ -767,6 +790,7 @@ void nftnl_set_list_del(struct nftnl_set *s) { list_del(&s->head); + hlist_del(&s->hnode); } EXPORT_SYMBOL(nftnl_set_list_foreach); @@ -837,28 +861,19 @@ xfree(iter); } -static struct nftnl_set *nftnl_set_lookup(const char *this_set_name, - struct nftnl_set_list *set_list) +EXPORT_SYMBOL(nftnl_set_list_lookup_byname); +struct nftnl_set * +nftnl_set_list_lookup_byname(struct nftnl_set_list *set_list, const char *set) { - struct nftnl_set_list_iter *iter; + int key = djb_hash(set) % SET_NAME_HSIZE; + struct hlist_node *n; struct nftnl_set *s; - const char *set_name; - - iter = nftnl_set_list_iter_create(set_list); - if (iter == NULL) - return NULL; - s = nftnl_set_list_iter_cur(iter); - while (s != NULL) { - set_name = nftnl_set_get_str(s, NFTNL_SET_NAME); - if (strcmp(this_set_name, set_name) == 0) - break; - - s = nftnl_set_list_iter_next(iter); + hlist_for_each_entry(s, n, &set_list->name_hash[key], hnode) { + if (!strcmp(set, s->name)) + return s; } - nftnl_set_list_iter_destroy(iter); - - return s; + return NULL; } int nftnl_set_lookup_id(struct nftnl_expr *e, @@ -871,7 +886,7 @@ if (set_name == NULL) return 0; - s = nftnl_set_lookup(set_name, set_list); + s = nftnl_set_list_lookup_byname(set_list, set_name); if (s == NULL) return 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/set_elem.c new/libnftnl-1.1.5/src/set_elem.c --- old/libnftnl-1.1.4/src/set_elem.c 2019-08-19 11:18:14.315010142 +0200 +++ new/libnftnl-1.1.5/src/set_elem.c 2019-12-02 14:50:29.202748040 +0100 @@ -96,10 +96,20 @@ s->flags &= ~(1 << attr); } +static uint32_t nftnl_set_elem_validate[NFTNL_SET_ELEM_MAX + 1] = { + [NFTNL_SET_ELEM_FLAGS] = sizeof(uint32_t), + [NFTNL_SET_ELEM_VERDICT] = sizeof(uint32_t), + [NFTNL_SET_ELEM_TIMEOUT] = sizeof(uint64_t), + [NFTNL_SET_ELEM_EXPIRATION] = sizeof(uint64_t), +}; + EXPORT_SYMBOL(nftnl_set_elem_set); int nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr, const void *data, uint32_t data_len) { + nftnl_assert_attr_exists(attr, NFTNL_SET_ELEM_MAX); + nftnl_assert_validate(data, nftnl_set_elem_validate, attr, data_len); + switch(attr) { case NFTNL_SET_ELEM_FLAGS: memcpy(&s->set_elem_flags, data, sizeof(s->set_elem_flags)); @@ -149,7 +159,7 @@ break; } s->flags |= (1 << attr); - return -1; + return 0; } EXPORT_SYMBOL(nftnl_set_elem_set_u32); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/src/table.c new/libnftnl-1.1.5/src/table.c --- old/libnftnl-1.1.4/src/table.c 2019-08-19 11:18:14.315010142 +0200 +++ new/libnftnl-1.1.5/src/table.c 2019-12-02 14:50:29.202748040 +0100 @@ -117,7 +117,7 @@ return 0; } -EXPORT_SYMBOL(nftnl_table_set); +void nftnl_table_set(struct nftnl_table *t, uint16_t attr, const void *data) __visible; void nftnl_table_set(struct nftnl_table *t, uint16_t attr, const void *data) { nftnl_table_set_data(t, attr, data, nftnl_table_validate[attr]); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnftnl-1.1.4/tests/nft-flowtable-test.c new/libnftnl-1.1.5/tests/nft-flowtable-test.c --- old/libnftnl-1.1.4/tests/nft-flowtable-test.c 2019-08-19 11:18:14.319010133 +0200 +++ new/libnftnl-1.1.5/tests/nft-flowtable-test.c 2019-12-02 14:50:29.202748040 +0100 @@ -17,28 +17,31 @@ { if (strcmp(nftnl_flowtable_get_str(a, NFTNL_FLOWTABLE_NAME), nftnl_flowtable_get_str(b, NFTNL_FLOWTABLE_NAME)) != 0) - print_err("Chain name mismatches"); + print_err("Flowtable name mismatches"); if (strcmp(nftnl_flowtable_get_str(a, NFTNL_FLOWTABLE_TABLE), nftnl_flowtable_get_str(b, NFTNL_FLOWTABLE_TABLE)) != 0) - print_err("Chain table mismatches"); + print_err("Flowtable table mismatches"); if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_FAMILY) != nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_FAMILY)) - print_err("Chain family mismatches"); + print_err("Flowtable family mismatches"); if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_HOOKNUM) != nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_HOOKNUM)) - print_err("Chain hooknum mismatches"); + print_err("Flowtable hooknum mismatches"); if (nftnl_flowtable_get_s32(a, NFTNL_FLOWTABLE_PRIO) != nftnl_flowtable_get_s32(b, NFTNL_FLOWTABLE_PRIO)) - print_err("Chain Prio mismatches"); + print_err("Flowtable prio mismatches"); if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_USE) != nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_USE)) - print_err("Chain use mismatches"); + print_err("Flowtable use mismatches"); if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_SIZE) != nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_SIZE)) - print_err("Chain use mismatches"); + print_err("Flowtable size mismatches"); if (nftnl_flowtable_get_u32(a, NFTNL_FLOWTABLE_FLAGS) != nftnl_flowtable_get_u32(b, NFTNL_FLOWTABLE_FLAGS)) - print_err("Chain use mismatches"); + print_err("Flowtable flags mismatches"); + if (nftnl_flowtable_get_u64(a, NFTNL_FLOWTABLE_HANDLE) != + nftnl_flowtable_get_u64(b, NFTNL_FLOWTABLE_HANDLE)) + print_err("Flowtable handle mismatches"); } int main(int argc, char *argv[]) @@ -60,6 +63,7 @@ nftnl_flowtable_set_u32(a, NFTNL_FLOWTABLE_USE, 0x78123456); nftnl_flowtable_set_u32(a, NFTNL_FLOWTABLE_SIZE, 0x89016745); nftnl_flowtable_set_u32(a, NFTNL_FLOWTABLE_FLAGS, 0x45016723); + nftnl_flowtable_set_u64(a, NFTNL_FLOWTABLE_HANDLE, 0x2345016789); nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWFLOWTABLE, AF_INET, 0, 1234);
