netfilter
firewalling, NAT, and packet mangling for linux
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
Data Structures | Functions
rule.c File Reference
#include "internal.h"
#include <time.h>
#include <endian.h>
#include <stdint.h>
#include <stdlib.h>
#include <limits.h>
#include <string.h>
#include <netinet/in.h>
#include <errno.h>
#include <inttypes.h>
#include <ctype.h>
#include <libmnl/libmnl.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
#include <libnftnl/rule.h>
#include <libnftnl/set.h>
#include <libnftnl/expr.h>
#include "linux_list.h"
#include "expr_ops.h"
Include dependency graph for rule.c:

Data Structures

struct  nft_rule
 
struct  nft_rule_expr_iter
 
struct  nft_rule_list
 
struct  nft_rule_list_iter
 

Functions

struct nft_rulenft_rule_alloc (void)
 
 EXPORT_SYMBOL (nft_rule_alloc)
 
void nft_rule_free (struct nft_rule *r)
 
 EXPORT_SYMBOL (nft_rule_free)
 
bool nft_rule_attr_is_set (const struct nft_rule *r, uint16_t attr)
 
 EXPORT_SYMBOL (nft_rule_attr_is_set)
 
void nft_rule_attr_unset (struct nft_rule *r, uint16_t attr)
 
 EXPORT_SYMBOL (nft_rule_attr_unset)
 
void nft_rule_attr_set_data (struct nft_rule *r, uint16_t attr, const void *data, uint32_t data_len)
 
 EXPORT_SYMBOL (nft_rule_attr_set_data)
 
void nft_rule_attr_set (struct nft_rule *r, uint16_t attr, const void *data)
 
 EXPORT_SYMBOL (nft_rule_attr_set)
 
void nft_rule_attr_set_u32 (struct nft_rule *r, uint16_t attr, uint32_t val)
 
 EXPORT_SYMBOL (nft_rule_attr_set_u32)
 
void nft_rule_attr_set_u64 (struct nft_rule *r, uint16_t attr, uint64_t val)
 
 EXPORT_SYMBOL (nft_rule_attr_set_u64)
 
void nft_rule_attr_set_str (struct nft_rule *r, uint16_t attr, const char *str)
 
 EXPORT_SYMBOL (nft_rule_attr_set_str)
 
const void * nft_rule_attr_get_data (const struct nft_rule *r, uint16_t attr, uint32_t *data_len)
 
 EXPORT_SYMBOL (nft_rule_attr_get_data)
 
const void * nft_rule_attr_get (const struct nft_rule *r, uint16_t attr)
 
 EXPORT_SYMBOL (nft_rule_attr_get)
 
const char * nft_rule_attr_get_str (const struct nft_rule *r, uint16_t attr)
 
 EXPORT_SYMBOL (nft_rule_attr_get_str)
 
uint32_t nft_rule_attr_get_u32 (const struct nft_rule *r, uint16_t attr)
 
 EXPORT_SYMBOL (nft_rule_attr_get_u32)
 
uint64_t nft_rule_attr_get_u64 (const struct nft_rule *r, uint16_t attr)
 
 EXPORT_SYMBOL (nft_rule_attr_get_u64)
 
uint8_t nft_rule_attr_get_u8 (const struct nft_rule *r, uint16_t attr)
 
 EXPORT_SYMBOL (nft_rule_attr_get_u8)
 
void nft_rule_nlmsg_build_payload (struct nlmsghdr *nlh, struct nft_rule *r)
 
 EXPORT_SYMBOL (nft_rule_nlmsg_build_payload)
 
void nft_rule_add_expr (struct nft_rule *r, struct nft_rule_expr *expr)
 
 EXPORT_SYMBOL (nft_rule_add_expr)
 
int nft_rule_nlmsg_parse (const struct nlmsghdr *nlh, struct nft_rule *r)
 
 EXPORT_SYMBOL (nft_rule_nlmsg_parse)
 
int nft_rule_parse (struct nft_rule *r, enum nft_parse_type type, const char *data, struct nft_parse_err *err)
 
 EXPORT_SYMBOL (nft_rule_parse)
 
int nft_rule_parse_file (struct nft_rule *r, enum nft_parse_type type, FILE *fp, struct nft_parse_err *err)
 
 EXPORT_SYMBOL (nft_rule_parse_file)
 
int nft_rule_snprintf (char *buf, size_t size, struct nft_rule *r, uint32_t type, uint32_t flags)
 
 EXPORT_SYMBOL (nft_rule_snprintf)
 
int nft_rule_fprintf (FILE *fp, struct nft_rule *r, uint32_t type, uint32_t flags)
 
 EXPORT_SYMBOL (nft_rule_fprintf)
 
int nft_rule_expr_foreach (struct nft_rule *r, int(*cb)(struct nft_rule_expr *e, void *data), void *data)
 
 EXPORT_SYMBOL (nft_rule_expr_foreach)
 
struct nft_rule_expr_iternft_rule_expr_iter_create (struct nft_rule *r)
 
 EXPORT_SYMBOL (nft_rule_expr_iter_create)
 
struct nft_rule_exprnft_rule_expr_iter_next (struct nft_rule_expr_iter *iter)
 
 EXPORT_SYMBOL (nft_rule_expr_iter_next)
 
void nft_rule_expr_iter_destroy (struct nft_rule_expr_iter *iter)
 
 EXPORT_SYMBOL (nft_rule_expr_iter_destroy)
 
struct nft_rule_listnft_rule_list_alloc (void)
 
 EXPORT_SYMBOL (nft_rule_list_alloc)
 
void nft_rule_list_free (struct nft_rule_list *list)
 
 EXPORT_SYMBOL (nft_rule_list_free)
 
int nft_rule_list_is_empty (struct nft_rule_list *list)
 
 EXPORT_SYMBOL (nft_rule_list_is_empty)
 
void nft_rule_list_add (struct nft_rule *r, struct nft_rule_list *list)
 
 EXPORT_SYMBOL (nft_rule_list_add)
 
void nft_rule_list_add_tail (struct nft_rule *r, struct nft_rule_list *list)
 
 EXPORT_SYMBOL (nft_rule_list_add_tail)
 
void nft_rule_list_del (struct nft_rule *r)
 
 EXPORT_SYMBOL (nft_rule_list_del)
 
int nft_rule_list_foreach (struct nft_rule_list *rule_list, int(*cb)(struct nft_rule *r, void *data), void *data)
 
 EXPORT_SYMBOL (nft_rule_list_foreach)
 
struct nft_rule_list_iternft_rule_list_iter_create (struct nft_rule_list *l)
 
 EXPORT_SYMBOL (nft_rule_list_iter_create)
 
struct nft_rulenft_rule_list_iter_cur (struct nft_rule_list_iter *iter)
 
 EXPORT_SYMBOL (nft_rule_list_iter_cur)
 
struct nft_rulenft_rule_list_iter_next (struct nft_rule_list_iter *iter)
 
 EXPORT_SYMBOL (nft_rule_list_iter_next)
 
void nft_rule_list_iter_destroy (struct nft_rule_list_iter *iter)
 
 EXPORT_SYMBOL (nft_rule_list_iter_destroy)
 

Function Documentation

EXPORT_SYMBOL ( nft_rule_alloc  )
EXPORT_SYMBOL ( nft_rule_free  )
EXPORT_SYMBOL ( nft_rule_attr_is_set  )
EXPORT_SYMBOL ( nft_rule_attr_unset  )
EXPORT_SYMBOL ( nft_rule_attr_set_data  )
EXPORT_SYMBOL ( nft_rule_attr_set  )
EXPORT_SYMBOL ( nft_rule_attr_set_u32  )
EXPORT_SYMBOL ( nft_rule_attr_set_u64  )
EXPORT_SYMBOL ( nft_rule_attr_set_str  )
EXPORT_SYMBOL ( nft_rule_attr_get_data  )
EXPORT_SYMBOL ( nft_rule_attr_get  )
EXPORT_SYMBOL ( nft_rule_attr_get_str  )
EXPORT_SYMBOL ( nft_rule_attr_get_u32  )
EXPORT_SYMBOL ( nft_rule_attr_get_u64  )
EXPORT_SYMBOL ( nft_rule_attr_get_u8  )
EXPORT_SYMBOL ( nft_rule_nlmsg_build_payload  )
EXPORT_SYMBOL ( nft_rule_add_expr  )
EXPORT_SYMBOL ( nft_rule_nlmsg_parse  )
EXPORT_SYMBOL ( nft_rule_parse  )
EXPORT_SYMBOL ( nft_rule_parse_file  )
EXPORT_SYMBOL ( nft_rule_snprintf  )
EXPORT_SYMBOL ( nft_rule_fprintf  )
EXPORT_SYMBOL ( nft_rule_expr_foreach  )
EXPORT_SYMBOL ( nft_rule_expr_iter_create  )
EXPORT_SYMBOL ( nft_rule_expr_iter_next  )
EXPORT_SYMBOL ( nft_rule_expr_iter_destroy  )
EXPORT_SYMBOL ( nft_rule_list_alloc  )
EXPORT_SYMBOL ( nft_rule_list_free  )
EXPORT_SYMBOL ( nft_rule_list_is_empty  )
EXPORT_SYMBOL ( nft_rule_list_add  )
EXPORT_SYMBOL ( nft_rule_list_add_tail  )
EXPORT_SYMBOL ( nft_rule_list_del  )
EXPORT_SYMBOL ( nft_rule_list_foreach  )
EXPORT_SYMBOL ( nft_rule_list_iter_create  )
EXPORT_SYMBOL ( nft_rule_list_iter_cur  )
EXPORT_SYMBOL ( nft_rule_list_iter_next  )
EXPORT_SYMBOL ( nft_rule_list_iter_destroy  )
void nft_rule_add_expr ( struct nft_rule r,
struct nft_rule_expr expr 
)

References nft_rule::expr_list, and nft_rule_expr::head.

Referenced by add_bitwise_u16(), add_cmp_ptr(), add_counters(), add_jumpto(), add_match(), add_meta(), add_payload(), add_target(), and add_verdict().

Here is the caller graph for this function:

struct nft_rule* nft_rule_alloc ( void  )

References nft_rule::expr_list, INIT_LIST_HEAD, and NULL.

Referenced by alloc_nft_rule().

Here is the caller graph for this function:

const void* nft_rule_attr_get ( const struct nft_rule r,
uint16_t  attr 
)

References nft_rule_attr_get_data().

Referenced by nft_rule_attr_get_str().

Here is the call graph for this function:

Here is the caller graph for this function:

const void* nft_rule_attr_get_data ( const struct nft_rule r,
uint16_t  attr,
uint32_t *  data_len 
)

References nft_rule::chain, nft_rule::compat, nft_rule::data, nft_rule::family, nft_rule::flags, nft_rule::handle, nft_rule::len, NFT_RULE_ATTR_CHAIN, NFT_RULE_ATTR_COMPAT_FLAGS, NFT_RULE_ATTR_COMPAT_PROTO, NFT_RULE_ATTR_FAMILY, NFT_RULE_ATTR_HANDLE, NFT_RULE_ATTR_POSITION, NFT_RULE_ATTR_TABLE, NFT_RULE_ATTR_USERDATA, NULL, nft_rule::position, nft_rule::proto, nft_rule::table, and nft_rule::user.

Referenced by netlink_delinearize_rule(), nft_rule_attr_get(), nft_rule_attr_get_u32(), nft_rule_attr_get_u64(), and nft_rule_attr_get_u8().

Here is the caller graph for this function:

const char* nft_rule_attr_get_str ( const struct nft_rule r,
uint16_t  attr 
)

References nft_rule_attr_get().

Referenced by netlink_delinearize_rule(), nft_rule_print_save(), and nft_rule_save().

Here is the call graph for this function:

Here is the caller graph for this function:

uint32_t nft_rule_attr_get_u32 ( const struct nft_rule r,
uint16_t  attr 
)

References nft_assert, and nft_rule_attr_get_data().

Referenced by mnl_nft_rule_add(), mnl_nft_rule_batch_add(), mnl_nft_rule_batch_del(), mnl_nft_rule_delete(), netlink_delinearize_rule(), nft_rule_print_save(), nft_rule_to_arptables_command_state(), and nft_rule_to_iptables_command_state().

Here is the call graph for this function:

Here is the caller graph for this function:

uint64_t nft_rule_attr_get_u64 ( const struct nft_rule r,
uint16_t  attr 
)

References nft_assert, and nft_rule_attr_get_data().

Referenced by netlink_delinearize_rule(), nft_rule_insert(), nft_rule_replace(), and nft_rule_zero_counters().

Here is the call graph for this function:

Here is the caller graph for this function:

uint8_t nft_rule_attr_get_u8 ( const struct nft_rule r,
uint16_t  attr 
)

References nft_assert, and nft_rule_attr_get_data().

Here is the call graph for this function:

bool nft_rule_attr_is_set ( const struct nft_rule r,
uint16_t  attr 
)

References nft_rule::flags.

Referenced by netlink_delinearize_rule().

Here is the caller graph for this function:

void nft_rule_attr_set ( struct nft_rule r,
uint16_t  attr,
const void *  data 
)

References nft_rule_attr_set_data().

Referenced by nft_rule_append().

Here is the call graph for this function:

Here is the caller graph for this function:

void nft_rule_attr_set_data ( struct nft_rule r,
uint16_t  attr,
const void *  data,
uint32_t  data_len 
)

References nft_rule::chain, nft_rule::compat, nft_rule::data, nft_rule::family, nft_rule::flags, nft_rule::handle, nft_rule::len, nft_assert_validate, NFT_RULE_ATTR_CHAIN, NFT_RULE_ATTR_COMPAT_FLAGS, NFT_RULE_ATTR_COMPAT_PROTO, NFT_RULE_ATTR_FAMILY, NFT_RULE_ATTR_HANDLE, NFT_RULE_ATTR_MAX, NFT_RULE_ATTR_POSITION, NFT_RULE_ATTR_TABLE, NFT_RULE_ATTR_USERDATA, nft_rule::position, nft_rule::proto, nft_rule::table, nft_rule::user, and xfree.

Referenced by alloc_nft_rule(), nft_rule_attr_set(), nft_rule_attr_set_str(), nft_rule_attr_set_u32(), and nft_rule_attr_set_u64().

Here is the caller graph for this function:

void nft_rule_attr_set_str ( struct nft_rule r,
uint16_t  attr,
const char *  str 
)

References nft_rule_attr_set_data().

Referenced by alloc_nft_rule().

Here is the call graph for this function:

Here is the caller graph for this function:

void nft_rule_attr_set_u32 ( struct nft_rule r,
uint16_t  attr,
uint32_t  val 
)

References nft_rule_attr_set_data().

Referenced by add_compat(), and alloc_nft_rule().

Here is the call graph for this function:

Here is the caller graph for this function:

void nft_rule_attr_set_u64 ( struct nft_rule r,
uint16_t  attr,
uint64_t  val 
)

References nft_rule_attr_set_data().

Referenced by alloc_nft_rule().

Here is the call graph for this function:

Here is the caller graph for this function:

void nft_rule_attr_unset ( struct nft_rule r,
uint16_t  attr 
)

References nft_rule::chain, nft_rule::flags, NFT_RULE_ATTR_CHAIN, NFT_RULE_ATTR_COMPAT_FLAGS, NFT_RULE_ATTR_COMPAT_PROTO, NFT_RULE_ATTR_FAMILY, NFT_RULE_ATTR_HANDLE, NFT_RULE_ATTR_POSITION, NFT_RULE_ATTR_TABLE, NFT_RULE_ATTR_USERDATA, NULL, nft_rule::table, and xfree.

int nft_rule_expr_foreach ( struct nft_rule r,
int(*)(struct nft_rule_expr *e, void *data cb,
void *  data 
)

References nft_rule::expr_list, nft_rule_expr::head, and list_for_each_entry_safe.

Referenced by netlink_delinearize_rule().

Here is the caller graph for this function:

struct nft_rule_expr_iter* nft_rule_expr_iter_create ( struct nft_rule r)

References nft_rule_expr_iter::cur, nft_rule::expr_list, list_entry, list_head::next, NULL, and nft_rule_expr_iter::r.

Referenced by nft_rule_to_arptables_command_state(), and nft_rule_to_iptables_command_state().

Here is the caller graph for this function:

void nft_rule_expr_iter_destroy ( struct nft_rule_expr_iter iter)

References xfree.

Referenced by nft_rule_to_arptables_command_state(), and nft_rule_to_iptables_command_state().

Here is the caller graph for this function:

struct nft_rule_expr* nft_rule_expr_iter_next ( struct nft_rule_expr_iter iter)

References nft_rule_expr_iter::cur, nft_rule::expr_list, nft_rule_expr::head, list_entry, list_head::next, NULL, and nft_rule_expr_iter::r.

Referenced by nft_rule_to_arptables_command_state(), and nft_rule_to_iptables_command_state().

Here is the caller graph for this function:

int nft_rule_fprintf ( FILE *  fp,
struct nft_rule r,
uint32_t  type,
uint32_t  flags 
)

References nft_fprintf().

Here is the call graph for this function:

void nft_rule_free ( struct nft_rule r)

References nft_rule::chain, nft_rule::expr_list, nft_rule_expr::head, list_for_each_entry_safe, nft_rule_expr_free(), NULL, nft_rule::table, and xfree.

Referenced by netlink_add_rule_batch(), netlink_del_rule_batch(), nft_rule_append(), and nft_rule_list_free().

Here is the call graph for this function:

Here is the caller graph for this function:

void nft_rule_list_add ( struct nft_rule r,
struct nft_rule_list list 
)

References nft_rule::head, and nft_rule_list::list.

void nft_rule_list_add_tail ( struct nft_rule r,
struct nft_rule_list list 
)

References nft_rule::head, and nft_rule_list::list.

struct nft_rule_list* nft_rule_list_alloc ( void  )

References INIT_LIST_HEAD, nft_rule_list::list, and NULL.

Referenced by mnl_nft_rule_dump(), and mnl_rule_dump().

Here is the caller graph for this function:

void nft_rule_list_del ( struct nft_rule r)

References nft_rule::head.

int nft_rule_list_foreach ( struct nft_rule_list rule_list,
int(*)(struct nft_rule *r, void *data cb,
void *  data 
)

References nft_rule::head, nft_rule_list::list, and list_for_each_entry_safe.

void nft_rule_list_free ( struct nft_rule_list list)

References nft_rule::head, nft_rule_list::list, list_for_each_entry_safe, nft_rule_free(), and xfree.

Referenced by mnl_nft_rule_dump(), mnl_rule_dump(), nft_rule_list_destroy(), nft_rule_save(), nft_ruleset_attr_unset(), and nft_ruleset_free().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_rule_list_is_empty ( struct nft_rule_list list)

References nft_rule_list::list.

Referenced by nft_ruleset_fprintf().

Here is the caller graph for this function:

struct nft_rule_list_iter* nft_rule_list_iter_create ( struct nft_rule_list l)

References nft_rule_list_iter::cur, nft_rule_list::list, nft_rule_list_iter::list, list_entry, list_head::next, and NULL.

Referenced by nft_rule_save().

Here is the caller graph for this function:

struct nft_rule* nft_rule_list_iter_cur ( struct nft_rule_list_iter iter)

References nft_rule_list_iter::cur.

void nft_rule_list_iter_destroy ( struct nft_rule_list_iter iter)

References xfree.

Referenced by nft_rule_save().

Here is the caller graph for this function:

struct nft_rule* nft_rule_list_iter_next ( struct nft_rule_list_iter iter)

References nft_rule_list_iter::cur, nft_rule::head, nft_rule_list::list, nft_rule_list_iter::list, list_entry, list_head::next, and NULL.

Referenced by nft_rule_save().

Here is the caller graph for this function:

void nft_rule_nlmsg_build_payload ( struct nlmsghdr nlh,
struct nft_rule r 
)

References nft_rule::chain, nft_rule::compat, nft_rule::data, nft_rule::expr_list, nft_rule::flags, nft_rule::handle, htobe64, nft_rule::len, list_for_each_entry, mnl_attr_nest_end(), mnl_attr_nest_start(), mnl_attr_put(), mnl_attr_put_strz(), mnl_attr_put_u32(), mnl_attr_put_u64(), NFT_RULE_ATTR_CHAIN, NFT_RULE_ATTR_COMPAT_FLAGS, NFT_RULE_ATTR_COMPAT_PROTO, NFT_RULE_ATTR_HANDLE, NFT_RULE_ATTR_POSITION, NFT_RULE_ATTR_TABLE, NFT_RULE_ATTR_USERDATA, nft_rule_expr_build_payload(), NFTA_RULE_CHAIN, NFTA_RULE_COMPAT, NFTA_RULE_COMPAT_FLAGS, NFTA_RULE_COMPAT_PROTO, NFTA_RULE_EXPRESSIONS, NFTA_RULE_HANDLE, NFTA_RULE_POSITION, NFTA_RULE_TABLE, NFTA_RULE_USERDATA, nft_rule::position, nft_rule::proto, nft_rule::table, and nft_rule::user.

Referenced by mnl_nft_rule_add(), mnl_nft_rule_batch_add(), mnl_nft_rule_batch_del(), and mnl_nft_rule_delete().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_rule_nlmsg_parse ( const struct nlmsghdr nlh,
struct nft_rule r 
)

References be64toh, nft_rule::chain, nft_rule::data, nft_rule::family, nft_rule::flags, nft_rule::handle, nft_rule::len, mnl_attr_get_payload(), mnl_attr_get_payload_len(), mnl_attr_get_str(), mnl_attr_get_u64(), mnl_attr_parse(), mnl_nlmsg_get_payload(), nfgenmsg::nfgen_family, NFT_RULE_ATTR_CHAIN, NFT_RULE_ATTR_FAMILY, NFT_RULE_ATTR_HANDLE, NFT_RULE_ATTR_POSITION, NFT_RULE_ATTR_TABLE, NFT_RULE_ATTR_USERDATA, NFTA_RULE_CHAIN, NFTA_RULE_COMPAT, NFTA_RULE_EXPRESSIONS, NFTA_RULE_HANDLE, NFTA_RULE_MAX, NFTA_RULE_POSITION, NFTA_RULE_TABLE, NFTA_RULE_USERDATA, NULL, nft_rule::position, nft_rule::table, nft_rule::user, and xfree.

Here is the call graph for this function:

int nft_rule_parse ( struct nft_rule r,
enum nft_parse_type  type,
const char *  data,
struct nft_parse_err err 
)

References NFT_PARSE_BUFFER.

int nft_rule_parse_file ( struct nft_rule r,
enum nft_parse_type  type,
FILE *  fp,
struct nft_parse_err err 
)

References NFT_PARSE_FILE.

int nft_rule_snprintf ( char *  buf,
size_t  size,
struct nft_rule r,
uint32_t  type,
uint32_t  flags 
)

References flags, nft_event_footer_snprintf(), nft_event_header_snprintf(), NFT_OF_EVENT_ANY, NFT_OUTPUT_DEFAULT, NFT_OUTPUT_JSON, NFT_OUTPUT_XML, size, and SNPRINTF_BUFFER_SIZE.

Referenced by netlink_dump_rule().

Here is the call graph for this function:

Here is the caller graph for this function: