netfilter
firewalling, NAT, and packet mangling for linux
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
Functions | Variables
nft-shared.c File Reference
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <netdb.h>
#include <errno.h>
#include <xtables.h>
#include <linux/netfilter/nf_tables.h>
#include <libmnl/libmnl.h>
#include <libnftnl/rule.h>
#include <libnftnl/expr.h>
#include "nft-shared.h"
#include "xshared.h"
#include "nft.h"
Include dependency graph for nft-shared.c:

Functions

void add_meta (struct nft_rule *r, uint32_t key)
 
void add_payload (struct nft_rule *r, int offset, int len)
 
void add_bitwise_u16 (struct nft_rule *r, int mask, int xor)
 
void add_cmp_ptr (struct nft_rule *r, uint32_t op, void *data, size_t len)
 
void add_cmp_u8 (struct nft_rule *r, uint8_t val, uint32_t op)
 
void add_cmp_u16 (struct nft_rule *r, uint16_t val, uint32_t op)
 
void add_cmp_u32 (struct nft_rule *r, uint32_t val, uint32_t op)
 
void add_iniface (struct nft_rule *r, char *iface, uint32_t op)
 
void add_outiface (struct nft_rule *r, char *iface, uint32_t op)
 
void add_addr (struct nft_rule *r, int offset, void *data, void *mask, size_t len, uint32_t op)
 
void add_proto (struct nft_rule *r, int offset, size_t len, uint8_t proto, uint32_t op)
 
bool is_same_interfaces (const char *a_iniface, const char *a_outiface, unsigned const char *a_iniface_mask, unsigned const char *a_outiface_mask, const char *b_iniface, const char *b_outiface, unsigned const char *b_iniface_mask, unsigned const char *b_outiface_mask)
 
void parse_meta (struct nft_rule_expr *e, uint8_t key, char *iniface, unsigned char *iniface_mask, char *outiface, unsigned char *outiface_mask, uint8_t *invflags)
 
void nft_parse_target (struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
 
void print_proto (uint16_t proto, int invert)
 
void get_cmp_data (struct nft_rule_expr *e, void *data, size_t dlen, bool *inv)
 
void nft_parse_meta (struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
 
void nft_parse_payload (struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
 
void nft_parse_bitwise (struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
 
void nft_parse_cmp (struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
 
void nft_parse_counter (struct nft_rule_expr *e, struct xt_counters *counters)
 
void nft_parse_immediate (struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
 
void nft_rule_to_iptables_command_state (struct nft_rule *r, struct iptables_command_state *cs)
 
void print_header (unsigned int format, const char *chain, const char *pol, const struct xt_counters *counters, bool basechain, uint32_t refs)
 
void print_firewall_details (const struct iptables_command_state *cs, const char *targname, uint8_t flags, uint8_t invflags, uint8_t proto, unsigned int num, unsigned int format)
 
void print_ifaces (const char *iniface, const char *outiface, uint8_t invflags, unsigned int format)
 
void save_firewall_details (const struct iptables_command_state *cs, uint8_t invflags, uint16_t proto, const char *iniface, unsigned const char *iniface_mask, const char *outiface, unsigned const char *outiface_mask)
 
void save_counters (uint64_t pcnt, uint64_t bcnt)
 
void save_matches_and_target (struct xtables_rule_match *m, struct xtables_target *target, const char *jumpto, uint8_t flags, const void *fw)
 
void print_matches_and_target (struct iptables_command_state *cs, unsigned int format)
 
struct nft_family_opsnft_family_ops_lookup (int family)
 
bool compare_targets (struct xtables_target *tg1, struct xtables_target *tg2)
 
bool nft_ipv46_rule_find (struct nft_family_ops *ops, struct nft_rule *r, struct iptables_command_state *cs)
 

Variables

struct nft_family_ops nft_family_ops_ipv4
 
struct nft_family_ops nft_family_ops_ipv6
 
struct nft_family_ops nft_family_ops_arp
 

Function Documentation

void add_addr ( struct nft_rule r,
int  offset,
void *  data,
void *  mask,
size_t  len,
uint32_t  op 
)

References add_cmp_ptr(), and add_payload().

Here is the call graph for this function:

void add_bitwise_u16 ( struct nft_rule r,
int  mask,
int  xor 
)

References NFT_EXPR_BITWISE_DREG, NFT_EXPR_BITWISE_LEN, NFT_EXPR_BITWISE_MASK, NFT_EXPR_BITWISE_SREG, NFT_EXPR_BITWISE_XOR, NFT_REG_1, nft_rule_add_expr(), nft_rule_expr_alloc(), nft_rule_expr_set(), nft_rule_expr_set_u32(), and NULL.

Here is the call graph for this function:

void add_cmp_ptr ( struct nft_rule r,
uint32_t  op,
void *  data,
size_t  len 
)

References NFT_EXPR_CMP_DATA, NFT_EXPR_CMP_OP, NFT_EXPR_CMP_SREG, NFT_REG_1, nft_rule_add_expr(), nft_rule_expr_alloc(), nft_rule_expr_set(), nft_rule_expr_set_u32(), and NULL.

Referenced by add_addr(), add_cmp_u16(), add_cmp_u32(), add_cmp_u8(), add_iniface(), and add_outiface().

Here is the call graph for this function:

Here is the caller graph for this function:

void add_cmp_u16 ( struct nft_rule r,
uint16_t  val,
uint32_t  op 
)

References add_cmp_ptr().

Here is the call graph for this function:

void add_cmp_u32 ( struct nft_rule r,
uint32_t  val,
uint32_t  op 
)

References add_cmp_ptr().

Here is the call graph for this function:

void add_cmp_u8 ( struct nft_rule r,
uint8_t  val,
uint32_t  op 
)

References add_cmp_ptr().

Referenced by add_proto().

Here is the call graph for this function:

Here is the caller graph for this function:

void add_iniface ( struct nft_rule r,
char *  iface,
uint32_t  op 
)

References add_cmp_ptr(), add_meta(), and NFT_META_IIFNAME.

Here is the call graph for this function:

void add_meta ( struct nft_rule r,
uint32_t  key 
)

References NFT_EXPR_META_DREG, NFT_EXPR_META_KEY, NFT_REG_1, nft_rule_add_expr(), nft_rule_expr_alloc(), nft_rule_expr_set_u32(), and NULL.

Referenced by add_iniface(), and add_outiface().

Here is the call graph for this function:

Here is the caller graph for this function:

void add_outiface ( struct nft_rule r,
char *  iface,
uint32_t  op 
)

References add_cmp_ptr(), add_meta(), and NFT_META_OIFNAME.

Here is the call graph for this function:

void add_payload ( struct nft_rule r,
int  offset,
int  len 
)

References NFT_EXPR_PAYLOAD_BASE, NFT_EXPR_PAYLOAD_DREG, NFT_EXPR_PAYLOAD_LEN, NFT_EXPR_PAYLOAD_OFFSET, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1, nft_rule_add_expr(), nft_rule_expr_alloc(), nft_rule_expr_set_u32(), and NULL.

Referenced by add_addr(), and add_proto().

Here is the call graph for this function:

Here is the caller graph for this function:

void add_proto ( struct nft_rule r,
int  offset,
size_t  len,
uint8_t  proto,
uint32_t  op 
)

References add_cmp_u8(), and add_payload().

Here is the call graph for this function:

bool compare_targets ( struct xtables_target tg1,
struct xtables_target tg2 
)

References xt_entry_target::data, NULL, xtables_target::t, xt_entry_target::u, xt_entry_target::user, and xtables_target::userspacesize.

Referenced by nft_ipv46_rule_find().

Here is the caller graph for this function:

void get_cmp_data ( struct nft_rule_expr e,
void *  data,
size_t  dlen,
bool *  inv 
)

References len, NFT_CMP_NEQ, NFT_EXPR_CMP_DATA, NFT_EXPR_CMP_OP, nft_rule_expr_get(), and nft_rule_expr_get_u32().

Here is the call graph for this function:

bool is_same_interfaces ( const char *  a_iniface,
const char *  a_outiface,
unsigned const char *  a_iniface_mask,
unsigned const char *  a_outiface_mask,
const char *  b_iniface,
const char *  b_outiface,
unsigned const char *  b_iniface_mask,
unsigned const char *  b_outiface_mask 
)

References DEBUGP, and IFNAMSIZ.

struct nft_family_ops* nft_family_ops_lookup ( int  family)

References NFPROTO_ARP, nft_family_ops_arp, nft_family_ops_ipv4, nft_family_ops_ipv6, and NULL.

Referenced by do_commandarp(), do_commandx(), nft_parse_cmp(), nft_parse_immediate(), nft_parse_target(), nft_rule_list(), and nft_rule_print_save().

Here is the caller graph for this function:

bool nft_ipv46_rule_find ( struct nft_family_ops ops,
struct nft_rule r,
struct iptables_command_state cs 
)

References compare_targets(), DEBUGP, nft_family_ops::is_same, iptables_command_state::jumpto, iptables_command_state::matches, NFT_RULE_APPEND, nft_rule_print_save(), nft_rule_to_iptables_command_state(), and iptables_command_state::target.

Here is the call graph for this function:

void nft_parse_bitwise ( struct nft_xt_ctx ctx,
struct nft_rule_expr e 
)

References nft_xt_ctx::bitwise, data, nft_xt_ctx::flags, len, nft_xt_ctx::mask, NFT_EXPR_BITWISE_MASK, NFT_EXPR_BITWISE_SREG, NFT_EXPR_BITWISE_XOR, nft_rule_expr_get(), nft_rule_expr_get_u32(), NFT_XT_CTX_BITWISE, nft_xt_ctx::reg, and nft_xt_ctx::xor.

Referenced by nft_rule_to_arptables_command_state(), and nft_rule_to_iptables_command_state().

Here is the call graph for this function:

Here is the caller graph for this function:

void nft_parse_cmp ( struct nft_xt_ctx ctx,
struct nft_rule_expr e 
)

References data, nft_xt_ctx::family, nft_xt_ctx::flags, NFT_EXPR_CMP_SREG, nft_family_ops_lookup(), nft_rule_expr_get_u32(), NFT_XT_CTX_META, NFT_XT_CTX_PAYLOAD, nft_family_ops::parse_meta, nft_family_ops::parse_payload, and nft_xt_ctx::reg.

Referenced by nft_rule_to_arptables_command_state(), and nft_rule_to_iptables_command_state().

Here is the call graph for this function:

Here is the caller graph for this function:

void nft_parse_counter ( struct nft_rule_expr e,
struct xt_counters counters 
)

References xt_counters::bcnt, NFT_EXPR_CTR_BYTES, NFT_EXPR_CTR_PACKETS, nft_rule_expr_get_u64(), and xt_counters::pcnt.

Referenced by nft_rule_to_arptables_command_state(), and nft_rule_to_iptables_command_state().

Here is the call graph for this function:

Here is the caller graph for this function:

void nft_parse_immediate ( struct nft_xt_ctx ctx,
struct nft_rule_expr e 
)

References data, nft_xt_ctx::family, NF_ACCEPT, NF_DROP, NFT_EXPR_IMM_CHAIN, NFT_EXPR_IMM_VERDICT, nft_family_ops_lookup(), NFT_GOTO, NFT_JUMP, NFT_RETURN, nft_rule_expr_get_str(), nft_rule_expr_get_u32(), NULL, nft_family_ops::parse_immediate, and verdict.

Referenced by nft_rule_to_arptables_command_state(), and nft_rule_to_iptables_command_state().

Here is the call graph for this function:

Here is the caller graph for this function:

void nft_parse_meta ( struct nft_xt_ctx ctx,
struct nft_rule_expr e 
)

References nft_xt_ctx::flags, nft_xt_ctx::key, nft_xt_ctx::meta, NFT_EXPR_META_DREG, NFT_EXPR_META_KEY, nft_rule_expr_get_u32(), NFT_XT_CTX_META, and nft_xt_ctx::reg.

Referenced by nft_rule_to_arptables_command_state(), and nft_rule_to_iptables_command_state().

Here is the call graph for this function:

Here is the caller graph for this function:

void nft_parse_payload ( struct nft_xt_ctx ctx,
struct nft_rule_expr e 
)

References nft_xt_ctx::flags, NFT_EXPR_META_DREG, NFT_EXPR_PAYLOAD_OFFSET, nft_rule_expr_get_u32(), NFT_XT_CTX_PAYLOAD, nft_xt_ctx::offset, nft_xt_ctx::payload, and nft_xt_ctx::reg.

Referenced by nft_rule_to_arptables_command_state(), and nft_rule_to_iptables_command_state().

Here is the call graph for this function:

Here is the caller graph for this function:

void nft_parse_target ( struct nft_xt_ctx ctx,
struct nft_rule_expr e 
)

References xt_entry_target::data, data, nft_xt_ctx::family, xtables_target::name, NFT_EXPR_TG_INFO, NFT_EXPR_TG_NAME, NFT_EXPR_TG_REV, nft_family_ops_lookup(), nft_rule_expr_get(), nft_rule_expr_get_str(), nft_rule_expr_get_u32(), NULL, nft_family_ops::parse_target, size, xtables_target::t, xt_entry_target::target_size, xt_entry_target::u, xt_entry_target::user, XT_ALIGN, xtables_find_target(), and XTF_TRY_LOAD.

Referenced by nft_rule_to_arptables_command_state(), and nft_rule_to_iptables_command_state().

Here is the call graph for this function:

Here is the caller graph for this function:

void nft_rule_to_iptables_command_state ( struct nft_rule r,
struct iptables_command_state cs 
)

References iptables_command_state::counters, nft_xt_ctx::cs, nft_xt_ctx::family, nft_xt_ctx::iter, iptables_command_state::jumpto, xtables_target::name, name, nft_parse_bitwise(), nft_parse_cmp(), nft_parse_counter(), nft_parse_immediate(), nft_parse_meta(), nft_parse_payload(), nft_parse_target(), NFT_RULE_ATTR_FAMILY, nft_rule_attr_get_u32(), NFT_RULE_EXPR_ATTR_NAME, nft_rule_expr_get_str(), nft_rule_expr_iter_create(), nft_rule_expr_iter_destroy(), nft_rule_expr_iter_next(), NULL, nft_xt_ctx::state, iptables_command_state::target, xtables_find_target(), and XTF_TRY_LOAD.

Referenced by nft_ipv46_rule_find(), nft_rule_save(), and nft_rule_zero_counters().

Here is the call graph for this function:

Here is the caller graph for this function:

void parse_meta ( struct nft_rule_expr e,
uint8_t  key,
char *  iniface,
unsigned char *  iniface_mask,
char *  outiface,
unsigned char *  outiface_mask,
uint8_t *  invflags 
)

References DEBUGP, IPT_INV_VIA_IN, IPT_INV_VIA_OUT, len, NFT_CMP_NEQ, NFT_EXPR_CMP_DATA, NFT_EXPR_CMP_OP, NFT_META_IIF, NFT_META_IIFNAME, NFT_META_OIF, NFT_META_OIFNAME, nft_rule_expr_get(), nft_rule_expr_get_u32(), and value.

Here is the call graph for this function:

void print_firewall_details ( const struct iptables_command_state cs,
const char *  targname,
uint8_t  flags,
uint8_t  invflags,
uint8_t  proto,
unsigned int  num,
unsigned int  format 
)

References xt_counters::bcnt, iptables_command_state::counters, FMT, FMT_LINENUMBERS, FMT_NOCOUNTS, FMT_NOTARGET, FMT_NUMERIC, xt_counters::pcnt, proto_to_name(), XT_INV_PROTO, and xtables_print_num().

Here is the call graph for this function:

void print_header ( unsigned int  format,
const char *  chain,
const char *  pol,
const struct xt_counters counters,
bool  basechain,
uint32_t  refs 
)

References xt_counters::bcnt, FMT, FMT_KILOMEGAGIGA, FMT_LINENUMBERS, FMT_NOCOUNTS, FMT_NOTABLE, FMT_NOTARGET, FMT_OPTIONS, FMT_VIA, xt_counters::pcnt, and xtables_print_num().

Here is the call graph for this function:

void print_ifaces ( const char *  iniface,
const char *  outiface,
uint8_t  invflags,
unsigned int  format 
)

References FMT, FMT_NUMERIC, FMT_VIA, IFNAMSIZ, IPT_INV_VIA_IN, and IPT_INV_VIA_OUT.

void print_matches_and_target ( struct iptables_command_state cs,
unsigned int  format 
)

References FMT_NUMERIC, iptables_command_state::fw, xtables_match::m, xtables_rule_match::match, iptables_command_state::matches, xtables_rule_match::next, NULL, xtables_match::print, xtables_target::print, xtables_target::t, and iptables_command_state::target.

void print_proto ( uint16_t  proto,
int  invert 
)
void save_counters ( uint64_t  pcnt,
uint64_t  bcnt 
)
void save_firewall_details ( const struct iptables_command_state cs,
uint8_t  invflags,
uint16_t  proto,
const char *  iniface,
unsigned const char *  iniface_mask,
const char *  outiface,
unsigned const char *  outiface_mask 
)

References IPT_INV_VIA_IN, IPT_INV_VIA_OUT, NULL, and XT_INV_PROTO.

void save_matches_and_target ( struct xtables_rule_match m,
struct xtables_target target,
const char *  jumpto,
uint8_t  flags,
const void *  fw 
)

References xtables_match::alias, xtables_target::alias, xtables_match::m, xtables_rule_match::match, xtables_match::name, xtables_rule_match::next, NULL, xtables_match::save, xtables_target::save, and xtables_target::t.

Variable Documentation

struct nft_family_ops nft_family_ops_arp

Referenced by nft_family_ops_lookup().

struct nft_family_ops nft_family_ops_ipv4

Referenced by nft_family_ops_lookup().

struct nft_family_ops nft_family_ops_ipv6

Referenced by nft_family_ops_lookup().