2022-05-12 10:33:22 -05:00
|
|
|
package expr
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/binary"
|
|
|
|
|
|
|
|
"github.com/google/nftables/binaryutil"
|
2022-05-14 11:49:27 -05:00
|
|
|
"github.com/google/nftables/xt"
|
2022-05-12 10:33:22 -05:00
|
|
|
"github.com/mdlayher/netlink"
|
|
|
|
"golang.org/x/sys/unix"
|
|
|
|
)
|
|
|
|
|
|
|
|
// See https://git.netfilter.org/libnftnl/tree/src/expr/match.c?id=09456c720e9c00eecc08e41ac6b7c291b3821ee5#n30
|
|
|
|
type Match struct {
|
|
|
|
Name string
|
|
|
|
Rev uint32
|
2022-05-14 11:49:27 -05:00
|
|
|
Info xt.InfoAny
|
2022-05-12 10:33:22 -05:00
|
|
|
}
|
|
|
|
|
2022-05-14 11:45:18 -05:00
|
|
|
func (e *Match) marshal(fam byte) ([]byte, error) {
|
2022-05-12 10:33:22 -05:00
|
|
|
// Per https://git.netfilter.org/libnftnl/tree/src/expr/match.c?id=09456c720e9c00eecc08e41ac6b7c291b3821ee5#n38
|
|
|
|
name := e.Name
|
|
|
|
// limit the extension name as (some) user-space tools do and leave room for
|
|
|
|
// trailing \x00
|
|
|
|
if len(name) >= /* sic! */ XTablesExtensionNameMaxLen {
|
|
|
|
name = name[:XTablesExtensionNameMaxLen-1] // leave room for trailing \x00.
|
|
|
|
}
|
2022-05-14 11:49:27 -05:00
|
|
|
// Marshalling assumes that the correct Info type for the particular table
|
|
|
|
// family and Match revision has been set.
|
|
|
|
info, err := xt.Marshal(xt.TableFamily(fam), e.Rev, e.Info)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-05-12 10:33:22 -05:00
|
|
|
attrs := []netlink.Attribute{
|
|
|
|
{Type: unix.NFTA_MATCH_NAME, Data: []byte(name + "\x00")},
|
|
|
|
{Type: unix.NFTA_MATCH_REV, Data: binaryutil.BigEndian.PutUint32(e.Rev)},
|
2022-05-14 11:49:27 -05:00
|
|
|
{Type: unix.NFTA_MATCH_INFO, Data: info},
|
2022-05-12 10:33:22 -05:00
|
|
|
}
|
|
|
|
data, err := netlink.MarshalAttributes(attrs)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return netlink.MarshalAttributes([]netlink.Attribute{
|
|
|
|
{Type: unix.NFTA_EXPR_NAME, Data: []byte("match\x00")},
|
|
|
|
{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2022-05-14 11:45:18 -05:00
|
|
|
func (e *Match) unmarshal(fam byte, data []byte) error {
|
2022-05-12 10:33:22 -05:00
|
|
|
// Per https://git.netfilter.org/libnftnl/tree/src/expr/match.c?id=09456c720e9c00eecc08e41ac6b7c291b3821ee5#n65
|
|
|
|
ad, err := netlink.NewAttributeDecoder(data)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2022-05-14 11:49:27 -05:00
|
|
|
var info []byte
|
2022-05-12 10:33:22 -05:00
|
|
|
ad.ByteOrder = binary.BigEndian
|
|
|
|
for ad.Next() {
|
|
|
|
switch ad.Type() {
|
|
|
|
case unix.NFTA_MATCH_NAME:
|
|
|
|
// We are forgiving here, accepting any length and even missing terminating \x00.
|
|
|
|
e.Name = string(bytes.TrimRight(ad.Bytes(), "\x00"))
|
|
|
|
case unix.NFTA_MATCH_REV:
|
|
|
|
e.Rev = ad.Uint32()
|
|
|
|
case unix.NFTA_MATCH_INFO:
|
2022-05-14 11:49:27 -05:00
|
|
|
info = ad.Bytes()
|
2022-05-12 10:33:22 -05:00
|
|
|
}
|
|
|
|
}
|
2022-05-14 11:49:27 -05:00
|
|
|
if err = ad.Err(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
e.Info, err = xt.Unmarshal(e.Name, xt.TableFamily(fam), e.Rev, info)
|
|
|
|
return err
|
2022-05-12 10:33:22 -05:00
|
|
|
}
|