new file mode 100644
@@ -0,0 +1 @@
+{"nftables":[{"add":[{"rule":{"family":"ip","table":"filter","chain":"input","handle":71,"expr":[{"type":"counter","pkts":135,"bytes":21655}],"userdata":[{"type":0,"length":12,"value":"68656C6C6F20776F726C6400"},{"type":1,"length":9,"value":"627920776F726C6400"}]}}]}]}
@@ -15,6 +15,7 @@
#include <netinet/in.h>
#include <linux/netfilter/nf_tables.h>
#include <libnftnl/rule.h>
+#include <libnftnl/udata.h>
static int test_ok = 1;
@@ -26,6 +27,9 @@ static void print_err(const char *msg)
static void cmp_nftnl_rule(struct nftnl_rule *a, struct nftnl_rule *b)
{
+ const void *udata_a, *udata_b;
+ uint32_t len_a, len_b;
+
if (nftnl_rule_get_u32(a, NFTNL_RULE_FAMILY) !=
nftnl_rule_get_u32(b, NFTNL_RULE_FAMILY))
print_err("Rule family mismatches");
@@ -47,6 +51,12 @@ static void cmp_nftnl_rule(struct nftnl_rule *a, struct nftnl_rule *b)
if (nftnl_rule_get_u64(a, NFTNL_RULE_POSITION) !=
nftnl_rule_get_u64(b, NFTNL_RULE_POSITION))
print_err("Rule compat_position mismatches");
+
+ udata_a = nftnl_rule_get_data(a, NFTNL_RULE_USERDATA, &len_a);
+ udata_b = nftnl_rule_get_data(b, NFTNL_RULE_USERDATA, &len_b);
+
+ if (len_a != len_b || memcmp(udata_a, udata_b, len_a) != 0)
+ print_err("Rule userdata mismatches");
}
int main(int argc, char *argv[])
@@ -54,12 +64,20 @@ int main(int argc, char *argv[])
struct nftnl_rule *a, *b;
char buf[4096];
struct nlmsghdr *nlh;
+ struct nftnl_udata_buf *udata;
a = nftnl_rule_alloc();
b = nftnl_rule_alloc();
if (a == NULL || b == NULL)
print_err("OOM");
+ udata = nftnl_udata_alloc(NFT_USERDATA_MAXLEN);
+ if (!udata)
+ print_err("OOM");
+
+ if (!nftnl_udata_put_strz(udata, 0, "hello world"))
+ print_err("User data too big");
+
nftnl_rule_set_u32(a, NFTNL_RULE_FAMILY, AF_INET);
nftnl_rule_set_str(a, NFTNL_RULE_TABLE, "table");
nftnl_rule_set_str(a, NFTNL_RULE_CHAIN, "chain");
@@ -67,6 +85,9 @@ int main(int argc, char *argv[])
nftnl_rule_set_u32(a, NFTNL_RULE_COMPAT_PROTO, 0x12345678);
nftnl_rule_set_u32(a, NFTNL_RULE_COMPAT_FLAGS, 0x12345678);
nftnl_rule_set_u64(a, NFTNL_RULE_POSITION, 0x1234567812345678);
+ nftnl_rule_set_data(a, NFTNL_RULE_USERDATA,
+ nftnl_udata_data(udata),
+ nftnl_udata_len(udata));
nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234);
nftnl_rule_nlmsg_build_payload(nlh, a);
new file mode 100644
@@ -0,0 +1 @@
+<nftables><add><rule><family>ip6</family><table>filter</table><chain>input</chain><handle>82</handle><expr type="counter"><pkts>3</pkts><bytes>177</bytes></expr><userdata><attr><type>0</type><length>12</length><value>68656C6C6F20776F726C6400</value></attr><attr><type>1</type><length>9</length><value>627920776F726C6400</value></attr></userdata></rule></add></nftables>
Modify nft-rule-test.c to check TLV attribute inclusion in nftnl_rule. Add "*-rule-udata.[json|xml]" to check parsers. Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net> --- tests/jsonfiles/71-rule-udata.json | 1 + tests/nft-rule-test.c | 21 +++++++++++++++++++++ tests/xmlfiles/82-rule-udata.xml | 1 + 3 files changed, 23 insertions(+) create mode 100644 tests/jsonfiles/71-rule-udata.json create mode 100644 tests/xmlfiles/82-rule-udata.xml