From patchwork Thu May 10 22:15:41 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: nevola <nevola@gmail.com>
X-Patchwork-Id: 911585
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="Ps2pE05S"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40hnc42Y2Cz9s16
	for <incoming@patchwork.ozlabs.org>;
	Fri, 11 May 2018 08:15:48 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752569AbeEJWPr (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 10 May 2018 18:15:47 -0400
Received: from mail-wr0-f196.google.com ([209.85.128.196]:38961 "EHLO
	mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752561AbeEJWPq (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Thu, 10 May 2018 18:15:46 -0400
Received: by mail-wr0-f196.google.com with SMTP id q3-v6so3429222wrj.6
	for <netfilter-devel@vger.kernel.org>;
	Thu, 10 May 2018 15:15:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=date:from:to:subject:message-id:mime-version:content-disposition
	:user-agent; bh=8Sc4jpXeQDYaZgMogn+bFnNzPdySOGAPWoducVdj1wI=;
	b=Ps2pE05S99NOI4DLkdfderMHRQATYtjIQ6VC/lO7Mw1JDmTn92AmKMf2ievR/6Lap/
	Ht+wXKGON0w4qfrbVkpIMSRJ4waWQTRG8ied1wIHI+T7QvchyN+MuUGjHQWAJwLWPQ6m
	b8JweybIJdhkjqvQI3TAJJME9pF80s2ooRFEzDA60mIZyDLaUmMuKjXdaxT/qp6zlgL2
	PqiPfUCrM7p0eBGEZeElAE/sj3MKoI/0OpTHAeDg5GRrvHgCeEpkzs9dIOcZCN4DLp+t
	62dWTqMzaPS2Iejzsc9vibFevRD5t2Oiy9iakx+oRAJwbCelG2kto8k/FaZeXfafofh8
	V/4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:from:to:subject:message-id:mime-version
	:content-disposition:user-agent;
	bh=8Sc4jpXeQDYaZgMogn+bFnNzPdySOGAPWoducVdj1wI=;
	b=leDQGmGNNS9IN8R1WnLNFuIZYbsnFjNmOVfNr7m/WbYSM74W13/jPz371HVKfjoQI6
	K22rq6YByUAWr6AbFfYDX/OtPqAJ1S7gwgoZMiwmgp4PgEIZmFmesIztHNrEyWkwQHwM
	7+73cdH5oIHiK5blC4kcyhNFljUyNgD5dtDV5UGA7cZKeh+xgQwCzTBBaOfEn7dPEXOe
	OwlghcwaWEVPFiqPOE+8Esa7TxqY8TOJBIkra8+tqrQWPybMc9DWdFpT57si6iLhzaOC
	dJJDbDdmVCYIuqRM2MoDR6idA93wm5J5tTMvelFyglm90pj/6zhwtXzJThxr17GiiBDi
	OVmw==
X-Gm-Message-State: ALKqPwdW6MjsxQTesULgiahCnsAWGSxelgGk7vfbisC06mGak5onOepn
	i9E6LUoFwRZjNbcD41EdHqvi2A==
X-Google-Smtp-Source: 
 AB8JxZq1qmVmGDlhRQd6m0jM2L+nmsqKdysHv17RcyW9aQkPK+Y3A3KntpToeTCknKI4ggqj9PhzIg==
X-Received: by 2002:adf:86ac:: with SMTP id
	41-v6mr2446418wrx.260.1525990544587;
	Thu, 10 May 2018 15:15:44 -0700 (PDT)
Received: from nevthink ([91.126.75.228]) by smtp.gmail.com with ESMTPSA id
	m35-v6sm2023979wrm.51.2018.05.10.15.15.43
	for <netfilter-devel@vger.kernel.org>
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Thu, 10 May 2018 15:15:44 -0700 (PDT)
Date: Fri, 11 May 2018 00:15:41 +0200
From: Laura Garcia Liebana <nevola@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH libnftnl] expr: add map lookups for hash statements
Message-ID: <20180510221541.veyh5o4nhejmh4pr@nevthink>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: NeoMutt/20170113 (1.7.2)
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

This patch introduces two new attributes for hash expression
to allow map lookups where the hash is the key.

The new attributes are NFTNL_EXPR_HASH_SET_NAME and
NFTNL_EXPR_HASH_SET_ID in order to identify the given map.

Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
---
 include/libnftnl/expr.h             |  2 ++
 include/linux/netfilter/nf_tables.h |  4 +++
 src/expr/hash.c                     | 49 +++++++++++++++++++++++++++++++++++++
 3 files changed, 55 insertions(+)

diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
index 25d4103..45ff533 100644
--- a/include/libnftnl/expr.h
+++ b/include/libnftnl/expr.h
@@ -238,6 +238,8 @@ enum {
 	NFTNL_EXPR_HASH_SEED,
 	NFTNL_EXPR_HASH_OFFSET,
 	NFTNL_EXPR_HASH_TYPE,
+	NFTNL_EXPR_HASH_SET_NAME,
+	NFTNL_EXPR_HASH_SET_ID,
 };
 
 enum {
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 54e35c1..48b095e 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -851,6 +851,8 @@ enum nft_hash_types {
  * @NFTA_HASH_SEED: seed value (NLA_U32)
  * @NFTA_HASH_OFFSET: add this offset value to hash result (NLA_U32)
  * @NFTA_HASH_TYPE: hash operation (NLA_U32: nft_hash_types)
+ * @NFTA_HASH_SET_NAME: name of the map to lookup (NLA_STRING)
+ * @NFTA_HASH_SET_ID: id of the map (NLA_U32)
  */
 enum nft_hash_attributes {
 	NFTA_HASH_UNSPEC,
@@ -861,6 +863,8 @@ enum nft_hash_attributes {
 	NFTA_HASH_SEED,
 	NFTA_HASH_OFFSET,
 	NFTA_HASH_TYPE,
+	NFTA_HASH_SET_NAME,
+	NFTA_HASH_SET_ID,
 	__NFTA_HASH_MAX,
 };
 #define NFTA_HASH_MAX	(__NFTA_HASH_MAX - 1)
diff --git a/src/expr/hash.c b/src/expr/hash.c
index fcc4fa5..415537e 100644
--- a/src/expr/hash.c
+++ b/src/expr/hash.c
@@ -28,6 +28,10 @@ struct nftnl_expr_hash {
 	unsigned int		modulus;
 	unsigned int		seed;
 	unsigned int		offset;
+	struct {
+		const char	*name;
+		uint32_t	id;
+	} map;
 };
 
 static int
@@ -57,6 +61,14 @@ nftnl_expr_hash_set(struct nftnl_expr *e, uint16_t type,
 	case NFTNL_EXPR_HASH_TYPE:
 		hash->type = *((uint32_t *)data);
 		break;
+	case NFTNL_EXPR_HASH_SET_NAME:
+		hash->map.name = strdup(data);
+		if (!hash->map.name)
+			return -1;
+		break;
+	case NFTNL_EXPR_HASH_SET_ID:
+		hash->map.id = *((uint32_t *)data);
+		break;
 	default:
 		return -1;
 	}
@@ -91,6 +103,12 @@ nftnl_expr_hash_get(const struct nftnl_expr *e, uint16_t type,
 	case NFTNL_EXPR_HASH_TYPE:
 		*data_len = sizeof(hash->type);
 		return &hash->type;
+	case NFTNL_EXPR_HASH_SET_NAME:
+		*data_len = strlen(hash->map.name) + 1;
+		return hash->map.name;
+	case NFTNL_EXPR_HASH_SET_ID:
+		*data_len = sizeof(hash->map.id);
+		return &hash->map.id;
 	}
 	return NULL;
 }
@@ -111,9 +129,14 @@ static int nftnl_expr_hash_cb(const struct nlattr *attr, void *data)
 	case NFTA_HASH_SEED:
 	case NFTA_HASH_OFFSET:
 	case NFTA_HASH_TYPE:
+	case NFTA_HASH_SET_ID:
 		if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
 			abi_breakage();
 		break;
+	case NFTA_HASH_SET_NAME:
+		if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0)
+			abi_breakage();
+		break;
 	}
 
 	tb[type] = attr;
@@ -139,6 +162,10 @@ nftnl_expr_hash_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
 		mnl_attr_put_u32(nlh, NFTA_HASH_OFFSET, htonl(hash->offset));
 	if (e->flags & (1 << NFTNL_EXPR_HASH_TYPE))
 		mnl_attr_put_u32(nlh, NFTA_HASH_TYPE, htonl(hash->type));
+	if (e->flags & (1 << NFTNL_EXPR_HASH_SET_NAME))
+		mnl_attr_put_str(nlh, NFTA_HASH_SET_NAME, hash->map.name);
+	if (e->flags & (1 << NFTNL_EXPR_HASH_SET_ID))
+		mnl_attr_put_u32(nlh, NFTA_HASH_SET_ID, htonl(hash->map.id));
 }
 
 static int
@@ -179,6 +206,16 @@ nftnl_expr_hash_parse(struct nftnl_expr *e, struct nlattr *attr)
 		hash->type = ntohl(mnl_attr_get_u32(tb[NFTA_HASH_TYPE]));
 		e->flags |= (1 << NFTNL_EXPR_HASH_TYPE);
 	}
+	if (tb[NFTA_HASH_SET_NAME]) {
+		hash->map.name =
+			  strdup(mnl_attr_get_str(tb[NFTA_HASH_SET_NAME]));
+		e->flags |= (1 << NFTNL_EXPR_HASH_SET_NAME);
+	}
+	if (tb[NFTA_HASH_SET_ID]) {
+		hash->map.id =
+			  ntohl(mnl_attr_get_u32(tb[NFTA_HASH_SET_ID]));
+		e->flags |= (1 << NFTNL_EXPR_HASH_SET_ID);
+	}
 
 	return ret;
 }
@@ -256,6 +293,12 @@ nftnl_expr_hash_snprintf_default(char *buf, size_t size,
 		SNPRINTF_BUFFER_SIZE(ret, remain, offset);
 	}
 
+	if (hash->map.id) {
+		ret = snprintf(buf + offset, remain, "set %s id %u ",
+			       hash->map.name, hash->map.id);
+		SNPRINTF_BUFFER_SIZE(ret, remain, offset);
+	}
+
 	return offset;
 }
 
@@ -280,6 +323,8 @@ static int nftnl_expr_hash_export(char *buf, size_t size,
 		nftnl_buf_u32(&b, type, hash->offset, OFFSET);
 	if (e->flags & (1 << NFTNL_EXPR_HASH_TYPE))
 		nftnl_buf_u32(&b, type, hash->type, TYPE);
+	if (e->flags & (1 << NFTNL_EXPR_HASH_SET_NAME))
+		nftnl_buf_str(&b, type, hash->map.name, SET);
 
 	return nftnl_buf_done(&b);
 }
@@ -321,6 +366,10 @@ static bool nftnl_expr_hash_cmp(const struct nftnl_expr *e1,
 		eq &= (h1->offset == h2->offset);
 	if (e1->flags & (1 << NFTNL_EXPR_HASH_TYPE))
 		eq &= (h1->type == h2->type);
+	if (e1->flags & (1 << NFTNL_EXPR_HASH_SET_NAME))
+		eq &= !strcmp(h1->map.name, h2->map.name);
+	if (e1->flags & (1 << NFTNL_EXPR_HASH_SET_ID))
+		eq &= (h1->map.id == h2->map.id);
 
        return eq;
 }