1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
/*
* (C) 2013 by Ana Rey Botello <anarey@gmail.com>
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <linux/netfilter/nf_tables.h>
#include <libmnl/libmnl.h>
#include <libnftnl/rule.h>
#include <libnftnl/expr.h>
static int test_ok = 1;
static void print_err(const char *msg)
{
test_ok = 0;
printf("\033[31mERROR:\e[0m %s\n", msg);
}
static void cmp_nftnl_expr_verdict(struct nftnl_expr *rule_a,
struct nftnl_expr *rule_b)
{
const char *chain_a, *chain_b;
uint32_t len_a, len_b;
if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_IMM_DREG) !=
nftnl_expr_get_u32(rule_b, NFTNL_EXPR_IMM_DREG))
print_err("Expr NFTNL_EXPR_IMM_DREG mismatches");
if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_IMM_VERDICT) !=
nftnl_expr_get_u32(rule_b, NFTNL_EXPR_IMM_VERDICT))
print_err("Expr NFTNL_EXPR_IMM_VERDICT mismatches");
chain_a = nftnl_expr_get(rule_a, NFTNL_EXPR_IMM_CHAIN, &len_a);
chain_b = nftnl_expr_get(rule_b, NFTNL_EXPR_IMM_CHAIN, &len_b);
if (len_a != len_b || strncmp(chain_a, chain_b, len_a))
print_err("Expr NFTNL_EXPR_IMM_CHAIN mismatches");
}
static void cmp_nftnl_expr_value(struct nftnl_expr *rule_a,
struct nftnl_expr *rule_b)
{
const uint32_t *data_a, *data_b;
uint32_t len_a, len_b;
if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_IMM_DREG) !=
nftnl_expr_get_u32(rule_b, NFTNL_EXPR_IMM_DREG))
print_err("Expr NFTNL_EXPR_IMM_DREG mismatches");
data_a = nftnl_expr_get(rule_a, NFTNL_EXPR_IMM_DATA, &len_a);
data_b = nftnl_expr_get(rule_b, NFTNL_EXPR_IMM_DATA, &len_b);
if (len_a != len_b || memcmp(data_a, data_b, len_a))
print_err("Expr NFTNL_EXPR_IMM_DATA mismatches");
}
int main(int argc, char *argv[])
{
struct nftnl_rule *a, *b;
struct nftnl_expr *ex_val, *ex_ver;
struct nlmsghdr *nlh;
char buf[4096];
struct nftnl_expr_iter *iter_a, *iter_b;
struct nftnl_expr *rule_a, *rule_b;
const char *chain = "tests_chain01234";
const char *data = "test_data_01234";
a = nftnl_rule_alloc();
b = nftnl_rule_alloc();
if (a == NULL || b == NULL)
print_err("OOM");
ex_val = nftnl_expr_alloc("immediate");
ex_ver = nftnl_expr_alloc("immediate");
if (!ex_val || !ex_ver)
print_err("OOM");
nftnl_expr_set_u32(ex_val, NFTNL_EXPR_IMM_DREG, 0x1234568);
nftnl_expr_set(ex_val, NFTNL_EXPR_IMM_DATA, data, sizeof(data));
nftnl_expr_set_u32(ex_ver, NFTNL_EXPR_IMM_DREG, 0x1234568);
nftnl_expr_set_u32(ex_ver, NFTNL_EXPR_IMM_VERDICT, NFT_GOTO);
nftnl_expr_set(ex_ver, NFTNL_EXPR_IMM_CHAIN, chain, sizeof(chain));
nftnl_rule_add_expr(a, ex_val);
nftnl_rule_add_expr(a, ex_ver);
nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234);
nftnl_rule_nlmsg_build_payload(nlh, a);
if (nftnl_rule_nlmsg_parse(nlh, b) < 0)
print_err("parsing problems");
iter_a = nftnl_expr_iter_create(a);
iter_b = nftnl_expr_iter_create(b);
if (iter_a == NULL || iter_b == NULL)
print_err("OOM");
rule_a = nftnl_expr_iter_next(iter_a);
rule_b = nftnl_expr_iter_next(iter_b);
if (rule_a == NULL || rule_b == NULL)
print_err("OOM");
cmp_nftnl_expr_value(rule_a, rule_b);
rule_a = nftnl_expr_iter_next(iter_a);
rule_b = nftnl_expr_iter_next(iter_b);
if (rule_a == NULL || rule_b == NULL)
print_err("OOM");
cmp_nftnl_expr_verdict(rule_a, rule_b);
if (nftnl_expr_iter_next(iter_a) != NULL ||
nftnl_expr_iter_next(iter_b) != NULL)
print_err("More 2 expr.");
nftnl_expr_iter_destroy(iter_a);
nftnl_expr_iter_destroy(iter_b);
nftnl_rule_free(a);
nftnl_rule_free(b);
if (!test_ok)
exit(EXIT_FAILURE);
printf("%s: \033[32mOK\e[0m\n", argv[0]);
return EXIT_SUCCESS;
}
|