Line data Source code
1 : /* SPDX-License-Identifier: GPL-2.0-only */
2 : /*
3 : * Copyright (c) 2023 Meta Platforms, Inc. and affiliates.
4 : */
5 :
6 : #include <linux/netfilter/x_tables.h>
7 : #include <linux/netfilter_ipv4/ip_tables.h>
8 :
9 : #include <errno.h>
10 : #include <stddef.h>
11 : #include <stdio.h>
12 : #include <string.h>
13 :
14 : #include "core/front.h"
15 : #include "core/helper.h"
16 : #include "core/logger.h"
17 : #include "core/request.h"
18 : #include "core/response.h"
19 : #include "libbpfilter/generic.h"
20 :
21 : /**
22 : * Get size of an ipt_get_entries structure.
23 : *
24 : * @param ipt_get_entries_ptr Pointer to a valid ipt_get_entries structure.
25 : * @return Size of the structure, including variable length entries field.
26 : */
27 : #define bf_ipt_get_entries_size(ipt_get_entries_ptr) \
28 : (sizeof(struct ipt_get_entries) + (ipt_get_entries_ptr)->size)
29 :
30 : /**
31 : * Get size of an xt_counters_info structure.
32 : *
33 : * @param xt_counters_info_ptr Pointer to a valid xt_counters_info structure.
34 : * @return Size of the structure, including variable length counters field.
35 : */
36 : #define bf_xt_counters_info_size(xt_counters_info_ptr) \
37 : (sizeof(struct xt_counters_info) + \
38 : ((xt_counters_info_ptr)->num_counters * sizeof(struct xt_counters)))
39 : /**
40 : * Get size of an ipt_replace structure.
41 : *
42 : * @param ipt_replace_ptr Pointer to a valid ipt_replace structure.
43 : * @return Size of the structure, including variable length entries field.
44 : */
45 : #define bf_ipt_replace_size(ipt_replace_ptr) \
46 : (sizeof(struct ipt_replace) + (ipt_replace_ptr)->size)
47 :
48 0 : int bf_ipt_replace(struct ipt_replace *ipt_replace)
49 : {
50 0 : _cleanup_bf_request_ struct bf_request *request = NULL;
51 0 : _cleanup_bf_response_ struct bf_response *response = NULL;
52 : int r;
53 :
54 0 : bf_assert(ipt_replace);
55 :
56 0 : r = bf_request_new(&request, ipt_replace, bf_ipt_replace_size(ipt_replace));
57 0 : if (r < 0)
58 : return r;
59 :
60 0 : request->front = BF_FRONT_IPT;
61 0 : request->cmd = BF_REQ_RULES_SET;
62 :
63 0 : r = bf_send(request, &response);
64 0 : if (r < 0)
65 : return r;
66 :
67 0 : if (response->type == BF_RES_SUCCESS) {
68 0 : if (response->data_len != request->data_len) {
69 0 : return bf_err_r(EINVAL,
70 : "bpfilter: response size is %lu, expected %lu",
71 : response->data_len, request->data_len);
72 : }
73 :
74 0 : memcpy(ipt_replace, response->data, response->data_len);
75 : }
76 :
77 0 : return response->type == BF_RES_FAILURE ? response->error : 0;
78 : }
79 :
80 0 : int bf_ipt_add_counters(struct xt_counters_info *counters)
81 : {
82 0 : _cleanup_bf_request_ struct bf_request *request = NULL;
83 0 : _cleanup_bf_response_ struct bf_response *response = NULL;
84 : int r;
85 :
86 0 : bf_assert(counters);
87 :
88 0 : r = bf_request_new(&request, counters, bf_xt_counters_info_size(counters));
89 0 : if (r < 0)
90 : return r;
91 :
92 0 : request->front = BF_FRONT_IPT;
93 0 : request->cmd = BF_REQ_COUNTERS_SET;
94 :
95 0 : r = bf_send(request, &response);
96 0 : if (r < 0)
97 : return r;
98 :
99 0 : if (response->type == BF_RES_SUCCESS) {
100 0 : if (response->data_len != request->data_len) {
101 0 : return bf_err_r(EINVAL,
102 : "bpfilter: response size is %lu, expected %lu",
103 : response->data_len, request->data_len);
104 : }
105 :
106 0 : memcpy(counters, response->data, response->data_len);
107 : }
108 :
109 0 : return response->type == BF_RES_FAILURE ? response->error : 0;
110 : }
111 :
112 0 : int bf_ipt_get_info(struct ipt_getinfo *info)
113 : {
114 0 : _cleanup_bf_request_ struct bf_request *request = NULL;
115 0 : _cleanup_bf_response_ struct bf_response *response = NULL;
116 : int r;
117 :
118 0 : bf_assert(info);
119 :
120 0 : r = bf_request_new(&request, info, sizeof(*info));
121 0 : if (r < 0)
122 : return r;
123 :
124 0 : request->front = BF_FRONT_IPT;
125 0 : request->cmd = BF_REQ_CUSTOM;
126 0 : request->ipt_cmd = IPT_SO_GET_INFO;
127 :
128 0 : r = bf_send(request, &response);
129 0 : if (r < 0)
130 : return r;
131 :
132 0 : if (response->type == BF_RES_SUCCESS) {
133 0 : if (response->data_len != request->data_len) {
134 0 : return bf_err_r(EINVAL,
135 : "bpfilter: response size is %lu, expected %lu",
136 : response->data_len, request->data_len);
137 : }
138 :
139 0 : memcpy(info, response->data, response->data_len);
140 : }
141 :
142 0 : return response->type == BF_RES_FAILURE ? response->error : 0;
143 : }
144 :
145 0 : int bf_ipt_get_entries(struct ipt_get_entries *entries)
146 : {
147 0 : _cleanup_bf_request_ struct bf_request *request = NULL;
148 0 : _cleanup_bf_response_ struct bf_response *response = NULL;
149 : int r;
150 :
151 0 : bf_assert(entries);
152 :
153 0 : r = bf_request_new(&request, entries, bf_ipt_get_entries_size(entries));
154 0 : if (r < 0)
155 : return r;
156 :
157 0 : request->front = BF_FRONT_IPT;
158 0 : request->cmd = BF_REQ_CUSTOM;
159 0 : request->ipt_cmd = IPT_SO_GET_ENTRIES;
160 :
161 0 : r = bf_send(request, &response);
162 0 : if (r < 0)
163 : return r;
164 :
165 0 : if (response->type == BF_RES_SUCCESS) {
166 0 : if (response->data_len != request->data_len) {
167 0 : return bf_err_r(EINVAL,
168 : "bpfilter: response size is %lu, expected %lu",
169 : response->data_len, request->data_len);
170 : }
171 :
172 0 : memcpy(entries, response->data, response->data_len);
173 : }
174 :
175 0 : return response->type == BF_RES_FAILURE ? response->error : 0;
176 : }
|
