aboutsummaryrefslogtreecommitdiff
path: root/src/expr
diff options
context:
space:
mode:
Diffstat (limited to 'src/expr')
-rw-r--r--src/expr/bitwise.rs59
-rw-r--r--src/expr/immediate.rs33
-rw-r--r--src/expr/log.rs36
-rw-r--r--src/expr/meta.rs45
-rw-r--r--src/expr/mod.rs64
-rw-r--r--src/expr/reject.rs34
-rw-r--r--src/expr/verdict.rs46
7 files changed, 101 insertions, 216 deletions
diff --git a/src/expr/bitwise.rs b/src/expr/bitwise.rs
index 73c2467..29d2d63 100644
--- a/src/expr/bitwise.rs
+++ b/src/expr/bitwise.rs
@@ -1,46 +1,25 @@
+use rustables_macros::nfnetlink_struct;
+
use super::{Expression, ExpressionData, Register};
-use crate::create_wrapper_type;
use crate::parser::DecodeError;
-use crate::sys;
+use crate::sys::{
+ NFTA_BITWISE_DREG, NFTA_BITWISE_LEN, NFTA_BITWISE_MASK, NFTA_BITWISE_SREG, NFTA_BITWISE_XOR,
+};
-create_wrapper_type!(
- inline: Bitwise,
- [
- (
- get_sreg,
- set_sreg,
- with_sreg,
- sys::NFTA_BITWISE_SREG,
- sreg,
- Register
- ),
- (
- get_dreg,
- set_dreg,
- with_dreg,
- sys::NFTA_BITWISE_DREG,
- dreg,
- Register
- ),
- (get_len, set_len, with_len, sys::NFTA_BITWISE_LEN, len, u32),
- (
- get_mask,
- set_mask,
- with_mask,
- sys::NFTA_BITWISE_MASK,
- mask,
- ExpressionData
- ),
- (
- get_xor,
- set_xor,
- with_xor,
- sys::NFTA_BITWISE_XOR,
- xor,
- ExpressionData
- )
- ]
-);
+#[derive(Clone, PartialEq, Eq, Default, Debug)]
+#[nfnetlink_struct]
+pub struct Bitwise {
+ #[field(NFTA_BITWISE_SREG)]
+ sreg: Register,
+ #[field(NFTA_BITWISE_DREG)]
+ dreg: Register,
+ #[field(NFTA_BITWISE_LEN)]
+ len: u32,
+ #[field(NFTA_BITWISE_MASK)]
+ mask: ExpressionData,
+ #[field(NFTA_BITWISE_XOR)]
+ xor: ExpressionData,
+}
impl Expression for Bitwise {
fn get_name() -> &'static str {
diff --git a/src/expr/immediate.rs b/src/expr/immediate.rs
index 925ca06..134f7e1 100644
--- a/src/expr/immediate.rs
+++ b/src/expr/immediate.rs
@@ -1,27 +1,16 @@
+use rustables_macros::nfnetlink_struct;
+
use super::{Expression, ExpressionData, Register};
-use crate::{create_wrapper_type, sys};
+use crate::sys::{NFTA_IMMEDIATE_DATA, NFTA_IMMEDIATE_DREG};
-create_wrapper_type!(
- inline: Immediate,
- [
- (
- get_dreg,
- set_dreg,
- with_dreg,
- sys::NFTA_IMMEDIATE_DREG,
- dreg,
- Register
- ),
- (
- get_data,
- set_data,
- with_data,
- sys::NFTA_IMMEDIATE_DATA,
- data,
- ExpressionData
- )
- ]
-);
+#[derive(Clone, PartialEq, Eq, Default, Debug)]
+#[nfnetlink_struct]
+pub struct Immediate {
+ #[field(NFTA_IMMEDIATE_DREG)]
+ dreg: Register,
+ #[field(NFTA_IMMEDIATE_DATA)]
+ data: ExpressionData,
+}
impl Immediate {
pub fn new_data(data: Vec<u8>, register: Register) -> Self {
diff --git a/src/expr/log.rs b/src/expr/log.rs
index 82c201d..3c72257 100644
--- a/src/expr/log.rs
+++ b/src/expr/log.rs
@@ -1,29 +1,17 @@
+use rustables_macros::nfnetlink_struct;
+
use super::{Expression, ExpressionError};
-use crate::create_wrapper_type;
-use crate::sys;
+use crate::sys::{NFTA_LOG_GROUP, NFTA_LOG_PREFIX};
-// A Log expression will log all packets that match the rule.
-create_wrapper_type!(
- inline: Log,
- [
- (
- get_group,
- set_group,
- with_group,
- sys::NFTA_LOG_GROUP,
- group,
- u32
- ),
- (
- get_prefix,
- set_prefix,
- with_prefix,
- sys::NFTA_LOG_PREFIX,
- prefix,
- String
- )
- ]
-);
+#[derive(Clone, PartialEq, Eq, Default, Debug)]
+#[nfnetlink_struct]
+/// A Log expression will log all packets that match the rule.
+pub struct Log {
+ #[field(NFTA_LOG_GROUP)]
+ group: u32,
+ #[field(NFTA_LOG_PREFIX)]
+ prefix: String,
+}
impl Log {
pub fn new(
diff --git a/src/expr/meta.rs b/src/expr/meta.rs
index bb8023d..c4c1adb 100644
--- a/src/expr/meta.rs
+++ b/src/expr/meta.rs
@@ -1,11 +1,11 @@
-use super::{Expression, Register, Rule};
+use rustables_macros::nfnetlink_struct;
+
+use super::{Expression, Register};
use crate::{
- create_wrapper_type,
nlmsg::{NfNetlinkAttribute, NfNetlinkDeserializable},
parser::DecodeError,
sys,
};
-use std::convert::TryFrom;
/// A meta expression refers to meta data associated with a packet.
#[derive(Debug, Copy, Clone, Eq, PartialEq)]
@@ -78,35 +78,16 @@ impl NfNetlinkDeserializable for MetaType {
}
}
-create_wrapper_type!(
- inline: Meta,
- [
- (
- get_dreg,
- set_dreg,
- with_dreg,
- sys::NFTA_META_DREG,
- dreg,
- Register
- ),
- (
- get_key,
- set_key,
- with_key,
- sys::NFTA_META_KEY,
- key,
- MetaType
- ),
- (
- get_sreg,
- set_sreg,
- with_sreg,
- sys::NFTA_META_SREG,
- sreg,
- Register
- )
- ]
-);
+#[derive(Clone, PartialEq, Eq, Default, Debug)]
+#[nfnetlink_struct]
+pub struct Meta {
+ #[field(sys::NFTA_META_DREG)]
+ dreg: Register,
+ #[field(sys::NFTA_META_KEY)]
+ key: MetaType,
+ #[field(sys::NFTA_META_SREG)]
+ sreg: Register,
+}
impl Expression for Meta {
fn get_name() -> &'static str {
diff --git a/src/expr/mod.rs b/src/expr/mod.rs
index e5c2729..63385e0 100644
--- a/src/expr/mod.rs
+++ b/src/expr/mod.rs
@@ -6,8 +6,6 @@
use std::fmt::Debug;
use std::mem::transmute;
-use super::rule::Rule;
-use crate::create_wrapper_type;
use crate::nlmsg::NfNetlinkAttribute;
use crate::nlmsg::NfNetlinkDeserializable;
use crate::parser::pad_netlink_object;
@@ -15,7 +13,10 @@ use crate::parser::pad_netlink_object_with_variable_size;
use crate::parser::write_attribute;
use crate::parser::DecodeError;
use crate::sys::{self, nlattr};
-use libc::NLA_TYPE_MASK;
+use crate::sys::{
+ NFTA_DATA_VALUE, NFTA_DATA_VERDICT, NFTA_EXPR_DATA, NFTA_EXPR_NAME, NLA_TYPE_MASK,
+};
+use rustables_macros::nfnetlink_struct;
use thiserror::Error;
mod bitwise;
@@ -105,26 +106,14 @@ pub trait Expression {
fn get_name() -> &'static str;
}
-create_wrapper_type!(
- nested without_deser : RawExpression, [
- // Define the action netfilter will apply to packets processed by this chain, but that did not match any rules in it.
- (
- get_name,
- set_name,
- with_name,
- sys::NFTA_EXPR_NAME,
- name,
- String
- ),
- (
- get_data,
- set_data,
- with_data,
- sys::NFTA_EXPR_DATA,
- data,
- ExpressionVariant
- )
-]);
+#[derive(Clone, PartialEq, Eq, Default, Debug)]
+#[nfnetlink_struct(nested = true, derive_decoder = false)]
+pub struct RawExpression {
+ #[field(NFTA_EXPR_NAME)]
+ name: String,
+ #[field(NFTA_EXPR_DATA)]
+ data: ExpressionVariant,
+}
impl RawExpression {
pub fn new<T>(expr: T) -> Self
@@ -338,27 +327,14 @@ where
}
}
-create_wrapper_type!(
- nested : ExpressionData,
- [
- (
- get_value,
- set_value,
- with_value,
- sys::NFTA_DATA_VALUE,
- value,
- Vec<u8>
- ),
- (
- get_verdict,
- set_verdict,
- with_verdict,
- sys::NFTA_DATA_VERDICT,
- verdict,
- VerdictAttribute
- )
- ]
-);
+#[derive(Clone, PartialEq, Eq, Default, Debug)]
+#[nfnetlink_struct(nested = true)]
+pub struct ExpressionData {
+ #[field(NFTA_DATA_VALUE)]
+ value: Vec<u8>,
+ #[field(NFTA_DATA_VERDICT)]
+ verdict: VerdictAttribute,
+}
// default type for expressions that we do not handle yet
#[derive(Debug, Clone, PartialEq, Eq)]
diff --git a/src/expr/reject.rs b/src/expr/reject.rs
index e15f905..10b95ea 100644
--- a/src/expr/reject.rs
+++ b/src/expr/reject.rs
@@ -1,5 +1,6 @@
+use rustables_macros::nfnetlink_struct;
+
use crate::{
- create_wrapper_type,
nlmsg::{NfNetlinkAttribute, NfNetlinkDeserializable},
parser::DecodeError,
sys,
@@ -13,28 +14,15 @@ impl Expression for Reject {
}
}
-// A reject expression that defines the type of rejection message sent when discarding a packet.
-create_wrapper_type!(
- inline: Reject,
- [
- (
- get_type,
- set_type,
- with_type,
- sys::NFTA_REJECT_TYPE,
- reject_type,
- RejectType
- ),
- (
- get_icmp_code,
- set_icmp_code,
- with_icmp_code,
- sys::NFTA_REJECT_ICMP_CODE,
- icmp_code,
- IcmpCode
- )
- ]
-);
+#[derive(Clone, PartialEq, Eq, Default, Debug)]
+#[nfnetlink_struct]
+/// A reject expression that defines the type of rejection message sent when discarding a packet.
+pub struct Reject {
+ #[field(sys::NFTA_REJECT_TYPE, name_in_functions = "type")]
+ reject_type: RejectType,
+ #[field(sys::NFTA_REJECT_ICMP_CODE)]
+ icmp_code: IcmpCode,
+}
/// An ICMP reject code.
#[derive(Debug, Clone, Copy, Eq, PartialEq, Hash)]
diff --git a/src/expr/verdict.rs b/src/expr/verdict.rs
index 547ba91..fc13f8a 100644
--- a/src/expr/verdict.rs
+++ b/src/expr/verdict.rs
@@ -1,13 +1,16 @@
use std::fmt::Debug;
use libc::{NF_ACCEPT, NF_DROP, NF_QUEUE};
+use rustables_macros::nfnetlink_struct;
use super::{ExpressionData, Immediate, Register};
use crate::{
- create_wrapper_type,
nlmsg::{NfNetlinkAttribute, NfNetlinkDeserializable},
parser::DecodeError,
- sys::{self, NFT_BREAK, NFT_CONTINUE, NFT_GOTO, NFT_JUMP, NFT_RETURN},
+ sys::{
+ NFTA_VERDICT_CHAIN, NFTA_VERDICT_CHAIN_ID, NFTA_VERDICT_CODE, NFT_BREAK, NFT_CONTINUE,
+ NFT_GOTO, NFT_JUMP, NFT_RETURN,
+ },
};
#[derive(Debug, Copy, Clone, Eq, PartialEq, Hash)]
@@ -53,35 +56,16 @@ impl NfNetlinkDeserializable for VerdictType {
}
}
-create_wrapper_type!(
- nested: VerdictAttribute,
- [
- (
- get_code,
- set_code,
- with_code,
- sys::NFTA_VERDICT_CODE,
- code,
- VerdictType
- ),
- (
- get_chain,
- set_chain,
- with_chain,
- sys::NFTA_VERDICT_CHAIN,
- chain,
- String
- ),
- (
- get_chain_id,
- set_chain_id,
- with_chain_id,
- sys::NFTA_VERDICT_CHAIN_ID,
- chain_id,
- u32
- )
- ]
-);
+#[derive(Clone, PartialEq, Eq, Default, Debug)]
+#[nfnetlink_struct(nested = true)]
+pub struct VerdictAttribute {
+ #[field(NFTA_VERDICT_CODE)]
+ code: VerdictType,
+ #[field(NFTA_VERDICT_CHAIN)]
+ chain: String,
+ #[field(NFTA_VERDICT_CHAIN_ID)]
+ chain_id: u32,
+}
#[derive(Debug, Clone, Eq, PartialEq, Hash)]
pub enum VerdictKind {
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-10 11:12:38 +0000