[PATCH v1 6/6] netlink_netfilter: decode hooks

Mathis Marion Mathis.Marion at silabs.com
Thu Jun 12 09:56:06 UTC 2025 

From: Mathis Marion <mathis.marion at silabs.com>

Signed-off-by: Mathis Marion <mathis.marion at silabs.com>
---
 src/netlink_netfilter.c      | 31 ++++++++++++++++++++++++++++++-
 src/xlat/nft_device_attrs.in |  4 ++++
 src/xlat/nft_hook_attrs.in   |  7 +++++++
 3 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 src/xlat/nft_device_attrs.in
 create mode 100644 src/xlat/nft_hook_attrs.in

diff --git a/src/netlink_netfilter.c b/src/netlink_netfilter.c
index fd226e05f..fd8dbc76c 100644
--- a/src/netlink_netfilter.c
+++ b/src/netlink_netfilter.c
@@ -26,11 +26,13 @@
 #include "xlat/nft_cmp_ops.h"
 #include "xlat/nft_counter_attrs.h"
 #include "xlat/nft_data_attrs.h"
+#include "xlat/nft_device_attrs.h"
 #include "xlat/nft_expr_attrs.h"
 #include "xlat/nft_flowtable_attrs.h"
 #include "xlat/nft_gen_attrs.h"
 #include "xlat/nft_obj_attrs.h"
 #include "xlat/nft_objects.h"
+#include "xlat/nft_hook_attrs.h"
 #include "xlat/nft_immediate_attrs.h"
 #include "xlat/nft_list_attrs.h"
 #include "xlat/nft_lookup_attrs.h"
@@ -300,11 +302,38 @@ static bool decode_counters(struct tcb *tcp, kernel_ulong_t addr,
 	return true;
 }
 
+static bool decode_devs(struct tcb *tcp, kernel_ulong_t addr,
+			unsigned int len, const void *opaque_data)
+{
+	static const nla_decoder_t decoders[] = {
+		[NFTA_DEVICE_NAME]	= decode_nla_str,
+	};
+
+	decode_nlattr(tcp, addr, len, nft_device_attrs, "NFTA_DEVICE_???",
+		      decoders, ARRAY_SIZE(decoders), opaque_data);
+	return true;
+}
+
+static bool decode_hook(struct tcb *tcp, kernel_ulong_t addr,
+			unsigned int len, const void *opaque_data)
+{
+	static const nla_decoder_t decoders[] = {
+		[NFTA_HOOK_HOOKNUM]	= decode_nla_be32,
+		[NFTA_HOOK_PRIORITY]	= decode_nla_be32,
+		[NFTA_HOOK_DEV]		= decode_nla_str,
+		[NFTA_HOOK_DEVS]	= decode_devs,
+	};
+
+	decode_nlattr(tcp, addr, len, nft_hook_attrs, "NFTA_HOOK_???",
+		      decoders, ARRAY_SIZE(decoders), opaque_data);
+	return true;
+}
+
 static const nla_decoder_t nfta_chain_decoders[] = {
 	[NFTA_CHAIN_TABLE]	= decode_nla_str,
 	[NFTA_CHAIN_HANDLE]	= decode_nla_be64,
 	[NFTA_CHAIN_NAME]	= decode_nla_str,
-	[NFTA_CHAIN_HOOK]	= NULL, // TODO
+	[NFTA_CHAIN_HOOK]	= decode_hook,
 	[NFTA_CHAIN_POLICY]	= decode_verdict_code,
 	[NFTA_CHAIN_USE]	= decode_nla_be32,
 	[NFTA_CHAIN_TYPE]	= decode_nla_str,
diff --git a/src/xlat/nft_device_attrs.in b/src/xlat/nft_device_attrs.in
new file mode 100644
index 000000000..883e3bb1d
--- /dev/null
+++ b/src/xlat/nft_device_attrs.in
@@ -0,0 +1,4 @@
+#unconditional
+#value_indexed
+NFTA_DEVICE_UNSPEC
+NFTA_DEVICE_NAME
diff --git a/src/xlat/nft_hook_attrs.in b/src/xlat/nft_hook_attrs.in
new file mode 100644
index 000000000..3cb8e1e22
--- /dev/null
+++ b/src/xlat/nft_hook_attrs.in
@@ -0,0 +1,7 @@
+#unconditional
+#value_indexed
+NFTA_HOOK_UNSPEC
+NFTA_HOOK_HOOKNUM
+NFTA_HOOK_PRIORITY
+NFTA_HOOK_DEV
+NFTA_HOOK_DEVS
-- 
2.47.2

More information about the Strace-devel mailing list