[PATCH v1 2/6] netlink_netfilter: decode expressions

Dmitry V. Levin ldv at strace.io
Thu Jun 19 13:24:26 UTC 2025 

On Thu, Jun 12, 2025 at 11:56:02AM +0200, Mathis Marion wrote:
> From: Mathis Marion <mathis.marion at silabs.com>
> 
> Signed-off-by: Mathis Marion <mathis.marion at silabs.com>
> ---
>  src/netlink_netfilter.c         | 177 +++++++++++++++++++++++++++++++-
>  src/xlat/nft_cmp_attrs.in       |   6 ++
>  src/xlat/nft_data_attrs.in      |   5 +
>  src/xlat/nft_expr_attrs.in      |   5 +
>  src/xlat/nft_immediate_attrs.in |   5 +
>  src/xlat/nft_list_attrs.in      |   4 +
>  src/xlat/nft_lookup_attrs.in    |   8 ++
>  src/xlat/nft_meta_attrs.in      |   6 ++
>  src/xlat/nft_payload_attrs.in   |  11 ++
>  src/xlat/nft_verdict_attrs.in   |   6 ++
>  10 files changed, 229 insertions(+), 4 deletions(-)
>  create mode 100644 src/xlat/nft_cmp_attrs.in
>  create mode 100644 src/xlat/nft_data_attrs.in
>  create mode 100644 src/xlat/nft_expr_attrs.in
>  create mode 100644 src/xlat/nft_immediate_attrs.in
>  create mode 100644 src/xlat/nft_list_attrs.in
>  create mode 100644 src/xlat/nft_lookup_attrs.in
>  create mode 100644 src/xlat/nft_meta_attrs.in
>  create mode 100644 src/xlat/nft_payload_attrs.in
>  create mode 100644 src/xlat/nft_verdict_attrs.in
> 
> diff --git a/src/netlink_netfilter.c b/src/netlink_netfilter.c
> index 029a9bdf7..8e5d28f00 100644
> --- a/src/netlink_netfilter.c
> +++ b/src/netlink_netfilter.c
> @@ -19,14 +19,183 @@
>  #include "xlat/nl_netfilter_msg_types.h"
>  #include "xlat/nl_netfilter_subsys_ids.h"
>  #include "xlat/nft_chain_attrs.h"
> +#include "xlat/nft_cmp_attrs.h"
> +#include "xlat/nft_data_attrs.h"
> +#include "xlat/nft_expr_attrs.h"
>  #include "xlat/nft_flowtable_attrs.h"
>  #include "xlat/nft_gen_attrs.h"
>  #include "xlat/nft_obj_attrs.h"
> +#include "xlat/nft_immediate_attrs.h"
> +#include "xlat/nft_list_attrs.h"
> +#include "xlat/nft_lookup_attrs.h"
> +#include "xlat/nft_meta_attrs.h"
> +#include "xlat/nft_payload_attrs.h"
>  #include "xlat/nft_rule_attrs.h"
>  #include "xlat/nft_set_attrs.h"
> +#include "xlat/nft_set_elem_attrs.h"
>  #include "xlat/nft_set_elem_list_attrs.h"
>  #include "xlat/nft_table_attrs.h"
>  #include "xlat/nft_trace_attrs.h"
> +#include "xlat/nft_verdict_attrs.h"
> +
> +static bool decode_verdict(struct tcb *tcp, kernel_ulong_t addr,
> +			   unsigned int len, const void *opaque_data)
> +{
> +	static const nla_decoder_t decoders[] = {
> +		[NFTA_VERDICT_CODE]	= decode_nla_be32,
> +		[NFTA_VERDICT_CHAIN]	= decode_nla_str,
> +		[NFTA_VERDICT_CHAIN_ID]	= decode_nla_be32,
> +	};
> +
> +	decode_nlattr(tcp, addr, len, nft_verdict_attrs, "NFTA_VERDICT_???",
> +		      decoders, ARRAY_SIZE(decoders), opaque_data);

Here and in other similar cases, instead of
  arg, ARRAY_SIZE(arg)
we use
  ARRSZ_PAIR(arg)


-- 
ldv

More information about the Strace-devel mailing list