[PATCH v1 4/6] netlink_netfilter: decode enums and flags

Thu Jun 19 13:30:26 UTC 2025

On Thu, Jun 12, 2025 at 11:56:04AM +0200, Mathis Marion wrote:
> From: Mathis Marion <mathis.marion at silabs.com>
> 
> Signed-off-by: Mathis Marion <mathis.marion at silabs.com>
> ---
>  src/netlink_netfilter.c            | 131 +++++++++++++++++++++++------
>  src/xlat/nft_chain_flags.in        |   4 +
>  src/xlat/nft_cmp_ops.in            |   8 ++
>  src/xlat/nft_flowtable_flags.in    |   3 +
>  src/xlat/nft_meta_keys.in          |  38 +++++++++
>  src/xlat/nft_objects.in            |  12 +++
>  src/xlat/nft_payload_bases.in      |   7 ++
>  src/xlat/nft_payload_csum_flags.in |   2 +
>  src/xlat/nft_payload_csum_types.in |   5 ++
>  src/xlat/nft_registers.in          |  23 +++++
>  src/xlat/nft_set_elem_flags.in     |   3 +
>  src/xlat/nft_set_flags.in          |  10 +++
>  src/xlat/nft_set_policies.in       |   4 +
>  src/xlat/nft_table_flags.in        |   4 +
>  src/xlat/nft_trace_types.in        |   6 ++
>  src/xlat/nft_verdicts.in           |  12 +++
>  16 files changed, 246 insertions(+), 26 deletions(-)
>  create mode 100644 src/xlat/nft_chain_flags.in
>  create mode 100644 src/xlat/nft_cmp_ops.in
>  create mode 100644 src/xlat/nft_flowtable_flags.in
>  create mode 100644 src/xlat/nft_meta_keys.in
>  create mode 100644 src/xlat/nft_objects.in
>  create mode 100644 src/xlat/nft_payload_bases.in
>  create mode 100644 src/xlat/nft_payload_csum_flags.in
>  create mode 100644 src/xlat/nft_payload_csum_types.in
>  create mode 100644 src/xlat/nft_registers.in
>  create mode 100644 src/xlat/nft_set_elem_flags.in
>  create mode 100644 src/xlat/nft_set_flags.in
>  create mode 100644 src/xlat/nft_set_policies.in
>  create mode 100644 src/xlat/nft_table_flags.in
>  create mode 100644 src/xlat/nft_trace_types.in
>  create mode 100644 src/xlat/nft_verdicts.in
> 
> diff --git a/src/netlink_netfilter.c b/src/netlink_netfilter.c
> index f2556c0a5..8fe11882c 100644
> --- a/src/netlink_netfilter.c
> +++ b/src/netlink_netfilter.c
> @@ -14,35 +14,99 @@
>  #include "netlink.h"
>  #include <linux/netfilter/nfnetlink.h>
>  #include <linux/netfilter/nf_tables.h>
> +#include <linux/netfilter.h>
>  
>  #include "xlat/netfilter_versions.h"
>  #include "xlat/nl_netfilter_msg_types.h"
>  #include "xlat/nl_netfilter_subsys_ids.h"
> +#include "xlat/nft_chain_flags.h"
> +#include "xlat/nft_flowtable_flags.h"
>  #include "xlat/nft_chain_attrs.h"
>  #include "xlat/nft_cmp_attrs.h"
> +#include "xlat/nft_cmp_ops.h"
>  #include "xlat/nft_data_attrs.h"
>  #include "xlat/nft_expr_attrs.h"
>  #include "xlat/nft_flowtable_attrs.h"
>  #include "xlat/nft_gen_attrs.h"
>  #include "xlat/nft_obj_attrs.h"
> +#include "xlat/nft_objects.h"
>  #include "xlat/nft_immediate_attrs.h"
>  #include "xlat/nft_list_attrs.h"
>  #include "xlat/nft_lookup_attrs.h"
>  #include "xlat/nft_meta_attrs.h"
> +#include "xlat/nft_meta_keys.h"
>  #include "xlat/nft_payload_attrs.h"
> +#include "xlat/nft_registers.h"
>  #include "xlat/nft_rule_attrs.h"
>  #include "xlat/nft_set_attrs.h"
>  #include "xlat/nft_set_elem_attrs.h"
>  #include "xlat/nft_set_elem_list_attrs.h"
> +#include "xlat/nft_set_flags.h"
> +#include "xlat/nft_set_elem_flags.h"
> +#include "xlat/nft_set_policies.h"
>  #include "xlat/nft_table_attrs.h"
> +#include "xlat/nft_table_flags.h"
>  #include "xlat/nft_trace_attrs.h"
> +#include "xlat/nft_trace_types.h"
> +#include "xlat/nft_payload_bases.h"
> +#include "xlat/nft_payload_csum_flags.h"
> +#include "xlat/nft_payload_csum_types.h"
> +#include "xlat/nft_verdicts.h"
>  #include "xlat/nft_verdict_attrs.h"
>  
> +static bool decode_u32(struct tcb *tcp, kernel_ulong_t addr, unsigned int len,
> +		       const struct xlat *xlat, const char *dflt, bool is_flags)
> +{
> +	uint32_t val;
> +
> +	if (len < sizeof(val))
> +		return false;
> +	else if (!umove_or_printaddr(tcp, addr, &val)) {
> +		tprints_arg_begin("htonl");
> +		if (is_flags)
> +			printflags(xlat, ntohl(val), dflt);
> +		else
> +			printxval(xlat, ntohl(val), dflt);
> +		tprint_arg_end();
> +	}
> +	return true;
> +}
> +
> +#define DEFINE_U32_DECODER(name, xlat, dflt, is_flags) \
> +	static bool decode_##name(struct tcb *tcp, \
> +				  kernel_ulong_t addr, \
> +				  unsigned int len, \
> +				  const void *opaque_data) \
> +	{ \
> +		return decode_u32(tcp, addr, len, xlat, dflt, is_flags); \
> +	}
> +
> +#define DEFINE_ENUM_DECODER(name, xlat, dflt) \
> +	DEFINE_U32_DECODER(name, xlat, dflt, false)
> +#define DEFINE_FLAGS_DECODER(name, xlat, dflt) \
> +	DEFINE_U32_DECODER(name, xlat, dflt, true)
> +
> +DEFINE_ENUM_DECODER(reg,			nft_registers,		"NFT_REG_???")

Could we harmonize the naming so that names of functions would be made from
table names by prepending "decode_" prefix?

-- 
ldv