Objects implementation refactor

Refactored obj.go to a more generic approach Added object support for already implemented expressions Added test for limit object Fixes #253
google · Jun 25, 2024 · bf1fedd · bf1fedd
1 parent aa8348f
commit bf1fedd
Show file tree

Hide file tree

Showing 39 changed files with 1,139 additions and 356 deletions.
diff --git a/counter.go b/counter.go
@@ -16,11 +16,12 @@ package nftables
 
 import (
 	"github.com/google/nftables/binaryutil"
+	"github.com/google/nftables/expr"
 	"github.com/mdlayher/netlink"
 	"golang.org/x/sys/unix"
 )
 
-// CounterObj implements Obj.
+// Deprecated: Use ObjAttr instead
 type CounterObj struct {
 	Table *Table
 	Name  string // e.g. “fwded”
@@ -41,6 +42,20 @@ func (c *CounterObj) unmarshal(ad *netlink.AttributeDecoder) error {
 	return ad.Err()
 }
 
+func (c *CounterObj) data() expr.Any {
+	return &expr.Counter{
+		Bytes:   c.Bytes,
+		Packets: c.Packets,
+	}
+}
+
+func (c *CounterObj) name() string {
+	return c.Name
+}
+func (c *CounterObj) objType() ObjType {
+	return ObjTypeCounter
+}
+
 func (c *CounterObj) table() *Table {
 	return c.Table
 }

diff --git a/expr/bitwise.go b/expr/bitwise.go
@@ -31,6 +31,17 @@ type Bitwise struct {
 }
 
 func (e *Bitwise) marshal(fam byte) ([]byte, error) {
+	data, err := e.marshalData(fam)
+	if err != nil {
+		return nil, err
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("bitwise\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
+}
+
+func (e *Bitwise) marshalData(fam byte) ([]byte, error) {
 	mask, err := netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_DATA_VALUE, Data: e.Mask},
 	})
@@ -44,20 +55,13 @@ func (e *Bitwise) marshal(fam byte) ([]byte, error) {
 		return nil, err
 	}
 
-	data, err := netlink.MarshalAttributes([]netlink.Attribute{
+	return netlink.MarshalAttributes([]netlink.Attribute{
 		{Type: unix.NFTA_BITWISE_SREG, Data: binaryutil.BigEndian.PutUint32(e.SourceRegister)},
 		{Type: unix.NFTA_BITWISE_DREG, Data: binaryutil.BigEndian.PutUint32(e.DestRegister)},
 		{Type: unix.NFTA_BITWISE_LEN, Data: binaryutil.BigEndian.PutUint32(e.Len)},
 		{Type: unix.NLA_F_NESTED | unix.NFTA_BITWISE_MASK, Data: mask},
 		{Type: unix.NLA_F_NESTED | unix.NFTA_BITWISE_XOR, Data: xor},
 	})
-	if err != nil {
-		return nil, err
-	}
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("bitwise\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
-	})
 }
 
 func (e *Bitwise) unmarshal(fam byte, data []byte) error {

diff --git a/expr/byteorder.go b/expr/byteorder.go
@@ -38,13 +38,7 @@ type Byteorder struct {
 }
 
 func (e *Byteorder) marshal(fam byte) ([]byte, error) {
-	data, err := netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_BYTEORDER_SREG, Data: binaryutil.BigEndian.PutUint32(e.SourceRegister)},
-		{Type: unix.NFTA_BYTEORDER_DREG, Data: binaryutil.BigEndian.PutUint32(e.DestRegister)},
-		{Type: unix.NFTA_BYTEORDER_OP, Data: binaryutil.BigEndian.PutUint32(uint32(e.Op))},
-		{Type: unix.NFTA_BYTEORDER_LEN, Data: binaryutil.BigEndian.PutUint32(e.Len)},
-		{Type: unix.NFTA_BYTEORDER_SIZE, Data: binaryutil.BigEndian.PutUint32(e.Size)},
-	})
+	data, err := e.marshalData(fam)
 	if err != nil {
 		return nil, err
 	}
@@ -54,6 +48,16 @@ func (e *Byteorder) marshal(fam byte) ([]byte, error) {
 	})
 }
 
+func (e *Byteorder) marshalData(fam byte) ([]byte, error) {
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_BYTEORDER_SREG, Data: binaryutil.BigEndian.PutUint32(e.SourceRegister)},
+		{Type: unix.NFTA_BYTEORDER_DREG, Data: binaryutil.BigEndian.PutUint32(e.DestRegister)},
+		{Type: unix.NFTA_BYTEORDER_OP, Data: binaryutil.BigEndian.PutUint32(uint32(e.Op))},
+		{Type: unix.NFTA_BYTEORDER_LEN, Data: binaryutil.BigEndian.PutUint32(e.Len)},
+		{Type: unix.NFTA_BYTEORDER_SIZE, Data: binaryutil.BigEndian.PutUint32(e.Size)},
+	})
+}
+
 func (e *Byteorder) unmarshal(fam byte, data []byte) error {
 	return fmt.Errorf("not yet implemented")
 }
diff --git a/expr/connlimit.go b/expr/connlimit.go
@@ -37,10 +37,7 @@ type Connlimit struct {
 }
 
 func (e *Connlimit) marshal(fam byte) ([]byte, error) {
-	data, err := netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: NFTA_CONNLIMIT_COUNT, Data: binaryutil.BigEndian.PutUint32(e.Count)},
-		{Type: NFTA_CONNLIMIT_FLAGS, Data: binaryutil.BigEndian.PutUint32(e.Flags)},
-	})
+	data, err := e.marshalData(fam)
 	if err != nil {
 		return nil, err
 	}
@@ -51,6 +48,13 @@ func (e *Connlimit) marshal(fam byte) ([]byte, error) {
 	})
 }
 
+func (e *Connlimit) marshalData(fam byte) ([]byte, error) {
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: NFTA_CONNLIMIT_COUNT, Data: binaryutil.BigEndian.PutUint32(e.Count)},
+		{Type: NFTA_CONNLIMIT_FLAGS, Data: binaryutil.BigEndian.PutUint32(e.Flags)},
+	})
+}
+
 func (e *Connlimit) unmarshal(fam byte, data []byte) error {
 	ad, err := netlink.NewAttributeDecoder(data)
 	if err != nil {

diff --git a/expr/counter.go b/expr/counter.go
@@ -28,10 +28,7 @@ type Counter struct {
 }
 
 func (e *Counter) marshal(fam byte) ([]byte, error) {
-	data, err := netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_COUNTER_BYTES, Data: binaryutil.BigEndian.PutUint64(e.Bytes)},
-		{Type: unix.NFTA_COUNTER_PACKETS, Data: binaryutil.BigEndian.PutUint64(e.Packets)},
-	})
+	data, err := e.marshalData(fam)
 	if err != nil {
 		return nil, err
 	}
@@ -42,6 +39,13 @@ func (e *Counter) marshal(fam byte) ([]byte, error) {
 	})
 }
 
+func (e *Counter) marshalData(fam byte) ([]byte, error) {
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_COUNTER_BYTES, Data: binaryutil.BigEndian.PutUint64(e.Bytes)},
+		{Type: unix.NFTA_COUNTER_PACKETS, Data: binaryutil.BigEndian.PutUint64(e.Packets)},
+	})
+}
+
 func (e *Counter) unmarshal(fam byte, data []byte) error {
 	ad, err := netlink.NewAttributeDecoder(data)
 	if err != nil {

diff --git a/expr/ct.go b/expr/ct.go
@@ -64,7 +64,19 @@ type Ct struct {
 }
 
 func (e *Ct) marshal(fam byte) ([]byte, error) {
-	regData := []byte{}
+	exprData, err := e.marshalData(fam)
+	if err != nil {
+		return nil, err
+	}
+
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("ct\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: exprData},
+	})
+}
+
+func (e *Ct) marshalData(fam byte) ([]byte, error) {
+	var regData []byte
 	exprData, err := netlink.MarshalAttributes(
 		[]netlink.Attribute{
 			{Type: unix.NFTA_CT_KEY, Data: binaryutil.BigEndian.PutUint32(uint32(e.Key))},
@@ -90,11 +102,7 @@ func (e *Ct) marshal(fam byte) ([]byte, error) {
 		return nil, err
 	}
 	exprData = append(exprData, regData...)
-
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("ct\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: exprData},
-	})
+	return exprData, nil
 }
 
 func (e *Ct) unmarshal(fam byte, data []byte) error {

diff --git a/expr/dup.go b/expr/dup.go
@@ -29,16 +29,7 @@ type Dup struct {
 }
 
 func (e *Dup) marshal(fam byte) ([]byte, error) {
-	attrs := []netlink.Attribute{
-		{Type: unix.NFTA_DUP_SREG_ADDR, Data: binaryutil.BigEndian.PutUint32(e.RegAddr)},
-	}
-
-	if e.IsRegDevSet {
-		attrs = append(attrs, netlink.Attribute{Type: unix.NFTA_DUP_SREG_DEV, Data: binaryutil.BigEndian.PutUint32(e.RegDev)})
-	}
-
-	data, err := netlink.MarshalAttributes(attrs)
-
+	data, err := e.marshalData(fam)
 	if err != nil {
 		return nil, err
 	}
@@ -49,6 +40,18 @@ func (e *Dup) marshal(fam byte) ([]byte, error) {
 	})
 }
 
+func (e *Dup) marshalData(fam byte) ([]byte, error) {
+	attrs := []netlink.Attribute{
+		{Type: unix.NFTA_DUP_SREG_ADDR, Data: binaryutil.BigEndian.PutUint32(e.RegAddr)},
+	}
+
+	if e.IsRegDevSet {
+		attrs = append(attrs, netlink.Attribute{Type: unix.NFTA_DUP_SREG_DEV, Data: binaryutil.BigEndian.PutUint32(e.RegDev)})
+	}
+
+	return netlink.MarshalAttributes(attrs)
+}
+
 func (e *Dup) unmarshal(fam byte, data []byte) error {
 	ad, err := netlink.NewAttributeDecoder(data)
 	if err != nil {

diff --git a/expr/dynset.go b/expr/dynset.go
@@ -44,6 +44,18 @@ type Dynset struct {
 }
 
 func (e *Dynset) marshal(fam byte) ([]byte, error) {
+	opData, err := e.marshalData(fam)
+	if err != nil {
+		return nil, err
+	}
+
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("dynset\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: opData},
+	})
+}
+
+func (e *Dynset) marshalData(fam byte) ([]byte, error) {
 	// See: https://git.netfilter.org/libnftnl/tree/src/expr/dynset.c
 	var opAttrs []netlink.Attribute
 	opAttrs = append(opAttrs, netlink.Attribute{Type: unix.NFTA_DYNSET_SREG_KEY, Data: binaryutil.BigEndian.PutUint32(e.SrcRegKey)})
@@ -89,17 +101,9 @@ func (e *Dynset) marshal(fam byte) ([]byte, error) {
 			opAttrs = append(opAttrs, netlink.Attribute{Type: NFTA_DYNSET_EXPRESSIONS, Data: elemData})
 		}
 	}
-	opAttrs = append(opAttrs, netlink.Attribute{Type: unix.NFTA_DYNSET_FLAGS, Data: binaryutil.BigEndian.PutUint32(flags)})
-
-	opData, err := netlink.MarshalAttributes(opAttrs)
-	if err != nil {
-		return nil, err
-	}
 
-	return netlink.MarshalAttributes([]netlink.Attribute{
-		{Type: unix.NFTA_EXPR_NAME, Data: []byte("dynset\x00")},
-		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: opData},
-	})
+	opAttrs = append(opAttrs, netlink.Attribute{Type: unix.NFTA_DYNSET_FLAGS, Data: binaryutil.BigEndian.PutUint32(flags)})
+	return netlink.MarshalAttributes(opAttrs)
 }
 
 func (e *Dynset) unmarshal(fam byte, data []byte) error {
@@ -125,7 +129,7 @@ func (e *Dynset) unmarshal(fam byte, data []byte) error {
 		case unix.NFTA_DYNSET_FLAGS:
 			e.Invert = (ad.Uint32() & unix.NFT_DYNSET_F_INV) != 0
 		case unix.NFTA_DYNSET_EXPR:
-			exprs, err := parseexprfunc.ParseExprBytesFunc(fam, ad, ad.Bytes())
+			exprs, err := parseexprfunc.ParseExprBytesFunc(fam, ad)
 			if err != nil {
 				return err
 			}