Skip to content

Instantly share code, notes, and snippets.

@faern

faern/nft-rule-add.c

Created February 15, 2018 13:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save faern/5f26bba2e34858176d24a421906209f3 to your computer and use it in GitHub Desktop.
Save faern/5f26bba2e34858176d24a421906209f3 to your computer and use it in GitHub Desktop.
Download ZIP
Adding an invalid rule to nftables that makes nft segfault
Raw
nft-rule-add.c
/*
* (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This software has been sponsored by Sophos Astaro <http://www.sophos.com>
*/
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include <stddef.h> /* for offsetof */
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <errno.h>
#include <linux/netfilter.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
#include <libmnl/libmnl.h>
#include <libnftnl/rule.h>
#include <libnftnl/expr.h>
static struct nftnl_rule *setup_rule()
{
struct nftnl_rule *rule;
struct nftnl_expr *payload_expr, *cmp_expr;
uint8_t mac[6] = {0, 0, 0, 0, 0, 0};
rule = nftnl_rule_alloc();
nftnl_rule_set(rule, NFTNL_RULE_TABLE, "my_table");
nftnl_rule_set(rule, NFTNL_RULE_CHAIN, "my_chain");
nftnl_rule_set_u32(rule, NFTNL_RULE_FAMILY, NFPROTO_INET);
payload_expr = nftnl_expr_alloc("payload");
nftnl_expr_set_u32(payload_expr, NFTNL_EXPR_PAYLOAD_BASE, NFT_PAYLOAD_LL_HEADER);
nftnl_expr_set_u32(payload_expr, NFTNL_EXPR_PAYLOAD_DREG, NFT_REG_1);
nftnl_expr_set_u32(payload_expr, NFTNL_EXPR_PAYLOAD_OFFSET, 0);
nftnl_expr_set_u32(payload_expr, NFTNL_EXPR_PAYLOAD_LEN, 6);
nftnl_rule_add_expr(rule, payload_expr);
cmp_expr = nftnl_expr_alloc("cmp");
nftnl_expr_set_u32(cmp_expr, NFTNL_EXPR_CMP_SREG, NFT_REG_1);
nftnl_expr_set_u32(cmp_expr, NFTNL_EXPR_CMP_OP, NFT_CMP_EQ);
nftnl_expr_set(cmp_expr, NFTNL_EXPR_CMP_DATA, &mac, 6);
nftnl_rule_add_expr(rule, cmp_expr);
return rule;
}
int main(int argc, char *argv[])
{
struct mnl_socket *nl;
struct nftnl_rule *r;
struct nlmsghdr *nlh;
struct mnl_nlmsg_batch *batch;
char buf[MNL_SOCKET_BUFFER_SIZE];
uint32_t seq = time(NULL);
int ret, batching;
r = setup_rule();
nl = mnl_socket_open(NETLINK_NETFILTER);
if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
perror("mnl_socket_bind");
exit(EXIT_FAILURE);
}
batching = nftnl_batch_is_supported();
if (batching < 0) {
perror("cannot talk to nfnetlink");
exit(EXIT_FAILURE);
}
batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
if (batching) {
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
}
nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
NFT_MSG_NEWRULE,
nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY),
NLM_F_APPEND|NLM_F_CREATE|NLM_F_ACK, seq++);
nftnl_rule_nlmsg_build_payload(nlh, r);
nftnl_rule_free(r);
mnl_nlmsg_batch_next(batch);
if (batching) {
nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
}
ret = mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch),
mnl_nlmsg_batch_size(batch));
if (ret == -1) {
perror("mnl_socket_sendto");
exit(EXIT_FAILURE);
}
mnl_nlmsg_batch_stop(batch);
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
if (ret == -1) {
perror("mnl_socket_recvfrom");
exit(EXIT_FAILURE);
}
ret = mnl_cb_run(buf, ret, 0, mnl_socket_get_portid(nl), NULL, NULL);
if (ret < 0) {
perror("mnl_cb_run");
exit(EXIT_FAILURE);
}
mnl_socket_close(nl);
return EXIT_SUCCESS;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment