nft_metaload/set: Added dump implementation.

pkg/tcpip/nftables/nft_metaload.go

@@ -19,7 +19,6 @@ import (
 	"fmt"
 
 	"gvisor.dev/gvisor/pkg/abi/linux"
-	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/sentry/socket/netlink/nlmsg"
 	"gvisor.dev/gvisor/pkg/syserr"
 	"gvisor.dev/gvisor/pkg/tcpip/header"
@@ -165,8 +164,10 @@ func (op metaLoad) GetExprName() string {
 }
 
 func (op metaLoad) Dump() ([]byte, *syserr.AnnotatedError) {
-	log.Warningf("Nftables: Dumping meta load operation is not implemented")
-	return nil, nil
+	m := &nlmsg.Message{}
+	m.PutAttr(linux.NFTA_META_KEY, nlmsg.PutU32(uint32(op.key)))
+	m.PutAttr(linux.NFTA_META_DREG, nlmsg.PutU32(uint32(op.dreg)))
+	return m.Buffer(), nil
 }
 
 func initMetaLoad(attrs map[uint16]nlmsg.BytesView) (*metaLoad, *syserr.AnnotatedError) {

pkg/tcpip/nftables/nft_metaset.go

@@ -18,7 +18,6 @@ import (
 	"fmt"
 
 	"gvisor.dev/gvisor/pkg/abi/linux"
-	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/sentry/socket/netlink/nlmsg"
 	"gvisor.dev/gvisor/pkg/syserr"
 	"gvisor.dev/gvisor/pkg/tcpip"
@@ -70,10 +69,11 @@ func (op metaSet) GetExprName() string {
 	return "meta"
 }
 
-// TODO: b/452648112 - Implement dump for last operation.
 func (op metaSet) Dump() ([]byte, *syserr.AnnotatedError) {
-	log.Warningf("Nftables: Dumping meta set operation is not implemented")
-	return nil, nil
+	m := &nlmsg.Message{}
+	m.PutAttr(linux.NFTA_META_KEY, nlmsg.PutU32(uint32(op.key)))
+	m.PutAttr(linux.NFTA_META_SREG, nlmsg.PutU32(uint32(op.sreg)))
+	return m.Buffer(), nil
 }
 
 // newMetaSet creates a new metaSet operation.

pkg/tcpip/nftables/nftables_test.go

@@ -4228,9 +4228,23 @@ func TestDumpOperations(t *testing.T) {
 			name: "metaLoad",
 			op:   mustCreateMetaLoad(t, linux.NFT_META_LEN, linux.NFT_REG_1),
 			validate: func(dump []byte) error {
-				// TODO: b/452648112 - Implement validation for meta load operation when dump is implemented.
-				if dump != nil {
-					return fmt.Errorf("unexpected dump: %v, want nil", dump)
+				attrs, ok := NfParse(dump)
+				if !ok {
+					return fmt.Errorf("failed to parse dumped attributes")
+				}
+				key, ok := AttrNetToHost[uint32](linux.NFTA_META_KEY, attrs)
+				if !ok {
+					return fmt.Errorf("failed to get key value")
+				}
+				if key != linux.NFT_META_LEN {
+					return fmt.Errorf("unexpected key value: %d, want %d", key, linux.NFT_META_LEN)
+				}
+				reg, ok := AttrNetToHost[uint32](linux.NFTA_META_DREG, attrs)
+				if !ok {
+					return fmt.Errorf("failed to get dreg value")
+				}
+				if reg != linux.NFT_REG_1 {
+					return fmt.Errorf("unexpected dreg value: %d, want %d", reg, linux.NFT_REG_1)
 				}
 				return nil
 			},
@@ -4239,9 +4253,23 @@ func TestDumpOperations(t *testing.T) {
 			name: "metaSet",
 			op:   mustCreateMetaSet(t, linux.NFT_META_PKTTYPE, linux.NFT_REG_1),
 			validate: func(dump []byte) error {
-				// TODO: b/452648112 - Implement validation for meta set operation when dump is implemented.
-				if dump != nil {
-					return fmt.Errorf("unexpected dump: %v, want nil", dump)
+				attrs, ok := NfParse(dump)
+				if !ok {
+					return fmt.Errorf("failed to parse dumped attributes")
+				}
+				key, ok := AttrNetToHost[uint32](linux.NFTA_META_KEY, attrs)
+				if !ok {
+					return fmt.Errorf("failed to get key value")
+				}
+				if key != linux.NFT_META_PKTTYPE {
+					return fmt.Errorf("unexpected key value: %d, want %d", key, linux.NFT_META_PKTTYPE)
+				}
+				reg, ok := AttrNetToHost[uint32](linux.NFTA_META_SREG, attrs)
+				if !ok {
+					return fmt.Errorf("failed to get sreg value")
+				}
+				if reg != linux.NFT_REG_1 {
+					return fmt.Errorf("unexpected sreg value: %d, want %d", reg, linux.NFT_REG_1)
 				}
 				return nil
 			},