diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-24 19:18:50 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-24 19:26:34 +0200 |
| commit | 6dc1c3d8bb64077da7f3f28c7368fb087d10a492 (patch) | |
| tree | 880fe8bacaaf4b72035a9c430f86e6e5a15ba9bf | |
| parent | dc240913458d591f59b52b3899d3fc3c5d6ec6ce (diff) | |
src: remove nftnl_rule_cmp() and nftnl_expr_cmp()
These functions are not very useful, rule comparison from this layer
does not work well with implicit set definitions.
This infrastructure was added as an attempt to support for deletion by
name from this layer, which should be done from higher level libnftables
library. Finally, we never had a client for this code in
git.netfilter.org.
Let's remove it and bump libversion for safety reasons.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
42 files changed, 5 insertions, 751 deletions
diff --git a/Make_global.am b/Make_global.am index e12a3f7..307816b 100644 --- a/Make_global.am +++ b/Make_global.am @@ -18,7 +18,7 @@ # set age to 0. # </snippet> # -LIBVERSION=10:0:3 +LIBVERSION=11:0:0 AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_srcdir}/include ${LIBMNL_CFLAGS} ${LIBMXML_CFLAGS} AM_CFLAGS = ${regular_CFLAGS} ${GCC_FVISIBILITY_HIDDEN} diff --git a/include/data_reg.h b/include/data_reg.h index 3fec7cd..f2675f2 100644 --- a/include/data_reg.h +++ b/include/data_reg.h @@ -28,8 +28,6 @@ int nftnl_data_reg_snprintf(char *buf, size_t size, const union nftnl_data_reg *reg, uint32_t output_format, uint32_t flags, int reg_type); -bool nftnl_data_reg_cmp(const union nftnl_data_reg *r1, - const union nftnl_data_reg *r2, int reg_type); struct nlattr; int nftnl_parse_data(union nftnl_data_reg *data, struct nlattr *attr, int *type); diff --git a/include/expr_ops.h b/include/expr_ops.h index 00548b3..a7f1b9a 100644 --- a/include/expr_ops.h +++ b/include/expr_ops.h @@ -13,7 +13,6 @@ struct expr_ops { uint32_t alloc_len; int max_attr; void (*free)(const struct nftnl_expr *e); - bool (*cmp)(const struct nftnl_expr *e1, const struct nftnl_expr *e2); int (*set)(struct nftnl_expr *e, uint16_t type, const void *data, uint32_t data_len); const void *(*get)(const struct nftnl_expr *e, uint16_t type, uint32_t *data_len); int (*parse)(struct nftnl_expr *e, struct nlattr *attr); diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h index 6988c62..cb1b54b 100644 --- a/include/libnftnl/expr.h +++ b/include/libnftnl/expr.h @@ -36,8 +36,6 @@ uint32_t nftnl_expr_get_u32(const struct nftnl_expr *expr, uint16_t type); uint64_t nftnl_expr_get_u64(const struct nftnl_expr *expr, uint16_t type); const char *nftnl_expr_get_str(const struct nftnl_expr *expr, uint16_t type); -bool nftnl_expr_cmp(const struct nftnl_expr *e1, const struct nftnl_expr *e2); - int nftnl_expr_snprintf(char *buf, size_t buflen, const struct nftnl_expr *expr, uint32_t type, uint32_t flags); int nftnl_expr_fprintf(FILE *fp, const struct nftnl_expr *expr, uint32_t type, uint32_t flags); diff --git a/include/libnftnl/rule.h b/include/libnftnl/rule.h index 765d2ce..8501c86 100644 --- a/include/libnftnl/rule.h +++ b/include/libnftnl/rule.h @@ -51,8 +51,6 @@ uint64_t nftnl_rule_get_u64(const struct nftnl_rule *r, uint16_t attr); void nftnl_rule_add_expr(struct nftnl_rule *r, struct nftnl_expr *expr); -bool nftnl_rule_cmp(const struct nftnl_rule *r1, const struct nftnl_rule *r2); - struct nlmsghdr; void nftnl_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_rule *t); @@ -203,16 +203,6 @@ const char *nftnl_expr_get_str(const struct nftnl_expr *expr, uint16_t type) return (const char *)nftnl_expr_get(expr, type, &data_len); } -EXPORT_SYMBOL(nftnl_expr_cmp); -bool nftnl_expr_cmp(const struct nftnl_expr *e1, const struct nftnl_expr *e2) -{ - if (e1->flags != e2->flags || - strcmp(e1->ops->name, e2->ops->name) != 0) - return false; - - return e1->ops->cmp(e1, e2); -} - void nftnl_expr_build_payload(struct nlmsghdr *nlh, struct nftnl_expr *expr) { struct nlattr *nest; diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c index 79d6a51..c9d40df 100644 --- a/src/expr/bitwise.c +++ b/src/expr/bitwise.c @@ -211,32 +211,10 @@ nftnl_expr_bitwise_snprintf(char *buf, size_t size, uint32_t type, return -1; } -static bool nftnl_expr_bitwise_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_bitwise *b1 = nftnl_expr_data(e1); - struct nftnl_expr_bitwise *b2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_BITWISE_SREG)) - eq &= (b1->sreg == b2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_BITWISE_DREG)) - eq &= (b1->dreg == b2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_BITWISE_LEN)) - eq &= (b1->len == b2->len); - if (e1->flags & (1 << NFTNL_EXPR_BITWISE_MASK)) - eq &= nftnl_data_reg_cmp(&b1->mask, &b2->mask, DATA_VALUE); - if (e1->flags & (1 << NFTNL_EXPR_BITWISE_XOR)) - eq &= nftnl_data_reg_cmp(&b1->xor, &b2->xor, DATA_VALUE); - - return eq; -} - struct expr_ops expr_ops_bitwise = { .name = "bitwise", .alloc_len = sizeof(struct nftnl_expr_bitwise), .max_attr = NFTA_BITWISE_MAX, - .cmp = nftnl_expr_bitwise_cmp, .set = nftnl_expr_bitwise_set, .get = nftnl_expr_bitwise_get, .parse = nftnl_expr_bitwise_parse, diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c index 35c1450..efdfa2b 100644 --- a/src/expr/byteorder.c +++ b/src/expr/byteorder.c @@ -226,32 +226,10 @@ nftnl_expr_byteorder_snprintf(char *buf, size_t size, uint32_t type, return -1; } -static bool nftnl_expr_byteorder_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_byteorder *b1 = nftnl_expr_data(e1); - struct nftnl_expr_byteorder *b2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_BYTEORDER_SREG)) - eq &= (b1->sreg == b2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_BYTEORDER_DREG)) - eq &= (b1->dreg == b2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_BYTEORDER_OP)) - eq &= (b1->op == b2->op); - if (e1->flags & (1 << NFTNL_EXPR_BYTEORDER_LEN)) - eq &= (b1->len == b2->len); - if (e1->flags & (1 << NFTNL_EXPR_BYTEORDER_SIZE)) - eq &= (b1->size == b2->size); - - return eq; -} - struct expr_ops expr_ops_byteorder = { .name = "byteorder", .alloc_len = sizeof(struct nftnl_expr_byteorder), .max_attr = NFTA_BYTEORDER_MAX, - .cmp = nftnl_expr_byteorder_cmp, .set = nftnl_expr_byteorder_set, .get = nftnl_expr_byteorder_get, .parse = nftnl_expr_byteorder_parse, diff --git a/src/expr/cmp.c b/src/expr/cmp.c index e39a943..86d7842 100644 --- a/src/expr/cmp.c +++ b/src/expr/cmp.c @@ -208,28 +208,10 @@ nftnl_expr_cmp_snprintf(char *buf, size_t size, uint32_t type, return -1; } -static bool nftnl_expr_cmp_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_cmp *c1 = nftnl_expr_data(e1); - struct nftnl_expr_cmp *c2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_CMP_DATA)) - eq &= nftnl_data_reg_cmp(&c1->data, &c2->data, DATA_VALUE); - if (e1->flags & (1 << NFTNL_EXPR_CMP_SREG)) - eq &= (c1->sreg == c2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_CMP_OP)) - eq &= (c1->op == c2->op); - - return eq; -} - struct expr_ops expr_ops_cmp = { .name = "cmp", .alloc_len = sizeof(struct nftnl_expr_cmp), .max_attr = NFTA_CMP_MAX, - .cmp = nftnl_expr_cmp_cmp, .set = nftnl_expr_cmp_set, .get = nftnl_expr_cmp_get, .parse = nftnl_expr_cmp_parse, diff --git a/src/expr/connlimit.c b/src/expr/connlimit.c index 9fa0a7b..53af93b 100644 --- a/src/expr/connlimit.c +++ b/src/expr/connlimit.c @@ -141,26 +141,10 @@ static int nftnl_expr_connlimit_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_connlimit_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_connlimit *c1 = nftnl_expr_data(e1); - struct nftnl_expr_connlimit *c2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_CONNLIMIT_COUNT)) - eq &= (c1->count == c2->count); - if (e1->flags & (1 << NFTNL_EXPR_CONNLIMIT_FLAGS)) - eq &= (c1->flags == c2->flags); - - return eq; -} - struct expr_ops expr_ops_connlimit = { .name = "connlimit", .alloc_len = sizeof(struct nftnl_expr_connlimit), .max_attr = NFTA_CONNLIMIT_MAX, - .cmp = nftnl_expr_connlimit_cmp, .set = nftnl_expr_connlimit_set, .get = nftnl_expr_connlimit_get, .parse = nftnl_expr_connlimit_parse, diff --git a/src/expr/counter.c b/src/expr/counter.c index a1f6574..89a602e 100644 --- a/src/expr/counter.c +++ b/src/expr/counter.c @@ -139,26 +139,10 @@ static int nftnl_expr_counter_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_counter_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_counter *c1 = nftnl_expr_data(e1); - struct nftnl_expr_counter *c2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_CTR_PACKETS)) - eq &= (c1->pkts == c2->pkts); - if (e1->flags & (1 << NFTNL_EXPR_CTR_BYTES)) - eq &= (c1->pkts == c2->pkts); - - return eq; -} - struct expr_ops expr_ops_counter = { .name = "counter", .alloc_len = sizeof(struct nftnl_expr_counter), .max_attr = NFTA_COUNTER_MAX, - .cmp = nftnl_expr_counter_cmp, .set = nftnl_expr_counter_set, .get = nftnl_expr_counter_get, .parse = nftnl_expr_counter_parse, diff --git a/src/expr/ct.c b/src/expr/ct.c index e8a8c6c..b9ca2dc 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -264,30 +264,10 @@ nftnl_expr_ct_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_ct_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_ct *c1 = nftnl_expr_data(e1); - struct nftnl_expr_ct *c2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_CT_KEY)) - eq &= (c1->key == c2->key); - if (e1->flags & (1 << NFTNL_EXPR_CT_DREG)) - eq &= (c1->dreg == c2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_CT_SREG)) - eq &= (c1->sreg == c2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_CT_DIR)) - eq &= (c1->dir == c2->dir); - - return eq; -} - struct expr_ops expr_ops_ct = { .name = "ct", .alloc_len = sizeof(struct nftnl_expr_ct), .max_attr = NFTA_CT_MAX, - .cmp = nftnl_expr_ct_cmp, .set = nftnl_expr_ct_set, .get = nftnl_expr_ct_get, .parse = nftnl_expr_ct_parse, diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c index 48a012b..67165fe 100644 --- a/src/expr/data_reg.c +++ b/src/expr/data_reg.c @@ -93,23 +93,6 @@ int nftnl_data_reg_snprintf(char *buf, size_t size, return -1; } -bool nftnl_data_reg_cmp(const union nftnl_data_reg *r1, - const union nftnl_data_reg *r2, int reg_type) -{ - switch (reg_type) { - case DATA_VALUE: - return r1->len == r2->len && - !memcmp(r1->val, r2->val, r1->len); - case DATA_VERDICT: - return r1->verdict == r2->verdict; - case DATA_CHAIN: - return r1->verdict == r2->verdict && - !strcmp(r1->chain, r2->chain); - default: - return false; - } -} - static int nftnl_data_parse_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; diff --git a/src/expr/dup.c b/src/expr/dup.c index c08ccd2..2bb35e5 100644 --- a/src/expr/dup.c +++ b/src/expr/dup.c @@ -146,26 +146,10 @@ static int nftnl_expr_dup_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_dup_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_dup *d1 = nftnl_expr_data(e1); - struct nftnl_expr_dup *d2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_DUP_SREG_ADDR)) - eq &= (d1->sreg_addr == d2->sreg_addr); - if (e1->flags & (1 << NFTNL_EXPR_DUP_SREG_DEV)) - eq &= (d1->sreg_dev == d2->sreg_dev); - - return eq; -} - struct expr_ops expr_ops_dup = { .name = "dup", .alloc_len = sizeof(struct nftnl_expr_dup), .max_attr = NFTA_DUP_MAX, - .cmp = nftnl_expr_dup_cmp, .set = nftnl_expr_dup_set, .get = nftnl_expr_dup_get, .parse = nftnl_expr_dup_parse, diff --git a/src/expr/dynset.c b/src/expr/dynset.c index f009ec4..68115ba 100644 --- a/src/expr/dynset.c +++ b/src/expr/dynset.c @@ -279,37 +279,11 @@ static void nftnl_expr_dynset_free(const struct nftnl_expr *e) xfree(dynset->set_name); } -static bool nftnl_expr_dynset_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_dynset *d1 = nftnl_expr_data(e1); - struct nftnl_expr_dynset *d2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_SREG_KEY)) - eq &= (d1->sreg_key == d2->sreg_key); - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_SREG_DATA)) - eq &= (d1->sreg_data == d2->sreg_data); - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_OP)) - eq &= (d1->op == d2->op); - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_TIMEOUT)) - eq &= (d1->timeout == d2->timeout); - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_EXPR)) - eq &= nftnl_expr_cmp(d1->expr, d2->expr); - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_SET_NAME)) - eq &= !strcmp(d1->set_name, d2->set_name); - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_SET_ID)) - eq &= (d1->set_id == d2->set_id); - - return eq; -} - struct expr_ops expr_ops_dynset = { .name = "dynset", .alloc_len = sizeof(struct nftnl_expr_dynset), .max_attr = NFTA_DYNSET_MAX, .free = nftnl_expr_dynset_free, - .cmp = nftnl_expr_dynset_cmp, .set = nftnl_expr_dynset_set, .get = nftnl_expr_dynset_get, .parse = nftnl_expr_dynset_parse, diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c index 0e09814..bef453e 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c @@ -263,36 +263,10 @@ nftnl_expr_exthdr_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_exthdr_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_exthdr *h1 = nftnl_expr_data(e1); - struct nftnl_expr_exthdr *h2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_DREG)) - eq &= (h1->dreg == h2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_SREG)) - eq &= (h1->sreg == h2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_OFFSET)) - eq &= (h1->offset == h2->offset); - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_LEN)) - eq &= (h1->len == h2->len); - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_TYPE)) - eq &= (h1->type == h2->type); - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_OP)) - eq &= (h1->op == h2->op); - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_FLAGS)) - eq &= (h1->flags == h2->flags); - - return eq; -} - struct expr_ops expr_ops_exthdr = { .name = "exthdr", .alloc_len = sizeof(struct nftnl_expr_exthdr), .max_attr = NFTA_EXTHDR_MAX, - .cmp = nftnl_expr_exthdr_cmp, .set = nftnl_expr_exthdr_set, .get = nftnl_expr_exthdr_get, .parse = nftnl_expr_exthdr_parse, diff --git a/src/expr/fib.c b/src/expr/fib.c index 2f2d219..9475af4 100644 --- a/src/expr/fib.c +++ b/src/expr/fib.c @@ -205,28 +205,10 @@ nftnl_expr_fib_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_fib_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_fib *h1 = nftnl_expr_data(e1); - struct nftnl_expr_fib *h2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_FIB_RESULT)) - eq &= (h1->result == h2->result); - if (e1->flags & (1 << NFTNL_EXPR_FIB_DREG)) - eq &= (h1->dreg == h2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_FIB_FLAGS)) - eq &= (h1->flags == h2->flags); - - return eq; -} - struct expr_ops expr_ops_fib = { .name = "fib", .alloc_len = sizeof(struct nftnl_expr_fib), .max_attr = NFTA_FIB_MAX, - .cmp = nftnl_expr_fib_cmp, .set = nftnl_expr_fib_set, .get = nftnl_expr_fib_get, .parse = nftnl_expr_fib_parse, diff --git a/src/expr/flow_offload.c b/src/expr/flow_offload.c index 648099a..6ccec9a 100644 --- a/src/expr/flow_offload.c +++ b/src/expr/flow_offload.c @@ -125,25 +125,11 @@ static void nftnl_expr_flow_free(const struct nftnl_expr *e) xfree(flow->table_name); } -static bool nftnl_expr_flow_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_flow *l1 = nftnl_expr_data(e1); - struct nftnl_expr_flow *l2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_FLOW_TABLE_NAME)) - eq &= !strcmp(l1->table_name, l2->table_name); - - return eq; -} - struct expr_ops expr_ops_flow = { .name = "flow_offload", .alloc_len = sizeof(struct nftnl_expr_flow), .max_attr = NFTA_FLOW_MAX, .free = nftnl_expr_flow_free, - .cmp = nftnl_expr_flow_cmp, .set = nftnl_expr_flow_set, .get = nftnl_expr_flow_get, .parse = nftnl_expr_flow_parse, diff --git a/src/expr/fwd.c b/src/expr/fwd.c index 9cb0aca..cff8235 100644 --- a/src/expr/fwd.c +++ b/src/expr/fwd.c @@ -166,28 +166,10 @@ static int nftnl_expr_fwd_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_fwd_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_fwd *f1 = nftnl_expr_data(e1); - struct nftnl_expr_fwd *f2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_FWD_SREG_DEV)) - eq &= (f1->sreg_dev == f2->sreg_dev); - if (e1->flags & (1 << NFTNL_EXPR_FWD_SREG_ADDR)) - eq &= (f1->sreg_addr == f2->sreg_addr); - if (e1->flags & (1 << NFTNL_EXPR_FWD_NFPROTO)) - eq &= (f1->nfproto == f2->nfproto); - - return eq; -} - struct expr_ops expr_ops_fwd = { .name = "fwd", .alloc_len = sizeof(struct nftnl_expr_fwd), .max_attr = NFTA_FWD_MAX, - .cmp = nftnl_expr_fwd_cmp, .set = nftnl_expr_fwd_set, .get = nftnl_expr_fwd_get, .parse = nftnl_expr_fwd_parse, diff --git a/src/expr/hash.c b/src/expr/hash.c index 46b7901..f553a3c 100644 --- a/src/expr/hash.c +++ b/src/expr/hash.c @@ -276,40 +276,10 @@ nftnl_expr_hash_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_hash_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_hash *h1 = nftnl_expr_data(e1); - struct nftnl_expr_hash *h2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_HASH_SREG)) - eq &= (h1->sreg == h2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_HASH_DREG)) - eq &= (h1->dreg == h2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_HASH_LEN)) - eq &= (h1->len == h2->len); - if (e1->flags & (1 << NFTNL_EXPR_HASH_MODULUS)) - eq &= (h1->modulus == h2->modulus); - if (e1->flags & (1 << NFTNL_EXPR_HASH_SEED)) - eq &= (h1->seed == h2->seed); - if (e1->flags & (1 << NFTNL_EXPR_HASH_OFFSET)) - eq &= (h1->offset == h2->offset); - if (e1->flags & (1 << NFTNL_EXPR_HASH_TYPE)) - eq &= (h1->type == h2->type); - if (e1->flags & (1 << NFTNL_EXPR_HASH_SET_NAME)) - eq &= !strcmp(h1->map.name, h2->map.name); - if (e1->flags & (1 << NFTNL_EXPR_HASH_SET_ID)) - eq &= (h1->map.id == h2->map.id); - - return eq; -} - struct expr_ops expr_ops_hash = { .name = "hash", .alloc_len = sizeof(struct nftnl_expr_hash), .max_attr = NFTA_HASH_MAX, - .cmp = nftnl_expr_hash_cmp, .set = nftnl_expr_hash_set, .get = nftnl_expr_hash_get, .parse = nftnl_expr_hash_parse, diff --git a/src/expr/immediate.c b/src/expr/immediate.c index d5a7e86..47106ae 100644 --- a/src/expr/immediate.c +++ b/src/expr/immediate.c @@ -226,36 +226,11 @@ static void nftnl_expr_immediate_free(const struct nftnl_expr *e) nftnl_free_verdict(&imm->data); } -static bool nftnl_expr_immediate_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_immediate *i1 = nftnl_expr_data(e1); - struct nftnl_expr_immediate *i2 = nftnl_expr_data(e2); - bool eq = true; - int type = DATA_NONE; - - if (e1->flags & (1 << NFTNL_EXPR_IMM_DREG)) - eq &= (i1->dreg == i2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_IMM_VERDICT)) - if (e1->flags & (1 << NFTNL_EXPR_IMM_CHAIN)) - type = DATA_CHAIN; - else - type = DATA_VERDICT; - else if (e1->flags & (1 << NFTNL_EXPR_IMM_DATA)) - type = DATA_VALUE; - - if (type != DATA_NONE) - eq &= nftnl_data_reg_cmp(&i1->data, &i2->data, type); - - return eq; -} - struct expr_ops expr_ops_immediate = { .name = "immediate", .alloc_len = sizeof(struct nftnl_expr_immediate), .max_attr = NFTA_IMMEDIATE_MAX, .free = nftnl_expr_immediate_free, - .cmp = nftnl_expr_immediate_cmp, .set = nftnl_expr_immediate_set, .get = nftnl_expr_immediate_get, .parse = nftnl_expr_immediate_parse, diff --git a/src/expr/limit.c b/src/expr/limit.c index 2a0adba..5872e27 100644 --- a/src/expr/limit.c +++ b/src/expr/limit.c @@ -208,33 +208,11 @@ nftnl_expr_limit_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_limit_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_limit *l1 = nftnl_expr_data(e1); - struct nftnl_expr_limit *l2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_LIMIT_RATE)) - eq &= (l1->rate == l2->rate); - if (e1->flags & (1 << NFTNL_EXPR_LIMIT_UNIT)) - eq &= (l1->unit == l2->unit); - if (e1->flags & (1 << NFTNL_EXPR_LIMIT_BURST)) - eq &= (l1->burst == l2->burst); - if (e1->flags & (1 << NFTNL_EXPR_LIMIT_TYPE)) - eq &= (l1->type == l2->type); - if (e1->flags & (1 << NFTNL_EXPR_LIMIT_FLAGS)) - eq &= (l1->flags == l2->flags); - - return eq; -} - struct expr_ops expr_ops_limit = { .name = "limit", .alloc_len = sizeof(struct nftnl_expr_limit), .max_attr = NFTA_LIMIT_MAX, .set = nftnl_expr_limit_set, - .cmp = nftnl_expr_limit_cmp, .get = nftnl_expr_limit_get, .parse = nftnl_expr_limit_parse, .build = nftnl_expr_limit_build, diff --git a/src/expr/log.c b/src/expr/log.c index 1119c53..bbe43d2 100644 --- a/src/expr/log.c +++ b/src/expr/log.c @@ -258,35 +258,11 @@ static void nftnl_expr_log_free(const struct nftnl_expr *e) xfree(log->prefix); } -static bool nftnl_expr_log_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_log *l1 = nftnl_expr_data(e1); - struct nftnl_expr_log *l2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_LOG_SNAPLEN)) - eq &= (l1->snaplen == l2->snaplen); - if (e1->flags & (1 << NFTNL_EXPR_LOG_GROUP)) - eq &= (l1->group == l2->group); - if (e1->flags & (1 << NFTNL_EXPR_LOG_QTHRESHOLD)) - eq &= (l1->qthreshold == l2->qthreshold); - if (e1->flags & (1 << NFTNL_EXPR_LOG_LEVEL)) - eq &= (l1->level == l2->level); - if (e1->flags & (1 << NFTNL_EXPR_LOG_FLAGS)) - eq &= (l1->flags == l2->flags); - if (e1->flags & (1 << NFTNL_EXPR_LOG_PREFIX)) - eq &= !strcmp(l1->prefix, l2->prefix); - - return eq; -} - struct expr_ops expr_ops_log = { .name = "log", .alloc_len = sizeof(struct nftnl_expr_log), .max_attr = NFTA_LOG_MAX, .free = nftnl_expr_log_free, - .cmp = nftnl_expr_log_cmp, .set = nftnl_expr_log_set, .get = nftnl_expr_log_get, .parse = nftnl_expr_log_parse, diff --git a/src/expr/lookup.c b/src/expr/lookup.c index a502e2a..a495ac0 100644 --- a/src/expr/lookup.c +++ b/src/expr/lookup.c @@ -212,33 +212,11 @@ static void nftnl_expr_lookup_free(const struct nftnl_expr *e) xfree(lookup->set_name); } -static bool nftnl_expr_lookup_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_lookup *l1 = nftnl_expr_data(e1); - struct nftnl_expr_lookup *l2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_LOOKUP_SREG)) - eq &= (l1->sreg == l2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_LOOKUP_DREG)) - eq &= (l1->dreg == l2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_LOOKUP_SET)) - eq &= !strcmp(l1->set_name, l2->set_name); - if (e1->flags & (1 << NFTNL_EXPR_LOOKUP_SET_ID)) - eq &= (l1->set_id == l2->set_id); - if (e1->flags & (1 << NFTNL_EXPR_LOOKUP_FLAGS)) - eq &= (l1->flags == l2->flags); - - return eq; -} - struct expr_ops expr_ops_lookup = { .name = "lookup", .alloc_len = sizeof(struct nftnl_expr_lookup), .max_attr = NFTA_LOOKUP_MAX, .free = nftnl_expr_lookup_free, - .cmp = nftnl_expr_lookup_cmp, .set = nftnl_expr_lookup_set, .get = nftnl_expr_lookup_get, .parse = nftnl_expr_lookup_parse, diff --git a/src/expr/masq.c b/src/expr/masq.c index fe017f7..f6f3ceb 100644 --- a/src/expr/masq.c +++ b/src/expr/masq.c @@ -161,28 +161,10 @@ static int nftnl_expr_masq_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_masq_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_masq *m1 = nftnl_expr_data(e1); - struct nftnl_expr_masq *m2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_MASQ_FLAGS)) - eq &= (m1->flags == m2->flags); - if (e1->flags & (1 << NFTNL_EXPR_MASQ_REG_PROTO_MIN)) - eq &= (m1->sreg_proto_min == m2->sreg_proto_min); - if (e1->flags & (1 << NFTNL_EXPR_MASQ_REG_PROTO_MAX)) - eq &= (m1->sreg_proto_max == m2->sreg_proto_max); - - return eq; -} - struct expr_ops expr_ops_masq = { .name = "masq", .alloc_len = sizeof(struct nftnl_expr_masq), .max_attr = NFTA_MASQ_MAX, - .cmp = nftnl_expr_masq_cmp, .set = nftnl_expr_masq_set, .get = nftnl_expr_masq_get, .parse = nftnl_expr_masq_parse, diff --git a/src/expr/match.c b/src/expr/match.c index 2b3321d..4fa74b2 100644 --- a/src/expr/match.c +++ b/src/expr/match.c @@ -189,31 +189,11 @@ static void nftnl_expr_match_free(const struct nftnl_expr *e) xfree(match->data); } -static bool nftnl_expr_match_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_match *m1 = nftnl_expr_data(e1); - struct nftnl_expr_match *m2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_MT_NAME)) - eq &= !strcmp(m1->name, m2->name); - if (e1->flags & (1 << NFTNL_EXPR_MT_REV)) - eq &= (m1->rev == m2->rev); - if (e1->flags & (1 << NFTNL_EXPR_MT_INFO)) { - eq &= (m1->data_len == m2->data_len); - eq &= !memcmp(m1->data, m2->data, m1->data_len); - } - - return eq; -} - struct expr_ops expr_ops_match = { .name = "match", .alloc_len = sizeof(struct nftnl_expr_match), .max_attr = NFTA_MATCH_MAX, .free = nftnl_expr_match_free, - .cmp = nftnl_expr_match_cmp, .set = nftnl_expr_match_set, .get = nftnl_expr_match_get, .parse = nftnl_expr_match_parse, diff --git a/src/expr/meta.c b/src/expr/meta.c index 3654837..ffcc896 100644 --- a/src/expr/meta.c +++ b/src/expr/meta.c @@ -214,28 +214,10 @@ nftnl_expr_meta_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_meta_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_meta *m1 = nftnl_expr_data(e1); - struct nftnl_expr_meta *m2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_META_KEY)) - eq &= (m1->key == m2->key); - if (e1->flags & (1 << NFTNL_EXPR_META_DREG)) - eq &= (m1->dreg == m2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_META_SREG)) - eq &= (m1->sreg == m2->sreg); - - return eq; -} - struct expr_ops expr_ops_meta = { .name = "meta", .alloc_len = sizeof(struct nftnl_expr_meta), .max_attr = NFTA_META_MAX, - .cmp = nftnl_expr_meta_cmp, .set = nftnl_expr_meta_set, .get = nftnl_expr_meta_get, .parse = nftnl_expr_meta_parse, diff --git a/src/expr/nat.c b/src/expr/nat.c index 38fccb0..6b7d50e 100644 --- a/src/expr/nat.c +++ b/src/expr/nat.c @@ -271,35 +271,10 @@ nftnl_expr_nat_snprintf(char *buf, size_t size, uint32_t type, return -1; } -static bool nftnl_expr_nat_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_nat *n1 = nftnl_expr_data(e1); - struct nftnl_expr_nat *n2 = nftnl_expr_data(e2); - bool eq = true; - if (e1->flags & (1 << NFTNL_EXPR_NAT_REG_ADDR_MIN)) - eq &= (n1->sreg_addr_min == n2->sreg_addr_min); - if (e1->flags & (1 << NFTNL_EXPR_NAT_REG_ADDR_MAX)) - eq &= (n1->sreg_addr_max == n2->sreg_addr_max); - if (e1->flags & (1 << NFTNL_EXPR_NAT_REG_PROTO_MIN)) - eq &= (n1->sreg_proto_min == n2->sreg_proto_min); - if (e1->flags & (1 << NFTNL_EXPR_NAT_REG_PROTO_MAX)) - eq &= (n1->sreg_proto_max == n2->sreg_proto_max); - if (e1->flags & (1 << NFTNL_EXPR_NAT_FAMILY)) - eq &= (n1->family == n2->family); - if (e1->flags & (1 << NFTNL_EXPR_NAT_TYPE)) - eq &= (n1->type == n2->type); - if (e1->flags & (1 << NFTNL_EXPR_NAT_FLAGS)) - eq &= (n1->flags == n2->flags); - - return eq; -} - struct expr_ops expr_ops_nat = { .name = "nat", .alloc_len = sizeof(struct nftnl_expr_nat), .max_attr = NFTA_NAT_MAX, - .cmp = nftnl_expr_nat_cmp, .set = nftnl_expr_nat_set, .get = nftnl_expr_nat_get, .parse = nftnl_expr_nat_parse, diff --git a/src/expr/numgen.c b/src/expr/numgen.c index f940081..70d0d0d 100644 --- a/src/expr/numgen.c +++ b/src/expr/numgen.c @@ -230,34 +230,10 @@ nftnl_expr_ng_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_ng_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_ng *n1 = nftnl_expr_data(e1); - struct nftnl_expr_ng *n2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_NG_DREG)) - eq &= (n1->dreg == n2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_NG_MODULUS)) - eq &= (n1->modulus == n2->modulus); - if (e1->flags & (1 << NFTNL_EXPR_NG_TYPE)) - eq &= (n1->type == n2->type); - if (e1->flags & (1 << NFTNL_EXPR_NG_OFFSET)) - eq &= (n1->offset == n2->offset); - if (e1->flags & (1 << NFTNL_EXPR_NG_SET_NAME)) - eq &= !strcmp(n1->map.name, n2->map.name); - if (e1->flags & (1 << NFTNL_EXPR_NG_SET_ID)) - eq &= (n1->map.id == n2->map.id); - - return eq; -} - struct expr_ops expr_ops_ng = { .name = "numgen", .alloc_len = sizeof(struct nftnl_expr_ng), .max_attr = NFTA_NG_MAX, - .cmp = nftnl_expr_ng_cmp, .set = nftnl_expr_ng_set, .get = nftnl_expr_ng_get, .parse = nftnl_expr_ng_parse, diff --git a/src/expr/objref.c b/src/expr/objref.c index 3b815f5..7388b18 100644 --- a/src/expr/objref.c +++ b/src/expr/objref.c @@ -202,32 +202,10 @@ static int nftnl_expr_objref_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_objref_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_objref *c1 = nftnl_expr_data(e1); - struct nftnl_expr_objref *c2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_OBJREF_IMM_TYPE)) - eq &= (c1->imm.type == c2->imm.type); - if (e1->flags & (1 << NFTNL_EXPR_OBJREF_IMM_NAME)) - eq &= !strcmp(c1->imm.name, c2->imm.name); - if (e1->flags & (1 << NFTNL_EXPR_OBJREF_SET_SREG)) - eq &= (c1->set.sreg == c2->set.sreg); - if (e1->flags & (1 << NFTNL_EXPR_OBJREF_SET_NAME)) - eq &= !strcmp(c1->set.name, c2->set.name); - if (e1->flags & (1 << NFTNL_EXPR_OBJREF_SET_ID)) - eq &= (c1->set.id == c2->set.id); - - return eq; -} - struct expr_ops expr_ops_objref = { .name = "objref", .alloc_len = sizeof(struct nftnl_expr_objref), .max_attr = NFTA_OBJREF_MAX, - .cmp = nftnl_expr_objref_cmp, .set = nftnl_expr_objref_set, .get = nftnl_expr_objref_get, .parse = nftnl_expr_objref_parse, diff --git a/src/expr/osf.c b/src/expr/osf.c index 0860328..52da21f 100644 --- a/src/expr/osf.c +++ b/src/expr/osf.c @@ -136,27 +136,10 @@ nftnl_expr_osf_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_osf_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_osf *l1 = nftnl_expr_data(e1); - struct nftnl_expr_osf *l2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_OSF_DREG)) - eq &= (l1->dreg == l2->dreg); - - if (e1->flags & (1 << NFTNL_EXPR_OSF_TTL)) - eq &= (l1->ttl == l2->ttl); - - return eq; -} - struct expr_ops expr_ops_osf = { .name = "osf", .alloc_len = sizeof(struct nftnl_expr_osf), .max_attr = NFTA_OSF_MAX, - .cmp = nftnl_expr_osf_cmp, .set = nftnl_expr_osf_set, .get = nftnl_expr_osf_get, .parse = nftnl_expr_osf_parse, diff --git a/src/expr/payload.c b/src/expr/payload.c index 680da4a..2192dad 100644 --- a/src/expr/payload.c +++ b/src/expr/payload.c @@ -258,38 +258,10 @@ nftnl_expr_payload_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_payload_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_payload *p1 = nftnl_expr_data(e1); - struct nftnl_expr_payload *p2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_SREG)) - eq &= (p1->sreg == p2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_DREG)) - eq &= (p1->dreg == p2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_BASE)) - eq &= (p1->base == p2->base); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_OFFSET)) - eq &= (p1->offset == p2->offset); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_LEN)) - eq &= (p1->len == p2->len); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_CSUM_TYPE)) - eq &= (p1->csum_type == p2->csum_type); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_CSUM_OFFSET)) - eq &= (p1->csum_offset == p2->csum_offset); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_FLAGS)) - eq &= (p1->csum_flags == p2->csum_flags); - - return eq; -} - struct expr_ops expr_ops_payload = { .name = "payload", .alloc_len = sizeof(struct nftnl_expr_payload), .max_attr = NFTA_PAYLOAD_MAX, - .cmp = nftnl_expr_payload_cmp, .set = nftnl_expr_payload_set, .get = nftnl_expr_payload_get, .parse = nftnl_expr_payload_parse, diff --git a/src/expr/queue.c b/src/expr/queue.c index f9d8313..051ef71 100644 --- a/src/expr/queue.c +++ b/src/expr/queue.c @@ -199,30 +199,10 @@ nftnl_expr_queue_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_queue_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_queue *q1 = nftnl_expr_data(e1); - struct nftnl_expr_queue *q2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_QUEUE_NUM)) - eq &= (q1->queuenum == q2->queuenum); - if (e1->flags & (1 << NFTNL_EXPR_QUEUE_TOTAL)) - eq &= (q1->queues_total == q2->queues_total); - if (e1->flags & (1 << NFTNL_EXPR_QUEUE_FLAGS)) - eq &= (q1->flags == q2->flags); - if (e1->flags & (1 << NFTNL_EXPR_QUEUE_SREG_QNUM)) - eq &= (q1->sreg_qnum == q2->sreg_qnum); - - return eq; -} - struct expr_ops expr_ops_queue = { .name = "queue", .alloc_len = sizeof(struct nftnl_expr_queue), .max_attr = NFTA_QUEUE_MAX, - .cmp = nftnl_expr_queue_cmp, .set = nftnl_expr_queue_set, .get = nftnl_expr_queue_get, .parse = nftnl_expr_queue_parse, diff --git a/src/expr/redir.c b/src/expr/redir.c index 36c2e2b..477659a 100644 --- a/src/expr/redir.c +++ b/src/expr/redir.c @@ -173,28 +173,10 @@ nftnl_expr_redir_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_redir_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_redir *r1 = nftnl_expr_data(e1); - struct nftnl_expr_redir *r2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_REDIR_REG_PROTO_MIN)) - eq &= (r1->sreg_proto_min== r2->sreg_proto_min); - if (e1->flags & (1 << NFTNL_EXPR_REDIR_REG_PROTO_MAX)) - eq &= (r1->sreg_proto_max== r2->sreg_proto_max); - if (e1->flags & (1 << NFTNL_EXPR_REDIR_FLAGS)) - eq &= (r1->flags== r2->flags); - - return eq; -} - struct expr_ops expr_ops_redir = { .name = "redir", .alloc_len = sizeof(struct nftnl_expr_redir), .max_attr = NFTA_REDIR_MAX, - .cmp = nftnl_expr_redir_cmp, .set = nftnl_expr_redir_set, .get = nftnl_expr_redir_get, .parse = nftnl_expr_redir_parse, diff --git a/src/expr/reject.c b/src/expr/reject.c index 3e49076..141942e 100644 --- a/src/expr/reject.c +++ b/src/expr/reject.c @@ -140,26 +140,10 @@ nftnl_expr_reject_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_reject_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_reject *r1 = nftnl_expr_data(e1); - struct nftnl_expr_reject *r2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_REJECT_TYPE)) - eq &= (r1->type == r2->type); - if (e1->flags & (1 << NFTNL_EXPR_REJECT_CODE)) - eq &= (r1->icmp_code == r2->icmp_code); - - return eq; -} - struct expr_ops expr_ops_reject = { .name = "reject", .alloc_len = sizeof(struct nftnl_expr_reject), .max_attr = NFTA_REJECT_MAX, - .cmp = nftnl_expr_reject_cmp, .set = nftnl_expr_reject_set, .get = nftnl_expr_reject_get, .parse = nftnl_expr_reject_parse, diff --git a/src/expr/rt.c b/src/expr/rt.c index a112270..0fce72d 100644 --- a/src/expr/rt.c +++ b/src/expr/rt.c @@ -169,26 +169,10 @@ nftnl_expr_rt_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_rt_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_rt *r1 = nftnl_expr_data(e1); - struct nftnl_expr_rt *r2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_RT_KEY)) - eq &= (r1->key == r2->key); - if (e1->flags & (1 << NFTNL_EXPR_RT_DREG)) - eq &= (r1->dreg == r2->dreg); - - return eq; -} - struct expr_ops expr_ops_rt = { .name = "rt", .alloc_len = sizeof(struct nftnl_expr_rt), .max_attr = NFTA_RT_MAX, - .cmp = nftnl_expr_rt_cmp, .set = nftnl_expr_rt_set, .get = nftnl_expr_rt_get, .parse = nftnl_expr_rt_parse, diff --git a/src/expr/socket.c b/src/expr/socket.c index ebafa2f..96550d5 100644 --- a/src/expr/socket.c +++ b/src/expr/socket.c @@ -166,26 +166,10 @@ nftnl_expr_socket_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_socket_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_socket *r1 = nftnl_expr_data(e1); - struct nftnl_expr_socket *r2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_SOCKET_KEY)) - eq &= (r1->key == r2->key); - if (e1->flags & (1 << NFTNL_EXPR_SOCKET_DREG)) - eq &= (r1->dreg == r2->dreg); - - return eq; -} - struct expr_ops expr_ops_socket = { .name = "socket", .alloc_len = sizeof(struct nftnl_expr_socket), .max_attr = NFTA_SOCKET_MAX, - .cmp = nftnl_expr_socket_cmp, .set = nftnl_expr_socket_set, .get = nftnl_expr_socket_get, .parse = nftnl_expr_socket_parse, diff --git a/src/expr/target.c b/src/expr/target.c index bf2ba77..9100038 100644 --- a/src/expr/target.c +++ b/src/expr/target.c @@ -189,31 +189,11 @@ static void nftnl_expr_target_free(const struct nftnl_expr *e) xfree(target->data); } -static bool nftnl_expr_target_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_target *t1 = nftnl_expr_data(e1); - struct nftnl_expr_target *t2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_TG_NAME)) - eq &= !strcmp(t1->name, t2->name); - if (e1->flags & (1 << NFTNL_EXPR_TG_REV)) - eq &= (t1->rev == t2->rev); - if (e1->flags & (1 << NFTNL_EXPR_TG_INFO)) { - eq &= (t1->data_len == t2->data_len); - eq &= !memcmp(t1->data, t2->data, t1->data_len); - } - - return eq; -} - struct expr_ops expr_ops_target = { .name = "target", .alloc_len = sizeof(struct nftnl_expr_target), .max_attr = NFTA_TARGET_MAX, .free = nftnl_expr_target_free, - .cmp = nftnl_expr_target_cmp, .set = nftnl_expr_target_set, .get = nftnl_expr_target_get, .parse = nftnl_expr_target_parse, diff --git a/src/expr/tproxy.c b/src/expr/tproxy.c index d75abbc..3827b75 100644 --- a/src/expr/tproxy.c +++ b/src/expr/tproxy.c @@ -175,28 +175,10 @@ nftnl_expr_tproxy_snprintf(char *buf, size_t size, uint32_t type, return -1; } -static bool nftnl_expr_tproxy_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_tproxy *n1 = nftnl_expr_data(e1); - struct nftnl_expr_tproxy *n2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_TPROXY_REG_ADDR)) - eq &= (n1->sreg_addr == n2->sreg_addr); - if (e1->flags & (1 << NFTNL_EXPR_TPROXY_REG_PORT)) - eq &= (n1->sreg_port == n2->sreg_port); - if (e1->flags & (1 << NFTNL_EXPR_TPROXY_FAMILY)) - eq &= (n1->family == n2->family); - - return eq; -} - struct expr_ops expr_ops_tproxy = { .name = "tproxy", .alloc_len = sizeof(struct nftnl_expr_tproxy), .max_attr = NFTA_TPROXY_MAX, - .cmp = nftnl_expr_tproxy_cmp, .set = nftnl_expr_tproxy_set, .get = nftnl_expr_tproxy_get, .parse = nftnl_expr_tproxy_parse, diff --git a/src/expr/xfrm.c b/src/expr/xfrm.c index 7c6f98e..8fe5438 100644 --- a/src/expr/xfrm.c +++ b/src/expr/xfrm.c @@ -231,30 +231,10 @@ nftnl_expr_xfrm_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_xfrm_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_xfrm *x1 = nftnl_expr_data(e1); - struct nftnl_expr_xfrm *x2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_XFRM_KEY)) - eq &= (x1->key == x2->key); - if (e1->flags & (1 << NFTNL_EXPR_XFRM_DIR)) - eq &= (x1->dir == x2->dir); - if (e1->flags & (1 << NFTNL_EXPR_XFRM_SPNUM)) - eq &= (x1->spnum == x2->spnum); - if (e1->flags & (1 << NFTNL_EXPR_XFRM_DREG)) - eq &= (x1->dreg == x2->dreg); - - return eq; -} - struct expr_ops expr_ops_xfrm = { .name = "xfrm", .alloc_len = sizeof(struct nftnl_expr_xfrm), .max_attr = NFTA_XFRM_MAX, - .cmp = nftnl_expr_xfrm_cmp, .set = nftnl_expr_xfrm_set, .get = nftnl_expr_xfrm_get, .parse = nftnl_expr_xfrm_parse, diff --git a/src/libnftnl.map b/src/libnftnl.map index 0d6b20c..89414f2 100644 --- a/src/libnftnl.map +++ b/src/libnftnl.map @@ -1,4 +1,4 @@ -LIBNFTNL_5 { +LIBNFTNL_11 { global: nftnl_table_alloc; nftnl_table_free; @@ -271,9 +271,6 @@ global: nftnl_udata_next; nftnl_udata_parse; - nftnl_rule_cmp; - nftnl_expr_cmp; - nftnl_obj_alloc; nftnl_obj_free; nftnl_obj_is_set; @@ -307,14 +304,8 @@ global: nftnl_obj_list_iter_next; nftnl_obj_list_iter_destroy; -local: *; -}; - -LIBNFTNL_6 { nftnl_expr_fprintf; -} LIBNFTNL_5; -LIBNFTNL_7 { nftnl_flowtable_alloc; nftnl_flowtable_free; nftnl_flowtable_is_set; @@ -341,8 +332,7 @@ LIBNFTNL_7 { nftnl_flowtable_list_del; nftnl_flowtable_list_foreach; -} LIBNFTNL_6; - -LIBNFTNL_8 { nftnl_rule_list_insert_at; -} LIBNFTNL_7; + +local: *; +}; @@ -740,37 +740,6 @@ void nftnl_expr_iter_destroy(struct nftnl_expr_iter *iter) xfree(iter); } -EXPORT_SYMBOL(nftnl_rule_cmp); -bool nftnl_rule_cmp(const struct nftnl_rule *r1, const struct nftnl_rule *r2) -{ - struct nftnl_expr_iter it1, it2; - struct nftnl_expr *e1, *e2; - unsigned int eq = 1; - - if (r1->flags & r1->flags & (1 << NFTNL_RULE_TABLE)) - eq &= !strcmp(r1->table, r2->table); - if (r1->flags & r1->flags & (1 << NFTNL_RULE_CHAIN)) - eq &= !strcmp(r1->chain, r2->chain); - if (r1->flags & r1->flags & (1 << NFTNL_RULE_COMPAT_FLAGS)) - eq &= (r1->compat.flags == r2->compat.flags); - if (r1->flags & r1->flags & (1 << NFTNL_RULE_COMPAT_PROTO)) - eq &= (r1->compat.proto == r2->compat.proto); - - nftnl_expr_iter_init(r1, &it1); - nftnl_expr_iter_init(r2, &it2); - e1 = nftnl_expr_iter_next(&it1); - e2 = nftnl_expr_iter_next(&it2); - while (eq && e1 && e2) { - eq = nftnl_expr_cmp(e1, e2); - - e1 = nftnl_expr_iter_next(&it1); - e2 = nftnl_expr_iter_next(&it2); - } - eq &= (!e1 && !e2); - - return eq; -} - struct nftnl_rule_list { struct list_head list; }; |