diff options
120 files changed, 492 insertions, 1017 deletions
diff --git a/configure.ac b/configure.ac index 8e68035..b196f81 100644 --- a/configure.ac +++ b/configure.ac @@ -1,13 +1,13 @@ dnl Process this file with autoconf to create configure. -AC_INIT([libnftnl], [1.2.1]) +AC_INIT([libnftnl], [1.2.6]) AC_CONFIG_AUX_DIR([build-aux]) AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h]) m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) -AM_INIT_AUTOMAKE([-Wall foreign tar-pax no-dist-gzip dist-bzip2 +AM_INIT_AUTOMAKE([-Wall foreign tar-pax no-dist-gzip dist-xz 1.6 subdir-objects]) dnl kernel style compile messages diff --git a/examples/nft-chain-add.c b/examples/nft-chain-add.c index f711e09..13be982 100644 --- a/examples/nft-chain-add.c +++ b/examples/nft-chain-add.c @@ -101,9 +101,9 @@ int main(int argc, char *argv[]) mnl_nlmsg_batch_next(batch); chain_seq = seq; - nlh = nftnl_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWCHAIN, family, - NLM_F_CREATE|NLM_F_ACK, seq++); + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_NEWCHAIN, family, + NLM_F_CREATE | NLM_F_ACK, seq++); nftnl_chain_nlmsg_build_payload(nlh, t); nftnl_chain_free(t); mnl_nlmsg_batch_next(batch); diff --git a/examples/nft-chain-del.c b/examples/nft-chain-del.c index bcc714e..3cd483e 100644 --- a/examples/nft-chain-del.c +++ b/examples/nft-chain-del.c @@ -78,9 +78,8 @@ int main(int argc, char *argv[]) mnl_nlmsg_batch_next(batch); chain_seq = seq; - nlh = nftnl_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_DELCHAIN, family, - NLM_F_ACK, seq++); + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_DELCHAIN, family, NLM_F_ACK, seq++); nftnl_chain_nlmsg_build_payload(nlh, t); nftnl_chain_free(t); mnl_nlmsg_batch_next(batch); diff --git a/examples/nft-chain-get.c b/examples/nft-chain-get.c index 8a6ef91..612f58b 100644 --- a/examples/nft-chain-get.c +++ b/examples/nft-chain-get.c @@ -86,15 +86,15 @@ int main(int argc, char *argv[]) perror("OOM"); exit(EXIT_FAILURE); } - nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family, - NLM_F_ACK, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family, + NLM_F_ACK, seq); nftnl_chain_set_str(t, NFTNL_CHAIN_TABLE, argv[2]); nftnl_chain_set_str(t, NFTNL_CHAIN_NAME, argv[3]); nftnl_chain_nlmsg_build_payload(nlh, t); nftnl_chain_free(t); } else if (argc >= 2) { - nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family, - NLM_F_DUMP, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family, + NLM_F_DUMP, seq); } nl = mnl_socket_open(NETLINK_NETFILTER); diff --git a/examples/nft-flowtable-add.c b/examples/nft-flowtable-add.c index 5ca62be..f509f23 100644 --- a/examples/nft-flowtable-add.c +++ b/examples/nft-flowtable-add.c @@ -47,7 +47,6 @@ int main(int argc, char *argv[]) int ret, family; struct nftnl_flowtable *t; struct mnl_nlmsg_batch *batch; - int batching; if (argc != 6) { fprintf(stderr, "Usage: %s <family> <table> <name> <hook> <prio>\n", @@ -74,32 +73,22 @@ int main(int argc, char *argv[]) if (t == NULL) exit(EXIT_FAILURE); - batching = nftnl_batch_is_supported(); - if (batching < 0) { - perror("cannot talk to nfnetlink"); - exit(EXIT_FAILURE); - } - seq = time(NULL); batch = mnl_nlmsg_batch_start(buf, sizeof(buf)); - if (batching) { - nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - } + nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); + mnl_nlmsg_batch_next(batch); flowtable_seq = seq; - nlh = nftnl_flowtable_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWFLOWTABLE, family, - NLM_F_CREATE|NLM_F_ACK, seq++); + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_NEWFLOWTABLE, family, + NLM_F_CREATE | NLM_F_ACK, seq++); nftnl_flowtable_nlmsg_build_payload(nlh, t); nftnl_flowtable_free(t); mnl_nlmsg_batch_next(batch); - if (batching) { - nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - } + nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++); + mnl_nlmsg_batch_next(batch); nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { diff --git a/examples/nft-flowtable-del.c b/examples/nft-flowtable-del.c index 91e5d3a..c5ce339 100644 --- a/examples/nft-flowtable-del.c +++ b/examples/nft-flowtable-del.c @@ -33,7 +33,7 @@ int main(int argc, char *argv[]) struct nlmsghdr *nlh; uint32_t portid, seq, flowtable_seq; struct nftnl_flowtable *t; - int ret, family, batching; + int ret, family; if (argc != 4) { fprintf(stderr, "Usage: %s <family> <table> <flowtable>\n", @@ -60,32 +60,22 @@ int main(int argc, char *argv[]) if (t == NULL) exit(EXIT_FAILURE); - batching = nftnl_batch_is_supported(); - if (batching < 0) { - perror("cannot talk to nfnetlink"); - exit(EXIT_FAILURE); - } - seq = time(NULL); batch = mnl_nlmsg_batch_start(buf, sizeof(buf)); - if (batching) { - nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - } + nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); + mnl_nlmsg_batch_next(batch); flowtable_seq = seq; - nlh = nftnl_flowtable_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_DELFLOWTABLE, family, - NLM_F_ACK, seq++); + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_DELFLOWTABLE, family, + NLM_F_ACK, seq++); nftnl_flowtable_nlmsg_build_payload(nlh, t); nftnl_flowtable_free(t); mnl_nlmsg_batch_next(batch); - if (batching) { - nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - } + nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++); + mnl_nlmsg_batch_next(batch); nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { diff --git a/examples/nft-flowtable-get.c b/examples/nft-flowtable-get.c index 38929f3..1d10cc8 100644 --- a/examples/nft-flowtable-get.c +++ b/examples/nft-flowtable-get.c @@ -75,15 +75,15 @@ int main(int argc, char *argv[]) perror("OOM"); exit(EXIT_FAILURE); } - nlh = nftnl_flowtable_nlmsg_build_hdr(buf, NFT_MSG_GETFLOWTABLE, family, - NLM_F_ACK, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETFLOWTABLE, family, + NLM_F_ACK, seq); nftnl_flowtable_set_str(t, NFTNL_FLOWTABLE_TABLE, argv[2]); nftnl_flowtable_set_str(t, NFTNL_FLOWTABLE_NAME, argv[3]); nftnl_flowtable_nlmsg_build_payload(nlh, t); nftnl_flowtable_free(t); } else if (argc >= 2) { - nlh = nftnl_flowtable_nlmsg_build_hdr(buf, NFT_MSG_GETFLOWTABLE, family, - NLM_F_DUMP, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETFLOWTABLE, family, + NLM_F_DUMP, seq); } nl = mnl_socket_open(NETLINK_NETFILTER); diff --git a/examples/nft-map-add.c b/examples/nft-map-add.c index 7c6eeb9..e5ce664 100644 --- a/examples/nft-map-add.c +++ b/examples/nft-map-add.c @@ -103,9 +103,9 @@ int main(int argc, char *argv[]) nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); mnl_nlmsg_batch_next(batch); - nlh = nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWSET, family, - NLM_F_CREATE|NLM_F_ACK, seq++); + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_NEWSET, family, + NLM_F_CREATE | NLM_F_ACK, seq++); nftnl_set_nlmsg_build_payload(nlh, s); nftnl_set_free(s); diff --git a/examples/nft-rule-add.c b/examples/nft-rule-add.c index 77ee480..7d13b92 100644 --- a/examples/nft-rule-add.c +++ b/examples/nft-rule-add.c @@ -165,11 +165,11 @@ int main(int argc, char *argv[]) nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); mnl_nlmsg_batch_next(batch); - nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWRULE, - nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY), - NLM_F_APPEND|NLM_F_CREATE|NLM_F_ACK, seq++); - + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_NEWRULE, + nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY), + NLM_F_APPEND | NLM_F_CREATE | NLM_F_ACK, + seq++); nftnl_rule_nlmsg_build_payload(nlh, r); nftnl_rule_free(r); mnl_nlmsg_batch_next(batch); diff --git a/examples/nft-rule-ct-expectation-add.c b/examples/nft-rule-ct-expectation-add.c index 2012b3c..07c8306 100644 --- a/examples/nft-rule-ct-expectation-add.c +++ b/examples/nft-rule-ct-expectation-add.c @@ -123,12 +123,11 @@ int main(int argc, char *argv[]) nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); mnl_nlmsg_batch_next(batch); - nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWRULE, - nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY), - NLM_F_APPEND|NLM_F_CREATE|NLM_F_ACK, - seq++); - + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_NEWRULE, + nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY), + NLM_F_APPEND | NLM_F_CREATE | NLM_F_ACK, + seq++); nftnl_rule_nlmsg_build_payload(nlh, r); nftnl_rule_free(r); mnl_nlmsg_batch_next(batch); diff --git a/examples/nft-rule-ct-helper-add.c b/examples/nft-rule-ct-helper-add.c index e0338a8..594e6ba 100644 --- a/examples/nft-rule-ct-helper-add.c +++ b/examples/nft-rule-ct-helper-add.c @@ -117,11 +117,11 @@ int main(int argc, char *argv[]) nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); mnl_nlmsg_batch_next(batch); - nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWRULE, - nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY), - NLM_F_APPEND|NLM_F_CREATE|NLM_F_ACK, seq++); - + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_NEWRULE, + nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY), + NLM_F_APPEND | NLM_F_CREATE | NLM_F_ACK, + seq++); nftnl_rule_nlmsg_build_payload(nlh, r); nftnl_rule_free(r); mnl_nlmsg_batch_next(batch); diff --git a/examples/nft-rule-ct-timeout-add.c b/examples/nft-rule-ct-timeout-add.c index d93cde1..0953cb4 100644 --- a/examples/nft-rule-ct-timeout-add.c +++ b/examples/nft-rule-ct-timeout-add.c @@ -117,11 +117,11 @@ int main(int argc, char *argv[]) nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); mnl_nlmsg_batch_next(batch); - nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWRULE, - nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY), - NLM_F_APPEND|NLM_F_CREATE|NLM_F_ACK, seq++); - + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_NEWRULE, + nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY), + NLM_F_APPEND | NLM_F_CREATE | NLM_F_ACK, + seq++); nftnl_rule_nlmsg_build_payload(nlh, r); nftnl_rule_free(r); mnl_nlmsg_batch_next(batch); diff --git a/examples/nft-rule-del.c b/examples/nft-rule-del.c index 035aaa2..cb085ff 100644 --- a/examples/nft-rule-del.c +++ b/examples/nft-rule-del.c @@ -72,11 +72,8 @@ int main(int argc, char *argv[]) nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); mnl_nlmsg_batch_next(batch); - nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_DELRULE, - family, - NLM_F_ACK, seq++); - + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_DELRULE, family, NLM_F_ACK, seq++); nftnl_rule_nlmsg_build_payload(nlh, r); nftnl_rule_free(r); mnl_nlmsg_batch_next(batch); diff --git a/examples/nft-rule-get.c b/examples/nft-rule-get.c index 8fb654f..8da5b59 100644 --- a/examples/nft-rule-get.c +++ b/examples/nft-rule-get.c @@ -111,8 +111,8 @@ int main(int argc, char *argv[]) } seq = time(NULL); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family, - NLM_F_DUMP, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family, + NLM_F_DUMP, seq); r = setup_rule(family, table, chain, NULL); if (!r) { diff --git a/examples/nft-ruleset-get.c b/examples/nft-ruleset-get.c index cba9b09..34ebe1f 100644 --- a/examples/nft-ruleset-get.c +++ b/examples/nft-ruleset-get.c @@ -97,8 +97,8 @@ static struct nftnl_rule_list *mnl_rule_dump(struct mnl_socket *nf_sock, if (nlr_list == NULL) memory_allocation_error(); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family, - NLM_F_DUMP, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family, + NLM_F_DUMP, seq); ret = mnl_talk(nf_sock, nlh, nlh->nlmsg_len, rule_cb, nlr_list); if (ret < 0) @@ -145,8 +145,8 @@ static struct nftnl_chain_list *mnl_chain_dump(struct mnl_socket *nf_sock, if (nlc_list == NULL) memory_allocation_error(); - nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family, - NLM_F_DUMP, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family, + NLM_F_DUMP, seq); ret = mnl_talk(nf_sock, nlh, nlh->nlmsg_len, chain_cb, nlc_list); if (ret < 0) @@ -193,8 +193,8 @@ static struct nftnl_table_list *mnl_table_dump(struct mnl_socket *nf_sock, if (nlt_list == NULL) memory_allocation_error(); - nlh = nftnl_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family, - NLM_F_DUMP, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family, + NLM_F_DUMP, seq); ret = mnl_talk(nf_sock, nlh, nlh->nlmsg_len, table_cb, nlt_list); if (ret < 0) @@ -221,8 +221,8 @@ static int mnl_setelem_get(struct mnl_socket *nf_sock, struct nftnl_set *nls) struct nlmsghdr *nlh; uint32_t family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY); - nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, family, - NLM_F_DUMP|NLM_F_ACK, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, family, + NLM_F_DUMP | NLM_F_ACK, seq); nftnl_set_nlmsg_build_payload(nlh, nls); return mnl_talk(nf_sock, nlh, nlh->nlmsg_len, set_elem_cb, nls); @@ -266,8 +266,8 @@ mnl_set_dump(struct mnl_socket *nf_sock, int family) if (s == NULL) memory_allocation_error(); - nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family, - NLM_F_DUMP|NLM_F_ACK, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family, + NLM_F_DUMP | NLM_F_ACK, seq); nftnl_set_nlmsg_build_payload(nlh, s); nftnl_set_free(s); diff --git a/examples/nft-set-add.c b/examples/nft-set-add.c index c9e249d..109e33a 100644 --- a/examples/nft-set-add.c +++ b/examples/nft-set-add.c @@ -99,9 +99,9 @@ int main(int argc, char *argv[]) nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); mnl_nlmsg_batch_next(batch); - nlh = nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWSET, family, - NLM_F_CREATE|NLM_F_ACK, seq++); + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_NEWSET, family, + NLM_F_CREATE | NLM_F_ACK, seq++); nftnl_set_nlmsg_build_payload(nlh, s); nftnl_set_free(s); diff --git a/examples/nft-set-del.c b/examples/nft-set-del.c index eafd5d7..5e8dea9 100644 --- a/examples/nft-set-del.c +++ b/examples/nft-set-del.c @@ -62,9 +62,8 @@ int main(int argc, char *argv[]) nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); mnl_nlmsg_batch_next(batch); - nlh = nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_DELSET, family, - NLM_F_ACK, seq); + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_DELSET, family, NLM_F_ACK, seq); nftnl_set_set_str(t, NFTNL_SET_TABLE, argv[2]); nftnl_set_set_str(t, NFTNL_SET_NAME, argv[3]); diff --git a/examples/nft-set-elem-del.c b/examples/nft-set-elem-del.c index b569fea..1e6c90d 100644 --- a/examples/nft-set-elem-del.c +++ b/examples/nft-set-elem-del.c @@ -87,9 +87,8 @@ int main(int argc, char *argv[]) nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); mnl_nlmsg_batch_next(batch); - nlh = nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_DELSETELEM, family, - NLM_F_ACK, seq); + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_DELSETELEM, family, NLM_F_ACK, seq); nftnl_set_elems_nlmsg_build_payload(nlh, s); nftnl_set_free(s); mnl_nlmsg_batch_next(batch); diff --git a/examples/nft-set-elem-get.c b/examples/nft-set-elem-get.c index 52cdd51..7f99a60 100644 --- a/examples/nft-set-elem-get.c +++ b/examples/nft-set-elem-get.c @@ -81,8 +81,8 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, family, - NLM_F_DUMP|NLM_F_ACK, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, family, + NLM_F_DUMP | NLM_F_ACK, seq); nftnl_set_set_str(t, NFTNL_SET_NAME, argv[3]); nftnl_set_set_str(t, NFTNL_SET_TABLE, argv[2]); nftnl_set_elems_nlmsg_build_payload(nlh, t); diff --git a/examples/nft-set-get.c b/examples/nft-set-get.c index cbe3f85..48a0699 100644 --- a/examples/nft-set-get.c +++ b/examples/nft-set-get.c @@ -83,8 +83,8 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family, - NLM_F_DUMP|NLM_F_ACK, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family, + NLM_F_DUMP | NLM_F_ACK, seq); /* Use this below if you want to obtain sets per table */ /* nftnl_set_set(t, NFT_SET_TABLE, argv[2]); */ nftnl_set_nlmsg_build_payload(nlh, t); diff --git a/examples/nft-table-add.c b/examples/nft-table-add.c index 5b5c1dd..3d54e0e 100644 --- a/examples/nft-table-add.c +++ b/examples/nft-table-add.c @@ -79,9 +79,9 @@ int main(int argc, char *argv[]) table_seq = seq; family = nftnl_table_get_u32(t, NFTNL_TABLE_FAMILY); - nlh = nftnl_table_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWTABLE, family, - NLM_F_CREATE|NLM_F_ACK, seq++); + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_NEWTABLE, family, + NLM_F_CREATE | NLM_F_ACK, seq++); nftnl_table_nlmsg_build_payload(nlh, t); nftnl_table_free(t); mnl_nlmsg_batch_next(batch); diff --git a/examples/nft-table-del.c b/examples/nft-table-del.c index 3d78fd4..44f0b1f 100644 --- a/examples/nft-table-del.c +++ b/examples/nft-table-del.c @@ -79,9 +79,9 @@ int main(int argc, char *argv[]) table_seq = seq; family = nftnl_table_get_u32(t, NFTNL_TABLE_FAMILY); - nlh = nftnl_table_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_DELTABLE, family, - NLM_F_ACK, seq++); + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_DELTABLE, family, + NLM_F_ACK, seq++); nftnl_table_nlmsg_build_payload(nlh, t); mnl_nlmsg_batch_next(batch); nftnl_table_free(t); diff --git a/examples/nft-table-get.c b/examples/nft-table-get.c index 64fd66c..58eca9c 100644 --- a/examples/nft-table-get.c +++ b/examples/nft-table-get.c @@ -88,11 +88,11 @@ int main(int argc, char *argv[]) seq = time(NULL); if (t == NULL) { - nlh = nftnl_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family, - NLM_F_DUMP, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family, + NLM_F_DUMP, seq); } else { - nlh = nftnl_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family, - NLM_F_ACK, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family, + NLM_F_ACK, seq); nftnl_table_set_str(t, NFTNL_TABLE_NAME, argv[2]); nftnl_table_nlmsg_build_payload(nlh, t); nftnl_table_free(t); diff --git a/examples/nft-table-upd.c b/examples/nft-table-upd.c index 663d09f..7346636 100644 --- a/examples/nft-table-upd.c +++ b/examples/nft-table-upd.c @@ -78,9 +78,8 @@ int main(int argc, char *argv[]) nftnl_table_set_u32(t, NFTNL_TABLE_FLAGS, flags); table_seq = seq; - nlh = nftnl_table_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWTABLE, family, - NLM_F_ACK, seq++); + nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), + NFT_MSG_NEWTABLE, family, NLM_F_ACK, seq++); nftnl_table_nlmsg_build_payload(nlh, t); nftnl_table_free(t); mnl_nlmsg_batch_next(batch); diff --git a/include/expr_ops.h b/include/expr_ops.h index 01f6fef..a7d747a 100644 --- a/include/expr_ops.h +++ b/include/expr_ops.h @@ -7,7 +7,6 @@ struct nlattr; struct nlmsghdr; struct nftnl_expr; -struct nftnl_reg; struct expr_ops { const char *name; @@ -19,12 +18,7 @@ struct expr_ops { const void *(*get)(const struct nftnl_expr *e, uint16_t type, uint32_t *data_len); int (*parse)(struct nftnl_expr *e, struct nlattr *attr); void (*build)(struct nlmsghdr *nlh, const struct nftnl_expr *e); - int (*snprintf)(char *buf, size_t len, uint32_t flags, const struct nftnl_expr *e); - struct { - int (*len)(const struct nftnl_expr *e); - bool (*cmp)(const struct nftnl_reg *reg, const struct nftnl_expr *e); - void (*update)(struct nftnl_reg *reg, const struct nftnl_expr *e); - } reg; + int (*output)(char *buf, size_t len, uint32_t flags, const struct nftnl_expr *e); }; struct expr_ops *nftnl_expr_ops_lookup(const char *name); diff --git a/include/internal.h b/include/internal.h index 9f88828..1f96731 100644 --- a/include/internal.h +++ b/include/internal.h @@ -12,6 +12,5 @@ #include "expr.h" #include "expr_ops.h" #include "rule.h" -#include "regs.h" #endif /* _LIBNFTNL_INTERNAL_H_ */ diff --git a/include/libnftnl/Makefile.am b/include/libnftnl/Makefile.am index 186f758..d846a57 100644 --- a/include/libnftnl/Makefile.am +++ b/include/libnftnl/Makefile.am @@ -3,7 +3,6 @@ pkginclude_HEADERS = batch.h \ trace.h \ chain.h \ object.h \ - regs.h \ rule.h \ expr.h \ set.h \ diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h index 00c63ab..9873228 100644 --- a/include/libnftnl/expr.h +++ b/include/libnftnl/expr.h @@ -316,6 +316,13 @@ enum { NFTNL_EXPR_LAST_SET, }; +enum { + NFTNL_EXPR_INNER_TYPE = NFTNL_EXPR_BASE, + NFTNL_EXPR_INNER_FLAGS, + NFTNL_EXPR_INNER_HDRSIZE, + NFTNL_EXPR_INNER_EXPR, +}; + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/include/libnftnl/regs.h b/include/libnftnl/regs.h deleted file mode 100644 index 7df79ec..0000000 --- a/include/libnftnl/regs.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef _LIBNFTNL_REGS_H_ -#define _LIBNFTNL_REGS_H_ - -#include <stdint.h> - -#ifdef __cplusplus -extern "C" { -#endif - -struct nftnl_regs; -struct nftnl_expr; - -struct nftnl_regs *nftnl_regs_alloc(uint32_t num_regs); -void nftnl_regs_free(const struct nftnl_regs *regs); - -uint32_t nftnl_reg_get(struct nftnl_regs *regs, const struct nftnl_expr *expr); -uint32_t nftnl_reg_get_scratch(struct nftnl_regs *regs, uint32_t len); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* _LIBNFTNL_REGS_H_ */ diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 0ae9120..c48b193 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -753,13 +753,14 @@ enum nft_dynset_attributes { * @NFT_PAYLOAD_LL_HEADER: link layer header * @NFT_PAYLOAD_NETWORK_HEADER: network header * @NFT_PAYLOAD_TRANSPORT_HEADER: transport header - * @NFT_PAYLOAD_INNER_HEADER: inner header + * @NFT_PAYLOAD_INNER_HEADER: inner header / payload */ enum nft_payload_bases { NFT_PAYLOAD_LL_HEADER, NFT_PAYLOAD_NETWORK_HEADER, NFT_PAYLOAD_TRANSPORT_HEADER, NFT_PAYLOAD_INNER_HEADER, + NFT_PAYLOAD_TUN_HEADER, }; /** @@ -779,6 +780,31 @@ enum nft_payload_csum_flags { NFT_PAYLOAD_L4CSUM_PSEUDOHDR = (1 << 0), }; +enum nft_inner_type { + NFT_INNER_UNSPEC = 0, + NFT_INNER_VXLAN, +}; + +enum nft_inner_flags { + NFT_INNER_HDRSIZE = (1 << 0), + NFT_INNER_LL = (1 << 1), + NFT_INNER_NH = (1 << 2), + NFT_INNER_TH = (1 << 3), +}; +#define NFT_INNER_MASK (NFT_INNER_HDRSIZE | NFT_INNER_LL | \ + NFT_INNER_NH | NFT_INNER_TH) + +enum nft_inner_attributes { + NFTA_INNER_UNSPEC, + NFTA_INNER_NUM, + NFTA_INNER_TYPE, + NFTA_INNER_FLAGS, + NFTA_INNER_HDRSIZE, + NFTA_INNER_EXPR, + __NFTA_INNER_MAX +}; +#define NFTA_INNER_MAX (__NFTA_INNER_MAX - 1) + /** * enum nft_payload_attributes - nf_tables payload expression netlink attributes * @@ -888,6 +914,7 @@ enum nft_exthdr_attributes { * @NFT_META_TIME_HOUR: hour of day (in seconds) * @NFT_META_SDIF: slave device interface index * @NFT_META_SDIFNAME: slave device interface name + * @NFT_META_BRI_BROUTE: packet br_netfilter_broute bit */ enum nft_meta_keys { NFT_META_LEN, @@ -898,7 +925,8 @@ enum nft_meta_keys { NFT_META_OIF, NFT_META_IIFNAME, NFT_META_OIFNAME, - NFT_META_IIFTYPE, + NFT_META_IFTYPE, +#define NFT_META_IIFTYPE NFT_META_IFTYPE NFT_META_OIFTYPE, NFT_META_SKUID, NFT_META_SKGID, @@ -925,6 +953,8 @@ enum nft_meta_keys { NFT_META_TIME_HOUR, NFT_META_SDIF, NFT_META_SDIFNAME, + NFT_META_BRI_BROUTE, + __NFT_META_IIFTYPE, }; /** diff --git a/include/obj.h b/include/obj.h index 60dc853..d848ac9 100644 --- a/include/obj.h +++ b/include/obj.h @@ -109,7 +109,7 @@ struct obj_ops { const void *(*get)(const struct nftnl_obj *e, uint16_t type, uint32_t *data_len); int (*parse)(struct nftnl_obj *e, struct nlattr *attr); void (*build)(struct nlmsghdr *nlh, const struct nftnl_obj *e); - int (*snprintf)(char *buf, size_t len, uint32_t flags, const struct nftnl_obj *e); + int (*output)(char *buf, size_t len, uint32_t flags, const struct nftnl_obj *e); }; extern struct obj_ops obj_ops_counter; diff --git a/include/regs.h b/include/regs.h deleted file mode 100644 index dcbb0f4..0000000 --- a/include/regs.h +++ /dev/null @@ -1,70 +0,0 @@ -#ifndef _LIBNFTNL_REGS_INTERNAL_H_ -#define _LIBNFTNL_REGS_INTERNAL_H_ - -enum nftnl_expr_type { - NFT_EXPR_UNSPEC = 0, - NFT_EXPR_PAYLOAD, - NFT_EXPR_META, - NFT_EXPR_CT, - NFT_EXPR_EXTHDR, - NFT_EXPR_FIB, - NFT_EXPR_OSF, - NFT_EXPR_RT, - NFT_EXPR_XFRM, - NFT_EXPR_SOCKET, -}; - -struct nftnl_reg { - enum nftnl_expr_type type; - uint32_t len; - uint64_t genid; - uint8_t word; - union { - struct { - enum nft_meta_keys key; - } meta; - struct { - enum nft_payload_bases base; - uint32_t offset; - } payload; - struct { - enum nft_ct_keys key; - uint8_t dir; - } ct; - struct { - uint32_t offset; - uint32_t len; - uint8_t type; - uint32_t op; - uint32_t flags; - } exthdr; - struct { - uint32_t flags; - uint32_t result; - } fib; - struct { - uint8_t ttl; - uint32_t flags; - } osf; - struct { - enum nft_rt_keys key; - } rt; - struct { - enum nft_socket_keys key; - uint32_t level; - } socket; - struct { - enum nft_xfrm_keys key; - uint32_t spnum; - uint8_t dir; - } xfrm; - }; -}; - -struct nftnl_regs { - uint32_t num_regs; - struct nftnl_reg *reg; - uint64_t genid; -}; - -#endif diff --git a/src/Makefile.am b/src/Makefile.am index 2a26d24..3cd259c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -14,7 +14,6 @@ libnftnl_la_SOURCES = utils.c \ trace.c \ chain.c \ object.c \ - regs.c \ rule.c \ set.c \ set_elem.c \ @@ -41,6 +40,7 @@ libnftnl_la_SOURCES = utils.c \ expr/lookup.c \ expr/dynset.c \ expr/immediate.c \ + expr/inner.c \ expr/match.c \ expr/meta.c \ expr/numgen.c \ diff --git a/src/chain.c b/src/chain.c index cb5ec6b..dcfcd04 100644 --- a/src/chain.c +++ b/src/chain.c @@ -486,40 +486,49 @@ const char *const *nftnl_chain_get_array(const struct nftnl_chain *c, uint16_t a EXPORT_SYMBOL(nftnl_chain_nlmsg_build_payload); void nftnl_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nftnl_chain *c) { + struct nlattr *nest = NULL; int i; if (c->flags & (1 << NFTNL_CHAIN_TABLE)) mnl_attr_put_strz(nlh, NFTA_CHAIN_TABLE, c->table); if (c->flags & (1 << NFTNL_CHAIN_NAME)) mnl_attr_put_strz(nlh, NFTA_CHAIN_NAME, c->name); - if ((c->flags & (1 << NFTNL_CHAIN_HOOKNUM)) && - (c->flags & (1 << NFTNL_CHAIN_PRIO))) { - struct nlattr *nest; + if ((c->flags & (1 << NFTNL_CHAIN_HOOKNUM)) || + (c->flags & (1 << NFTNL_CHAIN_PRIO)) || + (c->flags & (1 << NFTNL_CHAIN_DEV)) || + (c->flags & (1 << NFTNL_CHAIN_DEVICES))) nest = mnl_attr_nest_start(nlh, NFTA_CHAIN_HOOK); + + if ((c->flags & (1 << NFTNL_CHAIN_HOOKNUM))) mnl_attr_put_u32(nlh, NFTA_HOOK_HOOKNUM, htonl(c->hooknum)); + if ((c->flags & (1 << NFTNL_CHAIN_PRIO))) mnl_attr_put_u32(nlh, NFTA_HOOK_PRIORITY, htonl(c->prio)); - if (c->flags & (1 << NFTNL_CHAIN_DEV)) - mnl_attr_put_strz(nlh, NFTA_HOOK_DEV, c->dev); - else if (c->flags & (1 << NFTNL_CHAIN_DEVICES)) { - struct nlattr *nest_dev; - nest_dev = mnl_attr_nest_start(nlh, NFTA_HOOK_DEVS); - for (i = 0; i < c->dev_array_len; i++) - mnl_attr_put_strz(nlh, NFTA_DEVICE_NAME, - c->dev_array[i]); - mnl_attr_nest_end(nlh, nest_dev); - } - mnl_attr_nest_end(nlh, nest); + if (c->flags & (1 << NFTNL_CHAIN_DEV)) + mnl_attr_put_strz(nlh, NFTA_HOOK_DEV, c->dev); + else if (c->flags & (1 << NFTNL_CHAIN_DEVICES)) { + struct nlattr *nest_dev; + + nest_dev = mnl_attr_nest_start(nlh, NFTA_HOOK_DEVS); + for (i = 0; i < c->dev_array_len; i++) + mnl_attr_put_strz(nlh, NFTA_DEVICE_NAME, + c->dev_array[i]); + mnl_attr_nest_end(nlh, nest_dev); } + + if ((c->flags & (1 << NFTNL_CHAIN_HOOKNUM)) || + (c->flags & (1 << NFTNL_CHAIN_PRIO)) || + (c->flags & (1 << NFTNL_CHAIN_DEV)) || + (c->flags & (1 << NFTNL_CHAIN_DEVICES))) + mnl_attr_nest_end(nlh, nest); + if (c->flags & (1 << NFTNL_CHAIN_POLICY)) mnl_attr_put_u32(nlh, NFTA_CHAIN_POLICY, htonl(c->policy)); if (c->flags & (1 << NFTNL_CHAIN_USE)) mnl_attr_put_u32(nlh, NFTA_CHAIN_USE, htonl(c->use)); if ((c->flags & (1 << NFTNL_CHAIN_PACKETS)) && (c->flags & (1 << NFTNL_CHAIN_BYTES))) { - struct nlattr *nest; - nest = mnl_attr_nest_start(nlh, NFTA_CHAIN_COUNTERS); mnl_attr_put_u64(nlh, NFTA_COUNTER_PACKETS, be64toh(c->packets)); mnl_attr_put_u64(nlh, NFTA_COUNTER_BYTES, be64toh(c->bytes)); diff --git a/src/common.c b/src/common.c index 2d83c12..ec84fa0 100644 --- a/src/common.c +++ b/src/common.c @@ -10,6 +10,7 @@ #include <stdlib.h> #include <sys/socket.h> #include <time.h> +#include <arpa/inet.h> #include <linux/netlink.h> #include <linux/netfilter/nfnetlink.h> #include <linux/netfilter/nf_tables.h> @@ -37,7 +38,7 @@ static struct nlmsghdr *__nftnl_nlmsg_build_hdr(char *buf, uint16_t type, nfh = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg)); nfh->nfgen_family = family; nfh->version = NFNETLINK_V0; - nfh->res_id = res_id; + nfh->res_id = htons(res_id); return nlh; } @@ -126,9 +127,8 @@ int nftnl_batch_is_supported(void) mnl_nlmsg_batch_next(b); req_seq = seq; - nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(b), - NFT_MSG_NEWSET, AF_INET, - NLM_F_ACK, seq++); + nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(b), NFT_MSG_NEWSET, + AF_INET, NLM_F_ACK, seq++); mnl_nlmsg_batch_next(b); nftnl_batch_end(mnl_nlmsg_batch_current(b), seq++); @@ -279,10 +279,10 @@ int nftnl_expr_snprintf(char *buf, size_t remain, const struct nftnl_expr *expr, if (remain) buf[0] = '\0'; - if (!expr->ops->snprintf || type != NFTNL_OUTPUT_DEFAULT) + if (!expr->ops->output || type != NFTNL_OUTPUT_DEFAULT) return 0; - ret = expr->ops->snprintf(buf + offset, remain, flags, expr); + ret = expr->ops->output(buf + offset, remain, flags, expr); SNPRINTF_BUFFER_SIZE(ret, remain, offset); return offset; diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c index d0c7827..2d27233 100644 --- a/src/expr/bitwise.c +++ b/src/expr/bitwise.c @@ -282,5 +282,5 @@ struct expr_ops expr_ops_bitwise = { .get = nftnl_expr_bitwise_get, .parse = nftnl_expr_bitwise_parse, .build = nftnl_expr_bitwise_build, - .snprintf = nftnl_expr_bitwise_snprintf, + .output = nftnl_expr_bitwise_snprintf, }; diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c index d299745..89ed0a8 100644 --- a/src/expr/byteorder.c +++ b/src/expr/byteorder.c @@ -220,5 +220,5 @@ struct expr_ops expr_ops_byteorder = { .get = nftnl_expr_byteorder_get, .parse = nftnl_expr_byteorder_parse, .build = nftnl_expr_byteorder_build, - .snprintf = nftnl_expr_byteorder_snprintf, + .output = nftnl_expr_byteorder_snprintf, }; diff --git a/src/expr/cmp.c b/src/expr/cmp.c index 6030693..f9d15bb 100644 --- a/src/expr/cmp.c +++ b/src/expr/cmp.c @@ -202,5 +202,5 @@ struct expr_ops expr_ops_cmp = { .get = nftnl_expr_cmp_get, .parse = nftnl_expr_cmp_parse, .build = nftnl_expr_cmp_build, - .snprintf = nftnl_expr_cmp_snprintf, + .output = nftnl_expr_cmp_snprintf, }; diff --git a/src/expr/connlimit.c b/src/expr/connlimit.c index 3b37587..549417b 100644 --- a/src/expr/connlimit.c +++ b/src/expr/connlimit.c @@ -135,5 +135,5 @@ struct expr_ops expr_ops_connlimit = { .get = nftnl_expr_connlimit_get, .parse = nftnl_expr_connlimit_parse, .build = nftnl_expr_connlimit_build, - .snprintf = nftnl_expr_connlimit_snprintf, + .output = nftnl_expr_connlimit_snprintf, }; diff --git a/src/expr/counter.c b/src/expr/counter.c index 1676d70..d139a5f 100644 --- a/src/expr/counter.c +++ b/src/expr/counter.c @@ -133,5 +133,5 @@ struct expr_ops expr_ops_counter = { .get = nftnl_expr_counter_get, .parse = nftnl_expr_counter_parse, .build = nftnl_expr_counter_build, - .snprintf = nftnl_expr_counter_snprintf, + .output = nftnl_expr_counter_snprintf, }; diff --git a/src/expr/ct.c b/src/expr/ct.c index f17491c..f4a2aea 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -14,7 +14,6 @@ #include <stdint.h> #include <arpa/inet.h> #include <errno.h> -#include <assert.h> #include <linux/netfilter/nf_tables.h> #include "internal.h" @@ -149,82 +148,6 @@ nftnl_expr_ct_parse(struct nftnl_expr *e, struct nlattr *attr) return 0; } -#ifndef XT_CONNLABEL_MAXBIT -#define XT_CONNLABEL_MAXBIT 127 -#endif - -#ifndef NF_CT_LABELS_MAX_SIZE -#define NF_CT_LABELS_MAX_SIZE ((XT_CONNLABEL_MAXBIT + 1) / 8) -#endif - -#ifndef NF_CT_HELPER_NAME_LEN -#define NF_CT_HELPER_NAME_LEN 16 -#endif - -static int -nftnl_expr_ct_reg_len(const struct nftnl_expr *e) -{ - const struct nftnl_expr_ct *ct = nftnl_expr_data(e); - - switch (ct->key) { - case NFT_CT_DIRECTION: - case NFT_CT_PROTOCOL: - case NFT_CT_L3PROTOCOL: - return sizeof(uint8_t); - case NFT_CT_ZONE: - case NFT_CT_LABELS: - return NF_CT_LABELS_MAX_SIZE; - case NFT_CT_HELPER: - return NF_CT_HELPER_NAME_LEN; - case NFT_CT_PROTO_SRC: - case NFT_CT_PROTO_DST: - return sizeof(uint16_t); - case NFT_CT_ID: - case NFT_CT_STATE: - case NFT_CT_STATUS: - case NFT_CT_MARK: - case NFT_CT_SECMARK: - case NFT_CT_EXPIRATION: - case NFT_CT_EVENTMASK: - case NFT_CT_SRC_IP: - case NFT_CT_DST_IP: - return sizeof(uint32_t); - case NFT_CT_BYTES: - case NFT_CT_PKTS: - case NFT_CT_AVGPKT: - return sizeof(uint64_t); - case NFT_CT_SRC: - case NFT_CT_DST: - case NFT_CT_SRC_IP6: - case NFT_CT_DST_IP6: - return sizeof(uint32_t) * 4; - default: - assert(0); - } - - return sizeof(uint32_t); -} - -static bool -nftnl_expr_ct_reg_cmp(const struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_ct *ct = nftnl_expr_data(e); - - return reg->ct.key == ct->key && - reg->ct.dir == ct->dir; -} - -static void -nftnl_expr_ct_reg_update(struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_ct *ct = nftnl_expr_data(e); - - reg->ct.key = ct->key; - reg->ct.dir = ct->dir; -} - static const char *ctkey2str_array[NFT_CT_MAX + 1] = { [NFT_CT_STATE] = "state", [NFT_CT_DIRECTION] = "direction", @@ -335,10 +258,5 @@ struct expr_ops expr_ops_ct = { .get = nftnl_expr_ct_get, .parse = nftnl_expr_ct_parse, .build = nftnl_expr_ct_build, - .snprintf = nftnl_expr_ct_snprintf, - .reg = { - .len = nftnl_expr_ct_reg_len, - .cmp = nftnl_expr_ct_reg_cmp, - .update = nftnl_expr_ct_reg_update, - }, + .output = nftnl_expr_ct_snprintf, }; diff --git a/src/expr/dup.c b/src/expr/dup.c index f041b55..a239ff3 100644 --- a/src/expr/dup.c +++ b/src/expr/dup.c @@ -138,5 +138,5 @@ struct expr_ops expr_ops_dup = { .get = nftnl_expr_dup_get, .parse = nftnl_expr_dup_parse, .build = nftnl_expr_dup_build, - .snprintf = nftnl_expr_dup_snprintf, + .output = nftnl_expr_dup_snprintf, }; diff --git a/src/expr/dynset.c b/src/expr/dynset.c index 85d64bb..5bcf1c6 100644 --- a/src/expr/dynset.c +++ b/src/expr/dynset.c @@ -373,5 +373,5 @@ struct expr_ops expr_ops_dynset = { .get = nftnl_expr_dynset_get, .parse = nftnl_expr_dynset_parse, .build = nftnl_expr_dynset_build, - .snprintf = nftnl_expr_dynset_snprintf, + .output = nftnl_expr_dynset_snprintf, }; diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c index 53a2a80..739c7ff 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c @@ -194,38 +194,6 @@ nftnl_expr_exthdr_parse(struct nftnl_expr *e, struct nlattr *attr) return 0; } -static int -nftnl_expr_exthdr_reg_len(const struct nftnl_expr *e) -{ - const struct nftnl_expr_exthdr *exthdr = nftnl_expr_data(e); - - return exthdr->len; -} - -static bool -nftnl_expr_exthdr_reg_cmp(const struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_exthdr *exthdr = nftnl_expr_data(e); - - return reg->exthdr.offset == exthdr->offset && - reg->exthdr.type == exthdr->type && - reg->exthdr.op == exthdr->op && - reg->exthdr.flags == exthdr->flags; -} - -static void -nftnl_expr_exthdr_reg_update(struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_exthdr *exthdr = nftnl_expr_data(e); - - reg->exthdr.offset = exthdr->offset; - reg->exthdr.type = exthdr->type; - reg->exthdr.op = exthdr->op; - reg->exthdr.flags = exthdr->flags; -} - static const char *op2str(uint8_t op) { switch (op) { @@ -299,10 +267,5 @@ struct expr_ops expr_ops_exthdr = { .get = nftnl_expr_exthdr_get, .parse = nftnl_expr_exthdr_parse, .build = nftnl_expr_exthdr_build, - .snprintf = nftnl_expr_exthdr_snprintf, - .reg = { - .len = nftnl_expr_exthdr_reg_len, - .cmp = nftnl_expr_exthdr_reg_cmp, - .update = nftnl_expr_exthdr_reg_update, - }, + .output = nftnl_expr_exthdr_snprintf, }; diff --git a/src/expr/fib.c b/src/expr/fib.c index 59b335a..957f929 100644 --- a/src/expr/fib.c +++ b/src/expr/fib.c @@ -14,7 +14,6 @@ #include <string.h> #include <arpa/inet.h> #include <errno.h> -#include <net/if.h> #include <linux/netfilter/nf_tables.h> #include "internal.h" @@ -129,45 +128,6 @@ nftnl_expr_fib_parse(struct nftnl_expr *e, struct nlattr *attr) return ret; } -static int -nftnl_expr_fib_reg_len(const struct nftnl_expr *e) -{ - const struct nftnl_expr_fib *fib = nftnl_expr_data(e); - - switch (fib->result) { - case NFT_FIB_RESULT_OIF: - return sizeof(int); - case NFT_FIB_RESULT_OIFNAME: - return IFNAMSIZ; - case NFT_FIB_RESULT_ADDRTYPE: - return sizeof(uint32_t); - default: - assert(0); - break; - } - return sizeof(uint32_t); -} - -static bool -nftnl_expr_fib_reg_cmp(const struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_fib *fib = nftnl_expr_data(e); - - return reg->fib.result == fib->result && - reg->fib.flags == fib->flags; -} - -static void -nftnl_expr_fib_reg_update(struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_fib *fib = nftnl_expr_data(e); - - reg->fib.result = fib->result; - reg->fib.flags = fib->flags; -} - static const char *fib_type[NFT_FIB_RESULT_MAX + 1] = { [NFT_FIB_RESULT_OIF] = "oif", [NFT_FIB_RESULT_OIFNAME] = "oifname", @@ -238,10 +198,5 @@ struct expr_ops expr_ops_fib = { .get = nftnl_expr_fib_get, .parse = nftnl_expr_fib_parse, .build = nftnl_expr_fib_build, - .snprintf = nftnl_expr_fib_snprintf, - .reg = { - .len = nftnl_expr_fib_reg_len, - .cmp = nftnl_expr_fib_reg_cmp, - .update = nftnl_expr_fib_reg_update, - }, + .output = nftnl_expr_fib_snprintf, }; diff --git a/src/expr/flow_offload.c b/src/expr/flow_offload.c index a826202..4fc0563 100644 --- a/src/expr/flow_offload.c +++ b/src/expr/flow_offload.c @@ -120,5 +120,5 @@ struct expr_ops expr_ops_flow = { .get = nftnl_expr_flow_get, .parse = nftnl_expr_flow_parse, .build = nftnl_expr_flow_build, - .snprintf = nftnl_expr_flow_snprintf, + .output = nftnl_expr_flow_snprintf, }; diff --git a/src/expr/fwd.c b/src/expr/fwd.c index 82e5a41..51f6612 100644 --- a/src/expr/fwd.c +++ b/src/expr/fwd.c @@ -158,5 +158,5 @@ struct expr_ops expr_ops_fwd = { .get = nftnl_expr_fwd_get, .parse = nftnl_expr_fwd_parse, .build = nftnl_expr_fwd_build, - .snprintf = nftnl_expr_fwd_snprintf, + .output = nftnl_expr_fwd_snprintf, }; diff --git a/src/expr/hash.c b/src/expr/hash.c index 10b4a72..6e2dd19 100644 --- a/src/expr/hash.c +++ b/src/expr/hash.c @@ -226,5 +226,5 @@ struct expr_ops expr_ops_hash = { .get = nftnl_expr_hash_get, .parse = nftnl_expr_hash_parse, .build = nftnl_expr_hash_build, - .snprintf = nftnl_expr_hash_snprintf, + .output = nftnl_expr_hash_snprintf, }; diff --git a/src/expr/immediate.c b/src/expr/immediate.c index 94b043c..5d477a8 100644 --- a/src/expr/immediate.c +++ b/src/expr/immediate.c @@ -229,5 +229,5 @@ struct expr_ops expr_ops_immediate = { .get = nftnl_expr_immediate_get, .parse = nftnl_expr_immediate_parse, .build = nftnl_expr_immediate_build, - .snprintf = nftnl_expr_immediate_snprintf, + .output = nftnl_expr_immediate_snprintf, }; diff --git a/src/expr/inner.c b/src/expr/inner.c new file mode 100644 index 0000000..7daae4f --- /dev/null +++ b/src/expr/inner.c @@ -0,0 +1,214 @@ +/* + * (C) 2012-2022 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +#include "internal.h" + +#include <stdio.h> +#include <stdint.h> +#include <string.h> +#include <limits.h> +#include <arpa/inet.h> +#include <errno.h> +#include <libmnl/libmnl.h> + +#include <linux/netfilter/nf_tables.h> + +#include <libnftnl/expr.h> +#include <libnftnl/rule.h> + +struct nftnl_expr_inner { + uint32_t type; + uint32_t flags; + uint32_t hdrsize; + struct nftnl_expr *expr; +}; + +static void nftnl_expr_inner_free(const struct nftnl_expr *e) +{ + struct nftnl_expr_inner *inner = nftnl_expr_data(e); + + if (inner->expr) + nftnl_expr_free(inner->expr); +} + +static int +nftnl_expr_inner_set(struct nftnl_expr *e, uint16_t type, + const void *data, uint32_t data_len) +{ + struct nftnl_expr_inner *inner = nftnl_expr_data(e); + + switch(type) { + case NFTNL_EXPR_INNER_TYPE: + memcpy(&inner->type, data, sizeof(inner->type)); + break; + case NFTNL_EXPR_INNER_FLAGS: + memcpy(&inner->flags, data, sizeof(inner->flags)); + break; + case NFTNL_EXPR_INNER_HDRSIZE: + memcpy(&inner->hdrsize, data, sizeof(inner->hdrsize)); + break; + case NFTNL_EXPR_INNER_EXPR: + if (inner->expr) + nftnl_expr_free(inner->expr); + + inner->expr = (void *)data; + break; + default: + return -1; + } + return 0; +} + +static const void * +nftnl_expr_inner_get(const struct nftnl_expr *e, uint16_t type, + uint32_t *data_len) +{ + struct nftnl_expr_inner *inner = nftnl_expr_data(e); + + switch(type) { + case NFTNL_EXPR_INNER_FLAGS: + *data_len = sizeof(inner->flags); + return &inner->flags; + case NFTNL_EXPR_INNER_TYPE: + *data_len = sizeof(inner->type); + return &inner->type; + case NFTNL_EXPR_INNER_HDRSIZE: + *data_len = sizeof(inner->hdrsize); + return &inner->hdrsize; + case NFTNL_EXPR_INNER_EXPR: + return inner->expr; + } + return NULL; +} + +static void +nftnl_expr_inner_build(struct nlmsghdr *nlh, const struct nftnl_expr *e) +{ + struct nftnl_expr_inner *inner = nftnl_expr_data(e); + struct nlattr *nest; + + mnl_attr_put_u32(nlh, NFTA_INNER_NUM, htonl(0)); + if (e->flags & (1 << NFTNL_EXPR_INNER_TYPE)) + mnl_attr_put_u32(nlh, NFTA_INNER_TYPE, htonl(inner->type)); + if (e->flags & (1 << NFTNL_EXPR_INNER_FLAGS)) + mnl_attr_put_u32(nlh, NFTA_INNER_FLAGS, htonl(inner->flags)); + if (e->flags & (1 << NFTNL_EXPR_INNER_HDRSIZE)) + mnl_attr_put_u32(nlh, NFTA_INNER_HDRSIZE, htonl(inner->hdrsize)); + if (e->flags & (1 << NFTNL_EXPR_INNER_EXPR)) { + nest = mnl_attr_nest_start(nlh, NFTA_INNER_EXPR); + nftnl_expr_build_payload(nlh, inner->expr); + mnl_attr_nest_end(nlh, nest); + } +} + +static int nftnl_inner_parse_cb(const struct nlattr *attr, void *data) +{ + const struct nlattr **tb = data; + int type = mnl_attr_get_type(attr); + + if (mnl_attr_type_valid(attr, NFTA_INNER_MAX) < 0) + return MNL_CB_OK; + + switch(type) { + case NFTA_INNER_NUM: + case NFTA_INNER_TYPE: + case NFTA_INNER_HDRSIZE: + case NFTA_INNER_FLAGS: + if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) + abi_breakage(); + break; + case NFTA_INNER_EXPR: + if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) + abi_breakage(); + break; + } + + tb[type] = attr; + + return MNL_CB_OK; +} + +static int +nftnl_expr_inner_parse(struct nftnl_expr *e, struct nlattr *attr) +{ + struct nftnl_expr_inner *inner = nftnl_expr_data(e); + struct nlattr *tb[NFTA_INNER_MAX + 1] = {}; + struct nftnl_expr *expr; + int err; + + err = mnl_attr_parse_nested(attr, nftnl_inner_parse_cb, tb); + if (err < 0) + return err; + + if (tb[NFTA_INNER_HDRSIZE]) { + inner->hdrsize = + ntohl(mnl_attr_get_u32(tb[NFTA_INNER_HDRSIZE])); + e->flags |= (1 << NFTNL_EXPR_INNER_HDRSIZE); + } + if (tb[NFTA_INNER_FLAGS]) { + inner->flags = + ntohl(mnl_attr_get_u32(tb[NFTA_INNER_FLAGS])); + e->flags |= (1 << NFTNL_EXPR_INNER_FLAGS); + } + if (tb[NFTA_INNER_TYPE]) { + inner->type = + ntohl(mnl_attr_get_u32(tb[NFTA_INNER_TYPE])); + e->flags |= (1 << NFTNL_EXPR_INNER_TYPE); + } + if (tb[NFTA_INNER_EXPR]) { + expr = nftnl_expr_parse(tb[NFTA_INNER_EXPR]); + if (!expr) + return -1; + + if (inner->expr) + nftnl_expr_free(inner->expr); + + inner->expr = expr; + e->flags |= (1 << NFTNL_EXPR_INNER_EXPR); + } + + return 0; +} + +static int +nftnl_expr_inner_snprintf(char *buf, size_t remain, uint32_t flags, + const struct nftnl_expr *e) +{ + struct nftnl_expr_inner *inner = nftnl_expr_data(e); + uint32_t offset = 0; + int ret; + + ret = snprintf(buf, remain, "type %u hdrsize %u flags %x [", + inner->type, inner->hdrsize, inner->flags); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); + + ret = snprintf(buf + offset, remain, " %s ", inner->expr->ops->name); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); + + ret = nftnl_expr_snprintf(buf + offset, remain, inner->expr, + NFTNL_OUTPUT_DEFAULT, 0); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); + + ret = snprintf(buf + offset, remain, "] "); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); + + return offset; +} + +struct expr_ops expr_ops_inner = { + .name = "inner", + .alloc_len = sizeof(struct nftnl_expr_inner), + .max_attr = NFTA_INNER_MAX, + .free = nftnl_expr_inner_free, + .set = nftnl_expr_inner_set, + .get = nftnl_expr_inner_get, + .parse = nftnl_expr_inner_parse, + .build = nftnl_expr_inner_build, + .output = nftnl_expr_inner_snprintf, +}; diff --git a/src/expr/last.c b/src/expr/last.c index e2a60c4..641b713 100644 --- a/src/expr/last.c +++ b/src/expr/last.c @@ -134,5 +134,5 @@ struct expr_ops expr_ops_last = { .get = nftnl_expr_last_get, .parse = nftnl_expr_last_parse, .build = nftnl_expr_last_build, - .snprintf = nftnl_expr_last_snprintf, + .output = nftnl_expr_last_snprintf, }; diff --git a/src/expr/limit.c b/src/expr/limit.c index 3dfd54a..1870e0e 100644 --- a/src/expr/limit.c +++ b/src/expr/limit.c @@ -202,5 +202,5 @@ struct expr_ops expr_ops_limit = { .get = nftnl_expr_limit_get, .parse = nftnl_expr_limit_parse, .build = nftnl_expr_limit_build, - .snprintf = nftnl_expr_limit_snprintf, + .output = nftnl_expr_limit_snprintf, }; diff --git a/src/expr/log.c b/src/expr/log.c index 86db548..180d839 100644 --- a/src/expr/log.c +++ b/src/expr/log.c @@ -253,5 +253,5 @@ struct expr_ops expr_ops_log = { .get = nftnl_expr_log_get, .parse = nftnl_expr_log_parse, .build = nftnl_expr_log_build, - .snprintf = nftnl_expr_log_snprintf, + .output = nftnl_expr_log_snprintf, }; diff --git a/src/expr/lookup.c b/src/expr/lookup.c index 83adce9..a06c338 100644 --- a/src/expr/lookup.c +++ b/src/expr/lookup.c @@ -206,5 +206,5 @@ struct expr_ops expr_ops_lookup = { .get = nftnl_expr_lookup_get, .parse = nftnl_expr_lookup_parse, .build = nftnl_expr_lookup_build, - .snprintf = nftnl_expr_lookup_snprintf, + .output = nftnl_expr_lookup_snprintf, }; diff --git a/src/expr/masq.c b/src/expr/masq.c index 684708c..e6e528d 100644 --- a/src/expr/masq.c +++ b/src/expr/masq.c @@ -163,5 +163,5 @@ struct expr_ops expr_ops_masq = { .get = nftnl_expr_masq_get, .parse = nftnl_expr_masq_parse, .build = nftnl_expr_masq_build, - .snprintf = nftnl_expr_masq_snprintf, + .output = nftnl_expr_masq_snprintf, }; diff --git a/src/expr/match.c b/src/expr/match.c index 533fdf5..f472add 100644 --- a/src/expr/match.c +++ b/src/expr/match.c @@ -189,5 +189,5 @@ struct expr_ops expr_ops_match = { .get = nftnl_expr_match_get, .parse = nftnl_expr_match_parse, .build = nftnl_expr_match_build, - .snprintf = nftnl_expr_match_snprintf, + .output = nftnl_expr_match_snprintf, }; diff --git a/src/expr/meta.c b/src/expr/meta.c index 601248f..183f441 100644 --- a/src/expr/meta.c +++ b/src/expr/meta.c @@ -14,7 +14,6 @@ #include <string.h> #include <arpa/inet.h> #include <errno.h> -#include <net/if.h> #include <linux/netfilter/nf_tables.h> #include "internal.h" @@ -23,7 +22,7 @@ #include <libnftnl/rule.h> #ifndef NFT_META_MAX -#define NFT_META_MAX (NFT_META_SDIFNAME + 1) +#define NFT_META_MAX (NFT_META_BRI_BROUTE + 1) #endif struct nftnl_expr_meta { @@ -133,44 +132,6 @@ nftnl_expr_meta_parse(struct nftnl_expr *e, struct nlattr *attr) return 0; } -static int nftnl_meta_reg_len(const struct nftnl_expr *e) -{ - const struct nftnl_expr_meta *meta = nftnl_expr_data(e); - - switch (meta->key) { - case NFT_META_IIFNAME: - case NFT_META_OIFNAME: - case NFT_META_IIFKIND: - case NFT_META_OIFKIND: - case NFT_META_SDIFNAME: - case NFT_META_BRI_IIFNAME: - case NFT_META_BRI_OIFNAME: - return IFNAMSIZ; - case NFT_META_TIME_NS: - return sizeof(uint64_t); - default: - break; - } - - return sizeof(uint32_t); -} - -static bool nftnl_meta_reg_cmp(const struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_meta *meta = nftnl_expr_data(e); - - return reg->meta.key == meta->key; -} - -static void nftnl_meta_reg_update(struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_meta *meta = nftnl_expr_data(e); - - reg->meta.key = meta->key; -} - static const char *meta_key2str_array[NFT_META_MAX] = { [NFT_META_LEN] = "len", [NFT_META_PROTOCOL] = "protocol", @@ -207,6 +168,7 @@ static const char *meta_key2str_array[NFT_META_MAX] = { [NFT_META_TIME_HOUR] = "hour", [NFT_META_SDIF] = "sdif", [NFT_META_SDIFNAME] = "sdifname", + [NFT_META_BRI_BROUTE] = "broute", }; static const char *meta_key2str(uint8_t key) @@ -255,10 +217,5 @@ struct expr_ops expr_ops_meta = { .get = nftnl_expr_meta_get, .parse = nftnl_expr_meta_parse, .build = nftnl_expr_meta_build, - .snprintf = nftnl_expr_meta_snprintf, - .reg = { - .len = nftnl_meta_reg_len, - .cmp = nftnl_meta_reg_cmp, - .update = nftnl_meta_reg_update, - }, + .output = nftnl_expr_meta_snprintf, }; diff --git a/src/expr/nat.c b/src/expr/nat.c index 0a9cdd7..ca727be 100644 --- a/src/expr/nat.c +++ b/src/expr/nat.c @@ -274,5 +274,5 @@ struct expr_ops expr_ops_nat = { .get = nftnl_expr_nat_get, .parse = nftnl_expr_nat_parse, .build = nftnl_expr_nat_build, - .snprintf = nftnl_expr_nat_snprintf, + .output = nftnl_expr_nat_snprintf, }; diff --git a/src/expr/numgen.c b/src/expr/numgen.c index 159dfec..d4020a6 100644 --- a/src/expr/numgen.c +++ b/src/expr/numgen.c @@ -180,5 +180,5 @@ struct expr_ops expr_ops_ng = { .get = nftnl_expr_ng_get, .parse = nftnl_expr_ng_parse, .build = nftnl_expr_ng_build, - .snprintf = nftnl_expr_ng_snprintf, + .output = nftnl_expr_ng_snprintf, }; diff --git a/src/expr/objref.c b/src/expr/objref.c index a4b6470..ad0688f 100644 --- a/src/expr/objref.c +++ b/src/expr/objref.c @@ -205,5 +205,5 @@ struct expr_ops expr_ops_objref = { .get = nftnl_expr_objref_get, .parse = nftnl_expr_objref_parse, .build = nftnl_expr_objref_build, - .snprintf = nftnl_expr_objref_snprintf, + .output = nftnl_expr_objref_snprintf, }; diff --git a/src/expr/osf.c b/src/expr/osf.c index 666b6b7..f15a722 100644 --- a/src/expr/osf.c +++ b/src/expr/osf.c @@ -11,7 +11,6 @@ #include <libnftnl/rule.h> #define OSF_GENRE_SIZE 32 -#define NFT_OSF_MAXGENRELEN 16 struct nftnl_expr_osf { enum nft_registers dreg; @@ -126,32 +125,6 @@ nftnl_expr_osf_parse(struct nftnl_expr *e, struct nlattr *attr) } static int -nftnl_expr_osf_reg_len(const struct nftnl_expr *e) -{ - return NFT_OSF_MAXGENRELEN; -} - -static bool -nftnl_expr_osf_reg_cmp(const struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_osf *osf = nftnl_expr_data(e); - - return reg->osf.ttl == osf->ttl && - reg->osf.flags == osf->flags; -} - -static void -nftnl_expr_osf_reg_update(struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_osf *osf = nftnl_expr_data(e); - - reg->osf.ttl = osf->ttl; - reg->osf.flags = osf->flags; -} - -static int nftnl_expr_osf_snprintf(char *buf, size_t len, uint32_t flags, const struct nftnl_expr *e) { @@ -174,10 +147,5 @@ struct expr_ops expr_ops_osf = { .get = nftnl_expr_osf_get, .parse = nftnl_expr_osf_parse, .build = nftnl_expr_osf_build, - .snprintf = nftnl_expr_osf_snprintf, - .reg = { - .len = nftnl_expr_osf_reg_len, - .cmp = nftnl_expr_osf_reg_cmp, - .update = nftnl_expr_osf_reg_update, - }, + .output = nftnl_expr_osf_snprintf, }; diff --git a/src/expr/payload.c b/src/expr/payload.c index 8b41a9d..c633e33 100644 --- a/src/expr/payload.c +++ b/src/expr/payload.c @@ -203,37 +203,12 @@ nftnl_expr_payload_parse(struct nftnl_expr *e, struct nlattr *attr) return 0; } -static int nftnl_payload_reg_len(const struct nftnl_expr *expr) -{ - const struct nftnl_expr_payload *payload = nftnl_expr_data(expr); - - return payload->len; -} - -static bool nftnl_payload_reg_cmp(const struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_payload *payload = nftnl_expr_data(e); - - return reg->payload.base == payload->base && - reg->payload.offset == payload->offset && - reg->len >= payload->len; -} - -static void nftnl_payload_reg_update(struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_payload *payload = nftnl_expr_data(e); - - reg->payload.base = payload->base; - reg->payload.offset = payload->offset; -} - -static const char *base2str_array[NFT_PAYLOAD_INNER_HEADER + 1] = { +static const char *base2str_array[NFT_PAYLOAD_TUN_HEADER + 1] = { [NFT_PAYLOAD_LL_HEADER] = "link", [NFT_PAYLOAD_NETWORK_HEADER] = "network", [NFT_PAYLOAD_TRANSPORT_HEADER] = "transport", [NFT_PAYLOAD_INNER_HEADER] = "inner", + [NFT_PAYLOAD_TUN_HEADER] = "tunnel", }; static const char *base2str(enum nft_payload_bases base) @@ -244,20 +219,6 @@ static const char *base2str(enum nft_payload_bases base) return base2str_array[base]; } -static inline int nftnl_str2base(const char *base) -{ - if (strcmp(base, "link") == 0) - return NFT_PAYLOAD_LL_HEADER; - else if (strcmp(base, "network") == 0) - return NFT_PAYLOAD_NETWORK_HEADER; - else if (strcmp(base, "transport") == 0) - return NFT_PAYLOAD_TRANSPORT_HEADER; - else { - errno = EINVAL; - return -1; - } -} - static int nftnl_expr_payload_snprintf(char *buf, size_t len, uint32_t flags, const struct nftnl_expr *e) @@ -285,10 +246,5 @@ struct expr_ops expr_ops_payload = { .get = nftnl_expr_payload_get, .parse = nftnl_expr_payload_parse, .build = nftnl_expr_payload_build, - .snprintf = nftnl_expr_payload_snprintf, - .reg = { - .len = nftnl_payload_reg_len, - .cmp = nftnl_payload_reg_cmp, - .update = nftnl_payload_reg_update, - }, + .output = nftnl_expr_payload_snprintf, }; diff --git a/src/expr/queue.c b/src/expr/queue.c index 8f70977..de287f2 100644 --- a/src/expr/queue.c +++ b/src/expr/queue.c @@ -193,5 +193,5 @@ struct expr_ops expr_ops_queue = { .get = nftnl_expr_queue_get, .parse = nftnl_expr_queue_parse, .build = nftnl_expr_queue_build, - .snprintf = nftnl_expr_queue_snprintf, + .output = nftnl_expr_queue_snprintf, }; diff --git a/src/expr/quota.c b/src/expr/quota.c index 8c841d8..835729c 100644 --- a/src/expr/quota.c +++ b/src/expr/quota.c @@ -147,5 +147,5 @@ struct expr_ops expr_ops_quota = { .get = nftnl_expr_quota_get, .parse = nftnl_expr_quota_parse, .build = nftnl_expr_quota_build, - .snprintf = nftnl_expr_quota_snprintf, + .output = nftnl_expr_quota_snprintf, }; diff --git a/src/expr/range.c b/src/expr/range.c index f76843a..473add8 100644 --- a/src/expr/range.c +++ b/src/expr/range.c @@ -213,5 +213,5 @@ struct expr_ops expr_ops_range = { .get = nftnl_expr_range_get, .parse = nftnl_expr_range_parse, .build = nftnl_expr_range_build, - .snprintf = nftnl_expr_range_snprintf, + .output = nftnl_expr_range_snprintf, }; diff --git a/src/expr/redir.c b/src/expr/redir.c index 4f56cb4..87c2acc 100644 --- a/src/expr/redir.c +++ b/src/expr/redir.c @@ -167,5 +167,5 @@ struct expr_ops expr_ops_redir = { .get = nftnl_expr_redir_get, .parse = nftnl_expr_redir_parse, .build = nftnl_expr_redir_build, - .snprintf = nftnl_expr_redir_snprintf, + .output = nftnl_expr_redir_snprintf, }; diff --git a/src/expr/reject.c b/src/expr/reject.c index 716d25c..c7c9441 100644 --- a/src/expr/reject.c +++ b/src/expr/reject.c @@ -134,5 +134,5 @@ struct expr_ops expr_ops_reject = { .get = nftnl_expr_reject_get, .parse = nftnl_expr_reject_parse, .build = nftnl_expr_reject_build, - .snprintf = nftnl_expr_reject_snprintf, + .output = nftnl_expr_reject_snprintf, }; diff --git a/src/expr/rt.c b/src/expr/rt.c index 16a1aff..695a658 100644 --- a/src/expr/rt.c +++ b/src/expr/rt.c @@ -12,7 +12,6 @@ #include <string.h> #include <arpa/inet.h> #include <errno.h> -#include <assert.h> #include <linux/netfilter/nf_tables.h> #include "internal.h" @@ -113,46 +112,6 @@ nftnl_expr_rt_parse(struct nftnl_expr *e, struct nlattr *attr) return 0; } -static int nftnl_expr_rt_reg_len(const struct nftnl_expr *e) -{ - const struct nftnl_expr_rt *rt = nftnl_expr_data(e); - - switch (rt->key) { - case NFT_RT_CLASSID: - case NFT_RT_NEXTHOP4: - return sizeof(uint32_t); - case NFT_RT_NEXTHOP6: - return sizeof(uint32_t) * 4; - case NFT_RT_TCPMSS: - return sizeof(uint16_t); - case NFT_RT_XFRM: - return sizeof(uint8_t); - default: - assert(0); - break; - } - - return sizeof(uint32_t); -} - -static bool -nftnl_expr_rt_reg_cmp(const struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_rt *rt = nftnl_expr_data(e); - - return reg->rt.key == rt->key; -} - -static void -nftnl_expr_rt_reg_update(struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_rt *rt = nftnl_expr_data(e); - - reg->rt.key = rt->key; -} - static const char *rt_key2str_array[NFT_RT_MAX + 1] = { [NFT_RT_CLASSID] = "classid", [NFT_RT_NEXTHOP4] = "nexthop4", @@ -203,10 +162,5 @@ struct expr_ops expr_ops_rt = { .get = nftnl_expr_rt_get, .parse = nftnl_expr_rt_parse, .build = nftnl_expr_rt_build, - .snprintf = nftnl_expr_rt_snprintf, - .reg = { - .len = nftnl_expr_rt_reg_len, - .cmp = nftnl_expr_rt_reg_cmp, - .update = nftnl_expr_rt_reg_update, - }, + .output = nftnl_expr_rt_snprintf, }; diff --git a/src/expr/socket.c b/src/expr/socket.c index edd28ca..83045c0 100644 --- a/src/expr/socket.c +++ b/src/expr/socket.c @@ -12,7 +12,6 @@ #include <string.h> #include <arpa/inet.h> #include <errno.h> -#include <assert.h> #include <linux/netfilter/nf_tables.h> #include "internal.h" @@ -127,47 +126,6 @@ nftnl_expr_socket_parse(struct nftnl_expr *e, struct nlattr *attr) return 0; } -static int -nftnl_expr_socket_reg_len(const struct nftnl_expr *e) -{ - const struct nftnl_expr_socket *socket = nftnl_expr_data(e); - - switch(socket->key) { - case NFT_SOCKET_TRANSPARENT: - case NFT_SOCKET_WILDCARD: - return sizeof(uint8_t); - case NFT_SOCKET_MARK: - return sizeof(uint32_t); - case NFT_SOCKET_CGROUPV2: - return sizeof(uint64_t); - default: - assert(0); - break; - } - - return sizeof(uint32_t); -} - -static bool -nftnl_expr_socket_reg_cmp(const struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_socket *socket = nftnl_expr_data(e); - - return reg->socket.key == socket->key && - reg->socket.level == socket->level; -} - -static void -nftnl_expr_socket_reg_update(struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_socket *socket = nftnl_expr_data(e); - - reg->socket.key = socket->key; - reg->socket.level = socket->level; -} - static const char *socket_key2str_array[NFT_SOCKET_MAX + 1] = { [NFT_SOCKET_TRANSPARENT] = "transparent", [NFT_SOCKET_MARK] = "mark", @@ -207,10 +165,5 @@ struct expr_ops expr_ops_socket = { .get = nftnl_expr_socket_get, .parse = nftnl_expr_socket_parse, .build = nftnl_expr_socket_build, - .snprintf = nftnl_expr_socket_snprintf, - .reg = { - .len = nftnl_expr_socket_reg_len, - .cmp = nftnl_expr_socket_reg_cmp, - .update = nftnl_expr_socket_reg_update, - }, + .output = nftnl_expr_socket_snprintf, }; diff --git a/src/expr/synproxy.c b/src/expr/synproxy.c index 630f3f4..47fcaef 100644 --- a/src/expr/synproxy.c +++ b/src/expr/synproxy.c @@ -152,5 +152,5 @@ struct expr_ops expr_ops_synproxy = { .get = nftnl_expr_synproxy_get, .parse = nftnl_expr_synproxy_parse, .build = nftnl_expr_synproxy_build, - .snprintf = nftnl_expr_synproxy_snprintf, + .output = nftnl_expr_synproxy_snprintf, }; diff --git a/src/expr/target.c b/src/expr/target.c index b7c595a..2a3fe8a 100644 --- a/src/expr/target.c +++ b/src/expr/target.c @@ -189,5 +189,5 @@ struct expr_ops expr_ops_target = { .get = nftnl_expr_target_get, .parse = nftnl_expr_target_parse, .build = nftnl_expr_target_build, - .snprintf = nftnl_expr_target_snprintf, + .output = nftnl_expr_target_snprintf, }; diff --git a/src/expr/tproxy.c b/src/expr/tproxy.c index d3ee8f8..bd5ffbf 100644 --- a/src/expr/tproxy.c +++ b/src/expr/tproxy.c @@ -170,5 +170,5 @@ struct expr_ops expr_ops_tproxy = { .get = nftnl_expr_tproxy_get, .parse = nftnl_expr_tproxy_parse, .build = nftnl_expr_tproxy_build, - .snprintf = nftnl_expr_tproxy_snprintf, + .output = nftnl_expr_tproxy_snprintf, }; diff --git a/src/expr/tunnel.c b/src/expr/tunnel.c index 1460fd2..a00f620 100644 --- a/src/expr/tunnel.c +++ b/src/expr/tunnel.c @@ -145,5 +145,5 @@ struct expr_ops expr_ops_tunnel = { .get = nftnl_expr_tunnel_get, .parse = nftnl_expr_tunnel_parse, .build = nftnl_expr_tunnel_build, - .snprintf = nftnl_expr_tunnel_snprintf, + .output = nftnl_expr_tunnel_snprintf, }; diff --git a/src/expr/xfrm.c b/src/expr/xfrm.c index 7f6d7fe..2db00d5 100644 --- a/src/expr/xfrm.c +++ b/src/expr/xfrm.c @@ -10,7 +10,6 @@ #include <stdint.h> #include <arpa/inet.h> #include <errno.h> -#include <assert.h> #include <linux/netfilter/nf_tables.h> #include <linux/xfrm.h> @@ -142,51 +141,6 @@ nftnl_expr_xfrm_parse(struct nftnl_expr *e, struct nlattr *attr) return 0; } -static int -nftnl_expr_xfrm_reg_len(const struct nftnl_expr *e) -{ - const struct nftnl_expr_xfrm *xfrm = nftnl_expr_data(e); - - switch (xfrm->key) { - case NFT_XFRM_KEY_REQID: - case NFT_XFRM_KEY_SPI: - return sizeof(uint32_t); - case NFT_XFRM_KEY_DADDR_IP4: - case NFT_XFRM_KEY_SADDR_IP4: - return sizeof(struct in_addr); - case NFT_XFRM_KEY_DADDR_IP6: - case NFT_XFRM_KEY_SADDR_IP6: - return sizeof(struct in6_addr); - default: - assert(0); - break; - } - - return sizeof(struct in_addr); -} - -static bool -nftnl_expr_xfrm_reg_cmp(const struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_xfrm *xfrm = nftnl_expr_data(e); - - return reg->xfrm.key == xfrm->key && - reg->xfrm.spnum == xfrm->spnum && - reg->xfrm.dir == xfrm->dir; -} - -static void -nftnl_expr_xfrm_reg_update(struct nftnl_reg *reg, - const struct nftnl_expr *e) -{ - const struct nftnl_expr_xfrm *xfrm = nftnl_expr_data(e); - - reg->xfrm.key = xfrm->key; - reg->xfrm.spnum = xfrm->spnum; - reg->xfrm.dir = xfrm->dir; -} - static const char *xfrmkey2str_array[] = { [NFT_XFRM_KEY_DADDR_IP4] = "daddr4", [NFT_XFRM_KEY_SADDR_IP4] = "saddr4", @@ -242,10 +196,5 @@ struct expr_ops expr_ops_xfrm = { .get = nftnl_expr_xfrm_get, .parse = nftnl_expr_xfrm_parse, .build = nftnl_expr_xfrm_build, - .snprintf = nftnl_expr_xfrm_snprintf, - .reg = { - .len = nftnl_expr_xfrm_reg_len, - .cmp = nftnl_expr_xfrm_reg_cmp, - .update = nftnl_expr_xfrm_reg_update, - }, + .output = nftnl_expr_xfrm_snprintf, }; diff --git a/src/expr_ops.c b/src/expr_ops.c index 7248e4f..b85f472 100644 --- a/src/expr_ops.c +++ b/src/expr_ops.c @@ -14,6 +14,7 @@ extern struct expr_ops expr_ops_dup; extern struct expr_ops expr_ops_exthdr; extern struct expr_ops expr_ops_fwd; extern struct expr_ops expr_ops_immediate; +extern struct expr_ops expr_ops_inner; extern struct expr_ops expr_ops_last; extern struct expr_ops expr_ops_limit; extern struct expr_ops expr_ops_log; @@ -58,6 +59,7 @@ static struct expr_ops *expr_ops[] = { &expr_ops_exthdr, &expr_ops_fwd, &expr_ops_immediate, + &expr_ops_inner, &expr_ops_last, &expr_ops_limit, &expr_ops_log, diff --git a/src/libnftnl.map b/src/libnftnl.map index 3a85325..ad8f2af 100644 --- a/src/libnftnl.map +++ b/src/libnftnl.map @@ -387,10 +387,3 @@ LIBNFTNL_16 { LIBNFTNL_17 { nftnl_set_elem_nlmsg_build; } LIBNFTNL_16; - -LIBNFTNL_18 { - nftnl_regs_alloc; - nftnl_regs_free; - nftnl_reg_get; - nftnl_reg_get_scratch; -} LIBNFTNL_17; diff --git a/src/obj/counter.c b/src/obj/counter.c index ef0cd20..ebf3e74 100644 --- a/src/obj/counter.c +++ b/src/obj/counter.c @@ -127,5 +127,5 @@ struct obj_ops obj_ops_counter = { .get = nftnl_obj_counter_get, .parse = nftnl_obj_counter_parse, .build = nftnl_obj_counter_build, - .snprintf = nftnl_obj_counter_snprintf, + .output = nftnl_obj_counter_snprintf, }; diff --git a/src/obj/ct_expect.c b/src/obj/ct_expect.c index 8136ad9..810ba9a 100644 --- a/src/obj/ct_expect.c +++ b/src/obj/ct_expect.c @@ -196,5 +196,5 @@ struct obj_ops obj_ops_ct_expect = { .get = nftnl_obj_ct_expect_get, .parse = nftnl_obj_ct_expect_parse, .build = nftnl_obj_ct_expect_build, - .snprintf = nftnl_obj_ct_expect_snprintf, + .output = nftnl_obj_ct_expect_snprintf, }; diff --git a/src/obj/ct_helper.c b/src/obj/ct_helper.c index c52032a..a31bd6f 100644 --- a/src/obj/ct_helper.c +++ b/src/obj/ct_helper.c @@ -150,5 +150,5 @@ struct obj_ops obj_ops_ct_helper = { .get = nftnl_obj_ct_helper_get, .parse = nftnl_obj_ct_helper_parse, .build = nftnl_obj_ct_helper_build, - .snprintf = nftnl_obj_ct_helper_snprintf, + .output = nftnl_obj_ct_helper_snprintf, }; diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c index 1d4f8fb..65b48bd 100644 --- a/src/obj/ct_timeout.c +++ b/src/obj/ct_timeout.c @@ -316,5 +316,5 @@ struct obj_ops obj_ops_ct_timeout = { .get = nftnl_obj_ct_timeout_get, .parse = nftnl_obj_ct_timeout_parse, .build = nftnl_obj_ct_timeout_build, - .snprintf = nftnl_obj_ct_timeout_snprintf, + .output = nftnl_obj_ct_timeout_snprintf, }; diff --git a/src/obj/limit.c b/src/obj/limit.c index 8b40f9d..d7b1aed 100644 --- a/src/obj/limit.c +++ b/src/obj/limit.c @@ -168,5 +168,5 @@ struct obj_ops obj_ops_limit = { .get = nftnl_obj_limit_get, .parse = nftnl_obj_limit_parse, .build = nftnl_obj_limit_build, - .snprintf = nftnl_obj_limit_snprintf, + .output = nftnl_obj_limit_snprintf, }; diff --git a/src/obj/quota.c b/src/obj/quota.c index 8ab3300..6c7559a 100644 --- a/src/obj/quota.c +++ b/src/obj/quota.c @@ -144,5 +144,5 @@ struct obj_ops obj_ops_quota = { .get = nftnl_obj_quota_get, .parse = nftnl_obj_quota_parse, .build = nftnl_obj_quota_build, - .snprintf = nftnl_obj_quota_snprintf, + .output = nftnl_obj_quota_snprintf, }; diff --git a/src/obj/secmark.c b/src/obj/secmark.c index 2ccc803..e5c24b3 100644 --- a/src/obj/secmark.c +++ b/src/obj/secmark.c @@ -116,5 +116,5 @@ struct obj_ops obj_ops_secmark = { .get = nftnl_obj_secmark_get, .parse = nftnl_obj_secmark_parse, .build = nftnl_obj_secmark_build, - .snprintf = nftnl_obj_secmark_snprintf, + .output = nftnl_obj_secmark_snprintf, }; diff --git a/src/obj/synproxy.c b/src/obj/synproxy.c index d689fee..baef5c2 100644 --- a/src/obj/synproxy.c +++ b/src/obj/synproxy.c @@ -143,5 +143,5 @@ struct obj_ops obj_ops_synproxy = { .get = nftnl_obj_synproxy_get, .parse = nftnl_obj_synproxy_parse, .build = nftnl_obj_synproxy_build, - .snprintf = nftnl_obj_synproxy_snprintf, + .output = nftnl_obj_synproxy_snprintf, }; diff --git a/src/obj/tunnel.c b/src/obj/tunnel.c index 5ede6bd..d2503dc 100644 --- a/src/obj/tunnel.c +++ b/src/obj/tunnel.c @@ -547,5 +547,5 @@ struct obj_ops obj_ops_tunnel = { .get = nftnl_obj_tunnel_get, .parse = nftnl_obj_tunnel_parse, .build = nftnl_obj_tunnel_build, - .snprintf = nftnl_obj_tunnel_snprintf, + .output = nftnl_obj_tunnel_snprintf, }; diff --git a/src/object.c b/src/object.c index 46e208b..232b97a 100644 --- a/src/object.c +++ b/src/object.c @@ -396,7 +396,7 @@ static int nftnl_obj_snprintf_dflt(char *buf, size_t remain, SNPRINTF_BUFFER_SIZE(ret, remain, offset); if (obj->ops) { - ret = obj->ops->snprintf(buf + offset, remain, flags, obj); + ret = obj->ops->output(buf + offset, remain, flags, obj); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } ret = snprintf(buf + offset, remain, "]"); diff --git a/src/regs.c b/src/regs.c deleted file mode 100644 index 1551aa7..0000000 --- a/src/regs.c +++ /dev/null @@ -1,239 +0,0 @@ -/* - * (C) 2012-2022 by Pablo Neira Ayuso <pablo@netfilter.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - */ - -/* Funded through the NGI0 PET Fund established by NLnet (https://nlnet.nl) - * with support from the European Commission's Next Generation Internet - * programme. - */ - -#include <string.h> -#include <stdio.h> -#include <stdlib.h> -#include <stdbool.h> -#include <errno.h> -#include <assert.h> - -#include <libnftnl/regs.h> - -#include "internal.h" - -EXPORT_SYMBOL(nftnl_regs_alloc); -struct nftnl_regs *nftnl_regs_alloc(uint32_t num_regs) -{ - struct nftnl_regs *regs; - - if (num_regs < 16) - num_regs = 16; - - regs = calloc(1, sizeof(struct nftnl_regs)); - if (!regs) - return NULL; - - regs->reg = calloc(num_regs, sizeof(struct nftnl_reg)); - if (!regs->reg) { - free(regs->reg); - return NULL; - } - - regs->num_regs = num_regs; - - return regs; -} - -EXPORT_SYMBOL(nftnl_regs_free); -void nftnl_regs_free(const struct nftnl_regs *regs) -{ - xfree(regs->reg); - xfree(regs); -} - -static enum nftnl_expr_type nftnl_expr_type(const struct nftnl_expr *expr) -{ - if (!strcmp(expr->ops->name, "ct")) - return NFT_EXPR_CT; - else if (!strcmp(expr->ops->name, "exthdr")) - return NFT_EXPR_EXTHDR; - else if (!strcmp(expr->ops->name, "fib")) - return NFT_EXPR_FIB; - else if (!strcmp(expr->ops->name, "meta")) - return NFT_EXPR_META; - else if (!strcmp(expr->ops->name, "osf")) - return NFT_EXPR_OSF; - else if (!strcmp(expr->ops->name, "payload")) - return NFT_EXPR_PAYLOAD; - else if (!strcmp(expr->ops->name, "rt")) - return NFT_EXPR_RT; - else if (!strcmp(expr->ops->name, "socket")) - return NFT_EXPR_SOCKET; - else if (!strcmp(expr->ops->name, "xfrm")) - return NFT_EXPR_XFRM; - - assert(0); - return NFT_EXPR_UNSPEC; -} - -static int nftnl_expr_reg_len(const struct nftnl_expr *expr) -{ - return expr->ops->reg.len(expr); -} - -static bool nftnl_expr_reg_cmp(const struct nftnl_regs *regs, - const struct nftnl_expr *expr, int i) -{ - if (regs->reg[i].type != nftnl_expr_type(expr)) - return false; - - return expr->ops->reg.cmp(®s->reg[i], expr); -} - -static void nft_expr_reg_update(struct nftnl_regs *regs, - const struct nftnl_expr *expr, int i) -{ - return expr->ops->reg.update(®s->reg[i], expr); -} - -static int reg_space(const struct nftnl_regs *regs, int i) -{ - return sizeof(uint32_t) * regs->num_regs - sizeof(uint32_t) * i; -} - -struct nftnl_reg_ctx { - uint64_t genid; - int reg; - int evict; -}; - -static void register_track(struct nftnl_reg_ctx *ctx, - const struct nftnl_regs *regs, int i, int len) -{ - if (ctx->reg >= 0 || regs->reg[i].word || reg_space(regs, i) < len) - return; - - if (regs->reg[i].type == NFT_EXPR_UNSPEC) { - ctx->genid = regs->genid; - ctx->reg = i; - } else if (regs->reg[i].genid < ctx->genid) { - ctx->genid = regs->reg[i].genid; - ctx->evict = i; - } -} - -static void register_evict(struct nftnl_reg_ctx *ctx) -{ - if (ctx->reg < 0) { - assert(ctx->evict >= 0); - ctx->reg = ctx->evict; - } -} - -static void __register_update(struct nftnl_regs *regs, uint8_t reg, - int type, uint32_t len, uint8_t word, - uint64_t genid, const struct nftnl_expr *expr) -{ - regs->reg[reg].type = type; - regs->reg[reg].genid = genid; - regs->reg[reg].len = len; - regs->reg[reg].word = word; - nft_expr_reg_update(regs, expr, reg); -} - -static void __register_cancel(struct nftnl_regs *regs, int i) -{ - regs->reg[i].type = NFT_EXPR_UNSPEC; - regs->reg[i].word = 0; - regs->reg[i].len = 0; - regs->reg[i].genid = 0; -} - -static void register_cancel(struct nftnl_reg_ctx *ctx, struct nftnl_regs *regs, - int len) -{ - int i; - - for (i = ctx->reg; len > 0; i++, len -= sizeof(uint32_t)) { - if (regs->reg[i].type == NFT_EXPR_UNSPEC) - continue; - - __register_cancel(regs, i); - } - - while (i < regs->num_regs && regs->reg[i].word != 0) { - __register_cancel(regs, i); - i++; - } -} - -static void register_update(struct nftnl_reg_ctx *ctx, struct nftnl_regs *regs, - int type, uint32_t len, uint64_t genid, - const struct nftnl_expr *expr) -{ - register_cancel(ctx, regs, len); - __register_update(regs, ctx->reg, type, len, 0, genid, expr); -} - -static uint64_t reg_genid(struct nftnl_regs *regs) -{ - return ++regs->genid; -} - -EXPORT_SYMBOL(nftnl_reg_get); -uint32_t nftnl_reg_get(struct nftnl_regs *regs, const struct nftnl_expr *expr) -{ - struct nftnl_reg_ctx ctx = { - .reg = -1, - .evict = -1, - .genid = UINT64_MAX, - }; - enum nftnl_expr_type type; - uint64_t genid; - int i, j, len; - - type = nftnl_expr_type(expr); - len = nftnl_expr_reg_len(expr); - - for (i = 0; i < regs->num_regs; i++) { - register_track(&ctx, regs, i, len); - - if (!nftnl_expr_reg_cmp(regs, expr, i)) - continue; - - regs->reg[i].genid = reg_genid(regs); - return i + NFT_REG32_00; - } - - register_evict(&ctx); - genid = reg_genid(regs); - register_update(&ctx, regs, type, len, genid, expr); - - len -= sizeof(uint32_t); - j = 1; - for (i = ctx.reg + 1; len > 0; i++, len -= sizeof(uint32_t)) - __register_update(regs, i, type, len, j++, genid, expr); - - return ctx.reg + NFT_REG32_00; -} - -EXPORT_SYMBOL(nftnl_reg_get_scratch); -uint32_t nftnl_reg_get_scratch(struct nftnl_regs *regs, uint32_t len) -{ - struct nftnl_reg_ctx ctx = { - .reg = -1, - .evict = -1, - .genid = UINT64_MAX, - }; - int i; - - for (i = 0; i < regs->num_regs; i++) - register_track(&ctx, regs, i, len); - - register_evict(&ctx); - register_cancel(&ctx, regs, len); - - return ctx.reg + NFT_REG32_00; -} @@ -622,12 +622,13 @@ static int nftnl_rule_snprintf_default(char *buf, size_t remain, for (i = 0; i < r->user.len; i++) { char *c = r->user.data; - ret = snprintf(buf + offset, remain, "%c", - isalnum(c[i]) ? c[i] : 0); + ret = snprintf(buf + offset, remain, + isprint(c[i]) ? "%c" : "\\x%02hhx", + c[i]); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } - ret = snprintf(buf + offset, remain, " }\n"); + ret = snprintf(buf + offset, remain, " }"); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } @@ -54,8 +54,10 @@ void nftnl_set_free(const struct nftnl_set *s) if (s->flags & (1 << NFTNL_SET_USERDATA)) xfree(s->user.data); - list_for_each_entry_safe(expr, next, &s->expr_list, head) + list_for_each_entry_safe(expr, next, &s->expr_list, head) { + list_del(&expr->head); nftnl_expr_free(expr); + } list_for_each_entry_safe(elem, tmp, &s->element_list, head) { list_del(&elem->head); @@ -105,8 +107,10 @@ void nftnl_set_unset(struct nftnl_set *s, uint16_t attr) break; case NFTNL_SET_EXPR: case NFTNL_SET_EXPRESSIONS: - list_for_each_entry_safe(expr, tmp, &s->expr_list, head) + list_for_each_entry_safe(expr, tmp, &s->expr_list, head) { + list_del(&expr->head); nftnl_expr_free(expr); + } break; default: return; @@ -210,8 +214,10 @@ int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data, s->user.len = data_len; break; case NFTNL_SET_EXPR: - list_for_each_entry_safe(expr, tmp, &s->expr_list, head) + list_for_each_entry_safe(expr, tmp, &s->expr_list, head) { + list_del(&expr->head); nftnl_expr_free(expr); + } expr = (void *)data; list_add(&expr->head, &s->expr_list); @@ -742,8 +748,10 @@ int nftnl_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_set *s) return 0; out_set_expr: - list_for_each_entry_safe(expr, next, &s->expr_list, head) + list_for_each_entry_safe(expr, next, &s->expr_list, head) { + list_del(&expr->head); nftnl_expr_free(expr); + } return -1; } diff --git a/src/set_elem.c b/src/set_elem.c index 95009ac..884faff 100644 --- a/src/set_elem.c +++ b/src/set_elem.c @@ -735,18 +735,19 @@ int nftnl_set_elem_snprintf_default(char *buf, size_t remain, SNPRINTF_BUFFER_SIZE(ret, remain, offset); if (e->user.len) { - ret = snprintf(buf + offset, remain, " userdata = {"); + ret = snprintf(buf + offset, remain, " userdata = { "); SNPRINTF_BUFFER_SIZE(ret, remain, offset); for (i = 0; i < e->user.len; i++) { char *c = e->user.data; - ret = snprintf(buf + offset, remain, "%c", - isalnum(c[i]) ? c[i] : 0); + ret = snprintf(buf + offset, remain, + isprint(c[i]) ? "%c" : "\\x%02hhx", + c[i]); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } - ret = snprintf(buf + offset, remain, " }\n"); + ret = snprintf(buf + offset, remain, " }"); SNPRINTF_BUFFER_SIZE(ret, remain, offset); } diff --git a/tests/nft-chain-test.c b/tests/nft-chain-test.c index d678d46..35a65be 100644 --- a/tests/nft-chain-test.c +++ b/tests/nft-chain-test.c @@ -89,8 +89,7 @@ int main(int argc, char *argv[]) nftnl_chain_set_str(a, NFTNL_CHAIN_DEV, "eth0"); /* cmd extracted from include/linux/netfilter/nf_tables.h */ - nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, AF_INET, - 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, AF_INET, 0, 1234); nftnl_chain_nlmsg_build_payload(nlh, a); if (nftnl_chain_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_bitwise-test.c b/tests/nft-expr_bitwise-test.c index f134728..44c4bf0 100644 --- a/tests/nft-expr_bitwise-test.c +++ b/tests/nft-expr_bitwise-test.c @@ -129,7 +129,7 @@ static void test_bool(void) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) @@ -183,7 +183,7 @@ static void test_lshift(void) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) @@ -237,7 +237,7 @@ static void test_rshift(void) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_byteorder-test.c b/tests/nft-expr_byteorder-test.c index 5994e5b..30e64c0 100644 --- a/tests/nft-expr_byteorder-test.c +++ b/tests/nft-expr_byteorder-test.c @@ -72,7 +72,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_cmp-test.c b/tests/nft-expr_cmp-test.c index ec00bb9..0bab67b 100644 --- a/tests/nft-expr_cmp-test.c +++ b/tests/nft-expr_cmp-test.c @@ -68,7 +68,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_counter-test.c b/tests/nft-expr_counter-test.c index 519bc1f..81c3fe1 100644 --- a/tests/nft-expr_counter-test.c +++ b/tests/nft-expr_counter-test.c @@ -60,7 +60,7 @@ int main(int argc, char *argv[]) nftnl_expr_set_u64(ex, NFTNL_EXPR_CTR_PACKETS, 0xf0123456789abcde); nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_ct-test.c b/tests/nft-expr_ct-test.c index e98fbab..548a426 100644 --- a/tests/nft-expr_ct-test.c +++ b/tests/nft-expr_ct-test.c @@ -62,7 +62,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_dup-test.c b/tests/nft-expr_dup-test.c index 3c37d4a..0c5df9a 100644 --- a/tests/nft-expr_dup-test.c +++ b/tests/nft-expr_dup-test.c @@ -59,7 +59,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_exthdr-test.c b/tests/nft-expr_exthdr-test.c index fef2dd0..b2c72b7 100644 --- a/tests/nft-expr_exthdr-test.c +++ b/tests/nft-expr_exthdr-test.c @@ -68,7 +68,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) print_err("parsing problems"); diff --git a/tests/nft-expr_fwd-test.c b/tests/nft-expr_fwd-test.c index 4fdf53d..825dad3 100644 --- a/tests/nft-expr_fwd-test.c +++ b/tests/nft-expr_fwd-test.c @@ -55,7 +55,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_hash-test.c b/tests/nft-expr_hash-test.c index 7be6e9e..6644bb7 100644 --- a/tests/nft-expr_hash-test.c +++ b/tests/nft-expr_hash-test.c @@ -76,7 +76,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) print_err("parsing problems"); diff --git a/tests/nft-expr_immediate-test.c b/tests/nft-expr_immediate-test.c index c25eedb..5027813 100644 --- a/tests/nft-expr_immediate-test.c +++ b/tests/nft-expr_immediate-test.c @@ -93,7 +93,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex_val); nftnl_rule_add_expr(a, ex_ver); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_limit-test.c b/tests/nft-expr_limit-test.c index 2838941..38aaf56 100644 --- a/tests/nft-expr_limit-test.c +++ b/tests/nft-expr_limit-test.c @@ -73,7 +73,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_log-test.c b/tests/nft-expr_log-test.c index b7aa302..275ffae 100644 --- a/tests/nft-expr_log-test.c +++ b/tests/nft-expr_log-test.c @@ -68,7 +68,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) print_err("parsing problems"); diff --git a/tests/nft-expr_lookup-test.c b/tests/nft-expr_lookup-test.c index 9e6e051..9b70525 100644 --- a/tests/nft-expr_lookup-test.c +++ b/tests/nft-expr_lookup-test.c @@ -76,7 +76,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_masq-test.c b/tests/nft-expr_masq-test.c index 3f9903d..0917914 100644 --- a/tests/nft-expr_masq-test.c +++ b/tests/nft-expr_masq-test.c @@ -62,7 +62,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_match-test.c b/tests/nft-expr_match-test.c index 39a49d8..fdeacc4 100644 --- a/tests/nft-expr_match-test.c +++ b/tests/nft-expr_match-test.c @@ -74,7 +74,7 @@ int main(int argc, char *argv[]) nftnl_expr_set(ex, NFTNL_EXPR_MT_INFO, strdup(data), sizeof(data)); nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_meta-test.c b/tests/nft-expr_meta-test.c index 8fb7873..2f03fb1 100644 --- a/tests/nft-expr_meta-test.c +++ b/tests/nft-expr_meta-test.c @@ -60,7 +60,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) print_err("parsing problems"); diff --git a/tests/nft-expr_nat-test.c b/tests/nft-expr_nat-test.c index fd3a488..3a365dd 100644 --- a/tests/nft-expr_nat-test.c +++ b/tests/nft-expr_nat-test.c @@ -81,7 +81,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_numgen-test.c b/tests/nft-expr_numgen-test.c index 0d0a3bb..94df50f 100644 --- a/tests/nft-expr_numgen-test.c +++ b/tests/nft-expr_numgen-test.c @@ -68,7 +68,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) print_err("parsing problems"); diff --git a/tests/nft-expr_payload-test.c b/tests/nft-expr_payload-test.c index 371372c..aec1710 100644 --- a/tests/nft-expr_payload-test.c +++ b/tests/nft-expr_payload-test.c @@ -69,7 +69,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) print_err("parsing problems"); diff --git a/tests/nft-expr_queue-test.c b/tests/nft-expr_queue-test.c index 81d7dd2..d007b98 100644 --- a/tests/nft-expr_queue-test.c +++ b/tests/nft-expr_queue-test.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_quota-test.c b/tests/nft-expr_quota-test.c index 2320551..a3eb2e3 100644 --- a/tests/nft-expr_quota-test.c +++ b/tests/nft-expr_quota-test.c @@ -59,7 +59,7 @@ int main(int argc, char *argv[]) nftnl_expr_set_u32(ex, NFTNL_EXPR_QUOTA_FLAGS, 0x12345678); nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_range-test.c b/tests/nft-expr_range-test.c index b92dfc0..6ef896b 100644 --- a/tests/nft-expr_range-test.c +++ b/tests/nft-expr_range-test.c @@ -75,7 +75,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_redir-test.c b/tests/nft-expr_redir-test.c index 6c8caec..8e1f30c 100644 --- a/tests/nft-expr_redir-test.c +++ b/tests/nft-expr_redir-test.c @@ -62,7 +62,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_reject-test.c b/tests/nft-expr_reject-test.c index d8189ea..049401d 100644 --- a/tests/nft-expr_reject-test.c +++ b/tests/nft-expr_reject-test.c @@ -61,7 +61,7 @@ int main(int argc, char *argv[]) nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-expr_target-test.c b/tests/nft-expr_target-test.c index ba56b27..a517206 100644 --- a/tests/nft-expr_target-test.c +++ b/tests/nft-expr_target-test.c @@ -74,7 +74,7 @@ int main(int argc, char *argv[]) nftnl_expr_set(ex, NFTNL_EXPR_TG_INFO, strdup(data), sizeof(data)); nftnl_rule_add_expr(a, ex); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-rule-test.c b/tests/nft-rule-test.c index dee3530..3a92223 100644 --- a/tests/nft-rule-test.c +++ b/tests/nft-rule-test.c @@ -48,6 +48,12 @@ static void cmp_nftnl_rule(struct nftnl_rule *a, struct nftnl_rule *b) if (nftnl_rule_get_u32(a, NFTNL_RULE_COMPAT_FLAGS) != nftnl_rule_get_u32(b, NFTNL_RULE_COMPAT_FLAGS)) print_err("Rule compat_flags mismatches"); + if (nftnl_rule_get_u32(a, NFTNL_RULE_ID) != + nftnl_rule_get_u32(b, NFTNL_RULE_ID)) + print_err("Rule id mismatches"); + if (nftnl_rule_get_u32(a, NFTNL_RULE_POSITION_ID) != + nftnl_rule_get_u32(b, NFTNL_RULE_POSITION_ID)) + print_err("Rule position_id mismatches"); if (nftnl_rule_get_u64(a, NFTNL_RULE_POSITION) != nftnl_rule_get_u64(b, NFTNL_RULE_POSITION)) print_err("Rule compat_position mismatches"); @@ -84,13 +90,15 @@ int main(int argc, char *argv[]) nftnl_rule_set_u64(a, NFTNL_RULE_HANDLE, 0x1234567812345678); nftnl_rule_set_u32(a, NFTNL_RULE_COMPAT_PROTO, 0x12345678); nftnl_rule_set_u32(a, NFTNL_RULE_COMPAT_FLAGS, 0x12345678); + nftnl_rule_set_u32(a, NFTNL_RULE_ID, 0x12345678); + nftnl_rule_set_u32(a, NFTNL_RULE_POSITION_ID, 0x12345678); nftnl_rule_set_u64(a, NFTNL_RULE_POSITION, 0x1234567812345678); nftnl_rule_set_data(a, NFTNL_RULE_USERDATA, nftnl_udata_buf_data(udata), nftnl_udata_buf_len(udata)); nftnl_udata_buf_free(udata); - nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-set-test.c b/tests/nft-set-test.c index 173c17f..66916fe 100644 --- a/tests/nft-set-test.c +++ b/tests/nft-set-test.c @@ -74,7 +74,7 @@ int main(int argc, char *argv[]) nftnl_set_set_str(a, NFTNL_SET_USERDATA, "testing user data"); /* cmd extracted from include/linux/netfilter/nf_tables.h */ - nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_NEWSET, AF_INET, 0, 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWSET, AF_INET, 0, 1234); nftnl_set_nlmsg_build_payload(nlh, a); if (nftnl_set_nlmsg_parse(nlh, b) < 0) diff --git a/tests/nft-table-test.c b/tests/nft-table-test.c index 1031ffe..53cf3d1 100644 --- a/tests/nft-table-test.c +++ b/tests/nft-table-test.c @@ -34,7 +34,7 @@ static void cmp_nftnl_table(struct nftnl_table *a, struct nftnl_table *b) print_err("table flags mismatches"); if (nftnl_table_get_u32(a, NFTNL_TABLE_FAMILY) != nftnl_table_get_u32(b, NFTNL_TABLE_FAMILY)) - print_err("tabke family mismatches"); + print_err("table family mismatches"); } int main(int argc, char *argv[]) @@ -55,8 +55,7 @@ int main(int argc, char *argv[]) nftnl_table_set_u32(a, NFTNL_TABLE_FLAGS, 0); /* cmd extracted from include/linux/netfilter/nf_tables.h */ - nlh = nftnl_table_nlmsg_build_hdr(buf, NFT_MSG_NEWTABLE, AF_INET, 0, - 1234); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_NEWTABLE, AF_INET, 0, 1234); nftnl_table_nlmsg_build_payload(nlh, a); if (nftnl_table_nlmsg_parse(nlh, b) < 0) |