summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2018-10-23 18:59:07 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2018-10-23 19:08:24 +0200
commit79dd3eac447f00edbe9b4dfa9c9367e5303a8dd0 (patch)
tree1dbd2f88087b7d515914e61c8467ffaaa1fe94c9
parentf1c2ace2631fa691b81a181bbbf2a3b29b0e69f6 (diff)
mnl: remove alloc_nftnl_obj()
We can remove alloc_nftnl_obj() and consolidate infrastructure in the src/mnl.c file. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--include/mnl.h7
-rw-r--r--include/netlink.h4
-rw-r--r--src/mnl.c107
-rw-r--r--src/netlink.c108
-rw-r--r--src/rule.c15
5 files changed, 101 insertions, 140 deletions
diff --git a/include/mnl.h b/include/mnl.h
index 676030e6..457dd2ed 100644
--- a/include/mnl.h
+++ b/include/mnl.h
@@ -70,10 +70,9 @@ struct nftnl_obj_list *mnl_nft_obj_dump(struct netlink_ctx *ctx, int family,
const char *table,
const char *name, uint32_t type,
bool dump, bool reset);
-int mnl_nft_obj_batch_add(struct nftnl_obj *nln, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum);
-int mnl_nft_obj_batch_del(struct nftnl_obj *nln, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum);
+int mnl_nft_obj_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+ unsigned int flags);
+int mnl_nft_obj_del(struct netlink_ctx *ctx, const struct cmd *cmd, int type);
struct nftnl_flowtable_list *
mnl_nft_flowtable_dump(struct netlink_ctx *ctx, int family, const char *table);
diff --git a/include/netlink.h b/include/netlink.h
index af9313d5..b82ca727 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -131,10 +131,6 @@ extern int netlink_delinearize_setelem(struct nftnl_set_elem *nlse,
extern int netlink_list_objs(struct netlink_ctx *ctx, const struct handle *h);
extern int netlink_reset_objs(struct netlink_ctx *ctx, const struct cmd *cmd,
uint32_t type, bool dump);
-extern int netlink_add_obj(struct netlink_ctx *ctx, const struct cmd *cmd,
- uint32_t flags);
-extern int netlink_delete_obj(struct netlink_ctx *ctx, const struct cmd *cmd,
- uint32_t type);
extern struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx,
struct nftnl_obj *nlo);
diff --git a/src/mnl.c b/src/mnl.c
index 84727094..d3129fda 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -902,32 +902,107 @@ err:
return NULL;
}
-int mnl_nft_obj_batch_add(struct nftnl_obj *nln, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_obj_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+ unsigned int flags)
{
+ struct obj *obj = cmd->object;
+ struct nftnl_obj *nlo;
struct nlmsghdr *nlh;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
- NFT_MSG_NEWOBJ,
- nftnl_obj_get_u32(nln, NFTNL_OBJ_FAMILY),
- NLM_F_CREATE | flags, seqnum);
- nftnl_obj_nlmsg_build_payload(nlh, nln);
- mnl_nft_batch_continue(batch);
+ nlo = nftnl_obj_alloc();
+ if (!nlo)
+ memory_allocation_error();
+
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_FAMILY, cmd->handle.family);
+ nftnl_obj_set_str(nlo, NFTNL_OBJ_TABLE, cmd->handle.table.name);
+ nftnl_obj_set_str(nlo, NFTNL_OBJ_NAME, cmd->handle.obj.name);
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_TYPE, obj->type);
+
+ switch (obj->type) {
+ case NFT_OBJECT_COUNTER:
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_CTR_PKTS,
+ obj->counter.packets);
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_CTR_BYTES,
+ obj->counter.bytes);
+ break;
+ case NFT_OBJECT_QUOTA:
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_QUOTA_BYTES,
+ obj->quota.bytes);
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_QUOTA_CONSUMED,
+ obj->quota.used);
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_QUOTA_FLAGS,
+ obj->quota.flags);
+ break;
+ case NFT_OBJECT_LIMIT:
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_LIMIT_RATE, obj->limit.rate);
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_LIMIT_UNIT, obj->limit.unit);
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_LIMIT_BURST, obj->limit.burst);
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_LIMIT_TYPE, obj->limit.type);
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_LIMIT_FLAGS, obj->limit.flags);
+ break;
+ case NFT_OBJECT_CT_HELPER:
+ nftnl_obj_set_str(nlo, NFTNL_OBJ_CT_HELPER_NAME,
+ obj->ct_helper.name);
+ nftnl_obj_set_u8(nlo, NFTNL_OBJ_CT_HELPER_L4PROTO,
+ obj->ct_helper.l4proto);
+ if (obj->ct_helper.l3proto)
+ nftnl_obj_set_u16(nlo, NFTNL_OBJ_CT_HELPER_L3PROTO,
+ obj->ct_helper.l3proto);
+ break;
+ case NFT_OBJECT_CT_TIMEOUT:
+ nftnl_obj_set_u8(nlo, NFTNL_OBJ_CT_TIMEOUT_L4PROTO,
+ obj->ct_timeout.l4proto);
+ if (obj->ct_timeout.l3proto)
+ nftnl_obj_set_u16(nlo, NFTNL_OBJ_CT_TIMEOUT_L3PROTO,
+ obj->ct_timeout.l3proto);
+ nftnl_obj_set(nlo, NFTNL_OBJ_CT_TIMEOUT_ARRAY,
+ obj->ct_timeout.timeout);
+ break;
+ case NFT_OBJECT_SECMARK:
+ nftnl_obj_set_str(nlo, NFTNL_OBJ_SECMARK_CTX,
+ obj->secmark.ctx);
+ break;
+ default:
+ BUG("Unknown type %d\n", obj->type);
+ break;
+ }
+ netlink_dump_obj(nlo, ctx);
+
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
+ NFT_MSG_NEWOBJ, cmd->handle.family,
+ NLM_F_CREATE | flags, ctx->seqnum);
+ nftnl_obj_nlmsg_build_payload(nlh, nlo);
+ nftnl_obj_free(nlo);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
-int mnl_nft_obj_batch_del(struct nftnl_obj *nln, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_obj_del(struct netlink_ctx *ctx, const struct cmd *cmd, int type)
{
+ struct nftnl_obj *nlo;
struct nlmsghdr *nlh;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
- NFT_MSG_DELOBJ,
- nftnl_obj_get_u32(nln, NFTNL_OBJ_FAMILY),
- flags, seqnum);
- nftnl_obj_nlmsg_build_payload(nlh, nln);
- mnl_nft_batch_continue(batch);
+ nlo = nftnl_obj_alloc();
+ if (!nlo)
+ memory_allocation_error();
+
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_FAMILY, cmd->handle.family);
+ nftnl_obj_set_str(nlo, NFTNL_OBJ_TABLE, cmd->handle.table.name);
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_TYPE, type);
+ if (cmd->handle.obj.name)
+ nftnl_obj_set_str(nlo, NFTNL_OBJ_NAME, cmd->handle.obj.name);
+ else if (cmd->handle.handle.id)
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_HANDLE, cmd->handle.handle.id);
+
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
+ NFT_MSG_DELOBJ, cmd->handle.family,
+ 0, ctx->seqnum);
+ nftnl_obj_nlmsg_build_payload(nlh, nlo);
+ nftnl_obj_free(nlo);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
diff --git a/src/netlink.c b/src/netlink.c
index 8eb2ccad..97e8ebae 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -175,84 +175,6 @@ static struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *set,
return nlse;
}
-static struct nftnl_obj *
-__alloc_nftnl_obj(const struct handle *h, uint32_t type)
-{
- struct nftnl_obj *nlo;
-
- nlo = nftnl_obj_alloc();
- if (nlo == NULL)
- memory_allocation_error();
-
- nftnl_obj_set_u32(nlo, NFTNL_OBJ_FAMILY, h->family);
- nftnl_obj_set_str(nlo, NFTNL_OBJ_TABLE, h->table.name);
- if (h->obj.name != NULL)
- nftnl_obj_set_str(nlo, NFTNL_OBJ_NAME, h->obj.name);
-
- nftnl_obj_set_u32(nlo, NFTNL_OBJ_TYPE, type);
- if (h->handle.id)
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_HANDLE, h->handle.id);
-
- return nlo;
-}
-
-static struct nftnl_obj *
-alloc_nftnl_obj(const struct handle *h, struct obj *obj)
-{
- struct nftnl_obj *nlo;
-
- nlo = __alloc_nftnl_obj(h, obj->type);
-
- switch (obj->type) {
- case NFT_OBJECT_COUNTER:
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_CTR_PKTS,
- obj->counter.packets);
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_CTR_BYTES,
- obj->counter.bytes);
- break;
- case NFT_OBJECT_QUOTA:
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_QUOTA_BYTES,
- obj->quota.bytes);
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_QUOTA_CONSUMED,
- obj->quota.used);
- nftnl_obj_set_u32(nlo, NFTNL_OBJ_QUOTA_FLAGS,
- obj->quota.flags);
- break;
- case NFT_OBJECT_SECMARK:
- nftnl_obj_set_str(nlo, NFTNL_OBJ_SECMARK_CTX,
- obj->secmark.ctx);
- break;
- case NFT_OBJECT_CT_HELPER:
- nftnl_obj_set_str(nlo, NFTNL_OBJ_CT_HELPER_NAME,
- obj->ct_helper.name);
- nftnl_obj_set_u8(nlo, NFTNL_OBJ_CT_HELPER_L4PROTO,
- obj->ct_helper.l4proto);
- if (obj->ct_helper.l3proto)
- nftnl_obj_set_u16(nlo, NFTNL_OBJ_CT_HELPER_L3PROTO,
- obj->ct_helper.l3proto);
- break;
- case NFT_OBJECT_CT_TIMEOUT:
- nftnl_obj_set_u8(nlo, NFTNL_OBJ_CT_TIMEOUT_L4PROTO,
- obj->ct_timeout.l4proto);
- if (obj->ct_timeout.l3proto)
- nftnl_obj_set_u16(nlo, NFTNL_OBJ_CT_TIMEOUT_L3PROTO,
- obj->ct_timeout.l3proto);
- nftnl_obj_set(nlo, NFTNL_OBJ_CT_TIMEOUT_ARRAY, obj->ct_timeout.timeout);
- break;
- case NFT_OBJECT_LIMIT:
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_LIMIT_RATE, obj->limit.rate);
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_LIMIT_UNIT, obj->limit.unit);
- nftnl_obj_set_u32(nlo, NFTNL_OBJ_LIMIT_BURST, obj->limit.burst);
- nftnl_obj_set_u32(nlo, NFTNL_OBJ_LIMIT_TYPE, obj->limit.type);
- nftnl_obj_set_u32(nlo, NFTNL_OBJ_LIMIT_FLAGS, obj->limit.flags);
- break;
- default:
- BUG("Unknown type %d\n", obj->type);
- break;
- }
- return nlo;
-}
-
void netlink_gen_raw_data(const mpz_t value, enum byteorder byteorder,
unsigned int len, struct nft_data_linearize *data)
{
@@ -1006,36 +928,6 @@ void netlink_dump_obj(struct nftnl_obj *nln, struct netlink_ctx *ctx)
fprintf(fp, "\n");
}
-int netlink_add_obj(struct netlink_ctx *ctx, const struct cmd *cmd,
- uint32_t flags)
-{
- struct nftnl_obj *nlo;
- int err;
-
- nlo = alloc_nftnl_obj(&cmd->handle, cmd->object);
- netlink_dump_obj(nlo, ctx);
-
- err = mnl_nft_obj_batch_add(nlo, ctx->batch, flags, ctx->seqnum);
- nftnl_obj_free(nlo);
-
- return err;
-}
-
-int netlink_delete_obj(struct netlink_ctx *ctx, const struct cmd *cmd,
- uint32_t type)
-{
- struct nftnl_obj *nlo;
- int err;
-
- nlo = __alloc_nftnl_obj(&cmd->handle, type);
- netlink_dump_obj(nlo, ctx);
-
- err = mnl_nft_obj_batch_del(nlo, ctx->batch, 0, ctx->seqnum);
- nftnl_obj_free(nlo);
-
- return err;
-}
-
struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx,
struct nftnl_obj *nlo)
{
diff --git a/src/rule.c b/src/rule.c
index 9087fd2b..718987dc 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1415,7 +1415,7 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl)
case CMD_OBJ_CT_TIMEOUT:
case CMD_OBJ_LIMIT:
case CMD_OBJ_SECMARK:
- return netlink_add_obj(ctx, cmd, flags);
+ return mnl_nft_obj_add(ctx, cmd, flags);
case CMD_OBJ_FLOWTABLE:
return netlink_add_flowtable(ctx, cmd, flags);
default:
@@ -1493,18 +1493,17 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
case CMD_OBJ_SETELEM:
return do_delete_setelems(ctx, cmd);
case CMD_OBJ_COUNTER:
- return netlink_delete_obj(ctx, cmd, NFT_OBJECT_COUNTER);
+ return mnl_nft_obj_del(ctx, cmd, NFT_OBJECT_COUNTER);
case CMD_OBJ_QUOTA:
- return netlink_delete_obj(ctx, cmd, NFT_OBJECT_QUOTA);
+ return mnl_nft_obj_del(ctx, cmd, NFT_OBJECT_QUOTA);
case CMD_OBJ_CT_HELPER:
- return netlink_delete_obj(ctx, cmd, NFT_OBJECT_CT_HELPER);
+ return mnl_nft_obj_del(ctx, cmd, NFT_OBJECT_CT_HELPER);
case CMD_OBJ_CT_TIMEOUT:
- return netlink_delete_obj(ctx, cmd,
- NFT_OBJECT_CT_TIMEOUT);
+ return mnl_nft_obj_del(ctx, cmd, NFT_OBJECT_CT_TIMEOUT);
case CMD_OBJ_LIMIT:
- return netlink_delete_obj(ctx, cmd, NFT_OBJECT_LIMIT);
+ return mnl_nft_obj_del(ctx, cmd, NFT_OBJECT_LIMIT);
case CMD_OBJ_SECMARK:
- return netlink_delete_obj(ctx, cmd, NFT_OBJECT_SECMARK);
+ return mnl_nft_obj_del(ctx, cmd, NFT_OBJECT_SECMARK);
case CMD_OBJ_FLOWTABLE:
return netlink_delete_flowtable(ctx, cmd);
default: