diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-08-14 17:47:21 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-08-15 14:03:41 +0200 |
| commit | 0d9d04c31481c7c73b4ba64f0ad746b84c4250c5 (patch) | |
| tree | 60713cea11ad785cfba3ceff19983e5394b97d2a /include | |
| parent | 2caecefe812e4d614687926d259ade3106935c56 (diff) | |
src: make netlink sequence number non-static
Place sequence number that is allocated per-command on the struct
netlink_ctx structure. This is allocated from nft_run() to correlate
commands with netlink messages for error reporting. Batch support
probing also shares this sequence numbers with commands.
There is an inpendent cache sequence number though, this routine is
called from a different path, usually from the evaluation phase.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/mnl.h | 69 | ||||
| -rw-r--r-- | include/netlink.h | 4 | ||||
| -rw-r--r-- | include/nftables.h | 1 | ||||
| -rw-r--r-- | include/rule.h | 2 |
4 files changed, 41 insertions, 35 deletions
diff --git a/include/mnl.h b/include/mnl.h index 31dff2c2..7df08236 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -9,8 +9,8 @@ struct mnl_socket; struct mnl_socket *netlink_open_sock(void); void netlink_close_sock(struct mnl_socket *nf_sock); -uint32_t mnl_seqnum_alloc(void); -void mnl_genid_get(struct mnl_socket *nf_sock); +uint32_t mnl_seqnum_alloc(uint32_t *seqnum); +void mnl_genid_get(struct mnl_socket *nf_sock, uint32_t seqnum); struct mnl_err { struct list_head head; @@ -23,8 +23,8 @@ void mnl_err_list_free(struct mnl_err *err); struct nftnl_batch *mnl_batch_init(void); bool mnl_batch_ready(struct nftnl_batch *batch); void mnl_batch_reset(struct nftnl_batch *batch); -uint32_t mnl_batch_begin(struct nftnl_batch *batch); -void mnl_batch_end(struct nftnl_batch *batch); +uint32_t mnl_batch_begin(struct nftnl_batch *batch, uint32_t seqnum); +void mnl_batch_end(struct nftnl_batch *batch, uint32_t seqnum); int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list); int mnl_nft_rule_batch_add(struct nftnl_rule *nlr, struct nftnl_batch *batch, unsigned int flags, uint32_t seqnum); @@ -34,76 +34,79 @@ int mnl_nft_rule_batch_replace(struct nftnl_rule *nlr, struct nftnl_batch *batch unsigned int flags, uint32_t seqnum); int mnl_nft_rule_add(struct mnl_socket *nf_sock, struct nftnl_rule *r, - unsigned int flags); + unsigned int flags, uint32_t seqnum); int mnl_nft_rule_delete(struct mnl_socket *nf_sock, struct nftnl_rule *r, - unsigned int flags); + unsigned int flags, uint32_t seqnum); struct nftnl_rule_list *mnl_nft_rule_dump(struct mnl_socket *nf_sock, - int family); + int family, uint32_t seqnum); int mnl_nft_chain_add(struct mnl_socket *nf_sock, struct nftnl_chain *nlc, - unsigned int flags); + unsigned int flags, uint32_t seqnum); int mnl_nft_chain_batch_add(struct nftnl_chain *nlc, struct nftnl_batch *batch, - unsigned int flags, uint32_t seq); + unsigned int flags, uint32_t seqnum); int mnl_nft_chain_delete(struct mnl_socket *nf_sock, struct nftnl_chain *nlc, - unsigned int flags); + unsigned int flags, uint32_t seqnum); int mnl_nft_chain_batch_del(struct nftnl_chain *nlc, struct nftnl_batch *batch, - unsigned int flags, uint32_t seq); + unsigned int flags, uint32_t seqnum); struct nftnl_chain_list *mnl_nft_chain_dump(struct mnl_socket *nf_sock, - int family); + int family, uint32_t seqnum); int mnl_nft_chain_get(struct mnl_socket *nf_sock, struct nftnl_chain *nlc, - unsigned int flags); + unsigned int flags, uint32_t seqnum); int mnl_nft_table_add(struct mnl_socket *nf_sock, struct nftnl_table *nlt, - unsigned int flags); + unsigned int flags, uint32_t seqnum); int mnl_nft_table_batch_add(struct nftnl_table *nlt, struct nftnl_batch *batch, - unsigned int flags, uint32_t seq); + unsigned int flags, uint32_t seqnum); int mnl_nft_table_delete(struct mnl_socket *nf_sock, struct nftnl_table *nlt, - unsigned int flags); + unsigned int flags, uint32_t seqnum); int mnl_nft_table_batch_del(struct nftnl_table *nlt, struct nftnl_batch *batch, - unsigned int flags, uint32_t seq); + unsigned int flags, uint32_t seqnum); struct nftnl_table_list *mnl_nft_table_dump(struct mnl_socket *nf_sock, - int family); + int family, uint32_t seqnum); int mnl_nft_table_get(struct mnl_socket *nf_sock, struct nftnl_table *nlt, - unsigned int flags); + unsigned int flags, uint32_t seqnum); int mnl_nft_set_add(struct mnl_socket *nf_sock, struct nftnl_set *nls, - unsigned int flags); + unsigned int flags, uint32_t seqnum); int mnl_nft_set_batch_add(struct nftnl_set *nls, struct nftnl_batch *batch, - unsigned int flags, uint32_t seq); + unsigned int flags, uint32_t seqnum); int mnl_nft_set_delete(struct mnl_socket *nf_sock, struct nftnl_set *nls, - unsigned int flags); + unsigned int flags, uint32_t seqnum); int mnl_nft_set_batch_del(struct nftnl_set *nls, struct nftnl_batch *batch, - unsigned int flags, uint32_t seq); + unsigned int flags, uint32_t seqnum); struct nftnl_set_list *mnl_nft_set_dump(struct mnl_socket *nf_sock, int family, - const char *table); -int mnl_nft_set_get(struct mnl_socket *nf_sock, struct nftnl_set *nls); + const char *table, uint32_t seqnum); +int mnl_nft_set_get(struct mnl_socket *nf_sock, struct nftnl_set *nls, + uint32_t seqnum); int mnl_nft_setelem_add(struct mnl_socket *nf_sock, struct nftnl_set *nls, - unsigned int flags); + unsigned int flags, uint32_t seqnum); int mnl_nft_setelem_batch_add(struct nftnl_set *nls, struct nftnl_batch *batch, - unsigned int flags, uint32_t seq); + unsigned int flags, uint32_t seqnum); int mnl_nft_setelem_delete(struct mnl_socket *nf_sock, struct nftnl_set *nls, - unsigned int flags); + unsigned int flags, uint32_t seqnum); int mnl_nft_setelem_batch_del(struct nftnl_set *nls, struct nftnl_batch *batch, unsigned int flags, uint32_t seq); int mnl_nft_setelem_batch_flush(struct nftnl_set *nls, struct nftnl_batch *batch, unsigned int flags, uint32_t seqnum); -int mnl_nft_setelem_get(struct mnl_socket *nf_sock, struct nftnl_set *nls); +int mnl_nft_setelem_get(struct mnl_socket *nf_sock, struct nftnl_set *nls, + uint32_t seqnum); struct nftnl_obj_list *mnl_nft_obj_dump(struct mnl_socket *nf_sock, int family, - const char *table, const char *name, - uint32_t type, bool dump, bool reset); + uint32_t seqnum, const char *table, + const char *name, uint32_t type, + bool dump, bool reset); int mnl_nft_obj_batch_add(struct nftnl_obj *nln, struct nftnl_batch *batch, unsigned int flags, uint32_t seqnum); int mnl_nft_obj_batch_del(struct nftnl_obj *nln, struct nftnl_batch *batch, unsigned int flags, uint32_t seqnum); struct nftnl_ruleset *mnl_nft_ruleset_dump(struct mnl_socket *nf_sock, - uint32_t family); + uint32_t family, uint32_t seqnum); int mnl_nft_event_listener(struct mnl_socket *nf_sock, int (*cb)(const struct nlmsghdr *nlh, void *data), void *cb_data); -bool mnl_batch_supported(struct mnl_socket *nf_sock); +bool mnl_batch_supported(struct mnl_socket *nf_sock, uint32_t *seqnum); #endif /* _NFTABLES_MNL_H_ */ diff --git a/include/netlink.h b/include/netlink.h index 37261714..0e1d26b6 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -195,7 +195,7 @@ extern void netlink_dump_obj(struct nftnl_obj *nlo); extern int netlink_batch_send(struct netlink_ctx *ctx, struct list_head *err_list); -extern void netlink_genid_get(struct mnl_socket *nf_sock); +extern void netlink_genid_get(struct mnl_socket *nf_sock, uint32_t seqnum); extern void netlink_restart(struct mnl_socket *nf_sock); #define netlink_abi_error() \ __netlink_abi_error(__FILE__, __LINE__, strerror(errno)); @@ -224,7 +224,7 @@ struct netlink_mon_handler { extern int netlink_monitor(struct netlink_mon_handler *monhandler, struct mnl_socket *nf_sock); -bool netlink_batch_supported(struct mnl_socket *nf_sock); +bool netlink_batch_supported(struct mnl_socket *nf_sock, uint32_t *seqnum); int netlink_echo_callback(const struct nlmsghdr *nlh, void *data); diff --git a/include/nftables.h b/include/nftables.h index a88c86d1..a457aba6 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -40,6 +40,7 @@ struct nft_ctx { struct nft_cache { bool initialized; struct list_head list; + uint32_t seqnum; }; extern unsigned int max_errors; diff --git a/include/rule.h b/include/rule.h index 10ac0e26..f9de8367 100644 --- a/include/rule.h +++ b/include/rule.h @@ -470,6 +470,7 @@ extern void cmd_free(struct cmd *cmd); * @set: current set * @stmt: current statement * @cache: cache context + * @seqnum: netlink sequence number * @ectx: expression context * @pctx: payload context */ @@ -482,6 +483,7 @@ struct eval_ctx { struct set *set; struct stmt *stmt; struct nft_cache *cache; + uint32_t seqnum; struct expr_ctx ectx; struct proto_ctx pctx; }; |