diff options
| -rw-r--r-- | include/mnl.h | 18 | ||||
| -rw-r--r-- | include/netlink.h | 14 | ||||
| -rw-r--r-- | src/mnl.c | 192 | ||||
| -rw-r--r-- | src/netlink.c | 176 | ||||
| -rw-r--r-- | src/rule.c | 19 |
5 files changed, 209 insertions, 210 deletions
diff --git a/include/mnl.h b/include/mnl.h index c5fcb4cd..3ddc82a0 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -51,19 +51,17 @@ int mnl_nft_table_del(struct netlink_ctx *ctx, const struct cmd *cmd); struct nftnl_table_list *mnl_nft_table_dump(struct netlink_ctx *ctx, int family); -int mnl_nft_set_batch_add(struct nftnl_set *nls, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum); -int mnl_nft_set_batch_del(struct nftnl_set *nls, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum); +int mnl_nft_set_add(struct netlink_ctx *ctx, const struct cmd *cmd, + unsigned int flags); +int mnl_nft_set_del(struct netlink_ctx *ctx, const struct cmd *cmd); + struct nftnl_set_list *mnl_nft_set_dump(struct netlink_ctx *ctx, int family, const char *table); -int mnl_nft_setelem_batch_add(struct nftnl_set *nls, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum); -int mnl_nft_setelem_batch_del(struct nftnl_set *nls, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum); -int mnl_nft_setelem_batch_flush(struct nftnl_set *nls, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum); +int mnl_nft_setelem_add(struct netlink_ctx *ctx, const struct set *set, + const struct expr *expr, unsigned int flags); +int mnl_nft_setelem_del(struct netlink_ctx *ctx, const struct cmd *cmd); +int mnl_nft_setelem_flush(struct netlink_ctx *ctx, const struct cmd *cmd); int mnl_nft_setelem_get(struct netlink_ctx *ctx, struct nftnl_set *nls); struct nftnl_set *mnl_nft_setelem_get_one(struct netlink_ctx *ctx, struct nftnl_set *nls); diff --git a/include/netlink.h b/include/netlink.h index 36a89b9b..57e1d98a 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -58,7 +58,7 @@ struct netlink_ctx { }; extern struct nftnl_expr *alloc_nft_expr(const char *name); -extern struct nftnl_set *alloc_nftnl_set(const struct handle *h); +extern void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls); struct nft_data_linearize { uint32_t len; @@ -118,10 +118,6 @@ extern int netlink_flush_table(struct netlink_ctx *ctx, const struct cmd *cmd); extern struct table *netlink_delinearize_table(struct netlink_ctx *ctx, const struct nftnl_table *nlt); -extern int netlink_add_set_batch(struct netlink_ctx *ctx, const struct cmd *cmd, - uint32_t flags); -extern int netlink_delete_set_batch(struct netlink_ctx *ctx, - const struct cmd *cmd); extern int netlink_list_sets(struct netlink_ctx *ctx, const struct handle *h); extern struct set *netlink_delinearize_set(struct netlink_ctx *ctx, const struct nftnl_set *nls); @@ -130,16 +126,11 @@ extern struct stmt *netlink_parse_set_expr(const struct set *set, const struct nft_cache *cache, const struct nftnl_expr *nle); -extern int netlink_add_setelems_batch(struct netlink_ctx *ctx, const struct handle *h, - const struct expr *expr, uint32_t flags); -extern int netlink_delete_setelems_batch(struct netlink_ctx *ctx, - const struct cmd *cmd); extern int netlink_list_setelems(struct netlink_ctx *ctx, const struct handle *h, struct set *set); extern int netlink_get_setelem(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc, struct table *table, struct set *set, struct expr *init); -extern int netlink_flush_setelems(struct netlink_ctx *ctx, const struct cmd *cmd); extern int netlink_delinearize_setelem(struct nftnl_set_elem *nlse, const struct set *set, struct nft_cache *cache); @@ -212,4 +203,7 @@ int netlink_markup_parse_cb(const struct nftnl_parse_ctx *ctx); int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh); +enum nft_data_types dtype_map_to_kernel(const struct datatype *dtype); +const struct datatype *dtype_map_from_kernel(enum nft_data_types type); + #endif /* NFTABLES_NETLINK_H */ @@ -19,6 +19,7 @@ #include <libnftnl/object.h> #include <libnftnl/flowtable.h> #include <libnftnl/batch.h> +#include <libnftnl/udata.h> #include <linux/netfilter/nfnetlink.h> #include <linux/netfilter/nf_tables.h> @@ -710,32 +711,116 @@ err: /* * Set */ -int mnl_nft_set_batch_add(struct nftnl_set *nls, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum) +int mnl_nft_set_add(struct netlink_ctx *ctx, const struct cmd *cmd, + unsigned int flags) { + const struct handle *h = &cmd->handle; + struct nftnl_udata_buf *udbuf; + struct set *set = cmd->set; + struct nftnl_set *nls; struct nlmsghdr *nlh; - nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch), + nls = nftnl_set_alloc(); + if (!nls) + memory_allocation_error(); + + nftnl_set_set_u32(nls, NFTNL_SET_FAMILY, h->family); + nftnl_set_set_str(nls, NFTNL_SET_TABLE, h->table.name); + nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set.name); + nftnl_set_set_u32(nls, NFTNL_SET_ID, h->set_id); + + nftnl_set_set_u32(nls, NFTNL_SET_FLAGS, set->flags); + nftnl_set_set_u32(nls, NFTNL_SET_KEY_TYPE, + dtype_map_to_kernel(set->key->dtype)); + nftnl_set_set_u32(nls, NFTNL_SET_KEY_LEN, + div_round_up(set->key->len, BITS_PER_BYTE)); + if (set->flags & NFT_SET_MAP) { + nftnl_set_set_u32(nls, NFTNL_SET_DATA_TYPE, + dtype_map_to_kernel(set->datatype)); + nftnl_set_set_u32(nls, NFTNL_SET_DATA_LEN, + set->datalen / BITS_PER_BYTE); + } + if (set->flags & NFT_SET_OBJECT) + nftnl_set_set_u32(nls, NFTNL_SET_OBJ_TYPE, set->objtype); + + if (set->timeout) + nftnl_set_set_u64(nls, NFTNL_SET_TIMEOUT, set->timeout); + if (set->gc_int) + nftnl_set_set_u32(nls, NFTNL_SET_GC_INTERVAL, set->gc_int); + + nftnl_set_set_u32(nls, NFTNL_SET_ID, set->handle.set_id); + + if (!(set->flags & NFT_SET_CONSTANT)) { + if (set->policy != NFT_SET_POL_PERFORMANCE) + nftnl_set_set_u32(nls, NFTNL_SET_POLICY, set->policy); + + if (set->desc.size != 0) + nftnl_set_set_u32(nls, NFTNL_SET_DESC_SIZE, + set->desc.size); + } else if (set->init) { + nftnl_set_set_u32(nls, NFTNL_SET_DESC_SIZE, set->init->size); + } + + udbuf = nftnl_udata_buf_alloc(NFT_USERDATA_MAXLEN); + if (!udbuf) + memory_allocation_error(); + if (!nftnl_udata_put_u32(udbuf, UDATA_SET_KEYBYTEORDER, + set->key->byteorder)) + memory_allocation_error(); + + if (set->flags & NFT_SET_MAP && + !nftnl_udata_put_u32(udbuf, UDATA_SET_DATABYTEORDER, + set->datatype->byteorder)) + memory_allocation_error(); + + if (set->automerge && + !nftnl_udata_put_u32(udbuf, UDATA_SET_MERGE_ELEMENTS, + set->automerge)) + memory_allocation_error(); + + nftnl_set_set_data(nls, NFTNL_SET_USERDATA, nftnl_udata_buf_data(udbuf), + nftnl_udata_buf_len(udbuf)); + nftnl_udata_buf_free(udbuf); + + netlink_dump_set(nls, ctx); + + nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), NFT_MSG_NEWSET, - nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), - NLM_F_CREATE | flags, seqnum); + h->family, + NLM_F_CREATE | flags, ctx->seqnum); nftnl_set_nlmsg_build_payload(nlh, nls); - mnl_nft_batch_continue(batch); + nftnl_set_free(nls); + + mnl_nft_batch_continue(ctx->batch); return 0; } -int mnl_nft_set_batch_del(struct nftnl_set *nls, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum) +int mnl_nft_set_del(struct netlink_ctx *ctx, const struct cmd *cmd) { + const struct handle *h = &cmd->handle; + struct nftnl_set *nls; struct nlmsghdr *nlh; - nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch), + nls = nftnl_set_alloc(); + if (!nls) + memory_allocation_error(); + + nftnl_set_set_u32(nls, NFTNL_SET_FAMILY, h->family); + nftnl_set_set_str(nls, NFTNL_SET_TABLE, h->table.name); + if (h->set.name) + nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set.name); + if (h->handle.id) + nftnl_set_set_u64(nls, NFTNL_SET_HANDLE, h->handle.id); + + nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), NFT_MSG_DELSET, - nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), - flags, seqnum); + h->family, + 0, ctx->seqnum); nftnl_set_nlmsg_build_payload(nlh, nls); - mnl_nft_batch_continue(batch); + nftnl_set_free(nls); + + mnl_nft_batch_continue(ctx->batch); return 0; } @@ -940,33 +1025,88 @@ static int mnl_nft_setelem_batch(struct nftnl_set *nls, return 0; } -int mnl_nft_setelem_batch_add(struct nftnl_set *nls, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum) +int mnl_nft_setelem_add(struct netlink_ctx *ctx, const struct set *set, + const struct expr *expr, unsigned int flags) { - return mnl_nft_setelem_batch(nls, batch, NFT_MSG_NEWSETELEM, flags, - seqnum); + const struct handle *h = &set->handle; + struct nftnl_set *nls; + int err; + + nls = nftnl_set_alloc(); + if (nls == NULL) + memory_allocation_error(); + + nftnl_set_set_u32(nls, NFTNL_SET_FAMILY, h->family); + nftnl_set_set_str(nls, NFTNL_SET_TABLE, h->table.name); + nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set.name); + if (h->set_id) + nftnl_set_set_u32(nls, NFTNL_SET_ID, h->set_id); + + alloc_setelem_cache(expr, nls); + netlink_dump_set(nls, ctx); + + err = mnl_nft_setelem_batch(nls, ctx->batch, NFT_MSG_NEWSETELEM, flags, + ctx->seqnum); + nftnl_set_free(nls); + + return err; } -int mnl_nft_setelem_batch_flush(struct nftnl_set *nls, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum) +int mnl_nft_setelem_flush(struct netlink_ctx *ctx, const struct cmd *cmd) { + const struct handle *h = &cmd->handle; + struct nftnl_set *nls; struct nlmsghdr *nlh; - nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch), + nls = nftnl_set_alloc(); + if (nls == NULL) + memory_allocation_error(); + + nftnl_set_set_u32(nls, NFTNL_SET_FAMILY, h->family); + nftnl_set_set_str(nls, NFTNL_SET_TABLE, h->table.name); + nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set.name); + if (h->handle.id) + nftnl_set_set_u64(nls, NFTNL_SET_HANDLE, h->handle.id); + + netlink_dump_set(nls, ctx); + + nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), NFT_MSG_DELSETELEM, - nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), - flags, seqnum); + h->family, + 0, ctx->seqnum); nftnl_set_elems_nlmsg_build_payload(nlh, nls); - mnl_nft_batch_continue(batch); + nftnl_set_free(nls); + + mnl_nft_batch_continue(ctx->batch); return 0; } -int mnl_nft_setelem_batch_del(struct nftnl_set *nls, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum) +int mnl_nft_setelem_del(struct netlink_ctx *ctx, const struct cmd *cmd) { - return mnl_nft_setelem_batch(nls, batch, NFT_MSG_DELSETELEM, flags, - seqnum); + const struct handle *h = &cmd->handle; + struct nftnl_set *nls; + int err; + + nls = nftnl_set_alloc(); + if (nls == NULL) + memory_allocation_error(); + + nftnl_set_set_u32(nls, NFTNL_SET_FAMILY, h->family); + nftnl_set_set_str(nls, NFTNL_SET_TABLE, h->table.name); + nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set.name); + if (h->handle.id) + nftnl_set_set_u64(nls, NFTNL_SET_HANDLE, h->handle.id); + + if (cmd->expr) + alloc_setelem_cache(cmd->expr, nls); + netlink_dump_set(nls, ctx); + + err = mnl_nft_setelem_batch(nls, ctx->batch, NFT_MSG_DELSETELEM, 0, + ctx->seqnum); + nftnl_set_free(nls); + + return err; } struct nftnl_set *mnl_nft_setelem_get_one(struct netlink_ctx *ctx, diff --git a/src/netlink.c b/src/netlink.c index 5e205aa1..3cf42351 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -122,26 +122,6 @@ struct nftnl_expr *alloc_nft_expr(const char *name) return nle; } -struct nftnl_set *alloc_nftnl_set(const struct handle *h) -{ - struct nftnl_set *nls; - - nls = nftnl_set_alloc(); - if (nls == NULL) - memory_allocation_error(); - - nftnl_set_set_u32(nls, NFTNL_SET_FAMILY, h->family); - nftnl_set_set_str(nls, NFTNL_SET_TABLE, h->table.name); - if (h->set.name != NULL) - nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set.name); - if (h->set_id) - nftnl_set_set_u32(nls, NFTNL_SET_ID, h->set_id); - if (h->handle.id) - nftnl_set_set_u64(nls, NFTNL_SET_HANDLE, h->handle.id); - - return nls; -} - static struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *set, const struct expr *expr) { @@ -618,7 +598,7 @@ int netlink_flush_table(struct netlink_ctx *ctx, const struct cmd *cmd) return netlink_flush_rules(ctx, cmd); } -static enum nft_data_types dtype_map_to_kernel(const struct datatype *dtype) +enum nft_data_types dtype_map_to_kernel(const struct datatype *dtype) { switch (dtype->type) { case TYPE_VERDICT: @@ -628,7 +608,7 @@ static enum nft_data_types dtype_map_to_kernel(const struct datatype *dtype) } } -static const struct datatype *dtype_map_from_kernel(enum nft_data_types type) +const struct datatype *dtype_map_from_kernel(enum nft_data_types type) { switch (type) { case NFT_DATA_VERDICT: @@ -768,88 +748,6 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx, return set; } -int netlink_add_set_batch(struct netlink_ctx *ctx, const struct cmd *cmd, - uint32_t flags) -{ - struct nftnl_udata_buf *udbuf; - struct set *set = cmd->set; - struct nftnl_set *nls; - int err; - - nls = alloc_nftnl_set(&cmd->handle); - nftnl_set_set_u32(nls, NFTNL_SET_FLAGS, set->flags); - nftnl_set_set_u32(nls, NFTNL_SET_KEY_TYPE, - dtype_map_to_kernel(set->key->dtype)); - nftnl_set_set_u32(nls, NFTNL_SET_KEY_LEN, - div_round_up(set->key->len, BITS_PER_BYTE)); - if (set->flags & NFT_SET_MAP) { - nftnl_set_set_u32(nls, NFTNL_SET_DATA_TYPE, - dtype_map_to_kernel(set->datatype)); - nftnl_set_set_u32(nls, NFTNL_SET_DATA_LEN, - set->datalen / BITS_PER_BYTE); - } - if (set->flags & NFT_SET_OBJECT) - nftnl_set_set_u32(nls, NFTNL_SET_OBJ_TYPE, set->objtype); - - if (set->timeout) - nftnl_set_set_u64(nls, NFTNL_SET_TIMEOUT, set->timeout); - if (set->gc_int) - nftnl_set_set_u32(nls, NFTNL_SET_GC_INTERVAL, set->gc_int); - - nftnl_set_set_u32(nls, NFTNL_SET_ID, set->handle.set_id); - - if (!(set->flags & NFT_SET_CONSTANT)) { - if (set->policy != NFT_SET_POL_PERFORMANCE) - nftnl_set_set_u32(nls, NFTNL_SET_POLICY, set->policy); - - if (set->desc.size != 0) - nftnl_set_set_u32(nls, NFTNL_SET_DESC_SIZE, - set->desc.size); - } else if (set->init) { - nftnl_set_set_u32(nls, NFTNL_SET_DESC_SIZE, set->init->size); - } - - udbuf = nftnl_udata_buf_alloc(NFT_USERDATA_MAXLEN); - if (!udbuf) - memory_allocation_error(); - if (!nftnl_udata_put_u32(udbuf, UDATA_SET_KEYBYTEORDER, - set->key->byteorder)) - memory_allocation_error(); - - if (set->flags & NFT_SET_MAP && - !nftnl_udata_put_u32(udbuf, UDATA_SET_DATABYTEORDER, - set->datatype->byteorder)) - memory_allocation_error(); - - if (set->automerge && - !nftnl_udata_put_u32(udbuf, UDATA_SET_MERGE_ELEMENTS, - set->automerge)) - memory_allocation_error(); - - nftnl_set_set_data(nls, NFTNL_SET_USERDATA, nftnl_udata_buf_data(udbuf), - nftnl_udata_buf_len(udbuf)); - nftnl_udata_buf_free(udbuf); - - netlink_dump_set(nls, ctx); - - err = mnl_nft_set_batch_add(nls, ctx->batch, flags, ctx->seqnum); - nftnl_set_free(nls); - - return err; -} - -int netlink_delete_set_batch(struct netlink_ctx *ctx, const struct cmd *cmd) -{ - struct nftnl_set *nls; - int err; - - nls = alloc_nftnl_set(&cmd->handle); - err = mnl_nft_set_batch_del(nls, ctx->batch, 0, ctx->seqnum); - nftnl_set_free(nls); - - return err; -} - static int list_set_cb(struct nftnl_set *nls, void *arg) { struct netlink_ctx *ctx = arg; @@ -881,7 +779,7 @@ int netlink_list_sets(struct netlink_ctx *ctx, const struct handle *h) return err; } -static void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls) +void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls) { struct nftnl_set_elem *nlse; const struct expr *expr; @@ -892,53 +790,6 @@ static void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls) } } -int netlink_add_setelems_batch(struct netlink_ctx *ctx, const struct handle *h, - const struct expr *expr, uint32_t flags) -{ - struct nftnl_set *nls; - int err; - - nls = alloc_nftnl_set(h); - alloc_setelem_cache(expr, nls); - netlink_dump_set(nls, ctx); - - err = mnl_nft_setelem_batch_add(nls, ctx->batch, flags, ctx->seqnum); - nftnl_set_free(nls); - - return err; -} - -int netlink_delete_setelems_batch(struct netlink_ctx *ctx, - const struct cmd *cmd) -{ - struct nftnl_set *nls; - int err; - - nls = alloc_nftnl_set(&cmd->handle); - if (cmd->expr) - alloc_setelem_cache(cmd->expr, nls); - netlink_dump_set(nls, ctx); - - err = mnl_nft_setelem_batch_del(nls, ctx->batch, 0, ctx->seqnum); - nftnl_set_free(nls); - - return err; -} - -int netlink_flush_setelems(struct netlink_ctx *ctx, const struct cmd *cmd) -{ - struct nftnl_set *nls; - int err; - - nls = alloc_nftnl_set(&cmd->handle); - netlink_dump_set(nls, ctx); - - err = mnl_nft_setelem_batch_flush(nls, ctx->batch, 0, ctx->seqnum); - nftnl_set_free(nls); - - return err; -} - static struct expr *netlink_parse_concat_elem(const struct datatype *dtype, struct expr *data) { @@ -1105,7 +956,15 @@ int netlink_list_setelems(struct netlink_ctx *ctx, const struct handle *h, struct nftnl_set *nls; int err; - nls = alloc_nftnl_set(h); + nls = nftnl_set_alloc(); + if (nls == NULL) + memory_allocation_error(); + + nftnl_set_set_u32(nls, NFTNL_SET_FAMILY, h->family); + nftnl_set_set_str(nls, NFTNL_SET_TABLE, h->table.name); + nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set.name); + if (h->handle.id) + nftnl_set_set_u64(nls, NFTNL_SET_HANDLE, h->handle.id); err = mnl_nft_setelem_get(ctx, nls); if (err < 0) { @@ -1138,7 +997,16 @@ int netlink_get_setelem(struct netlink_ctx *ctx, const struct handle *h, { struct nftnl_set *nls, *nls_out = NULL; - nls = alloc_nftnl_set(h); + nls = nftnl_set_alloc(); + if (nls == NULL) + memory_allocation_error(); + + nftnl_set_set_u32(nls, NFTNL_SET_FAMILY, h->family); + nftnl_set_set_str(nls, NFTNL_SET_TABLE, h->table.name); + nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set.name); + if (h->handle.id) + nftnl_set_set_u64(nls, NFTNL_SET_HANDLE, h->handle.id); + alloc_setelem_cache(init, nls); netlink_dump_set(nls, ctx); @@ -1344,11 +1344,11 @@ void cmd_free(struct cmd *cmd) #include <netlink.h> #include <mnl.h> -static int __do_add_setelems(struct netlink_ctx *ctx, const struct handle *h, - struct set *set, struct expr *expr, uint32_t flags) +static int __do_add_setelems(struct netlink_ctx *ctx, struct set *set, + struct expr *expr, uint32_t flags) { expr->set_flags |= set->flags; - if (netlink_add_setelems_batch(ctx, h, expr, flags) < 0) + if (mnl_nft_setelem_add(ctx, set, expr, flags) < 0) return -1; return 0; @@ -1370,7 +1370,7 @@ static int do_add_setelems(struct netlink_ctx *ctx, struct cmd *cmd, ctx->debug_mask, set->automerge) < 0) return -1; - return __do_add_setelems(ctx, h, set, init, flags); + return __do_add_setelems(ctx, set, init, flags); } static int do_add_set(struct netlink_ctx *ctx, const struct cmd *cmd, @@ -1384,11 +1384,10 @@ static int do_add_set(struct netlink_ctx *ctx, const struct cmd *cmd, ctx->debug_mask, set->automerge) < 0) return -1; } - if (netlink_add_set_batch(ctx, cmd, flags) < 0) + if (mnl_nft_set_add(ctx, cmd, flags) < 0) return -1; if (set->init != NULL) { - return __do_add_setelems(ctx, &set->handle, set, set->init, - flags); + return __do_add_setelems(ctx, set, set->init, flags); } return 0; } @@ -1483,7 +1482,7 @@ static int do_delete_setelems(struct netlink_ctx *ctx, struct cmd *cmd) ctx->debug_mask, set->automerge) < 0) return -1; - if (netlink_delete_setelems_batch(ctx, cmd) < 0) + if (mnl_nft_setelem_del(ctx, cmd) < 0) return -1; return 0; @@ -1499,7 +1498,7 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd) case CMD_OBJ_RULE: return mnl_nft_rule_del(ctx, cmd); case CMD_OBJ_SET: - return netlink_delete_set_batch(ctx, cmd); + return mnl_nft_set_del(ctx, cmd); case CMD_OBJ_SETELEM: return do_delete_setelems(ctx, cmd); case CMD_OBJ_COUNTER: @@ -2266,7 +2265,7 @@ static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd) case CMD_OBJ_SET: case CMD_OBJ_MAP: case CMD_OBJ_METER: - return netlink_flush_setelems(ctx, cmd); + return mnl_nft_setelem_flush(ctx, cmd); case CMD_OBJ_RULESET: return mnl_nft_table_del(ctx, cmd); default: |