diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/netlink.c | 127 |
1 files changed, 71 insertions, 56 deletions
diff --git a/src/netlink.c b/src/netlink.c index af56d221..84d9d272 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -432,11 +432,16 @@ static int list_rule_cb(struct nft_rule *nlr, void *arg) struct netlink_ctx *ctx = arg; const struct handle *h = ctx->data; struct rule *rule; + const char *table, *chain; + uint32_t family; + + family = nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY); + table = nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_TABLE); + chain = nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_CHAIN); - if ((h->family != nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY)) || - strcmp(nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_TABLE), h->table) != 0 || - (h->chain && - strcmp(nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_CHAIN), h->chain) != 0)) + if (h->family != family || + strcmp(table, h->table) != 0 || + (h->chain && strcmp(chain, h->chain) != 0)) return 0; netlink_dump_rule(nlr); @@ -677,14 +682,17 @@ static int list_chain_cb(struct nft_chain *nlc, void *arg) { struct netlink_ctx *ctx = arg; const struct handle *h = ctx->data; - const char *table = nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_TABLE); - const char *name = nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_NAME); + const char *table; + const char *name; struct chain *chain; + uint32_t family; - if ((h->family != nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_FAMILY)) || - strcmp(table, h->table) != 0) - return 0; + table = nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_TABLE); + name = nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_NAME); + family = nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_FAMILY); + if (h->family != family || strcmp(table, h->table) != 0) + return 0; if (h->chain && strcmp(name, h->chain) != 0) return 0; @@ -740,16 +748,16 @@ int netlink_get_chain(struct netlink_ctx *ctx, const struct handle *h, nlc = alloc_nft_chain(h); err = mnl_nft_chain_get(nf_sock, nlc, 0); if (err < 0) { - nft_chain_free(nlc); - return netlink_io_error(ctx, loc, - "Could not receive chain from kernel: %s", - strerror(errno)); + netlink_io_error(ctx, loc, + "Could not receive chain from kernel: %s", + strerror(errno)); + goto out; } chain = netlink_delinearize_chain(ctx, nlc); list_add_tail(&chain->list, &ctx->list); +out: nft_chain_free(nlc); - return err; } @@ -925,9 +933,9 @@ int netlink_get_table(struct netlink_ctx *ctx, const struct handle *h, nft_table_free(nlt); if (err < 0) - return netlink_io_error(ctx, loc, - "Could not receive table from kernel: %s", - strerror(errno)); + netlink_io_error(ctx, loc, + "Could not receive table from kernel: %s", + strerror(errno)); return err; } @@ -1015,10 +1023,10 @@ static struct set *netlink_delinearize_set(struct netlink_ctx *ctx, xstrdup(nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME)); set->keytype = keytype; - set->keylen = + set->keylen = nft_set_attr_get_u32(nls, NFT_SET_ATTR_KEY_LEN) * BITS_PER_BYTE; - set->flags = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FLAGS); + set->flags = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FLAGS); set->datatype = datatype; if (nft_set_attr_is_set(nls, NFT_SET_ATTR_DATA_LEN)) { @@ -1434,13 +1442,11 @@ int netlink_batch_send(struct list_head *err_list) int netlink_flush_ruleset(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - int err; struct nft_table *nlt; + int err; - if (!ctx->batch_supported) { - netlink_io_error(ctx, loc, "Operation not supported."); - return -1; - } + if (!ctx->batch_supported) + return netlink_io_error(ctx, loc, "Operation not supported"); nlt = alloc_nft_table(h); err = mnl_nft_table_batch_del(nlt, 0, ctx->seqnum); @@ -1559,12 +1565,12 @@ static void nlr_for_each_set(struct nft_rule *nlr, void (*cb)(struct set *s, void *data), void *data) { - struct set *s; - uint32_t family; - const char *set_name, *table; - struct nft_rule_expr *nlre; struct nft_rule_expr_iter *nlrei; + struct nft_rule_expr *nlre; + const char *set_name, *table; const char *name; + struct set *s; + uint32_t family; nlrei = nft_rule_expr_iter_create(nlr); if (nlrei == NULL) @@ -1594,8 +1600,10 @@ next: static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { + struct nft_table *nlt; uint32_t family; - struct nft_table *nlt = netlink_table_alloc(nlh); + + nlt = netlink_table_alloc(nlh); switch (monh->format) { case NFT_OUTPUT_DEFAULT: @@ -1628,9 +1636,11 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type, static int netlink_events_chain_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { + struct nft_chain *nlc; struct chain *c; uint32_t family; - struct nft_chain *nlc = netlink_chain_alloc(nlh); + + nlc = netlink_chain_alloc(nlh); switch (monh->format) { case NFT_OUTPUT_DEFAULT: @@ -1671,10 +1681,11 @@ static int netlink_events_chain_cb(const struct nlmsghdr *nlh, int type, static int netlink_events_set_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { + struct nft_set *nls; struct set *set; uint32_t family, flags; - struct nft_set *nls = netlink_set_alloc(nlh); + nls = netlink_set_alloc(nlh); flags = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FLAGS); if (flags & SET_F_ANONYMOUS) goto out; @@ -1718,14 +1729,15 @@ out: static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { - struct nft_set_elem *nlse; struct nft_set_elems_iter *nlsei; + struct nft_set_elem *nlse; + struct nft_set *nls; struct set *dummyset; struct set *set; const char *setname, *table; uint32_t family; - struct nft_set *nls = netlink_setelem_alloc(nlh); + nls = netlink_setelem_alloc(nlh); table = nft_set_attr_get_str(nls, NFT_SET_ATTR_TABLE); setname = nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME); family = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY); @@ -1803,14 +1815,15 @@ static void rule_map_decompose_cb(struct set *s, void *data) static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { - struct rule *r; - uint32_t fam; + struct nft_rule *nlr; const char *family; const char *table; const char *chain; + struct rule *r; uint64_t handle; - struct nft_rule *nlr = netlink_rule_alloc(nlh); + uint32_t fam; + nlr = netlink_rule_alloc(nlh); switch (monh->format) { case NFT_OUTPUT_DEFAULT: fam = nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY); @@ -1851,53 +1864,54 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, static void netlink_events_cache_addtable(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { + struct nft_table *nlt; struct table *t; - struct nft_table *nlt = netlink_table_alloc(nlh); + nlt = netlink_table_alloc(nlh); t = netlink_delinearize_table(monh->ctx, nlt); - table_add_hash(t); - nft_table_free(nlt); + + table_add_hash(t); } static void netlink_events_cache_deltable(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { + struct nft_table *nlt; struct table *t; struct handle h; - struct nft_table *nlt = netlink_table_alloc(nlh); + nlt = netlink_table_alloc(nlh); h.family = nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY); - h.table = nft_table_attr_get_str(nlt, NFT_TABLE_ATTR_NAME); + h.table = nft_table_attr_get_str(nlt, NFT_TABLE_ATTR_NAME); + nft_table_free(nlt); t = table_lookup(&h); if (t == NULL) - goto out; + return; list_del(&t->list); table_free(t); - -out: - nft_table_free(nlt); } static void netlink_events_cache_addset(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { + struct netlink_ctx set_tmpctx; + struct nft_set *nls; + struct table *t; struct set *s; LIST_HEAD(msgs); - struct table *t; - struct netlink_ctx set_tmpctx; - struct nft_set *nls = netlink_set_alloc(nlh); memset(&set_tmpctx, 0, sizeof(set_tmpctx)); init_list_head(&set_tmpctx.list); init_list_head(&msgs); set_tmpctx.msgs = &msgs; + nls = netlink_set_alloc(nlh); s = netlink_delinearize_set(&set_tmpctx, nls); if (s == NULL) - return; + goto out; s->init = set_expr_alloc(monh->loc); t = table_lookup(&s->handle); @@ -1915,17 +1929,19 @@ out: static void netlink_events_cache_addsetelem(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { - struct set *set; - struct nft_set_elem *nlse; struct nft_set_elems_iter *nlsei; + struct nft_set_elem *nlse; + struct nft_set *nls; + struct set *set; const char *table, *setname; - struct nft_set *nls = netlink_setelem_alloc(nlh); + uint32_t family; - table = nft_set_attr_get_str(nls, NFT_SET_ATTR_TABLE); + nls = netlink_setelem_alloc(nlh); + family = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY); + table = nft_set_attr_get_str(nls, NFT_SET_ATTR_TABLE); setname = nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME); - set = set_lookup_global(nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY), - table, setname); + set = set_lookup_global(family, table, setname); if (set == NULL) { fprintf(stderr, "W: Unable to cache set_elem. Set not found.\n"); @@ -1948,7 +1964,6 @@ static void netlink_events_cache_addsetelem(struct netlink_mon_handler *monh, nlse = nft_set_elems_iter_next(nlsei); } nft_set_elems_iter_destroy(nlsei); - out: nft_set_free(nls); } |