summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/mnl.c98
-rw-r--r--src/netlink.c79
-rw-r--r--src/rule.c8
3 files changed, 90 insertions, 95 deletions
diff --git a/src/mnl.c b/src/mnl.c
index 8cc4f168..337e0658 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -387,32 +387,106 @@ err:
/*
* Chain
*/
-int mnl_nft_chain_batch_add(struct nftnl_chain *nlc, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+ unsigned int flags)
{
+ struct nftnl_chain *nlc;
struct nlmsghdr *nlh;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+ nlc = nftnl_chain_alloc();
+ if (nlc == NULL)
+ memory_allocation_error();
+
+ nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, cmd->handle.family);
+ nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, cmd->handle.table.name);
+ nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, cmd->handle.chain.name);
+
+ if (cmd->chain) {
+ if (cmd->chain->flags & CHAIN_F_BASECHAIN) {
+ nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM,
+ cmd->chain->hooknum);
+ nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO,
+ cmd->chain->priority.num);
+ nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE,
+ cmd->chain->type);
+ }
+ if (cmd->chain->policy != -1)
+ nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY,
+ cmd->chain->policy);
+ if (cmd->chain->dev != NULL)
+ nftnl_chain_set_str(nlc, NFTNL_CHAIN_DEV,
+ cmd->chain->dev);
+ }
+ netlink_dump_chain(nlc, ctx);
+
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
NFT_MSG_NEWCHAIN,
- nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY),
- NLM_F_CREATE | flags, seqnum);
+ cmd->handle.family,
+ NLM_F_CREATE | flags, ctx->seqnum);
nftnl_chain_nlmsg_build_payload(nlh, nlc);
- mnl_nft_batch_continue(batch);
+ nftnl_chain_free(nlc);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
-int mnl_nft_chain_batch_del(struct nftnl_chain *nlc, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_chain_rename(struct netlink_ctx *ctx, const struct cmd *cmd,
+ const struct chain *chain)
{
+ const char *name = cmd->arg;
+ struct nftnl_chain *nlc;
struct nlmsghdr *nlh;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+ nlc = nftnl_chain_alloc();
+ if (nlc == NULL)
+ memory_allocation_error();
+
+ nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, cmd->handle.family);
+ nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, cmd->handle.table.name);
+ nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE, chain->handle.handle.id);
+ nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, name);
+
+ netlink_dump_chain(nlc, ctx);
+
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
+ NFT_MSG_NEWCHAIN,
+ cmd->handle.family,
+ 0, ctx->seqnum);
+ nftnl_chain_nlmsg_build_payload(nlh, nlc);
+ nftnl_chain_free(nlc);
+
+ mnl_nft_batch_continue(ctx->batch);
+
+ return 0;
+}
+
+int mnl_nft_chain_del(struct netlink_ctx *ctx, const struct cmd *cmd)
+{
+ struct nftnl_chain *nlc;
+ struct nlmsghdr *nlh;
+
+ nlc = nftnl_chain_alloc();
+ if (nlc == NULL)
+ memory_allocation_error();
+
+ nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, cmd->handle.family);
+ nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, cmd->handle.table.name);
+ if (cmd->handle.chain.name)
+ nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME,
+ cmd->handle.chain.name);
+ else if (cmd->handle.handle.id)
+ nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE,
+ cmd->handle.handle.id);
+
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
NFT_MSG_DELCHAIN,
- nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY),
- NLM_F_ACK, seqnum);
+ cmd->handle.family,
+ NLM_F_ACK, ctx->seqnum);
nftnl_chain_nlmsg_build_payload(nlh, nlc);
- mnl_nft_batch_continue(batch);
+ nftnl_chain_free(nlc);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
diff --git a/src/netlink.c b/src/netlink.c
index f84c0501..d7b8da6b 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -111,24 +111,6 @@ void __noreturn __netlink_init_error(const char *filename, int line,
exit(NFT_EXIT_NONL);
}
-struct nftnl_chain *alloc_nftnl_chain(const struct handle *h)
-{
- struct nftnl_chain *nlc;
-
- nlc = nftnl_chain_alloc();
- if (nlc == NULL)
- memory_allocation_error();
-
- nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, h->family);
- nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, h->table.name);
- if (h->handle.id)
- nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE, h->handle.id);
- if (h->chain.name != NULL)
- nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, h->chain.name);
-
- return nlc;
-}
-
struct nftnl_rule *alloc_nftnl_rule(const struct handle *h)
{
struct nftnl_rule *nlr;
@@ -570,67 +552,6 @@ void netlink_dump_chain(const struct nftnl_chain *nlc, struct netlink_ctx *ctx)
fprintf(fp, "\n");
}
-int netlink_add_chain_batch(struct netlink_ctx *ctx, const struct cmd *cmd,
- uint32_t flags)
-{
- struct chain *chain = cmd->chain;
- struct nftnl_chain *nlc;
- int err;
-
- nlc = alloc_nftnl_chain(&cmd->handle);
- if (chain != NULL) {
- if (chain->flags & CHAIN_F_BASECHAIN) {
- nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM,
- chain->hooknum);
- nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO,
- chain->priority.num);
- nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE,
- chain->type);
- }
- if (chain->policy != -1)
- nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY,
- chain->policy);
- if (chain->dev != NULL)
- nftnl_chain_set_str(nlc, NFTNL_CHAIN_DEV,
- chain->dev);
- }
-
- netlink_dump_chain(nlc, ctx);
- err = mnl_nft_chain_batch_add(nlc, ctx->batch, flags, ctx->seqnum);
- nftnl_chain_free(nlc);
-
- return err;
-}
-
-int netlink_rename_chain_batch(struct netlink_ctx *ctx, const struct handle *h,
- const struct cmd *cmd)
-{
- const char *name = cmd->arg;
- struct nftnl_chain *nlc;
- int err;
-
- nlc = alloc_nftnl_chain(h);
- nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, name);
- netlink_dump_chain(nlc, ctx);
- err = mnl_nft_chain_batch_add(nlc, ctx->batch, 0, ctx->seqnum);
- nftnl_chain_free(nlc);
-
- return err;
-}
-
-int netlink_delete_chain_batch(struct netlink_ctx *ctx, const struct cmd *cmd)
-{
- struct nftnl_chain *nlc;
- int err;
-
- nlc = alloc_nftnl_chain(&cmd->handle);
- netlink_dump_chain(nlc, ctx);
- err = mnl_nft_chain_batch_del(nlc, ctx->batch, 0, ctx->seqnum);
- nftnl_chain_free(nlc);
-
- return err;
-}
-
struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
const struct nftnl_chain *nlc)
{
diff --git a/src/rule.c b/src/rule.c
index 81d5c3e9..b00a17d6 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1412,7 +1412,7 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl)
case CMD_OBJ_TABLE:
return mnl_nft_table_add(ctx, cmd, flags);
case CMD_OBJ_CHAIN:
- return netlink_add_chain_batch(ctx, cmd, flags);
+ return mnl_nft_chain_add(ctx, cmd, flags);
case CMD_OBJ_RULE:
return netlink_add_rule_batch(ctx, cmd, flags | NLM_F_APPEND);
case CMD_OBJ_SET:
@@ -1495,7 +1495,7 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
case CMD_OBJ_TABLE:
return mnl_nft_table_del(ctx, cmd);
case CMD_OBJ_CHAIN:
- return netlink_delete_chain_batch(ctx, cmd);
+ return mnl_nft_chain_del(ctx, cmd);
case CMD_OBJ_RULE:
return netlink_del_rule_batch(ctx, cmd);
case CMD_OBJ_SET:
@@ -2278,13 +2278,13 @@ static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd)
static int do_command_rename(struct netlink_ctx *ctx, struct cmd *cmd)
{
struct table *table = table_lookup(&cmd->handle, ctx->cache);
- struct chain *chain;
+ const struct chain *chain;
switch (cmd->obj) {
case CMD_OBJ_CHAIN:
chain = chain_lookup(table, &cmd->handle);
- return netlink_rename_chain_batch(ctx, &chain->handle, cmd);
+ return mnl_nft_chain_rename(ctx, cmd, chain);
default:
BUG("invalid command object type %u\n", cmd->obj);
}