From d6f06c3069990759a95a28c5dfcb76e9c6eebae0 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 15 Sep 2015 13:20:34 +0200 Subject: src: use new symbols in libnftnl Adapt the nftables code to use the new symbols in libnftnl. This patch contains quite some renaming to reserve the nft_ prefix for our high level library. Explicitly request libnftnl 1.0.5 at configure stage. Signed-off-by: Pablo Neira Ayuso --- configure.ac | 2 +- include/mnl.h | 58 ++-- include/netlink.h | 26 +- src/mnl.c | 404 +++++++++++++------------- src/netlink.c | 712 +++++++++++++++++++++++----------------------- src/netlink_delinearize.c | 234 +++++++-------- src/netlink_linearize.c | 304 ++++++++++---------- src/parser_bison.y | 6 +- src/rule.c | 8 +- 9 files changed, 877 insertions(+), 877 deletions(-) diff --git a/configure.ac b/configure.ac index 931dbe1d..3fdb17b2 100644 --- a/configure.ac +++ b/configure.ac @@ -71,7 +71,7 @@ AM_CONDITIONAL([BUILD_PDF], [test "$DBLATEX" == "found"]) # Checks for libraries. PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3]) -PKG_CHECK_MODULES([LIBNFTNL], [libnftnl >= 1.0.2]) +PKG_CHECK_MODULES([LIBNFTNL], [libnftnl >= 1.0.5]) AC_ARG_WITH([mini-gmp], [AS_HELP_STRING([--with-mini-gmp], [Use builtin mini-gmp (for embedded builds)])], [], diff --git a/include/mnl.h b/include/mnl.h index a0dfa1b4..9c14e1aa 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -22,67 +22,67 @@ void mnl_batch_reset(void); uint32_t mnl_batch_begin(void); void mnl_batch_end(void); int mnl_batch_talk(struct mnl_socket *nl, struct list_head *err_list); -int mnl_nft_rule_batch_add(struct nft_rule *nlr, unsigned int flags, +int mnl_nft_rule_batch_add(struct nftnl_rule *nlr, unsigned int flags, uint32_t seqnum); -int mnl_nft_rule_batch_del(struct nft_rule *nlr, unsigned int flags, +int mnl_nft_rule_batch_del(struct nftnl_rule *nlr, unsigned int flags, uint32_t seqnum); -int mnl_nft_rule_add(struct mnl_socket *nf_sock, struct nft_rule *r, +int mnl_nft_rule_add(struct mnl_socket *nf_sock, struct nftnl_rule *r, unsigned int flags); -int mnl_nft_rule_delete(struct mnl_socket *nf_sock, struct nft_rule *r, +int mnl_nft_rule_delete(struct mnl_socket *nf_sock, struct nftnl_rule *r, unsigned int flags); -struct nft_rule_list *mnl_nft_rule_dump(struct mnl_socket *nf_sock, +struct nftnl_rule_list *mnl_nft_rule_dump(struct mnl_socket *nf_sock, int family); -int mnl_nft_chain_add(struct mnl_socket *nf_sock, struct nft_chain *nlc, +int mnl_nft_chain_add(struct mnl_socket *nf_sock, struct nftnl_chain *nlc, unsigned int flags); -int mnl_nft_chain_batch_add(struct nft_chain *nlc, +int mnl_nft_chain_batch_add(struct nftnl_chain *nlc, unsigned int flags, uint32_t seq); -int mnl_nft_chain_delete(struct mnl_socket *nf_sock, struct nft_chain *nlc, +int mnl_nft_chain_delete(struct mnl_socket *nf_sock, struct nftnl_chain *nlc, unsigned int flags); -int mnl_nft_chain_batch_del(struct nft_chain *nlc, +int mnl_nft_chain_batch_del(struct nftnl_chain *nlc, unsigned int flags, uint32_t seq); -struct nft_chain_list *mnl_nft_chain_dump(struct mnl_socket *nf_sock, +struct nftnl_chain_list *mnl_nft_chain_dump(struct mnl_socket *nf_sock, int family); -int mnl_nft_chain_get(struct mnl_socket *nf_sock, struct nft_chain *nlc, +int mnl_nft_chain_get(struct mnl_socket *nf_sock, struct nftnl_chain *nlc, unsigned int flags); -int mnl_nft_table_add(struct mnl_socket *nf_sock, struct nft_table *nlt, +int mnl_nft_table_add(struct mnl_socket *nf_sock, struct nftnl_table *nlt, unsigned int flags); -int mnl_nft_table_batch_add(struct nft_table *nlt, +int mnl_nft_table_batch_add(struct nftnl_table *nlt, unsigned int flags, uint32_t seq); -int mnl_nft_table_delete(struct mnl_socket *nf_sock, struct nft_table *nlt, +int mnl_nft_table_delete(struct mnl_socket *nf_sock, struct nftnl_table *nlt, unsigned int flags); -int mnl_nft_table_batch_del(struct nft_table *nlt, +int mnl_nft_table_batch_del(struct nftnl_table *nlt, unsigned int flags, uint32_t seq); -struct nft_table_list *mnl_nft_table_dump(struct mnl_socket *nf_sock, +struct nftnl_table_list *mnl_nft_table_dump(struct mnl_socket *nf_sock, int family); -int mnl_nft_table_get(struct mnl_socket *nf_sock, struct nft_table *nlt, +int mnl_nft_table_get(struct mnl_socket *nf_sock, struct nftnl_table *nlt, unsigned int flags); -int mnl_nft_set_add(struct mnl_socket *nf_sock, struct nft_set *nls, +int mnl_nft_set_add(struct mnl_socket *nf_sock, struct nftnl_set *nls, unsigned int flags); -int mnl_nft_set_batch_add(struct nft_set *nls, +int mnl_nft_set_batch_add(struct nftnl_set *nls, unsigned int flags, uint32_t seq); -int mnl_nft_set_delete(struct mnl_socket *nf_sock, struct nft_set *nls, +int mnl_nft_set_delete(struct mnl_socket *nf_sock, struct nftnl_set *nls, unsigned int flags); -int mnl_nft_set_batch_del(struct nft_set *nls, +int mnl_nft_set_batch_del(struct nftnl_set *nls, unsigned int flags, uint32_t seq); -struct nft_set_list *mnl_nft_set_dump(struct mnl_socket *nf_sock, int family, +struct nftnl_set_list *mnl_nft_set_dump(struct mnl_socket *nf_sock, int family, const char *table); -int mnl_nft_set_get(struct mnl_socket *nf_sock, struct nft_set *nls); +int mnl_nft_set_get(struct mnl_socket *nf_sock, struct nftnl_set *nls); -int mnl_nft_setelem_add(struct mnl_socket *nf_sock, struct nft_set *nls, +int mnl_nft_setelem_add(struct mnl_socket *nf_sock, struct nftnl_set *nls, unsigned int flags); -int mnl_nft_setelem_batch_add(struct nft_set *nls, +int mnl_nft_setelem_batch_add(struct nftnl_set *nls, unsigned int flags, uint32_t seq); -int mnl_nft_setelem_delete(struct mnl_socket *nf_sock, struct nft_set *nls, +int mnl_nft_setelem_delete(struct mnl_socket *nf_sock, struct nftnl_set *nls, unsigned int flags); -int mnl_nft_setelem_batch_del(struct nft_set *nls, +int mnl_nft_setelem_batch_del(struct nftnl_set *nls, unsigned int flags, uint32_t seq); -int mnl_nft_setelem_get(struct mnl_socket *nf_sock, struct nft_set *nls); +int mnl_nft_setelem_get(struct mnl_socket *nf_sock, struct nftnl_set *nls); -struct nft_ruleset *mnl_nft_ruleset_dump(struct mnl_socket *nf_sock, +struct nftnl_ruleset *mnl_nft_ruleset_dump(struct mnl_socket *nf_sock, uint32_t family); int mnl_nft_event_listener(struct mnl_socket *nf_sock, int (*cb)(const struct nlmsghdr *nlh, void *data), diff --git a/include/netlink.h b/include/netlink.h index 185c4357..7bf7ea0d 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -33,11 +33,11 @@ struct netlink_ctx { bool batch_supported; }; -extern struct nft_table *alloc_nft_table(const struct handle *h); -extern struct nft_chain *alloc_nft_chain(const struct handle *h); -extern struct nft_rule *alloc_nft_rule(const struct handle *h); -extern struct nft_rule_expr *alloc_nft_expr(const char *name); -extern struct nft_set *alloc_nft_set(const struct handle *h); +extern struct nftnl_table *alloc_nftnl_table(const struct handle *h); +extern struct nftnl_chain *alloc_nftnl_chain(const struct handle *h); +extern struct nftnl_rule *alloc_nftnl_rule(const struct handle *h); +extern struct nftnl_expr *alloc_nft_expr(const char *name); +extern struct nftnl_set *alloc_nftnl_set(const struct handle *h); struct nft_data_linearize { uint32_t len; @@ -81,10 +81,10 @@ extern struct expr *netlink_alloc_data(const struct location *loc, enum nft_registers dreg); extern void netlink_linearize_rule(struct netlink_ctx *ctx, - struct nft_rule *nlr, + struct nftnl_rule *nlr, const struct rule *rule); extern struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx, - const struct nft_rule *r); + const struct nftnl_rule *r); extern int netlink_add_rule(struct netlink_ctx *ctx, const struct handle *h, const struct rule *rule, uint32_t flags); @@ -145,11 +145,11 @@ extern int netlink_delete_setelems(struct netlink_ctx *ctx, const struct handle extern int netlink_get_setelems(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc, struct set *set); -extern void netlink_dump_table(struct nft_table *nlt); -extern void netlink_dump_chain(struct nft_chain *nlc); -extern void netlink_dump_rule(struct nft_rule *nlr); -extern void netlink_dump_expr(struct nft_rule_expr *nle); -extern void netlink_dump_set(struct nft_set *nls); +extern void netlink_dump_table(struct nftnl_table *nlt); +extern void netlink_dump_chain(struct nftnl_chain *nlc); +extern void netlink_dump_rule(struct nftnl_rule *nlr); +extern void netlink_dump_expr(struct nftnl_expr *nle); +extern void netlink_dump_set(struct nftnl_set *nls); extern int netlink_batch_send(struct list_head *err_list); @@ -168,7 +168,7 @@ extern int netlink_flush_ruleset(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc); -extern struct nft_ruleset *netlink_dump_ruleset(struct netlink_ctx *ctx, +extern struct nftnl_ruleset *netlink_dump_ruleset(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc); struct netlink_mon_handler { diff --git a/src/mnl.c b/src/mnl.c index b6e25a03..e4253e53 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -102,7 +102,7 @@ void mnl_genid_get(struct mnl_socket *nf_sock) char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - nlh = nft_nlmsg_build_hdr(buf, NFT_MSG_GETGEN, AF_UNSPEC, 0, seq); + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETGEN, AF_UNSPEC, 0, seq); /* Skip error checking, old kernels sets res_id field to zero. */ nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, genid_cb, NULL); } @@ -128,18 +128,18 @@ static int check_genid(const struct nlmsghdr *nlh) */ #define BATCH_PAGE_SIZE getpagesize() * 32 -static struct nft_batch *batch; +static struct nftnl_batch *batch; void mnl_batch_init(void) { - batch = nft_batch_alloc(BATCH_PAGE_SIZE, NFT_NLMSG_MAXSIZE); + batch = nftnl_batch_alloc(BATCH_PAGE_SIZE, NFT_NLMSG_MAXSIZE); if (batch == NULL) memory_allocation_error(); } -static void nft_batch_continue(void) +static void mnl_nft_batch_continue(void) { - if (nft_batch_update(batch) < 0) + if (nftnl_batch_update(batch) < 0) memory_allocation_error(); } @@ -147,16 +147,16 @@ uint32_t mnl_batch_begin(void) { uint32_t seq = mnl_seqnum_alloc(); - nft_batch_begin(nft_batch_buffer(batch), seq); - nft_batch_continue(); + nftnl_batch_begin(nftnl_batch_buffer(batch), seq); + mnl_nft_batch_continue(); return seq; } void mnl_batch_end(void) { - nft_batch_end(nft_batch_buffer(batch), mnl_seqnum_alloc()); - nft_batch_continue(); + nftnl_batch_end(nftnl_batch_buffer(batch), mnl_seqnum_alloc()); + mnl_nft_batch_continue(); } bool mnl_batch_ready(void) @@ -164,13 +164,13 @@ bool mnl_batch_ready(void) /* Check if the batch only contains the initial and trailing batch * messages. In that case, the batch is empty. */ - return nft_batch_buffer_len(batch) != + return nftnl_batch_buffer_len(batch) != (NLMSG_HDRLEN + sizeof(struct nfgenmsg)) * 2; } void mnl_batch_reset(void) { - nft_batch_free(batch); + nftnl_batch_free(batch); } static void mnl_err_list_node_add(struct list_head *err_list, int error, @@ -195,10 +195,10 @@ static void mnl_set_sndbuffer(const struct mnl_socket *nl) { int newbuffsiz; - if (nft_batch_iovec_len(batch) * BATCH_PAGE_SIZE <= nlbuffsiz) + if (nftnl_batch_iovec_len(batch) * BATCH_PAGE_SIZE <= nlbuffsiz) return; - newbuffsiz = nft_batch_iovec_len(batch) * BATCH_PAGE_SIZE; + newbuffsiz = nftnl_batch_iovec_len(batch) * BATCH_PAGE_SIZE; /* Rise sender buffer length to avoid hitting -EMSGSIZE */ if (setsockopt(mnl_socket_get_fd(nl), SOL_SOCKET, SO_SNDBUFFORCE, @@ -213,7 +213,7 @@ static ssize_t mnl_nft_socket_sendmsg(const struct mnl_socket *nl) static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK }; - uint32_t iov_len = nft_batch_iovec_len(batch); + uint32_t iov_len = nftnl_batch_iovec_len(batch); struct iovec iov[iov_len]; struct msghdr msg = { .msg_name = (struct sockaddr *) &snl, @@ -226,7 +226,7 @@ static ssize_t mnl_nft_socket_sendmsg(const struct mnl_socket *nl) #endif mnl_set_sndbuffer(nl); - nft_batch_iovec(batch, iov, iov_len); + nftnl_batch_iovec(batch, iov, iov_len); #ifdef DEBUG for (i = 0; i < iov_len; i++) { @@ -285,34 +285,34 @@ int mnl_batch_talk(struct mnl_socket *nl, struct list_head *err_list) return ret; } -int mnl_nft_rule_batch_add(struct nft_rule *nlr, unsigned int flags, +int mnl_nft_rule_batch_add(struct nftnl_rule *nlr, unsigned int flags, uint32_t seqnum) { struct nlmsghdr *nlh; - nlh = nft_rule_nlmsg_build_hdr(nft_batch_buffer(batch), + nlh = nftnl_rule_nlmsg_build_hdr(nftnl_batch_buffer(batch), NFT_MSG_NEWRULE, - nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY), + nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY), NLM_F_CREATE | flags, seqnum); - nft_rule_nlmsg_build_payload(nlh, nlr); - nft_batch_continue(); + nftnl_rule_nlmsg_build_payload(nlh, nlr); + mnl_nft_batch_continue(); return 0; } -int mnl_nft_rule_batch_del(struct nft_rule *nlr, unsigned int flags, +int mnl_nft_rule_batch_del(struct nftnl_rule *nlr, unsigned int flags, uint32_t seqnum) { struct nlmsghdr *nlh; - nlh = nft_rule_nlmsg_build_hdr(nft_batch_buffer(batch), + nlh = nftnl_rule_nlmsg_build_hdr(nftnl_batch_buffer(batch), NFT_MSG_DELRULE, - nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY), + nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY), 0, seqnum); - nft_rule_nlmsg_build_payload(nlh, nlr); - nft_batch_continue(); + nftnl_rule_nlmsg_build_payload(nlh, nlr); + mnl_nft_batch_continue(); return 0; } @@ -320,69 +320,69 @@ int mnl_nft_rule_batch_del(struct nft_rule *nlr, unsigned int flags, /* * Rule */ -int mnl_nft_rule_add(struct mnl_socket *nf_sock, struct nft_rule *nlr, +int mnl_nft_rule_add(struct mnl_socket *nf_sock, struct nftnl_rule *nlr, unsigned int flags) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, - nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY), + nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, + nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY), NLM_F_ACK | NLM_F_CREATE | flags, seq); - nft_rule_nlmsg_build_payload(nlh, nlr); + nftnl_rule_nlmsg_build_payload(nlh, nlr); return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, NULL, NULL); } -int mnl_nft_rule_delete(struct mnl_socket *nf_sock, struct nft_rule *nlr, +int mnl_nft_rule_delete(struct mnl_socket *nf_sock, struct nftnl_rule *nlr, unsigned int flags) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_DELRULE, - nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY), + nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_DELRULE, + nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY), NLM_F_ACK, seq); - nft_rule_nlmsg_build_payload(nlh, nlr); + nftnl_rule_nlmsg_build_payload(nlh, nlr); return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, NULL, NULL); } static int rule_cb(const struct nlmsghdr *nlh, void *data) { - struct nft_rule_list *nlr_list = data; - struct nft_rule *r; + struct nftnl_rule_list *nlr_list = data; + struct nftnl_rule *r; if (check_genid(nlh) < 0) return MNL_CB_ERROR; - r = nft_rule_alloc(); + r = nftnl_rule_alloc(); if (r == NULL) memory_allocation_error(); - if (nft_rule_nlmsg_parse(nlh, r) < 0) + if (nftnl_rule_nlmsg_parse(nlh, r) < 0) goto err_free; - nft_rule_list_add_tail(r, nlr_list); + nftnl_rule_list_add_tail(r, nlr_list); return MNL_CB_OK; err_free: - nft_rule_free(r); + nftnl_rule_free(r); return MNL_CB_OK; } -struct nft_rule_list *mnl_nft_rule_dump(struct mnl_socket *nf_sock, int family) +struct nftnl_rule_list *mnl_nft_rule_dump(struct mnl_socket *nf_sock, int family) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - struct nft_rule_list *nlr_list; + struct nftnl_rule_list *nlr_list; int ret; - nlr_list = nft_rule_list_alloc(); + nlr_list = nftnl_rule_list_alloc(); if (nlr_list == NULL) memory_allocation_error(); - nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family, + nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family, NLM_F_DUMP, seq); ret = nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, rule_cb, nlr_list); @@ -391,108 +391,108 @@ struct nft_rule_list *mnl_nft_rule_dump(struct mnl_socket *nf_sock, int family) return nlr_list; err: - nft_rule_list_free(nlr_list); + nftnl_rule_list_free(nlr_list); return NULL; } /* * Chain */ -int mnl_nft_chain_add(struct mnl_socket *nf_sock, struct nft_chain *nlc, +int mnl_nft_chain_add(struct mnl_socket *nf_sock, struct nftnl_chain *nlc, unsigned int flags) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, - nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_FAMILY), + nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, + nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY), NLM_F_CREATE | NLM_F_ACK | flags, seq); - nft_chain_nlmsg_build_payload(nlh, nlc); + nftnl_chain_nlmsg_build_payload(nlh, nlc); return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, NULL, NULL); } -int mnl_nft_chain_batch_add(struct nft_chain *nlc, unsigned int flags, +int mnl_nft_chain_batch_add(struct nftnl_chain *nlc, unsigned int flags, uint32_t seqnum) { struct nlmsghdr *nlh; - nlh = nft_chain_nlmsg_build_hdr(nft_batch_buffer(batch), + nlh = nftnl_chain_nlmsg_build_hdr(nftnl_batch_buffer(batch), NFT_MSG_NEWCHAIN, - nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_FAMILY), + nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY), NLM_F_CREATE | flags, seqnum); - nft_chain_nlmsg_build_payload(nlh, nlc); - nft_batch_continue(); + nftnl_chain_nlmsg_build_payload(nlh, nlc); + mnl_nft_batch_continue(); return 0; } -int mnl_nft_chain_delete(struct mnl_socket *nf_sock, struct nft_chain *nlc, +int mnl_nft_chain_delete(struct mnl_socket *nf_sock, struct nftnl_chain *nlc, unsigned int flags) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_DELCHAIN, - nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_FAMILY), + nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_DELCHAIN, + nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY), NLM_F_ACK, seq); - nft_chain_nlmsg_build_payload(nlh, nlc); + nftnl_chain_nlmsg_build_payload(nlh, nlc); return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, NULL, NULL); } -int mnl_nft_chain_batch_del(struct nft_chain *nlc, unsigned int flags, +int mnl_nft_chain_batch_del(struct nftnl_chain *nlc, unsigned int flags, uint32_t seqnum) { struct nlmsghdr *nlh; - nlh = nft_chain_nlmsg_build_hdr(nft_batch_buffer(batch), + nlh = nftnl_chain_nlmsg_build_hdr(nftnl_batch_buffer(batch), NFT_MSG_DELCHAIN, - nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_FAMILY), + nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY), NLM_F_ACK, seqnum); - nft_chain_nlmsg_build_payload(nlh, nlc); - nft_batch_continue(); + nftnl_chain_nlmsg_build_payload(nlh, nlc); + mnl_nft_batch_continue(); return 0; } static int chain_cb(const struct nlmsghdr *nlh, void *data) { - struct nft_chain_list *nlc_list = data; - struct nft_chain *c; + struct nftnl_chain_list *nlc_list = data; + struct nftnl_chain *c; if (check_genid(nlh) < 0) return MNL_CB_ERROR; - c = nft_chain_alloc(); + c = nftnl_chain_alloc(); if (c == NULL) memory_allocation_error(); - if (nft_chain_nlmsg_parse(nlh, c) < 0) + if (nftnl_chain_nlmsg_parse(nlh, c) < 0) goto err_free; - nft_chain_list_add_tail(c, nlc_list); + nftnl_chain_list_add_tail(c, nlc_list); return MNL_CB_OK; err_free: - nft_chain_free(c); + nftnl_chain_free(c); return MNL_CB_OK; } -struct nft_chain_list *mnl_nft_chain_dump(struct mnl_socket *nf_sock, int family) +struct nftnl_chain_list *mnl_nft_chain_dump(struct mnl_socket *nf_sock, int family) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - struct nft_chain_list *nlc_list; + struct nftnl_chain_list *nlc_list; int ret; - nlc_list = nft_chain_list_alloc(); + nlc_list = nftnl_chain_list_alloc(); if (nlc_list == NULL) memory_allocation_error(); - nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family, + nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family, NLM_F_DUMP, seq); ret = nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, chain_cb, nlc_list); @@ -501,26 +501,26 @@ struct nft_chain_list *mnl_nft_chain_dump(struct mnl_socket *nf_sock, int family return nlc_list; err: - nft_chain_list_free(nlc_list); + nftnl_chain_list_free(nlc_list); return NULL; } static int chain_get_cb(const struct nlmsghdr *nlh, void *data) { - nft_chain_nlmsg_parse(nlh, data); + nftnl_chain_nlmsg_parse(nlh, data); return MNL_CB_OK; } -int mnl_nft_chain_get(struct mnl_socket *nf_sock, struct nft_chain *nlc, +int mnl_nft_chain_get(struct mnl_socket *nf_sock, struct nftnl_chain *nlc, unsigned int flags) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, - nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_FAMILY), + nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, + nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY), NLM_F_ACK | flags, seq); - nft_chain_nlmsg_build_payload(nlh, nlc); + nftnl_chain_nlmsg_build_payload(nlh, nlc); return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, chain_get_cb, nlc); } @@ -528,99 +528,99 @@ int mnl_nft_chain_get(struct mnl_socket *nf_sock, struct nft_chain *nlc, /* * Table */ -int mnl_nft_table_add(struct mnl_socket *nf_sock, struct nft_table *nlt, +int mnl_nft_table_add(struct mnl_socket *nf_sock, struct nftnl_table *nlt, unsigned int flags) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_NEWTABLE, - nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY), + nlh = nftnl_table_nlmsg_build_hdr(buf, NFT_MSG_NEWTABLE, + nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY), NLM_F_ACK | flags, seq); - nft_table_nlmsg_build_payload(nlh, nlt); + nftnl_table_nlmsg_build_payload(nlh, nlt); return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, NULL, NULL); } -int mnl_nft_table_batch_add(struct nft_table *nlt, unsigned int flags, +int mnl_nft_table_batch_add(struct nftnl_table *nlt, unsigned int flags, uint32_t seqnum) { struct nlmsghdr *nlh; - nlh = nft_table_nlmsg_build_hdr(nft_batch_buffer(batch), + nlh = nftnl_table_nlmsg_build_hdr(nftnl_batch_buffer(batch), NFT_MSG_NEWTABLE, - nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY), + nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY), flags, seqnum); - nft_table_nlmsg_build_payload(nlh, nlt); - nft_batch_continue(); + nftnl_table_nlmsg_build_payload(nlh, nlt); + mnl_nft_batch_continue(); return 0; } -int mnl_nft_table_delete(struct mnl_socket *nf_sock, struct nft_table *nlt, +int mnl_nft_table_delete(struct mnl_socket *nf_sock, struct nftnl_table *nlt, unsigned int flags) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_DELTABLE, - nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY), + nlh = nftnl_table_nlmsg_build_hdr(buf, NFT_MSG_DELTABLE, + nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY), NLM_F_ACK, seq); - nft_table_nlmsg_build_payload(nlh, nlt); + nftnl_table_nlmsg_build_payload(nlh, nlt); return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, NULL, NULL); } -int mnl_nft_table_batch_del(struct nft_table *nlt, unsigned int flags, +int mnl_nft_table_batch_del(struct nftnl_table *nlt, unsigned int flags, uint32_t seqnum) { struct nlmsghdr *nlh; - nlh = nft_table_nlmsg_build_hdr(nft_batch_buffer(batch), + nlh = nftnl_table_nlmsg_build_hdr(nftnl_batch_buffer(batch), NFT_MSG_DELTABLE, - nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY), + nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY), NLM_F_ACK, seqnum); - nft_table_nlmsg_build_payload(nlh, nlt); - nft_batch_continue(); + nftnl_table_nlmsg_build_payload(nlh, nlt); + mnl_nft_batch_continue(); return 0; } static int table_cb(const struct nlmsghdr *nlh, void *data) { - struct nft_table_list *nlt_list = data; - struct nft_table *t; + struct nftnl_table_list *nlt_list = data; + struct nftnl_table *t; if (check_genid(nlh) < 0) return MNL_CB_ERROR; - t = nft_table_alloc(); + t = nftnl_table_alloc(); if (t == NULL) memory_allocation_error(); - if (nft_table_nlmsg_parse(nlh, t) < 0) + if (nftnl_table_nlmsg_parse(nlh, t) < 0) goto err_free; - nft_table_list_add_tail(t, nlt_list); + nftnl_table_list_add_tail(t, nlt_list); return MNL_CB_OK; err_free: - nft_table_free(t); + nftnl_table_free(t); return MNL_CB_OK; } -struct nft_table_list *mnl_nft_table_dump(struct mnl_socket *nf_sock, int family) +struct nftnl_table_list *mnl_nft_table_dump(struct mnl_socket *nf_sock, int family) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - struct nft_table_list *nlt_list; + struct nftnl_table_list *nlt_list; int ret; - nlt_list = nft_table_list_alloc(); + nlt_list = nftnl_table_list_alloc(); if (nlt_list == NULL) memory_allocation_error(); - nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family, + nlh = nftnl_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family, NLM_F_DUMP, seq); ret = nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, table_cb, nlt_list); @@ -629,28 +629,28 @@ struct nft_table_list *mnl_nft_table_dump(struct mnl_socket *nf_sock, int family return nlt_list; err: - nft_table_list_free(nlt_list); + nftnl_table_list_free(nlt_list); return NULL; } static int table_get_cb(const struct nlmsghdr *nlh, void *data) { - struct nft_table *t = data; + struct nftnl_table *t = data; - nft_table_nlmsg_parse(nlh, t); + nftnl_table_nlmsg_parse(nlh, t); return MNL_CB_OK; } -int mnl_nft_table_get(struct mnl_socket *nf_sock, struct nft_table *nlt, +int mnl_nft_table_get(struct mnl_socket *nf_sock, struct nftnl_table *nlt, unsigned int flags) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, - nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY), + nlh = nftnl_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, + nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY), NLM_F_ACK, seq); - nft_table_nlmsg_build_payload(nlh, nlt); + nftnl_table_nlmsg_build_payload(nlh, nlt); return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, table_get_cb, nlt); } @@ -660,112 +660,112 @@ int mnl_nft_table_get(struct mnl_socket *nf_sock, struct nft_table *nlt, */ static int set_add_cb(const struct nlmsghdr *nlh, void *data) { - nft_set_nlmsg_parse(nlh, data); + nftnl_set_nlmsg_parse(nlh, data); return MNL_CB_OK; } -int mnl_nft_set_add(struct mnl_socket *nf_sock, struct nft_set *nls, +int mnl_nft_set_add(struct mnl_socket *nf_sock, struct nftnl_set *nls, unsigned int flags) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - nlh = nft_set_nlmsg_build_hdr(buf, NFT_MSG_NEWSET, - nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY), + nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_NEWSET, + nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), NLM_F_CREATE | NLM_F_ACK | flags, seq); - nft_set_nlmsg_build_payload(nlh, nls); + nftnl_set_nlmsg_build_payload(nlh, nls); return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, set_add_cb, nls); } -int mnl_nft_set_delete(struct mnl_socket *nf_sock, struct nft_set *nls, +int mnl_nft_set_delete(struct mnl_socket *nf_sock, struct nftnl_set *nls, unsigned int flags) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - nlh = nft_set_nlmsg_build_hdr(buf, NFT_MSG_DELSET, - nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY), + nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_DELSET, + nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), flags|NLM_F_ACK, seq); - nft_set_nlmsg_build_payload(nlh, nls); + nftnl_set_nlmsg_build_payload(nlh, nls); return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, NULL, NULL); } -int mnl_nft_set_batch_add(struct nft_set *nls, unsigned int flags, +int mnl_nft_set_batch_add(struct nftnl_set *nls, unsigned int flags, uint32_t seqnum) { struct nlmsghdr *nlh; - nlh = nft_set_nlmsg_build_hdr(nft_batch_buffer(batch), + nlh = nftnl_set_nlmsg_build_hdr(nftnl_batch_buffer(batch), NFT_MSG_NEWSET, - nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY), + nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), NLM_F_CREATE | flags, seqnum); - nft_set_nlmsg_build_payload(nlh, nls); - nft_batch_continue(); + nftnl_set_nlmsg_build_payload(nlh, nls); + mnl_nft_batch_continue(); return 0; } -int mnl_nft_set_batch_del(struct nft_set *nls, unsigned int flags, +int mnl_nft_set_batch_del(struct nftnl_set *nls, unsigned int flags, uint32_t seqnum) { struct nlmsghdr *nlh; - nlh = nft_set_nlmsg_build_hdr(nft_batch_buffer(batch), + nlh = nftnl_set_nlmsg_build_hdr(nftnl_batch_buffer(batch), NFT_MSG_DELSET, - nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY), + nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), flags, seqnum); - nft_set_nlmsg_build_payload(nlh, nls); - nft_batch_continue(); + nftnl_set_nlmsg_build_payload(nlh, nls); + mnl_nft_batch_continue(); return 0; } static int set_cb(const struct nlmsghdr *nlh, void *data) { - struct nft_set_list *nls_list = data; - struct nft_set *s; + struct nftnl_set_list *nls_list = data; + struct nftnl_set *s; if (check_genid(nlh) < 0) return MNL_CB_ERROR; - s = nft_set_alloc(); + s = nftnl_set_alloc(); if (s == NULL) memory_allocation_error(); - if (nft_set_nlmsg_parse(nlh, s) < 0) + if (nftnl_set_nlmsg_parse(nlh, s) < 0) goto err_free; - nft_set_list_add_tail(s, nls_list); + nftnl_set_list_add_tail(s, nls_list); return MNL_CB_OK; err_free: - nft_set_free(s); + nftnl_set_free(s); return MNL_CB_OK; } -struct nft_set_list * +struct nftnl_set_list * mnl_nft_set_dump(struct mnl_socket *nf_sock, int family, const char *table) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - struct nft_set *s; - struct nft_set_list *nls_list; + struct nftnl_set *s; + struct nftnl_set_list *nls_list; int ret; - s = nft_set_alloc(); + s = nftnl_set_alloc(); if (s == NULL) memory_allocation_error(); - nlh = nft_set_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family, + nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family, NLM_F_DUMP|NLM_F_ACK, seq); if (table != NULL) - nft_set_attr_set(s, NFT_SET_ATTR_TABLE, table); - nft_set_nlmsg_build_payload(nlh, s); - nft_set_free(s); + nftnl_set_set(s, NFTNL_SET_TABLE, table); + nftnl_set_nlmsg_build_payload(nlh, s); + nftnl_set_free(s); - nls_list = nft_set_list_alloc(); + nls_list = nftnl_set_list_alloc(); if (nls_list == NULL) memory_allocation_error(); @@ -775,27 +775,27 @@ mnl_nft_set_dump(struct mnl_socket *nf_sock, int family, const char *table) return nls_list; err: - nft_set_list_free(nls_list); + nftnl_set_list_free(nls_list); return NULL; } static int set_get_cb(const struct nlmsghdr *nlh, void *data) { - struct nft_set *s = data; + struct nftnl_set *s = data; - nft_set_nlmsg_parse(nlh, s); + nftnl_set_nlmsg_parse(nlh, s); return MNL_CB_OK; } -int mnl_nft_set_get(struct mnl_socket *nf_sock, struct nft_set *nls) +int mnl_nft_set_get(struct mnl_socket *nf_sock, struct nftnl_set *nls) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - nlh = nft_set_nlmsg_build_hdr(buf, NFT_MSG_GETSET, - nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY), + nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSET, + nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), NLM_F_ACK, seq); - nft_set_nlmsg_build_payload(nlh, nls); + nftnl_set_nlmsg_build_payload(nlh, nls); return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, set_get_cb, nls); } @@ -803,41 +803,41 @@ int mnl_nft_set_get(struct mnl_socket *nf_sock, struct nft_set *nls) /* * Set elements */ -int mnl_nft_setelem_add(struct mnl_socket *nf_sock, struct nft_set *nls, +int mnl_nft_setelem_add(struct mnl_socket *nf_sock, struct nftnl_set *nls, unsigned int flags) { char buf[NFT_NLMSG_MAXSIZE]; struct nlmsghdr *nlh; - struct nft_set_elems_iter *iter; + struct nftnl_set_elems_iter *iter; int ret, err; - iter = nft_set_elems_iter_create(nls); + iter = nftnl_set_elems_iter_create(nls); if (iter == NULL) memory_allocation_error(); do { - nlh = nft_set_elem_nlmsg_build_hdr(buf, NFT_MSG_NEWSETELEM, - nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY), + nlh = nftnl_set_elem_nlmsg_build_hdr(buf, NFT_MSG_NEWSETELEM, + nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), NLM_F_CREATE | NLM_F_ACK | flags, seq); - ret = nft_set_elems_nlmsg_build_payload_iter(nlh, iter); + ret = nftnl_set_elems_nlmsg_build_payload_iter(nlh, iter); err = nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, NULL, NULL); } while (ret > 0 && err >= 0); - nft_set_elems_iter_destroy(iter); + nftnl_set_elems_iter_destroy(iter); return err; } -int mnl_nft_setelem_delete(struct mnl_socket *nf_sock, struct nft_set *nls, +int mnl_nft_setelem_delete(struct mnl_socket *nf_sock, struct nftnl_set *nls, unsigned int flags) { char buf[NFT_NLMSG_MAXSIZE]; struct nlmsghdr *nlh; - nlh = nft_set_elem_nlmsg_build_hdr(buf, NFT_MSG_DELSETELEM, - nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY), + nlh = nftnl_set_elem_nlmsg_build_hdr(buf, NFT_MSG_DELSETELEM, + nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), NLM_F_ACK, seq); - nft_set_elems_nlmsg_build_payload(nlh, nls); + nftnl_set_elems_nlmsg_build_payload(nlh, nls); return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, NULL, NULL); } @@ -847,59 +847,59 @@ static int set_elem_cb(const struct nlmsghdr *nlh, void *data) if (check_genid(nlh) < 0) return MNL_CB_ERROR; - nft_set_elems_nlmsg_parse(nlh, data); + nftnl_set_elems_nlmsg_parse(nlh, data); return MNL_CB_OK; } -int mnl_nft_setelem_batch_add(struct nft_set *nls, unsigned int flags, +int mnl_nft_setelem_batch_add(struct nftnl_set *nls, unsigned int flags, uint32_t seqnum) { struct nlmsghdr *nlh; - struct nft_set_elems_iter *iter; + struct nftnl_set_elems_iter *iter; int ret; - iter = nft_set_elems_iter_create(nls); + iter = nftnl_set_elems_iter_create(nls); if (iter == NULL) memory_allocation_error(); do { - nlh = nft_set_elem_nlmsg_build_hdr(nft_batch_buffer(batch), + nlh = nftnl_set_elem_nlmsg_build_hdr(nftnl_batch_buffer(batch), NFT_MSG_NEWSETELEM, - nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY), + nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), NLM_F_CREATE | flags, seqnum); - ret = nft_set_elems_nlmsg_build_payload_iter(nlh, iter); - nft_batch_continue(); + ret = nftnl_set_elems_nlmsg_build_payload_iter(nlh, iter); + mnl_nft_batch_continue(); } while (ret > 0); - nft_set_elems_iter_destroy(iter); + nftnl_set_elems_iter_destroy(iter); return 0; } -int mnl_nft_setelem_batch_del(struct nft_set *nls, unsigned int flags, +int mnl_nft_setelem_batch_del(struct nftnl_set *nls, unsigned int flags, uint32_t seqnum) { struct nlmsghdr *nlh; - nlh = nft_set_elem_nlmsg_build_hdr(nft_batch_buffer(batch), + nlh = nftnl_set_elem_nlmsg_build_hdr(nftnl_batch_buffer(batch), NFT_MSG_DELSETELEM, - nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY), + nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), 0, seqnum); - nft_set_elems_nlmsg_build_payload(nlh, nls); - nft_batch_continue(); + nftnl_set_elems_nlmsg_build_payload(nlh, nls); + mnl_nft_batch_continue(); return 0; } -int mnl_nft_setelem_get(struct mnl_socket *nf_sock, struct nft_set *nls) +int mnl_nft_setelem_get(struct mnl_socket *nf_sock, struct nftnl_set *nls) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - nlh = nft_set_elem_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, - nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY), + nlh = nftnl_set_elem_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, + nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), NLM_F_DUMP|NLM_F_ACK, seq); - nft_set_nlmsg_build_payload(nlh, nls); + nftnl_set_nlmsg_build_payload(nlh, nls); return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, set_elem_cb, nls); } @@ -907,19 +907,19 @@ int mnl_nft_setelem_get(struct mnl_socket *nf_sock, struct nft_set *nls) /* * ruleset */ -struct nft_ruleset *mnl_nft_ruleset_dump(struct mnl_socket *nf_sock, +struct nftnl_ruleset *mnl_nft_ruleset_dump(struct mnl_socket *nf_sock, uint32_t family) { - struct nft_ruleset *rs; - struct nft_table_list *t; - struct nft_chain_list *c; - struct nft_set_list *sl; - struct nft_set_list_iter *i; - struct nft_set *s; - struct nft_rule_list *r; + struct nftnl_ruleset *rs; + struct nftnl_table_list *t; + struct nftnl_chain_list *c; + struct nftnl_set_list *sl; + struct nftnl_set_list_iter *i; + struct nftnl_set *s; + struct nftnl_rule_list *r; int ret = 0; - rs = nft_ruleset_alloc(); + rs = nftnl_ruleset_alloc(); if (rs == NULL) memory_allocation_error(); @@ -927,40 +927,40 @@ struct nft_ruleset *mnl_nft_ruleset_dump(struct mnl_socket *nf_sock, if (t == NULL) goto err; - nft_ruleset_attr_set(rs, NFT_RULESET_ATTR_TABLELIST, t); + nftnl_ruleset_set(rs, NFTNL_RULESET_TABLELIST, t); c = mnl_nft_chain_dump(nf_sock, family); if (c == NULL) goto err; - nft_ruleset_attr_set(rs, NFT_RULESET_ATTR_CHAINLIST, c); + nftnl_ruleset_set(rs, NFTNL_RULESET_CHAINLIST, c); sl = mnl_nft_set_dump(nf_sock, family, NULL); if (sl == NULL) goto err; - i = nft_set_list_iter_create(sl); - s = nft_set_list_iter_next(i); + i = nftnl_set_list_iter_create(sl); + s = nftnl_set_list_iter_next(i); while (s != NULL) { ret = mnl_nft_setelem_get(nf_sock, s); if (ret < 0) goto err; - s = nft_set_list_iter_next(i); + s = nftnl_set_list_iter_next(i); } - nft_set_list_iter_destroy(i); + nftnl_set_list_iter_destroy(i); - nft_ruleset_attr_set(rs, NFT_RULESET_ATTR_SETLIST, sl); + nftnl_ruleset_set(rs, NFTNL_RULESET_SETLIST, sl); r = mnl_nft_rule_dump(nf_sock, family); if (r == NULL) goto err; - nft_ruleset_attr_set(rs, NFT_RULESET_ATTR_RULELIST, r); + nftnl_ruleset_set(rs, NFTNL_RULESET_RULELIST, r); return rs; err: - nft_ruleset_free(rs); + nftnl_ruleset_free(rs); return NULL; } @@ -1037,7 +1037,7 @@ bool mnl_batch_supported(struct mnl_socket *nf_sock) seq++); mnl_nlmsg_batch_next(b); - nft_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(b), + nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(b), NFT_MSG_NEWSET, AF_INET, NLM_F_ACK, seq++); mnl_nlmsg_batch_next(b); diff --git a/src/netlink.c b/src/netlink.c index 4371c0a1..ad1f16df 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -118,98 +118,98 @@ void __noreturn __netlink_init_error(const char *filename, int line, exit(NFT_EXIT_NONL); } -struct nft_table *alloc_nft_table(const struct handle *h) +struct nftnl_table *alloc_nftnl_table(const struct handle *h) { - struct nft_table *nlt; + struct nftnl_table *nlt; - nlt = nft_table_alloc(); + nlt = nftnl_table_alloc(); if (nlt == NULL) memory_allocation_error(); - nft_table_attr_set_u32(nlt, NFT_TABLE_ATTR_FAMILY, h->family); + nftnl_table_set_u32(nlt, NFTNL_TABLE_FAMILY, h->family); if (h->table != NULL) - nft_table_attr_set(nlt, NFT_TABLE_ATTR_NAME, h->table); + nftnl_table_set(nlt, NFTNL_TABLE_NAME, h->table); return nlt; } -struct nft_chain *alloc_nft_chain(const struct handle *h) +struct nftnl_chain *alloc_nftnl_chain(const struct handle *h) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; - nlc = nft_chain_alloc(); + nlc = nftnl_chain_alloc(); if (nlc == NULL) memory_allocation_error(); - nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_FAMILY, h->family); - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_TABLE, h->table); + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, h->family); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, h->table); if (h->handle != 0) - nft_chain_attr_set_u64(nlc, NFT_CHAIN_ATTR_HANDLE, h->handle); + nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE, h->handle); if (h->chain != NULL) - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_NAME, h->chain); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, h->chain); return nlc; } -struct nft_rule *alloc_nft_rule(const struct handle *h) +struct nftnl_rule *alloc_nftnl_rule(const struct handle *h) { - struct nft_rule *nlr; + struct nftnl_rule *nlr; - nlr = nft_rule_alloc(); + nlr = nftnl_rule_alloc(); if (nlr == NULL) memory_allocation_error(); - nft_rule_attr_set_u32(nlr, NFT_RULE_ATTR_FAMILY, h->family); - nft_rule_attr_set_str(nlr, NFT_RULE_ATTR_TABLE, h->table); + nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family); + nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table); if (h->chain != NULL) - nft_rule_attr_set_str(nlr, NFT_RULE_ATTR_CHAIN, h->chain); + nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain); if (h->handle) - nft_rule_attr_set_u64(nlr, NFT_RULE_ATTR_HANDLE, h->handle); + nftnl_rule_set_u64(nlr, NFTNL_RULE_HANDLE, h->handle); if (h->position) - nft_rule_attr_set_u64(nlr, NFT_RULE_ATTR_POSITION, h->position); + nftnl_rule_set_u64(nlr, NFTNL_RULE_POSITION, h->position); if (h->comment) - nft_rule_attr_set_data(nlr, NFT_RULE_ATTR_USERDATA, + nftnl_rule_set_data(nlr, NFTNL_RULE_USERDATA, h->comment, strlen(h->comment) + 1); return nlr; } -struct nft_rule_expr *alloc_nft_expr(const char *name) +struct nftnl_expr *alloc_nft_expr(const char *name) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; - nle = nft_rule_expr_alloc(name); + nle = nftnl_expr_alloc(name); if (nle == NULL) memory_allocation_error(); return nle; } -struct nft_set *alloc_nft_set(const struct handle *h) +struct nftnl_set *alloc_nftnl_set(const struct handle *h) { - struct nft_set *nls; + struct nftnl_set *nls; - nls = nft_set_alloc(); + nls = nftnl_set_alloc(); if (nls == NULL) memory_allocation_error(); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_FAMILY, h->family); - nft_set_attr_set_str(nls, NFT_SET_ATTR_TABLE, h->table); + nftnl_set_set_u32(nls, NFTNL_SET_FAMILY, h->family); + nftnl_set_set_str(nls, NFTNL_SET_TABLE, h->table); if (h->set != NULL) - nft_set_attr_set_str(nls, NFT_SET_ATTR_NAME, h->set); + nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set); if (h->set_id) - nft_set_attr_set_u32(nls, NFT_SET_ATTR_ID, h->set_id); + nftnl_set_set_u32(nls, NFTNL_SET_ID, h->set_id); return nls; } -static struct nft_set_elem *alloc_nft_setelem(const struct expr *expr) +static struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *expr) { const struct expr *elem, *key, *data; - struct nft_set_elem *nlse; + struct nftnl_set_elem *nlse; struct nft_data_linearize nld; - nlse = nft_set_elem_alloc(); + nlse = nftnl_set_elem_alloc(); if (nlse == NULL) memory_allocation_error(); @@ -224,26 +224,26 @@ static struct nft_set_elem *alloc_nft_setelem(const struct expr *expr) key = elem->key; netlink_gen_data(key, &nld); - nft_set_elem_attr_set(nlse, NFT_SET_ELEM_ATTR_KEY, &nld.value, nld.len); + nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_KEY, &nld.value, nld.len); if (elem->timeout) - nft_set_elem_attr_set_u64(nlse, NFT_SET_ELEM_ATTR_TIMEOUT, + nftnl_set_elem_set_u64(nlse, NFTNL_SET_ELEM_TIMEOUT, elem->timeout); if (elem->comment) - nft_set_elem_attr_set(nlse, NFT_SET_ELEM_ATTR_USERDATA, + nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_USERDATA, elem->comment, strlen(elem->comment) + 1); if (data != NULL) { netlink_gen_data(data, &nld); switch (data->ops->type) { case EXPR_VERDICT: - nft_set_elem_attr_set_u32(nlse, NFT_SET_ELEM_ATTR_VERDICT, + nftnl_set_elem_set_u32(nlse, NFTNL_SET_ELEM_VERDICT, data->verdict); if (data->chain != NULL) - nft_set_elem_attr_set(nlse, NFT_SET_ELEM_ATTR_CHAIN, + nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_CHAIN, nld.chain, strlen(nld.chain)); break; case EXPR_VALUE: - nft_set_elem_attr_set(nlse, NFT_SET_ELEM_ATTR_DATA, + nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_DATA, nld.value, nld.len); break; default: @@ -253,7 +253,7 @@ static struct nft_set_elem *alloc_nft_setelem(const struct expr *expr) } if (expr->flags & EXPR_F_INTERVAL_END) - nft_set_elem_attr_set_u32(nlse, NFT_SET_ELEM_ATTR_FLAGS, + nftnl_set_elem_set_u32(nlse, NFTNL_SET_ELEM_FLAGS, NFT_SET_ELEM_INTERVAL_END); return nlse; @@ -368,13 +368,13 @@ int netlink_add_rule_batch(struct netlink_ctx *ctx, const struct handle *h, const struct rule *rule, uint32_t flags) { - struct nft_rule *nlr; + struct nftnl_rule *nlr; int err; - nlr = alloc_nft_rule(&rule->handle); + nlr = alloc_nftnl_rule(&rule->handle); netlink_linearize_rule(ctx, nlr, rule); err = mnl_nft_rule_batch_add(nlr, flags | NLM_F_EXCL, ctx->seqnum); - nft_rule_free(nlr); + nftnl_rule_free(nlr); if (err < 0) netlink_io_error(ctx, &rule->location, "Could not add rule to batch: %s", @@ -398,12 +398,12 @@ int netlink_add_rule_list(struct netlink_ctx *ctx, const struct handle *h, int netlink_del_rule_batch(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_rule *nlr; + struct nftnl_rule *nlr; int err; - nlr = alloc_nft_rule(h); + nlr = alloc_nftnl_rule(h); err = mnl_nft_rule_batch_del(nlr, 0, ctx->seqnum); - nft_rule_free(nlr); + nftnl_rule_free(nlr); if (err < 0) netlink_io_error(ctx, loc, "Could not delete rule to batch: %s", @@ -411,7 +411,7 @@ int netlink_del_rule_batch(struct netlink_ctx *ctx, const struct handle *h, return err; } -void netlink_dump_rule(struct nft_rule *nlr) +void netlink_dump_rule(struct nftnl_rule *nlr) { #ifdef DEBUG char buf[4096]; @@ -419,12 +419,12 @@ void netlink_dump_rule(struct nft_rule *nlr) if (!(debug_level & DEBUG_NETLINK)) return; - nft_rule_snprintf(buf, sizeof(buf), nlr, 0, 0); + nftnl_rule_snprintf(buf, sizeof(buf), nlr, 0, 0); fprintf(stdout, "%s\n", buf); #endif } -void netlink_dump_expr(struct nft_rule_expr *nle) +void netlink_dump_expr(struct nftnl_expr *nle) { #ifdef DEBUG char buf[4096]; @@ -432,12 +432,12 @@ void netlink_dump_expr(struct nft_rule_expr *nle) if (!(debug_level & DEBUG_NETLINK)) return; - nft_rule_expr_snprintf(buf, sizeof(buf), nle, 0, 0); + nftnl_expr_snprintf(buf, sizeof(buf), nle, 0, 0); fprintf(stdout, "%s\n", buf); #endif } -static int list_rule_cb(struct nft_rule *nlr, void *arg) +static int list_rule_cb(struct nftnl_rule *nlr, void *arg) { struct netlink_ctx *ctx = arg; const struct handle *h = ctx->data; @@ -445,9 +445,9 @@ static int list_rule_cb(struct nft_rule *nlr, void *arg) const char *table, *chain; uint32_t family; - family = nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY); - table = nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_TABLE); - chain = nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_CHAIN); + family = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY); + table = nftnl_rule_get_str(nlr, NFTNL_RULE_TABLE); + chain = nftnl_rule_get_str(nlr, NFTNL_RULE_CHAIN); if (h->family != family || strcmp(table, h->table) != 0 || @@ -464,7 +464,7 @@ static int list_rule_cb(struct nft_rule *nlr, void *arg) static int netlink_list_rules(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_rule_list *rule_cache; + struct nftnl_rule_list *rule_cache; rule_cache = mnl_nft_rule_dump(nf_sock, h->family); if (rule_cache == NULL) { @@ -477,8 +477,8 @@ static int netlink_list_rules(struct netlink_ctx *ctx, const struct handle *h, } ctx->data = h; - nft_rule_list_foreach(rule_cache, list_rule_cb, ctx); - nft_rule_list_free(rule_cache); + nftnl_rule_list_foreach(rule_cache, list_rule_cb, ctx); + nftnl_rule_list_free(rule_cache); return 0; } @@ -488,7 +488,7 @@ static int netlink_flush_rules(struct netlink_ctx *ctx, const struct handle *h, return netlink_del_rule_batch(ctx, h, loc); } -void netlink_dump_chain(struct nft_chain *nlc) +void netlink_dump_chain(struct nftnl_chain *nlc) { #ifdef DEBUG char buf[4096]; @@ -496,7 +496,7 @@ void netlink_dump_chain(struct nft_chain *nlc) if (!(debug_level & DEBUG_NETLINK)) return; - nft_chain_snprintf(buf, sizeof(buf), nlc, 0, 0); + nftnl_chain_snprintf(buf, sizeof(buf), nlc, 0, 0); fprintf(stdout, "%s\n", buf); #endif } @@ -506,27 +506,27 @@ static int netlink_add_chain_compat(struct netlink_ctx *ctx, const struct location *loc, const struct chain *chain, bool excl) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; int err; - nlc = alloc_nft_chain(h); + nlc = alloc_nftnl_chain(h); if (chain != NULL) { if (chain->flags & CHAIN_F_BASECHAIN) { - nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_HOOKNUM, + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM, chain->hooknum); - nft_chain_attr_set_s32(nlc, NFT_CHAIN_ATTR_PRIO, + nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO, chain->priority); - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_TYPE, + nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE, chain->type); } if (chain->policy != -1) - nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_POLICY, + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY, chain->policy); } netlink_dump_chain(nlc); err = mnl_nft_chain_add(nf_sock, nlc, excl ? NLM_F_EXCL : 0); - nft_chain_free(nlc); + nftnl_chain_free(nlc); if (err < 0) netlink_io_error(ctx, loc, "Could not add chain: %s", @@ -539,31 +539,31 @@ static int netlink_add_chain_batch(struct netlink_ctx *ctx, const struct location *loc, const struct chain *chain, bool excl) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; int err; - nlc = alloc_nft_chain(h); + nlc = alloc_nftnl_chain(h); if (chain != NULL) { if (chain->flags & CHAIN_F_BASECHAIN) { - nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_HOOKNUM, + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM, chain->hooknum); - nft_chain_attr_set_s32(nlc, NFT_CHAIN_ATTR_PRIO, + nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO, chain->priority); - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_TYPE, + nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE, chain->type); } if (chain->policy != -1) - nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_POLICY, + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY, chain->policy); if (chain->dev != NULL) - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_DEV, + nftnl_chain_set_str(nlc, NFTNL_CHAIN_DEV, chain->dev); } netlink_dump_chain(nlc); err = mnl_nft_chain_batch_add(nlc, excl ? NLM_F_EXCL : 0, ctx->seqnum); - nft_chain_free(nlc); + nftnl_chain_free(nlc); if (err < 0) netlink_io_error(ctx, loc, "Could not add chain: %s", @@ -586,14 +586,14 @@ static int netlink_rename_chain_compat(struct netlink_ctx *ctx, const struct location *loc, const char *name) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; int err; - nlc = alloc_nft_chain(h); - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_NAME, name); + nlc = alloc_nftnl_chain(h); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, name); netlink_dump_chain(nlc); err = mnl_nft_chain_add(nf_sock, nlc, 0); - nft_chain_free(nlc); + nftnl_chain_free(nlc); if (err < 0) netlink_io_error(ctx, loc, "Could not rename chain: %s", @@ -606,14 +606,14 @@ static int netlink_rename_chain_batch(struct netlink_ctx *ctx, const struct location *loc, const char *name) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; int err; - nlc = alloc_nft_chain(h); - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_NAME, name); + nlc = alloc_nftnl_chain(h); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, name); netlink_dump_chain(nlc); err = mnl_nft_chain_batch_add(nlc, 0, ctx->seqnum); - nft_chain_free(nlc); + nftnl_chain_free(nlc); if (err < 0) netlink_io_error(ctx, loc, "Could not rename chain: %s", @@ -634,13 +634,13 @@ static int netlink_del_chain_compat(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; int err; - nlc = alloc_nft_chain(h); + nlc = alloc_nftnl_chain(h); netlink_dump_chain(nlc); err = mnl_nft_chain_delete(nf_sock, nlc, 0); - nft_chain_free(nlc); + nftnl_chain_free(nlc); if (err < 0) netlink_io_error(ctx, loc, "Could not delete chain: %s", @@ -652,13 +652,13 @@ static int netlink_del_chain_batch(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; int err; - nlc = alloc_nft_chain(h); + nlc = alloc_nftnl_chain(h); netlink_dump_chain(nlc); err = mnl_nft_chain_batch_del(nlc, 0, ctx->seqnum); - nft_chain_free(nlc); + nftnl_chain_free(nlc); if (err < 0) netlink_io_error(ctx, loc, "Could not delete chain: %s", @@ -676,35 +676,35 @@ int netlink_delete_chain(struct netlink_ctx *ctx, const struct handle *h, } static struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx, - struct nft_chain *nlc) + struct nftnl_chain *nlc) { struct chain *chain; - chain = chain_alloc(nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_NAME)); + chain = chain_alloc(nftnl_chain_get_str(nlc, NFTNL_CHAIN_NAME)); chain->handle.family = - nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_FAMILY); + nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY); chain->handle.table = - xstrdup(nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_TABLE)); + xstrdup(nftnl_chain_get_str(nlc, NFTNL_CHAIN_TABLE)); chain->handle.handle = - nft_chain_attr_get_u64(nlc, NFT_CHAIN_ATTR_HANDLE); + nftnl_chain_get_u64(nlc, NFTNL_CHAIN_HANDLE); - if (nft_chain_attr_is_set(nlc, NFT_CHAIN_ATTR_HOOKNUM) && - nft_chain_attr_is_set(nlc, NFT_CHAIN_ATTR_PRIO) && - nft_chain_attr_is_set(nlc, NFT_CHAIN_ATTR_TYPE) && - nft_chain_attr_is_set(nlc, NFT_CHAIN_ATTR_POLICY)) { + if (nftnl_chain_is_set(nlc, NFTNL_CHAIN_HOOKNUM) && + nftnl_chain_is_set(nlc, NFTNL_CHAIN_PRIO) && + nftnl_chain_is_set(nlc, NFTNL_CHAIN_TYPE) && + nftnl_chain_is_set(nlc, NFTNL_CHAIN_POLICY)) { chain->hooknum = - nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_HOOKNUM); + nftnl_chain_get_u32(nlc, NFTNL_CHAIN_HOOKNUM); chain->hookstr = hooknum2str(chain->handle.family, chain->hooknum); chain->priority = - nft_chain_attr_get_s32(nlc, NFT_CHAIN_ATTR_PRIO); + nftnl_chain_get_s32(nlc, NFTNL_CHAIN_PRIO); chain->type = - xstrdup(nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_TYPE)); + xstrdup(nftnl_chain_get_str(nlc, NFTNL_CHAIN_TYPE)); chain->policy = - nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_POLICY); - if (nft_chain_attr_is_set(nlc, NFT_CHAIN_ATTR_DEV)) { + nftnl_chain_get_u32(nlc, NFTNL_CHAIN_POLICY); + if (nftnl_chain_is_set(nlc, NFTNL_CHAIN_DEV)) { chain->dev = - xstrdup(nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_DEV)); + xstrdup(nftnl_chain_get_str(nlc, NFTNL_CHAIN_DEV)); } chain->flags |= CHAIN_F_BASECHAIN; } @@ -712,7 +712,7 @@ static struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx, return chain; } -static int list_chain_cb(struct nft_chain *nlc, void *arg) +static int list_chain_cb(struct nftnl_chain *nlc, void *arg) { struct netlink_ctx *ctx = arg; const struct handle *h = ctx->data; @@ -721,9 +721,9 @@ static int list_chain_cb(struct nft_chain *nlc, void *arg) struct chain *chain; uint32_t family; - table = nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_TABLE); - name = nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_NAME); - family = nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_FAMILY); + table = nftnl_chain_get_str(nlc, NFTNL_CHAIN_TABLE); + name = nftnl_chain_get_str(nlc, NFTNL_CHAIN_NAME); + family = nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY); if (h->family != family || strcmp(table, h->table) != 0) return 0; @@ -739,7 +739,7 @@ static int list_chain_cb(struct nft_chain *nlc, void *arg) int netlink_list_chains(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_chain_list *chain_cache; + struct nftnl_chain_list *chain_cache; struct chain *chain; chain_cache = mnl_nft_chain_dump(nf_sock, h->family); @@ -753,8 +753,8 @@ int netlink_list_chains(struct netlink_ctx *ctx, const struct handle *h, } ctx->data = h; - nft_chain_list_foreach(chain_cache, list_chain_cb, ctx); - nft_chain_list_free(chain_cache); + nftnl_chain_list_foreach(chain_cache, list_chain_cb, ctx); + nftnl_chain_list_free(chain_cache); /* Caller wants all existing chains */ if (h->chain == NULL) @@ -775,11 +775,11 @@ int netlink_list_chains(struct netlink_ctx *ctx, const struct handle *h, int netlink_get_chain(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; struct chain *chain; int err; - nlc = alloc_nft_chain(h); + nlc = alloc_nftnl_chain(h); err = mnl_nft_chain_get(nf_sock, nlc, 0); if (err < 0) { netlink_io_error(ctx, loc, @@ -791,7 +791,7 @@ int netlink_get_chain(struct netlink_ctx *ctx, const struct handle *h, chain = netlink_delinearize_chain(ctx, nlc); list_add_tail(&chain->list, &ctx->list); out: - nft_chain_free(nlc); + nftnl_chain_free(nlc); return err; } @@ -812,12 +812,12 @@ static int netlink_add_table_compat(struct netlink_ctx *ctx, const struct location *loc, const struct table *table, bool excl) { - struct nft_table *nlt; + struct nftnl_table *nlt; int err; - nlt = alloc_nft_table(h); + nlt = alloc_nftnl_table(h); err = mnl_nft_table_add(nf_sock, nlt, excl ? NLM_F_EXCL : 0); - nft_table_free(nlt); + nftnl_table_free(nlt); if (err < 0) netlink_io_error(ctx, loc, "Could not add table: %s", @@ -830,18 +830,18 @@ static int netlink_add_table_batch(struct netlink_ctx *ctx, const struct location *loc, const struct table *table, bool excl) { - struct nft_table *nlt; + struct nftnl_table *nlt; int err; - nlt = alloc_nft_table(h); + nlt = alloc_nftnl_table(h); if (table != NULL) - nft_table_attr_set_u32(nlt, NFT_TABLE_ATTR_FLAGS, table->flags); + nftnl_table_set_u32(nlt, NFTNL_TABLE_FLAGS, table->flags); else - nft_table_attr_set_u32(nlt, NFT_TABLE_ATTR_FLAGS, 0); + nftnl_table_set_u32(nlt, NFTNL_TABLE_FLAGS, 0); err = mnl_nft_table_batch_add(nlt, excl ? NLM_F_EXCL : 0, ctx->seqnum); - nft_table_free(nlt); + nftnl_table_free(nlt); if (err < 0) netlink_io_error(ctx, loc, "Could not add table: %s", @@ -863,12 +863,12 @@ static int netlink_del_table_compat(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_table *nlt; + struct nftnl_table *nlt; int err; - nlt = alloc_nft_table(h); + nlt = alloc_nftnl_table(h); err = mnl_nft_table_delete(nf_sock, nlt, 0); - nft_table_free(nlt); + nftnl_table_free(nlt); if (err < 0) netlink_io_error(ctx, loc, "Could not delete table: %s", @@ -880,12 +880,12 @@ static int netlink_del_table_batch(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_table *nlt; + struct nftnl_table *nlt; int err; - nlt = alloc_nft_table(h); + nlt = alloc_nftnl_table(h); err = mnl_nft_table_batch_del(nlt, 0, ctx->seqnum); - nft_table_free(nlt); + nftnl_table_free(nlt); if (err < 0) netlink_io_error(ctx, loc, "Could not delete table: %s", @@ -902,7 +902,7 @@ int netlink_delete_table(struct netlink_ctx *ctx, const struct handle *h, return netlink_del_table_compat(ctx, h, loc); } -void netlink_dump_table(struct nft_table *nlt) +void netlink_dump_table(struct nftnl_table *nlt) { #ifdef DEBUG char buf[4096]; @@ -910,28 +910,28 @@ void netlink_dump_table(struct nft_table *nlt) if (!(debug_level & DEBUG_NETLINK)) return; - nft_table_snprintf(buf, sizeof(buf), nlt, 0, 0); + nftnl_table_snprintf(buf, sizeof(buf), nlt, 0, 0); fprintf(stdout, "%s\n", buf); #endif } static struct table *netlink_delinearize_table(struct netlink_ctx *ctx, - struct nft_table *nlt) + struct nftnl_table *nlt) { struct table *table; table = table_alloc(); table->handle.family = - nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY); + nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY); table->handle.table = - xstrdup(nft_table_attr_get_str(nlt, NFT_TABLE_ATTR_NAME)); + xstrdup(nftnl_table_get_str(nlt, NFTNL_TABLE_NAME)); table->flags = - nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FLAGS); + nftnl_table_get_u32(nlt, NFTNL_TABLE_FLAGS); return table; } -static int list_table_cb(struct nft_table *nlt, void *arg) +static int list_table_cb(struct nftnl_table *nlt, void *arg) { struct netlink_ctx *ctx = arg; struct table *table; @@ -945,7 +945,7 @@ static int list_table_cb(struct nft_table *nlt, void *arg) int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_table_list *table_cache; + struct nftnl_table_list *table_cache; table_cache = mnl_nft_table_dump(nf_sock, h->family); if (table_cache == NULL) { @@ -957,19 +957,19 @@ int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h, strerror(errno)); } - nft_table_list_foreach(table_cache, list_table_cb, ctx); - nft_table_list_free(table_cache); + nftnl_table_list_foreach(table_cache, list_table_cb, ctx); + nftnl_table_list_free(table_cache); return 0; } int netlink_get_table(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc, struct table *table) { - struct nft_table *nlt; + struct nftnl_table *nlt; struct table *ntable; int err; - nlt = alloc_nft_table(h); + nlt = alloc_nftnl_table(h); err = mnl_nft_table_get(nf_sock, nlt, 0); if (err < 0) { netlink_io_error(ctx, loc, @@ -982,7 +982,7 @@ int netlink_get_table(struct netlink_ctx *ctx, const struct handle *h, table->flags = ntable->flags; table_free(ntable); out: - nft_table_free(nlt); + nftnl_table_free(nlt); return err; } @@ -1020,7 +1020,7 @@ static const struct datatype *dtype_map_from_kernel(enum nft_data_types type) } } -void netlink_dump_set(struct nft_set *nls) +void netlink_dump_set(struct nftnl_set *nls) { #ifdef DEBUG char buf[4096]; @@ -1028,19 +1028,19 @@ void netlink_dump_set(struct nft_set *nls) if (!(debug_level & DEBUG_NETLINK)) return; - nft_set_snprintf(buf, sizeof(buf), nls, 0, 0); + nftnl_set_snprintf(buf, sizeof(buf), nls, 0, 0); fprintf(stdout, "%s\n", buf); #endif } static struct set *netlink_delinearize_set(struct netlink_ctx *ctx, - struct nft_set *nls) + struct nftnl_set *nls) { struct set *set; const struct datatype *keytype, *datatype; uint32_t flags, key, data, data_len; - key = nft_set_attr_get_u32(nls, NFT_SET_ATTR_KEY_TYPE); + key = nftnl_set_get_u32(nls, NFTNL_SET_KEY_TYPE); keytype = dtype_map_from_kernel(key); if (keytype == NULL) { netlink_io_error(ctx, NULL, "Unknown data type in set key %u", @@ -1048,9 +1048,9 @@ static struct set *netlink_delinearize_set(struct netlink_ctx *ctx, return NULL; } - flags = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FLAGS); + flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS); if (flags & NFT_SET_MAP) { - data = nft_set_attr_get_u32(nls, NFT_SET_ATTR_DATA_TYPE); + data = nftnl_set_get_u32(nls, NFTNL_SET_DATA_TYPE); datatype = dtype_map_from_kernel(data); if (datatype == NULL) { netlink_io_error(ctx, NULL, @@ -1062,35 +1062,35 @@ static struct set *netlink_delinearize_set(struct netlink_ctx *ctx, datatype = NULL; set = set_alloc(&netlink_location); - set->handle.family = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY); + set->handle.family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY); set->handle.table = - xstrdup(nft_set_attr_get_str(nls, NFT_SET_ATTR_TABLE)); + xstrdup(nftnl_set_get_str(nls, NFTNL_SET_TABLE)); set->handle.set = - xstrdup(nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME)); + xstrdup(nftnl_set_get_str(nls, NFTNL_SET_NAME)); set->keytype = keytype; set->keylen = - nft_set_attr_get_u32(nls, NFT_SET_ATTR_KEY_LEN) * BITS_PER_BYTE; + nftnl_set_get_u32(nls, NFTNL_SET_KEY_LEN) * BITS_PER_BYTE; - set->flags = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FLAGS); + set->flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS); set->datatype = datatype; - if (nft_set_attr_is_set(nls, NFT_SET_ATTR_DATA_LEN)) { - data_len = nft_set_attr_get_u32(nls, NFT_SET_ATTR_DATA_LEN); + if (nftnl_set_is_set(nls, NFTNL_SET_DATA_LEN)) { + data_len = nftnl_set_get_u32(nls, NFTNL_SET_DATA_LEN); set->datalen = data_len * BITS_PER_BYTE; } - if (nft_set_attr_is_set(nls, NFT_SET_ATTR_TIMEOUT)) - set->timeout = nft_set_attr_get_u64(nls, NFT_SET_ATTR_TIMEOUT); - if (nft_set_attr_is_set(nls, NFT_SET_ATTR_GC_INTERVAL)) - set->gc_int = nft_set_attr_get_u32(nls, NFT_SET_ATTR_GC_INTERVAL); + if (nftnl_set_is_set(nls, NFTNL_SET_TIMEOUT)) + set->timeout = nftnl_set_get_u64(nls, NFTNL_SET_TIMEOUT); + if (nftnl_set_is_set(nls, NFTNL_SET_GC_INTERVAL)) + set->gc_int = nftnl_set_get_u32(nls, NFTNL_SET_GC_INTERVAL); - if (nft_set_attr_is_set(nls, NFT_SET_ATTR_POLICY)) - set->policy = nft_set_attr_get_u32(nls, NFT_SET_ATTR_POLICY); + if (nftnl_set_is_set(nls, NFTNL_SET_POLICY)) + set->policy = nftnl_set_get_u32(nls, NFTNL_SET_POLICY); - if (nft_set_attr_is_set(nls, NFT_SET_ATTR_DESC_SIZE)) - set->desc.size = nft_set_attr_get_u32(nls, - NFT_SET_ATTR_DESC_SIZE); + if (nftnl_set_is_set(nls, NFTNL_SET_DESC_SIZE)) + set->desc.size = nftnl_set_get_u32(nls, + NFTNL_SET_DESC_SIZE); return set; } @@ -1098,19 +1098,19 @@ static struct set *netlink_delinearize_set(struct netlink_ctx *ctx, static int netlink_add_set_compat(struct netlink_ctx *ctx, const struct handle *h, struct set *set) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_FLAGS, set->flags); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_TYPE, + nls = alloc_nftnl_set(h); + nftnl_set_set_u32(nls, NFTNL_SET_FLAGS, set->flags); + nftnl_set_set_u32(nls, NFTNL_SET_KEY_TYPE, dtype_map_to_kernel(set->keytype)); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_LEN, + nftnl_set_set_u32(nls, NFTNL_SET_KEY_LEN, set->keylen / BITS_PER_BYTE); if (set->flags & NFT_SET_MAP) { - nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_TYPE, + nftnl_set_set_u32(nls, NFTNL_SET_DATA_TYPE, dtype_map_to_kernel(set->datatype)); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_LEN, + nftnl_set_set_u32(nls, NFTNL_SET_DATA_LEN, set->datalen / BITS_PER_BYTE); } netlink_dump_set(nls); @@ -1121,8 +1121,8 @@ static int netlink_add_set_compat(struct netlink_ctx *ctx, strerror(errno)); set->handle.set = - xstrdup(nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME)); - nft_set_free(nls); + xstrdup(nftnl_set_get_str(nls, NFTNL_SET_NAME)); + nftnl_set_free(nls); return err; } @@ -1130,36 +1130,36 @@ static int netlink_add_set_compat(struct netlink_ctx *ctx, static int netlink_add_set_batch(struct netlink_ctx *ctx, const struct handle *h, struct set *set) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_FLAGS, set->flags); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_TYPE, + nls = alloc_nftnl_set(h); + nftnl_set_set_u32(nls, NFTNL_SET_FLAGS, set->flags); + nftnl_set_set_u32(nls, NFTNL_SET_KEY_TYPE, dtype_map_to_kernel(set->keytype)); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_LEN, + nftnl_set_set_u32(nls, NFTNL_SET_KEY_LEN, set->keylen / BITS_PER_BYTE); if (set->flags & NFT_SET_MAP) { - nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_TYPE, + nftnl_set_set_u32(nls, NFTNL_SET_DATA_TYPE, dtype_map_to_kernel(set->datatype)); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_LEN, + nftnl_set_set_u32(nls, NFTNL_SET_DATA_LEN, set->datalen / BITS_PER_BYTE); } if (set->timeout) - nft_set_attr_set_u64(nls, NFT_SET_ATTR_TIMEOUT, set->timeout); + nftnl_set_set_u64(nls, NFTNL_SET_TIMEOUT, set->timeout); if (set->gc_int) - nft_set_attr_set_u32(nls, NFT_SET_ATTR_GC_INTERVAL, set->gc_int); + nftnl_set_set_u32(nls, NFTNL_SET_GC_INTERVAL, set->gc_int); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_ID, set->handle.set_id); + nftnl_set_set_u32(nls, NFTNL_SET_ID, set->handle.set_id); if (!(set->flags & (SET_F_CONSTANT))) { if (set->policy != NFT_SET_POL_PERFORMANCE) { - nft_set_attr_set_u32(nls, NFT_SET_ATTR_POLICY, + nftnl_set_set_u32(nls, NFTNL_SET_POLICY, set->policy); } if (set->desc.size != 0) { - nft_set_attr_set_u32(nls, NFT_SET_ATTR_DESC_SIZE, + nftnl_set_set_u32(nls, NFTNL_SET_DESC_SIZE, set->desc.size); } } @@ -1170,7 +1170,7 @@ static int netlink_add_set_batch(struct netlink_ctx *ctx, if (err < 0) netlink_io_error(ctx, &set->location, "Could not add set: %s", strerror(errno)); - nft_set_free(nls); + nftnl_set_free(nls); return err; } @@ -1188,12 +1188,12 @@ static int netlink_del_set_compat(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); err = mnl_nft_set_delete(nf_sock, nls, 0); - nft_set_free(nls); + nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, loc, "Could not delete set: %s", @@ -1205,12 +1205,12 @@ static int netlink_del_set_batch(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); err = mnl_nft_set_batch_del(nls, 0, ctx->seqnum); - nft_set_free(nls); + nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, loc, "Could not delete set: %s", @@ -1227,7 +1227,7 @@ int netlink_delete_set(struct netlink_ctx *ctx, const struct handle *h, return netlink_del_set_compat(ctx, h, loc); } -static int list_set_cb(struct nft_set *nls, void *arg) +static int list_set_cb(struct nftnl_set *nls, void *arg) { struct netlink_ctx *ctx = arg; struct set *set; @@ -1242,7 +1242,7 @@ static int list_set_cb(struct nft_set *nls, void *arg) int netlink_list_sets(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_set_list *set_cache; + struct nftnl_set_list *set_cache; int err; set_cache = mnl_nft_set_dump(nf_sock, h->family, h->table); @@ -1255,29 +1255,29 @@ int netlink_list_sets(struct netlink_ctx *ctx, const struct handle *h, strerror(errno)); } - err = nft_set_list_foreach(set_cache, list_set_cb, ctx); - nft_set_list_free(set_cache); + err = nftnl_set_list_foreach(set_cache, list_set_cb, ctx); + nftnl_set_list_free(set_cache); return err; } int netlink_get_set(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_set *nls; + struct nftnl_set *nls; struct set *set; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); err = mnl_nft_set_get(nf_sock, nls); if (err < 0) { - nft_set_free(nls); + nftnl_set_free(nls); return netlink_io_error(ctx, loc, "Could not receive set from kernel: %s", strerror(errno)); } set = netlink_delinearize_set(ctx, nls); - nft_set_free(nls); + nftnl_set_free(nls); if (set == NULL) return -1; list_add_tail(&set->list, &ctx->list); @@ -1285,14 +1285,14 @@ int netlink_get_set(struct netlink_ctx *ctx, const struct handle *h, return err; } -static void alloc_setelem_cache(const struct expr *set, struct nft_set *nls) +static void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls) { - struct nft_set_elem *nlse; + struct nftnl_set_elem *nlse; const struct expr *expr; list_for_each_entry(expr, &set->expressions, list) { - nlse = alloc_nft_setelem(expr); - nft_set_elem_add(nls, nlse); + nlse = alloc_nftnl_setelem(expr); + nftnl_set_elem_add(nls, nlse); } } @@ -1300,15 +1300,15 @@ static int netlink_add_setelems_batch(struct netlink_ctx *ctx, const struct handle *h, const struct expr *expr) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); alloc_setelem_cache(expr, nls); netlink_dump_set(nls); err = mnl_nft_setelem_batch_add(nls, 0, ctx->seqnum); - nft_set_free(nls); + nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, &expr->location, "Could not add set elements: %s", @@ -1320,15 +1320,15 @@ static int netlink_add_setelems_compat(struct netlink_ctx *ctx, const struct handle *h, const struct expr *expr) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); alloc_setelem_cache(expr, nls); netlink_dump_set(nls); err = mnl_nft_setelem_add(nf_sock, nls, 0); - nft_set_free(nls); + nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, &expr->location, "Could not add set elements: %s", @@ -1349,15 +1349,15 @@ static int netlink_del_setelems_batch(struct netlink_ctx *ctx, const struct handle *h, const struct expr *expr) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); alloc_setelem_cache(expr, nls); netlink_dump_set(nls); err = mnl_nft_setelem_batch_del(nls, 0, ctx->seqnum); - nft_set_free(nls); + nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, &expr->location, "Could not delete set elements: %s", @@ -1369,15 +1369,15 @@ static int netlink_del_setelems_compat(struct netlink_ctx *ctx, const struct handle *h, const struct expr *expr) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); alloc_setelem_cache(expr, nls); netlink_dump_set(nls); err = mnl_nft_setelem_delete(nf_sock, nls, 0); - nft_set_free(nls); + nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, &expr->location, "Could not delete set elements: %s", @@ -1415,7 +1415,7 @@ static struct expr *netlink_parse_concat_elem(const struct datatype *dtype, return concat; } -static int netlink_delinearize_setelem(struct nft_set_elem *nlse, +static int netlink_delinearize_setelem(struct nftnl_set_elem *nlse, struct set *set) { struct nft_data_delinearize nld; @@ -1423,9 +1423,9 @@ static int netlink_delinearize_setelem(struct nft_set_elem *nlse, uint32_t flags = 0; nld.value = - nft_set_elem_attr_get(nlse, NFT_SET_ELEM_ATTR_KEY, &nld.len); - if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_FLAGS)) - flags = nft_set_elem_attr_get_u32(nlse, NFT_SET_ELEM_ATTR_FLAGS); + nftnl_set_elem_get(nlse, NFTNL_SET_ELEM_KEY, &nld.len); + if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_FLAGS)) + flags = nftnl_set_elem_get_u32(nlse, NFTNL_SET_ELEM_FLAGS); key = netlink_alloc_value(&netlink_location, &nld); key->dtype = set->keytype; @@ -1442,15 +1442,15 @@ static int netlink_delinearize_setelem(struct nft_set_elem *nlse, key = bitmask_expr_to_binops(key); expr = set_elem_expr_alloc(&netlink_location, key); - if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_TIMEOUT)) - expr->timeout = nft_set_elem_attr_get_u64(nlse, NFT_SET_ELEM_ATTR_TIMEOUT); - if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_EXPIRATION)) - expr->expiration = nft_set_elem_attr_get_u64(nlse, NFT_SET_ELEM_ATTR_EXPIRATION); - if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_USERDATA)) { + if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_TIMEOUT)) + expr->timeout = nftnl_set_elem_get_u64(nlse, NFTNL_SET_ELEM_TIMEOUT); + if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_EXPIRATION)) + expr->expiration = nftnl_set_elem_get_u64(nlse, NFTNL_SET_ELEM_EXPIRATION); + if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_USERDATA)) { const void *data; uint32_t len; - data = nft_set_elem_attr_get(nlse, NFT_SET_ELEM_ATTR_USERDATA, &len); + data = nftnl_set_elem_get(nlse, NFTNL_SET_ELEM_USERDATA, &len); expr->comment = xmalloc(len); memcpy((char *)expr->comment, data, len); } @@ -1458,14 +1458,14 @@ static int netlink_delinearize_setelem(struct nft_set_elem *nlse, if (flags & NFT_SET_ELEM_INTERVAL_END) { expr->flags |= EXPR_F_INTERVAL_END; } else { - if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_DATA)) { - nld.value = nft_set_elem_attr_get(nlse, NFT_SET_ELEM_ATTR_DATA, + if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_DATA)) { + nld.value = nftnl_set_elem_get(nlse, NFTNL_SET_ELEM_DATA, &nld.len); - } else if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_CHAIN)) { - nld.chain = nft_set_elem_attr_get_str(nlse, NFT_SET_ELEM_ATTR_CHAIN); - nld.verdict = nft_set_elem_attr_get_u32(nlse, NFT_SET_ELEM_ATTR_VERDICT); - } else if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_VERDICT)) { - nld.verdict = nft_set_elem_attr_get_u32(nlse, NFT_SET_ELEM_ATTR_VERDICT); + } else if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_CHAIN)) { + nld.chain = nftnl_set_elem_get_str(nlse, NFTNL_SET_ELEM_CHAIN); + nld.verdict = nftnl_set_elem_get_u32(nlse, NFTNL_SET_ELEM_VERDICT); + } else if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_VERDICT)) { + nld.verdict = nftnl_set_elem_get_u32(nlse, NFTNL_SET_ELEM_VERDICT); } else goto out; @@ -1493,7 +1493,7 @@ int netlink_delete_setelems(struct netlink_ctx *ctx, const struct handle *h, return netlink_del_setelems_compat(ctx, h, expr); } -static int list_setelem_cb(struct nft_set_elem *nlse, void *arg) +static int list_setelem_cb(struct nftnl_set_elem *nlse, void *arg) { struct netlink_ctx *ctx = arg; return netlink_delinearize_setelem(nlse, ctx->set); @@ -1504,14 +1504,14 @@ extern void interval_map_decompose(struct expr *set); int netlink_get_setelems(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc, struct set *set) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); err = mnl_nft_setelem_get(nf_sock, nls); if (err < 0) { - nft_set_free(nls); + nftnl_set_free(nls); if (errno == EINTR) return -1; @@ -1520,8 +1520,8 @@ int netlink_get_setelems(struct netlink_ctx *ctx, const struct handle *h, ctx->set = set; set->init = set_expr_alloc(loc); - nft_set_elem_foreach(nls, list_setelem_cb, ctx); - nft_set_free(nls); + nftnl_set_elem_foreach(nls, list_setelem_cb, ctx); + nftnl_set_free(nls); ctx->set = NULL; if (set->flags & NFT_SET_INTERVAL) @@ -1541,15 +1541,15 @@ int netlink_batch_send(struct list_head *err_list) int netlink_flush_ruleset(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_table *nlt; + struct nftnl_table *nlt; int err; if (!ctx->batch_supported) return netlink_io_error(ctx, loc, "Operation not supported"); - nlt = alloc_nft_table(h); + nlt = alloc_nftnl_table(h); err = mnl_nft_table_batch_del(nlt, 0, ctx->seqnum); - nft_table_free(nlt); + nftnl_table_free(nlt); if (err < 0) netlink_io_error(ctx, loc, "Could not flush the ruleset: %s", @@ -1557,11 +1557,11 @@ int netlink_flush_ruleset(struct netlink_ctx *ctx, const struct handle *h, return err; } -struct nft_ruleset *netlink_dump_ruleset(struct netlink_ctx *ctx, +struct nftnl_ruleset *netlink_dump_ruleset(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_ruleset *rs; + struct nftnl_ruleset *rs; rs = mnl_nft_ruleset_dump(nf_sock, h->family); if (rs == NULL) { @@ -1575,66 +1575,66 @@ struct nft_ruleset *netlink_dump_ruleset(struct netlink_ctx *ctx, return rs; } -static struct nft_table *netlink_table_alloc(const struct nlmsghdr *nlh) +static struct nftnl_table *netlink_table_alloc(const struct nlmsghdr *nlh) { - struct nft_table *nlt; + struct nftnl_table *nlt; - nlt = nft_table_alloc(); + nlt = nftnl_table_alloc(); if (nlt == NULL) memory_allocation_error(); - if (nft_table_nlmsg_parse(nlh, nlt) < 0) + if (nftnl_table_nlmsg_parse(nlh, nlt) < 0) netlink_abi_error(); return nlt; } -static struct nft_chain *netlink_chain_alloc(const struct nlmsghdr *nlh) +static struct nftnl_chain *netlink_chain_alloc(const struct nlmsghdr *nlh) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; - nlc = nft_chain_alloc(); + nlc = nftnl_chain_alloc(); if (nlc == NULL) memory_allocation_error(); - if (nft_chain_nlmsg_parse(nlh, nlc) < 0) + if (nftnl_chain_nlmsg_parse(nlh, nlc) < 0) netlink_abi_error(); return nlc; } -static struct nft_set *netlink_set_alloc(const struct nlmsghdr *nlh) +static struct nftnl_set *netlink_set_alloc(const struct nlmsghdr *nlh) { - struct nft_set *nls; + struct nftnl_set *nls; - nls = nft_set_alloc(); + nls = nftnl_set_alloc(); if (nls == NULL) memory_allocation_error(); - if (nft_set_nlmsg_parse(nlh, nls) < 0) + if (nftnl_set_nlmsg_parse(nlh, nls) < 0) netlink_abi_error(); return nls; } -static struct nft_set *netlink_setelem_alloc(const struct nlmsghdr *nlh) +static struct nftnl_set *netlink_setelem_alloc(const struct nlmsghdr *nlh) { - struct nft_set *nls; + struct nftnl_set *nls; - nls = nft_set_alloc(); + nls = nftnl_set_alloc(); if (nls == NULL) memory_allocation_error(); - if (nft_set_elems_nlmsg_parse(nlh, nls) < 0) + if (nftnl_set_elems_nlmsg_parse(nlh, nls) < 0) netlink_abi_error(); return nls; } -static struct nft_rule *netlink_rule_alloc(const struct nlmsghdr *nlh) +static struct nftnl_rule *netlink_rule_alloc(const struct nlmsghdr *nlh) { - struct nft_rule *nlr; + struct nftnl_rule *nlr; - nlr = nft_rule_alloc(); + nlr = nftnl_rule_alloc(); if (nlr == NULL) memory_allocation_error(); - if (nft_rule_nlmsg_parse(nlh, nlr) < 0) + if (nftnl_rule_nlmsg_parse(nlh, nlr) < 0) netlink_abi_error(); return nlr; @@ -1648,64 +1648,64 @@ static uint32_t netlink_msg2nftnl_of(uint32_t msg) case NFT_MSG_NEWSET: case NFT_MSG_NEWSETELEM: case NFT_MSG_NEWRULE: - return NFT_OF_EVENT_NEW; + return NFTNL_OF_EVENT_NEW; case NFT_MSG_DELTABLE: case NFT_MSG_DELCHAIN: case NFT_MSG_DELSET: case NFT_MSG_DELSETELEM: case NFT_MSG_DELRULE: - return NFT_OF_EVENT_DEL; + return NFTNL_OF_EVENT_DEL; } return 0; } -static void nlr_for_each_set(struct nft_rule *nlr, +static void nlr_for_each_set(struct nftnl_rule *nlr, void (*cb)(struct set *s, void *data), void *data) { - struct nft_rule_expr_iter *nlrei; - struct nft_rule_expr *nlre; + struct nftnl_expr_iter *nlrei; + struct nftnl_expr *nlre; const char *set_name, *table; const char *name; struct set *s; uint32_t family; - nlrei = nft_rule_expr_iter_create(nlr); + nlrei = nftnl_expr_iter_create(nlr); if (nlrei == NULL) memory_allocation_error(); - family = nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY); - table = nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_TABLE); + family = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY); + table = nftnl_rule_get_str(nlr, NFTNL_RULE_TABLE); - nlre = nft_rule_expr_iter_next(nlrei); + nlre = nftnl_expr_iter_next(nlrei); while (nlre != NULL) { - name = nft_rule_expr_get_str(nlre, NFT_RULE_EXPR_ATTR_NAME); + name = nftnl_expr_get_str(nlre, NFTNL_EXPR_NAME); if (strcmp(name, "lookup") != 0) goto next; - set_name = nft_rule_expr_get_str(nlre, NFT_EXPR_LOOKUP_SET); + set_name = nftnl_expr_get_str(nlre, NFTNL_EXPR_LOOKUP_SET); s = set_lookup_global(family, table, set_name); if (s == NULL) goto next; cb(s, data); next: - nlre = nft_rule_expr_iter_next(nlrei); + nlre = nftnl_expr_iter_next(nlrei); } - nft_rule_expr_iter_destroy(nlrei); + nftnl_expr_iter_destroy(nlrei); } static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { - struct nft_table *nlt; + struct nftnl_table *nlt; uint32_t family; nlt = netlink_table_alloc(nlh); switch (monh->format) { - case NFT_OUTPUT_DEFAULT: + case NFTNL_OUTPUT_DEFAULT: if (type == NFT_MSG_NEWTABLE) { if (nlh->nlmsg_flags & NLM_F_EXCL) printf("update table "); @@ -1715,34 +1715,34 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type, printf("delete table "); } - family = nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY); + family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY); printf("%s %s\n", family2str(family), - nft_table_attr_get_str(nlt, NFT_TABLE_ATTR_NAME)); + nftnl_table_get_str(nlt, NFTNL_TABLE_NAME)); break; - case NFT_OUTPUT_XML: - case NFT_OUTPUT_JSON: - nft_table_fprintf(stdout, nlt, monh->format, + case NFTNL_OUTPUT_XML: + case NFTNL_OUTPUT_JSON: + nftnl_table_fprintf(stdout, nlt, monh->format, netlink_msg2nftnl_of(type)); fprintf(stdout, "\n"); break; } - nft_table_free(nlt); + nftnl_table_free(nlt); return MNL_CB_OK; } static int netlink_events_chain_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; struct chain *c; uint32_t family; nlc = netlink_chain_alloc(nlh); switch (monh->format) { - case NFT_OUTPUT_DEFAULT: + case NFTNL_OUTPUT_DEFAULT: switch (type) { case NFT_MSG_NEWCHAIN: if (nlh->nlmsg_flags & NLM_F_EXCL) @@ -1755,48 +1755,48 @@ static int netlink_events_chain_cb(const struct nlmsghdr *nlh, int type, chain_free(c); break; case NFT_MSG_DELCHAIN: - family = nft_chain_attr_get_u32(nlc, - NFT_CHAIN_ATTR_FAMILY); + family = nftnl_chain_get_u32(nlc, + NFTNL_CHAIN_FAMILY); printf("delete chain %s %s %s\n", family2str(family), - nft_chain_attr_get_str(nlc, - NFT_CHAIN_ATTR_TABLE), - nft_chain_attr_get_str(nlc, - NFT_CHAIN_ATTR_NAME)); + nftnl_chain_get_str(nlc, + NFTNL_CHAIN_TABLE), + nftnl_chain_get_str(nlc, + NFTNL_CHAIN_NAME)); break; } break; - case NFT_OUTPUT_XML: - case NFT_OUTPUT_JSON: - nft_chain_fprintf(stdout, nlc, monh->format, + case NFTNL_OUTPUT_XML: + case NFTNL_OUTPUT_JSON: + nftnl_chain_fprintf(stdout, nlc, monh->format, netlink_msg2nftnl_of(type)); fprintf(stdout, "\n"); break; } - nft_chain_free(nlc); + nftnl_chain_free(nlc); return MNL_CB_OK; } static int netlink_events_set_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { - struct nft_set *nls; + struct nftnl_set *nls; struct set *set; uint32_t family, flags; nls = netlink_set_alloc(nlh); - flags = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FLAGS); + flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS); if (flags & SET_F_ANONYMOUS) goto out; switch (monh->format) { - case NFT_OUTPUT_DEFAULT: + case NFTNL_OUTPUT_DEFAULT: switch (type) { case NFT_MSG_NEWSET: printf("add "); set = netlink_delinearize_set(monh->ctx, nls); if (set == NULL) { - nft_set_free(nls); + nftnl_set_free(nls); return MNL_CB_ERROR; } set_print_plain(set); @@ -1804,42 +1804,42 @@ static int netlink_events_set_cb(const struct nlmsghdr *nlh, int type, printf("\n"); break; case NFT_MSG_DELSET: - family = nft_set_attr_get_u32(nls, - NFT_SET_ATTR_FAMILY); + family = nftnl_set_get_u32(nls, + NFTNL_SET_FAMILY); printf("delete set %s %s %s\n", family2str(family), - nft_set_attr_get_str(nls, NFT_SET_ATTR_TABLE), - nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME)); + nftnl_set_get_str(nls, NFTNL_SET_TABLE), + nftnl_set_get_str(nls, NFTNL_SET_NAME)); break; } break; - case NFT_OUTPUT_XML: - case NFT_OUTPUT_JSON: - nft_set_fprintf(stdout, nls, monh->format, + case NFTNL_OUTPUT_XML: + case NFTNL_OUTPUT_JSON: + nftnl_set_fprintf(stdout, nls, monh->format, netlink_msg2nftnl_of(type)); fprintf(stdout, "\n"); break; } out: - nft_set_free(nls); + nftnl_set_free(nls); return MNL_CB_OK; } static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { - struct nft_set_elems_iter *nlsei; - struct nft_set_elem *nlse; - struct nft_set *nls; + struct nftnl_set_elems_iter *nlsei; + struct nftnl_set_elem *nlse; + struct nftnl_set *nls; struct set *dummyset; struct set *set; const char *setname, *table; uint32_t family; nls = netlink_setelem_alloc(nlh); - table = nft_set_attr_get_str(nls, NFT_SET_ATTR_TABLE); - setname = nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME); - family = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY); + table = nftnl_set_get_str(nls, NFTNL_SET_TABLE); + setname = nftnl_set_get_str(nls, NFTNL_SET_NAME); + family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY); set = set_lookup_global(family, table, setname); if (set == NULL) { @@ -1848,7 +1848,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, } switch (monh->format) { - case NFT_OUTPUT_DEFAULT: + case NFTNL_OUTPUT_DEFAULT: if (set->flags & SET_F_ANONYMOUS) goto out; @@ -1861,20 +1861,20 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, dummyset->datatype = set->datatype; dummyset->init = set_expr_alloc(monh->loc); - nlsei = nft_set_elems_iter_create(nls); + nlsei = nftnl_set_elems_iter_create(nls); if (nlsei == NULL) memory_allocation_error(); - nlse = nft_set_elems_iter_next(nlsei); + nlse = nftnl_set_elems_iter_next(nlsei); while (nlse != NULL) { if (netlink_delinearize_setelem(nlse, dummyset) < 0) { set_free(dummyset); - nft_set_elems_iter_destroy(nlsei); + nftnl_set_elems_iter_destroy(nlsei); goto out; } - nlse = nft_set_elems_iter_next(nlsei); + nlse = nftnl_set_elems_iter_next(nlsei); } - nft_set_elems_iter_destroy(nlsei); + nftnl_set_elems_iter_destroy(nlsei); switch (type) { case NFT_MSG_NEWSETELEM: @@ -1893,15 +1893,15 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, set_free(dummyset); break; - case NFT_OUTPUT_XML: - case NFT_OUTPUT_JSON: - nft_set_fprintf(stdout, nls, monh->format, + case NFTNL_OUTPUT_XML: + case NFTNL_OUTPUT_JSON: + nftnl_set_fprintf(stdout, nls, monh->format, netlink_msg2nftnl_of(type)); fprintf(stdout, "\n"); break; } out: - nft_set_free(nls); + nftnl_set_free(nls); return MNL_CB_OK; } @@ -1914,7 +1914,7 @@ static void rule_map_decompose_cb(struct set *s, void *data) static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { - struct nft_rule *nlr; + struct nftnl_rule *nlr; const char *family; const char *table; const char *chain; @@ -1924,12 +1924,12 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, nlr = netlink_rule_alloc(nlh); switch (monh->format) { - case NFT_OUTPUT_DEFAULT: - fam = nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY); + case NFTNL_OUTPUT_DEFAULT: + fam = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY); family = family2str(fam); - table = nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_TABLE); - chain = nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_CHAIN); - handle = nft_rule_attr_get_u64(nlr, NFT_RULE_ATTR_HANDLE); + table = nftnl_rule_get_str(nlr, NFTNL_RULE_TABLE); + chain = nftnl_rule_get_str(nlr, NFTNL_RULE_CHAIN); + handle = nftnl_rule_get_u64(nlr, NFTNL_RULE_HANDLE); switch (type) { case NFT_MSG_NEWRULE: @@ -1948,27 +1948,27 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, break; } break; - case NFT_OUTPUT_XML: - case NFT_OUTPUT_JSON: - nft_rule_fprintf(stdout, nlr, monh->format, + case NFTNL_OUTPUT_XML: + case NFTNL_OUTPUT_JSON: + nftnl_rule_fprintf(stdout, nlr, monh->format, netlink_msg2nftnl_of(type)); fprintf(stdout, "\n"); break; } - nft_rule_free(nlr); + nftnl_rule_free(nlr); return MNL_CB_OK; } static void netlink_events_cache_addtable(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { - struct nft_table *nlt; + struct nftnl_table *nlt; struct table *t; nlt = netlink_table_alloc(nlh); t = netlink_delinearize_table(monh->ctx, nlt); - nft_table_free(nlt); + nftnl_table_free(nlt); table_add_hash(t); } @@ -1976,13 +1976,13 @@ static void netlink_events_cache_addtable(struct netlink_mon_handler *monh, static void netlink_events_cache_deltable(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { - struct nft_table *nlt; + struct nftnl_table *nlt; struct table *t; struct handle h; nlt = netlink_table_alloc(nlh); - h.family = nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY); - h.table = nft_table_attr_get_str(nlt, NFT_TABLE_ATTR_NAME); + h.family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY); + h.table = nftnl_table_get_str(nlt, NFTNL_TABLE_NAME); t = table_lookup(&h); if (t == NULL) @@ -1991,14 +1991,14 @@ static void netlink_events_cache_deltable(struct netlink_mon_handler *monh, list_del(&t->list); table_free(t); out: - nft_table_free(nlt); + nftnl_table_free(nlt); } static void netlink_events_cache_addset(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { struct netlink_ctx set_tmpctx; - struct nft_set *nls; + struct nftnl_set *nls; struct table *t; struct set *s; LIST_HEAD(msgs); @@ -2023,23 +2023,23 @@ static void netlink_events_cache_addset(struct netlink_mon_handler *monh, set_add_hash(s, t); out: - nft_set_free(nls); + nftnl_set_free(nls); } static void netlink_events_cache_addsetelem(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { - struct nft_set_elems_iter *nlsei; - struct nft_set_elem *nlse; - struct nft_set *nls; + struct nftnl_set_elems_iter *nlsei; + struct nftnl_set_elem *nlse; + struct nftnl_set *nls; struct set *set; const char *table, *setname; uint32_t family; nls = netlink_setelem_alloc(nlh); - family = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY); - table = nft_set_attr_get_str(nls, NFT_SET_ATTR_TABLE); - setname = nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME); + family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY); + table = nftnl_set_get_str(nls, NFTNL_SET_TABLE); + setname = nftnl_set_get_str(nls, NFTNL_SET_NAME); set = set_lookup_global(family, table, setname); if (set == NULL) { @@ -2048,24 +2048,24 @@ static void netlink_events_cache_addsetelem(struct netlink_mon_handler *monh, goto out; } - nlsei = nft_set_elems_iter_create(nls); + nlsei = nftnl_set_elems_iter_create(nls); if (nlsei == NULL) memory_allocation_error(); - nlse = nft_set_elems_iter_next(nlsei); + nlse = nftnl_set_elems_iter_next(nlsei); while (nlse != NULL) { if (netlink_delinearize_setelem(nlse, set) < 0) { fprintf(stderr, "W: Unable to cache set_elem. " "Delinearize failed.\n"); - nft_set_elems_iter_destroy(nlsei); + nftnl_set_elems_iter_destroy(nlsei); goto out; } - nlse = nft_set_elems_iter_next(nlsei); + nlse = nftnl_set_elems_iter_next(nlsei); } - nft_set_elems_iter_destroy(nlsei); + nftnl_set_elems_iter_destroy(nlsei); out: - nft_set_free(nls); + nftnl_set_free(nls); } static void netlink_events_cache_delset_cb(struct set *s, @@ -2078,10 +2078,10 @@ static void netlink_events_cache_delset_cb(struct set *s, static void netlink_events_cache_delsets(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { - struct nft_rule *nlr = netlink_rule_alloc(nlh); + struct nftnl_rule *nlr = netlink_rule_alloc(nlh); nlr_for_each_set(nlr, netlink_events_cache_delset_cb, NULL); - nft_rule_free(nlr); + nftnl_rule_free(nlr); } static void netlink_events_cache_update(struct netlink_mon_handler *monh, diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 4226b822..787eec76 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -46,12 +46,12 @@ static void __fmtstring(3, 4) netlink_error(struct netlink_parse_ctx *ctx, erec_queue(erec, ctx->msgs); } -static unsigned int netlink_parse_register(const struct nft_rule_expr *nle, +static unsigned int netlink_parse_register(const struct nftnl_expr *nle, unsigned int attr) { unsigned int reg; - reg = nft_rule_expr_get_u32(nle, attr); + reg = nftnl_expr_get_u32(nle, attr); /* Translate 128bit registers to corresponding 32bit registers */ if (reg >= NFT_REG_1 && reg <= NFT_REG_4) reg = 1 + (reg - NFT_REG_1) * (NFT_REG_SIZE / NFT_REG32_SIZE); @@ -163,24 +163,24 @@ err: static void netlink_parse_immediate(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { struct nft_data_delinearize nld; enum nft_registers dreg; struct stmt *stmt; struct expr *expr; - if (nft_rule_expr_is_set(nle, NFT_EXPR_IMM_VERDICT)) { - nld.verdict = nft_rule_expr_get_u32(nle, NFT_EXPR_IMM_VERDICT); - if (nft_rule_expr_is_set(nle, NFT_EXPR_IMM_CHAIN)) { - nld.chain = nft_rule_expr_get(nle, NFT_EXPR_IMM_CHAIN, + if (nftnl_expr_is_set(nle, NFTNL_EXPR_IMM_VERDICT)) { + nld.verdict = nftnl_expr_get_u32(nle, NFTNL_EXPR_IMM_VERDICT); + if (nftnl_expr_is_set(nle, NFTNL_EXPR_IMM_CHAIN)) { + nld.chain = nftnl_expr_get(nle, NFTNL_EXPR_IMM_CHAIN, &nld.len); } - } else if (nft_rule_expr_is_set(nle, NFT_EXPR_IMM_DATA)) { - nld.value = nft_rule_expr_get(nle, NFT_EXPR_IMM_DATA, &nld.len); + } else if (nftnl_expr_is_set(nle, NFTNL_EXPR_IMM_DATA)) { + nld.value = nftnl_expr_get(nle, NFTNL_EXPR_IMM_DATA, &nld.len); } - dreg = netlink_parse_register(nle, NFT_EXPR_IMM_DREG); + dreg = netlink_parse_register(nle, NFTNL_EXPR_IMM_DREG); expr = netlink_alloc_data(loc, &nld, dreg); if (dreg == NFT_REG_VERDICT) { @@ -190,9 +190,9 @@ static void netlink_parse_immediate(struct netlink_parse_ctx *ctx, netlink_set_register(ctx, dreg, expr); } -static enum ops netlink_parse_cmp_op(const struct nft_rule_expr *nle) +static enum ops netlink_parse_cmp_op(const struct nftnl_expr *nle) { - switch (nft_rule_expr_get_u32(nle, NFT_EXPR_CMP_OP)) { + switch (nftnl_expr_get_u32(nle, NFTNL_EXPR_CMP_OP)) { case NFT_CMP_EQ: return OP_EQ; case NFT_CMP_NEQ: @@ -212,7 +212,7 @@ static enum ops netlink_parse_cmp_op(const struct nft_rule_expr *nle) static void netlink_parse_cmp(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { struct nft_data_delinearize nld; enum nft_registers sreg; @@ -220,7 +220,7 @@ static void netlink_parse_cmp(struct netlink_parse_ctx *ctx, struct stmt *stmt; enum ops op; - sreg = netlink_parse_register(nle, NFT_EXPR_CMP_SREG); + sreg = netlink_parse_register(nle, NFTNL_EXPR_CMP_SREG); left = netlink_get_register(ctx, loc, sreg); if (left == NULL) return netlink_error(ctx, loc, @@ -229,7 +229,7 @@ static void netlink_parse_cmp(struct netlink_parse_ctx *ctx, op = netlink_parse_cmp_op(nle); - nld.value = nft_rule_expr_get(nle, NFT_EXPR_CMP_DATA, &nld.len); + nld.value = nftnl_expr_get(nle, NFTNL_EXPR_CMP_DATA, &nld.len); right = netlink_alloc_value(loc, &nld); if (left->len != right->len) { @@ -252,7 +252,7 @@ static void netlink_parse_cmp(struct netlink_parse_ctx *ctx, static void netlink_parse_lookup(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { enum nft_registers sreg, dreg; const char *name; @@ -260,14 +260,14 @@ static void netlink_parse_lookup(struct netlink_parse_ctx *ctx, struct expr *expr, *left, *right; struct set *set; - name = nft_rule_expr_get_str(nle, NFT_EXPR_LOOKUP_SET); + name = nftnl_expr_get_str(nle, NFTNL_EXPR_LOOKUP_SET); set = set_lookup(ctx->table, name); if (set == NULL) return netlink_error(ctx, loc, "Unknown set '%s' in lookup expression", name); - sreg = netlink_parse_register(nle, NFT_EXPR_LOOKUP_SREG); + sreg = netlink_parse_register(nle, NFTNL_EXPR_LOOKUP_SREG); left = netlink_get_register(ctx, loc, sreg); if (left == NULL) return netlink_error(ctx, loc, @@ -281,8 +281,8 @@ static void netlink_parse_lookup(struct netlink_parse_ctx *ctx, right = set_ref_expr_alloc(loc, set); - if (nft_rule_expr_is_set(nle, NFT_EXPR_LOOKUP_DREG)) { - dreg = netlink_parse_register(nle, NFT_EXPR_LOOKUP_DREG); + if (nftnl_expr_is_set(nle, NFTNL_EXPR_LOOKUP_DREG)) { + dreg = netlink_parse_register(nle, NFTNL_EXPR_LOOKUP_DREG); expr = map_expr_alloc(loc, left, right); if (dreg != NFT_REG_VERDICT) return netlink_set_register(ctx, dreg, expr); @@ -296,14 +296,14 @@ static void netlink_parse_lookup(struct netlink_parse_ctx *ctx, static void netlink_parse_bitwise(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { struct nft_data_delinearize nld; enum nft_registers sreg, dreg; struct expr *expr, *left, *mask, *xor, *or; mpz_t m, x, o; - sreg = netlink_parse_register(nle, NFT_EXPR_BITWISE_SREG); + sreg = netlink_parse_register(nle, NFTNL_EXPR_BITWISE_SREG); left = netlink_get_register(ctx, loc, sreg); if (left == NULL) return netlink_error(ctx, loc, @@ -312,11 +312,11 @@ static void netlink_parse_bitwise(struct netlink_parse_ctx *ctx, expr = left; - nld.value = nft_rule_expr_get(nle, NFT_EXPR_BITWISE_MASK, &nld.len); + nld.value = nftnl_expr_get(nle, NFTNL_EXPR_BITWISE_MASK, &nld.len); mask = netlink_alloc_value(loc, &nld); mpz_init_set(m, mask->value); - nld.value = nft_rule_expr_get(nle, NFT_EXPR_BITWISE_XOR, &nld.len); + nld.value = nftnl_expr_get(nle, NFTNL_EXPR_BITWISE_XOR, &nld.len); xor = netlink_alloc_value(loc, &nld); mpz_init_set(x, xor->value); @@ -346,7 +346,7 @@ static void netlink_parse_bitwise(struct netlink_parse_ctx *ctx, expr_free(xor); if (mpz_cmp_ui(o, 0)) { - nld.value = nft_rule_expr_get(nle, NFT_EXPR_BITWISE_XOR, + nld.value = nftnl_expr_get(nle, NFTNL_EXPR_BITWISE_XOR, &nld.len); or = netlink_alloc_value(loc, &nld); @@ -359,26 +359,26 @@ static void netlink_parse_bitwise(struct netlink_parse_ctx *ctx, mpz_clear(x); mpz_clear(o); - dreg = netlink_parse_register(nle, NFT_EXPR_BITWISE_DREG); + dreg = netlink_parse_register(nle, NFTNL_EXPR_BITWISE_DREG); netlink_set_register(ctx, dreg, expr); } static void netlink_parse_byteorder(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { enum nft_registers sreg, dreg; struct expr *expr, *arg; enum ops op; - sreg = netlink_parse_register(nle, NFT_EXPR_BYTEORDER_SREG); + sreg = netlink_parse_register(nle, NFTNL_EXPR_BYTEORDER_SREG); arg = netlink_get_register(ctx, loc, sreg); if (arg == NULL) return netlink_error(ctx, loc, "Byteorder expression has no left " "hand side"); - switch (nft_rule_expr_get_u32(nle, NFT_EXPR_BYTEORDER_OP)) { + switch (nftnl_expr_get_u32(nle, NFTNL_EXPR_BYTEORDER_OP)) { case NFT_BYTEORDER_NTOH: op = OP_NTOH; break; @@ -387,83 +387,83 @@ static void netlink_parse_byteorder(struct netlink_parse_ctx *ctx, break; default: BUG("invalid byteorder operation %u\n", - nft_rule_expr_get_u32(nle, NFT_EXPR_BYTEORDER_OP)); + nftnl_expr_get_u32(nle, NFTNL_EXPR_BYTEORDER_OP)); } expr = unary_expr_alloc(loc, op, arg); expr->len = arg->len; - dreg = netlink_parse_register(nle, NFT_EXPR_BYTEORDER_DREG); + dreg = netlink_parse_register(nle, NFTNL_EXPR_BYTEORDER_DREG); netlink_set_register(ctx, dreg, expr); } static void netlink_parse_payload(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { enum nft_registers dreg; uint32_t base, offset, len; struct expr *expr; - base = nft_rule_expr_get_u32(nle, NFT_EXPR_PAYLOAD_BASE) + 1; - offset = nft_rule_expr_get_u32(nle, NFT_EXPR_PAYLOAD_OFFSET) * BITS_PER_BYTE; - len = nft_rule_expr_get_u32(nle, NFT_EXPR_PAYLOAD_LEN) * BITS_PER_BYTE; + base = nftnl_expr_get_u32(nle, NFTNL_EXPR_PAYLOAD_BASE) + 1; + offset = nftnl_expr_get_u32(nle, NFTNL_EXPR_PAYLOAD_OFFSET) * BITS_PER_BYTE; + len = nftnl_expr_get_u32(nle, NFTNL_EXPR_PAYLOAD_LEN) * BITS_PER_BYTE; expr = payload_expr_alloc(loc, NULL, 0); payload_init_raw(expr, base, offset, len); - dreg = netlink_parse_register(nle, NFT_EXPR_PAYLOAD_DREG); + dreg = netlink_parse_register(nle, NFTNL_EXPR_PAYLOAD_DREG); netlink_set_register(ctx, dreg, expr); } static void netlink_parse_exthdr(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { enum nft_registers dreg; uint32_t offset, len; uint8_t type; struct expr *expr; - type = nft_rule_expr_get_u8(nle, NFT_EXPR_EXTHDR_TYPE); - offset = nft_rule_expr_get_u32(nle, NFT_EXPR_EXTHDR_OFFSET) * BITS_PER_BYTE; - len = nft_rule_expr_get_u32(nle, NFT_EXPR_EXTHDR_LEN) * BITS_PER_BYTE; + type = nftnl_expr_get_u8(nle, NFTNL_EXPR_EXTHDR_TYPE); + offset = nftnl_expr_get_u32(nle, NFTNL_EXPR_EXTHDR_OFFSET) * BITS_PER_BYTE; + len = nftnl_expr_get_u32(nle, NFTNL_EXPR_EXTHDR_LEN) * BITS_PER_BYTE; expr = exthdr_expr_alloc(loc, NULL, 0); exthdr_init_raw(expr, type, offset, len); - dreg = netlink_parse_register(nle, NFT_EXPR_EXTHDR_DREG); + dreg = netlink_parse_register(nle, NFTNL_EXPR_EXTHDR_DREG); netlink_set_register(ctx, dreg, expr); } static void netlink_parse_meta_expr(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { enum nft_registers dreg; uint32_t key; struct expr *expr; - key = nft_rule_expr_get_u32(nle, NFT_EXPR_META_KEY); + key = nftnl_expr_get_u32(nle, NFTNL_EXPR_META_KEY); expr = meta_expr_alloc(loc, key); - dreg = netlink_parse_register(nle, NFT_EXPR_META_DREG); + dreg = netlink_parse_register(nle, NFTNL_EXPR_META_DREG); netlink_set_register(ctx, dreg, expr); } static void netlink_parse_meta_stmt(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { enum nft_registers sreg; uint32_t key; struct stmt *stmt; struct expr *expr; - sreg = netlink_parse_register(nle, NFT_EXPR_META_SREG); + sreg = netlink_parse_register(nle, NFTNL_EXPR_META_SREG); expr = netlink_get_register(ctx, loc, sreg); - key = nft_rule_expr_get_u32(nle, NFT_EXPR_META_KEY); + key = nftnl_expr_get_u32(nle, NFTNL_EXPR_META_KEY); stmt = meta_stmt_alloc(loc, key, expr); expr_set_type(expr, stmt->meta.tmpl->dtype, stmt->meta.tmpl->byteorder); @@ -472,9 +472,9 @@ static void netlink_parse_meta_stmt(struct netlink_parse_ctx *ctx, static void netlink_parse_meta(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { - if (nft_rule_expr_is_set(nle, NFT_EXPR_META_DREG)) + if (nftnl_expr_is_set(nle, NFTNL_EXPR_META_DREG)) netlink_parse_meta_expr(ctx, loc, nle); else netlink_parse_meta_stmt(ctx, loc, nle); @@ -482,17 +482,17 @@ static void netlink_parse_meta(struct netlink_parse_ctx *ctx, static void netlink_parse_ct_stmt(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { enum nft_registers sreg; uint32_t key; struct stmt *stmt; struct expr *expr; - sreg = netlink_parse_register(nle, NFT_EXPR_CT_SREG); + sreg = netlink_parse_register(nle, NFTNL_EXPR_CT_SREG); expr = netlink_get_register(ctx, loc, sreg); - key = nft_rule_expr_get_u32(nle, NFT_EXPR_CT_KEY); + key = nftnl_expr_get_u32(nle, NFTNL_EXPR_CT_KEY); stmt = ct_stmt_alloc(loc, key, expr); expr_set_type(expr, stmt->ct.tmpl->dtype, stmt->ct.tmpl->byteorder); @@ -501,24 +501,24 @@ static void netlink_parse_ct_stmt(struct netlink_parse_ctx *ctx, static void netlink_parse_ct_expr(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { enum nft_registers dreg; uint32_t key; struct expr *expr; - key = nft_rule_expr_get_u32(nle, NFT_EXPR_CT_KEY); + key = nftnl_expr_get_u32(nle, NFTNL_EXPR_CT_KEY); expr = ct_expr_alloc(loc, key); - dreg = netlink_parse_register(nle, NFT_EXPR_CT_DREG); + dreg = netlink_parse_register(nle, NFTNL_EXPR_CT_DREG); netlink_set_register(ctx, dreg, expr); } static void netlink_parse_ct(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { - if (nft_rule_expr_is_set(nle, NFT_EXPR_CT_DREG)) + if (nftnl_expr_is_set(nle, NFTNL_EXPR_CT_DREG)) netlink_parse_ct_expr(ctx, loc, nle); else netlink_parse_ct_stmt(ctx, loc, nle); @@ -526,49 +526,49 @@ static void netlink_parse_ct(struct netlink_parse_ctx *ctx, static void netlink_parse_counter(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { struct stmt *stmt; stmt = counter_stmt_alloc(loc); stmt->counter.packets = - nft_rule_expr_get_u64(nle, NFT_EXPR_CTR_PACKETS); + nftnl_expr_get_u64(nle, NFTNL_EXPR_CTR_PACKETS); stmt->counter.bytes = - nft_rule_expr_get_u64(nle, NFT_EXPR_CTR_BYTES); + nftnl_expr_get_u64(nle, NFTNL_EXPR_CTR_BYTES); list_add_tail(&stmt->list, &ctx->rule->stmts); } static void netlink_parse_log(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { struct stmt *stmt; const char *prefix; stmt = log_stmt_alloc(loc); - prefix = nft_rule_expr_get_str(nle, NFT_EXPR_LOG_PREFIX); - if (nft_rule_expr_is_set(nle, NFT_EXPR_LOG_PREFIX)) { + prefix = nftnl_expr_get_str(nle, NFTNL_EXPR_LOG_PREFIX); + if (nftnl_expr_is_set(nle, NFTNL_EXPR_LOG_PREFIX)) { stmt->log.prefix = xstrdup(prefix); stmt->log.flags |= STMT_LOG_PREFIX; } - if (nft_rule_expr_is_set(nle, NFT_EXPR_LOG_GROUP)) { + if (nftnl_expr_is_set(nle, NFTNL_EXPR_LOG_GROUP)) { stmt->log.group = - nft_rule_expr_get_u16(nle, NFT_EXPR_LOG_GROUP); + nftnl_expr_get_u16(nle, NFTNL_EXPR_LOG_GROUP); stmt->log.flags |= STMT_LOG_GROUP; } - if (nft_rule_expr_is_set(nle, NFT_EXPR_LOG_SNAPLEN)) { + if (nftnl_expr_is_set(nle, NFTNL_EXPR_LOG_SNAPLEN)) { stmt->log.snaplen = - nft_rule_expr_get_u32(nle, NFT_EXPR_LOG_SNAPLEN); + nftnl_expr_get_u32(nle, NFTNL_EXPR_LOG_SNAPLEN); stmt->log.flags |= STMT_LOG_SNAPLEN; } - if (nft_rule_expr_is_set(nle, NFT_EXPR_LOG_QTHRESHOLD)) { + if (nftnl_expr_is_set(nle, NFTNL_EXPR_LOG_QTHRESHOLD)) { stmt->log.qthreshold = - nft_rule_expr_get_u16(nle, NFT_EXPR_LOG_QTHRESHOLD); + nftnl_expr_get_u16(nle, NFTNL_EXPR_LOG_QTHRESHOLD); stmt->log.flags |= STMT_LOG_QTHRESHOLD; } - if (nft_rule_expr_is_set(nle, NFT_EXPR_LOG_LEVEL)) { + if (nftnl_expr_is_set(nle, NFTNL_EXPR_LOG_LEVEL)) { stmt->log.level = - nft_rule_expr_get_u32(nle, NFT_EXPR_LOG_LEVEL); + nftnl_expr_get_u32(nle, NFTNL_EXPR_LOG_LEVEL); stmt->log.flags |= STMT_LOG_LEVEL; } list_add_tail(&stmt->list, &ctx->rule->stmts); @@ -576,26 +576,26 @@ static void netlink_parse_log(struct netlink_parse_ctx *ctx, static void netlink_parse_limit(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { struct stmt *stmt; stmt = limit_stmt_alloc(loc); - stmt->limit.rate = nft_rule_expr_get_u64(nle, NFT_EXPR_LIMIT_RATE); - stmt->limit.unit = nft_rule_expr_get_u64(nle, NFT_EXPR_LIMIT_UNIT); + stmt->limit.rate = nftnl_expr_get_u64(nle, NFTNL_EXPR_LIMIT_RATE); + stmt->limit.unit = nftnl_expr_get_u64(nle, NFTNL_EXPR_LIMIT_UNIT); list_add_tail(&stmt->list, &ctx->rule->stmts); } static void netlink_parse_reject(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *expr) + const struct nftnl_expr *expr) { struct stmt *stmt; uint8_t icmp_code; stmt = reject_stmt_alloc(loc); - stmt->reject.type = nft_rule_expr_get_u32(expr, NFT_EXPR_REJECT_TYPE); - icmp_code = nft_rule_expr_get_u8(expr, NFT_EXPR_REJECT_CODE); + stmt->reject.type = nftnl_expr_get_u32(expr, NFTNL_EXPR_REJECT_TYPE); + icmp_code = nftnl_expr_get_u8(expr, NFTNL_EXPR_REJECT_CODE); stmt->reject.icmp_code = icmp_code; stmt->reject.expr = constant_expr_alloc(loc, &integer_type, BYTEORDER_HOST_ENDIAN, 8, @@ -605,7 +605,7 @@ static void netlink_parse_reject(struct netlink_parse_ctx *ctx, static void netlink_parse_nat(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { struct stmt *stmt; struct expr *addr, *proto; @@ -613,15 +613,15 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, int family; stmt = nat_stmt_alloc(loc); - stmt->nat.type = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_TYPE); + stmt->nat.type = nftnl_expr_get_u32(nle, NFTNL_EXPR_NAT_TYPE); - family = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_FAMILY); + family = nftnl_expr_get_u32(nle, NFTNL_EXPR_NAT_FAMILY); - if (nft_rule_expr_is_set(nle, NFT_EXPR_NAT_FLAGS)) - stmt->nat.flags = nft_rule_expr_get_u32(nle, - NFT_EXPR_NAT_FLAGS); + if (nftnl_expr_is_set(nle, NFTNL_EXPR_NAT_FLAGS)) + stmt->nat.flags = nftnl_expr_get_u32(nle, + NFTNL_EXPR_NAT_FLAGS); - reg1 = netlink_parse_register(nle, NFT_EXPR_NAT_REG_ADDR_MIN); + reg1 = netlink_parse_register(nle, NFTNL_EXPR_NAT_REG_ADDR_MIN); if (reg1) { addr = netlink_get_register(ctx, loc, reg1); if (addr == NULL) @@ -637,7 +637,7 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, stmt->nat.addr = addr; } - reg2 = netlink_parse_register(nle, NFT_EXPR_NAT_REG_ADDR_MAX); + reg2 = netlink_parse_register(nle, NFTNL_EXPR_NAT_REG_ADDR_MAX); if (reg2 && reg2 != reg1) { addr = netlink_get_register(ctx, loc, reg2); if (addr == NULL) @@ -655,7 +655,7 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, stmt->nat.addr = addr; } - reg1 = netlink_parse_register(nle, NFT_EXPR_NAT_REG_PROTO_MIN); + reg1 = netlink_parse_register(nle, NFTNL_EXPR_NAT_REG_PROTO_MIN); if (reg1) { proto = netlink_get_register(ctx, loc, reg1); if (proto == NULL) @@ -667,7 +667,7 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, stmt->nat.proto = proto; } - reg2 = netlink_parse_register(nle, NFT_EXPR_NAT_REG_PROTO_MAX); + reg2 = netlink_parse_register(nle, NFTNL_EXPR_NAT_REG_PROTO_MAX); if (reg2 && reg2 != reg1) { proto = netlink_get_register(ctx, loc, reg2); if (proto == NULL) @@ -686,14 +686,14 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, static void netlink_parse_masq(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { struct stmt *stmt; uint32_t flags; flags = 0; - if (nft_rule_expr_is_set(nle, NFT_EXPR_MASQ_FLAGS)) - flags = nft_rule_expr_get_u32(nle, NFT_EXPR_MASQ_FLAGS); + if (nftnl_expr_is_set(nle, NFTNL_EXPR_MASQ_FLAGS)) + flags = nftnl_expr_get_u32(nle, NFTNL_EXPR_MASQ_FLAGS); stmt = masq_stmt_alloc(loc); stmt->masq.flags = flags; @@ -703,7 +703,7 @@ static void netlink_parse_masq(struct netlink_parse_ctx *ctx, static void netlink_parse_redir(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { struct stmt *stmt; struct expr *proto; @@ -712,12 +712,12 @@ static void netlink_parse_redir(struct netlink_parse_ctx *ctx, stmt = redir_stmt_alloc(loc); - if (nft_rule_expr_is_set(nle, NFT_EXPR_REDIR_FLAGS)) { - flags = nft_rule_expr_get_u32(nle, NFT_EXPR_REDIR_FLAGS); + if (nftnl_expr_is_set(nle, NFTNL_EXPR_REDIR_FLAGS)) { + flags = nftnl_expr_get_u32(nle, NFTNL_EXPR_REDIR_FLAGS); stmt->redir.flags = flags; } - reg1 = netlink_parse_register(nle, NFT_EXPR_REDIR_REG_PROTO_MIN); + reg1 = netlink_parse_register(nle, NFTNL_EXPR_REDIR_REG_PROTO_MIN); if (reg1) { proto = netlink_get_register(ctx, loc, reg1); if (proto == NULL) @@ -729,7 +729,7 @@ static void netlink_parse_redir(struct netlink_parse_ctx *ctx, stmt->redir.proto = proto; } - reg2 = netlink_parse_register(nle, NFT_EXPR_REDIR_REG_PROTO_MAX); + reg2 = netlink_parse_register(nle, NFTNL_EXPR_REDIR_REG_PROTO_MAX); if (reg2 && reg2 != reg1) { proto = netlink_get_register(ctx, loc, reg2); if (proto == NULL) @@ -749,14 +749,14 @@ static void netlink_parse_redir(struct netlink_parse_ctx *ctx, static void netlink_parse_queue(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { struct expr *expr, *high; struct stmt *stmt; uint16_t num, total; - num = nft_rule_expr_get_u16(nle, NFT_EXPR_QUEUE_NUM); - total = nft_rule_expr_get_u16(nle, NFT_EXPR_QUEUE_TOTAL); + num = nftnl_expr_get_u16(nle, NFTNL_EXPR_QUEUE_NUM); + total = nftnl_expr_get_u16(nle, NFTNL_EXPR_QUEUE_TOTAL); expr = constant_expr_alloc(loc, &integer_type, BYTEORDER_HOST_ENDIAN, 16, &num); @@ -769,13 +769,13 @@ static void netlink_parse_queue(struct netlink_parse_ctx *ctx, stmt = queue_stmt_alloc(loc); stmt->queue.queue = expr; - stmt->queue.flags = nft_rule_expr_get_u16(nle, NFT_EXPR_QUEUE_FLAGS); + stmt->queue.flags = nftnl_expr_get_u16(nle, NFTNL_EXPR_QUEUE_FLAGS); list_add_tail(&stmt->list, &ctx->rule->stmts); } static void netlink_parse_dynset(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle) + const struct nftnl_expr *nle) { struct expr *expr; struct stmt *stmt; @@ -783,14 +783,14 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx, enum nft_registers sreg; const char *name; - name = nft_rule_expr_get_str(nle, NFT_EXPR_DYNSET_SET_NAME); + name = nftnl_expr_get_str(nle, NFTNL_EXPR_DYNSET_SET_NAME); set = set_lookup(ctx->table, name); if (set == NULL) return netlink_error(ctx, loc, "Unknown set '%s' in dynset statement", name); - sreg = netlink_parse_register(nle, NFT_EXPR_DYNSET_SREG_KEY); + sreg = netlink_parse_register(nle, NFTNL_EXPR_DYNSET_SREG_KEY); expr = netlink_get_register(ctx, loc, sreg); if (expr == NULL) return netlink_error(ctx, loc, @@ -803,11 +803,11 @@ static void netlink_parse_dynset(struct netlink_parse_ctx *ctx, } expr = set_elem_expr_alloc(&expr->location, expr); - expr->timeout = nft_rule_expr_get_u64(nle, NFT_EXPR_DYNSET_TIMEOUT); + expr->timeout = nftnl_expr_get_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT); stmt = set_stmt_alloc(loc); stmt->set.set = set_ref_expr_alloc(loc, set); - stmt->set.op = nft_rule_expr_get_u32(nle, NFT_EXPR_DYNSET_OP); + stmt->set.op = nftnl_expr_get_u32(nle, NFTNL_EXPR_DYNSET_OP); stmt->set.key = expr; list_add_tail(&stmt->list, &ctx->rule->stmts); @@ -817,7 +817,7 @@ static const struct { const char *name; void (*parse)(struct netlink_parse_ctx *ctx, const struct location *loc, - const struct nft_rule_expr *nle); + const struct nftnl_expr *nle); } netlink_parsers[] = { { .name = "immediate", .parse = netlink_parse_immediate }, { .name = "cmp", .parse = netlink_parse_cmp }, @@ -839,9 +839,9 @@ static const struct { { .name = "dynset", .parse = netlink_parse_dynset }, }; -static int netlink_parse_expr(struct nft_rule_expr *nle, void *arg) +static int netlink_parse_expr(struct nftnl_expr *nle, void *arg) { - const char *type = nft_rule_expr_get_str(nle, NFT_RULE_EXPR_ATTR_NAME); + const char *type = nftnl_expr_get_str(nle, NFTNL_EXPR_NAME); struct netlink_parse_ctx *ctx = arg; struct location loc; unsigned int i; @@ -1376,7 +1376,7 @@ static void rule_parse_postprocess(struct netlink_parse_ctx *ctx, struct rule *r } struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx, - const struct nft_rule *nlr) + const struct nftnl_rule *nlr) { struct netlink_parse_ctx _ctx, *pctx = &_ctx; struct handle h; @@ -1385,19 +1385,19 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx, _ctx.msgs = ctx->msgs; memset(&h, 0, sizeof(h)); - h.family = nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY); - h.table = xstrdup(nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_TABLE)); - h.chain = xstrdup(nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_CHAIN)); - h.handle = nft_rule_attr_get_u64(nlr, NFT_RULE_ATTR_HANDLE); + h.family = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY); + h.table = xstrdup(nftnl_rule_get_str(nlr, NFTNL_RULE_TABLE)); + h.chain = xstrdup(nftnl_rule_get_str(nlr, NFTNL_RULE_CHAIN)); + h.handle = nftnl_rule_get_u64(nlr, NFTNL_RULE_HANDLE); - if (nft_rule_attr_is_set(nlr, NFT_RULE_ATTR_POSITION)) - h.position = nft_rule_attr_get_u64(nlr, NFT_RULE_ATTR_POSITION); + if (nftnl_rule_is_set(nlr, NFTNL_RULE_POSITION)) + h.position = nftnl_rule_get_u64(nlr, NFTNL_RULE_POSITION); - if (nft_rule_attr_is_set(nlr, NFT_RULE_ATTR_USERDATA)) { + if (nftnl_rule_is_set(nlr, NFTNL_RULE_USERDATA)) { uint32_t len; const void *data; - data = nft_rule_attr_get_data(nlr, NFT_RULE_ATTR_USERDATA, + data = nftnl_rule_get_data(nlr, NFTNL_RULE_USERDATA, &len); h.comment = xmalloc(len); memcpy((char *)h.comment, data, len); @@ -1406,7 +1406,7 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx, pctx->rule = rule_alloc(&netlink_location, &h); pctx->table = table_lookup(&h); assert(pctx->table != NULL); - nft_rule_expr_foreach((struct nft_rule *)nlr, netlink_parse_expr, pctx); + nftnl_expr_foreach((struct nftnl_rule *)nlr, netlink_parse_expr, pctx); rule_parse_postprocess(pctx, pctx->rule); netlink_release_registers(pctx); diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index bf1e56be..707df49c 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -20,11 +20,11 @@ #include struct netlink_linearize_ctx { - struct nft_rule *nlr; + struct nftnl_rule *nlr; unsigned int reg_low; }; -static void netlink_put_register(struct nft_rule_expr *nle, +static void netlink_put_register(struct nftnl_expr *nle, uint32_t attr, uint32_t reg) { /* Convert to 128 bit register numbers if possible for compatibility */ @@ -36,7 +36,7 @@ static void netlink_put_register(struct nft_rule_expr *nle, reg += NFT_REG32_00; } - nft_rule_expr_set_u32(nle, attr, reg); + nftnl_expr_set_u32(nle, attr, reg); } static enum nft_registers __get_register(struct netlink_linearize_ctx *ctx, @@ -103,65 +103,65 @@ static void netlink_gen_payload(struct netlink_linearize_ctx *ctx, const struct expr *expr, enum nft_registers dreg) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; nle = alloc_nft_expr("payload"); - netlink_put_register(nle, NFT_EXPR_PAYLOAD_DREG, dreg); - nft_rule_expr_set_u32(nle, NFT_EXPR_PAYLOAD_BASE, + netlink_put_register(nle, NFTNL_EXPR_PAYLOAD_DREG, dreg); + nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_BASE, expr->payload.base - 1); - nft_rule_expr_set_u32(nle, NFT_EXPR_PAYLOAD_OFFSET, + nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_OFFSET, expr->payload.offset / BITS_PER_BYTE); - nft_rule_expr_set_u32(nle, NFT_EXPR_PAYLOAD_LEN, + nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_LEN, expr->len / BITS_PER_BYTE); - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_exthdr(struct netlink_linearize_ctx *ctx, const struct expr *expr, enum nft_registers dreg) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; nle = alloc_nft_expr("exthdr"); - netlink_put_register(nle, NFT_EXPR_EXTHDR_DREG, dreg); - nft_rule_expr_set_u8(nle, NFT_EXPR_EXTHDR_TYPE, + netlink_put_register(nle, NFTNL_EXPR_EXTHDR_DREG, dreg); + nftnl_expr_set_u8(nle, NFTNL_EXPR_EXTHDR_TYPE, expr->exthdr.desc->type); - nft_rule_expr_set_u32(nle, NFT_EXPR_EXTHDR_OFFSET, + nftnl_expr_set_u32(nle, NFTNL_EXPR_EXTHDR_OFFSET, expr->exthdr.tmpl->offset / BITS_PER_BYTE); - nft_rule_expr_set_u32(nle, NFT_EXPR_EXTHDR_LEN, + nftnl_expr_set_u32(nle, NFTNL_EXPR_EXTHDR_LEN, expr->len / BITS_PER_BYTE); - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_meta(struct netlink_linearize_ctx *ctx, const struct expr *expr, enum nft_registers dreg) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; nle = alloc_nft_expr("meta"); - netlink_put_register(nle, NFT_EXPR_META_DREG, dreg); - nft_rule_expr_set_u32(nle, NFT_EXPR_META_KEY, expr->meta.key); - nft_rule_add_expr(ctx->nlr, nle); + netlink_put_register(nle, NFTNL_EXPR_META_DREG, dreg); + nftnl_expr_set_u32(nle, NFTNL_EXPR_META_KEY, expr->meta.key); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_ct(struct netlink_linearize_ctx *ctx, const struct expr *expr, enum nft_registers dreg) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; nle = alloc_nft_expr("ct"); - netlink_put_register(nle, NFT_EXPR_CT_DREG, dreg); - nft_rule_expr_set_u32(nle, NFT_EXPR_CT_KEY, expr->ct.key); - nft_rule_add_expr(ctx->nlr, nle); + netlink_put_register(nle, NFTNL_EXPR_CT_DREG, dreg); + nftnl_expr_set_u32(nle, NFTNL_EXPR_CT_KEY, expr->ct.key); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_map(struct netlink_linearize_ctx *ctx, const struct expr *expr, enum nft_registers dreg) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; enum nft_registers sreg; assert(expr->mappings->ops->type == EXPR_SET_REF); @@ -174,24 +174,24 @@ static void netlink_gen_map(struct netlink_linearize_ctx *ctx, netlink_gen_expr(ctx, expr->map, sreg); nle = alloc_nft_expr("lookup"); - netlink_put_register(nle, NFT_EXPR_LOOKUP_SREG, sreg); - netlink_put_register(nle, NFT_EXPR_LOOKUP_DREG, dreg); - nft_rule_expr_set_str(nle, NFT_EXPR_LOOKUP_SET, + netlink_put_register(nle, NFTNL_EXPR_LOOKUP_SREG, sreg); + netlink_put_register(nle, NFTNL_EXPR_LOOKUP_DREG, dreg); + nftnl_expr_set_str(nle, NFTNL_EXPR_LOOKUP_SET, expr->mappings->set->handle.set); - nft_rule_expr_set_u32(nle, NFT_EXPR_LOOKUP_SET_ID, + nftnl_expr_set_u32(nle, NFTNL_EXPR_LOOKUP_SET_ID, expr->mappings->set->handle.set_id); if (dreg == NFT_REG_VERDICT) release_register(ctx, expr->map); - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_lookup(struct netlink_linearize_ctx *ctx, const struct expr *expr, enum nft_registers dreg) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; enum nft_registers sreg; assert(expr->right->ops->type == EXPR_SET_REF); @@ -201,14 +201,14 @@ static void netlink_gen_lookup(struct netlink_linearize_ctx *ctx, netlink_gen_expr(ctx, expr->left, sreg); nle = alloc_nft_expr("lookup"); - netlink_put_register(nle, NFT_EXPR_LOOKUP_SREG, sreg); - nft_rule_expr_set_str(nle, NFT_EXPR_LOOKUP_SET, + netlink_put_register(nle, NFTNL_EXPR_LOOKUP_SREG, sreg); + nftnl_expr_set_str(nle, NFTNL_EXPR_LOOKUP_SET, expr->right->set->handle.set); - nft_rule_expr_set_u32(nle, NFT_EXPR_LOOKUP_SET_ID, + nftnl_expr_set_u32(nle, NFTNL_EXPR_LOOKUP_SET_ID, expr->right->set->handle.set_id); release_register(ctx, expr->left); - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static enum nft_cmp_ops netlink_gen_cmp_op(enum ops op) @@ -239,7 +239,7 @@ static void netlink_gen_cmp(struct netlink_linearize_ctx *ctx, const struct expr *expr, enum nft_registers dreg) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; enum nft_registers sreg; struct nft_data_linearize nld, zero = {}; struct expr *right; @@ -265,12 +265,12 @@ static void netlink_gen_cmp(struct netlink_linearize_ctx *ctx, zero.len = nld.len; nle = alloc_nft_expr("bitwise"); - netlink_put_register(nle, NFT_EXPR_BITWISE_SREG, sreg); - netlink_put_register(nle, NFT_EXPR_BITWISE_DREG, sreg); - nft_rule_expr_set_u32(nle, NFT_EXPR_BITWISE_LEN, nld.len); - nft_rule_expr_set(nle, NFT_EXPR_BITWISE_MASK, &nld.value, nld.len); - nft_rule_expr_set(nle, NFT_EXPR_BITWISE_XOR, &zero.value, zero.len); - nft_rule_add_expr(ctx->nlr, nle); + netlink_put_register(nle, NFTNL_EXPR_BITWISE_SREG, sreg); + netlink_put_register(nle, NFTNL_EXPR_BITWISE_DREG, sreg); + nftnl_expr_set_u32(nle, NFTNL_EXPR_BITWISE_LEN, nld.len); + nftnl_expr_set(nle, NFTNL_EXPR_BITWISE_MASK, &nld.value, nld.len); + nftnl_expr_set(nle, NFTNL_EXPR_BITWISE_XOR, &zero.value, zero.len); + nftnl_rule_add_expr(ctx->nlr, nle); right = expr->right->prefix; break; @@ -280,14 +280,14 @@ static void netlink_gen_cmp(struct netlink_linearize_ctx *ctx, } nle = alloc_nft_expr("cmp"); - netlink_put_register(nle, NFT_EXPR_CMP_SREG, sreg); - nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_OP, + netlink_put_register(nle, NFTNL_EXPR_CMP_SREG, sreg); + nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP, netlink_gen_cmp_op(expr->op)); netlink_gen_data(right, &nld); - nft_rule_expr_set(nle, NFT_EXPR_CMP_DATA, nld.value, nld.len); + nftnl_expr_set(nle, NFTNL_EXPR_CMP_DATA, nld.value, nld.len); release_register(ctx, expr->left); - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_range(struct netlink_linearize_ctx *ctx, @@ -295,7 +295,7 @@ static void netlink_gen_range(struct netlink_linearize_ctx *ctx, enum nft_registers dreg) { struct expr *range = expr->right; - struct nft_rule_expr *nle; + struct nftnl_expr *nle; enum nft_registers sreg; struct nft_data_linearize nld; @@ -305,15 +305,15 @@ static void netlink_gen_range(struct netlink_linearize_ctx *ctx, netlink_gen_expr(ctx, expr->left, sreg); nle = alloc_nft_expr("cmp"); - netlink_put_register(nle, NFT_EXPR_CMP_SREG, sreg); + netlink_put_register(nle, NFTNL_EXPR_CMP_SREG, sreg); switch (expr->op) { case OP_NEQ: - nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_OP, + nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP, netlink_gen_cmp_op(OP_LT)); break; case OP_RANGE: case OP_EQ: - nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_OP, + nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP, netlink_gen_cmp_op(OP_GTE)); break; default: @@ -321,19 +321,19 @@ static void netlink_gen_range(struct netlink_linearize_ctx *ctx, } netlink_gen_data(range->left, &nld); - nft_rule_expr_set(nle, NFT_EXPR_CMP_DATA, nld.value, nld.len); - nft_rule_add_expr(ctx->nlr, nle); + nftnl_expr_set(nle, NFTNL_EXPR_CMP_DATA, nld.value, nld.len); + nftnl_rule_add_expr(ctx->nlr, nle); nle = alloc_nft_expr("cmp"); - netlink_put_register(nle, NFT_EXPR_CMP_SREG, sreg); + netlink_put_register(nle, NFTNL_EXPR_CMP_SREG, sreg); switch (expr->op) { case OP_NEQ: - nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_OP, + nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP, netlink_gen_cmp_op(OP_GT)); break; case OP_RANGE: case OP_EQ: - nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_OP, + nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP, netlink_gen_cmp_op(OP_LTE)); break; default: @@ -341,8 +341,8 @@ static void netlink_gen_range(struct netlink_linearize_ctx *ctx, } netlink_gen_data(range->right, &nld); - nft_rule_expr_set(nle, NFT_EXPR_CMP_DATA, nld.value, nld.len); - nft_rule_add_expr(ctx->nlr, nle); + nftnl_expr_set(nle, NFTNL_EXPR_CMP_DATA, nld.value, nld.len); + nftnl_rule_add_expr(ctx->nlr, nle); release_register(ctx, expr->left); } @@ -351,7 +351,7 @@ static void netlink_gen_flagcmp(struct netlink_linearize_ctx *ctx, const struct expr *expr, enum nft_registers dreg) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; struct nft_data_linearize nld, nld2; enum nft_registers sreg; unsigned int len; @@ -369,18 +369,18 @@ static void netlink_gen_flagcmp(struct netlink_linearize_ctx *ctx, netlink_gen_data(expr->right, &nld2); nle = alloc_nft_expr("bitwise"); - netlink_put_register(nle, NFT_EXPR_BITWISE_SREG, sreg); - netlink_put_register(nle, NFT_EXPR_BITWISE_DREG, sreg); - nft_rule_expr_set_u32(nle, NFT_EXPR_BITWISE_LEN, len); - nft_rule_expr_set(nle, NFT_EXPR_BITWISE_MASK, &nld2.value, nld2.len); - nft_rule_expr_set(nle, NFT_EXPR_BITWISE_XOR, &nld.value, nld.len); - nft_rule_add_expr(ctx->nlr, nle); + netlink_put_register(nle, NFTNL_EXPR_BITWISE_SREG, sreg); + netlink_put_register(nle, NFTNL_EXPR_BITWISE_DREG, sreg); + nftnl_expr_set_u32(nle, NFTNL_EXPR_BITWISE_LEN, len); + nftnl_expr_set(nle, NFTNL_EXPR_BITWISE_MASK, &nld2.value, nld2.len); + nftnl_expr_set(nle, NFTNL_EXPR_BITWISE_XOR, &nld.value, nld.len); + nftnl_rule_add_expr(ctx->nlr, nle); nle = alloc_nft_expr("cmp"); - netlink_put_register(nle, NFT_EXPR_CMP_SREG, sreg); - nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_OP, NFT_CMP_NEQ); - nft_rule_expr_set(nle, NFT_EXPR_CMP_DATA, nld.value, nld.len); - nft_rule_add_expr(ctx->nlr, nle); + netlink_put_register(nle, NFTNL_EXPR_CMP_SREG, sreg); + nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP, NFT_CMP_NEQ); + nftnl_expr_set(nle, NFTNL_EXPR_CMP_DATA, nld.value, nld.len); + nftnl_rule_add_expr(ctx->nlr, nle); mpz_clear(zero); release_register(ctx, expr->left); @@ -422,7 +422,7 @@ static void netlink_gen_binop(struct netlink_linearize_ctx *ctx, const struct expr *expr, enum nft_registers dreg) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; struct nft_data_linearize nld; struct expr *left, *i; struct expr *binops[16]; @@ -469,21 +469,21 @@ static void netlink_gen_binop(struct netlink_linearize_ctx *ctx, len = div_round_up(expr->len, BITS_PER_BYTE); nle = alloc_nft_expr("bitwise"); - netlink_put_register(nle, NFT_EXPR_BITWISE_SREG, dreg); - netlink_put_register(nle, NFT_EXPR_BITWISE_DREG, dreg); - nft_rule_expr_set_u32(nle, NFT_EXPR_BITWISE_LEN, len); + netlink_put_register(nle, NFTNL_EXPR_BITWISE_SREG, dreg); + netlink_put_register(nle, NFTNL_EXPR_BITWISE_DREG, dreg); + nftnl_expr_set_u32(nle, NFTNL_EXPR_BITWISE_LEN, len); netlink_gen_raw_data(mask, expr->byteorder, len, &nld); - nft_rule_expr_set(nle, NFT_EXPR_BITWISE_MASK, nld.value, nld.len); + nftnl_expr_set(nle, NFTNL_EXPR_BITWISE_MASK, nld.value, nld.len); netlink_gen_raw_data(xor, expr->byteorder, len, &nld); - nft_rule_expr_set(nle, NFT_EXPR_BITWISE_XOR, nld.value, nld.len); + nftnl_expr_set(nle, NFTNL_EXPR_BITWISE_XOR, nld.value, nld.len); mpz_clear(tmp); mpz_clear(val); mpz_clear(xor); mpz_clear(mask); - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static enum nft_byteorder_ops netlink_gen_unary_op(enum ops op) @@ -502,48 +502,48 @@ static void netlink_gen_unary(struct netlink_linearize_ctx *ctx, const struct expr *expr, enum nft_registers dreg) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; netlink_gen_expr(ctx, expr->arg, dreg); nle = alloc_nft_expr("byteorder"); - netlink_put_register(nle, NFT_EXPR_BYTEORDER_SREG, dreg); - netlink_put_register(nle, NFT_EXPR_BYTEORDER_DREG, dreg); - nft_rule_expr_set_u32(nle, NFT_EXPR_BYTEORDER_LEN, + netlink_put_register(nle, NFTNL_EXPR_BYTEORDER_SREG, dreg); + netlink_put_register(nle, NFTNL_EXPR_BYTEORDER_DREG, dreg); + nftnl_expr_set_u32(nle, NFTNL_EXPR_BYTEORDER_LEN, expr->len / BITS_PER_BYTE); - nft_rule_expr_set_u32(nle, NFT_EXPR_BYTEORDER_SIZE, + nftnl_expr_set_u32(nle, NFTNL_EXPR_BYTEORDER_SIZE, expr->arg->len % 32 ? 2 : 4); - nft_rule_expr_set_u32(nle, NFT_EXPR_BYTEORDER_OP, + nftnl_expr_set_u32(nle, NFTNL_EXPR_BYTEORDER_OP, netlink_gen_unary_op(expr->op)); - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_immediate(struct netlink_linearize_ctx *ctx, const struct expr *expr, enum nft_registers dreg) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; struct nft_data_linearize nld; nle = alloc_nft_expr("immediate"); - netlink_put_register(nle, NFT_EXPR_IMM_DREG, dreg); + netlink_put_register(nle, NFTNL_EXPR_IMM_DREG, dreg); netlink_gen_data(expr, &nld); switch (expr->ops->type) { case EXPR_VALUE: - nft_rule_expr_set(nle, NFT_EXPR_IMM_DATA, nld.value, nld.len); + nftnl_expr_set(nle, NFTNL_EXPR_IMM_DATA, nld.value, nld.len); break; case EXPR_VERDICT: if ((expr->chain != NULL) && - !nft_rule_expr_is_set(nle, NFT_EXPR_IMM_CHAIN)) { - nft_rule_expr_set_str(nle, NFT_EXPR_IMM_CHAIN, + !nftnl_expr_is_set(nle, NFTNL_EXPR_IMM_CHAIN)) { + nftnl_expr_set_str(nle, NFTNL_EXPR_IMM_CHAIN, nld.chain); } - nft_rule_expr_set_u32(nle, NFT_EXPR_IMM_VERDICT, nld.verdict); + nftnl_expr_set_u32(nle, NFTNL_EXPR_IMM_VERDICT, nld.verdict); break; default: break; } - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_expr(struct netlink_linearize_ctx *ctx, @@ -590,24 +590,24 @@ static void netlink_gen_verdict_stmt(struct netlink_linearize_ctx *ctx, static void netlink_gen_counter_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; nle = alloc_nft_expr("counter"); if (stmt->counter.packets) { - nft_rule_expr_set_u64(nle, NFT_EXPR_CTR_PACKETS, + nftnl_expr_set_u64(nle, NFTNL_EXPR_CTR_PACKETS, stmt->counter.packets); } if (stmt->counter.bytes) { - nft_rule_expr_set_u64(nle, NFT_EXPR_CTR_BYTES, + nftnl_expr_set_u64(nle, NFTNL_EXPR_CTR_BYTES, stmt->counter.bytes); } - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_meta_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; enum nft_registers sreg; sreg = get_register(ctx, stmt->meta.expr); @@ -615,81 +615,81 @@ static void netlink_gen_meta_stmt(struct netlink_linearize_ctx *ctx, release_register(ctx, stmt->meta.expr); nle = alloc_nft_expr("meta"); - netlink_put_register(nle, NFT_EXPR_META_SREG, sreg); - nft_rule_expr_set_u32(nle, NFT_EXPR_META_KEY, stmt->meta.key); - nft_rule_add_expr(ctx->nlr, nle); + netlink_put_register(nle, NFTNL_EXPR_META_SREG, sreg); + nftnl_expr_set_u32(nle, NFTNL_EXPR_META_KEY, stmt->meta.key); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_log_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; nle = alloc_nft_expr("log"); if (stmt->log.prefix != NULL) { - nft_rule_expr_set_str(nle, NFT_EXPR_LOG_PREFIX, + nftnl_expr_set_str(nle, NFTNL_EXPR_LOG_PREFIX, stmt->log.prefix); } if (stmt->log.flags & STMT_LOG_GROUP) { - nft_rule_expr_set_u16(nle, NFT_EXPR_LOG_GROUP, + nftnl_expr_set_u16(nle, NFTNL_EXPR_LOG_GROUP, stmt->log.group); if (stmt->log.flags & STMT_LOG_SNAPLEN) - nft_rule_expr_set_u32(nle, NFT_EXPR_LOG_SNAPLEN, + nftnl_expr_set_u32(nle, NFTNL_EXPR_LOG_SNAPLEN, stmt->log.snaplen); if (stmt->log.flags & STMT_LOG_QTHRESHOLD) - nft_rule_expr_set_u16(nle, NFT_EXPR_LOG_QTHRESHOLD, + nftnl_expr_set_u16(nle, NFTNL_EXPR_LOG_QTHRESHOLD, stmt->log.qthreshold); } else { if (stmt->log.flags & STMT_LOG_LEVEL) { - nft_rule_expr_set_u32(nle, NFT_EXPR_LOG_LEVEL, + nftnl_expr_set_u32(nle, NFTNL_EXPR_LOG_LEVEL, stmt->log.level); } } - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_limit_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; nle = alloc_nft_expr("limit"); - nft_rule_expr_set_u64(nle, NFT_EXPR_LIMIT_RATE, stmt->limit.rate); - nft_rule_expr_set_u64(nle, NFT_EXPR_LIMIT_UNIT, stmt->limit.unit); - nft_rule_add_expr(ctx->nlr, nle); + nftnl_expr_set_u64(nle, NFTNL_EXPR_LIMIT_RATE, stmt->limit.rate); + nftnl_expr_set_u64(nle, NFTNL_EXPR_LIMIT_UNIT, stmt->limit.unit); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_reject_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; nle = alloc_nft_expr("reject"); - nft_rule_expr_set_u32(nle, NFT_EXPR_REJECT_TYPE, stmt->reject.type); + nftnl_expr_set_u32(nle, NFTNL_EXPR_REJECT_TYPE, stmt->reject.type); if (stmt->reject.icmp_code != -1) - nft_rule_expr_set_u8(nle, NFT_EXPR_REJECT_CODE, + nftnl_expr_set_u8(nle, NFTNL_EXPR_REJECT_CODE, stmt->reject.icmp_code); - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_nat_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; enum nft_registers amin_reg, amax_reg; enum nft_registers pmin_reg, pmax_reg; int registers = 0; int family; nle = alloc_nft_expr("nat"); - nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_TYPE, stmt->nat.type); + nftnl_expr_set_u32(nle, NFTNL_EXPR_NAT_TYPE, stmt->nat.type); - family = nft_rule_attr_get_u32(ctx->nlr, NFT_RULE_ATTR_FAMILY); - nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_FAMILY, family); + family = nftnl_rule_get_u32(ctx->nlr, NFTNL_RULE_FAMILY); + nftnl_expr_set_u32(nle, NFTNL_EXPR_NAT_FAMILY, family); if (stmt->nat.flags != 0) - nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_FLAGS, stmt->nat.flags); + nftnl_expr_set_u32(nle, NFTNL_EXPR_NAT_FLAGS, stmt->nat.flags); if (stmt->nat.addr) { amin_reg = get_register(ctx, NULL); @@ -701,13 +701,13 @@ static void netlink_gen_nat_stmt(struct netlink_linearize_ctx *ctx, netlink_gen_expr(ctx, stmt->nat.addr->left, amin_reg); netlink_gen_expr(ctx, stmt->nat.addr->right, amax_reg); - netlink_put_register(nle, NFT_EXPR_NAT_REG_ADDR_MIN, + netlink_put_register(nle, NFTNL_EXPR_NAT_REG_ADDR_MIN, amin_reg); - netlink_put_register(nle, NFT_EXPR_NAT_REG_ADDR_MAX, + netlink_put_register(nle, NFTNL_EXPR_NAT_REG_ADDR_MAX, amax_reg); } else { netlink_gen_expr(ctx, stmt->nat.addr, amin_reg); - netlink_put_register(nle, NFT_EXPR_NAT_REG_ADDR_MIN, + netlink_put_register(nle, NFTNL_EXPR_NAT_REG_ADDR_MIN, amin_reg); } @@ -723,13 +723,13 @@ static void netlink_gen_nat_stmt(struct netlink_linearize_ctx *ctx, netlink_gen_expr(ctx, stmt->nat.proto->left, pmin_reg); netlink_gen_expr(ctx, stmt->nat.proto->right, pmax_reg); - netlink_put_register(nle, NFT_EXPR_NAT_REG_PROTO_MIN, + netlink_put_register(nle, NFTNL_EXPR_NAT_REG_PROTO_MIN, pmin_reg); - netlink_put_register(nle, NFT_EXPR_NAT_REG_PROTO_MAX, + netlink_put_register(nle, NFTNL_EXPR_NAT_REG_PROTO_MAX, pmax_reg); } else { netlink_gen_expr(ctx, stmt->nat.proto, pmin_reg); - netlink_put_register(nle, NFT_EXPR_NAT_REG_PROTO_MIN, + netlink_put_register(nle, NFTNL_EXPR_NAT_REG_PROTO_MIN, pmin_reg); } } @@ -739,33 +739,33 @@ static void netlink_gen_nat_stmt(struct netlink_linearize_ctx *ctx, registers--; } - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_masq_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; nle = alloc_nft_expr("masq"); if (stmt->masq.flags != 0) - nft_rule_expr_set_u32(nle, NFT_EXPR_MASQ_FLAGS, + nftnl_expr_set_u32(nle, NFTNL_EXPR_MASQ_FLAGS, stmt->masq.flags); - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_redir_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; enum nft_registers pmin_reg, pmax_reg; int registers = 0; nle = alloc_nft_expr("redir"); if (stmt->redir.flags != 0) - nft_rule_expr_set_u32(nle, NFT_EXPR_REDIR_FLAGS, + nftnl_expr_set_u32(nle, NFTNL_EXPR_REDIR_FLAGS, stmt->redir.flags); if (stmt->redir.proto) { @@ -780,16 +780,16 @@ static void netlink_gen_redir_stmt(struct netlink_linearize_ctx *ctx, pmin_reg); netlink_gen_expr(ctx, stmt->redir.proto->right, pmax_reg); - nft_rule_expr_set_u32(nle, - NFT_EXPR_REDIR_REG_PROTO_MIN, + nftnl_expr_set_u32(nle, + NFTNL_EXPR_REDIR_REG_PROTO_MIN, pmin_reg); - nft_rule_expr_set_u32(nle, - NFT_EXPR_REDIR_REG_PROTO_MAX, + nftnl_expr_set_u32(nle, + NFTNL_EXPR_REDIR_REG_PROTO_MAX, pmax_reg); } else { netlink_gen_expr(ctx, stmt->redir.proto, pmin_reg); - nft_rule_expr_set_u32(nle, - NFT_EXPR_REDIR_REG_PROTO_MIN, + nftnl_expr_set_u32(nle, + NFTNL_EXPR_REDIR_REG_PROTO_MIN, pmin_reg); } } @@ -799,13 +799,13 @@ static void netlink_gen_redir_stmt(struct netlink_linearize_ctx *ctx, registers--; } - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_queue_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; uint16_t total_queues; mpz_t low, high; @@ -818,13 +818,13 @@ static void netlink_gen_queue_stmt(struct netlink_linearize_ctx *ctx, total_queues = mpz_get_uint16(high) - mpz_get_uint16(low) + 1; nle = alloc_nft_expr("queue"); - nft_rule_expr_set_u16(nle, NFT_EXPR_QUEUE_NUM, mpz_get_uint16(low)); - nft_rule_expr_set_u16(nle, NFT_EXPR_QUEUE_TOTAL, total_queues); + nftnl_expr_set_u16(nle, NFTNL_EXPR_QUEUE_NUM, mpz_get_uint16(low)); + nftnl_expr_set_u16(nle, NFTNL_EXPR_QUEUE_TOTAL, total_queues); if (stmt->queue.flags) { - nft_rule_expr_set_u16(nle, NFT_EXPR_QUEUE_FLAGS, + nftnl_expr_set_u16(nle, NFTNL_EXPR_QUEUE_FLAGS, stmt->queue.flags); } - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); mpz_clear(low); mpz_clear(high); @@ -833,7 +833,7 @@ static void netlink_gen_queue_stmt(struct netlink_linearize_ctx *ctx, static void netlink_gen_ct_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; enum nft_registers sreg; sreg = get_register(ctx, stmt->ct.expr); @@ -841,15 +841,15 @@ static void netlink_gen_ct_stmt(struct netlink_linearize_ctx *ctx, release_register(ctx, stmt->ct.expr); nle = alloc_nft_expr("ct"); - netlink_put_register(nle, NFT_EXPR_CT_SREG, sreg); - nft_rule_expr_set_u32(nle, NFT_EXPR_CT_KEY, stmt->ct.key); - nft_rule_add_expr(ctx->nlr, nle); + netlink_put_register(nle, NFTNL_EXPR_CT_SREG, sreg); + nftnl_expr_set_u32(nle, NFTNL_EXPR_CT_KEY, stmt->ct.key); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; enum nft_registers sreg_key; sreg_key = get_register(ctx, stmt->set.key); @@ -857,15 +857,15 @@ static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx, release_register(ctx, stmt->set.key); nle = alloc_nft_expr("dynset"); - netlink_put_register(nle, NFT_EXPR_DYNSET_SREG_KEY, sreg_key); - nft_rule_expr_set_u64(nle, NFT_EXPR_DYNSET_TIMEOUT, + netlink_put_register(nle, NFTNL_EXPR_DYNSET_SREG_KEY, sreg_key); + nftnl_expr_set_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT, stmt->set.key->timeout); - nft_rule_expr_set_u32(nle, NFT_EXPR_DYNSET_OP, stmt->set.op); - nft_rule_expr_set_str(nle, NFT_EXPR_DYNSET_SET_NAME, + nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_OP, stmt->set.op); + nftnl_expr_set_str(nle, NFTNL_EXPR_DYNSET_SET_NAME, stmt->set.set->set->handle.set); - nft_rule_expr_set_u32(nle, NFT_EXPR_DYNSET_SET_ID, + nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_SET_ID, stmt->set.set->set->handle.set_id); - nft_rule_add_expr(ctx->nlr, nle); + nftnl_rule_add_expr(ctx->nlr, nle); } static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx, @@ -903,7 +903,7 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx, } } -void netlink_linearize_rule(struct netlink_ctx *ctx, struct nft_rule *nlr, +void netlink_linearize_rule(struct netlink_ctx *ctx, struct nftnl_rule *nlr, const struct rule *rule) { struct netlink_linearize_ctx lctx; diff --git a/src/parser_bison.y b/src/parser_bison.y index 942470f6..cfb6b707 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -842,12 +842,12 @@ monitor_object : /* empty */ { $$ = CMD_MONITOR_OBJ_ANY; } | ELEMENTS { $$ = CMD_MONITOR_OBJ_ELEMS; } ; -monitor_format : /* empty */ { $$ = NFT_OUTPUT_DEFAULT; } +monitor_format : /* empty */ { $$ = NFTNL_OUTPUT_DEFAULT; } | export_format ; -export_format : XML { $$ = NFT_OUTPUT_XML; } - | JSON { $$ = NFT_OUTPUT_JSON; } +export_format : XML { $$ = NFTNL_OUTPUT_XML; } + | JSON { $$ = NFTNL_OUTPUT_JSON; } ; describe_cmd : primary_expr diff --git a/src/rule.c b/src/rule.c index f3a5a990..43cc4a8a 100644 --- a/src/rule.c +++ b/src/rule.c @@ -955,7 +955,7 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd) static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd) { - struct nft_ruleset *rs; + struct nftnl_ruleset *rs; do { rs = netlink_dump_ruleset(ctx, &cmd->handle, &cmd->location); @@ -963,10 +963,10 @@ static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd) return -1; } while (rs == NULL); - nft_ruleset_fprintf(stdout, rs, cmd->export->format, 0); + nftnl_ruleset_fprintf(stdout, rs, cmd->export->format, 0); fprintf(stdout, "\n"); - nft_ruleset_free(rs); + nftnl_ruleset_free(rs); return 0; } @@ -1104,7 +1104,7 @@ static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd) * - new elements */ if (((cmd->monitor->flags & (1 << NFT_MSG_NEWRULE)) && - (cmd->monitor->format == NFT_OUTPUT_DEFAULT)) || + (cmd->monitor->format == NFTNL_OUTPUT_DEFAULT)) || (cmd->monitor->flags & (1 << NFT_MSG_NEWSETELEM))) monhandler.cache_needed = true; else -- cgit v1.2.3