summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--configure.ac2
-rw-r--r--iptables/nft-arp.c28
-rw-r--r--iptables/nft-arp.h2
-rw-r--r--iptables/nft-bridge.c42
-rw-r--r--iptables/nft-bridge.h2
-rw-r--r--iptables/nft-ipv4.c14
-rw-r--r--iptables/nft-ipv6.c10
-rw-r--r--iptables/nft-shared.c188
-rw-r--r--iptables/nft-shared.h68
-rw-r--r--iptables/nft.c812
-rw-r--r--iptables/nft.h46
-rw-r--r--iptables/xtables-config-parser.y34
-rw-r--r--iptables/xtables-events.c30
-rw-r--r--iptables/xtables-restore.c6
-rw-r--r--iptables/xtables-save.c2
15 files changed, 643 insertions, 643 deletions
diff --git a/configure.ac b/configure.ac
index 22512dc0..0f0d920b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -126,7 +126,7 @@ AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1])
if test "x$enable_nftables" = "xyes"; then
PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0])
- PKG_CHECK_MODULES([libnftnl], [libnftnl >= 1.0], [nftables=1], [nftables=0])
+ PKG_CHECK_MODULES([libnftnl], [libnftnl >= 1.0.5], [nftables=1], [nftables=0])
AM_PROG_LEX
AC_PROG_YACC
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 503c65af..0e13b8c5 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -137,7 +137,7 @@ static void print_mac_and_mask(const unsigned char *mac, const unsigned char *ma
print_mac(mask, l);
}
-static int nft_arp_add(struct nft_rule *r, void *data)
+static int nft_arp_add(struct nftnl_rule *r, void *data)
{
struct arptables_command_state *cs = data;
struct arpt_entry *fw = &cs->fw;
@@ -257,7 +257,7 @@ static uint16_t ipt_to_arpt_flags(uint8_t invflags)
return result;
}
-static void nft_arp_parse_meta(struct nft_xt_ctx *ctx, struct nft_rule_expr *e,
+static void nft_arp_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
void *data)
{
struct arptables_command_state *cs = data;
@@ -292,7 +292,7 @@ static void parse_mask_ipv4(struct nft_xt_ctx *ctx, struct in_addr *mask)
}
static void nft_arp_parse_payload(struct nft_xt_ctx *ctx,
- struct nft_rule_expr *e, void *data)
+ struct nftnl_expr *e, void *data)
{
struct arptables_command_state *cs = data;
struct arpt_entry *fw = &cs->fw;
@@ -365,26 +365,26 @@ static void nft_arp_parse_payload(struct nft_xt_ctx *ctx,
}
}
-void nft_rule_to_arptables_command_state(struct nft_rule *r,
+void nft_rule_to_arptables_command_state(struct nftnl_rule *r,
struct arptables_command_state *cs)
{
- struct nft_rule_expr_iter *iter;
- struct nft_rule_expr *expr;
- int family = nft_rule_attr_get_u32(r, NFT_RULE_ATTR_FAMILY);
+ struct nftnl_expr_iter *iter;
+ struct nftnl_expr *expr;
+ int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
struct nft_xt_ctx ctx = {
.state.cs_arp = cs,
.family = family,
};
- iter = nft_rule_expr_iter_create(r);
+ iter = nftnl_expr_iter_create(r);
if (iter == NULL)
return;
ctx.iter = iter;
- expr = nft_rule_expr_iter_next(iter);
+ expr = nftnl_expr_iter_next(iter);
while (expr != NULL) {
const char *name =
- nft_rule_expr_get_str(expr, NFT_RULE_EXPR_ATTR_NAME);
+ nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
if (strcmp(name, "counter") == 0)
nft_parse_counter(expr, &ctx.state.cs_arp->fw.counters);
@@ -401,10 +401,10 @@ void nft_rule_to_arptables_command_state(struct nft_rule *r,
else if (strcmp(name, "target") == 0)
nft_parse_target(&ctx, expr);
- expr = nft_rule_expr_iter_next(iter);
+ expr = nftnl_expr_iter_next(iter);
}
- nft_rule_expr_iter_destroy(iter);
+ nftnl_expr_iter_destroy(iter);
if (cs->jumpto != NULL)
return;
@@ -578,7 +578,7 @@ after_devdst:
}
static void
-nft_arp_print_firewall(struct nft_rule *r, unsigned int num,
+nft_arp_print_firewall(struct nftnl_rule *r, unsigned int num,
unsigned int format)
{
struct arptables_command_state cs = {};
@@ -634,7 +634,7 @@ static bool nft_arp_is_same(const void *data_a,
(unsigned char *)b->arp.outiface_mask);
}
-static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nft_rule *r,
+static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r,
void *data)
{
const struct arptables_command_state *cs = data;
diff --git a/iptables/nft-arp.h b/iptables/nft-arp.h
index 930dae5c..05889b49 100644
--- a/iptables/nft-arp.h
+++ b/iptables/nft-arp.h
@@ -10,7 +10,7 @@ struct arptables_command_state {
const char *jumpto;
};
-void nft_rule_to_arptables_command_state(struct nft_rule *r,
+void nft_rule_to_arptables_command_state(struct nftnl_rule *r,
struct arptables_command_state *cs);
#endif
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 9498600e..22940cf7 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -96,7 +96,7 @@ static uint16_t ipt_to_ebt_flags(uint8_t invflags)
return result;
}
-static void add_logical_iniface(struct nft_rule *r, char *iface, uint32_t op)
+static void add_logical_iniface(struct nftnl_rule *r, char *iface, uint32_t op)
{
int iface_len;
@@ -109,7 +109,7 @@ static void add_logical_iniface(struct nft_rule *r, char *iface, uint32_t op)
add_cmp_ptr(r, op, iface, iface_len + 1);
}
-static void add_logical_outiface(struct nft_rule *r, char *iface, uint32_t op)
+static void add_logical_outiface(struct nftnl_rule *r, char *iface, uint32_t op)
{
int iface_len;
@@ -125,7 +125,7 @@ static void add_logical_outiface(struct nft_rule *r, char *iface, uint32_t op)
/* TODO: Use generic add_action() once we convert this to use
* iptables_command_state.
*/
-static int _add_action(struct nft_rule *r, struct ebtables_command_state *cs)
+static int _add_action(struct nftnl_rule *r, struct ebtables_command_state *cs)
{
int ret = 0;
@@ -151,7 +151,7 @@ static int _add_action(struct nft_rule *r, struct ebtables_command_state *cs)
return ret;
}
-static int nft_bridge_add(struct nft_rule *r, void *data)
+static int nft_bridge_add(struct nftnl_rule *r, void *data)
{
struct ebtables_command_state *cs = data;
struct ebt_match *iter;
@@ -221,7 +221,7 @@ static int nft_bridge_add(struct nft_rule *r, void *data)
}
static void nft_bridge_parse_meta(struct nft_xt_ctx *ctx,
- struct nft_rule_expr *e, void *data)
+ struct nftnl_expr *e, void *data)
{
struct ebtables_command_state *cs = data;
struct ebt_entry *fw = &cs->fw;
@@ -237,8 +237,8 @@ static void nft_bridge_parse_meta(struct nft_xt_ctx *ctx,
switch (ctx->meta.key) {
case NFT_META_BRI_IIFNAME:
- ifname = nft_rule_expr_get(e, NFT_EXPR_CMP_DATA, &len);
- if (nft_rule_expr_get_u32(e, NFT_EXPR_CMP_OP) == NFT_CMP_NEQ)
+ ifname = nftnl_expr_get(e, NFTNL_EXPR_CMP_DATA, &len);
+ if (nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP) == NFT_CMP_NEQ)
flags |= IPT_INV_VIA_IN;
memcpy(fw->logical_in, ifname, len);
@@ -252,8 +252,8 @@ static void nft_bridge_parse_meta(struct nft_xt_ctx *ctx,
}
break;
case NFT_META_BRI_OIFNAME:
- ifname = nft_rule_expr_get(e, NFT_EXPR_CMP_DATA, &len);
- if (nft_rule_expr_get_u32(e, NFT_EXPR_CMP_OP) == NFT_CMP_NEQ)
+ ifname = nftnl_expr_get(e, NFTNL_EXPR_CMP_DATA, &len);
+ if (nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP) == NFT_CMP_NEQ)
flags |= IPT_INV_VIA_OUT;
memcpy(fw->logical_out, ifname, len);
@@ -275,7 +275,7 @@ out:
}
static void nft_bridge_parse_payload(struct nft_xt_ctx *ctx,
- struct nft_rule_expr *e, void *data)
+ struct nftnl_expr *e, void *data)
{
struct ebtables_command_state *cs = data;
struct ebt_entry *fw = &cs->fw;
@@ -358,25 +358,25 @@ static void nft_bridge_parse_target(struct xtables_target *t, void *data)
cs->target = t;
}
-void nft_rule_to_ebtables_command_state(struct nft_rule *r,
+void nft_rule_to_ebtables_command_state(struct nftnl_rule *r,
struct ebtables_command_state *cs)
{
- struct nft_rule_expr_iter *iter;
- struct nft_rule_expr *expr;
- int family = nft_rule_attr_get_u32(r, NFT_RULE_ATTR_FAMILY);
+ struct nftnl_expr_iter *iter;
+ struct nftnl_expr *expr;
+ int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
struct nft_xt_ctx ctx = {
.state.cs_eb = cs,
.family = family,
};
- iter = nft_rule_expr_iter_create(r);
+ iter = nftnl_expr_iter_create(r);
if (iter == NULL)
return;
- expr = nft_rule_expr_iter_next(iter);
+ expr = nftnl_expr_iter_next(iter);
while (expr != NULL) {
const char *name =
- nft_rule_expr_get_str(expr, NFT_RULE_EXPR_ATTR_NAME);
+ nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
if (strcmp(name, "counter") == 0)
nft_parse_counter(expr, &cs->counters);
@@ -395,10 +395,10 @@ void nft_rule_to_ebtables_command_state(struct nft_rule *r,
else if (strcmp(name, "target") == 0)
nft_parse_target(&ctx, expr);
- expr = nft_rule_expr_iter_next(iter);
+ expr = nftnl_expr_iter_next(iter);
}
- nft_rule_expr_iter_destroy(iter);
+ nftnl_expr_iter_destroy(iter);
if (cs->jumpto != NULL)
return;
@@ -434,7 +434,7 @@ static void nft_bridge_print_header(unsigned int format, const char *chain,
chain, refs, basechain ? pol : "RETURN");
}
-static void nft_bridge_print_firewall(struct nft_rule *r, unsigned int num,
+static void nft_bridge_print_firewall(struct nftnl_rule *r, unsigned int num,
unsigned int format)
{
struct xtables_match *matchp;
@@ -597,7 +597,7 @@ static bool nft_bridge_is_same(const void *data_a, const void *data_b)
b->out_mask);
}
-static bool nft_bridge_rule_find(struct nft_family_ops *ops, struct nft_rule *r,
+static bool nft_bridge_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r,
void *data)
{
struct ebtables_command_state *cs = data;
diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h
index 1c4a96ea..1c37a5f6 100644
--- a/iptables/nft-bridge.h
+++ b/iptables/nft-bridge.h
@@ -118,7 +118,7 @@ struct ebtables_command_state {
unsigned int options;
};
-void nft_rule_to_ebtables_command_state(struct nft_rule *r,
+void nft_rule_to_ebtables_command_state(struct nftnl_rule *r,
struct ebtables_command_state *cs);
static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = {
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index 140093cd..109c6237 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -25,7 +25,7 @@
#include "nft.h"
#include "nft-shared.h"
-static int nft_ipv4_add(struct nft_rule *r, void *data)
+static int nft_ipv4_add(struct nftnl_rule *r, void *data)
{
struct iptables_command_state *cs = data;
struct xtables_rule_match *matchp;
@@ -109,7 +109,7 @@ static bool nft_ipv4_is_same(const void *data_a,
b->fw.ip.iniface_mask, b->fw.ip.outiface_mask);
}
-static void get_frag(struct nft_xt_ctx *ctx, struct nft_rule_expr *e, bool *inv)
+static void get_frag(struct nft_xt_ctx *ctx, struct nftnl_expr *e, bool *inv)
{
uint8_t op;
@@ -118,7 +118,7 @@ static void get_frag(struct nft_xt_ctx *ctx, struct nft_rule_expr *e, bool *inv)
return;
/* we assume correct data */
- op = nft_rule_expr_get_u32(e, NFT_EXPR_CMP_OP);
+ op = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP);
if (op == NFT_CMP_EQ)
*inv = true;
else
@@ -153,7 +153,7 @@ static const char *mask_to_str(uint32_t mask)
return mask_str;
}
-static void nft_ipv4_parse_meta(struct nft_xt_ctx *ctx, struct nft_rule_expr *e,
+static void nft_ipv4_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
void *data)
{
struct iptables_command_state *cs = data;
@@ -169,7 +169,7 @@ static void parse_mask_ipv4(struct nft_xt_ctx *ctx, struct in_addr *mask)
}
static void nft_ipv4_parse_payload(struct nft_xt_ctx *ctx,
- struct nft_rule_expr *e, void *data)
+ struct nftnl_expr *e, void *data)
{
struct iptables_command_state *cs = data;
struct in_addr addr;
@@ -283,7 +283,7 @@ static void print_fragment(unsigned int flags, unsigned int invflags,
fputc(' ', stdout);
}
-static void nft_ipv4_print_firewall(struct nft_rule *r, unsigned int num,
+static void nft_ipv4_print_firewall(struct nftnl_rule *r, unsigned int num,
unsigned int format)
{
struct iptables_command_state cs = {};
@@ -414,7 +414,7 @@ static void nft_ipv4_parse_target(struct xtables_target *t, void *data)
}
static bool nft_ipv4_rule_find(struct nft_family_ops *ops,
- struct nft_rule *r, void *data)
+ struct nftnl_rule *r, void *data)
{
struct iptables_command_state *cs = data;
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index d50b138e..7b27d872 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -24,7 +24,7 @@
#include "nft.h"
#include "nft-shared.h"
-static int nft_ipv6_add(struct nft_rule *r, void *data)
+static int nft_ipv6_add(struct nftnl_rule *r, void *data)
{
struct iptables_command_state *cs = data;
struct xtables_rule_match *matchp;
@@ -99,7 +99,7 @@ static bool nft_ipv6_is_same(const void *data_a,
b->fw6.ipv6.outiface_mask);
}
-static void nft_ipv6_parse_meta(struct nft_xt_ctx *ctx, struct nft_rule_expr *e,
+static void nft_ipv6_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
void *data)
{
struct iptables_command_state *cs = data;
@@ -115,7 +115,7 @@ static void parse_mask_ipv6(struct nft_xt_ctx *ctx, struct in6_addr *mask)
}
static void nft_ipv6_parse_payload(struct nft_xt_ctx *ctx,
- struct nft_rule_expr *e, void *data)
+ struct nftnl_expr *e, void *data)
{
struct iptables_command_state *cs = data;
struct in6_addr addr;
@@ -217,7 +217,7 @@ static void print_ipv6_addr(const struct iptables_command_state *cs,
}
}
-static void nft_ipv6_print_firewall(struct nft_rule *r, unsigned int num,
+static void nft_ipv6_print_firewall(struct nftnl_rule *r, unsigned int num,
unsigned int format)
{
struct iptables_command_state cs = {};
@@ -362,7 +362,7 @@ static void nft_ipv6_parse_target(struct xtables_target *t, void *data)
}
static bool nft_ipv6_rule_find(struct nft_family_ops *ops,
- struct nft_rule *r, void *data)
+ struct nftnl_rule *r, void *data)
{
struct iptables_command_state *cs = data;
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 1182f560..4007cbcc 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -35,103 +35,103 @@ extern struct nft_family_ops nft_family_ops_ipv6;
extern struct nft_family_ops nft_family_ops_arp;
extern struct nft_family_ops nft_family_ops_bridge;
-void add_meta(struct nft_rule *r, uint32_t key)
+void add_meta(struct nftnl_rule *r, uint32_t key)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("meta");
+ expr = nftnl_expr_alloc("meta");
if (expr == NULL)
return;
- nft_rule_expr_set_u32(expr, NFT_EXPR_META_KEY, key);
- nft_rule_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, key);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
}
-void add_payload(struct nft_rule *r, int offset, int len, uint32_t base)
+void add_payload(struct nftnl_rule *r, int offset, int len, uint32_t base)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("payload");
+ expr = nftnl_expr_alloc("payload");
if (expr == NULL)
return;
- nft_rule_expr_set_u32(expr, NFT_EXPR_PAYLOAD_BASE, base);
- nft_rule_expr_set_u32(expr, NFT_EXPR_PAYLOAD_DREG, NFT_REG_1);
- nft_rule_expr_set_u32(expr, NFT_EXPR_PAYLOAD_OFFSET, offset);
- nft_rule_expr_set_u32(expr, NFT_EXPR_PAYLOAD_LEN, len);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_PAYLOAD_BASE, base);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_PAYLOAD_DREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_PAYLOAD_OFFSET, offset);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_PAYLOAD_LEN, len);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
}
/* bitwise operation is = sreg & mask ^ xor */
-void add_bitwise_u16(struct nft_rule *r, int mask, int xor)
+void add_bitwise_u16(struct nftnl_rule *r, int mask, int xor)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("bitwise");
+ expr = nftnl_expr_alloc("bitwise");
if (expr == NULL)
return;
- nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_SREG, NFT_REG_1);
- nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_DREG, NFT_REG_1);
- nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_LEN, sizeof(uint16_t));
- nft_rule_expr_set(expr, NFT_EXPR_BITWISE_MASK, &mask, sizeof(uint16_t));
- nft_rule_expr_set(expr, NFT_EXPR_BITWISE_XOR, &xor, sizeof(uint16_t));
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_BITWISE_SREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_BITWISE_DREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_BITWISE_LEN, sizeof(uint16_t));
+ nftnl_expr_set(expr, NFTNL_EXPR_BITWISE_MASK, &mask, sizeof(uint16_t));
+ nftnl_expr_set(expr, NFTNL_EXPR_BITWISE_XOR, &xor, sizeof(uint16_t));
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
}
-static void add_bitwise(struct nft_rule *r, uint8_t *mask, size_t len)
+static void add_bitwise(struct nftnl_rule *r, uint8_t *mask, size_t len)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
uint32_t xor[4] = { 0 };
- expr = nft_rule_expr_alloc("bitwise");
+ expr = nftnl_expr_alloc("bitwise");
if (expr == NULL)
return;
- nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_SREG, NFT_REG_1);
- nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_DREG, NFT_REG_1);
- nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_LEN, len);
- nft_rule_expr_set(expr, NFT_EXPR_BITWISE_MASK, mask, len);
- nft_rule_expr_set(expr, NFT_EXPR_BITWISE_XOR, &xor, len);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_BITWISE_SREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_BITWISE_DREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_BITWISE_LEN, len);
+ nftnl_expr_set(expr, NFTNL_EXPR_BITWISE_MASK, mask, len);
+ nftnl_expr_set(expr, NFTNL_EXPR_BITWISE_XOR, &xor, len);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
}
-void add_cmp_ptr(struct nft_rule *r, uint32_t op, void *data, size_t len)
+void add_cmp_ptr(struct nftnl_rule *r, uint32_t op, void *data, size_t len)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("cmp");
+ expr = nftnl_expr_alloc("cmp");
if (expr == NULL)
return;
- nft_rule_expr_set_u32(expr, NFT_EXPR_CMP_SREG, NFT_REG_1);
- nft_rule_expr_set_u32(expr, NFT_EXPR_CMP_OP, op);
- nft_rule_expr_set(expr, NFT_EXPR_CMP_DATA, data, len);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_SREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_OP, op);
+ nftnl_expr_set(expr, NFTNL_EXPR_CMP_DATA, data, len);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
}
-void add_cmp_u8(struct nft_rule *r, uint8_t val, uint32_t op)
+void add_cmp_u8(struct nftnl_rule *r, uint8_t val, uint32_t op)
{
add_cmp_ptr(r, op, &val, sizeof(val));
}
-void add_cmp_u16(struct nft_rule *r, uint16_t val, uint32_t op)
+void add_cmp_u16(struct nftnl_rule *r, uint16_t val, uint32_t op)
{
add_cmp_ptr(r, op, &val, sizeof(val));
}
-void add_cmp_u32(struct nft_rule *r, uint32_t val, uint32_t op)
+void add_cmp_u32(struct nftnl_rule *r, uint32_t val, uint32_t op)
{
add_cmp_ptr(r, op, &val, sizeof(val));
}
-void add_iniface(struct nft_rule *r, char *iface, uint32_t op)
+void add_iniface(struct nftnl_rule *r, char *iface, uint32_t op)
{
int iface_len;
@@ -144,7 +144,7 @@ void add_iniface(struct nft_rule *r, char *iface, uint32_t op)
add_cmp_ptr(r, op, iface, iface_len + 1);
}
-void add_outiface(struct nft_rule *r, char *iface, uint32_t op)
+void add_outiface(struct nftnl_rule *r, char *iface, uint32_t op)
{
int iface_len;
@@ -157,7 +157,7 @@ void add_outiface(struct nft_rule *r, char *iface, uint32_t op)
add_cmp_ptr(r, op, iface, iface_len + 1);
}
-void add_addr(struct nft_rule *r, int offset,
+void add_addr(struct nftnl_rule *r, int offset,
void *data, void *mask, size_t len, uint32_t op)
{
add_payload(r, offset, len, NFT_PAYLOAD_NETWORK_HEADER);
@@ -166,7 +166,7 @@ void add_addr(struct nft_rule *r, int offset,
add_cmp_ptr(r, op, data, len);
}
-void add_proto(struct nft_rule *r, int offset, size_t len,
+void add_proto(struct nftnl_rule *r, int offset, size_t len,
uint8_t proto, uint32_t op)
{
add_payload(r, offset, len, NFT_PAYLOAD_NETWORK_HEADER);
@@ -207,7 +207,7 @@ bool is_same_interfaces(const char *a_iniface, const char *a_outiface,
return true;
}
-int parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface,
+int parse_meta(struct nftnl_expr *e, uint8_t key, char *iniface,
unsigned char *iniface_mask, char *outiface,
unsigned char *outiface_mask, uint8_t *invflags)
{
@@ -217,8 +217,8 @@ int parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface,
switch(key) {
case NFT_META_IIF:
- value = nft_rule_expr_get_u32(e, NFT_EXPR_CMP_DATA);
- if (nft_rule_expr_get_u32(e, NFT_EXPR_CMP_OP) == NFT_CMP_NEQ)
+ value = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_DATA);
+ if (nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP) == NFT_CMP_NEQ)
*invflags |= IPT_INV_VIA_IN;
if_indextoname(value, iniface);
@@ -226,8 +226,8 @@ int parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface,
memset(iniface_mask, 0xff, strlen(iniface)+1);
break;
case NFT_META_OIF:
- value = nft_rule_expr_get_u32(e, NFT_EXPR_CMP_DATA);
- if (nft_rule_expr_get_u32(e, NFT_EXPR_CMP_OP) == NFT_CMP_NEQ)
+ value = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_DATA);
+ if (nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP) == NFT_CMP_NEQ)
*invflags |= IPT_INV_VIA_OUT;
if_indextoname(value, outiface);
@@ -235,8 +235,8 @@ int parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface,
memset(outiface_mask, 0xff, strlen(outiface)+1);
break;
case NFT_META_IIFNAME:
- ifname = nft_rule_expr_get(e, NFT_EXPR_CMP_DATA, &len);
- if (nft_rule_expr_get_u32(e, NFT_EXPR_CMP_OP) == NFT_CMP_NEQ)
+ ifname = nftnl_expr_get(e, NFTNL_EXPR_CMP_DATA, &len);
+ if (nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP) == NFT_CMP_NEQ)
*invflags |= IPT_INV_VIA_IN;
memcpy(iniface, ifname, len);
@@ -250,8 +250,8 @@ int parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface,
}
break;
case NFT_META_OIFNAME:
- ifname = nft_rule_expr_get(e, NFT_EXPR_CMP_DATA, &len);
- if (nft_rule_expr_get_u32(e, NFT_EXPR_CMP_OP) == NFT_CMP_NEQ)
+ ifname = nftnl_expr_get(e, NFTNL_EXPR_CMP_DATA, &len);
+ if (nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP) == NFT_CMP_NEQ)
*invflags |= IPT_INV_VIA_OUT;
memcpy(outiface, ifname, len);
@@ -287,11 +287,11 @@ static void *nft_get_data(struct nft_xt_ctx *ctx)
}
}
-void nft_parse_target(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_target(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
uint32_t tg_len;
- const char *targname = nft_rule_expr_get_str(e, NFT_EXPR_TG_NAME);
- const void *targinfo = nft_rule_expr_get(e, NFT_EXPR_TG_INFO, &tg_len);
+ const char *targname = nftnl_expr_get_str(e, NFTNL_EXPR_TG_NAME);
+ const void *targinfo = nftnl_expr_get(e, NFTNL_EXPR_TG_INFO, &tg_len);
struct xtables_target *target;
struct xt_entry_target *t;
size_t size;
@@ -311,7 +311,7 @@ void nft_parse_target(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
}
memcpy(&t->data, targinfo, tg_len);
t->u.target_size = size;
- t->u.user.revision = nft_rule_expr_get_u32(e, NFT_EXPR_TG_REV);
+ t->u.user.revision = nftnl_expr_get_u32(e, NFTNL_EXPR_TG_REV);
strcpy(t->u.user.name, target->name);
target->t = t;
@@ -320,11 +320,11 @@ void nft_parse_target(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
ops->parse_target(target, data);
}
-void nft_parse_match(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_match(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
uint32_t mt_len;
- const char *mt_name = nft_rule_expr_get_str(e, NFT_EXPR_MT_NAME);
- const void *mt_info = nft_rule_expr_get(e, NFT_EXPR_MT_INFO, &mt_len);
+ const char *mt_name = nftnl_expr_get_str(e, NFTNL_EXPR_MT_NAME);
+ const void *mt_info = nftnl_expr_get(e, NFTNL_EXPR_MT_INFO, &mt_len);
struct xtables_match *match;
struct xtables_rule_match **matches;
struct xt_entry_match *m;
@@ -356,7 +356,7 @@ void nft_parse_match(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
memcpy(&m->data, mt_info, mt_len);
m->u.match_size = mt_len + XT_ALIGN(sizeof(struct xt_entry_match));
- m->u.user.revision = nft_rule_expr_get_u32(e, NFT_EXPR_TG_REV);
+ m->u.user.revision = nftnl_expr_get_u32(e, NFTNL_EXPR_TG_REV);
strcpy(m->u.user.name, match->name);
match->m = m;
@@ -381,56 +381,56 @@ void print_proto(uint16_t proto, int invert)
printf("-p %u ", proto);
}
-void get_cmp_data(struct nft_rule_expr *e, void *data, size_t dlen, bool *inv)
+void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv)
{
uint32_t len;
uint8_t op;
- memcpy(data, nft_rule_expr_get(e, NFT_EXPR_CMP_DATA, &len), dlen);
- op = nft_rule_expr_get_u32(e, NFT_EXPR_CMP_OP);
+ memcpy(data, nftnl_expr_get(e, NFTNL_EXPR_CMP_DATA, &len), dlen);
+ op = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP);
if (op == NFT_CMP_NEQ)
*inv = true;
else
*inv = false;
}
-void nft_parse_meta(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
- ctx->reg = nft_rule_expr_get_u32(e, NFT_EXPR_META_DREG);
- ctx->meta.key = nft_rule_expr_get_u32(e, NFT_EXPR_META_KEY);
+ ctx->reg = nftnl_expr_get_u32(e, NFTNL_EXPR_META_DREG);
+ ctx->meta.key = nftnl_expr_get_u32(e, NFTNL_EXPR_META_KEY);
ctx->flags |= NFT_XT_CTX_META;
}
-void nft_parse_payload(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_payload(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
- ctx->reg = nft_rule_expr_get_u32(e, NFT_EXPR_META_DREG);
- ctx->payload.offset = nft_rule_expr_get_u32(e, NFT_EXPR_PAYLOAD_OFFSET);
+ ctx->reg = nftnl_expr_get_u32(e, NFTNL_EXPR_META_DREG);
+ ctx->payload.offset = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_OFFSET);
ctx->flags |= NFT_XT_CTX_PAYLOAD;
}
-void nft_parse_bitwise(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_bitwise(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
uint32_t reg, len;
const void *data;
- reg = nft_rule_expr_get_u32(e, NFT_EXPR_BITWISE_SREG);
+ reg = nftnl_expr_get_u32(e, NFTNL_EXPR_BITWISE_SREG);
if (ctx->reg && reg != ctx->reg)
return;
- data = nft_rule_expr_get(e, NFT_EXPR_BITWISE_XOR, &len);
+ data = nftnl_expr_get(e, NFTNL_EXPR_BITWISE_XOR, &len);
memcpy(ctx->bitwise.xor, data, len);
- data = nft_rule_expr_get(e, NFT_EXPR_BITWISE_MASK, &len);
+ data = nftnl_expr_get(e, NFTNL_EXPR_BITWISE_MASK, &len);
memcpy(ctx->bitwise.mask, data, len);
ctx->flags |= NFT_XT_CTX_BITWISE;
}
-void nft_parse_cmp(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_cmp(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
struct nft_family_ops *ops = nft_family_ops_lookup(ctx->family);
void *data = nft_get_data(ctx);
uint32_t reg;
- reg = nft_rule_expr_get_u32(e, NFT_EXPR_CMP_SREG);
+ reg = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_SREG);
if (ctx->reg && reg != ctx->reg)
return;
@@ -445,16 +445,16 @@ void nft_parse_cmp(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
}
}
-void nft_parse_counter(struct nft_rule_expr *e, struct xt_counters *counters)
+void nft_parse_counter(struct nftnl_expr *e, struct xt_counters *counters)
{
- counters->pcnt = nft_rule_expr_get_u64(e, NFT_EXPR_CTR_PACKETS);
- counters->bcnt = nft_rule_expr_get_u64(e, NFT_EXPR_CTR_BYTES);
+ counters->pcnt = nftnl_expr_get_u64(e, NFTNL_EXPR_CTR_PACKETS);
+ counters->bcnt = nftnl_expr_get_u64(e, NFTNL_EXPR_CTR_BYTES);
}
-void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
- int verdict = nft_rule_expr_get_u32(e, NFT_EXPR_IMM_VERDICT);
- const char *chain = nft_rule_expr_get_str(e, NFT_EXPR_IMM_CHAIN);
+ int verdict = nftnl_expr_get_u32(e, NFTNL_EXPR_IMM_VERDICT);
+ const char *chain = nftnl_expr_get_str(e, NFTNL_EXPR_IMM_CHAIN);
struct nft_family_ops *ops;
const char *jumpto = NULL;
bool nft_goto = false;
@@ -482,26 +482,26 @@ void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
ops->parse_immediate(jumpto, nft_goto, data);
}
-void nft_rule_to_iptables_command_state(struct nft_rule *r,
+void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
struct iptables_command_state *cs)
{
- struct nft_rule_expr_iter *iter;
- struct nft_rule_expr *expr;
- int family = nft_rule_attr_get_u32(r, NFT_RULE_ATTR_FAMILY);
+ struct nftnl_expr_iter *iter;
+ struct nftnl_expr *expr;
+ int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
struct nft_xt_ctx ctx = {
.state.cs = cs,
.family = family,
};
- iter = nft_rule_expr_iter_create(r);
+ iter = nftnl_expr_iter_create(r);
if (iter == NULL)
return;
ctx.iter = iter;
- expr = nft_rule_expr_iter_next(iter);
+ expr = nftnl_expr_iter_next(iter);
while (expr != NULL) {
const char *name =
- nft_rule_expr_get_str(expr, NFT_RULE_EXPR_ATTR_NAME);
+ nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
if (strcmp(name, "counter") == 0)
nft_parse_counter(expr, &ctx.state.cs->counters);
@@ -520,10 +520,10 @@ void nft_rule_to_iptables_command_state(struct nft_rule *r,
else if (strcmp(name, "target") == 0)
nft_parse_target(&ctx, expr);
- expr = nft_rule_expr_iter_next(iter);
+ expr = nftnl_expr_iter_next(iter);
}
- nft_rule_expr_iter_destroy(iter);
+ nftnl_expr_iter_destroy(iter);
if (cs->target != NULL)
cs->jumpto = cs->target->name;
@@ -825,7 +825,7 @@ bool compare_targets(struct xtables_target *tg1, struct xtables_target *tg2)
}
bool nft_ipv46_rule_find(struct nft_family_ops *ops,
- struct nft_rule *r, struct iptables_command_state *cs)
+ struct nftnl_rule *r, struct iptables_command_state *cs)
{
struct iptables_command_state this = {};
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index fbce5b5d..b3dc3c2b 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -50,7 +50,7 @@ struct nft_xt_ctx {
struct arptables_command_state *cs_arp;
struct ebtables_command_state *cs_eb;
} state;
- struct nft_rule_expr_iter *iter;
+ struct nftnl_expr_iter *iter;
int family;
uint32_t flags;
@@ -69,18 +69,18 @@ struct nft_xt_ctx {
};
struct nft_family_ops {
- int (*add)(struct nft_rule *r, void *data);
+ int (*add)(struct nftnl_rule *r, void *data);
bool (*is_same)(const void *data_a,
const void *data_b);
- void (*print_payload)(struct nft_rule_expr *e,
- struct nft_rule_expr_iter *iter);
- void (*parse_meta)(struct nft_xt_ctx *ctx, struct nft_rule_expr *e,
+ void (*print_payload)(struct nftnl_expr *e,
+ struct nftnl_expr_iter *iter);
+ void (*parse_meta)(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
void *data);
- void (*parse_payload)(struct nft_xt_ctx *ctx, struct nft_rule_expr *e,
+ void (*parse_payload)(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
void *data);
- void (*parse_bitwise)(struct nft_xt_ctx *ctx, struct nft_rule_expr *e,
+ void (*parse_bitwise)(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
void *data);
- void (*parse_cmp)(struct nft_xt_ctx *ctx, struct nft_rule_expr *e,
+ void (*parse_cmp)(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
void *data);
void (*parse_immediate)(const char *jumpto, bool nft_goto, void *data);
@@ -89,7 +89,7 @@ struct nft_family_ops {
const char *pol,
const struct xt_counters *counters, bool basechain,
uint32_t refs);
- void (*print_firewall)(struct nft_rule *r, unsigned int num,
+ void (*print_firewall)(struct nftnl_rule *r, unsigned int num,
unsigned int format);
void (*save_firewall)(const void *data, unsigned int format);
void (*save_counters)(const void *data);
@@ -99,24 +99,24 @@ struct nft_family_ops {
struct xtables_args *args);
void (*parse_match)(struct xtables_match *m, void *data);
void (*parse_target)(struct xtables_target *t, void *data);
- bool (*rule_find)(struct nft_family_ops *ops, struct nft_rule *r,
+ bool (*rule_find)(struct nft_family_ops *ops, struct nftnl_rule *r,
void *data);
};
-void add_meta(struct nft_rule *r, uint32_t key);
-void add_payload(struct nft_rule *r, int offset, int len, uint32_t base);
-void add_bitwise_u16(struct nft_rule *r, int mask, int xor);
-void add_cmp_ptr(struct nft_rule *r, uint32_t op, void *data, size_t len);
-void add_cmp_u8(struct nft_rule *r, uint8_t val, uint32_t op);
-void add_cmp_u16(struct nft_rule *r, uint16_t val, uint32_t op);
-void add_cmp_u32(struct nft_rule *r, uint32_t val, uint32_t op);
-void add_iniface(struct nft_rule *r, char *iface, uint32_t op);
-void add_outiface(struct nft_rule *r, char *iface, uint32_t op);
-void add_addr(struct nft_rule *r, int offset,
+void add_meta(struct nftnl_rule *r, uint32_t key);
+void add_payload(struct nftnl_rule *r, int offset, int len, uint32_t base);
+void add_bitwise_u16(struct nftnl_rule *r, int mask, int xor);
+void add_cmp_ptr(struct nftnl_rule *r, uint32_t op, void *data, size_t len);
+void add_cmp_u8(struct nftnl_rule *r, uint8_t val, uint32_t op);
+void add_cmp_u16(struct nftnl_rule *r, uint16_t val, uint32_t op);
+void add_cmp_u32(struct nftnl_rule *r, uint32_t val, uint32_t op);
+void add_iniface(struct nftnl_rule *r, char *iface, uint32_t op);
+void add_outiface(struct nftnl_rule *r, char *iface, uint32_t op);
+void add_addr(struct nftnl_rule *r, int offset,
void *data, void *mask, size_t len, uint32_t op);
-void add_proto(struct nft_rule *r, int offset, size_t len,
+void add_proto(struct nftnl_rule *r, int offset, size_t len,
uint8_t proto, uint32_t op);
-void add_compat(struct nft_rule *r, uint32_t proto, bool inv);
+void add_compat(struct nftnl_rule *r, uint32_t proto, bool inv);
bool is_same_interfaces(const char *a_iniface, const char *a_outiface,
unsigned const char *a_iniface_mask,
@@ -125,20 +125,20 @@ bool is_same_interfaces(const char *a_iniface, const char *a_outiface,
unsigned const char *b_iniface_mask,
unsigned const char *b_outiface_mask);
-int parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface,
+int parse_meta(struct nftnl_expr *e, uint8_t key, char *iniface,
unsigned char *iniface_mask, char *outiface,
unsigned char *outiface_mask, uint8_t *invflags);
void print_proto(uint16_t proto, int invert);
-void get_cmp_data(struct nft_rule_expr *e, void *data, size_t dlen, bool *inv);
-void nft_parse_bitwise(struct nft_xt_ctx *ctx, struct nft_rule_expr *e);
-void nft_parse_cmp(struct nft_xt_ctx *ctx, struct nft_rule_expr *e);
-void nft_parse_match(struct nft_xt_ctx *ctx, struct nft_rule_expr *e);
-void nft_parse_target(struct nft_xt_ctx *ctx, struct nft_rule_expr *e);
-void nft_parse_meta(struct nft_xt_ctx *ctx, struct nft_rule_expr *e);
-void nft_parse_payload(struct nft_xt_ctx *ctx, struct nft_rule_expr *e);
-void nft_parse_counter(struct nft_rule_expr *e, struct xt_counters *counters);
-void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nft_rule_expr *e);
-void nft_rule_to_iptables_command_state(struct nft_rule *r,
+void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv);
+void nft_parse_bitwise(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
+void nft_parse_cmp(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
+void nft_parse_match(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
+void nft_parse_target(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
+void nft_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
+void nft_parse_payload(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
+void nft_parse_counter(struct nftnl_expr *e, struct xt_counters *counters);
+void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
+void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
struct iptables_command_state *cs);
void print_header(unsigned int format, const char *chain, const char *pol,
const struct xt_counters *counters, bool basechain,
@@ -166,7 +166,7 @@ void save_matches_and_target(struct xtables_rule_match *m,
struct nft_family_ops *nft_family_ops_lookup(int family);
struct nft_handle;
-bool nft_ipv46_rule_find(struct nft_family_ops *ops, struct nft_rule *r,
+bool nft_ipv46_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r,
struct iptables_command_state *cs);
bool compare_matches(struct xtables_rule_match *mt1, struct xtables_rule_match *mt2);
diff --git a/iptables/nft.c b/iptables/nft.c
index 183f17ca..68b4da38 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -93,7 +93,7 @@ struct batch_page {
*/
#define BATCH_PAGE_SIZE getpagesize() * 32
-static struct mnl_nlmsg_batch *mnl_nft_batch_alloc(void)
+static struct mnl_nlmsg_batch *mnl_nftnl_batch_alloc(void)
{
static char *buf;
@@ -106,7 +106,7 @@ static struct mnl_nlmsg_batch *mnl_nft_batch_alloc(void)
}
static struct mnl_nlmsg_batch *
-mnl_nft_batch_page_add(struct mnl_nlmsg_batch *batch)
+mnl_nftnl_batch_page_add(struct mnl_nlmsg_batch *batch)
{
struct batch_page *batch_page;
@@ -118,7 +118,7 @@ mnl_nft_batch_page_add(struct mnl_nlmsg_batch *batch)
list_add_tail(&batch_page->head, &batch_page_list);
batch_num_pages++;
- return mnl_nft_batch_alloc();
+ return mnl_nftnl_batch_alloc();
}
static int nlbuffsiz;
@@ -140,7 +140,7 @@ static void mnl_nft_set_sndbuffer(const struct mnl_socket *nl)
nlbuffsiz = newbuffsiz;
}
-static void mnl_nft_batch_reset(void)
+static void mnl_nftnl_batch_reset(void)
{
struct batch_page *batch_page, *next;
@@ -182,12 +182,12 @@ static ssize_t mnl_nft_socket_sendmsg(const struct mnl_socket *nl)
}
ret = sendmsg(mnl_socket_get_fd(nl), &msg, 0);
- mnl_nft_batch_reset();
+ mnl_nftnl_batch_reset();
return ret;
}
-static int mnl_nft_batch_talk(struct nft_handle *h)
+static int mnl_nftnl_batch_talk(struct nft_handle *h)
{
int ret, fd = mnl_socket_get_fd(h->nl);
char rcv_buf[MNL_SOCKET_BUFFER_SIZE];
@@ -233,18 +233,18 @@ static int mnl_nft_batch_talk(struct nft_handle *h)
return err ? -1 : 0;
}
-static void mnl_nft_batch_begin(struct mnl_nlmsg_batch *batch, uint32_t seq)
+static void mnl_nftnl_batch_begin(struct mnl_nlmsg_batch *batch, uint32_t seq)
{
- nft_batch_begin(mnl_nlmsg_batch_current(batch), seq);
+ nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq);
if (!mnl_nlmsg_batch_next(batch))
- mnl_nft_batch_page_add(batch);
+ mnl_nftnl_batch_page_add(batch);
}
-static void mnl_nft_batch_end(struct mnl_nlmsg_batch *batch, uint32_t seq)
+static void mnl_nftnl_batch_end(struct mnl_nlmsg_batch *batch, uint32_t seq)
{
- nft_batch_end(mnl_nlmsg_batch_current(batch), seq);
+ nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq);
if (!mnl_nlmsg_batch_next(batch))
- mnl_nft_batch_page_add(batch);
+ mnl_nftnl_batch_page_add(batch);
}
enum obj_update_type {
@@ -270,9 +270,9 @@ struct obj_update {
struct list_head head;
enum obj_update_type type;
union {
- struct nft_table *table;
- struct nft_chain *chain;
- struct nft_rule *rule;
+ struct nftnl_table *table;
+ struct nftnl_chain *chain;
+ struct nftnl_rule *rule;
void *ptr;
};
};
@@ -294,19 +294,19 @@ static int batch_add(struct nft_handle *h, enum obj_update_type type, void *ptr)
}
static int batch_table_add(struct nft_handle *h, enum obj_update_type type,
- struct nft_table *t)
+ struct nftnl_table *t)
{
return batch_add(h, type, t);
}
static int batch_chain_add(struct nft_handle *h, enum obj_update_type type,
- struct nft_chain *c)
+ struct nftnl_chain *c)
{
return batch_add(h, type, c);
}
static int batch_rule_add(struct nft_handle *h, enum obj_update_type type,
- struct nft_rule *r)
+ struct nftnl_rule *r)
{
return batch_add(h, type, r);
}
@@ -520,16 +520,16 @@ struct builtin_table xtables_bridge[TABLES_MAX] = {
},
};
-int nft_table_add(struct nft_handle *h, struct nft_table *t, uint16_t flags)
+int nft_table_add(struct nft_handle *h, struct nftnl_table *t, uint16_t flags)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
int ret;
- nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_NEWTABLE, h->family,
+ nlh = nftnl_table_nlmsg_build_hdr(buf, NFT_MSG_NEWTABLE, h->family,
NLM_F_ACK|flags, h->seq);
- nft_table_nlmsg_build_payload(nlh, t);
- nft_table_free(t);
+ nftnl_table_nlmsg_build_payload(nlh, t);
+ nftnl_table_free(t);
#ifdef NLDEBUG
char tmp[1024];
@@ -547,17 +547,17 @@ int nft_table_add(struct nft_handle *h, struct nft_table *t, uint16_t flags)
static int nft_table_builtin_add(struct nft_handle *h,
struct builtin_table *_t)
{
- struct nft_table *t;
+ struct nftnl_table *t;
int ret;
if (_t->initialized)
return 0;
- t = nft_table_alloc();
+ t = nftnl_table_alloc();
if (t == NULL)
return -1;
- nft_table_attr_set(t, NFT_TABLE_ATTR_NAME, (char *)_t->name);
+ nftnl_table_set(t, NFTNL_TABLE_NAME, (char *)_t->name);
if (h->batch_support)
ret = batch_table_add(h, NFT_COMPAT_TABLE_ADD, t);
@@ -570,37 +570,37 @@ static int nft_table_builtin_add(struct nft_handle *h,
return ret;
}
-static struct nft_chain *
+static struct nftnl_chain *
nft_chain_builtin_alloc(struct builtin_table *table,
struct builtin_chain *chain, int policy)
{
- struct nft_chain *c;
+ struct nftnl_chain *c;
- c = nft_chain_alloc();
+ c = nftnl_chain_alloc();
if (c == NULL)
return NULL;
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_TABLE, (char *)table->name);
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_NAME, (char *)chain->name);
- nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_HOOKNUM, chain->hook);
- nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_PRIO, chain->prio);
- nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_POLICY, policy);
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_TYPE, (char *)chain->type);
+ nftnl_chain_set(c, NFTNL_CHAIN_TABLE, (char *)table->name);
+ nftnl_chain_set(c, NFTNL_CHAIN_NAME, (char *)chain->name);
+ nftnl_chain_set_u32(c, NFTNL_CHAIN_HOOKNUM, chain->hook);
+ nftnl_chain_set_u32(c, NFTNL_CHAIN_PRIO, chain->prio);
+ nftnl_chain_set_u32(c, NFTNL_CHAIN_POLICY, policy);
+ nftnl_chain_set(c, NFTNL_CHAIN_TYPE, (char *)chain->type);
return c;
}
-int nft_chain_add(struct nft_handle *h, struct nft_chain *c, uint16_t flags)
+int nft_chain_add(struct nft_handle *h, struct nftnl_chain *c, uint16_t flags)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
/* NLM_F_CREATE requests module autoloading */
- nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, h->family,
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, h->family,
NLM_F_ACK|flags|NLM_F_CREATE,
h->seq);
- nft_chain_nlmsg_build_payload(nlh, c);
- nft_chain_free(c);
+ nftnl_chain_nlmsg_build_payload(nlh, c);
+ nftnl_chain_free(c);
#ifdef NLDEBUG
char tmp[1024];
@@ -617,7 +617,7 @@ static void nft_chain_builtin_add(struct nft_handle *h,
struct builtin_table *table,
struct builtin_chain *chain)
{
- struct nft_chain *c;
+ struct nftnl_chain *c;
c = nft_chain_builtin_alloc(table, chain, NF_ACCEPT);
if (c == NULL)
@@ -671,8 +671,8 @@ static void nft_chain_builtin_init(struct nft_handle *h,
struct builtin_table *table)
{
int i;
- struct nft_chain_list *list = nft_chain_dump(h);
- struct nft_chain *c;
+ struct nftnl_chain_list *list = nft_chain_dump(h);
+ struct nftnl_chain *c;
/* Initialize built-in chains if they don't exist yet */
for (i=0; i<NF_IP_NUMHOOKS && table->chains[i].name != NULL; i++) {
@@ -685,7 +685,7 @@ static void nft_chain_builtin_init(struct nft_handle *h,
nft_chain_builtin_add(h, table, &table->chains[i]);
}
- nft_chain_list_free(list);
+ nftnl_chain_list_free(list);
}
static int nft_xt_builtin_init(struct nft_handle *h, const char *table)
@@ -708,12 +708,12 @@ out:
return ret;
}
-static bool nft_chain_builtin(struct nft_chain *c)
+static bool nft_chain_builtin(struct nftnl_chain *c)
{
/* Check if this chain has hook number, in that case is built-in.
* Should we better export the flags to user-space via nf_tables?
*/
- return nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM) != NULL;
+ return nftnl_chain_get(c, NFTNL_CHAIN_HOOKNUM) != NULL;
}
static bool mnl_batch_supported(struct nft_handle *h)
@@ -722,14 +722,14 @@ static bool mnl_batch_supported(struct nft_handle *h)
uint32_t seq = 1;
int ret;
- mnl_nft_batch_begin(h->batch, seq++);
+ mnl_nftnl_batch_begin(h->batch, seq++);
- nft_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
+ nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
NFT_MSG_NEWSET, AF_INET,
NLM_F_ACK, seq++);
mnl_nlmsg_batch_next(h->batch);
- mnl_nft_batch_end(h->batch, seq++);
+ mnl_nftnl_batch_end(h->batch, seq++);
ret = mnl_socket_sendto(h->nl, mnl_nlmsg_batch_head(h->batch),
mnl_nlmsg_batch_size(h->batch));
@@ -773,7 +773,7 @@ int nft_init(struct nft_handle *h, struct builtin_table *t)
INIT_LIST_HEAD(&h->obj_list);
- h->batch = mnl_nft_batch_alloc();
+ h->batch = mnl_nftnl_batch_alloc();
h->batch_support = mnl_batch_supported(h);
return 0;
@@ -786,7 +786,7 @@ void nft_fini(struct nft_handle *h)
mnl_nlmsg_batch_stop(h->batch);
}
-static void nft_chain_print_debug(struct nft_chain *c, struct nlmsghdr *nlh)
+static void nft_chain_print_debug(struct nftnl_chain *c, struct nlmsghdr *nlh)
{
#ifdef NLDEBUG
char tmp[1024];
@@ -797,12 +797,12 @@ static void nft_chain_print_debug(struct nft_chain *c, struct nlmsghdr *nlh)
#endif
}
-static struct nft_chain *nft_chain_new(struct nft_handle *h,
+static struct nftnl_chain *nft_chain_new(struct nft_handle *h,
const char *table, const char *chain,
int policy,
const struct xt_counters *counters)
{
- struct nft_chain *c;
+ struct nftnl_chain *c;
struct builtin_table *_t;
struct builtin_chain *_c;
@@ -823,9 +823,9 @@ static struct nft_chain *nft_chain_new(struct nft_handle *h,
}
if (counters) {
- nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_BYTES,
+ nftnl_chain_set_u64(c, NFTNL_CHAIN_BYTES,
counters->bcnt);
- nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_PACKETS,
+ nftnl_chain_set_u64(c, NFTNL_CHAIN_PACKETS,
counters->pcnt);
}
@@ -836,7 +836,7 @@ int nft_chain_set(struct nft_handle *h, const char *table,
const char *chain, const char *policy,
const struct xt_counters *counters)
{
- struct nft_chain *c = NULL;
+ struct nftnl_chain *c = NULL;
int ret;
nft_fn = nft_chain_set;
@@ -858,103 +858,103 @@ int nft_chain_set(struct nft_handle *h, const char *table,
return ret == 0 ? 1 : 0;
}
-static int __add_match(struct nft_rule_expr *e, struct xt_entry_match *m)
+static int __add_match(struct nftnl_expr *e, struct xt_entry_match *m)
{
void *info;
- nft_rule_expr_set(e, NFT_EXPR_MT_NAME, m->u.user.name, strlen(m->u.user.name));
- nft_rule_expr_set_u32(e, NFT_EXPR_MT_REV, m->u.user.revision);
+ nftnl_expr_set(e, NFTNL_EXPR_MT_NAME, m->u.user.name, strlen(m->u.user.name));
+ nftnl_expr_set_u32(e, NFTNL_EXPR_MT_REV, m->u.user.revision);
info = calloc(1, m->u.match_size);
if (info == NULL)
return -ENOMEM;
memcpy(info, m->data, m->u.match_size - sizeof(*m));
- nft_rule_expr_set(e, NFT_EXPR_MT_INFO, info, m->u.match_size - sizeof(*m));
+ nftnl_expr_set(e, NFTNL_EXPR_MT_INFO, info, m->u.match_size - sizeof(*m));
return 0;
}
-int add_match(struct nft_rule *r, struct xt_entry_match *m)
+int add_match(struct nftnl_rule *r, struct xt_entry_match *m)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
int ret;
- expr = nft_rule_expr_alloc("match");
+ expr = nftnl_expr_alloc("match");
if (expr == NULL)
return -ENOMEM;
ret = __add_match(expr, m);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
return ret;
}
-static int __add_target(struct nft_rule_expr *e, struct xt_entry_target *t)
+static int __add_target(struct nftnl_expr *e, struct xt_entry_target *t)
{
void *info;
- nft_rule_expr_set(e, NFT_EXPR_TG_NAME, t->u.user.name,
+ nftnl_expr_set(e, NFTNL_EXPR_TG_NAME, t->u.user.name,
strlen(t->u.user.name));
- nft_rule_expr_set_u32(e, NFT_EXPR_TG_REV, t->u.user.revision);
+ nftnl_expr_set_u32(e, NFTNL_EXPR_TG_REV, t->u.user.revision);
info = calloc(1, t->u.target_size);
if (info == NULL)
return -ENOMEM;
memcpy(info, t->data, t->u.target_size - sizeof(*t));
- nft_rule_expr_set(e, NFT_EXPR_TG_INFO, info, t->u.target_size - sizeof(*t));
+ nftnl_expr_set(e, NFTNL_EXPR_TG_INFO, info, t->u.target_size - sizeof(*t));
return 0;
}
-int add_target(struct nft_rule *r, struct xt_entry_target *t)
+int add_target(struct nftnl_rule *r, struct xt_entry_target *t)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
int ret;
- expr = nft_rule_expr_alloc("target");
+ expr = nftnl_expr_alloc("target");
if (expr == NULL)
return -ENOMEM;
ret = __add_target(expr, t);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
return ret;
}
-int add_jumpto(struct nft_rule *r, const char *name, int verdict)
+int add_jumpto(struct nftnl_rule *r, const char *name, int verdict)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("immediate");
+ expr = nftnl_expr_alloc("immediate");
if (expr == NULL)
return -ENOMEM;
- nft_rule_expr_set_u32(expr, NFT_EXPR_IMM_DREG, NFT_REG_VERDICT);
- nft_rule_expr_set_u32(expr, NFT_EXPR_IMM_VERDICT, verdict);
- nft_rule_expr_set_str(expr, NFT_EXPR_IMM_CHAIN, (char *)name);
- nft_rule_add_expr(r, expr);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_IMM_DREG, NFT_REG_VERDICT);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_IMM_VERDICT, verdict);
+ nftnl_expr_set_str(expr, NFTNL_EXPR_IMM_CHAIN, (char *)name);
+ nftnl_rule_add_expr(r, expr);
return 0;
}
-int add_verdict(struct nft_rule *r, int verdict)
+int add_verdict(struct nftnl_rule *r, int verdict)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("immediate");
+ expr = nftnl_expr_alloc("immediate");
if (expr == NULL)
return -ENOMEM;
- nft_rule_expr_set_u32(expr, NFT_EXPR_IMM_DREG, NFT_REG_VERDICT);
- nft_rule_expr_set_u32(expr, NFT_EXPR_IMM_VERDICT, verdict);
- nft_rule_add_expr(r, expr);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_IMM_DREG, NFT_REG_VERDICT);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_IMM_VERDICT, verdict);
+ nftnl_rule_add_expr(r, expr);
return 0;
}
-int add_action(struct nft_rule *r, struct iptables_command_state *cs,
+int add_action(struct nftnl_rule *r, struct iptables_command_state *cs,
bool goto_set)
{
int ret = 0;
@@ -980,7 +980,7 @@ int add_action(struct nft_rule *r, struct iptables_command_state *cs,
return ret;
}
-static void nft_rule_print_debug(struct nft_rule *r, struct nlmsghdr *nlh)
+static void nft_rule_print_debug(struct nftnl_rule *r, struct nlmsghdr *nlh)
{
#ifdef NLDEBUG
char tmp[1024];
@@ -991,49 +991,49 @@ static void nft_rule_print_debug(struct nft_rule *r, struct nlmsghdr *nlh)
#endif
}
-int add_counters(struct nft_rule *r, uint64_t packets, uint64_t bytes)
+int add_counters(struct nftnl_rule *r, uint64_t packets, uint64_t bytes)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("counter");
+ expr = nftnl_expr_alloc("counter");
if (expr == NULL)
return -ENOMEM;
- nft_rule_expr_set_u64(expr, NFT_EXPR_CTR_PACKETS, packets);
- nft_rule_expr_set_u64(expr, NFT_EXPR_CTR_BYTES, bytes);
+ nftnl_expr_set_u64(expr, NFTNL_EXPR_CTR_PACKETS, packets);
+ nftnl_expr_set_u64(expr, NFTNL_EXPR_CTR_BYTES, bytes);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
return 0;
}
-void add_compat(struct nft_rule *r, uint32_t proto, bool inv)
+void add_compat(struct nftnl_rule *r, uint32_t proto, bool inv)
{
- nft_rule_attr_set_u32(r, NFT_RULE_ATTR_COMPAT_PROTO, proto);
- nft_rule_attr_set_u32(r, NFT_RULE_ATTR_COMPAT_FLAGS,
+ nftnl_rule_set_u32(r, NFTNL_RULE_COMPAT_PROTO, proto);
+ nftnl_rule_set_u32(r, NFTNL_RULE_COMPAT_FLAGS,
inv ? NFT_RULE_COMPAT_F_INV : 0);
}
-static struct nft_rule *
+static struct nftnl_rule *
nft_rule_new(struct nft_handle *h, const char *chain, const char *table,
void *data)
{
- struct nft_rule *r;
+ struct nftnl_rule *r;
- r = nft_rule_alloc();
+ r = nftnl_rule_alloc();
if (r == NULL)
return NULL;
- nft_rule_attr_set_u32(r, NFT_RULE_ATTR_FAMILY, h->family);
- nft_rule_attr_set(r, NFT_RULE_ATTR_TABLE, (char *)table);
- nft_rule_attr_set(r, NFT_RULE_ATTR_CHAIN, (char *)chain);
+ nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, h->family);
+ nftnl_rule_set(r, NFTNL_RULE_TABLE, (char *)table);
+ nftnl_rule_set(r, NFTNL_RULE_CHAIN, (char *)chain);
if (h->ops->add(r, data) < 0)
goto err;
return r;
err:
- nft_rule_free(r);
+ nftnl_rule_free(r);
return NULL;
}
@@ -1041,7 +1041,7 @@ int
nft_rule_append(struct nft_handle *h, const char *chain, const char *table,
void *data, uint64_t handle, bool verbose)
{
- struct nft_rule *r;
+ struct nftnl_rule *r;
int type;
/* If built-in chains don't exist for this table, create them */
@@ -1055,24 +1055,24 @@ nft_rule_append(struct nft_handle *h, const char *chain, const char *table,
return 0;
if (handle > 0) {
- nft_rule_attr_set(r, NFT_RULE_ATTR_HANDLE, &handle);
+ nftnl_rule_set(r, NFTNL_RULE_HANDLE, &handle);
type = NFT_COMPAT_RULE_REPLACE;
} else
type = NFT_COMPAT_RULE_APPEND;
if (batch_rule_add(h, type, r) < 0)
- nft_rule_free(r);
+ nftnl_rule_free(r);
return 1;
}
void
nft_rule_print_save(const void *data,
- struct nft_rule *r, enum nft_rule_print type,
+ struct nftnl_rule *r, enum nft_rule_print type,
unsigned int format)
{
- const char *chain = nft_rule_attr_get_str(r, NFT_RULE_ATTR_CHAIN);
- int family = nft_rule_attr_get_u32(r, NFT_RULE_ATTR_FAMILY);
+ const char *chain = nftnl_rule_get_str(r, NFTNL_RULE_CHAIN);
+ int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
struct nft_family_ops *ops;
ops = nft_family_ops_lookup(family);
@@ -1095,50 +1095,50 @@ nft_rule_print_save(const void *data,
}
-static int nft_chain_list_cb(const struct nlmsghdr *nlh, void *data)
+static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
{
- struct nft_chain *c;
- struct nft_chain_list *list = data;
+ struct nftnl_chain *c;
+ struct nftnl_chain_list *list = data;
- c = nft_chain_alloc();
+ c = nftnl_chain_alloc();
if (c == NULL)
goto err;
- if (nft_chain_nlmsg_parse(nlh, c) < 0)
+ if (nftnl_chain_nlmsg_parse(nlh, c) < 0)
goto out;
- nft_chain_list_add_tail(c, list);
+ nftnl_chain_list_add_tail(c, list);
return MNL_CB_OK;
out:
- nft_chain_free(c);
+ nftnl_chain_free(c);
err:
return MNL_CB_OK;
}
-static struct nft_chain_list *nft_chain_list_get(struct nft_handle *h)
+static struct nftnl_chain_list *nftnl_chain_list_get(struct nft_handle *h)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- struct nft_chain_list *list;
+ struct nftnl_chain_list *list;
- list = nft_chain_list_alloc();
+ list = nftnl_chain_list_alloc();
if (list == NULL) {
errno = ENOMEM;
return NULL;
}
- nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, h->family,
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, h->family,
NLM_F_DUMP, h->seq);
- mnl_talk(h, nlh, nft_chain_list_cb, list);
+ mnl_talk(h, nlh, nftnl_chain_list_cb, list);
return list;
}
-struct nft_chain_list *nft_chain_dump(struct nft_handle *h)
+struct nftnl_chain_list *nft_chain_dump(struct nft_handle *h)
{
- return nft_chain_list_get(h);
+ return nftnl_chain_list_get(h);
}
static const char *policy_name[NF_ACCEPT+1] = {
@@ -1146,19 +1146,19 @@ static const char *policy_name[NF_ACCEPT+1] = {
[NF_ACCEPT] = "ACCEPT",
};
-static void nft_chain_print_save(struct nft_chain *c, bool basechain)
+static void nft_chain_print_save(struct nftnl_chain *c, bool basechain)
{
- const char *chain = nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
- uint64_t pkts = nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_PACKETS);
- uint64_t bytes = nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_BYTES);
+ const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
+ uint64_t pkts = nftnl_chain_get_u64(c, NFTNL_CHAIN_PACKETS);
+ uint64_t bytes = nftnl_chain_get_u64(c, NFTNL_CHAIN_BYTES);
/* print chain name */
if (basechain) {
uint32_t pol = NF_ACCEPT;
/* no default chain policy? don't crash, display accept */
- if (nft_chain_attr_get(c, NFT_CHAIN_ATTR_POLICY))
- pol = nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_POLICY);
+ if (nftnl_chain_get(c, NFTNL_CHAIN_POLICY))
+ pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY);
printf(":%s %s [%"PRIu64":%"PRIu64"]\n", chain, policy_name[pol],
pkts, bytes);
@@ -1166,20 +1166,20 @@ static void nft_chain_print_save(struct nft_chain *c, bool basechain)
printf(":%s - [%"PRIu64":%"PRIu64"]\n", chain, pkts, bytes);
}
-int nft_chain_save(struct nft_handle *h, struct nft_chain_list *list,
+int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list,
const char *table)
{
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
return 0;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *chain_table =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
bool basechain = false;
if (strcmp(table, chain_table) != 0)
@@ -1188,54 +1188,54 @@ int nft_chain_save(struct nft_handle *h, struct nft_chain_list *list,
basechain = nft_chain_builtin(c);
nft_chain_print_save(c, basechain);
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
- nft_chain_list_free(list);
+ nftnl_chain_list_iter_destroy(iter);
+ nftnl_chain_list_free(list);
return 1;
}
-static int nft_rule_list_cb(const struct nlmsghdr *nlh, void *data)
+static int nftnl_rule_list_cb(const struct nlmsghdr *nlh, void *data)
{
- struct nft_rule *r;
- struct nft_rule_list *list = data;
+ struct nftnl_rule *r;
+ struct nftnl_rule_list *list = data;
- r = nft_rule_alloc();
+ r = nftnl_rule_alloc();
if (r == NULL)
goto err;
- if (nft_rule_nlmsg_parse(nlh, r) < 0)
+ if (nftnl_rule_nlmsg_parse(nlh, r) < 0)
goto out;
- nft_rule_list_add_tail(r, list);
+ nftnl_rule_list_add_tail(r, list);
return MNL_CB_OK;
out:
- nft_rule_free(r);
- nft_rule_list_free(list);
+ nftnl_rule_free(r);
+ nftnl_rule_list_free(list);
err:
return MNL_CB_OK;
}
-static struct nft_rule_list *nft_rule_list_get(struct nft_handle *h)
+static struct nftnl_rule_list *nft_rule_list_get(struct nft_handle *h)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- struct nft_rule_list *list;
+ struct nftnl_rule_list *list;
int ret;
- list = nft_rule_list_alloc();
+ list = nftnl_rule_list_alloc();
if (list == NULL)
return 0;
- nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, h->family,
+ nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, h->family,
NLM_F_DUMP, h->seq);
- ret = mnl_talk(h, nlh, nft_rule_list_cb, list);
+ ret = mnl_talk(h, nlh, nftnl_rule_list_cb, list);
if (ret < 0) {
- nft_rule_list_free(list);
+ nftnl_rule_list_free(list);
return NULL;
}
@@ -1244,22 +1244,22 @@ static struct nft_rule_list *nft_rule_list_get(struct nft_handle *h)
int nft_rule_save(struct nft_handle *h, const char *table, bool counters)
{
- struct nft_rule_list *list;
- struct nft_rule_list_iter *iter;
- struct nft_rule *r;
+ struct nftnl_rule_list *list;
+ struct nftnl_rule_list_iter *iter;
+ struct nftnl_rule *r;
list = nft_rule_list_get(h);
if (list == NULL)
return 0;
- iter = nft_rule_list_iter_create(list);
+ iter = nftnl_rule_list_iter_create(list);
if (iter == NULL)
return 0;
- r = nft_rule_list_iter_next(iter);
+ r = nftnl_rule_list_iter_next(iter);
while (r != NULL) {
const char *rule_table =
- nft_rule_attr_get_str(r, NFT_RULE_ATTR_TABLE);
+ nftnl_rule_get_str(r, NFTNL_RULE_TABLE);
struct iptables_command_state cs = {};
if (strcmp(table, rule_table) != 0)
@@ -1271,11 +1271,11 @@ int nft_rule_save(struct nft_handle *h, const char *table, bool counters)
counters ? 0 : FMT_NOCOUNTS);
next:
- r = nft_rule_list_iter_next(iter);
+ r = nftnl_rule_list_iter_next(iter);
}
- nft_rule_list_iter_destroy(iter);
- nft_rule_list_free(list);
+ nftnl_rule_list_iter_destroy(iter);
+ nftnl_rule_list_free(list);
/* the core expects 1 for success and 0 for error */
return 1;
@@ -1284,44 +1284,44 @@ next:
static void
__nft_rule_flush(struct nft_handle *h, const char *table, const char *chain)
{
- struct nft_rule *r;
+ struct nftnl_rule *r;
- r = nft_rule_alloc();
+ r = nftnl_rule_alloc();
if (r == NULL)
return;
- nft_rule_attr_set(r, NFT_RULE_ATTR_TABLE, (char *)table);
- nft_rule_attr_set(r, NFT_RULE_ATTR_CHAIN, (char *)chain);
+ nftnl_rule_set(r, NFTNL_RULE_TABLE, (char *)table);
+ nftnl_rule_set(r, NFTNL_RULE_CHAIN, (char *)chain);
if (batch_rule_add(h, NFT_COMPAT_RULE_FLUSH, r) < 0)
- nft_rule_free(r);
+ nftnl_rule_free(r);
}
int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table)
{
int ret;
- struct nft_chain_list *list;
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list *list;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
nft_fn = nft_rule_flush;
- list = nft_chain_list_get(h);
+ list = nftnl_chain_list_get(h);
if (list == NULL) {
ret = 0;
goto err;
}
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
goto err;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *table_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
const char *chain_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
if (strcmp(table, table_name) != 0)
goto next;
@@ -1334,12 +1334,12 @@ int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table)
if (chain != NULL)
break;
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
err:
- nft_chain_list_free(list);
+ nftnl_chain_list_free(list);
/* the core expects 1 for success and 0 for error */
return ret == 0 ? 1 : 0;
@@ -1347,7 +1347,7 @@ err:
int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *table)
{
- struct nft_chain *c;
+ struct nftnl_chain *c;
int ret;
nft_fn = nft_chain_user_add;
@@ -1356,12 +1356,12 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0)
nft_xt_builtin_init(h, table);
- c = nft_chain_alloc();
+ c = nftnl_chain_alloc();
if (c == NULL)
return 0;
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_TABLE, (char *)table);
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_NAME, (char *)chain);
+ nftnl_chain_set(c, NFTNL_CHAIN_TABLE, (char *)table);
+ nftnl_chain_set(c, NFTNL_CHAIN_NAME, (char *)chain);
if (h->batch_support) {
ret = batch_chain_add(h, NFT_COMPAT_CHAIN_USER_ADD, c);
@@ -1369,11 +1369,11 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN,
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN,
h->family,
NLM_F_ACK|NLM_F_EXCL, h->seq);
- nft_chain_nlmsg_build_payload(nlh, c);
- nft_chain_free(c);
+ nftnl_chain_nlmsg_build_payload(nlh, c);
+ nftnl_chain_free(c);
ret = mnl_talk(h, nlh, NULL, NULL);
}
@@ -1381,40 +1381,40 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
return ret == 0 ? 1 : 0;
}
-static int __nft_chain_del(struct nft_handle *h, struct nft_chain *c)
+static int __nft_chain_del(struct nft_handle *h, struct nftnl_chain *c)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_DELCHAIN, h->family,
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_DELCHAIN, h->family,
NLM_F_ACK, h->seq);
- nft_chain_nlmsg_build_payload(nlh, c);
+ nftnl_chain_nlmsg_build_payload(nlh, c);
return mnl_talk(h, nlh, NULL, NULL);
}
int nft_chain_user_del(struct nft_handle *h, const char *chain, const char *table)
{
- struct nft_chain_list *list;
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list *list;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
int ret = 0;
int deleted_ctr = 0;
- list = nft_chain_list_get(h);
+ list = nftnl_chain_list_get(h);
if (list == NULL)
goto err;
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
goto err;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *table_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
const char *chain_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
/* don't delete built-in chain */
if (nft_chain_builtin(c))
@@ -1439,13 +1439,13 @@ int nft_chain_user_del(struct nft_handle *h, const char *chain, const char *tabl
if (chain != NULL)
break;
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
err:
if (!h->batch_support)
- nft_chain_list_free(list);
+ nftnl_chain_list_free(list);
/* chain not found */
if (deleted_ctr == 0) {
@@ -1457,23 +1457,23 @@ err:
return ret == 0 ? 1 : 0;
}
-struct nft_chain *
-nft_chain_list_find(struct nft_chain_list *list,
+struct nftnl_chain *
+nft_chain_list_find(struct nftnl_chain_list *list,
const char *table, const char *chain)
{
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
return NULL;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *table_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
const char *chain_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
if (strcmp(table, table_name) != 0)
goto next;
@@ -1481,21 +1481,21 @@ nft_chain_list_find(struct nft_chain_list *list,
if (strcmp(chain, chain_name) != 0)
goto next;
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
return c;
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
return NULL;
}
-static struct nft_chain *
+static struct nftnl_chain *
nft_chain_find(struct nft_handle *h, const char *table, const char *chain)
{
- struct nft_chain_list *list;
+ struct nftnl_chain_list *list;
- list = nft_chain_list_get(h);
+ list = nftnl_chain_list_get(h);
if (list == NULL)
return NULL;
@@ -1505,7 +1505,7 @@ nft_chain_find(struct nft_handle *h, const char *table, const char *chain)
int nft_chain_user_rename(struct nft_handle *h,const char *chain,
const char *table, const char *newname)
{
- struct nft_chain *c;
+ struct nftnl_chain *c;
uint64_t handle;
int ret;
@@ -1524,16 +1524,16 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain,
errno = ENOENT;
return -1;
}
- handle = nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_HANDLE);
+ handle = nftnl_chain_get_u64(c, NFTNL_CHAIN_HANDLE);
/* Now prepare the new name for the chain */
- c = nft_chain_alloc();
+ c = nftnl_chain_alloc();
if (c == NULL)
return -1;
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_TABLE, (char *)table);
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_NAME, (char *)newname);
- nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_HANDLE, handle);
+ nftnl_chain_set(c, NFTNL_CHAIN_TABLE, (char *)table);
+ nftnl_chain_set(c, NFTNL_CHAIN_NAME, (char *)newname);
+ nftnl_chain_set_u64(c, NFTNL_CHAIN_HANDLE, handle);
if (h->batch_support) {
ret = batch_chain_add(h, NFT_COMPAT_CHAIN_RENAME, c);
@@ -1541,10 +1541,10 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain,
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN,
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN,
h->family, NLM_F_ACK, h->seq);
- nft_chain_nlmsg_build_payload(nlh, c);
- nft_chain_free(c);
+ nftnl_chain_nlmsg_build_payload(nlh, c);
+ nftnl_chain_free(c);
ret = mnl_talk(h, nlh, NULL, NULL);
}
@@ -1553,72 +1553,72 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain,
return ret == 0 ? 1 : 0;
}
-static int nft_table_list_cb(const struct nlmsghdr *nlh, void *data)
+static int nftnl_table_list_cb(const struct nlmsghdr *nlh, void *data)
{
- struct nft_table *t;
- struct nft_table_list *list = data;
+ struct nftnl_table *t;
+ struct nftnl_table_list *list = data;
- t = nft_table_alloc();
+ t = nftnl_table_alloc();
if (t == NULL)
goto err;
- if (nft_table_nlmsg_parse(nlh, t) < 0)
+ if (nftnl_table_nlmsg_parse(nlh, t) < 0)
goto out;
- nft_table_list_add_tail(t, list);
+ nftnl_table_list_add_tail(t, list);
return MNL_CB_OK;
out:
- nft_table_free(t);
+ nftnl_table_free(t);
err:
return MNL_CB_OK;
}
-static struct nft_table_list *nft_table_list_get(struct nft_handle *h)
+static struct nftnl_table_list *nftnl_table_list_get(struct nft_handle *h)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- struct nft_table_list *list;
+ struct nftnl_table_list *list;
- list = nft_table_list_alloc();
+ list = nftnl_table_list_alloc();
if (list == NULL)
return 0;
- nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, h->family,
+ nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, h->family,
NLM_F_DUMP, h->seq);
- mnl_talk(h, nlh, nft_table_list_cb, list);
+ mnl_talk(h, nlh, nftnl_table_list_cb, list);
return list;
}
bool nft_table_find(struct nft_handle *h, const char *tablename)
{
- struct nft_table_list *list;
- struct nft_table_list_iter *iter;
- struct nft_table *t;
+ struct nftnl_table_list *list;
+ struct nftnl_table_list_iter *iter;
+ struct nftnl_table *t;
bool ret = false;
- list = nft_table_list_get(h);
+ list = nftnl_table_list_get(h);
if (list == NULL)
goto err;
- iter = nft_table_list_iter_create(list);
+ iter = nftnl_table_list_iter_create(list);
if (iter == NULL)
goto err;
- t = nft_table_list_iter_next(iter);
+ t = nftnl_table_list_iter_next(iter);
while (t != NULL) {
const char *this_tablename =
- nft_table_attr_get(t, NFT_TABLE_ATTR_NAME);
+ nftnl_table_get(t, NFTNL_TABLE_NAME);
if (strcmp(tablename, this_tablename) == 0)
return true;
- t = nft_table_list_iter_next(iter);
+ t = nftnl_table_list_iter_next(iter);
}
- nft_table_list_free(list);
+ nftnl_table_list_free(list);
err:
return ret;
@@ -1629,31 +1629,31 @@ int nft_for_each_table(struct nft_handle *h,
bool counters)
{
int ret = 1;
- struct nft_table_list *list;
- struct nft_table_list_iter *iter;
- struct nft_table *t;
+ struct nftnl_table_list *list;
+ struct nftnl_table_list_iter *iter;
+ struct nftnl_table *t;
- list = nft_table_list_get(h);
+ list = nftnl_table_list_get(h);
if (list == NULL) {
ret = 0;
goto err;
}
- iter = nft_table_list_iter_create(list);
+ iter = nftnl_table_list_iter_create(list);
if (iter == NULL)
return 0;
- t = nft_table_list_iter_next(iter);
+ t = nftnl_table_list_iter_next(iter);
while (t != NULL) {
const char *tablename =
- nft_table_attr_get(t, NFT_TABLE_ATTR_NAME);
+ nftnl_table_get(t, NFTNL_TABLE_NAME);
func(h, tablename, counters);
- t = nft_table_list_iter_next(iter);
+ t = nftnl_table_list_iter_next(iter);
}
- nft_table_list_free(list);
+ nftnl_table_list_free(list);
err:
/* the core expects 1 for success and 0 for error */
@@ -1661,19 +1661,19 @@ err:
}
int nft_table_purge_chains(struct nft_handle *h, const char *this_table,
- struct nft_chain_list *chain_list)
+ struct nftnl_chain_list *chain_list)
{
- struct nft_chain_list_iter *iter;
- struct nft_chain *chain_obj;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *chain_obj;
- iter = nft_chain_list_iter_create(chain_list);
+ iter = nftnl_chain_list_iter_create(chain_list);
if (iter == NULL)
return 0;
- chain_obj = nft_chain_list_iter_next(iter);
+ chain_obj = nftnl_chain_list_iter_next(iter);
while (chain_obj != NULL) {
const char *table =
- nft_chain_attr_get_str(chain_obj, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(chain_obj, NFTNL_CHAIN_TABLE);
if (strcmp(this_table, table) != 0)
goto next;
@@ -1686,57 +1686,57 @@ int nft_table_purge_chains(struct nft_handle *h, const char *this_table,
return -1;
}
next:
- chain_obj = nft_chain_list_iter_next(iter);
+ chain_obj = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
return 0;
}
-static int __nft_rule_del(struct nft_handle *h, struct nft_rule_list *list,
- struct nft_rule *r)
+static int __nft_rule_del(struct nft_handle *h, struct nftnl_rule_list *list,
+ struct nftnl_rule *r)
{
int ret;
- nft_rule_list_del(r);
+ nftnl_rule_list_del(r);
ret = batch_rule_add(h, NFT_COMPAT_RULE_DELETE, r);
if (ret < 0) {
- nft_rule_free(r);
+ nftnl_rule_free(r);
return -1;
}
return 1;
}
-struct nft_rule_list *nft_rule_list_create(struct nft_handle *h)
+struct nftnl_rule_list *nft_rule_list_create(struct nft_handle *h)
{
return nft_rule_list_get(h);
}
-void nft_rule_list_destroy(struct nft_rule_list *list)
+void nft_rule_list_destroy(struct nftnl_rule_list *list)
{
- nft_rule_list_free(list);
+ nftnl_rule_list_free(list);
}
-static struct nft_rule *
-nft_rule_find(struct nft_handle *h, struct nft_rule_list *list,
+static struct nftnl_rule *
+nft_rule_find(struct nft_handle *h, struct nftnl_rule_list *list,
const char *chain, const char *table, void *data, int rulenum)
{
- struct nft_rule *r;
- struct nft_rule_list_iter *iter;
+ struct nftnl_rule *r;
+ struct nftnl_rule_list_iter *iter;
int rule_ctr = 0;
bool found = false;
- iter = nft_rule_list_iter_create(list);
+ iter = nftnl_rule_list_iter_create(list);
if (iter == NULL)
return 0;
- r = nft_rule_list_iter_next(iter);
+ r = nftnl_rule_list_iter_next(iter);
while (r != NULL) {
const char *rule_table =
- nft_rule_attr_get_str(r, NFT_RULE_ATTR_TABLE);
+ nftnl_rule_get_str(r, NFTNL_RULE_TABLE);
const char *rule_chain =
- nft_rule_attr_get_str(r, NFT_RULE_ATTR_CHAIN);
+ nftnl_rule_get_str(r, NFTNL_RULE_CHAIN);
if (strcmp(table, rule_table) != 0 ||
strcmp(chain, rule_chain) != 0) {
@@ -1757,10 +1757,10 @@ nft_rule_find(struct nft_handle *h, struct nft_rule_list *list,
}
rule_ctr++;
next:
- r = nft_rule_list_iter_next(iter);
+ r = nftnl_rule_list_iter_next(iter);
}
- nft_rule_list_iter_destroy(iter);
+ nftnl_rule_list_iter_destroy(iter);
return found ? r : NULL;
}
@@ -1768,7 +1768,7 @@ next:
int nft_rule_check(struct nft_handle *h, const char *chain,
const char *table, void *data, bool verbose)
{
- struct nft_rule_list *list;
+ struct nftnl_rule_list *list;
int ret;
nft_fn = nft_rule_check;
@@ -1790,8 +1790,8 @@ int nft_rule_delete(struct nft_handle *h, const char *chain,
const char *table, void *data, bool verbose)
{
int ret = 0;
- struct nft_rule *r;
- struct nft_rule_list *list;
+ struct nftnl_rule *r;
+ struct nftnl_rule_list *list;
nft_fn = nft_rule_delete;
@@ -1817,17 +1817,17 @@ nft_rule_add(struct nft_handle *h, const char *chain,
const char *table, struct iptables_command_state *cs,
uint64_t handle, bool verbose)
{
- struct nft_rule *r;
+ struct nftnl_rule *r;
r = nft_rule_new(h, chain, table, cs);
if (r == NULL)
return 0;
if (handle > 0)
- nft_rule_attr_set_u64(r, NFT_RULE_ATTR_POSITION, handle);
+ nftnl_rule_set_u64(r, NFTNL_RULE_POSITION, handle);
if (batch_rule_add(h, NFT_COMPAT_RULE_INSERT, r) < 0) {
- nft_rule_free(r);
+ nftnl_rule_free(r);
return 0;
}
@@ -1837,8 +1837,8 @@ nft_rule_add(struct nft_handle *h, const char *chain,
int nft_rule_insert(struct nft_handle *h, const char *chain,
const char *table, void *data, int rulenum, bool verbose)
{
- struct nft_rule_list *list;
- struct nft_rule *r;
+ struct nftnl_rule_list *list;
+ struct nftnl_rule *r;
uint64_t handle = 0;
/* If built-in chains don't exist for this table, create them */
@@ -1869,7 +1869,7 @@ int nft_rule_insert(struct nft_handle *h, const char *chain,
goto err;
}
- handle = nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE);
+ handle = nftnl_rule_get_u64(r, NFTNL_RULE_HANDLE);
DEBUGP("adding after rule handle %"PRIu64"\n", handle);
nft_rule_list_destroy(list);
@@ -1885,8 +1885,8 @@ int nft_rule_delete_num(struct nft_handle *h, const char *chain,
const char *table, int rulenum, bool verbose)
{
int ret = 0;
- struct nft_rule *r;
- struct nft_rule_list *list;
+ struct nftnl_rule *r;
+ struct nftnl_rule_list *list;
nft_fn = nft_rule_delete_num;
@@ -1914,8 +1914,8 @@ int nft_rule_replace(struct nft_handle *h, const char *chain,
const char *table, void *data, int rulenum, bool verbose)
{
int ret = 0;
- struct nft_rule *r;
- struct nft_rule_list *list;
+ struct nftnl_rule *r;
+ struct nftnl_rule_list *list;
nft_fn = nft_rule_replace;
@@ -1927,10 +1927,10 @@ int nft_rule_replace(struct nft_handle *h, const char *chain,
if (r != NULL) {
DEBUGP("replacing rule with handle=%llu\n",
(unsigned long long)
- nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE));
+ nftnl_rule_get_u64(r, NFTNL_RULE_HANDLE));
ret = nft_rule_append(h, chain, table, data,
- nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE),
+ nftnl_rule_get_u64(r, NFTNL_RULE_HANDLE),
verbose);
} else
errno = ENOENT;
@@ -1943,28 +1943,28 @@ int nft_rule_replace(struct nft_handle *h, const char *chain,
static int
__nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
int rulenum, unsigned int format,
- void (*cb)(struct nft_rule *r, unsigned int num,
+ void (*cb)(struct nftnl_rule *r, unsigned int num,
unsigned int format))
{
- struct nft_rule_list *list;
- struct nft_rule_list_iter *iter;
- struct nft_rule *r;
+ struct nftnl_rule_list *list;
+ struct nftnl_rule_list_iter *iter;
+ struct nftnl_rule *r;
int rule_ctr = 0, ret = 0;
list = nft_rule_list_get(h);
if (list == NULL)
return 0;
- iter = nft_rule_list_iter_create(list);
+ iter = nftnl_rule_list_iter_create(list);
if (iter == NULL)
goto err;
- r = nft_rule_list_iter_next(iter);
+ r = nftnl_rule_list_iter_next(iter);
while (r != NULL) {
const char *rule_table =
- nft_rule_attr_get_str(r, NFT_RULE_ATTR_TABLE);
+ nftnl_rule_get_str(r, NFTNL_RULE_TABLE);
const char *rule_chain =
- nft_rule_attr_get_str(r, NFT_RULE_ATTR_CHAIN);
+ nftnl_rule_get_str(r, NFTNL_RULE_CHAIN);
if (strcmp(table, rule_table) != 0 ||
strcmp(chain, rule_chain) != 0)
@@ -1984,12 +1984,12 @@ __nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
}
next:
- r = nft_rule_list_iter_next(iter);
+ r = nftnl_rule_list_iter_next(iter);
}
- nft_rule_list_iter_destroy(iter);
+ nftnl_rule_list_iter_destroy(iter);
err:
- nft_rule_list_free(list);
+ nftnl_rule_list_free(list);
if (ret == 0)
errno = ENOENT;
@@ -2001,9 +2001,9 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
int rulenum, unsigned int format)
{
const struct nft_family_ops *ops;
- struct nft_chain_list *list;
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list *list;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
bool found = false;
/* If built-in chains don't exist for this table, create them */
@@ -2026,30 +2026,30 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
list = nft_chain_dump(h);
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
goto err;
if (ops->print_table_header)
ops->print_table_header(table);
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *chain_table =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
const char *chain_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
uint32_t policy =
- nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_POLICY);
+ nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY);
uint32_t refs =
- nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_USE);
+ nftnl_chain_get_u32(c, NFTNL_CHAIN_USE);
struct xt_counters ctrs = {
- .pcnt = nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_PACKETS),
- .bcnt = nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_BYTES),
+ .pcnt = nftnl_chain_get_u64(c, NFTNL_CHAIN_PACKETS),
+ .bcnt = nftnl_chain_get_u64(c, NFTNL_CHAIN_BYTES),
};
bool basechain = false;
- if (nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM))
+ if (nftnl_chain_get(c, NFTNL_CHAIN_HOOKNUM))
basechain = true;
if (strcmp(table, chain_table) != 0)
@@ -2073,18 +2073,18 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
found = true;
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
err:
- nft_chain_list_free(list);
+ nftnl_chain_list_free(list);
return 1;
}
static void
-list_save(struct nft_rule *r, unsigned int num, unsigned int format)
+list_save(struct nftnl_rule *r, unsigned int num, unsigned int format)
{
struct iptables_command_state cs = {};
@@ -2094,25 +2094,25 @@ list_save(struct nft_rule *r, unsigned int num, unsigned int format)
}
static int
-nft_rule_list_chain_save(struct nft_handle *h, const char *chain,
- const char *table, struct nft_chain_list *list,
+nftnl_rule_list_chain_save(struct nft_handle *h, const char *chain,
+ const char *table, struct nftnl_chain_list *list,
int counters)
{
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
return 0;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *chain_table =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
const char *chain_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
uint32_t policy =
- nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_POLICY);
+ nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY);
if (strcmp(table, chain_table) != 0 ||
(chain && strcmp(chain, chain_name) != 0))
@@ -2124,18 +2124,18 @@ nft_rule_list_chain_save(struct nft_handle *h, const char *chain,
if (counters) {
printf(" -c %"PRIu64" %"PRIu64"\n",
- nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_PACKETS),
- nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_BYTES));
+ nftnl_chain_get_u64(c, NFTNL_CHAIN_PACKETS),
+ nftnl_chain_get_u64(c, NFTNL_CHAIN_BYTES));
} else
printf("\n");
} else {
printf("-N %s\n", chain_name);
}
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
return 1;
}
@@ -2143,28 +2143,28 @@ next:
int nft_rule_list_save(struct nft_handle *h, const char *chain,
const char *table, int rulenum, int counters)
{
- struct nft_chain_list *list;
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list *list;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
int ret = 1;
list = nft_chain_dump(h);
/* Dump policies and custom chains first */
if (!rulenum)
- nft_rule_list_chain_save(h, chain, table, list, counters);
+ nftnl_rule_list_chain_save(h, chain, table, list, counters);
/* Now dump out rules in this table */
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
goto err;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *chain_table =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
const char *chain_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
if (strcmp(table, chain_table) != 0)
goto next;
@@ -2178,12 +2178,12 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain,
if (chain)
break;
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
err:
- nft_chain_list_free(list);
+ nftnl_chain_list_free(list);
return ret;
}
@@ -2192,8 +2192,8 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain,
const char *table, int rulenum)
{
struct iptables_command_state cs = {};
- struct nft_rule_list *list;
- struct nft_rule *r;
+ struct nftnl_rule_list *list;
+ struct nftnl_rule *r;
int ret = 0;
nft_fn = nft_rule_delete;
@@ -2214,7 +2214,7 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain,
cs.counters.pcnt = cs.counters.bcnt = 0;
ret = nft_rule_append(h, chain, table, &cs,
- nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE),
+ nftnl_rule_get_u64(r, NFTNL_RULE_HANDLE),
false);
error:
@@ -2225,40 +2225,40 @@ error:
static void nft_compat_table_batch_add(struct nft_handle *h, uint16_t type,
uint16_t flags, uint32_t seq,
- struct nft_table *table)
+ struct nftnl_table *table)
{
struct nlmsghdr *nlh;
- nlh = nft_table_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
+ nlh = nftnl_table_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
type, h->family, flags, seq);
- nft_table_nlmsg_build_payload(nlh, table);
- nft_table_free(table);
+ nftnl_table_nlmsg_build_payload(nlh, table);
+ nftnl_table_free(table);
}
static void nft_compat_chain_batch_add(struct nft_handle *h, uint16_t type,
uint16_t flags, uint32_t seq,
- struct nft_chain *chain)
+ struct nftnl_chain *chain)
{
struct nlmsghdr *nlh;
- nlh = nft_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
+ nlh = nftnl_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
type, h->family, flags, seq);
- nft_chain_nlmsg_build_payload(nlh, chain);
+ nftnl_chain_nlmsg_build_payload(nlh, chain);
nft_chain_print_debug(chain, nlh);
- nft_chain_free(chain);
+ nftnl_chain_free(chain);
}
static void nft_compat_rule_batch_add(struct nft_handle *h, uint16_t type,
uint16_t flags, uint32_t seq,
- struct nft_rule *rule)
+ struct nftnl_rule *rule)
{
struct nlmsghdr *nlh;
- nlh = nft_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
+ nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
type, h->family, flags, seq);
- nft_rule_nlmsg_build_payload(nlh, rule);
+ nftnl_rule_nlmsg_build_payload(nlh, rule);
nft_rule_print_debug(rule, nlh);
- nft_rule_free(rule);
+ nftnl_rule_free(rule);
}
static int nft_action(struct nft_handle *h, int action)
@@ -2267,7 +2267,7 @@ static int nft_action(struct nft_handle *h, int action)
uint32_t seq = 1;
int ret = 0;
- mnl_nft_batch_begin(h->batch, seq++);
+ mnl_nftnl_batch_begin(h->batch, seq++);
list_for_each_entry_safe(n, tmp, &h->obj_list, head) {
switch (n->type) {
@@ -2327,21 +2327,21 @@ static int nft_action(struct nft_handle *h, int action)
free(n);
if (!mnl_nlmsg_batch_next(h->batch))
- h->batch = mnl_nft_batch_page_add(h->batch);
+ h->batch = mnl_nftnl_batch_page_add(h->batch);
}
switch (action) {
case NFT_COMPAT_COMMIT:
- mnl_nft_batch_end(h->batch, seq++);
+ mnl_nftnl_batch_end(h->batch, seq++);
break;
case NFT_COMPAT_ABORT:
break;
}
if (!mnl_nlmsg_batch_is_empty(h->batch))
- h->batch = mnl_nft_batch_page_add(h->batch);
+ h->batch = mnl_nftnl_batch_page_add(h->batch);
- ret = mnl_nft_batch_talk(h);
+ ret = mnl_nftnl_batch_talk(h);
mnl_nlmsg_batch_reset(h->batch);
@@ -2476,12 +2476,12 @@ static void xtables_config_perror(uint32_t flags, const char *fmt, ...)
int nft_xtables_config_load(struct nft_handle *h, const char *filename,
uint32_t flags)
{
- struct nft_table_list *table_list = nft_table_list_alloc();
- struct nft_chain_list *chain_list = nft_chain_list_alloc();
- struct nft_table_list_iter *titer = NULL;
- struct nft_chain_list_iter *citer = NULL;
- struct nft_table *table;
- struct nft_chain *chain;
+ struct nftnl_table_list *table_list = nftnl_table_list_alloc();
+ struct nftnl_chain_list *chain_list = nftnl_chain_list_alloc();
+ struct nftnl_table_list_iter *titer = NULL;
+ struct nftnl_chain_list_iter *citer = NULL;
+ struct nftnl_table *table;
+ struct nftnl_chain *chain;
uint32_t table_family, chain_family;
bool found = false;
@@ -2502,10 +2502,10 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
}
/* Stage 1) create tables */
- titer = nft_table_list_iter_create(table_list);
- while ((table = nft_table_list_iter_next(titer)) != NULL) {
- table_family = nft_table_attr_get_u32(table,
- NFT_TABLE_ATTR_FAMILY);
+ titer = nftnl_table_list_iter_create(table_list);
+ while ((table = nftnl_table_list_iter_next(titer)) != NULL) {
+ table_family = nftnl_table_get_u32(table,
+ NFTNL_TABLE_FAMILY);
if (h->family != table_family)
continue;
@@ -2515,30 +2515,30 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
if (errno == EEXIST) {
xtables_config_perror(flags,
"table `%s' already exists, skipping\n",
- (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME));
+ (char *)nftnl_table_get(table, NFTNL_TABLE_NAME));
} else {
xtables_config_perror(flags,
"table `%s' cannot be create, reason `%s'. Exitting\n",
- (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME),
+ (char *)nftnl_table_get(table, NFTNL_TABLE_NAME),
strerror(errno));
goto err;
}
continue;
}
xtables_config_perror(flags, "table `%s' has been created\n",
- (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME));
+ (char *)nftnl_table_get(table, NFTNL_TABLE_NAME));
}
- nft_table_list_iter_destroy(titer);
- nft_table_list_free(table_list);
+ nftnl_table_list_iter_destroy(titer);
+ nftnl_table_list_free(table_list);
if (!found)
goto err;
/* Stage 2) create chains */
- citer = nft_chain_list_iter_create(chain_list);
- while ((chain = nft_chain_list_iter_next(citer)) != NULL) {
- chain_family = nft_chain_attr_get_u32(chain,
- NFT_CHAIN_ATTR_TABLE);
+ citer = nftnl_chain_list_iter_create(chain_list);
+ while ((chain = nftnl_chain_list_iter_next(citer)) != NULL) {
+ chain_family = nftnl_chain_get_u32(chain,
+ NFTNL_CHAIN_TABLE);
if (h->family != chain_family)
continue;
@@ -2546,12 +2546,12 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
if (errno == EEXIST) {
xtables_config_perror(flags,
"chain `%s' already exists in table `%s', skipping\n",
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_TABLE));
+ (char *)nftnl_chain_get(chain, NFTNL_CHAIN_NAME),
+ (char *)nftnl_chain_get(chain, NFTNL_CHAIN_TABLE));
} else {
xtables_config_perror(flags,
"chain `%s' cannot be create, reason `%s'. Exitting\n",
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
+ (char *)nftnl_chain_get(chain, NFTNL_CHAIN_NAME),
strerror(errno));
goto err;
}
@@ -2560,22 +2560,22 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
xtables_config_perror(flags,
"chain `%s' in table `%s' has been created\n",
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_TABLE));
+ (char *)nftnl_chain_get(chain, NFTNL_CHAIN_NAME),
+ (char *)nftnl_chain_get(chain, NFTNL_CHAIN_TABLE));
}
- nft_chain_list_iter_destroy(citer);
- nft_chain_list_free(chain_list);
+ nftnl_chain_list_iter_destroy(citer);
+ nftnl_chain_list_free(chain_list);
return 0;
err:
- nft_table_list_free(table_list);
- nft_chain_list_free(chain_list);
+ nftnl_table_list_free(table_list);
+ nftnl_chain_list_free(chain_list);
if (titer != NULL)
- nft_table_list_iter_destroy(titer);
+ nftnl_table_list_iter_destroy(titer);
if (citer != NULL)
- nft_chain_list_iter_destroy(citer);
+ nftnl_chain_list_iter_destroy(citer);
return -1;
}
@@ -2583,25 +2583,25 @@ err:
int nft_chain_zero_counters(struct nft_handle *h, const char *chain,
const char *table)
{
- struct nft_chain_list *list;
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list *list;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
int ret = 0;
- list = nft_chain_list_get(h);
+ list = nftnl_chain_list_get(h);
if (list == NULL)
goto err;
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
goto err;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *chain_name =
- nft_chain_attr_get(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get(c, NFTNL_CHAIN_NAME);
const char *chain_table =
- nft_chain_attr_get(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get(c, NFTNL_CHAIN_TABLE);
if (strcmp(table, chain_table) != 0)
goto next;
@@ -2609,10 +2609,10 @@ int nft_chain_zero_counters(struct nft_handle *h, const char *chain,
if (chain != NULL && strcmp(chain, chain_name) != 0)
goto next;
- nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_PACKETS, 0);
- nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_BYTES, 0);
+ nftnl_chain_set_u64(c, NFTNL_CHAIN_PACKETS, 0);
+ nftnl_chain_set_u64(c, NFTNL_CHAIN_BYTES, 0);
- nft_chain_attr_unset(c, NFT_CHAIN_ATTR_HANDLE);
+ nftnl_chain_unset(c, NFTNL_CHAIN_HANDLE);
if (h->batch_support) {
ret = batch_chain_add(h, NFT_COMPAT_CHAIN_ADD, c);
@@ -2620,23 +2620,23 @@ int nft_chain_zero_counters(struct nft_handle *h, const char *chain,
struct nlmsghdr *nlh;
char buf[MNL_SOCKET_BUFFER_SIZE];
- nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN,
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN,
h->family, NLM_F_ACK,
h->seq);
- nft_chain_nlmsg_build_payload(nlh, c);
+ nftnl_chain_nlmsg_build_payload(nlh, c);
ret = mnl_talk(h, nlh, NULL, NULL);
}
if (chain != NULL)
break;
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
if (!h->batch_support)
- nft_chain_list_free(list);
+ nftnl_chain_list_free(list);
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
err:
/* the core expects 1 for success and 0 for error */
diff --git a/iptables/nft.h b/iptables/nft.h
index ab3d64ac..2cf78fda 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -52,24 +52,24 @@ void nft_fini(struct nft_handle *h);
/*
* Operations with tables.
*/
-struct nft_table;
-struct nft_chain_list;
+struct nftnl_table;
+struct nftnl_chain_list;
-int nft_table_add(struct nft_handle *h, struct nft_table *t, uint16_t flags);
+int nft_table_add(struct nft_handle *h, struct nftnl_table *t, uint16_t flags);
int nft_for_each_table(struct nft_handle *h, int (*func)(struct nft_handle *h, const char *tablename, bool counters), bool counters);
bool nft_table_find(struct nft_handle *h, const char *tablename);
-int nft_table_purge_chains(struct nft_handle *h, const char *table, struct nft_chain_list *list);
+int nft_table_purge_chains(struct nft_handle *h, const char *table, struct nftnl_chain_list *list);
/*
* Operations with chains.
*/
-struct nft_chain;
+struct nftnl_chain;
-int nft_chain_add(struct nft_handle *h, struct nft_chain *c, uint16_t flags);
+int nft_chain_add(struct nft_handle *h, struct nftnl_chain *c, uint16_t flags);
int nft_chain_set(struct nft_handle *h, const char *table, const char *chain, const char *policy, const struct xt_counters *counters);
-struct nft_chain_list *nft_chain_dump(struct nft_handle *h);
-struct nft_chain *nft_chain_list_find(struct nft_chain_list *list, const char *table, const char *chain);
-int nft_chain_save(struct nft_handle *h, struct nft_chain_list *list, const char *table);
+struct nftnl_chain_list *nft_chain_dump(struct nft_handle *h);
+struct nftnl_chain *nft_chain_list_find(struct nftnl_chain_list *list, const char *table, const char *chain);
+int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list, const char *table);
int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *table);
int nft_chain_user_del(struct nft_handle *h, const char *chain, const char *table);
int nft_chain_user_rename(struct nft_handle *h, const char *chain, const char *table, const char *newname);
@@ -78,7 +78,7 @@ int nft_chain_zero_counters(struct nft_handle *h, const char *chain, const char
/*
* Operations with rule-set.
*/
-struct nft_rule;
+struct nftnl_rule;
int nft_rule_append(struct nft_handle *h, const char *chain, const char *table, void *data, uint64_t handle, bool verbose);
int nft_rule_insert(struct nft_handle *h, const char *chain, const char *table, void *data, int rulenum, bool verbose);
@@ -92,18 +92,18 @@ int nft_rule_save(struct nft_handle *h, const char *table, bool counters);
int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table);
int nft_rule_zero_counters(struct nft_handle *h, const char *chain, const char *table, int rulenum);
-struct nft_rule_list *nft_rule_list_create(struct nft_handle *h);
-void nft_rule_list_destroy(struct nft_rule_list *list);
+struct nftnl_rule_list *nft_rule_list_create(struct nft_handle *h);
+void nft_rule_list_destroy(struct nftnl_rule_list *list);
/*
* Operations used in userspace tools
*/
-int add_counters(struct nft_rule *r, uint64_t packets, uint64_t bytes);
-int add_verdict(struct nft_rule *r, int verdict);
-int add_match(struct nft_rule *r, struct xt_entry_match *m);
-int add_target(struct nft_rule *r, struct xt_entry_target *t);
-int add_jumpto(struct nft_rule *r, const char *name, int verdict);
-int add_action(struct nft_rule *r, struct iptables_command_state *cs, bool goto_set);
+int add_counters(struct nftnl_rule *r, uint64_t packets, uint64_t bytes);
+int add_verdict(struct nftnl_rule *r, int verdict);
+int add_match(struct nftnl_rule *r, struct xt_entry_match *m);
+int add_target(struct nftnl_rule *r, struct xt_entry_target *t);
+int add_jumpto(struct nftnl_rule *r, const char *name, int verdict);
+int add_action(struct nftnl_rule *r, struct iptables_command_state *cs, bool goto_set);
enum nft_rule_print {
NFT_RULE_APPEND,
@@ -111,7 +111,7 @@ enum nft_rule_print {
};
void nft_rule_print_save(const void *data,
- struct nft_rule *r, enum nft_rule_print type,
+ struct nftnl_rule *r, enum nft_rule_print type,
unsigned int format);
uint32_t nft_invflags2cmp(uint32_t invflags, uint32_t flag);
@@ -144,10 +144,10 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table);
*/
#define XTABLES_CONFIG_DEFAULT "/etc/xtables.conf"
-struct nft_table_list;
-struct nft_chain_list;
+struct nftnl_table_list;
+struct nftnl_chain_list;
-extern int xtables_config_parse(const char *filename, struct nft_table_list *table_list, struct nft_chain_list *chain_list);
+extern int xtables_config_parse(const char *filename, struct nftnl_table_list *table_list, struct nftnl_chain_list *chain_list);
enum {
NFT_LOAD_VERBOSE = (1 << 0),
@@ -168,6 +168,6 @@ int nft_arp_rule_insert(struct nft_handle *h, const char *chain,
const char *table, struct arpt_entry *fw,
int rulenum, bool verbose);
-void nft_rule_to_arpt_entry(struct nft_rule *r, struct arpt_entry *fw);
+void nft_rule_to_arpt_entry(struct nftnl_rule *r, struct arpt_entry *fw);
#endif
diff --git a/iptables/xtables-config-parser.y b/iptables/xtables-config-parser.y
index c8116c3e..89bfee73 100644
--- a/iptables/xtables-config-parser.y
+++ b/iptables/xtables-config-parser.y
@@ -177,13 +177,13 @@ static int32_t familytonumber(const char *family)
return -1;
}
-int xtables_config_parse(char *filename, struct nft_table_list *table_list,
- struct nft_chain_list *chain_list)
+int xtables_config_parse(char *filename, struct nftnl_table_list *table_list,
+ struct nftnl_chain_list *chain_list)
{
FILE *fp;
struct stack_elem *e;
- struct nft_table *table = NULL;
- struct nft_chain *chain = NULL;
+ struct nftnl_table *table = NULL;
+ struct nftnl_chain *chain = NULL;
int prio = 0;
int32_t family = 0;
@@ -203,38 +203,38 @@ int xtables_config_parse(char *filename, struct nft_table_list *table_list,
return -1;
break;
case T_TABLE:
- table = nft_table_alloc();
+ table = nftnl_table_alloc();
if (table == NULL)
return -1;
- nft_table_attr_set_u32(table, NFT_TABLE_ATTR_FAMILY, family);
- nft_table_attr_set(table, NFT_TABLE_ATTR_NAME, e->data);
+ nftnl_table_set_u32(table, NFTNL_TABLE_FAMILY, family);
+ nftnl_table_set(table, NFTNL_TABLE_NAME, e->data);
/* This is intentionally prepending, instead of
* appending, since the elements in the stack are in
* the reverse order that chains appear in the
* configuration file.
*/
- nft_table_list_add(table, table_list);
+ nftnl_table_list_add(table, table_list);
break;
case T_PRIO:
memcpy(&prio, e->data, sizeof(int32_t));
break;
case T_CHAIN:
- chain = nft_chain_alloc();
+ chain = nftnl_chain_alloc();
if (chain == NULL)
return -1;
- nft_chain_attr_set(chain, NFT_CHAIN_ATTR_TABLE,
- (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME));
- nft_chain_attr_set_u32(chain, NFT_CHAIN_ATTR_FAMILY,
- nft_table_attr_get_u32(table, NFT_TABLE_ATTR_FAMILY));
- nft_chain_attr_set_s32(chain, NFT_CHAIN_ATTR_PRIO, prio);
- nft_chain_attr_set(chain, NFT_CHAIN_ATTR_NAME, e->data);
+ nftnl_chain_set(chain, NFTNL_CHAIN_TABLE,
+ (char *)nftnl_table_get(table, NFTNL_TABLE_NAME));
+ nftnl_chain_set_u32(chain, NFTNL_CHAIN_FAMILY,
+ nftnl_table_get_u32(table, NFTNL_TABLE_FAMILY));
+ nftnl_chain_set_s32(chain, NFTNL_CHAIN_PRIO, prio);
+ nftnl_chain_set(chain, NFTNL_CHAIN_NAME, e->data);
/* Intentionally prepending, instead of appending */
- nft_chain_list_add(chain, chain_list);
+ nftnl_chain_list_add(chain, chain_list);
break;
case T_HOOK:
- nft_chain_attr_set_u32(chain, NFT_CHAIN_ATTR_HOOKNUM,
+ nftnl_chain_set_u32(chain, NFTNL_CHAIN_HOOKNUM,
hooknametonum(e->data));
break;
default:
diff --git a/iptables/xtables-events.c b/iptables/xtables-events.c
index 5aa7c6f0..df9a7b86 100644
--- a/iptables/xtables-events.c
+++ b/iptables/xtables-events.c
@@ -31,22 +31,22 @@
static int table_cb(const struct nlmsghdr *nlh, int type)
{
- struct nft_table *t;
+ struct nftnl_table *t;
char buf[4096];
- t = nft_table_alloc();
+ t = nftnl_table_alloc();
if (t == NULL)
goto err;
- if (nft_table_nlmsg_parse(nlh, t) < 0)
+ if (nftnl_table_nlmsg_parse(nlh, t) < 0)
goto err_free;
- nft_table_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
+ nftnl_table_snprintf(buf, sizeof(buf), t, NFTNL_OUTPUT_DEFAULT, 0);
/* FIXME: define syntax to represent table events */
printf("# [table: %s]\t%s\n", type == NFT_MSG_NEWTABLE ? "NEW" : "DEL", buf);
err_free:
- nft_table_free(t);
+ nftnl_table_free(t);
err:
return MNL_CB_OK;
}
@@ -57,18 +57,18 @@ static int rule_cb(const struct nlmsghdr *nlh, int type)
{
struct iptables_command_state cs = {};
struct arptables_command_state cs_arp = {};
- struct nft_rule *r;
+ struct nftnl_rule *r;
void *fw = NULL;
uint8_t family;
- r = nft_rule_alloc();
+ r = nftnl_rule_alloc();
if (r == NULL)
goto err;
- if (nft_rule_nlmsg_parse(nlh, r) < 0)
+ if (nftnl_rule_nlmsg_parse(nlh, r) < 0)
goto err_free;
- family = nft_rule_attr_get_u32(r, NFT_RULE_ATTR_FAMILY);
+ family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
switch (family) {
case AF_INET:
case AF_INET6:
@@ -91,29 +91,29 @@ static int rule_cb(const struct nlmsghdr *nlh, int type)
NFT_RULE_DEL,
counters ? 0 : FMT_NOCOUNTS);
err_free:
- nft_rule_free(r);
+ nftnl_rule_free(r);
err:
return MNL_CB_OK;
}
static int chain_cb(const struct nlmsghdr *nlh, int type)
{
- struct nft_chain *t;
+ struct nftnl_chain *t;
char buf[4096];
- t = nft_chain_alloc();
+ t = nftnl_chain_alloc();
if (t == NULL)
goto err;
- if (nft_chain_nlmsg_parse(nlh, t) < 0)
+ if (nftnl_chain_nlmsg_parse(nlh, t) < 0)
goto err_free;
- nft_chain_snprintf(buf, sizeof(buf), t, NFT_OUTPUT_DEFAULT, 0);
+ nftnl_chain_snprintf(buf, sizeof(buf), t, NFTNL_OUTPUT_DEFAULT, 0);
/* FIXME: define syntax to represent chain events */
printf("# [chain: %s]\t%s\n", type == NFT_MSG_NEWCHAIN ? "NEW" : "DEL", buf);
err_free:
- nft_chain_free(t);
+ nftnl_chain_free(t);
err:
return MNL_CB_OK;
}
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 8808ee99..7a7ee066 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -177,8 +177,8 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
int in_table = 0, testing = 0;
const char *tablename = NULL;
const struct xtc_ops *ops = &xtc_ops;
- struct nft_chain_list *chain_list;
- struct nft_chain *chain_obj;
+ struct nftnl_chain_list *chain_list;
+ struct nftnl_chain *chain_obj;
line = 0;
@@ -334,7 +334,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
* on, unvisited chains will be purged out.
*/
if (chain_obj != NULL)
- nft_chain_list_del(chain_obj);
+ nftnl_chain_list_del(chain_obj);
if (strlen(chain) >= XT_EXTENSION_MAXNAMELEN)
xtables_error(PARAMETER_PROBLEM,
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 6b33bed0..50b5b5ae 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -40,7 +40,7 @@ static const struct option options[] = {
static int
do_output(struct nft_handle *h, const char *tablename, bool counters)
{
- struct nft_chain_list *chain_list;
+ struct nftnl_chain_list *chain_list;
if (!tablename)
return nft_for_each_table(h, do_output, counters);