path: root/include
diff options
authorPablo Neira Ayuso <>2017-07-08 05:07:23 +0530
committerPablo Neira Ayuso <>2017-07-17 14:26:30 +0200
commite0146fa254496dc12187053cd0cd6e5d20eb6a43 (patch)
treee41f1d9b9ae20849fe281cf14c97e817c194b68a /include
parentf63405f9203ce7a8464d585ad49ea67fb2c0bb3f (diff)
include: Pass nf_sock where needed as parameter
This socket should not be global, it is also hidden in many layers of code. Expose it as function parameters to decouple the netlink socket handling logic from the command parsing, evaluation and bytecode generation. Joint work with Varsha Rao. Signed-off-by: Varsha Rao <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'include')
6 files changed, 22 insertions, 9 deletions
diff --git a/include/cli.h b/include/cli.h
index 6894f9d0..21052e32 100644
--- a/include/cli.h
+++ b/include/cli.h
@@ -5,9 +5,11 @@
struct parser_state;
-extern int cli_init(struct nft_ctx *nft, struct parser_state *state);
+extern int cli_init(struct nft_ctx *nft, struct mnl_socket *nf_sock,
+ struct parser_state *state);
-static inline int cli_init(struct nft_ctx *nft, struct parser_state *state)
+static inline int cli_init(struct nft_ctx *nft, struct mnl_socket *nf_sock,
+ struct parser_state *state)
return -1;
diff --git a/include/mnl.h b/include/mnl.h
index 9d2d9410..9f5b34f6 100644
--- a/include/mnl.h
+++ b/include/mnl.h
@@ -5,6 +5,9 @@
struct mnl_socket;
+struct mnl_socket *netlink_open_sock(void);
+void netlink_close_sock(struct mnl_socket *nf_sock);
uint32_t mnl_seqnum_alloc(void);
void mnl_genid_get(struct mnl_socket *nf_sock);
diff --git a/include/netlink.h b/include/netlink.h
index bb25ad48..5b43c5c7 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -41,6 +41,7 @@ extern const struct location netlink_location;
* @octx: output context
struct netlink_ctx {
+ struct mnl_socket *nf_sock;
struct list_head *msgs;
struct list_head list;
struct set *set;
@@ -191,8 +192,8 @@ extern void netlink_dump_obj(struct nftnl_obj *nlo);
extern int netlink_batch_send(struct netlink_ctx *ctx, struct list_head *err_list);
-extern void netlink_genid_get(void);
-extern void netlink_restart(void);
+extern void netlink_genid_get(struct mnl_socket *nf_sock);
+extern void netlink_restart(struct mnl_socket *nf_sock);
#define netlink_abi_error() \
__netlink_abi_error(__FILE__, __LINE__, strerror(errno));
extern void __noreturn __netlink_abi_error(const char *file, int line, const char *reason);
@@ -218,6 +219,6 @@ struct netlink_mon_handler {
extern int netlink_monitor(struct netlink_mon_handler *monhandler);
-bool netlink_batch_supported(void);
+bool netlink_batch_supported(struct mnl_socket *nf_sock);
diff --git a/include/nftables.h b/include/nftables.h
index 26fd3441..70bf6b5a 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -114,8 +114,9 @@ struct input_descriptor {
struct parser_state;
+struct mnl_socket;
-int nft_run(struct nft_ctx *nft, void *scanner, struct parser_state *state,
- struct list_head *msgs);
+int nft_run(struct nft_ctx *nft, struct mnl_socket *nf_sock, void *scanner,
+ struct parser_state *state, struct list_head *msgs);
diff --git a/include/parser.h b/include/parser.h
index 92beab28..1815ea1b 100644
--- a/include/parser.h
+++ b/include/parser.h
@@ -29,7 +29,10 @@ struct parser_state {
struct eval_ctx ectx;
-extern void parser_init(struct parser_state *state, struct list_head *msgs);
+struct mnl_socket;
+extern void parser_init(struct mnl_socket *nf_sock, struct parser_state *state,
+ struct list_head *msgs);
extern int nft_parse(void *, struct parser_state *state);
extern void *scanner_init(struct parser_state *state);
diff --git a/include/rule.h b/include/rule.h
index 24c73d85..ddad6d40 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -457,6 +457,7 @@ extern void cmd_free(struct cmd *cmd);
* struct eval_ctx - evaluation context
+ * @nf_sock: netlink socket (for caching)
* @msgs: message queue
* @cmd: current command
* @table: current table
@@ -467,6 +468,7 @@ extern void cmd_free(struct cmd *cmd);
* @pctx: payload context
struct eval_ctx {
+ struct mnl_socket *nf_sock;
struct list_head *msgs;
struct cmd *cmd;
struct table *table;
@@ -484,7 +486,8 @@ extern struct error_record *rule_postprocess(struct rule *rule);
struct netlink_ctx;
extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
-extern int cache_update(enum cmd_ops cmd, struct list_head *msgs);
+extern int cache_update(struct mnl_socket *nf_sock, enum cmd_ops cmd,
+ struct list_head *msgs);
extern void cache_flush(void);
extern void cache_release(void);