diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-09-15 13:20:34 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-09-16 15:14:33 +0200 |
| commit | d6f06c3069990759a95a28c5dfcb76e9c6eebae0 (patch) | |
| tree | d685c0921304b259518e3e1214cad8c95d4603db /src/netlink.c | |
| parent | b716c2b48a77fd0c01be128d704d9cd2cd5243b3 (diff) | |
src: use new symbols in libnftnl
Adapt the nftables code to use the new symbols in libnftnl. This patch contains
quite some renaming to reserve the nft_ prefix for our high level library.
Explicitly request libnftnl 1.0.5 at configure stage.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink.c')
| -rw-r--r-- | src/netlink.c | 712 |
1 files changed, 356 insertions, 356 deletions
diff --git a/src/netlink.c b/src/netlink.c index 4371c0a1..ad1f16df 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -118,98 +118,98 @@ void __noreturn __netlink_init_error(const char *filename, int line, exit(NFT_EXIT_NONL); } -struct nft_table *alloc_nft_table(const struct handle *h) +struct nftnl_table *alloc_nftnl_table(const struct handle *h) { - struct nft_table *nlt; + struct nftnl_table *nlt; - nlt = nft_table_alloc(); + nlt = nftnl_table_alloc(); if (nlt == NULL) memory_allocation_error(); - nft_table_attr_set_u32(nlt, NFT_TABLE_ATTR_FAMILY, h->family); + nftnl_table_set_u32(nlt, NFTNL_TABLE_FAMILY, h->family); if (h->table != NULL) - nft_table_attr_set(nlt, NFT_TABLE_ATTR_NAME, h->table); + nftnl_table_set(nlt, NFTNL_TABLE_NAME, h->table); return nlt; } -struct nft_chain *alloc_nft_chain(const struct handle *h) +struct nftnl_chain *alloc_nftnl_chain(const struct handle *h) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; - nlc = nft_chain_alloc(); + nlc = nftnl_chain_alloc(); if (nlc == NULL) memory_allocation_error(); - nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_FAMILY, h->family); - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_TABLE, h->table); + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, h->family); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, h->table); if (h->handle != 0) - nft_chain_attr_set_u64(nlc, NFT_CHAIN_ATTR_HANDLE, h->handle); + nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE, h->handle); if (h->chain != NULL) - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_NAME, h->chain); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, h->chain); return nlc; } -struct nft_rule *alloc_nft_rule(const struct handle *h) +struct nftnl_rule *alloc_nftnl_rule(const struct handle *h) { - struct nft_rule *nlr; + struct nftnl_rule *nlr; - nlr = nft_rule_alloc(); + nlr = nftnl_rule_alloc(); if (nlr == NULL) memory_allocation_error(); - nft_rule_attr_set_u32(nlr, NFT_RULE_ATTR_FAMILY, h->family); - nft_rule_attr_set_str(nlr, NFT_RULE_ATTR_TABLE, h->table); + nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family); + nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table); if (h->chain != NULL) - nft_rule_attr_set_str(nlr, NFT_RULE_ATTR_CHAIN, h->chain); + nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain); if (h->handle) - nft_rule_attr_set_u64(nlr, NFT_RULE_ATTR_HANDLE, h->handle); + nftnl_rule_set_u64(nlr, NFTNL_RULE_HANDLE, h->handle); if (h->position) - nft_rule_attr_set_u64(nlr, NFT_RULE_ATTR_POSITION, h->position); + nftnl_rule_set_u64(nlr, NFTNL_RULE_POSITION, h->position); if (h->comment) - nft_rule_attr_set_data(nlr, NFT_RULE_ATTR_USERDATA, + nftnl_rule_set_data(nlr, NFTNL_RULE_USERDATA, h->comment, strlen(h->comment) + 1); return nlr; } -struct nft_rule_expr *alloc_nft_expr(const char *name) +struct nftnl_expr *alloc_nft_expr(const char *name) { - struct nft_rule_expr *nle; + struct nftnl_expr *nle; - nle = nft_rule_expr_alloc(name); + nle = nftnl_expr_alloc(name); if (nle == NULL) memory_allocation_error(); return nle; } -struct nft_set *alloc_nft_set(const struct handle *h) +struct nftnl_set *alloc_nftnl_set(const struct handle *h) { - struct nft_set *nls; + struct nftnl_set *nls; - nls = nft_set_alloc(); + nls = nftnl_set_alloc(); if (nls == NULL) memory_allocation_error(); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_FAMILY, h->family); - nft_set_attr_set_str(nls, NFT_SET_ATTR_TABLE, h->table); + nftnl_set_set_u32(nls, NFTNL_SET_FAMILY, h->family); + nftnl_set_set_str(nls, NFTNL_SET_TABLE, h->table); if (h->set != NULL) - nft_set_attr_set_str(nls, NFT_SET_ATTR_NAME, h->set); + nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set); if (h->set_id) - nft_set_attr_set_u32(nls, NFT_SET_ATTR_ID, h->set_id); + nftnl_set_set_u32(nls, NFTNL_SET_ID, h->set_id); return nls; } -static struct nft_set_elem *alloc_nft_setelem(const struct expr *expr) +static struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *expr) { const struct expr *elem, *key, *data; - struct nft_set_elem *nlse; + struct nftnl_set_elem *nlse; struct nft_data_linearize nld; - nlse = nft_set_elem_alloc(); + nlse = nftnl_set_elem_alloc(); if (nlse == NULL) memory_allocation_error(); @@ -224,26 +224,26 @@ static struct nft_set_elem *alloc_nft_setelem(const struct expr *expr) key = elem->key; netlink_gen_data(key, &nld); - nft_set_elem_attr_set(nlse, NFT_SET_ELEM_ATTR_KEY, &nld.value, nld.len); + nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_KEY, &nld.value, nld.len); if (elem->timeout) - nft_set_elem_attr_set_u64(nlse, NFT_SET_ELEM_ATTR_TIMEOUT, + nftnl_set_elem_set_u64(nlse, NFTNL_SET_ELEM_TIMEOUT, elem->timeout); if (elem->comment) - nft_set_elem_attr_set(nlse, NFT_SET_ELEM_ATTR_USERDATA, + nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_USERDATA, elem->comment, strlen(elem->comment) + 1); if (data != NULL) { netlink_gen_data(data, &nld); switch (data->ops->type) { case EXPR_VERDICT: - nft_set_elem_attr_set_u32(nlse, NFT_SET_ELEM_ATTR_VERDICT, + nftnl_set_elem_set_u32(nlse, NFTNL_SET_ELEM_VERDICT, data->verdict); if (data->chain != NULL) - nft_set_elem_attr_set(nlse, NFT_SET_ELEM_ATTR_CHAIN, + nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_CHAIN, nld.chain, strlen(nld.chain)); break; case EXPR_VALUE: - nft_set_elem_attr_set(nlse, NFT_SET_ELEM_ATTR_DATA, + nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_DATA, nld.value, nld.len); break; default: @@ -253,7 +253,7 @@ static struct nft_set_elem *alloc_nft_setelem(const struct expr *expr) } if (expr->flags & EXPR_F_INTERVAL_END) - nft_set_elem_attr_set_u32(nlse, NFT_SET_ELEM_ATTR_FLAGS, + nftnl_set_elem_set_u32(nlse, NFTNL_SET_ELEM_FLAGS, NFT_SET_ELEM_INTERVAL_END); return nlse; @@ -368,13 +368,13 @@ int netlink_add_rule_batch(struct netlink_ctx *ctx, const struct handle *h, const struct rule *rule, uint32_t flags) { - struct nft_rule *nlr; + struct nftnl_rule *nlr; int err; - nlr = alloc_nft_rule(&rule->handle); + nlr = alloc_nftnl_rule(&rule->handle); netlink_linearize_rule(ctx, nlr, rule); err = mnl_nft_rule_batch_add(nlr, flags | NLM_F_EXCL, ctx->seqnum); - nft_rule_free(nlr); + nftnl_rule_free(nlr); if (err < 0) netlink_io_error(ctx, &rule->location, "Could not add rule to batch: %s", @@ -398,12 +398,12 @@ int netlink_add_rule_list(struct netlink_ctx *ctx, const struct handle *h, int netlink_del_rule_batch(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_rule *nlr; + struct nftnl_rule *nlr; int err; - nlr = alloc_nft_rule(h); + nlr = alloc_nftnl_rule(h); err = mnl_nft_rule_batch_del(nlr, 0, ctx->seqnum); - nft_rule_free(nlr); + nftnl_rule_free(nlr); if (err < 0) netlink_io_error(ctx, loc, "Could not delete rule to batch: %s", @@ -411,7 +411,7 @@ int netlink_del_rule_batch(struct netlink_ctx *ctx, const struct handle *h, return err; } -void netlink_dump_rule(struct nft_rule *nlr) +void netlink_dump_rule(struct nftnl_rule *nlr) { #ifdef DEBUG char buf[4096]; @@ -419,12 +419,12 @@ void netlink_dump_rule(struct nft_rule *nlr) if (!(debug_level & DEBUG_NETLINK)) return; - nft_rule_snprintf(buf, sizeof(buf), nlr, 0, 0); + nftnl_rule_snprintf(buf, sizeof(buf), nlr, 0, 0); fprintf(stdout, "%s\n", buf); #endif } -void netlink_dump_expr(struct nft_rule_expr *nle) +void netlink_dump_expr(struct nftnl_expr *nle) { #ifdef DEBUG char buf[4096]; @@ -432,12 +432,12 @@ void netlink_dump_expr(struct nft_rule_expr *nle) if (!(debug_level & DEBUG_NETLINK)) return; - nft_rule_expr_snprintf(buf, sizeof(buf), nle, 0, 0); + nftnl_expr_snprintf(buf, sizeof(buf), nle, 0, 0); fprintf(stdout, "%s\n", buf); #endif } -static int list_rule_cb(struct nft_rule *nlr, void *arg) +static int list_rule_cb(struct nftnl_rule *nlr, void *arg) { struct netlink_ctx *ctx = arg; const struct handle *h = ctx->data; @@ -445,9 +445,9 @@ static int list_rule_cb(struct nft_rule *nlr, void *arg) const char *table, *chain; uint32_t family; - family = nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY); - table = nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_TABLE); - chain = nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_CHAIN); + family = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY); + table = nftnl_rule_get_str(nlr, NFTNL_RULE_TABLE); + chain = nftnl_rule_get_str(nlr, NFTNL_RULE_CHAIN); if (h->family != family || strcmp(table, h->table) != 0 || @@ -464,7 +464,7 @@ static int list_rule_cb(struct nft_rule *nlr, void *arg) static int netlink_list_rules(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_rule_list *rule_cache; + struct nftnl_rule_list *rule_cache; rule_cache = mnl_nft_rule_dump(nf_sock, h->family); if (rule_cache == NULL) { @@ -477,8 +477,8 @@ static int netlink_list_rules(struct netlink_ctx *ctx, const struct handle *h, } ctx->data = h; - nft_rule_list_foreach(rule_cache, list_rule_cb, ctx); - nft_rule_list_free(rule_cache); + nftnl_rule_list_foreach(rule_cache, list_rule_cb, ctx); + nftnl_rule_list_free(rule_cache); return 0; } @@ -488,7 +488,7 @@ static int netlink_flush_rules(struct netlink_ctx *ctx, const struct handle *h, return netlink_del_rule_batch(ctx, h, loc); } -void netlink_dump_chain(struct nft_chain *nlc) +void netlink_dump_chain(struct nftnl_chain *nlc) { #ifdef DEBUG char buf[4096]; @@ -496,7 +496,7 @@ void netlink_dump_chain(struct nft_chain *nlc) if (!(debug_level & DEBUG_NETLINK)) return; - nft_chain_snprintf(buf, sizeof(buf), nlc, 0, 0); + nftnl_chain_snprintf(buf, sizeof(buf), nlc, 0, 0); fprintf(stdout, "%s\n", buf); #endif } @@ -506,27 +506,27 @@ static int netlink_add_chain_compat(struct netlink_ctx *ctx, const struct location *loc, const struct chain *chain, bool excl) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; int err; - nlc = alloc_nft_chain(h); + nlc = alloc_nftnl_chain(h); if (chain != NULL) { if (chain->flags & CHAIN_F_BASECHAIN) { - nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_HOOKNUM, + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM, chain->hooknum); - nft_chain_attr_set_s32(nlc, NFT_CHAIN_ATTR_PRIO, + nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO, chain->priority); - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_TYPE, + nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE, chain->type); } if (chain->policy != -1) - nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_POLICY, + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY, chain->policy); } netlink_dump_chain(nlc); err = mnl_nft_chain_add(nf_sock, nlc, excl ? NLM_F_EXCL : 0); - nft_chain_free(nlc); + nftnl_chain_free(nlc); if (err < 0) netlink_io_error(ctx, loc, "Could not add chain: %s", @@ -539,31 +539,31 @@ static int netlink_add_chain_batch(struct netlink_ctx *ctx, const struct location *loc, const struct chain *chain, bool excl) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; int err; - nlc = alloc_nft_chain(h); + nlc = alloc_nftnl_chain(h); if (chain != NULL) { if (chain->flags & CHAIN_F_BASECHAIN) { - nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_HOOKNUM, + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM, chain->hooknum); - nft_chain_attr_set_s32(nlc, NFT_CHAIN_ATTR_PRIO, + nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO, chain->priority); - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_TYPE, + nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE, chain->type); } if (chain->policy != -1) - nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_POLICY, + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY, chain->policy); if (chain->dev != NULL) - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_DEV, + nftnl_chain_set_str(nlc, NFTNL_CHAIN_DEV, chain->dev); } netlink_dump_chain(nlc); err = mnl_nft_chain_batch_add(nlc, excl ? NLM_F_EXCL : 0, ctx->seqnum); - nft_chain_free(nlc); + nftnl_chain_free(nlc); if (err < 0) netlink_io_error(ctx, loc, "Could not add chain: %s", @@ -586,14 +586,14 @@ static int netlink_rename_chain_compat(struct netlink_ctx *ctx, const struct location *loc, const char *name) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; int err; - nlc = alloc_nft_chain(h); - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_NAME, name); + nlc = alloc_nftnl_chain(h); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, name); netlink_dump_chain(nlc); err = mnl_nft_chain_add(nf_sock, nlc, 0); - nft_chain_free(nlc); + nftnl_chain_free(nlc); if (err < 0) netlink_io_error(ctx, loc, "Could not rename chain: %s", @@ -606,14 +606,14 @@ static int netlink_rename_chain_batch(struct netlink_ctx *ctx, const struct location *loc, const char *name) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; int err; - nlc = alloc_nft_chain(h); - nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_NAME, name); + nlc = alloc_nftnl_chain(h); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, name); netlink_dump_chain(nlc); err = mnl_nft_chain_batch_add(nlc, 0, ctx->seqnum); - nft_chain_free(nlc); + nftnl_chain_free(nlc); if (err < 0) netlink_io_error(ctx, loc, "Could not rename chain: %s", @@ -634,13 +634,13 @@ static int netlink_del_chain_compat(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; int err; - nlc = alloc_nft_chain(h); + nlc = alloc_nftnl_chain(h); netlink_dump_chain(nlc); err = mnl_nft_chain_delete(nf_sock, nlc, 0); - nft_chain_free(nlc); + nftnl_chain_free(nlc); if (err < 0) netlink_io_error(ctx, loc, "Could not delete chain: %s", @@ -652,13 +652,13 @@ static int netlink_del_chain_batch(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; int err; - nlc = alloc_nft_chain(h); + nlc = alloc_nftnl_chain(h); netlink_dump_chain(nlc); err = mnl_nft_chain_batch_del(nlc, 0, ctx->seqnum); - nft_chain_free(nlc); + nftnl_chain_free(nlc); if (err < 0) netlink_io_error(ctx, loc, "Could not delete chain: %s", @@ -676,35 +676,35 @@ int netlink_delete_chain(struct netlink_ctx *ctx, const struct handle *h, } static struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx, - struct nft_chain *nlc) + struct nftnl_chain *nlc) { struct chain *chain; - chain = chain_alloc(nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_NAME)); + chain = chain_alloc(nftnl_chain_get_str(nlc, NFTNL_CHAIN_NAME)); chain->handle.family = - nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_FAMILY); + nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY); chain->handle.table = - xstrdup(nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_TABLE)); + xstrdup(nftnl_chain_get_str(nlc, NFTNL_CHAIN_TABLE)); chain->handle.handle = - nft_chain_attr_get_u64(nlc, NFT_CHAIN_ATTR_HANDLE); + nftnl_chain_get_u64(nlc, NFTNL_CHAIN_HANDLE); - if (nft_chain_attr_is_set(nlc, NFT_CHAIN_ATTR_HOOKNUM) && - nft_chain_attr_is_set(nlc, NFT_CHAIN_ATTR_PRIO) && - nft_chain_attr_is_set(nlc, NFT_CHAIN_ATTR_TYPE) && - nft_chain_attr_is_set(nlc, NFT_CHAIN_ATTR_POLICY)) { + if (nftnl_chain_is_set(nlc, NFTNL_CHAIN_HOOKNUM) && + nftnl_chain_is_set(nlc, NFTNL_CHAIN_PRIO) && + nftnl_chain_is_set(nlc, NFTNL_CHAIN_TYPE) && + nftnl_chain_is_set(nlc, NFTNL_CHAIN_POLICY)) { chain->hooknum = - nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_HOOKNUM); + nftnl_chain_get_u32(nlc, NFTNL_CHAIN_HOOKNUM); chain->hookstr = hooknum2str(chain->handle.family, chain->hooknum); chain->priority = - nft_chain_attr_get_s32(nlc, NFT_CHAIN_ATTR_PRIO); + nftnl_chain_get_s32(nlc, NFTNL_CHAIN_PRIO); chain->type = - xstrdup(nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_TYPE)); + xstrdup(nftnl_chain_get_str(nlc, NFTNL_CHAIN_TYPE)); chain->policy = - nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_POLICY); - if (nft_chain_attr_is_set(nlc, NFT_CHAIN_ATTR_DEV)) { + nftnl_chain_get_u32(nlc, NFTNL_CHAIN_POLICY); + if (nftnl_chain_is_set(nlc, NFTNL_CHAIN_DEV)) { chain->dev = - xstrdup(nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_DEV)); + xstrdup(nftnl_chain_get_str(nlc, NFTNL_CHAIN_DEV)); } chain->flags |= CHAIN_F_BASECHAIN; } @@ -712,7 +712,7 @@ static struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx, return chain; } -static int list_chain_cb(struct nft_chain *nlc, void *arg) +static int list_chain_cb(struct nftnl_chain *nlc, void *arg) { struct netlink_ctx *ctx = arg; const struct handle *h = ctx->data; @@ -721,9 +721,9 @@ static int list_chain_cb(struct nft_chain *nlc, void *arg) struct chain *chain; uint32_t family; - table = nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_TABLE); - name = nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_NAME); - family = nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_FAMILY); + table = nftnl_chain_get_str(nlc, NFTNL_CHAIN_TABLE); + name = nftnl_chain_get_str(nlc, NFTNL_CHAIN_NAME); + family = nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY); if (h->family != family || strcmp(table, h->table) != 0) return 0; @@ -739,7 +739,7 @@ static int list_chain_cb(struct nft_chain *nlc, void *arg) int netlink_list_chains(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_chain_list *chain_cache; + struct nftnl_chain_list *chain_cache; struct chain *chain; chain_cache = mnl_nft_chain_dump(nf_sock, h->family); @@ -753,8 +753,8 @@ int netlink_list_chains(struct netlink_ctx *ctx, const struct handle *h, } ctx->data = h; - nft_chain_list_foreach(chain_cache, list_chain_cb, ctx); - nft_chain_list_free(chain_cache); + nftnl_chain_list_foreach(chain_cache, list_chain_cb, ctx); + nftnl_chain_list_free(chain_cache); /* Caller wants all existing chains */ if (h->chain == NULL) @@ -775,11 +775,11 @@ int netlink_list_chains(struct netlink_ctx *ctx, const struct handle *h, int netlink_get_chain(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; struct chain *chain; int err; - nlc = alloc_nft_chain(h); + nlc = alloc_nftnl_chain(h); err = mnl_nft_chain_get(nf_sock, nlc, 0); if (err < 0) { netlink_io_error(ctx, loc, @@ -791,7 +791,7 @@ int netlink_get_chain(struct netlink_ctx *ctx, const struct handle *h, chain = netlink_delinearize_chain(ctx, nlc); list_add_tail(&chain->list, &ctx->list); out: - nft_chain_free(nlc); + nftnl_chain_free(nlc); return err; } @@ -812,12 +812,12 @@ static int netlink_add_table_compat(struct netlink_ctx *ctx, const struct location *loc, const struct table *table, bool excl) { - struct nft_table *nlt; + struct nftnl_table *nlt; int err; - nlt = alloc_nft_table(h); + nlt = alloc_nftnl_table(h); err = mnl_nft_table_add(nf_sock, nlt, excl ? NLM_F_EXCL : 0); - nft_table_free(nlt); + nftnl_table_free(nlt); if (err < 0) netlink_io_error(ctx, loc, "Could not add table: %s", @@ -830,18 +830,18 @@ static int netlink_add_table_batch(struct netlink_ctx *ctx, const struct location *loc, const struct table *table, bool excl) { - struct nft_table *nlt; + struct nftnl_table *nlt; int err; - nlt = alloc_nft_table(h); + nlt = alloc_nftnl_table(h); if (table != NULL) - nft_table_attr_set_u32(nlt, NFT_TABLE_ATTR_FLAGS, table->flags); + nftnl_table_set_u32(nlt, NFTNL_TABLE_FLAGS, table->flags); else - nft_table_attr_set_u32(nlt, NFT_TABLE_ATTR_FLAGS, 0); + nftnl_table_set_u32(nlt, NFTNL_TABLE_FLAGS, 0); err = mnl_nft_table_batch_add(nlt, excl ? NLM_F_EXCL : 0, ctx->seqnum); - nft_table_free(nlt); + nftnl_table_free(nlt); if (err < 0) netlink_io_error(ctx, loc, "Could not add table: %s", @@ -863,12 +863,12 @@ static int netlink_del_table_compat(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_table *nlt; + struct nftnl_table *nlt; int err; - nlt = alloc_nft_table(h); + nlt = alloc_nftnl_table(h); err = mnl_nft_table_delete(nf_sock, nlt, 0); - nft_table_free(nlt); + nftnl_table_free(nlt); if (err < 0) netlink_io_error(ctx, loc, "Could not delete table: %s", @@ -880,12 +880,12 @@ static int netlink_del_table_batch(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_table *nlt; + struct nftnl_table *nlt; int err; - nlt = alloc_nft_table(h); + nlt = alloc_nftnl_table(h); err = mnl_nft_table_batch_del(nlt, 0, ctx->seqnum); - nft_table_free(nlt); + nftnl_table_free(nlt); if (err < 0) netlink_io_error(ctx, loc, "Could not delete table: %s", @@ -902,7 +902,7 @@ int netlink_delete_table(struct netlink_ctx *ctx, const struct handle *h, return netlink_del_table_compat(ctx, h, loc); } -void netlink_dump_table(struct nft_table *nlt) +void netlink_dump_table(struct nftnl_table *nlt) { #ifdef DEBUG char buf[4096]; @@ -910,28 +910,28 @@ void netlink_dump_table(struct nft_table *nlt) if (!(debug_level & DEBUG_NETLINK)) return; - nft_table_snprintf(buf, sizeof(buf), nlt, 0, 0); + nftnl_table_snprintf(buf, sizeof(buf), nlt, 0, 0); fprintf(stdout, "%s\n", buf); #endif } static struct table *netlink_delinearize_table(struct netlink_ctx *ctx, - struct nft_table *nlt) + struct nftnl_table *nlt) { struct table *table; table = table_alloc(); table->handle.family = - nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY); + nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY); table->handle.table = - xstrdup(nft_table_attr_get_str(nlt, NFT_TABLE_ATTR_NAME)); + xstrdup(nftnl_table_get_str(nlt, NFTNL_TABLE_NAME)); table->flags = - nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FLAGS); + nftnl_table_get_u32(nlt, NFTNL_TABLE_FLAGS); return table; } -static int list_table_cb(struct nft_table *nlt, void *arg) +static int list_table_cb(struct nftnl_table *nlt, void *arg) { struct netlink_ctx *ctx = arg; struct table *table; @@ -945,7 +945,7 @@ static int list_table_cb(struct nft_table *nlt, void *arg) int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_table_list *table_cache; + struct nftnl_table_list *table_cache; table_cache = mnl_nft_table_dump(nf_sock, h->family); if (table_cache == NULL) { @@ -957,19 +957,19 @@ int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h, strerror(errno)); } - nft_table_list_foreach(table_cache, list_table_cb, ctx); - nft_table_list_free(table_cache); + nftnl_table_list_foreach(table_cache, list_table_cb, ctx); + nftnl_table_list_free(table_cache); return 0; } int netlink_get_table(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc, struct table *table) { - struct nft_table *nlt; + struct nftnl_table *nlt; struct table *ntable; int err; - nlt = alloc_nft_table(h); + nlt = alloc_nftnl_table(h); err = mnl_nft_table_get(nf_sock, nlt, 0); if (err < 0) { netlink_io_error(ctx, loc, @@ -982,7 +982,7 @@ int netlink_get_table(struct netlink_ctx *ctx, const struct handle *h, table->flags = ntable->flags; table_free(ntable); out: - nft_table_free(nlt); + nftnl_table_free(nlt); return err; } @@ -1020,7 +1020,7 @@ static const struct datatype *dtype_map_from_kernel(enum nft_data_types type) } } -void netlink_dump_set(struct nft_set *nls) +void netlink_dump_set(struct nftnl_set *nls) { #ifdef DEBUG char buf[4096]; @@ -1028,19 +1028,19 @@ void netlink_dump_set(struct nft_set *nls) if (!(debug_level & DEBUG_NETLINK)) return; - nft_set_snprintf(buf, sizeof(buf), nls, 0, 0); + nftnl_set_snprintf(buf, sizeof(buf), nls, 0, 0); fprintf(stdout, "%s\n", buf); #endif } static struct set *netlink_delinearize_set(struct netlink_ctx *ctx, - struct nft_set *nls) + struct nftnl_set *nls) { struct set *set; const struct datatype *keytype, *datatype; uint32_t flags, key, data, data_len; - key = nft_set_attr_get_u32(nls, NFT_SET_ATTR_KEY_TYPE); + key = nftnl_set_get_u32(nls, NFTNL_SET_KEY_TYPE); keytype = dtype_map_from_kernel(key); if (keytype == NULL) { netlink_io_error(ctx, NULL, "Unknown data type in set key %u", @@ -1048,9 +1048,9 @@ static struct set *netlink_delinearize_set(struct netlink_ctx *ctx, return NULL; } - flags = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FLAGS); + flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS); if (flags & NFT_SET_MAP) { - data = nft_set_attr_get_u32(nls, NFT_SET_ATTR_DATA_TYPE); + data = nftnl_set_get_u32(nls, NFTNL_SET_DATA_TYPE); datatype = dtype_map_from_kernel(data); if (datatype == NULL) { netlink_io_error(ctx, NULL, @@ -1062,35 +1062,35 @@ static struct set *netlink_delinearize_set(struct netlink_ctx *ctx, datatype = NULL; set = set_alloc(&netlink_location); - set->handle.family = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY); + set->handle.family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY); set->handle.table = - xstrdup(nft_set_attr_get_str(nls, NFT_SET_ATTR_TABLE)); + xstrdup(nftnl_set_get_str(nls, NFTNL_SET_TABLE)); set->handle.set = - xstrdup(nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME)); + xstrdup(nftnl_set_get_str(nls, NFTNL_SET_NAME)); set->keytype = keytype; set->keylen = - nft_set_attr_get_u32(nls, NFT_SET_ATTR_KEY_LEN) * BITS_PER_BYTE; + nftnl_set_get_u32(nls, NFTNL_SET_KEY_LEN) * BITS_PER_BYTE; - set->flags = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FLAGS); + set->flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS); set->datatype = datatype; - if (nft_set_attr_is_set(nls, NFT_SET_ATTR_DATA_LEN)) { - data_len = nft_set_attr_get_u32(nls, NFT_SET_ATTR_DATA_LEN); + if (nftnl_set_is_set(nls, NFTNL_SET_DATA_LEN)) { + data_len = nftnl_set_get_u32(nls, NFTNL_SET_DATA_LEN); set->datalen = data_len * BITS_PER_BYTE; } - if (nft_set_attr_is_set(nls, NFT_SET_ATTR_TIMEOUT)) - set->timeout = nft_set_attr_get_u64(nls, NFT_SET_ATTR_TIMEOUT); - if (nft_set_attr_is_set(nls, NFT_SET_ATTR_GC_INTERVAL)) - set->gc_int = nft_set_attr_get_u32(nls, NFT_SET_ATTR_GC_INTERVAL); + if (nftnl_set_is_set(nls, NFTNL_SET_TIMEOUT)) + set->timeout = nftnl_set_get_u64(nls, NFTNL_SET_TIMEOUT); + if (nftnl_set_is_set(nls, NFTNL_SET_GC_INTERVAL)) + set->gc_int = nftnl_set_get_u32(nls, NFTNL_SET_GC_INTERVAL); - if (nft_set_attr_is_set(nls, NFT_SET_ATTR_POLICY)) - set->policy = nft_set_attr_get_u32(nls, NFT_SET_ATTR_POLICY); + if (nftnl_set_is_set(nls, NFTNL_SET_POLICY)) + set->policy = nftnl_set_get_u32(nls, NFTNL_SET_POLICY); - if (nft_set_attr_is_set(nls, NFT_SET_ATTR_DESC_SIZE)) - set->desc.size = nft_set_attr_get_u32(nls, - NFT_SET_ATTR_DESC_SIZE); + if (nftnl_set_is_set(nls, NFTNL_SET_DESC_SIZE)) + set->desc.size = nftnl_set_get_u32(nls, + NFTNL_SET_DESC_SIZE); return set; } @@ -1098,19 +1098,19 @@ static struct set *netlink_delinearize_set(struct netlink_ctx *ctx, static int netlink_add_set_compat(struct netlink_ctx *ctx, const struct handle *h, struct set *set) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_FLAGS, set->flags); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_TYPE, + nls = alloc_nftnl_set(h); + nftnl_set_set_u32(nls, NFTNL_SET_FLAGS, set->flags); + nftnl_set_set_u32(nls, NFTNL_SET_KEY_TYPE, dtype_map_to_kernel(set->keytype)); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_LEN, + nftnl_set_set_u32(nls, NFTNL_SET_KEY_LEN, set->keylen / BITS_PER_BYTE); if (set->flags & NFT_SET_MAP) { - nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_TYPE, + nftnl_set_set_u32(nls, NFTNL_SET_DATA_TYPE, dtype_map_to_kernel(set->datatype)); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_LEN, + nftnl_set_set_u32(nls, NFTNL_SET_DATA_LEN, set->datalen / BITS_PER_BYTE); } netlink_dump_set(nls); @@ -1121,8 +1121,8 @@ static int netlink_add_set_compat(struct netlink_ctx *ctx, strerror(errno)); set->handle.set = - xstrdup(nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME)); - nft_set_free(nls); + xstrdup(nftnl_set_get_str(nls, NFTNL_SET_NAME)); + nftnl_set_free(nls); return err; } @@ -1130,36 +1130,36 @@ static int netlink_add_set_compat(struct netlink_ctx *ctx, static int netlink_add_set_batch(struct netlink_ctx *ctx, const struct handle *h, struct set *set) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_FLAGS, set->flags); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_TYPE, + nls = alloc_nftnl_set(h); + nftnl_set_set_u32(nls, NFTNL_SET_FLAGS, set->flags); + nftnl_set_set_u32(nls, NFTNL_SET_KEY_TYPE, dtype_map_to_kernel(set->keytype)); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_KEY_LEN, + nftnl_set_set_u32(nls, NFTNL_SET_KEY_LEN, set->keylen / BITS_PER_BYTE); if (set->flags & NFT_SET_MAP) { - nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_TYPE, + nftnl_set_set_u32(nls, NFTNL_SET_DATA_TYPE, dtype_map_to_kernel(set->datatype)); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_DATA_LEN, + nftnl_set_set_u32(nls, NFTNL_SET_DATA_LEN, set->datalen / BITS_PER_BYTE); } if (set->timeout) - nft_set_attr_set_u64(nls, NFT_SET_ATTR_TIMEOUT, set->timeout); + nftnl_set_set_u64(nls, NFTNL_SET_TIMEOUT, set->timeout); if (set->gc_int) - nft_set_attr_set_u32(nls, NFT_SET_ATTR_GC_INTERVAL, set->gc_int); + nftnl_set_set_u32(nls, NFTNL_SET_GC_INTERVAL, set->gc_int); - nft_set_attr_set_u32(nls, NFT_SET_ATTR_ID, set->handle.set_id); + nftnl_set_set_u32(nls, NFTNL_SET_ID, set->handle.set_id); if (!(set->flags & (SET_F_CONSTANT))) { if (set->policy != NFT_SET_POL_PERFORMANCE) { - nft_set_attr_set_u32(nls, NFT_SET_ATTR_POLICY, + nftnl_set_set_u32(nls, NFTNL_SET_POLICY, set->policy); } if (set->desc.size != 0) { - nft_set_attr_set_u32(nls, NFT_SET_ATTR_DESC_SIZE, + nftnl_set_set_u32(nls, NFTNL_SET_DESC_SIZE, set->desc.size); } } @@ -1170,7 +1170,7 @@ static int netlink_add_set_batch(struct netlink_ctx *ctx, if (err < 0) netlink_io_error(ctx, &set->location, "Could not add set: %s", strerror(errno)); - nft_set_free(nls); + nftnl_set_free(nls); return err; } @@ -1188,12 +1188,12 @@ static int netlink_del_set_compat(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); err = mnl_nft_set_delete(nf_sock, nls, 0); - nft_set_free(nls); + nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, loc, "Could not delete set: %s", @@ -1205,12 +1205,12 @@ static int netlink_del_set_batch(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); err = mnl_nft_set_batch_del(nls, 0, ctx->seqnum); - nft_set_free(nls); + nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, loc, "Could not delete set: %s", @@ -1227,7 +1227,7 @@ int netlink_delete_set(struct netlink_ctx *ctx, const struct handle *h, return netlink_del_set_compat(ctx, h, loc); } -static int list_set_cb(struct nft_set *nls, void *arg) +static int list_set_cb(struct nftnl_set *nls, void *arg) { struct netlink_ctx *ctx = arg; struct set *set; @@ -1242,7 +1242,7 @@ static int list_set_cb(struct nft_set *nls, void *arg) int netlink_list_sets(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_set_list *set_cache; + struct nftnl_set_list *set_cache; int err; set_cache = mnl_nft_set_dump(nf_sock, h->family, h->table); @@ -1255,29 +1255,29 @@ int netlink_list_sets(struct netlink_ctx *ctx, const struct handle *h, strerror(errno)); } - err = nft_set_list_foreach(set_cache, list_set_cb, ctx); - nft_set_list_free(set_cache); + err = nftnl_set_list_foreach(set_cache, list_set_cb, ctx); + nftnl_set_list_free(set_cache); return err; } int netlink_get_set(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_set *nls; + struct nftnl_set *nls; struct set *set; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); err = mnl_nft_set_get(nf_sock, nls); if (err < 0) { - nft_set_free(nls); + nftnl_set_free(nls); return netlink_io_error(ctx, loc, "Could not receive set from kernel: %s", strerror(errno)); } set = netlink_delinearize_set(ctx, nls); - nft_set_free(nls); + nftnl_set_free(nls); if (set == NULL) return -1; list_add_tail(&set->list, &ctx->list); @@ -1285,14 +1285,14 @@ int netlink_get_set(struct netlink_ctx *ctx, const struct handle *h, return err; } -static void alloc_setelem_cache(const struct expr *set, struct nft_set *nls) +static void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls) { - struct nft_set_elem *nlse; + struct nftnl_set_elem *nlse; const struct expr *expr; list_for_each_entry(expr, &set->expressions, list) { - nlse = alloc_nft_setelem(expr); - nft_set_elem_add(nls, nlse); + nlse = alloc_nftnl_setelem(expr); + nftnl_set_elem_add(nls, nlse); } } @@ -1300,15 +1300,15 @@ static int netlink_add_setelems_batch(struct netlink_ctx *ctx, const struct handle *h, const struct expr *expr) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); alloc_setelem_cache(expr, nls); netlink_dump_set(nls); err = mnl_nft_setelem_batch_add(nls, 0, ctx->seqnum); - nft_set_free(nls); + nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, &expr->location, "Could not add set elements: %s", @@ -1320,15 +1320,15 @@ static int netlink_add_setelems_compat(struct netlink_ctx *ctx, const struct handle *h, const struct expr *expr) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); alloc_setelem_cache(expr, nls); netlink_dump_set(nls); err = mnl_nft_setelem_add(nf_sock, nls, 0); - nft_set_free(nls); + nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, &expr->location, "Could not add set elements: %s", @@ -1349,15 +1349,15 @@ static int netlink_del_setelems_batch(struct netlink_ctx *ctx, const struct handle *h, const struct expr *expr) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); alloc_setelem_cache(expr, nls); netlink_dump_set(nls); err = mnl_nft_setelem_batch_del(nls, 0, ctx->seqnum); - nft_set_free(nls); + nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, &expr->location, "Could not delete set elements: %s", @@ -1369,15 +1369,15 @@ static int netlink_del_setelems_compat(struct netlink_ctx *ctx, const struct handle *h, const struct expr *expr) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); alloc_setelem_cache(expr, nls); netlink_dump_set(nls); err = mnl_nft_setelem_delete(nf_sock, nls, 0); - nft_set_free(nls); + nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, &expr->location, "Could not delete set elements: %s", @@ -1415,7 +1415,7 @@ static struct expr *netlink_parse_concat_elem(const struct datatype *dtype, return concat; } -static int netlink_delinearize_setelem(struct nft_set_elem *nlse, +static int netlink_delinearize_setelem(struct nftnl_set_elem *nlse, struct set *set) { struct nft_data_delinearize nld; @@ -1423,9 +1423,9 @@ static int netlink_delinearize_setelem(struct nft_set_elem *nlse, uint32_t flags = 0; nld.value = - nft_set_elem_attr_get(nlse, NFT_SET_ELEM_ATTR_KEY, &nld.len); - if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_FLAGS)) - flags = nft_set_elem_attr_get_u32(nlse, NFT_SET_ELEM_ATTR_FLAGS); + nftnl_set_elem_get(nlse, NFTNL_SET_ELEM_KEY, &nld.len); + if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_FLAGS)) + flags = nftnl_set_elem_get_u32(nlse, NFTNL_SET_ELEM_FLAGS); key = netlink_alloc_value(&netlink_location, &nld); key->dtype = set->keytype; @@ -1442,15 +1442,15 @@ static int netlink_delinearize_setelem(struct nft_set_elem *nlse, key = bitmask_expr_to_binops(key); expr = set_elem_expr_alloc(&netlink_location, key); - if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_TIMEOUT)) - expr->timeout = nft_set_elem_attr_get_u64(nlse, NFT_SET_ELEM_ATTR_TIMEOUT); - if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_EXPIRATION)) - expr->expiration = nft_set_elem_attr_get_u64(nlse, NFT_SET_ELEM_ATTR_EXPIRATION); - if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_USERDATA)) { + if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_TIMEOUT)) + expr->timeout = nftnl_set_elem_get_u64(nlse, NFTNL_SET_ELEM_TIMEOUT); + if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_EXPIRATION)) + expr->expiration = nftnl_set_elem_get_u64(nlse, NFTNL_SET_ELEM_EXPIRATION); + if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_USERDATA)) { const void *data; uint32_t len; - data = nft_set_elem_attr_get(nlse, NFT_SET_ELEM_ATTR_USERDATA, &len); + data = nftnl_set_elem_get(nlse, NFTNL_SET_ELEM_USERDATA, &len); expr->comment = xmalloc(len); memcpy((char *)expr->comment, data, len); } @@ -1458,14 +1458,14 @@ static int netlink_delinearize_setelem(struct nft_set_elem *nlse, if (flags & NFT_SET_ELEM_INTERVAL_END) { expr->flags |= EXPR_F_INTERVAL_END; } else { - if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_DATA)) { - nld.value = nft_set_elem_attr_get(nlse, NFT_SET_ELEM_ATTR_DATA, + if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_DATA)) { + nld.value = nftnl_set_elem_get(nlse, NFTNL_SET_ELEM_DATA, &nld.len); - } else if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_CHAIN)) { - nld.chain = nft_set_elem_attr_get_str(nlse, NFT_SET_ELEM_ATTR_CHAIN); - nld.verdict = nft_set_elem_attr_get_u32(nlse, NFT_SET_ELEM_ATTR_VERDICT); - } else if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_VERDICT)) { - nld.verdict = nft_set_elem_attr_get_u32(nlse, NFT_SET_ELEM_ATTR_VERDICT); + } else if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_CHAIN)) { + nld.chain = nftnl_set_elem_get_str(nlse, NFTNL_SET_ELEM_CHAIN); + nld.verdict = nftnl_set_elem_get_u32(nlse, NFTNL_SET_ELEM_VERDICT); + } else if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_VERDICT)) { + nld.verdict = nftnl_set_elem_get_u32(nlse, NFTNL_SET_ELEM_VERDICT); } else goto out; @@ -1493,7 +1493,7 @@ int netlink_delete_setelems(struct netlink_ctx *ctx, const struct handle *h, return netlink_del_setelems_compat(ctx, h, expr); } -static int list_setelem_cb(struct nft_set_elem *nlse, void *arg) +static int list_setelem_cb(struct nftnl_set_elem *nlse, void *arg) { struct netlink_ctx *ctx = arg; return netlink_delinearize_setelem(nlse, ctx->set); @@ -1504,14 +1504,14 @@ extern void interval_map_decompose(struct expr *set); int netlink_get_setelems(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc, struct set *set) { - struct nft_set *nls; + struct nftnl_set *nls; int err; - nls = alloc_nft_set(h); + nls = alloc_nftnl_set(h); err = mnl_nft_setelem_get(nf_sock, nls); if (err < 0) { - nft_set_free(nls); + nftnl_set_free(nls); if (errno == EINTR) return -1; @@ -1520,8 +1520,8 @@ int netlink_get_setelems(struct netlink_ctx *ctx, const struct handle *h, ctx->set = set; set->init = set_expr_alloc(loc); - nft_set_elem_foreach(nls, list_setelem_cb, ctx); - nft_set_free(nls); + nftnl_set_elem_foreach(nls, list_setelem_cb, ctx); + nftnl_set_free(nls); ctx->set = NULL; if (set->flags & NFT_SET_INTERVAL) @@ -1541,15 +1541,15 @@ int netlink_batch_send(struct list_head *err_list) int netlink_flush_ruleset(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_table *nlt; + struct nftnl_table *nlt; int err; if (!ctx->batch_supported) return netlink_io_error(ctx, loc, "Operation not supported"); - nlt = alloc_nft_table(h); + nlt = alloc_nftnl_table(h); err = mnl_nft_table_batch_del(nlt, 0, ctx->seqnum); - nft_table_free(nlt); + nftnl_table_free(nlt); if (err < 0) netlink_io_error(ctx, loc, "Could not flush the ruleset: %s", @@ -1557,11 +1557,11 @@ int netlink_flush_ruleset(struct netlink_ctx *ctx, const struct handle *h, return err; } -struct nft_ruleset *netlink_dump_ruleset(struct netlink_ctx *ctx, +struct nftnl_ruleset *netlink_dump_ruleset(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - struct nft_ruleset *rs; + struct nftnl_ruleset *rs; rs = mnl_nft_ruleset_dump(nf_sock, h->family); if (rs == NULL) { @@ -1575,66 +1575,66 @@ struct nft_ruleset *netlink_dump_ruleset(struct netlink_ctx *ctx, return rs; } -static struct nft_table *netlink_table_alloc(const struct nlmsghdr *nlh) +static struct nftnl_table *netlink_table_alloc(const struct nlmsghdr *nlh) { - struct nft_table *nlt; + struct nftnl_table *nlt; - nlt = nft_table_alloc(); + nlt = nftnl_table_alloc(); if (nlt == NULL) memory_allocation_error(); - if (nft_table_nlmsg_parse(nlh, nlt) < 0) + if (nftnl_table_nlmsg_parse(nlh, nlt) < 0) netlink_abi_error(); return nlt; } -static struct nft_chain *netlink_chain_alloc(const struct nlmsghdr *nlh) +static struct nftnl_chain *netlink_chain_alloc(const struct nlmsghdr *nlh) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; - nlc = nft_chain_alloc(); + nlc = nftnl_chain_alloc(); if (nlc == NULL) memory_allocation_error(); - if (nft_chain_nlmsg_parse(nlh, nlc) < 0) + if (nftnl_chain_nlmsg_parse(nlh, nlc) < 0) netlink_abi_error(); return nlc; } -static struct nft_set *netlink_set_alloc(const struct nlmsghdr *nlh) +static struct nftnl_set *netlink_set_alloc(const struct nlmsghdr *nlh) { - struct nft_set *nls; + struct nftnl_set *nls; - nls = nft_set_alloc(); + nls = nftnl_set_alloc(); if (nls == NULL) memory_allocation_error(); - if (nft_set_nlmsg_parse(nlh, nls) < 0) + if (nftnl_set_nlmsg_parse(nlh, nls) < 0) netlink_abi_error(); return nls; } -static struct nft_set *netlink_setelem_alloc(const struct nlmsghdr *nlh) +static struct nftnl_set *netlink_setelem_alloc(const struct nlmsghdr *nlh) { - struct nft_set *nls; + struct nftnl_set *nls; - nls = nft_set_alloc(); + nls = nftnl_set_alloc(); if (nls == NULL) memory_allocation_error(); - if (nft_set_elems_nlmsg_parse(nlh, nls) < 0) + if (nftnl_set_elems_nlmsg_parse(nlh, nls) < 0) netlink_abi_error(); return nls; } -static struct nft_rule *netlink_rule_alloc(const struct nlmsghdr *nlh) +static struct nftnl_rule *netlink_rule_alloc(const struct nlmsghdr *nlh) { - struct nft_rule *nlr; + struct nftnl_rule *nlr; - nlr = nft_rule_alloc(); + nlr = nftnl_rule_alloc(); if (nlr == NULL) memory_allocation_error(); - if (nft_rule_nlmsg_parse(nlh, nlr) < 0) + if (nftnl_rule_nlmsg_parse(nlh, nlr) < 0) netlink_abi_error(); return nlr; @@ -1648,64 +1648,64 @@ static uint32_t netlink_msg2nftnl_of(uint32_t msg) case NFT_MSG_NEWSET: case NFT_MSG_NEWSETELEM: case NFT_MSG_NEWRULE: - return NFT_OF_EVENT_NEW; + return NFTNL_OF_EVENT_NEW; case NFT_MSG_DELTABLE: case NFT_MSG_DELCHAIN: case NFT_MSG_DELSET: case NFT_MSG_DELSETELEM: case NFT_MSG_DELRULE: - return NFT_OF_EVENT_DEL; + return NFTNL_OF_EVENT_DEL; } return 0; } -static void nlr_for_each_set(struct nft_rule *nlr, +static void nlr_for_each_set(struct nftnl_rule *nlr, void (*cb)(struct set *s, void *data), void *data) { - struct nft_rule_expr_iter *nlrei; - struct nft_rule_expr *nlre; + struct nftnl_expr_iter *nlrei; + struct nftnl_expr *nlre; const char *set_name, *table; const char *name; struct set *s; uint32_t family; - nlrei = nft_rule_expr_iter_create(nlr); + nlrei = nftnl_expr_iter_create(nlr); if (nlrei == NULL) memory_allocation_error(); - family = nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY); - table = nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_TABLE); + family = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY); + table = nftnl_rule_get_str(nlr, NFTNL_RULE_TABLE); - nlre = nft_rule_expr_iter_next(nlrei); + nlre = nftnl_expr_iter_next(nlrei); while (nlre != NULL) { - name = nft_rule_expr_get_str(nlre, NFT_RULE_EXPR_ATTR_NAME); + name = nftnl_expr_get_str(nlre, NFTNL_EXPR_NAME); if (strcmp(name, "lookup") != 0) goto next; - set_name = nft_rule_expr_get_str(nlre, NFT_EXPR_LOOKUP_SET); + set_name = nftnl_expr_get_str(nlre, NFTNL_EXPR_LOOKUP_SET); s = set_lookup_global(family, table, set_name); if (s == NULL) goto next; cb(s, data); next: - nlre = nft_rule_expr_iter_next(nlrei); + nlre = nftnl_expr_iter_next(nlrei); } - nft_rule_expr_iter_destroy(nlrei); + nftnl_expr_iter_destroy(nlrei); } static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { - struct nft_table *nlt; + struct nftnl_table *nlt; uint32_t family; nlt = netlink_table_alloc(nlh); switch (monh->format) { - case NFT_OUTPUT_DEFAULT: + case NFTNL_OUTPUT_DEFAULT: if (type == NFT_MSG_NEWTABLE) { if (nlh->nlmsg_flags & NLM_F_EXCL) printf("update table "); @@ -1715,34 +1715,34 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type, printf("delete table "); } - family = nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY); + family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY); printf("%s %s\n", family2str(family), - nft_table_attr_get_str(nlt, NFT_TABLE_ATTR_NAME)); + nftnl_table_get_str(nlt, NFTNL_TABLE_NAME)); break; - case NFT_OUTPUT_XML: - case NFT_OUTPUT_JSON: - nft_table_fprintf(stdout, nlt, monh->format, + case NFTNL_OUTPUT_XML: + case NFTNL_OUTPUT_JSON: + nftnl_table_fprintf(stdout, nlt, monh->format, netlink_msg2nftnl_of(type)); fprintf(stdout, "\n"); break; } - nft_table_free(nlt); + nftnl_table_free(nlt); return MNL_CB_OK; } static int netlink_events_chain_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { - struct nft_chain *nlc; + struct nftnl_chain *nlc; struct chain *c; uint32_t family; nlc = netlink_chain_alloc(nlh); switch (monh->format) { - case NFT_OUTPUT_DEFAULT: + case NFTNL_OUTPUT_DEFAULT: switch (type) { case NFT_MSG_NEWCHAIN: if (nlh->nlmsg_flags & NLM_F_EXCL) @@ -1755,48 +1755,48 @@ static int netlink_events_chain_cb(const struct nlmsghdr *nlh, int type, chain_free(c); break; case NFT_MSG_DELCHAIN: - family = nft_chain_attr_get_u32(nlc, - NFT_CHAIN_ATTR_FAMILY); + family = nftnl_chain_get_u32(nlc, + NFTNL_CHAIN_FAMILY); printf("delete chain %s %s %s\n", family2str(family), - nft_chain_attr_get_str(nlc, - NFT_CHAIN_ATTR_TABLE), - nft_chain_attr_get_str(nlc, - NFT_CHAIN_ATTR_NAME)); + nftnl_chain_get_str(nlc, + NFTNL_CHAIN_TABLE), + nftnl_chain_get_str(nlc, + NFTNL_CHAIN_NAME)); break; } break; - case NFT_OUTPUT_XML: - case NFT_OUTPUT_JSON: - nft_chain_fprintf(stdout, nlc, monh->format, + case NFTNL_OUTPUT_XML: + case NFTNL_OUTPUT_JSON: + nftnl_chain_fprintf(stdout, nlc, monh->format, netlink_msg2nftnl_of(type)); fprintf(stdout, "\n"); break; } - nft_chain_free(nlc); + nftnl_chain_free(nlc); return MNL_CB_OK; } static int netlink_events_set_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { - struct nft_set *nls; + struct nftnl_set *nls; struct set *set; uint32_t family, flags; nls = netlink_set_alloc(nlh); - flags = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FLAGS); + flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS); if (flags & SET_F_ANONYMOUS) goto out; switch (monh->format) { - case NFT_OUTPUT_DEFAULT: + case NFTNL_OUTPUT_DEFAULT: switch (type) { case NFT_MSG_NEWSET: printf("add "); set = netlink_delinearize_set(monh->ctx, nls); if (set == NULL) { - nft_set_free(nls); + nftnl_set_free(nls); return MNL_CB_ERROR; } set_print_plain(set); @@ -1804,42 +1804,42 @@ static int netlink_events_set_cb(const struct nlmsghdr *nlh, int type, printf("\n"); break; case NFT_MSG_DELSET: - family = nft_set_attr_get_u32(nls, - NFT_SET_ATTR_FAMILY); + family = nftnl_set_get_u32(nls, + NFTNL_SET_FAMILY); printf("delete set %s %s %s\n", family2str(family), - nft_set_attr_get_str(nls, NFT_SET_ATTR_TABLE), - nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME)); + nftnl_set_get_str(nls, NFTNL_SET_TABLE), + nftnl_set_get_str(nls, NFTNL_SET_NAME)); break; } break; - case NFT_OUTPUT_XML: - case NFT_OUTPUT_JSON: - nft_set_fprintf(stdout, nls, monh->format, + case NFTNL_OUTPUT_XML: + case NFTNL_OUTPUT_JSON: + nftnl_set_fprintf(stdout, nls, monh->format, netlink_msg2nftnl_of(type)); fprintf(stdout, "\n"); break; } out: - nft_set_free(nls); + nftnl_set_free(nls); return MNL_CB_OK; } static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { - struct nft_set_elems_iter *nlsei; - struct nft_set_elem *nlse; - struct nft_set *nls; + struct nftnl_set_elems_iter *nlsei; + struct nftnl_set_elem *nlse; + struct nftnl_set *nls; struct set *dummyset; struct set *set; const char *setname, *table; uint32_t family; nls = netlink_setelem_alloc(nlh); - table = nft_set_attr_get_str(nls, NFT_SET_ATTR_TABLE); - setname = nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME); - family = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY); + table = nftnl_set_get_str(nls, NFTNL_SET_TABLE); + setname = nftnl_set_get_str(nls, NFTNL_SET_NAME); + family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY); set = set_lookup_global(family, table, setname); if (set == NULL) { @@ -1848,7 +1848,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, } switch (monh->format) { - case NFT_OUTPUT_DEFAULT: + case NFTNL_OUTPUT_DEFAULT: if (set->flags & SET_F_ANONYMOUS) goto out; @@ -1861,20 +1861,20 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, dummyset->datatype = set->datatype; dummyset->init = set_expr_alloc(monh->loc); - nlsei = nft_set_elems_iter_create(nls); + nlsei = nftnl_set_elems_iter_create(nls); if (nlsei == NULL) memory_allocation_error(); - nlse = nft_set_elems_iter_next(nlsei); + nlse = nftnl_set_elems_iter_next(nlsei); while (nlse != NULL) { if (netlink_delinearize_setelem(nlse, dummyset) < 0) { set_free(dummyset); - nft_set_elems_iter_destroy(nlsei); + nftnl_set_elems_iter_destroy(nlsei); goto out; } - nlse = nft_set_elems_iter_next(nlsei); + nlse = nftnl_set_elems_iter_next(nlsei); } - nft_set_elems_iter_destroy(nlsei); + nftnl_set_elems_iter_destroy(nlsei); switch (type) { case NFT_MSG_NEWSETELEM: @@ -1893,15 +1893,15 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, set_free(dummyset); break; - case NFT_OUTPUT_XML: - case NFT_OUTPUT_JSON: - nft_set_fprintf(stdout, nls, monh->format, + case NFTNL_OUTPUT_XML: + case NFTNL_OUTPUT_JSON: + nftnl_set_fprintf(stdout, nls, monh->format, netlink_msg2nftnl_of(type)); fprintf(stdout, "\n"); break; } out: - nft_set_free(nls); + nftnl_set_free(nls); return MNL_CB_OK; } @@ -1914,7 +1914,7 @@ static void rule_map_decompose_cb(struct set *s, void *data) static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, struct netlink_mon_handler *monh) { - struct nft_rule *nlr; + struct nftnl_rule *nlr; const char *family; const char *table; const char *chain; @@ -1924,12 +1924,12 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, nlr = netlink_rule_alloc(nlh); switch (monh->format) { - case NFT_OUTPUT_DEFAULT: - fam = nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY); + case NFTNL_OUTPUT_DEFAULT: + fam = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY); family = family2str(fam); - table = nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_TABLE); - chain = nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_CHAIN); - handle = nft_rule_attr_get_u64(nlr, NFT_RULE_ATTR_HANDLE); + table = nftnl_rule_get_str(nlr, NFTNL_RULE_TABLE); + chain = nftnl_rule_get_str(nlr, NFTNL_RULE_CHAIN); + handle = nftnl_rule_get_u64(nlr, NFTNL_RULE_HANDLE); switch (type) { case NFT_MSG_NEWRULE: @@ -1948,27 +1948,27 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, break; } break; - case NFT_OUTPUT_XML: - case NFT_OUTPUT_JSON: - nft_rule_fprintf(stdout, nlr, monh->format, + case NFTNL_OUTPUT_XML: + case NFTNL_OUTPUT_JSON: + nftnl_rule_fprintf(stdout, nlr, monh->format, netlink_msg2nftnl_of(type)); fprintf(stdout, "\n"); break; } - nft_rule_free(nlr); + nftnl_rule_free(nlr); return MNL_CB_OK; } static void netlink_events_cache_addtable(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { - struct nft_table *nlt; + struct nftnl_table *nlt; struct table *t; nlt = netlink_table_alloc(nlh); t = netlink_delinearize_table(monh->ctx, nlt); - nft_table_free(nlt); + nftnl_table_free(nlt); table_add_hash(t); } @@ -1976,13 +1976,13 @@ static void netlink_events_cache_addtable(struct netlink_mon_handler *monh, static void netlink_events_cache_deltable(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { - struct nft_table *nlt; + struct nftnl_table *nlt; struct table *t; struct handle h; nlt = netlink_table_alloc(nlh); - h.family = nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY); - h.table = nft_table_attr_get_str(nlt, NFT_TABLE_ATTR_NAME); + h.family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY); + h.table = nftnl_table_get_str(nlt, NFTNL_TABLE_NAME); t = table_lookup(&h); if (t == NULL) @@ -1991,14 +1991,14 @@ static void netlink_events_cache_deltable(struct netlink_mon_handler *monh, list_del(&t->list); table_free(t); out: - nft_table_free(nlt); + nftnl_table_free(nlt); } static void netlink_events_cache_addset(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { struct netlink_ctx set_tmpctx; - struct nft_set *nls; + struct nftnl_set *nls; struct table *t; struct set *s; LIST_HEAD(msgs); @@ -2023,23 +2023,23 @@ static void netlink_events_cache_addset(struct netlink_mon_handler *monh, set_add_hash(s, t); out: - nft_set_free(nls); + nftnl_set_free(nls); } static void netlink_events_cache_addsetelem(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { - struct nft_set_elems_iter *nlsei; - struct nft_set_elem *nlse; - struct nft_set *nls; + struct nftnl_set_elems_iter *nlsei; + struct nftnl_set_elem *nlse; + struct nftnl_set *nls; struct set *set; const char *table, *setname; uint32_t family; nls = netlink_setelem_alloc(nlh); - family = nft_set_attr_get_u32(nls, NFT_SET_ATTR_FAMILY); - table = nft_set_attr_get_str(nls, NFT_SET_ATTR_TABLE); - setname = nft_set_attr_get_str(nls, NFT_SET_ATTR_NAME); + family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY); + table = nftnl_set_get_str(nls, NFTNL_SET_TABLE); + setname = nftnl_set_get_str(nls, NFTNL_SET_NAME); set = set_lookup_global(family, table, setname); if (set == NULL) { @@ -2048,24 +2048,24 @@ static void netlink_events_cache_addsetelem(struct netlink_mon_handler *monh, goto out; } - nlsei = nft_set_elems_iter_create(nls); + nlsei = nftnl_set_elems_iter_create(nls); if (nlsei == NULL) memory_allocation_error(); - nlse = nft_set_elems_iter_next(nlsei); + nlse = nftnl_set_elems_iter_next(nlsei); while (nlse != NULL) { if (netlink_delinearize_setelem(nlse, set) < 0) { fprintf(stderr, "W: Unable to cache set_elem. " "Delinearize failed.\n"); - nft_set_elems_iter_destroy(nlsei); + nftnl_set_elems_iter_destroy(nlsei); goto out; } - nlse = nft_set_elems_iter_next(nlsei); + nlse = nftnl_set_elems_iter_next(nlsei); } - nft_set_elems_iter_destroy(nlsei); + nftnl_set_elems_iter_destroy(nlsei); out: - nft_set_free(nls); + nftnl_set_free(nls); } static void netlink_events_cache_delset_cb(struct set *s, @@ -2078,10 +2078,10 @@ static void netlink_events_cache_delset_cb(struct set *s, static void netlink_events_cache_delsets(struct netlink_mon_handler *monh, const struct nlmsghdr *nlh) { - struct nft_rule *nlr = netlink_rule_alloc(nlh); + struct nftnl_rule *nlr = netlink_rule_alloc(nlh); nlr_for_each_set(nlr, netlink_events_cache_delset_cb, NULL); - nft_rule_free(nlr); + nftnl_rule_free(nlr); } static void netlink_events_cache_update(struct netlink_mon_handler *monh, |