diff options
-rw-r--r-- | include/netlink.h | 9 | ||||
-rw-r--r-- | include/rule.h | 10 | ||||
-rw-r--r-- | src/evaluate.c | 55 | ||||
-rw-r--r-- | src/libnftables.c | 8 | ||||
-rw-r--r-- | src/mnl.c | 28 | ||||
-rw-r--r-- | src/monitor.c | 52 | ||||
-rw-r--r-- | src/netlink.c | 41 | ||||
-rw-r--r-- | src/netlink_delinearize.c | 4 | ||||
-rw-r--r-- | src/nfnl_osf.c | 16 | ||||
-rw-r--r-- | src/rule.c | 128 |
10 files changed, 156 insertions, 195 deletions
diff --git a/include/netlink.h b/include/netlink.h index b7e2232f..b26ef459 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -35,26 +35,21 @@ extern const struct location netlink_location; /** * struct netlink_ctx * + * @nft: nftables context * @msgs: message queue * @list: list of parsed rules/chains/tables * @set: current set * @data: pointer to pass data to callback * @seqnum: sequence number - * @octx: output context - * @debug_mask: display debugging information - * @cache: cache context */ struct netlink_ctx { - struct mnl_socket *nf_sock; + struct nft_ctx *nft; struct list_head *msgs; struct list_head list; struct set *set; const void *data; uint32_t seqnum; struct nftnl_batch *batch; - unsigned int debug_mask; - struct output_ctx *octx; - struct nft_cache *cache; }; extern struct nftnl_expr *alloc_nft_expr(const char *name); diff --git a/include/rule.h b/include/rule.h index c6c5ca98..977f2748 100644 --- a/include/rule.h +++ b/include/rule.h @@ -618,12 +618,10 @@ extern struct error_record *rule_postprocess(struct rule *rule); struct netlink_ctx; extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd); -extern int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache, - enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_flag, - struct output_ctx *octx); -extern void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache, - enum cmd_ops cmd, struct list_head *msgs, - unsigned int debug_mask, struct output_ctx *octx); +extern int cache_update(struct nft_ctx *ctx, enum cmd_ops cmd, + struct list_head *msgs); +extern void cache_flush(struct nft_ctx *ctx, enum cmd_ops cmd, + struct list_head *msgs); extern void cache_release(struct nft_cache *cache); enum udata_type { diff --git a/src/evaluate.c b/src/evaluate.c index 15aa5980..66e9293f 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -187,8 +187,7 @@ static int expr_evaluate_symbol(struct eval_ctx *ctx, struct expr **expr) } break; case SYMBOL_SET: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, ctx->cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, ctx->cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -1730,9 +1729,7 @@ static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **expr) static int expr_evaluate_osf(struct eval_ctx *ctx, struct expr **expr) { struct netlink_ctx nl_ctx = { - .nf_sock = ctx->nft->nf_sock, - .debug_mask = ctx->nft->debug_mask, - .octx = &ctx->nft->output, + .nft = ctx->nft, .seqnum = time(NULL), }; @@ -3086,8 +3083,7 @@ static int rule_translate_index(struct eval_ctx *ctx, struct rule *rule) int ret; /* update cache with CMD_LIST so that rules are fetched, too */ - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, CMD_LIST, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, CMD_LIST, ctx->msgs); if (ret < 0) return ret; @@ -3315,15 +3311,13 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_SETELEM: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; return setelem_evaluate(ctx, &cmd->expr); case CMD_OBJ_SET: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3333,8 +3327,7 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd) handle_merge(&cmd->rule->handle, &cmd->handle); return rule_evaluate(ctx, cmd->rule); case CMD_OBJ_CHAIN: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3342,8 +3335,7 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd) case CMD_OBJ_TABLE: return table_evaluate(ctx, cmd->table); case CMD_OBJ_FLOWTABLE: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3367,8 +3359,7 @@ static int cmd_evaluate_delete(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_SETELEM: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3396,8 +3387,7 @@ static int cmd_evaluate_get(struct eval_ctx *ctx, struct cmd *cmd) struct set *set; int ret; - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3446,8 +3436,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd) struct set *set; int ret; - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3549,8 +3538,7 @@ static int cmd_evaluate_reset(struct eval_ctx *ctx, struct cmd *cmd) { int ret; - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3579,8 +3567,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_RULESET: - cache_flush(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + cache_flush(ctx->nft, cmd->op, ctx->msgs); break; case CMD_OBJ_TABLE: /* Flushing a table does not empty the sets in the table nor remove @@ -3590,8 +3577,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) /* Chains don't hold sets */ break; case CMD_OBJ_SET: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3607,8 +3593,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) strerror(ENOENT)); return 0; case CMD_OBJ_MAP: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3624,8 +3609,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) strerror(ENOENT)); return 0; case CMD_OBJ_METER: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3653,8 +3637,7 @@ static int cmd_evaluate_rename(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_CHAIN: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3753,8 +3736,7 @@ static int cmd_evaluate_monitor(struct eval_ctx *ctx, struct cmd *cmd) uint32_t event; int ret; - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3779,8 +3761,7 @@ static int cmd_evaluate_export(struct eval_ctx *ctx, struct cmd *cmd) return cmd_error(ctx, &cmd->location, "this output type is not supported"); - return cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + return cache_update(ctx->nft, cmd->op, ctx->msgs); } static int cmd_evaluate_import(struct eval_ctx *ctx, struct cmd *cmd) diff --git a/src/libnftables.c b/src/libnftables.c index 97776379..44869602 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -40,10 +40,7 @@ static int nft_netlink(struct nft_ctx *nft, ctx.msgs = msgs; ctx.seqnum = cmd->seqnum = mnl_seqnum_alloc(&seqnum); ctx.batch = batch; - ctx.octx = &nft->output; - ctx.nf_sock = nf_sock; - ctx.cache = &nft->cache; - ctx.debug_mask = nft->debug_mask; + ctx.nft = nft; init_list_head(&ctx.list); ret = do_command(&ctx, cmd); if (ret < 0) { @@ -480,8 +477,7 @@ int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename) LIST_HEAD(cmds); int rc; - rc = cache_update(nft->nf_sock, &nft->cache, CMD_INVALID, &msgs, - nft->debug_mask, &nft->output); + rc = cache_update(nft, CMD_INVALID, &msgs); if (rc < 0) return -1; @@ -52,13 +52,13 @@ nft_mnl_recv(struct netlink_ctx *ctx, uint32_t portid, char buf[NFT_NLMSG_MAXSIZE]; int ret; - ret = mnl_socket_recvfrom(ctx->nf_sock, buf, sizeof(buf)); + ret = mnl_socket_recvfrom(ctx->nft->nf_sock, buf, sizeof(buf)); while (ret > 0) { ret = mnl_cb_run(buf, ret, ctx->seqnum, portid, cb, cb_data); if (ret <= 0) goto out; - ret = mnl_socket_recvfrom(ctx->nf_sock, buf, sizeof(buf)); + ret = mnl_socket_recvfrom(ctx->nft->nf_sock, buf, sizeof(buf)); } out: if (ret < 0 && errno == EAGAIN) @@ -71,13 +71,13 @@ int nft_mnl_talk(struct netlink_ctx *ctx, const void *data, unsigned int len, int (*cb)(const struct nlmsghdr *nlh, void *data), void *cb_data) { - uint32_t portid = mnl_socket_get_portid(ctx->nf_sock); + uint32_t portid = mnl_socket_get_portid(ctx->nft->nf_sock); - if (ctx->debug_mask & NFT_DEBUG_MNL) - mnl_nlmsg_fprintf(ctx->octx->output_fp, data, len, + if (ctx->nft->debug_mask & NFT_DEBUG_MNL) + mnl_nlmsg_fprintf(ctx->nft->output.output_fp, data, len, sizeof(struct nfgenmsg)); - if (mnl_socket_sendto(ctx->nf_sock, data, len) < 0) + if (mnl_socket_sendto(ctx->nft->nf_sock, data, len) < 0) return -1; return nft_mnl_recv(ctx, portid, cb, cb_data); @@ -226,23 +226,23 @@ static ssize_t mnl_nft_socket_sendmsg(const struct netlink_ctx *ctx) }; uint32_t i; - mnl_set_sndbuffer(ctx->nf_sock, ctx->batch); + mnl_set_sndbuffer(ctx->nft->nf_sock, ctx->batch); nftnl_batch_iovec(ctx->batch, iov, iov_len); for (i = 0; i < iov_len; i++) { - if (ctx->debug_mask & NFT_DEBUG_MNL) { - mnl_nlmsg_fprintf(ctx->octx->output_fp, + if (ctx->nft->debug_mask & NFT_DEBUG_MNL) { + mnl_nlmsg_fprintf(ctx->nft->output.output_fp, iov[i].iov_base, iov[i].iov_len, sizeof(struct nfgenmsg)); } } - return sendmsg(mnl_socket_get_fd(ctx->nf_sock), &msg, 0); + return sendmsg(mnl_socket_get_fd(ctx->nft->nf_sock), &msg, 0); } int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list) { - struct mnl_socket *nl = ctx->nf_sock; + struct mnl_socket *nl = ctx->nft->nf_sock; int ret, fd = mnl_socket_get_fd(nl), portid = mnl_socket_get_portid(nl); char rcv_buf[MNL_SOCKET_BUFFER_SIZE]; fd_set readfds; @@ -328,10 +328,8 @@ int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd) struct nlmsghdr *nlh; int err; - if (ctx->octx->echo) { - err = cache_update(ctx->nf_sock, ctx->cache, - CMD_INVALID, ctx->msgs, - ctx->debug_mask, ctx->octx); + if (ctx->nft->output.echo) { + err = cache_update(ctx->nft, CMD_INVALID, ctx->msgs); if (err < 0) return err; diff --git a/src/monitor.c b/src/monitor.c index 213c40d1..14ccbc5f 100644 --- a/src/monitor.c +++ b/src/monitor.c @@ -40,7 +40,7 @@ #include <iface.h> #include <json.h> -#define nft_mon_print(monh, ...) nft_print(monh->ctx->octx, __VA_ARGS__) +#define nft_mon_print(monh, ...) nft_print(&monh->ctx->nft->output, __VA_ARGS__) static struct nftnl_table *netlink_table_alloc(const struct nlmsghdr *nlh) { @@ -214,7 +214,7 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type, nft_mon_print(monh, "%s %s", family2str(t->handle.family), t->handle.table.name); - if (monh->ctx->octx->handle > 0) + if (monh->ctx->nft->output.handle > 0) nft_mon_print(monh, " # handle %" PRIu64 "", t->handle.handle.id); break; @@ -245,7 +245,7 @@ static int netlink_events_chain_cb(const struct nlmsghdr *nlh, int type, switch (type) { case NFT_MSG_NEWCHAIN: - chain_print_plain(c, monh->ctx->octx); + chain_print_plain(c, &monh->ctx->nft->output); break; case NFT_MSG_DELCHAIN: nft_mon_print(monh, "chain %s %s %s", @@ -292,7 +292,7 @@ static int netlink_events_set_cb(const struct nlmsghdr *nlh, int type, switch (type) { case NFT_MSG_NEWSET: - set_print_plain(set, monh->ctx->octx); + set_print_plain(set, &monh->ctx->nft->output); break; case NFT_MSG_DELSET: nft_mon_print(monh, "set %s %s %s", family, @@ -386,7 +386,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY); cmd = netlink_msg2cmd(type); - set = set_lookup_global(family, table, setname, monh->cache); + set = set_lookup_global(family, table, setname, &monh->ctx->nft->cache); if (set == NULL) { fprintf(stderr, "W: Received event for an unknown set."); goto out; @@ -417,7 +417,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, goto out; } if (netlink_delinearize_setelem(nlse, dummyset, - monh->cache) < 0) { + &monh->ctx->nft->cache) < 0) { set_free(dummyset); nftnl_set_elems_iter_destroy(nlsei); goto out; @@ -435,7 +435,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, case NFTNL_OUTPUT_DEFAULT: nft_mon_print(monh, "%s element %s %s %s ", cmd, family2str(family), table, setname); - expr_print(dummyset->init, monh->ctx->octx); + expr_print(dummyset->init, &monh->ctx->nft->output); break; case NFTNL_OUTPUT_JSON: dummyset->handle.family = family; @@ -477,7 +477,7 @@ static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type, switch (type) { case NFT_MSG_NEWOBJ: - obj_print_plain(obj, monh->ctx->octx); + obj_print_plain(obj, &monh->ctx->nft->output); break; case NFT_MSG_DELOBJ: nft_mon_print(monh, "%s %s %s %s", @@ -513,7 +513,8 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, nlr = netlink_rule_alloc(nlh); r = netlink_delinearize_rule(monh->ctx, nlr); - nlr_for_each_set(nlr, rule_map_decompose_cb, NULL, monh->cache); + nlr_for_each_set(nlr, rule_map_decompose_cb, NULL, + &monh->ctx->nft->cache); cmd = netlink_msg2cmd(type); switch (monh->format) { @@ -528,7 +529,7 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, switch (type) { case NFT_MSG_NEWRULE: - rule_print(r, monh->ctx->octx); + rule_print(r, &monh->ctx->nft->output); break; case NFT_MSG_DELRULE: @@ -557,7 +558,7 @@ static void netlink_events_cache_addtable(struct netlink_mon_handler *monh, t = netlink_delinearize_table(monh->ctx, nlt); nftnl_table_free(nlt); - table_add_hash(t, monh->cache); + table_add_hash(t, &monh->ctx->nft->cache); } static void netlink_events_cache_deltable(struct netlink_mon_handler *monh, @@ -571,7 +572,7 @@ static void netlink_events_cache_deltable(struct netlink_mon_handler *monh, h.family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY); h.table.name = nftnl_table_get_str(nlt, NFTNL_TABLE_NAME); - t = table_lookup(&h, monh->cache); + t = table_lookup(&h, &monh->ctx->nft->cache); if (t == NULL) goto out; @@ -601,7 +602,7 @@ static void netlink_events_cache_addset(struct netlink_mon_handler *monh, goto out; s->init = set_expr_alloc(monh->loc, s); - t = table_lookup(&s->handle, monh->cache); + t = table_lookup(&s->handle, &monh->ctx->nft->cache); if (t == NULL) { fprintf(stderr, "W: Unable to cache set: table not found.\n"); set_free(s); @@ -628,7 +629,7 @@ static void netlink_events_cache_addsetelem(struct netlink_mon_handler *monh, table = nftnl_set_get_str(nls, NFTNL_SET_TABLE); setname = nftnl_set_get_str(nls, NFTNL_SET_NAME); - set = set_lookup_global(family, table, setname, monh->cache); + set = set_lookup_global(family, table, setname, &monh->ctx->nft->cache); if (set == NULL) { fprintf(stderr, "W: Unable to cache set_elem. Set not found.\n"); @@ -641,7 +642,8 @@ static void netlink_events_cache_addsetelem(struct netlink_mon_handler *monh, nlse = nftnl_set_elems_iter_next(nlsei); while (nlse != NULL) { - if (netlink_delinearize_setelem(nlse, set, monh->cache) < 0) { + if (netlink_delinearize_setelem(nlse, set, + &monh->ctx->nft->cache) < 0) { fprintf(stderr, "W: Unable to cache set_elem. " "Delinearize failed.\n"); @@ -668,7 +670,7 @@ static void netlink_events_cache_delsets(struct netlink_mon_handler *monh, struct nftnl_rule *nlr = netlink_rule_alloc(nlh); nlr_for_each_set(nlr, netlink_events_cache_delset_cb, NULL, - monh->cache); + &monh->ctx->nft->cache); nftnl_rule_free(nlr); } @@ -691,7 +693,7 @@ static void netlink_events_cache_addobj(struct netlink_mon_handler *monh, if (obj == NULL) goto out; - t = table_lookup(&obj->handle, monh->cache); + t = table_lookup(&obj->handle, &monh->ctx->nft->cache); if (t == NULL) { fprintf(stderr, "W: Unable to cache object: table not found.\n"); obj_free(obj); @@ -721,7 +723,7 @@ static void netlink_events_cache_delobj(struct netlink_mon_handler *monh, type = nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE); h.handle.id = nftnl_obj_get_u64(nlo, NFTNL_OBJ_HANDLE); - t = table_lookup(&h, monh->cache); + t = table_lookup(&h, &monh->ctx->nft->cache); if (t == NULL) { fprintf(stderr, "W: Unable to cache object: table not found.\n"); goto out; @@ -835,7 +837,7 @@ static int netlink_events_newgen_cb(const struct nlmsghdr *nlh, int type, nft_mon_print(monh, "# new generation %d", genid); if (pid >= 0) { nft_mon_print(monh, " by process %d", pid); - if (!monh->ctx->octx->numeric) + if (!monh->ctx->nft->output.numeric) nft_mon_print(monh, " (%s)", name); } nft_mon_print(monh, "\n"); @@ -850,7 +852,7 @@ static int netlink_events_cb(const struct nlmsghdr *nlh, void *data) uint16_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); struct netlink_mon_handler *monh = (struct netlink_mon_handler *)data; - netlink_events_debug(type, monh->debug_mask); + netlink_events_debug(type, monh->ctx->nft->debug_mask); netlink_events_cache_update(monh, nlh, type); if (!(monh->monitor_flags & (1 << type))) @@ -901,11 +903,9 @@ int netlink_echo_callback(const struct nlmsghdr *nlh, void *data) .loc = &netlink_location, .monitor_flags = 0xffffffff, .cache_needed = true, - .cache = ctx->cache, - .debug_mask = ctx->debug_mask, }; - if (!echo_monh.ctx->octx->echo) + if (!echo_monh.ctx->nft->output.echo) return MNL_CB_OK; return netlink_events_cb(nlh, &echo_monh); @@ -929,7 +929,7 @@ int netlink_monitor(struct netlink_mon_handler *monhandler, return -1; } - return mnl_nft_event_listener(nf_sock, monhandler->debug_mask, - monhandler->ctx->octx, netlink_events_cb, - monhandler); + return mnl_nft_event_listener(nf_sock, monhandler->ctx->nft->debug_mask, + &monhandler->ctx->nft->output, + netlink_events_cb, monhandler); } diff --git a/src/netlink.c b/src/netlink.c index 42d3506d..755949c9 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -42,7 +42,7 @@ #include <erec.h> #include <iface.h> -#define nft_mon_print(monh, ...) nft_print(monh->ctx->octx, __VA_ARGS__) +#define nft_mon_print(monh, ...) nft_print(&monh->ctx->nft->output, __VA_ARGS__) const struct input_descriptor indesc_netlink = { .name = "netlink", @@ -387,9 +387,9 @@ struct expr *netlink_alloc_data(const struct location *loc, void netlink_dump_rule(const struct nftnl_rule *nlr, struct netlink_ctx *ctx) { - FILE *fp = ctx->octx->output_fp; + FILE *fp = ctx->nft->output.output_fp; - if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp) + if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp) return; nftnl_rule_fprintf(fp, nlr, 0, 0); @@ -450,9 +450,9 @@ static int netlink_list_rules(struct netlink_ctx *ctx, const struct handle *h) void netlink_dump_chain(const struct nftnl_chain *nlc, struct netlink_ctx *ctx) { - FILE *fp = ctx->octx->output_fp; + FILE *fp = ctx->nft->output.output_fp; - if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp) + if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp) return; nftnl_chain_fprintf(fp, nlc, 0, 0); @@ -611,9 +611,9 @@ const struct datatype *dtype_map_from_kernel(enum nft_data_types type) void netlink_dump_set(const struct nftnl_set *nls, struct netlink_ctx *ctx) { - FILE *fp = ctx->octx->output_fp; + FILE *fp = ctx->nft->output.output_fp; - if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp) + if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp) return; nftnl_set_fprintf(fp, nls, 0, 0); @@ -936,7 +936,7 @@ out: static int list_setelem_cb(struct nftnl_set_elem *nlse, void *arg) { struct netlink_ctx *ctx = arg; - return netlink_delinearize_setelem(nlse, ctx->set, ctx->cache); + return netlink_delinearize_setelem(nlse, ctx->set, &ctx->nft->cache); } int netlink_list_setelems(struct netlink_ctx *ctx, const struct handle *h, @@ -1024,9 +1024,9 @@ int netlink_get_setelem(struct netlink_ctx *ctx, const struct handle *h, void netlink_dump_obj(struct nftnl_obj *nln, struct netlink_ctx *ctx) { - FILE *fp = ctx->octx->output_fp; + FILE *fp = ctx->nft->output.output_fp; - if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp) + if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp) return; nftnl_obj_fprintf(fp, nln, 0, 0); @@ -1149,9 +1149,9 @@ static struct nftnl_flowtable *alloc_nftnl_flowtable(const struct handle *h, static void netlink_dump_flowtable(struct nftnl_flowtable *flo, struct netlink_ctx *ctx) { - FILE *fp = ctx->octx->output_fp; + FILE *fp = ctx->nft->output.output_fp; - if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp) + if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp) return; nftnl_flowtable_fprintf(fp, flo, 0, 0); @@ -1591,16 +1591,17 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type, case NFT_TRACETYPE_RULE: if (nftnl_trace_is_set(nlt, NFTNL_TRACE_LL_HEADER) || nftnl_trace_is_set(nlt, NFTNL_TRACE_NETWORK_HEADER)) - trace_print_packet(nlt, monh->ctx->octx); + trace_print_packet(nlt, &monh->ctx->nft->output); if (nftnl_trace_is_set(nlt, NFTNL_TRACE_RULE_HANDLE)) - trace_print_rule(nlt, monh->ctx->octx, monh->cache); + trace_print_rule(nlt, &monh->ctx->nft->output, + &monh->ctx->nft->cache); break; case NFT_TRACETYPE_POLICY: - trace_print_hdr(nlt, monh->ctx->octx); + trace_print_hdr(nlt, &monh->ctx->nft->output); if (nftnl_trace_is_set(nlt, NFTNL_TRACE_POLICY)) { - trace_print_policy(nlt, monh->ctx->octx); + trace_print_policy(nlt, &monh->ctx->nft->output); nft_mon_print(monh, " "); } @@ -1608,14 +1609,14 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type, trace_print_expr(nlt, NFTNL_TRACE_MARK, meta_expr_alloc(&netlink_location, NFT_META_MARK), - monh->ctx->octx); + &monh->ctx->nft->output); nft_mon_print(monh, "\n"); break; case NFT_TRACETYPE_RETURN: - trace_print_hdr(nlt, monh->ctx->octx); + trace_print_hdr(nlt, &monh->ctx->nft->output); if (nftnl_trace_is_set(nlt, NFTNL_TRACE_VERDICT)) { - trace_print_verdict(nlt, monh->ctx->octx); + trace_print_verdict(nlt, &monh->ctx->nft->output); nft_mon_print(monh, " "); } @@ -1623,7 +1624,7 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type, trace_print_expr(nlt, NFTNL_TRACE_MARK, meta_expr_alloc(&netlink_location, NFT_META_MARK), - monh->ctx->octx); + &monh->ctx->nft->output); nft_mon_print(monh, "\n"); break; } diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index cd058850..3931127f 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -2608,7 +2608,7 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx, memset(&_ctx, 0, sizeof(_ctx)); _ctx.msgs = ctx->msgs; - _ctx.debug_mask = ctx->debug_mask; + _ctx.debug_mask = ctx->nft->debug_mask; memset(&h, 0, sizeof(h)); h.family = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY); @@ -2620,7 +2620,7 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx, h.position.id = nftnl_rule_get_u64(nlr, NFTNL_RULE_POSITION); pctx->rule = rule_alloc(&netlink_location, &h); - pctx->table = table_lookup(&h, ctx->cache); + pctx->table = table_lookup(&h, &ctx->nft->cache); assert(pctx->table != NULL); if (nftnl_rule_is_set(nlr, NFTNL_RULE_USERDATA)) { diff --git a/src/nfnl_osf.c b/src/nfnl_osf.c index e9a7f1d1..be3fd810 100644 --- a/src/nfnl_osf.c +++ b/src/nfnl_osf.c @@ -221,8 +221,8 @@ static int osf_load_line(char *buffer, int len, int del, memset(&f, 0, sizeof(struct nf_osf_user_finger)); - if (ctx->debug_mask & NFT_DEBUG_MNL) - nft_print(ctx->octx, "Loading '%s'.\n", buffer); + if (ctx->nft->debug_mask & NFT_DEBUG_MNL) + nft_print(&ctx->nft->output, "Loading '%s'.\n", buffer); for (i = 0; i < len && buffer[i] != '\0'; ++i) { if (buffer[i] == ':') @@ -230,8 +230,8 @@ static int osf_load_line(char *buffer, int len, int del, } if (cnt != 8) { - if (ctx->debug_mask & NFT_DEBUG_MNL) - nft_print(ctx->octx, "Wrong input line '%s': cnt: %d, must be 8, i: %d, must be %d.\n", buffer, cnt, i, len); + if (ctx->nft->debug_mask & NFT_DEBUG_MNL) + nft_print(&ctx->nft->output, "Wrong input line '%s': cnt: %d, must be 8, i: %d, must be %d.\n", buffer, cnt, i, len); return -EINVAL; } @@ -357,14 +357,14 @@ int nfnl_osf_load_fingerprints(struct netlink_ctx *ctx, int del) int err = 0; char buf[1024]; - if (ctx->debug_mask & NFT_DEBUG_MNL) - nft_print(ctx->octx, "Opening OS signature file '%s'\n", + if (ctx->nft->debug_mask & NFT_DEBUG_MNL) + nft_print(&ctx->nft->output, "Opening OS signature file '%s'\n", OS_SIGNATURES); inf = fopen(OS_SIGNATURES, "r"); if (!inf) { - if (ctx->debug_mask & NFT_DEBUG_MNL) - nft_print(ctx->octx, "Failed to open file '%s'\n", + if (ctx->nft->debug_mask & NFT_DEBUG_MNL) + nft_print(&ctx->nft->output, "Failed to open file '%s'\n", OS_SIGNATURES); return -1; @@ -154,7 +154,7 @@ static int cache_init_objects(struct netlink_ctx *ctx, enum cmd_ops cmd) struct set *set; int ret; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { ret = netlink_list_sets(ctx, &table->handle); list_splice_tail_init(&ctx->list, &table->sets); @@ -209,7 +209,7 @@ static int cache_init(struct netlink_ctx *ctx, enum cmd_ops cmd) }; int ret; - ret = cache_init_tables(ctx, &handle, ctx->cache); + ret = cache_init_tables(ctx, &handle, &ctx->nft->cache); if (ret < 0) return ret; ret = cache_init_objects(ctx, cmd); @@ -219,20 +219,18 @@ static int cache_init(struct netlink_ctx *ctx, enum cmd_ops cmd) return 0; } -int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache, - enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_mask, - struct output_ctx *octx) +int cache_update(struct nft_ctx *nft, enum cmd_ops cmd, struct list_head *msgs) { uint16_t genid; int ret; struct netlink_ctx ctx = { .list = LIST_HEAD_INIT(ctx.list), - .nf_sock = nf_sock, - .cache = cache, + .nft = nft, .msgs = msgs, - .debug_mask = debug_mask, - .octx = octx, + .nft = nft, }; + struct mnl_socket *nf_sock = nft->nf_sock; + struct nft_cache *cache = &nft->cache; replay: ctx.seqnum = cache->seqnum++; @@ -265,18 +263,14 @@ static void __cache_flush(struct list_head *table_list) } } -void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache, - enum cmd_ops cmd, struct list_head *msgs, - unsigned int debug_mask, struct output_ctx *octx) +void cache_flush(struct nft_ctx *nft, enum cmd_ops cmd, struct list_head *msgs) { struct netlink_ctx ctx = { .list = LIST_HEAD_INIT(ctx.list), - .nf_sock = nf_sock, - .cache = cache, + .nft = nft, .msgs = msgs, - .debug_mask = debug_mask, - .octx = octx, }; + struct nft_cache *cache = &nft->cache; __cache_flush(&cache->list); cache->genid = mnl_genid_get(&ctx); @@ -1361,12 +1355,12 @@ static int do_add_setelems(struct netlink_ctx *ctx, struct cmd *cmd, struct table *table; struct set *set; - table = table_lookup(h, ctx->cache); + table = table_lookup(h, &ctx->nft->cache); set = set_lookup(table, h->set.name); if (set->flags & NFT_SET_INTERVAL && set_to_intervals(ctx->msgs, set, init, true, - ctx->debug_mask, set->automerge) < 0) + ctx->nft->debug_mask, set->automerge) < 0) return -1; return __do_add_setelems(ctx, set, init, flags); @@ -1380,7 +1374,7 @@ static int do_add_set(struct netlink_ctx *ctx, const struct cmd *cmd, if (set->init != NULL) { if (set->flags & NFT_SET_INTERVAL && set_to_intervals(ctx->msgs, set, set->init, true, - ctx->debug_mask, set->automerge) < 0) + ctx->nft->debug_mask, set->automerge) < 0) return -1; } if (mnl_nft_set_add(ctx, cmd, flags) < 0) @@ -1395,11 +1389,10 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl) { uint32_t flags = excl ? NLM_F_EXCL : 0; - if (ctx->octx->echo) { + if (ctx->nft->output.echo) { int ret; - ret = cache_update(ctx->nf_sock, ctx->cache, cmd->obj, - ctx->msgs, ctx->debug_mask, ctx->octx); + ret = cache_update(ctx->nft, cmd->obj, ctx->msgs); if (ret < 0) return ret; @@ -1447,11 +1440,10 @@ static int do_command_insert(struct netlink_ctx *ctx, struct cmd *cmd) { uint32_t flags = 0; - if (ctx->octx->echo) { + if (ctx->nft->output.echo) { int ret; - ret = cache_update(ctx->nf_sock, ctx->cache, cmd->obj, - ctx->msgs, ctx->debug_mask, ctx->octx); + ret = cache_update(ctx->nft, cmd->obj, ctx->msgs); if (ret < 0) return ret; @@ -1474,12 +1466,12 @@ static int do_delete_setelems(struct netlink_ctx *ctx, struct cmd *cmd) struct table *table; struct set *set; - table = table_lookup(h, ctx->cache); + table = table_lookup(h, &ctx->nft->cache); set = set_lookup(table, h->set.name); if (set->flags & NFT_SET_INTERVAL && set_to_intervals(ctx->msgs, set, expr, false, - ctx->debug_mask, set->automerge) < 0) + ctx->nft->debug_mask, set->automerge) < 0) return -1; if (mnl_nft_setelem_del(ctx, cmd) < 0) @@ -1524,7 +1516,7 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd) static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd) { struct nftnl_ruleset *rs; - FILE *fp = ctx->octx->output_fp; + FILE *fp = ctx->nft->output.output_fp; do { rs = netlink_dump_ruleset(ctx, &cmd->handle, &cmd->location); @@ -1534,7 +1526,7 @@ static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd) nftnl_ruleset_fprintf(fp, rs, cmd->markup->format, NFTNL_OF_EVENT_NEW); - nft_print(ctx->octx, "\n"); + nft_print(&ctx->nft->output, "\n"); nftnl_ruleset_free(rs); return 0; @@ -1565,7 +1557,7 @@ static int do_command_import(struct netlink_ctx *ctx, struct cmd *cmd) static int do_list_table(struct netlink_ctx *ctx, struct cmd *cmd, struct table *table) { - table_print(table, ctx->octx); + table_print(table, &ctx->nft->output); return 0; } @@ -1579,12 +1571,12 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd) struct table *table; struct set *set; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { if (cmd->handle.family != NFPROTO_UNSPEC && cmd->handle.family != table->handle.family) continue; - nft_print(ctx->octx, "table %s %s {\n", + nft_print(&ctx->nft->output, "table %s %s {\n", family2str(table->handle.family), table->handle.table.name); @@ -1599,11 +1591,11 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd) if (cmd->obj == CMD_OBJ_MAPS && !(set->flags & NFT_SET_MAP)) continue; - set_print_declaration(set, &opts, ctx->octx); - nft_print(ctx->octx, "%s}%s", opts.tab, opts.nl); + set_print_declaration(set, &opts, &ctx->nft->output); + nft_print(&ctx->nft->output, "%s}%s", opts.tab, opts.nl); } - nft_print(ctx->octx, "}\n"); + nft_print(&ctx->nft->output, "}\n"); } return 0; } @@ -1881,14 +1873,14 @@ static int do_list_obj(struct netlink_ctx *ctx, struct cmd *cmd, uint32_t type) struct table *table; struct obj *obj; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { if (cmd->handle.family != NFPROTO_UNSPEC && cmd->handle.family != table->handle.family) continue; if (cmd->handle.table.name != NULL && !strcmp(cmd->handle.table.name, table->handle.table.name)) { - nft_print(ctx->octx, "table %s %s {\n", + nft_print(&ctx->nft->output, "table %s %s {\n", family2str(table->handle.family), cmd->handle.table.name); } else @@ -1900,10 +1892,10 @@ static int do_list_obj(struct netlink_ctx *ctx, struct cmd *cmd, uint32_t type) strcmp(cmd->handle.obj.name, obj->handle.obj.name))) continue; - obj_print_declaration(obj, &opts, ctx->octx); + obj_print_declaration(obj, &opts, &ctx->nft->output); } - nft_print(ctx->octx, "}\n"); + nft_print(&ctx->nft->output, "}\n"); } return 0; } @@ -2003,21 +1995,21 @@ static int do_list_flowtables(struct netlink_ctx *ctx, struct cmd *cmd) struct flowtable *flowtable; struct table *table; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { if (cmd->handle.family != NFPROTO_UNSPEC && cmd->handle.family != table->handle.family) continue; - nft_print(ctx->octx, "table %s %s {\n", + nft_print(&ctx->nft->output, "table %s %s {\n", family2str(table->handle.family), table->handle.table.name); list_for_each_entry(flowtable, &table->flowtables, list) { - flowtable_print_declaration(flowtable, &opts, ctx->octx); - nft_print(ctx->octx, "%s}%s", opts.tab, opts.nl); + flowtable_print_declaration(flowtable, &opts, &ctx->nft->output); + nft_print(&ctx->nft->output, "%s}%s", opts.tab, opts.nl); } - nft_print(ctx->octx, "}\n"); + nft_print(&ctx->nft->output, "}\n"); } return 0; } @@ -2027,7 +2019,7 @@ static int do_list_ruleset(struct netlink_ctx *ctx, struct cmd *cmd) unsigned int family = cmd->handle.family; struct table *table; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { if (family != NFPROTO_UNSPEC && table->handle.family != family) continue; @@ -2048,12 +2040,12 @@ static int do_list_tables(struct netlink_ctx *ctx, struct cmd *cmd) { struct table *table; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { if (cmd->handle.family != NFPROTO_UNSPEC && cmd->handle.family != table->handle.family) continue; - nft_print(ctx->octx, "table %s %s\n", + nft_print(&ctx->nft->output, "table %s %s\n", family2str(table->handle.family), table->handle.table.name); } @@ -2074,17 +2066,17 @@ static int do_list_chain(struct netlink_ctx *ctx, struct cmd *cmd, { struct chain *chain; - table_print_declaration(table, ctx->octx); + table_print_declaration(table, &ctx->nft->output); list_for_each_entry(chain, &table->chains, list) { if (chain->handle.family != cmd->handle.family || strcmp(cmd->handle.chain.name, chain->handle.chain.name) != 0) continue; - chain_print(chain, ctx->octx); + chain_print(chain, &ctx->nft->output); } - nft_print(ctx->octx, "}\n"); + nft_print(&ctx->nft->output, "}\n"); return 0; } @@ -2094,18 +2086,18 @@ static int do_list_chains(struct netlink_ctx *ctx, struct cmd *cmd) struct table *table; struct chain *chain; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { if (cmd->handle.family != NFPROTO_UNSPEC && cmd->handle.family != table->handle.family) continue; - table_print_declaration(table, ctx->octx); + table_print_declaration(table, &ctx->nft->output); list_for_each_entry(chain, &table->chains, list) { - chain_print_declaration(chain, ctx->octx); - nft_print(ctx->octx, "\t}\n"); + chain_print_declaration(chain, &ctx->nft->output); + nft_print(&ctx->nft->output, "\t}\n"); } - nft_print(ctx->octx, "}\n"); + nft_print(&ctx->nft->output, "}\n"); } return 0; @@ -2114,9 +2106,9 @@ static int do_list_chains(struct netlink_ctx *ctx, struct cmd *cmd) static void __do_list_set(struct netlink_ctx *ctx, struct cmd *cmd, struct table *table, struct set *set) { - table_print_declaration(table, ctx->octx); - set_print(set, ctx->octx); - nft_print(ctx->octx, "}\n"); + table_print_declaration(table, &ctx->nft->output); + set_print(set, &ctx->nft->output); + nft_print(&ctx->nft->output, "}\n"); } static int do_list_set(struct netlink_ctx *ctx, struct cmd *cmd, @@ -2137,11 +2129,11 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd) { struct table *table = NULL; - if (ctx->octx->json) + if (ctx->nft->output.json) return do_command_list_json(ctx, cmd); if (cmd->handle.table.name != NULL) - table = table_lookup(&cmd->handle, ctx->cache); + table = table_lookup(&cmd->handle, &ctx->nft->cache); switch (cmd->obj) { case CMD_OBJ_TABLE: @@ -2228,7 +2220,7 @@ static int do_command_get(struct netlink_ctx *ctx, struct cmd *cmd) struct table *table = NULL; if (cmd->handle.table.name != NULL) - table = table_lookup(&cmd->handle, ctx->cache); + table = table_lookup(&cmd->handle, &ctx->nft->cache); switch (cmd->obj) { case CMD_OBJ_SETELEM: @@ -2267,7 +2259,7 @@ static int do_command_reset(struct netlink_ctx *ctx, struct cmd *cmd) ret = netlink_reset_objs(ctx, cmd, type, dump); list_for_each_entry_safe(obj, next, &ctx->list, list) { - table = table_lookup(&obj->handle, ctx->cache); + table = table_lookup(&obj->handle, &ctx->nft->cache); list_move(&obj->list, &table->objs); } if (ret < 0) @@ -2296,7 +2288,7 @@ static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd) static int do_command_rename(struct netlink_ctx *ctx, struct cmd *cmd) { - struct table *table = table_lookup(&cmd->handle, ctx->cache); + struct table *table = table_lookup(&cmd->handle, &ctx->nft->cache); const struct chain *chain; switch (cmd->obj) { @@ -2336,8 +2328,8 @@ static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd) .format = cmd->monitor->format, .ctx = ctx, .loc = &cmd->location, - .cache = ctx->cache, - .debug_mask = ctx->debug_mask, + .cache = &ctx->nft->cache, + .debug_mask = ctx->nft->debug_mask, }; monhandler.cache_needed = need_cache(cmd); @@ -2346,7 +2338,7 @@ static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd) struct chain *chain; int ret; - list_for_each_entry(t, &ctx->cache->list, list) { + list_for_each_entry(t, &ctx->nft->cache.list, list) { list_for_each_entry(s, &t->sets, list) s->init = set_expr_alloc(&cmd->location, s); @@ -2372,7 +2364,7 @@ static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd) } } - return netlink_monitor(&monhandler, ctx->nf_sock); + return netlink_monitor(&monhandler, ctx->nft->nf_sock); } static int do_command_describe(struct netlink_ctx *ctx, struct cmd *cmd, @@ -2434,7 +2426,7 @@ int do_command(struct netlink_ctx *ctx, struct cmd *cmd) case CMD_MONITOR: return do_command_monitor(ctx, cmd); case CMD_DESCRIBE: - return do_command_describe(ctx, cmd, ctx->octx); + return do_command_describe(ctx, cmd, &ctx->nft->output); default: BUG("invalid command object type %u\n", cmd->obj); } |