diff options
| -rw-r--r-- | include/mnl.h | 9 | ||||
| -rw-r--r-- | include/netlink.h | 5 | ||||
| -rw-r--r-- | src/mnl.c | 70 | ||||
| -rw-r--r-- | src/netlink.c | 62 | ||||
| -rw-r--r-- | src/rule.c | 4 |
5 files changed, 62 insertions, 88 deletions
diff --git a/include/mnl.h b/include/mnl.h index 457dd2ed..1784b3aa 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -77,12 +77,9 @@ int mnl_nft_obj_del(struct netlink_ctx *ctx, const struct cmd *cmd, int type); struct nftnl_flowtable_list * mnl_nft_flowtable_dump(struct netlink_ctx *ctx, int family, const char *table); -int mnl_nft_flowtable_batch_add(struct nftnl_flowtable *flo, - struct nftnl_batch *batch, unsigned int flags, - uint32_t seqnum); -int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flow, - struct nftnl_batch *batch, unsigned int flags, - uint32_t seqnum); +int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd, + unsigned int flags); +int mnl_nft_flowtable_del(struct netlink_ctx *ctx, const struct cmd *cmd); struct nftnl_ruleset *mnl_nft_ruleset_dump(struct netlink_ctx *ctx, uint32_t family); diff --git a/include/netlink.h b/include/netlink.h index b82ca727..8bdf192b 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -136,10 +136,6 @@ extern struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx, extern int netlink_list_flowtables(struct netlink_ctx *ctx, const struct handle *h); -extern int netlink_add_flowtable(struct netlink_ctx *ctx, - const struct cmd *cmd, uint32_t flags); -extern int netlink_delete_flowtable(struct netlink_ctx *ctx, - const struct cmd *cmd); extern void netlink_dump_chain(const struct nftnl_chain *nlc, struct netlink_ctx *ctx); @@ -150,6 +146,7 @@ extern void netlink_dump_expr(const struct nftnl_expr *nle, extern void netlink_dump_set(const struct nftnl_set *nls, struct netlink_ctx *ctx); extern void netlink_dump_obj(struct nftnl_obj *nlo, struct netlink_ctx *ctx); +extern void netlink_dump_flowtable(struct nftnl_flowtable *flo, struct netlink_ctx *ctx); extern int netlink_batch_send(struct netlink_ctx *ctx, struct list_head *err_list); @@ -1306,34 +1306,72 @@ err: return NULL; } -int mnl_nft_flowtable_batch_add(struct nftnl_flowtable *flo, - struct nftnl_batch *batch, unsigned int flags, - uint32_t seqnum) +int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd, + unsigned int flags) { + struct nftnl_flowtable *flo; + const char *dev_array[8]; struct nlmsghdr *nlh; + struct expr *expr; + int i = 0; - nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch), - NFT_MSG_NEWFLOWTABLE, - nftnl_flowtable_get_u32(flo, NFTNL_FLOWTABLE_FAMILY), - NLM_F_CREATE | flags, seqnum); + flo = nftnl_flowtable_alloc(); + if (!flo) + memory_allocation_error(); + + nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_FAMILY, + cmd->handle.family); + nftnl_flowtable_set_str(flo, NFTNL_FLOWTABLE_TABLE, + cmd->handle.table.name); + nftnl_flowtable_set_str(flo, NFTNL_FLOWTABLE_NAME, + cmd->handle.flowtable); + nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_HOOKNUM, + cmd->flowtable->hooknum); + nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_PRIO, + cmd->flowtable->priority.num); + + list_for_each_entry(expr, &cmd->flowtable->dev_expr->expressions, list) + dev_array[i++] = expr->identifier; + + dev_array[i] = NULL; + nftnl_flowtable_set(flo, NFTNL_FLOWTABLE_DEVICES, dev_array); + + netlink_dump_flowtable(flo, ctx); + + nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), + NFT_MSG_NEWFLOWTABLE, cmd->handle.family, + NLM_F_CREATE | flags, ctx->seqnum); nftnl_flowtable_nlmsg_build_payload(nlh, flo); - mnl_nft_batch_continue(batch); + nftnl_flowtable_free(flo); + + mnl_nft_batch_continue(ctx->batch); return 0; } -int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flo, - struct nftnl_batch *batch, unsigned int flags, - uint32_t seqnum) +int mnl_nft_flowtable_del(struct netlink_ctx *ctx, const struct cmd *cmd) { + struct nftnl_flowtable *flo; struct nlmsghdr *nlh; - nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch), - NFT_MSG_DELFLOWTABLE, - nftnl_flowtable_get_u32(flo, NFTNL_FLOWTABLE_FAMILY), - flags, seqnum); + flo = nftnl_flowtable_alloc(); + if (!flo) + memory_allocation_error(); + + nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_FAMILY, + cmd->handle.family); + nftnl_flowtable_set_str(flo, NFTNL_FLOWTABLE_TABLE, + cmd->handle.table.name); + nftnl_flowtable_set_str(flo, NFTNL_FLOWTABLE_NAME, + cmd->handle.flowtable); + + nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), + NFT_MSG_DELFLOWTABLE, cmd->handle.family, + 0, ctx->seqnum); nftnl_flowtable_nlmsg_build_payload(nlh, flo); - mnl_nft_batch_continue(batch); + nftnl_flowtable_free(flo); + + mnl_nft_batch_continue(ctx->batch); return 0; } diff --git a/src/netlink.c b/src/netlink.c index 97e8ebae..ede08ffd 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -994,25 +994,8 @@ struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx, return obj; } -static struct nftnl_flowtable *alloc_nftnl_flowtable(const struct handle *h, - const struct flowtable *ft) -{ - struct nftnl_flowtable *flo; - - flo = nftnl_flowtable_alloc(); - if (flo == NULL) - memory_allocation_error(); - - nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_FAMILY, h->family); - nftnl_flowtable_set_str(flo, NFTNL_FLOWTABLE_TABLE, h->table.name); - if (h->flowtable != NULL) - nftnl_flowtable_set_str(flo, NFTNL_FLOWTABLE_NAME, h->flowtable); - - return flo; -} - -static void netlink_dump_flowtable(struct nftnl_flowtable *flo, - struct netlink_ctx *ctx) +void netlink_dump_flowtable(struct nftnl_flowtable *flo, + struct netlink_ctx *ctx) { FILE *fp = ctx->nft->output.output_fp; @@ -1023,47 +1006,6 @@ static void netlink_dump_flowtable(struct nftnl_flowtable *flo, fprintf(fp, "\n"); } -int netlink_add_flowtable(struct netlink_ctx *ctx, const struct cmd *cmd, - uint32_t flags) -{ - struct flowtable *ft = cmd->flowtable; - struct nftnl_flowtable *flo; - const char *dev_array[8]; - struct expr *expr; - int i = 0, err; - - flo = alloc_nftnl_flowtable(&cmd->handle, ft); - nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_HOOKNUM, ft->hooknum); - nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_PRIO, ft->priority.num); - - list_for_each_entry(expr, &ft->dev_expr->expressions, list) - dev_array[i++] = expr->identifier; - - dev_array[i] = NULL; - nftnl_flowtable_set(flo, NFTNL_FLOWTABLE_DEVICES, dev_array); - - netlink_dump_flowtable(flo, ctx); - - err = mnl_nft_flowtable_batch_add(flo, ctx->batch, flags, ctx->seqnum); - nftnl_flowtable_free(flo); - - return err; -} - -int netlink_delete_flowtable(struct netlink_ctx *ctx, const struct cmd *cmd) -{ - struct nftnl_flowtable *flo; - int err; - - flo = alloc_nftnl_flowtable(&cmd->handle, NULL); - netlink_dump_flowtable(flo, ctx); - - err = mnl_nft_flowtable_batch_del(flo, ctx->batch, 0, ctx->seqnum); - nftnl_flowtable_free(flo); - - return err; -} - static int list_obj_cb(struct nftnl_obj *nls, void *arg) { struct netlink_ctx *ctx = arg; @@ -1417,7 +1417,7 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl) case CMD_OBJ_SECMARK: return mnl_nft_obj_add(ctx, cmd, flags); case CMD_OBJ_FLOWTABLE: - return netlink_add_flowtable(ctx, cmd, flags); + return mnl_nft_flowtable_add(ctx, cmd, flags); default: BUG("invalid command object type %u\n", cmd->obj); } @@ -1505,7 +1505,7 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd) case CMD_OBJ_SECMARK: return mnl_nft_obj_del(ctx, cmd, NFT_OBJECT_SECMARK); case CMD_OBJ_FLOWTABLE: - return netlink_delete_flowtable(ctx, cmd); + return mnl_nft_flowtable_del(ctx, cmd); default: BUG("invalid command object type %u\n", cmd->obj); } |