diff options
| -rw-r--r-- | include/mnl.h | 4 | ||||
| -rw-r--r-- | src/cache.c | 23 | ||||
| -rw-r--r-- | src/mnl.c | 21 |
3 files changed, 24 insertions, 24 deletions
diff --git a/include/mnl.h b/include/mnl.h index 344030f3..19faa651 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -33,8 +33,8 @@ int mnl_nft_rule_add(struct netlink_ctx *ctx, struct cmd *cmd, int mnl_nft_rule_del(struct netlink_ctx *ctx, struct cmd *cmd); int mnl_nft_rule_replace(struct netlink_ctx *ctx, struct cmd *cmd); -struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx, - int family); +struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx, int family, + const struct nft_cache_filter *filter); int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags); diff --git a/src/cache.c b/src/cache.c index 66da2b34..484efdb9 100644 --- a/src/cache.c +++ b/src/cache.c @@ -441,16 +441,9 @@ struct chain *chain_cache_find(const struct table *table, const char *name) return NULL; } -struct rule_cache_dump_ctx { - struct netlink_ctx *nlctx; - const struct nft_cache_filter *filter; -}; - static int list_rule_cb(struct nftnl_rule *nlr, void *data) { - struct rule_cache_dump_ctx *rule_ctx = data; - const struct nft_cache_filter *filter = rule_ctx->filter; - struct netlink_ctx *ctx = rule_ctx->nlctx; + struct netlink_ctx *ctx = data; const struct handle *h = ctx->data; const char *table, *chain; struct rule *rule; @@ -465,12 +458,6 @@ static int list_rule_cb(struct nftnl_rule *nlr, void *data) (h->chain.name && strcmp(chain, h->chain.name) != 0)) return 0; - if (filter && filter->list.table && filter->list.chain && - (filter->list.family != family || - strcmp(filter->list.table, table) || - strcmp(filter->list.chain, chain))) - return 0; - netlink_dump_rule(nlr, ctx); rule = netlink_delinearize_rule(ctx, nlr); list_add_tail(&rule->list, &ctx->list); @@ -481,13 +468,9 @@ static int list_rule_cb(struct nftnl_rule *nlr, void *data) static int rule_cache_init(struct netlink_ctx *ctx, const struct handle *h, const struct nft_cache_filter *filter) { - struct rule_cache_dump_ctx rule_ctx = { - .nlctx = ctx, - .filter = filter, - }; struct nftnl_rule_list *rule_cache; - rule_cache = mnl_nft_rule_dump(ctx, h->family); + rule_cache = mnl_nft_rule_dump(ctx, h->family, filter); if (rule_cache == NULL) { if (errno == EINTR) return -1; @@ -496,7 +479,7 @@ static int rule_cache_init(struct netlink_ctx *ctx, const struct handle *h, } ctx->data = h; - nftnl_rule_list_foreach(rule_cache, list_rule_cb, &rule_ctx); + nftnl_rule_list_foreach(rule_cache, list_rule_cb, ctx); nftnl_rule_list_free(rule_cache); return 0; } @@ -653,20 +653,37 @@ err_free: return MNL_CB_OK; } -struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx, - int family) +struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx, int family, + const struct nft_cache_filter *filter) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nftnl_rule_list *nlr_list; + struct nftnl_rule *nlr = NULL; struct nlmsghdr *nlh; int ret; + if (filter && filter->list.table) { + nlr = nftnl_rule_alloc(); + if (!nlr) + memory_allocation_error(); + + nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, + filter->list.table); + if (filter->list.chain) + nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, + filter->list.chain); + } + nlr_list = nftnl_rule_list_alloc(); if (nlr_list == NULL) memory_allocation_error(); nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family, NLM_F_DUMP, ctx->seqnum); + if (nlr) { + nftnl_rule_nlmsg_build_payload(nlh, nlr); + nftnl_rule_free(nlr); + } ret = nft_mnl_talk(ctx, nlh, nlh->nlmsg_len, rule_cb, nlr_list); if (ret < 0) |