summaryrefslogtreecommitdiffstats
path: root/src/netlink_linearize.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/netlink_linearize.c')
-rw-r--r--src/netlink_linearize.c335
1 files changed, 195 insertions, 140 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index accab9c2..044815a3 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2008 Patrick McHardy <kaber@trash.net>
+ * Copyright (c) 2013 Pablo Neira Ayuso <pablo@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -10,6 +11,7 @@
#include <linux/netfilter/nf_tables.h>
+#include <string.h>
#include <rule.h>
#include <statement.h>
#include <expression.h>
@@ -18,7 +20,7 @@
#include <utils.h>
struct netlink_linearize_ctx {
- struct nfnl_nft_rule *nlr;
+ struct nft_rule *nlr;
unsigned int reg_low;
};
@@ -52,59 +54,65 @@ static void netlink_gen_payload(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg)
{
- struct nfnl_nft_expr *nle;
-
- nle = alloc_nft_expr(nfnl_nft_payload_init);
- nfnl_nft_payload_set_dreg(nle, dreg);
- nfnl_nft_payload_set_base(nle, expr->payload.base - 1);
- nfnl_nft_payload_set_offset(nle, expr->payload.offset / BITS_PER_BYTE);
- nfnl_nft_payload_set_len(nle, expr->len / BITS_PER_BYTE);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ struct nft_rule_expr *nle;
+
+ nle = alloc_nft_expr("payload");
+ nft_rule_expr_set_u32(nle, NFT_EXPR_PAYLOAD_DREG, dreg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_PAYLOAD_BASE,
+ expr->payload.base - 1);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_PAYLOAD_OFFSET,
+ expr->payload.offset / BITS_PER_BYTE);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_PAYLOAD_LEN,
+ expr->len / BITS_PER_BYTE);
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_exthdr(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg)
{
- struct nfnl_nft_expr *nle;
-
- nle = alloc_nft_expr(nfnl_nft_exthdr_init);
- nfnl_nft_exthdr_set_dreg(nle, dreg);
- nfnl_nft_exthdr_set_type(nle, expr->exthdr.desc->type);
- nfnl_nft_exthdr_set_offset(nle, expr->exthdr.tmpl->offset / BITS_PER_BYTE);
- nfnl_nft_exthdr_set_len(nle, expr->len / BITS_PER_BYTE);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ struct nft_rule_expr *nle;
+
+ nle = alloc_nft_expr("exthdr");
+ nft_rule_expr_set_u32(nle, NFT_EXPR_EXTHDR_DREG, dreg);
+ nft_rule_expr_set_u8(nle, NFT_EXPR_EXTHDR_TYPE,
+ expr->exthdr.desc->type);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_EXTHDR_OFFSET,
+ expr->exthdr.tmpl->offset / BITS_PER_BYTE);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_EXTHDR_LEN,
+ expr->len / BITS_PER_BYTE);
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_meta(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg)
{
- struct nfnl_nft_expr *nle;
+ struct nft_rule_expr *nle;
- nle = alloc_nft_expr(nfnl_nft_meta_init);
- nfnl_nft_meta_set_dreg(nle, dreg);
- nfnl_nft_meta_set_key(nle, expr->meta.key);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nle = alloc_nft_expr("meta");
+ nft_rule_expr_set_u32(nle, NFT_EXPR_META_DREG, dreg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_META_KEY, expr->meta.key);
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_ct(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg)
{
- struct nfnl_nft_expr *nle;
+ struct nft_rule_expr *nle;
- nle = alloc_nft_expr(nfnl_nft_ct_init);
- nfnl_nft_ct_set_dreg(nle, dreg);
- nfnl_nft_ct_set_key(nle, expr->ct.key);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nle = alloc_nft_expr("ct");
+ nft_rule_expr_set_u32(nle, NFT_EXPR_CT_DREG, dreg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_CT_KEY, expr->ct.key);
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_map(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg)
{
- struct nfnl_nft_expr *nle;
+ struct nft_rule_expr *nle;
enum nft_registers sreg;
assert(expr->mappings->ops->type == EXPR_SET_REF);
@@ -116,22 +124,23 @@ static void netlink_gen_map(struct netlink_linearize_ctx *ctx,
netlink_gen_expr(ctx, expr->map, sreg);
- nle = alloc_nft_expr(nfnl_nft_lookup_init);
- nfnl_nft_lookup_set_sreg(nle, sreg);
- nfnl_nft_lookup_set_dreg(nle, dreg);
- nfnl_nft_lookup_set_set(nle, expr->mappings->set->handle.set);
+ nle = alloc_nft_expr("lookup");
+ nft_rule_expr_set_u32(nle, NFT_EXPR_LOOKUP_SREG, sreg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_LOOKUP_DREG, dreg);
+ nft_rule_expr_set_str(nle, NFT_EXPR_LOOKUP_SET,
+ expr->mappings->set->handle.set);
if (dreg == NFT_REG_VERDICT)
release_register(ctx);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_lookup(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg)
{
- struct nfnl_nft_expr *nle;
+ struct nft_rule_expr *nle;
enum nft_registers sreg;
assert(expr->right->ops->type == EXPR_SET_REF);
@@ -140,12 +149,13 @@ static void netlink_gen_lookup(struct netlink_linearize_ctx *ctx,
sreg = get_register(ctx);
netlink_gen_expr(ctx, expr->left, sreg);
- nle = alloc_nft_expr(nfnl_nft_lookup_init);
- nfnl_nft_lookup_set_sreg(nle, sreg);
- nfnl_nft_lookup_set_set(nle, expr->right->set->handle.set);
+ nle = alloc_nft_expr("lookup");
+ nft_rule_expr_set_u32(nle, NFT_EXPR_LOOKUP_SREG, sreg);
+ nft_rule_expr_set_str(nle, NFT_EXPR_LOOKUP_SET,
+ expr->right->set->handle.set);
release_register(ctx);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nft_rule_add_expr(ctx->nlr, nle);
}
static enum nft_cmp_ops netlink_gen_cmp_op(enum ops op)
@@ -172,21 +182,24 @@ static void netlink_gen_cmp(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg)
{
- struct nfnl_nft_expr *nle;
+ struct nft_rule_expr *nle;
enum nft_registers sreg;
+ struct nft_data_linearize nld;
assert(dreg == NFT_REG_VERDICT);
sreg = get_register(ctx);
netlink_gen_expr(ctx, expr->left, sreg);
- nle = alloc_nft_expr(nfnl_nft_cmp_init);
- nfnl_nft_cmp_set_sreg(nle, sreg);
- nfnl_nft_cmp_set_op(nle, netlink_gen_cmp_op(expr->op));
- nfnl_nft_cmp_set_data(nle, netlink_gen_data(expr->right));
+ nle = alloc_nft_expr("cmp");
+ nft_rule_expr_set_u8(nle, NFT_EXPR_CMP_SREG, sreg);
+ nft_rule_expr_set_u8(nle, NFT_EXPR_CMP_OP,
+ netlink_gen_cmp_op(expr->op));
+ netlink_gen_data(expr->right, &nld);
+ nft_rule_expr_set(nle, NFT_EXPR_CMP_DATA, nld.value, nld.len);
release_register(ctx);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_range(struct netlink_linearize_ctx *ctx,
@@ -194,25 +207,30 @@ static void netlink_gen_range(struct netlink_linearize_ctx *ctx,
enum nft_registers dreg)
{
struct expr *range = expr->right;
- struct nfnl_nft_expr *nle;
+ struct nft_rule_expr *nle;
enum nft_registers sreg;
+ struct nft_data_linearize nld;
assert(dreg == NFT_REG_VERDICT);
sreg = get_register(ctx);
netlink_gen_expr(ctx, expr->left, sreg);
- nle = alloc_nft_expr(nfnl_nft_cmp_init);
- nfnl_nft_cmp_set_sreg(nle, sreg);
- nfnl_nft_cmp_set_op(nle, netlink_gen_cmp_op(OP_GTE));
- nfnl_nft_cmp_set_data(nle, netlink_gen_data(range->left));
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
-
- nle = alloc_nft_expr(nfnl_nft_cmp_init);
- nfnl_nft_cmp_set_sreg(nle, sreg);
- nfnl_nft_cmp_set_op(nle, netlink_gen_cmp_op(OP_LTE));
- nfnl_nft_cmp_set_data(nle, netlink_gen_data(range->right));
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nle = alloc_nft_expr("cmp");
+ nft_rule_expr_set_u8(nle, NFT_EXPR_CMP_SREG, sreg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_OP,
+ netlink_gen_cmp_op(OP_GTE));
+ netlink_gen_data(range->left, &nld);
+ nft_rule_expr_set(nle, NFT_EXPR_CMP_DATA, nld.value, nld.len);
+ nft_rule_add_expr(ctx->nlr, nle);
+
+ nle = alloc_nft_expr("cmp");
+ nft_rule_expr_set_u8(nle, NFT_EXPR_CMP_SREG, sreg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_OP,
+ netlink_gen_cmp_op(OP_LTE));
+ netlink_gen_data(range->right, &nld);
+ nft_rule_expr_set(nle, NFT_EXPR_CMP_DATA, nld.value, nld.len);
+ nft_rule_add_expr(ctx->nlr, nle);
release_register(ctx);
}
@@ -221,8 +239,8 @@ static void netlink_gen_flagcmp(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg)
{
- struct nfnl_nft_expr *nle;
- struct nfnl_nft_data *nld;
+ struct nft_rule_expr *nle;
+ struct nft_data_linearize nld, nld2;
enum nft_registers sreg;
unsigned int len;
mpz_t zero;
@@ -235,21 +253,23 @@ static void netlink_gen_flagcmp(struct netlink_linearize_ctx *ctx,
mpz_init_set_ui(zero, 0);
- nle = alloc_nft_expr(nfnl_nft_bitwise_init);
- nld = netlink_gen_raw_data(zero, expr->right->byteorder, len);
- nfnl_nft_bitwise_set_sreg(nle, sreg);
- nfnl_nft_bitwise_set_dreg(nle, sreg);
- nfnl_nft_bitwise_set_len(nle, len);
- nfnl_nft_bitwise_set_mask(nle, netlink_gen_data(expr->right));
- nfnl_nft_bitwise_set_xor(nle, nld);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
-
- nle = alloc_nft_expr(nfnl_nft_cmp_init);
- nld = netlink_gen_raw_data(zero, expr->right->byteorder, len);
- nfnl_nft_cmp_set_sreg(nle, sreg);
- nfnl_nft_cmp_set_op(nle, NFT_CMP_NEQ);
- nfnl_nft_cmp_set_data(nle, nld);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nle = alloc_nft_expr("bitwise");
+ netlink_gen_raw_data(zero, expr->right->byteorder, len, &nld);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_BITWISE_SREG, sreg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_BITWISE_DREG, sreg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_BITWISE_LEN, len);
+ netlink_gen_data(expr->right, &nld2);
+ nft_rule_expr_set(nle, NFT_EXPR_BITWISE_MASK, &nld2.value, nld2.len);
+ nft_rule_expr_set(nle, NFT_EXPR_BITWISE_XOR, &nld.value, nld.len);
+ nft_rule_add_expr(ctx->nlr, nle);
+
+ nle = alloc_nft_expr("cmp");
+ netlink_gen_raw_data(zero, expr->right->byteorder, len, &nld);
+ nft_rule_expr_set_u8(nle, NFT_EXPR_CMP_SREG, sreg);
+ nft_rule_expr_set_u8(nle, NFT_EXPR_CMP_OP, NFT_CMP_NEQ);
+ netlink_gen_data(expr->right, &nld);
+ nft_rule_expr_set(nle, NFT_EXPR_CMP_DATA, nld.value, nld.len);
+ nft_rule_add_expr(ctx->nlr, nle);
mpz_clear(zero);
release_register(ctx);
@@ -291,8 +311,8 @@ static void netlink_gen_binop(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg)
{
- struct nfnl_nft_expr *nle;
- struct nfnl_nft_data *nld;
+ struct nft_rule_expr *nle;
+ struct nft_data_linearize nld;
struct expr *left, *i;
struct expr *binops[16];
mpz_t mask, xor, val, tmp;
@@ -337,23 +357,22 @@ static void netlink_gen_binop(struct netlink_linearize_ctx *ctx,
len = div_round_up(expr->len, BITS_PER_BYTE);
- nle = alloc_nft_expr(nfnl_nft_bitwise_init);
- nfnl_nft_bitwise_set_sreg(nle, dreg);
- nfnl_nft_bitwise_set_dreg(nle, dreg);
- nfnl_nft_bitwise_set_len(nle, len);
-
- nld = netlink_gen_raw_data(mask, expr->byteorder, len);
- nfnl_nft_bitwise_set_mask(nle, nld);
+ nle = alloc_nft_expr("bitwise");
+ nft_rule_expr_set_u32(nle, NFT_EXPR_BITWISE_SREG, dreg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_BITWISE_DREG, dreg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_BITWISE_LEN, len);
- nld = netlink_gen_raw_data(xor, expr->byteorder, len);
- nfnl_nft_bitwise_set_xor(nle, nld);
+ netlink_gen_raw_data(mask, expr->byteorder, len, &nld);
+ nft_rule_expr_set(nle, NFT_EXPR_BITWISE_MASK, nld.value, nld.len);
+ netlink_gen_raw_data(xor, expr->byteorder, len, &nld);
+ nft_rule_expr_set(nle, NFT_EXPR_BITWISE_XOR, nld.value, nld.len);
mpz_clear(tmp);
mpz_clear(val);
mpz_clear(xor);
mpz_clear(mask);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nft_rule_add_expr(ctx->nlr, nle);
}
static enum nft_byteorder_ops netlink_gen_unary_op(enum ops op)
@@ -372,29 +391,47 @@ static void netlink_gen_unary(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg)
{
- struct nfnl_nft_expr *nle;
+ struct nft_rule_expr *nle;
netlink_gen_expr(ctx, expr->arg, dreg);
- nle = alloc_nft_expr(nfnl_nft_byteorder_init);
- nfnl_nft_byteorder_set_sreg(nle, dreg);
- nfnl_nft_byteorder_set_dreg(nle, dreg);
- nfnl_nft_byteorder_set_len(nle, expr->len / BITS_PER_BYTE);
- nfnl_nft_byteorder_set_size(nle, expr->arg->len % 32 ? 2 : 4);
- nfnl_nft_byteorder_set_op(nle, netlink_gen_unary_op(expr->op));
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nle = alloc_nft_expr("byteorder");
+ nft_rule_expr_set_u32(nle, NFT_EXPR_BYTEORDER_SREG, dreg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_BYTEORDER_DREG, dreg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_BYTEORDER_LEN,
+ expr->len / BITS_PER_BYTE);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_BYTEORDER_SIZE,
+ expr->arg->len % 32 ? 2 : 4);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_BYTEORDER_OP,
+ netlink_gen_unary_op(expr->op));
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_immediate(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg)
{
- struct nfnl_nft_expr *nle;
+ struct nft_rule_expr *nle;
+ struct nft_data_linearize nld;
- nle = alloc_nft_expr(nfnl_nft_immediate_init);
- nfnl_nft_immediate_set_dreg(nle, dreg);
- nfnl_nft_immediate_set_data(nle, netlink_gen_data(expr));
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nle = alloc_nft_expr("immediate");
+ nft_rule_expr_set_u32(nle, NFT_EXPR_IMM_DREG, dreg);
+ netlink_gen_data(expr, &nld);
+ switch (expr->ops->type) {
+ case EXPR_VALUE:
+ nft_rule_expr_set(nle, NFT_EXPR_IMM_DATA, nld.value, nld.len);
+ break;
+ case EXPR_VERDICT:
+ if (nft_rule_expr_is_set(nle, NFT_EXPR_IMM_CHAIN)) {
+ nft_rule_expr_set_str(nle, NFT_EXPR_IMM_CHAIN,
+ nld.chain);
+ }
+ nft_rule_expr_set_u32(nle, NFT_EXPR_IMM_VERDICT, nld.verdict);
+ break;
+ default:
+ break;
+ }
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_expr(struct netlink_linearize_ctx *ctx,
@@ -437,77 +474,89 @@ static void netlink_gen_verdict_stmt(struct netlink_linearize_ctx *ctx,
static void netlink_gen_counter_stmt(struct netlink_linearize_ctx *ctx,
const struct stmt *stmt)
{
- struct nfnl_nft_expr *nle;
-
- nle = alloc_nft_expr(nfnl_nft_counter_init);
- if (stmt->counter.packets)
- nfnl_nft_counter_set_packets(nle, stmt->counter.packets);
- if (stmt->counter.bytes)
- nfnl_nft_counter_set_bytes(nle, stmt->counter.bytes);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ struct nft_rule_expr *nle;
+
+ nle = alloc_nft_expr("counter");
+ if (stmt->counter.packets) {
+ nft_rule_expr_set_u64(nle, NFT_EXPR_CTR_PACKETS,
+ stmt->counter.packets);
+ }
+ if (stmt->counter.bytes) {
+ nft_rule_expr_set_u64(nle, NFT_EXPR_CTR_BYTES,
+ stmt->counter.packets);
+ }
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_meta_stmt(struct netlink_linearize_ctx *ctx,
const struct stmt *stmt)
{
- struct nfnl_nft_expr *nle;
+ struct nft_rule_expr *nle;
enum nft_registers sreg;
sreg = get_register(ctx);
netlink_gen_expr(ctx, stmt->meta.expr, sreg);
release_register(ctx);
- nle = alloc_nft_expr(nfnl_nft_meta_init);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nle = alloc_nft_expr("meta");
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_log_stmt(struct netlink_linearize_ctx *ctx,
const struct stmt *stmt)
{
- struct nfnl_nft_expr *nle;
-
- nle = alloc_nft_expr(nfnl_nft_log_init);
- if (stmt->log.prefix != NULL)
- nfnl_nft_log_set_prefix(nle, stmt->log.prefix);
- if (stmt->log.group)
- nfnl_nft_log_set_group(nle, stmt->log.group);
- if (stmt->log.snaplen)
- nfnl_nft_log_set_snaplen(nle, stmt->log.snaplen);
- if (stmt->log.qthreshold)
- nfnl_nft_log_set_qthreshold(nle, stmt->log.qthreshold);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ struct nft_rule_expr *nle;
+
+ nle = alloc_nft_expr("log");
+ if (stmt->log.prefix != NULL) {
+ nft_rule_expr_set_str(nle, NFT_EXPR_LOG_PREFIX,
+ stmt->log.prefix);
+ }
+ if (stmt->log.group) {
+ nft_rule_expr_set_u32(nle, NFT_EXPR_LOG_GROUP,
+ stmt->log.group);
+ }
+ if (stmt->log.snaplen) {
+ nft_rule_expr_set_u32(nle, NFT_EXPR_LOG_SNAPLEN,
+ stmt->log.snaplen);
+ }
+ if (stmt->log.qthreshold) {
+ nft_rule_expr_set_u32(nle, NFT_EXPR_LOG_QTHRESHOLD,
+ stmt->log.qthreshold);
+ }
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_limit_stmt(struct netlink_linearize_ctx *ctx,
const struct stmt *stmt)
{
- struct nfnl_nft_expr *nle;
+ struct nft_rule_expr *nle;
- nle = alloc_nft_expr(nfnl_nft_limit_init);
- nfnl_nft_limit_set_rate(nle, stmt->limit.rate);
- nfnl_nft_limit_set_depth(nle, stmt->limit.depth);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nle = alloc_nft_expr("limit");
+ nft_rule_expr_set_u32(nle, NFT_EXPR_LIMIT_RATE, stmt->limit.rate);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_LIMIT_DEPTH, stmt->limit.depth);
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_reject_stmt(struct netlink_linearize_ctx *ctx,
const struct stmt *stmt)
{
- struct nfnl_nft_expr *nle;
+ struct nft_rule_expr *nle;
nle = alloc_nft_expr(NULL);
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_nat_stmt(struct netlink_linearize_ctx *ctx,
const struct stmt *stmt)
{
- struct nfnl_nft_expr *nle;
+ struct nft_rule_expr *nle;
enum nft_registers amin_reg, amax_reg;
enum nft_registers pmin_reg, pmax_reg;
int registers = 0;
- nle = alloc_nft_expr(nfnl_nft_nat_init);
- nfnl_nft_nat_set_type(nle, stmt->nat.type);
+ nle = alloc_nft_expr("nat");
+ nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_TYPE, stmt->nat.type);
if (stmt->nat.addr) {
amin_reg = get_register(ctx);
@@ -519,11 +568,14 @@ static void netlink_gen_nat_stmt(struct netlink_linearize_ctx *ctx,
netlink_gen_expr(ctx, stmt->nat.addr->left, amin_reg);
netlink_gen_expr(ctx, stmt->nat.addr->right, amax_reg);
- nfnl_nft_nat_set_sreg_addr_min(nle, amin_reg);
- nfnl_nft_nat_set_sreg_addr_max(nle, amax_reg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_REG_ADDR_MIN,
+ amin_reg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_REG_ADDR_MAX,
+ amax_reg);
} else {
netlink_gen_expr(ctx, stmt->nat.addr, amin_reg);
- nfnl_nft_nat_set_sreg_addr_min(nle, amin_reg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_REG_ADDR_MIN,
+ amin_reg);
}
}
@@ -538,11 +590,14 @@ static void netlink_gen_nat_stmt(struct netlink_linearize_ctx *ctx,
netlink_gen_expr(ctx, stmt->nat.proto->left, pmin_reg);
netlink_gen_expr(ctx, stmt->nat.proto->right, pmax_reg);
- nfnl_nft_nat_set_sreg_proto_min(nle, pmin_reg);
- nfnl_nft_nat_set_sreg_proto_max(nle, pmax_reg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_REG_PROTO_MIN,
+ pmin_reg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_REG_PROTO_MAX,
+ pmax_reg);
} else {
netlink_gen_expr(ctx, stmt->nat.proto, pmin_reg);
- nfnl_nft_nat_set_sreg_proto_min(nle, pmin_reg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_REG_PROTO_MIN,
+ pmin_reg);
}
}
@@ -551,7 +606,7 @@ static void netlink_gen_nat_stmt(struct netlink_linearize_ctx *ctx,
registers--;
}
- nfnl_nft_rule_add_expr(ctx->nlr, nle);
+ nft_rule_add_expr(ctx->nlr, nle);
}
static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx,
@@ -579,7 +634,7 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx,
}
}
-int netlink_linearize_rule(struct netlink_ctx *ctx, struct nfnl_nft_rule *nlr,
+int netlink_linearize_rule(struct netlink_ctx *ctx, struct nft_rule *nlr,
const struct rule *rule)
{
struct netlink_linearize_ctx lctx;
@@ -592,6 +647,6 @@ int netlink_linearize_rule(struct netlink_ctx *ctx, struct nfnl_nft_rule *nlr,
list_for_each_entry(stmt, &rule->stmts, list)
netlink_gen_stmt(&lctx, stmt);
- netlink_dump_object(OBJ_CAST(nlr));
+ netlink_dump_rule(nlr);
return 0;
}