From 086ec6f30c96e9a920baf22ba700ea1ee0363df7 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 19 Feb 2020 14:35:21 +0100 Subject: mnl: extended error support for create command # nft create table x Error: Could not process rule: File exists create table x ^ # nft create chain x y Error: Could not process rule: File exists create chain x y ^ # nft create set x y { typeof ip saddr\; } Error: Could not process rule: File exists create set x y { typeof ip saddr; } ^ # nft create counter x y Error: Could not process rule: File exists create counter x y ^ Signed-off-by: Pablo Neira Ayuso --- include/mnl.h | 10 +++++----- src/mnl.c | 50 +++++++++++++++++++++++++++++++++----------------- src/rule.c | 2 +- 3 files changed, 39 insertions(+), 23 deletions(-) diff --git a/include/mnl.h b/include/mnl.h index 07669957..6d247cca 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -37,7 +37,7 @@ int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd); struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx, int family); -int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd, +int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags); int mnl_nft_chain_del(struct netlink_ctx *ctx, struct cmd *cmd); int mnl_nft_chain_rename(struct netlink_ctx *ctx, const struct cmd *cmd, @@ -46,14 +46,14 @@ int mnl_nft_chain_rename(struct netlink_ctx *ctx, const struct cmd *cmd, struct nftnl_chain_list *mnl_nft_chain_dump(struct netlink_ctx *ctx, int family); -int mnl_nft_table_add(struct netlink_ctx *ctx, const struct cmd *cmd, +int mnl_nft_table_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags); int mnl_nft_table_del(struct netlink_ctx *ctx, struct cmd *cmd); struct nftnl_table_list *mnl_nft_table_dump(struct netlink_ctx *ctx, int family); -int mnl_nft_set_add(struct netlink_ctx *ctx, const struct cmd *cmd, +int mnl_nft_set_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags); int mnl_nft_set_del(struct netlink_ctx *ctx, struct cmd *cmd); @@ -72,14 +72,14 @@ struct nftnl_obj_list *mnl_nft_obj_dump(struct netlink_ctx *ctx, int family, const char *table, const char *name, uint32_t type, bool dump, bool reset); -int mnl_nft_obj_add(struct netlink_ctx *ctx, const struct cmd *cmd, +int mnl_nft_obj_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags); int mnl_nft_obj_del(struct netlink_ctx *ctx, struct cmd *cmd, int type); struct nftnl_flowtable_list * mnl_nft_flowtable_dump(struct netlink_ctx *ctx, int family, const char *table); -int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd, +int mnl_nft_flowtable_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags); int mnl_nft_flowtable_del(struct netlink_ctx *ctx, struct cmd *cmd); diff --git a/src/mnl.c b/src/mnl.c index ee82db80..f9591969 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -592,7 +592,7 @@ err: /* * Chain */ -int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd, +int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags) { int priority, policy, i = 0; @@ -607,8 +607,6 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd, memory_allocation_error(); nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, cmd->handle.family); - nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, cmd->handle.table.name); - nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, cmd->handle.chain.name); if (cmd->chain) { if (cmd->chain->flags & CHAIN_F_BASECHAIN) { @@ -654,6 +652,12 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd, NFT_MSG_NEWCHAIN, cmd->handle.family, NLM_F_CREATE | flags, ctx->seqnum); + + cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.table.location); + mnl_attr_put_strz(nlh, NFTA_CHAIN_TABLE, cmd->handle.table.name); + cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.chain.location); + mnl_attr_put_strz(nlh, NFTA_CHAIN_NAME, cmd->handle.chain.name); + nftnl_chain_nlmsg_build_payload(nlh, nlc); nftnl_chain_free(nlc); @@ -778,7 +782,7 @@ err: /* * Table */ -int mnl_nft_table_add(struct netlink_ctx *ctx, const struct cmd *cmd, +int mnl_nft_table_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags) { struct nftnl_table *nlt; @@ -789,7 +793,6 @@ int mnl_nft_table_add(struct netlink_ctx *ctx, const struct cmd *cmd, memory_allocation_error(); nftnl_table_set_u32(nlt, NFTNL_TABLE_FAMILY, cmd->handle.family); - nftnl_table_set_str(nlt, NFTNL_TABLE_NAME, cmd->handle.table.name); if (cmd->table) nftnl_table_set_u32(nlt, NFTNL_TABLE_FLAGS, cmd->table->flags); else @@ -799,6 +802,9 @@ int mnl_nft_table_add(struct netlink_ctx *ctx, const struct cmd *cmd, NFT_MSG_NEWTABLE, cmd->handle.family, flags, ctx->seqnum); + + cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.table.location); + mnl_attr_put_strz(nlh, NFTA_TABLE_NAME, cmd->handle.table.name); nftnl_table_nlmsg_build_payload(nlh, nlt); nftnl_table_free(nlt); @@ -910,10 +916,10 @@ static void set_key_expression(struct netlink_ctx *ctx, /* * Set */ -int mnl_nft_set_add(struct netlink_ctx *ctx, const struct cmd *cmd, +int mnl_nft_set_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags) { - const struct handle *h = &cmd->handle; + struct handle *h = &cmd->handle; struct nftnl_udata_buf *udbuf; struct set *set = cmd->set; struct nftnl_set *nls; @@ -924,8 +930,6 @@ int mnl_nft_set_add(struct netlink_ctx *ctx, const struct cmd *cmd, memory_allocation_error(); nftnl_set_set_u32(nls, NFTNL_SET_FAMILY, h->family); - nftnl_set_set_str(nls, NFTNL_SET_TABLE, h->table.name); - nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set.name); nftnl_set_set_u32(nls, NFTNL_SET_ID, h->set_id); nftnl_set_set_u32(nls, NFTNL_SET_FLAGS, set->flags); @@ -998,6 +1002,12 @@ int mnl_nft_set_add(struct netlink_ctx *ctx, const struct cmd *cmd, NFT_MSG_NEWSET, h->family, NLM_F_CREATE | flags, ctx->seqnum); + + cmd_add_loc(cmd, nlh->nlmsg_len, &h->table.location); + mnl_attr_put_strz(nlh, NFTA_SET_TABLE, h->table.name); + cmd_add_loc(cmd, nlh->nlmsg_len, &h->set.location); + mnl_attr_put_strz(nlh, NFTA_SET_NAME, h->set.name); + nftnl_set_nlmsg_build_payload(nlh, nls); nftnl_set_free(nls); @@ -1099,7 +1109,7 @@ err: return NULL; } -int mnl_nft_obj_add(struct netlink_ctx *ctx, const struct cmd *cmd, +int mnl_nft_obj_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags) { struct obj *obj = cmd->object; @@ -1111,8 +1121,6 @@ int mnl_nft_obj_add(struct netlink_ctx *ctx, const struct cmd *cmd, memory_allocation_error(); nftnl_obj_set_u32(nlo, NFTNL_OBJ_FAMILY, cmd->handle.family); - nftnl_obj_set_str(nlo, NFTNL_OBJ_TABLE, cmd->handle.table.name); - nftnl_obj_set_str(nlo, NFTNL_OBJ_NAME, cmd->handle.obj.name); nftnl_obj_set_u32(nlo, NFTNL_OBJ_TYPE, obj->type); switch (obj->type) { @@ -1190,6 +1198,12 @@ int mnl_nft_obj_add(struct netlink_ctx *ctx, const struct cmd *cmd, nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), NFT_MSG_NEWOBJ, cmd->handle.family, NLM_F_CREATE | flags, ctx->seqnum); + + cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.table.location); + mnl_attr_put_strz(nlh, NFTA_OBJ_TABLE, cmd->handle.table.name); + cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.obj.location); + mnl_attr_put_strz(nlh, NFTA_OBJ_NAME, cmd->handle.obj.name); + nftnl_obj_nlmsg_build_payload(nlh, nlo); nftnl_obj_free(nlo); @@ -1533,7 +1547,7 @@ err: return NULL; } -int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd, +int mnl_nft_flowtable_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags) { struct nftnl_flowtable *flo; @@ -1549,10 +1563,6 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd, nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_FAMILY, cmd->handle.family); - nftnl_flowtable_set_str(flo, NFTNL_FLOWTABLE_TABLE, - cmd->handle.table.name); - nftnl_flowtable_set_str(flo, NFTNL_FLOWTABLE_NAME, - cmd->handle.flowtable.name); nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_HOOKNUM, cmd->flowtable->hooknum); mpz_export_data(&priority, cmd->flowtable->priority.expr->value, @@ -1576,6 +1586,12 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd, nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), NFT_MSG_NEWFLOWTABLE, cmd->handle.family, NLM_F_CREATE | flags, ctx->seqnum); + + cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.table.location); + mnl_attr_put_strz(nlh, NFTA_FLOWTABLE_TABLE, cmd->handle.table.name); + cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.flowtable.location); + mnl_attr_put_strz(nlh, NFTA_FLOWTABLE_NAME, cmd->handle.flowtable.name); + nftnl_flowtable_nlmsg_build_payload(nlh, flo); nftnl_flowtable_free(flo); diff --git a/src/rule.c b/src/rule.c index 9307dad5..9e58ee66 100644 --- a/src/rule.c +++ b/src/rule.c @@ -1579,7 +1579,7 @@ static int do_add_setelems(struct netlink_ctx *ctx, struct cmd *cmd, return __do_add_setelems(ctx, set, init, flags); } -static int do_add_set(struct netlink_ctx *ctx, const struct cmd *cmd, +static int do_add_set(struct netlink_ctx *ctx, struct cmd *cmd, uint32_t flags) { struct set *set = cmd->set; -- cgit v1.2.3