Hello,
On Thu, 2017-08-24 at 17:30 +0200, Pablo Neira Ayuso wrote:
> I took over this patch and revamp it, so we can apply this asap.
>
> Let me know if you have any concern,
I would just add a uint32_t flag to the nft_ctc_new function parameters
so we can later pass information such as "don't handle netlink" or
"handle netlink". But setting the info could also be done in another
function so I let you decide.
++
> Thanks.
>
>
> On Sat, Aug 19, 2017 at 05:24:06PM +0200, Eric Leblond wrote:
> > Signed-off-by: Eric Leblond <eric@xxxxxxxxx>
> > ---
> > include/nftables.h | 1 +
> > include/nftables/nftables.h | 3 +++
> > src/libnftables.c | 20 ++++++++++++++++++++
> > src/main.c | 29 ++++++++++++++---------------
> > 4 files changed, 38 insertions(+), 15 deletions(-)
> >
> > diff --git a/include/nftables.h b/include/nftables.h
> > index a457aba..717af37 100644
> > --- a/include/nftables.h
> > +++ b/include/nftables.h
> > @@ -35,6 +35,7 @@ struct output_ctx {
> > struct nft_ctx {
> > struct output_ctx output;
> > bool check;
> > + struct mnl_socket *nf_sock;
> > };
> >
> > struct nft_cache {
> > diff --git a/include/nftables/nftables.h
> > b/include/nftables/nftables.h
> > index 4ba16f0..cfa60fe 100644
> > --- a/include/nftables/nftables.h
> > +++ b/include/nftables/nftables.h
> > @@ -17,4 +17,7 @@
> > void nft_global_init(void);
> > void nft_global_deinit(void);
> >
> > +struct nft_ctx *nft_context_new(void);
> > +void nft_context_free(struct nft_ctx *nft);
> > +
> > #endif
> > diff --git a/src/libnftables.c b/src/libnftables.c
> > index 215179a..6756c0f 100644
> > --- a/src/libnftables.c
> > +++ b/src/libnftables.c
> > @@ -51,3 +51,23 @@ void nft_global_deinit(void)
> > realm_table_meta_exit();
> > mark_table_exit();
> > }
> > +
> > +struct nft_ctx *nft_context_new(void)
> > +{
> > + struct nft_ctx *ctx = NULL;
> > + ctx = calloc(1, sizeof(struct nft_ctx));
> > + if (ctx == NULL)
> > + return NULL;
> > + ctx->nf_sock = netlink_open_sock();
> > +
> > + return ctx;
> > +}
> > +
> > +
> > +void nft_context_free(struct nft_ctx *nft)
> > +{
> > + if (nft == NULL)
> > + return;
> > + netlink_close_sock(nft->nf_sock);
> > + xfree(nft);
> > +}
> > diff --git a/src/main.c b/src/main.c
> > index dde3104..ee5566c 100644
> > --- a/src/main.c
> > +++ b/src/main.c
> > @@ -29,7 +29,6 @@
> > #include <iface.h>
> > #include <cli.h>
> >
> > -static struct nft_ctx nft;
> > unsigned int max_errors = 10;
> > #ifdef DEBUG
> > unsigned int debug_level;
> > @@ -283,13 +282,13 @@ int main(int argc, char * const *argv)
> > unsigned int len;
> > bool interactive = false;
> > int i, val, rc = NFT_EXIT_SUCCESS;
> > - struct mnl_socket *nf_sock;
> > + struct nft_ctx *nft;
> >
> > memset(&cache, 0, sizeof(cache));
> > init_list_head(&cache.list);
> >
> > nft_global_init();
> > - nf_sock = netlink_open_sock();
> > + nft = nft_context_new();
> > while (1) {
> > val = getopt_long(argc, argv, OPTSTRING, options,
> > NULL);
> > if (val == -1)
> > @@ -304,7 +303,7 @@ int main(int argc, char * const *argv)
> > PACKAGE_NAME, PACKAGE_VERSION,
> > RELEASE_NAME);
> > exit(NFT_EXIT_SUCCESS);
> > case OPT_CHECK:
> > - nft.check = true;
> > + nft->check = true;
> > break;
> > case OPT_FILE:
> > filename = optarg;
> > @@ -322,7 +321,7 @@ int main(int argc, char * const *argv)
> > include_paths[num_include_paths++] =
> > optarg;
> > break;
> > case OPT_NUMERIC:
> > - if (++nft.output.numeric > NUMERIC_ALL) {
> > + if (++nft->output.numeric > NUMERIC_ALL) {
> > fprintf(stderr, "Too many numeric
> > options "
> > "used, max. %u\n",
> > NUMERIC_ALL);
> > @@ -330,10 +329,10 @@ int main(int argc, char * const *argv)
> > }
> > break;
> > case OPT_STATELESS:
> > - nft.output.stateless++;
> > + nft->output.stateless++;
> > break;
> > case OPT_IP2NAME:
> > - nft.output.ip2name++;
> > + nft->output.ip2name++;
> > break;
> > #ifdef DEBUG
> > case OPT_DEBUG:
> > @@ -365,10 +364,10 @@ int main(int argc, char * const *argv)
> > break;
> > #endif
> > case OPT_HANDLE_OUTPUT:
> > - nft.output.handle++;
> > + nft->output.handle++;
> > break;
> > case OPT_ECHO:
> > - nft.output.echo++;
> > + nft->output.echo++;
> > break;
> > case OPT_INVALID:
> > exit(NFT_EXIT_FAILURE);
> > @@ -386,20 +385,20 @@ int main(int argc, char * const *argv)
> > strcat(buf, " ");
> > }
> > strcat(buf, "\n");
> > - parser_init(nf_sock, &cache, &state, &msgs);
> > + parser_init(nft->nf_sock, &cache, &state, &msgs);
> > scanner = scanner_init(&state);
> > scanner_push_buffer(scanner, &indesc_cmdline,
> > buf);
> > } else if (filename != NULL) {
> > - rc = cache_update(nf_sock, &cache, CMD_INVALID,
> > &msgs);
> > + rc = cache_update(nft->nf_sock, &cache,
> > CMD_INVALID, &msgs);
> > if (rc < 0)
> > return rc;
> >
> > - parser_init(nf_sock, &cache, &state, &msgs);
> > + parser_init(nft->nf_sock, &cache, &state, &msgs);
> > scanner = scanner_init(&state);
> > if (scanner_read_file(scanner, filename,
> > &internal_location) < 0)
> > goto out;
> > } else if (interactive) {
> > - if (cli_init(&nft, nf_sock, &cache, &state) < 0) {
> > + if (cli_init(nft, nft->nf_sock, &cache, &state) <
> > 0) {
> > fprintf(stderr, "%s: interactive CLI not
> > supported in this build\n",
> > argv[0]);
> > exit(NFT_EXIT_FAILURE);
> > @@ -410,7 +409,7 @@ int main(int argc, char * const *argv)
> > exit(NFT_EXIT_FAILURE);
> > }
> >
> > - if (nft_run(&nft, nf_sock, &cache, scanner, &state, &msgs)
> > != 0)
> > + if (nft_run(nft, nft->nf_sock, &cache, scanner, &state,
> > &msgs) != 0)
> > rc = NFT_EXIT_FAILURE;
> > out:
> > scanner_destroy(scanner);
> > @@ -418,7 +417,7 @@ out:
> > xfree(buf);
> > cache_release(&cache);
> > iface_cache_release();
> > - netlink_close_sock(nf_sock);
> > + nft_context_free(nft);
> > nft_global_deinit();
> >
> > return rc;
> > --
> > 2.14.1
> >
--
Eric Leblond <eric@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
