The netlink layer sits in between the mnl and the rule layers, remove it. We can remove alloc_nftnl_chain() and consolidate infrastructure in the src/mnl.c file. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- include/mnl.h | 10 +++--- include/netlink.h | 8 ----- src/mnl.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++------- src/netlink.c | 79 -------------------------------------------- src/rule.c | 8 ++--- 5 files changed, 96 insertions(+), 107 deletions(-) diff --git a/include/mnl.h b/include/mnl.h index 44dd90f91814..96bf4b035d1d 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -36,10 +36,12 @@ int mnl_nft_rule_batch_replace(struct nftnl_rule *nlr, struct nftnl_batch *batch struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx, int family); -int mnl_nft_chain_batch_add(struct nftnl_chain *nlc, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum); -int mnl_nft_chain_batch_del(struct nftnl_chain *nlc, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum); +int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd, + unsigned int flags); +int mnl_nft_chain_del(struct netlink_ctx *ctx, const struct cmd *cmd); +int mnl_nft_chain_rename(struct netlink_ctx *ctx, const struct cmd *cmd, + const struct chain *chain); + struct nftnl_chain_list *mnl_nft_chain_dump(struct netlink_ctx *ctx, int family); diff --git a/include/netlink.h b/include/netlink.h index 42c3eb902a1e..4de4a09d5710 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -57,7 +57,6 @@ struct netlink_ctx { struct nft_cache *cache; }; -extern struct nftnl_chain *alloc_nftnl_chain(const struct handle *h); extern struct nftnl_rule *alloc_nftnl_rule(const struct handle *h); extern struct nftnl_expr *alloc_nft_expr(const char *name); extern struct nftnl_set *alloc_nftnl_set(const struct handle *h); @@ -117,13 +116,6 @@ extern int netlink_del_rule_batch(struct netlink_ctx *ctx, extern int netlink_replace_rule_batch(struct netlink_ctx *ctx, const struct cmd *cmd); -extern int netlink_add_chain_batch(struct netlink_ctx *ctx, - const struct cmd *cmd, uint32_t flags); -extern int netlink_rename_chain_batch(struct netlink_ctx *ctx, - const struct handle *h, - const struct cmd *cmd); -extern int netlink_delete_chain_batch(struct netlink_ctx *ctx, - const struct cmd *cmd); extern int netlink_list_chains(struct netlink_ctx *ctx, const struct handle *h); extern int netlink_flush_chain(struct netlink_ctx *ctx, const struct cmd *cmd); extern struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx, diff --git a/src/mnl.c b/src/mnl.c index 8cc4f168829c..337e0658e123 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -387,32 +387,106 @@ err: /* * Chain */ -int mnl_nft_chain_batch_add(struct nftnl_chain *nlc, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum) +int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd, + unsigned int flags) { + struct nftnl_chain *nlc; struct nlmsghdr *nlh; - nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch), + nlc = nftnl_chain_alloc(); + if (nlc == NULL) + memory_allocation_error(); + + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, cmd->handle.family); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, cmd->handle.table.name); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, cmd->handle.chain.name); + + if (cmd->chain) { + if (cmd->chain->flags & CHAIN_F_BASECHAIN) { + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM, + cmd->chain->hooknum); + nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO, + cmd->chain->priority.num); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE, + cmd->chain->type); + } + if (cmd->chain->policy != -1) + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY, + cmd->chain->policy); + if (cmd->chain->dev != NULL) + nftnl_chain_set_str(nlc, NFTNL_CHAIN_DEV, + cmd->chain->dev); + } + netlink_dump_chain(nlc, ctx); + + nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), NFT_MSG_NEWCHAIN, - nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY), - NLM_F_CREATE | flags, seqnum); + cmd->handle.family, + NLM_F_CREATE | flags, ctx->seqnum); nftnl_chain_nlmsg_build_payload(nlh, nlc); - mnl_nft_batch_continue(batch); + nftnl_chain_free(nlc); + + mnl_nft_batch_continue(ctx->batch); return 0; } -int mnl_nft_chain_batch_del(struct nftnl_chain *nlc, struct nftnl_batch *batch, - unsigned int flags, uint32_t seqnum) +int mnl_nft_chain_rename(struct netlink_ctx *ctx, const struct cmd *cmd, + const struct chain *chain) { + const char *name = cmd->arg; + struct nftnl_chain *nlc; struct nlmsghdr *nlh; - nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch), + nlc = nftnl_chain_alloc(); + if (nlc == NULL) + memory_allocation_error(); + + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, cmd->handle.family); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, cmd->handle.table.name); + nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE, chain->handle.handle.id); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, name); + + netlink_dump_chain(nlc, ctx); + + nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), + NFT_MSG_NEWCHAIN, + cmd->handle.family, + 0, ctx->seqnum); + nftnl_chain_nlmsg_build_payload(nlh, nlc); + nftnl_chain_free(nlc); + + mnl_nft_batch_continue(ctx->batch); + + return 0; +} + +int mnl_nft_chain_del(struct netlink_ctx *ctx, const struct cmd *cmd) +{ + struct nftnl_chain *nlc; + struct nlmsghdr *nlh; + + nlc = nftnl_chain_alloc(); + if (nlc == NULL) + memory_allocation_error(); + + nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, cmd->handle.family); + nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, cmd->handle.table.name); + if (cmd->handle.chain.name) + nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, + cmd->handle.chain.name); + else if (cmd->handle.handle.id) + nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE, + cmd->handle.handle.id); + + nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), NFT_MSG_DELCHAIN, - nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY), - NLM_F_ACK, seqnum); + cmd->handle.family, + NLM_F_ACK, ctx->seqnum); nftnl_chain_nlmsg_build_payload(nlh, nlc); - mnl_nft_batch_continue(batch); + nftnl_chain_free(nlc); + + mnl_nft_batch_continue(ctx->batch); return 0; } diff --git a/src/netlink.c b/src/netlink.c index f84c050102f5..d7b8da6bb3f0 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -111,24 +111,6 @@ void __noreturn __netlink_init_error(const char *filename, int line, exit(NFT_EXIT_NONL); } -struct nftnl_chain *alloc_nftnl_chain(const struct handle *h) -{ - struct nftnl_chain *nlc; - - nlc = nftnl_chain_alloc(); - if (nlc == NULL) - memory_allocation_error(); - - nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, h->family); - nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, h->table.name); - if (h->handle.id) - nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE, h->handle.id); - if (h->chain.name != NULL) - nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, h->chain.name); - - return nlc; -} - struct nftnl_rule *alloc_nftnl_rule(const struct handle *h) { struct nftnl_rule *nlr; @@ -570,67 +552,6 @@ void netlink_dump_chain(const struct nftnl_chain *nlc, struct netlink_ctx *ctx) fprintf(fp, "\n"); } -int netlink_add_chain_batch(struct netlink_ctx *ctx, const struct cmd *cmd, - uint32_t flags) -{ - struct chain *chain = cmd->chain; - struct nftnl_chain *nlc; - int err; - - nlc = alloc_nftnl_chain(&cmd->handle); - if (chain != NULL) { - if (chain->flags & CHAIN_F_BASECHAIN) { - nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM, - chain->hooknum); - nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO, - chain->priority.num); - nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE, - chain->type); - } - if (chain->policy != -1) - nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY, - chain->policy); - if (chain->dev != NULL) - nftnl_chain_set_str(nlc, NFTNL_CHAIN_DEV, - chain->dev); - } - - netlink_dump_chain(nlc, ctx); - err = mnl_nft_chain_batch_add(nlc, ctx->batch, flags, ctx->seqnum); - nftnl_chain_free(nlc); - - return err; -} - -int netlink_rename_chain_batch(struct netlink_ctx *ctx, const struct handle *h, - const struct cmd *cmd) -{ - const char *name = cmd->arg; - struct nftnl_chain *nlc; - int err; - - nlc = alloc_nftnl_chain(h); - nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, name); - netlink_dump_chain(nlc, ctx); - err = mnl_nft_chain_batch_add(nlc, ctx->batch, 0, ctx->seqnum); - nftnl_chain_free(nlc); - - return err; -} - -int netlink_delete_chain_batch(struct netlink_ctx *ctx, const struct cmd *cmd) -{ - struct nftnl_chain *nlc; - int err; - - nlc = alloc_nftnl_chain(&cmd->handle); - netlink_dump_chain(nlc, ctx); - err = mnl_nft_chain_batch_del(nlc, ctx->batch, 0, ctx->seqnum); - nftnl_chain_free(nlc); - - return err; -} - struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx, const struct nftnl_chain *nlc) { diff --git a/src/rule.c b/src/rule.c index 81d5c3e9f41f..b00a17d65200 100644 --- a/src/rule.c +++ b/src/rule.c @@ -1412,7 +1412,7 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl) case CMD_OBJ_TABLE: return mnl_nft_table_add(ctx, cmd, flags); case CMD_OBJ_CHAIN: - return netlink_add_chain_batch(ctx, cmd, flags); + return mnl_nft_chain_add(ctx, cmd, flags); case CMD_OBJ_RULE: return netlink_add_rule_batch(ctx, cmd, flags | NLM_F_APPEND); case CMD_OBJ_SET: @@ -1495,7 +1495,7 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd) case CMD_OBJ_TABLE: return mnl_nft_table_del(ctx, cmd); case CMD_OBJ_CHAIN: - return netlink_delete_chain_batch(ctx, cmd); + return mnl_nft_chain_del(ctx, cmd); case CMD_OBJ_RULE: return netlink_del_rule_batch(ctx, cmd); case CMD_OBJ_SET: @@ -2278,13 +2278,13 @@ static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd) static int do_command_rename(struct netlink_ctx *ctx, struct cmd *cmd) { struct table *table = table_lookup(&cmd->handle, ctx->cache); - struct chain *chain; + const struct chain *chain; switch (cmd->obj) { case CMD_OBJ_CHAIN: chain = chain_lookup(table, &cmd->handle); - return netlink_rename_chain_batch(ctx, &chain->handle, cmd); + return mnl_nft_chain_rename(ctx, cmd, chain); default: BUG("invalid command object type %u\n", cmd->obj); } -- 2.11.0