[PATCH nft 4/4] mnl: remove alloc_nftnl_chain()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The netlink layer sits in between the mnl and the rule layers, remove
it. We can remove alloc_nftnl_chain() and consolidate infrastructure in
the src/mnl.c file.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 include/mnl.h     | 10 +++---
 include/netlink.h |  8 -----
 src/mnl.c         | 98 ++++++++++++++++++++++++++++++++++++++++++++++++-------
 src/netlink.c     | 79 --------------------------------------------
 src/rule.c        |  8 ++---
 5 files changed, 96 insertions(+), 107 deletions(-)

diff --git a/include/mnl.h b/include/mnl.h
index 44dd90f91814..96bf4b035d1d 100644
--- a/include/mnl.h
+++ b/include/mnl.h
@@ -36,10 +36,12 @@ int mnl_nft_rule_batch_replace(struct nftnl_rule *nlr, struct nftnl_batch *batch
 struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx,
 					  int family);
 
-int mnl_nft_chain_batch_add(struct nftnl_chain *nlc, struct nftnl_batch *batch,
-			    unsigned int flags, uint32_t seqnum);
-int mnl_nft_chain_batch_del(struct nftnl_chain *nlc, struct nftnl_batch *batch,
-			    unsigned int flags, uint32_t seqnum);
+int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+		      unsigned int flags);
+int mnl_nft_chain_del(struct netlink_ctx *ctx, const struct cmd *cmd);
+int mnl_nft_chain_rename(struct netlink_ctx *ctx, const struct cmd *cmd,
+			 const struct chain *chain);
+
 struct nftnl_chain_list *mnl_nft_chain_dump(struct netlink_ctx *ctx,
 					    int family);
 
diff --git a/include/netlink.h b/include/netlink.h
index 42c3eb902a1e..4de4a09d5710 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -57,7 +57,6 @@ struct netlink_ctx {
 	struct nft_cache	*cache;
 };
 
-extern struct nftnl_chain *alloc_nftnl_chain(const struct handle *h);
 extern struct nftnl_rule *alloc_nftnl_rule(const struct handle *h);
 extern struct nftnl_expr *alloc_nft_expr(const char *name);
 extern struct nftnl_set *alloc_nftnl_set(const struct handle *h);
@@ -117,13 +116,6 @@ extern int netlink_del_rule_batch(struct netlink_ctx *ctx,
 extern int netlink_replace_rule_batch(struct netlink_ctx *ctx,
 				      const struct cmd *cmd);
 
-extern int netlink_add_chain_batch(struct netlink_ctx *ctx,
-				   const struct cmd *cmd, uint32_t flags);
-extern int netlink_rename_chain_batch(struct netlink_ctx *ctx,
-				      const struct handle *h,
-				      const struct cmd *cmd);
-extern int netlink_delete_chain_batch(struct netlink_ctx *ctx,
-				      const struct cmd *cmd);
 extern int netlink_list_chains(struct netlink_ctx *ctx, const struct handle *h);
 extern int netlink_flush_chain(struct netlink_ctx *ctx, const struct cmd *cmd);
 extern struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
diff --git a/src/mnl.c b/src/mnl.c
index 8cc4f168829c..337e0658e123 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -387,32 +387,106 @@ err:
 /*
  * Chain
  */
-int mnl_nft_chain_batch_add(struct nftnl_chain *nlc, struct nftnl_batch *batch,
-			    unsigned int flags, uint32_t seqnum)
+int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+		      unsigned int flags)
 {
+	struct nftnl_chain *nlc;
 	struct nlmsghdr *nlh;
 
-	nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+	nlc = nftnl_chain_alloc();
+	if (nlc == NULL)
+		memory_allocation_error();
+
+	nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, cmd->handle.family);
+	nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, cmd->handle.table.name);
+	nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, cmd->handle.chain.name);
+
+	if (cmd->chain) {
+		if (cmd->chain->flags & CHAIN_F_BASECHAIN) {
+			nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM,
+					    cmd->chain->hooknum);
+			nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO,
+					    cmd->chain->priority.num);
+			nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE,
+					    cmd->chain->type);
+		}
+		if (cmd->chain->policy != -1)
+			nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY,
+					    cmd->chain->policy);
+		if (cmd->chain->dev != NULL)
+			nftnl_chain_set_str(nlc, NFTNL_CHAIN_DEV,
+					    cmd->chain->dev);
+	}
+	netlink_dump_chain(nlc, ctx);
+
+	nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
 				    NFT_MSG_NEWCHAIN,
-				    nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY),
-				    NLM_F_CREATE | flags, seqnum);
+				    cmd->handle.family,
+				    NLM_F_CREATE | flags, ctx->seqnum);
 	nftnl_chain_nlmsg_build_payload(nlh, nlc);
-	mnl_nft_batch_continue(batch);
+	nftnl_chain_free(nlc);
+
+	mnl_nft_batch_continue(ctx->batch);
 
 	return 0;
 }
 
-int mnl_nft_chain_batch_del(struct nftnl_chain *nlc, struct nftnl_batch *batch,
-			    unsigned int flags, uint32_t seqnum)
+int mnl_nft_chain_rename(struct netlink_ctx *ctx, const struct cmd *cmd,
+			 const struct chain *chain)
 {
+	const char *name = cmd->arg;
+	struct nftnl_chain *nlc;
 	struct nlmsghdr *nlh;
 
-	nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+	nlc = nftnl_chain_alloc();
+	if (nlc == NULL)
+		memory_allocation_error();
+
+	nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, cmd->handle.family);
+	nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, cmd->handle.table.name);
+	nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE, chain->handle.handle.id);
+	nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, name);
+
+	netlink_dump_chain(nlc, ctx);
+
+	nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
+				    NFT_MSG_NEWCHAIN,
+				    cmd->handle.family,
+				    0, ctx->seqnum);
+	nftnl_chain_nlmsg_build_payload(nlh, nlc);
+	nftnl_chain_free(nlc);
+
+	mnl_nft_batch_continue(ctx->batch);
+
+	return 0;
+}
+
+int mnl_nft_chain_del(struct netlink_ctx *ctx, const struct cmd *cmd)
+{
+	struct nftnl_chain *nlc;
+	struct nlmsghdr *nlh;
+
+	nlc = nftnl_chain_alloc();
+	if (nlc == NULL)
+		memory_allocation_error();
+
+	nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, cmd->handle.family);
+	nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, cmd->handle.table.name);
+	if (cmd->handle.chain.name)
+		nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME,
+				    cmd->handle.chain.name);
+	else if (cmd->handle.handle.id)
+		nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE,
+				    cmd->handle.handle.id);
+
+	nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
 				    NFT_MSG_DELCHAIN,
-				    nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY),
-				    NLM_F_ACK, seqnum);
+				    cmd->handle.family,
+				    NLM_F_ACK, ctx->seqnum);
 	nftnl_chain_nlmsg_build_payload(nlh, nlc);
-	mnl_nft_batch_continue(batch);
+	nftnl_chain_free(nlc);
+
+	mnl_nft_batch_continue(ctx->batch);
 
 	return 0;
 }
diff --git a/src/netlink.c b/src/netlink.c
index f84c050102f5..d7b8da6bb3f0 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -111,24 +111,6 @@ void __noreturn __netlink_init_error(const char *filename, int line,
 	exit(NFT_EXIT_NONL);
 }
 
-struct nftnl_chain *alloc_nftnl_chain(const struct handle *h)
-{
-	struct nftnl_chain *nlc;
-
-	nlc = nftnl_chain_alloc();
-	if (nlc == NULL)
-		memory_allocation_error();
-
-	nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, h->family);
-	nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, h->table.name);
-	if (h->handle.id)
-		nftnl_chain_set_u64(nlc, NFTNL_CHAIN_HANDLE, h->handle.id);
-	if (h->chain.name != NULL)
-		nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, h->chain.name);
-
-	return nlc;
-}
-
 struct nftnl_rule *alloc_nftnl_rule(const struct handle *h)
 {
 	struct nftnl_rule *nlr;
@@ -570,67 +552,6 @@ void netlink_dump_chain(const struct nftnl_chain *nlc, struct netlink_ctx *ctx)
 	fprintf(fp, "\n");
 }
 
-int netlink_add_chain_batch(struct netlink_ctx *ctx, const struct cmd *cmd,
-			    uint32_t flags)
-{
-	struct chain *chain = cmd->chain;
-	struct nftnl_chain *nlc;
-	int err;
-
-	nlc = alloc_nftnl_chain(&cmd->handle);
-	if (chain != NULL) {
-		if (chain->flags & CHAIN_F_BASECHAIN) {
-			nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM,
-					    chain->hooknum);
-			nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO,
-					    chain->priority.num);
-			nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE,
-					    chain->type);
-		}
-		if (chain->policy != -1)
-			nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY,
-					    chain->policy);
-		if (chain->dev != NULL)
-			nftnl_chain_set_str(nlc, NFTNL_CHAIN_DEV,
-					    chain->dev);
-	}
-
-	netlink_dump_chain(nlc, ctx);
-	err = mnl_nft_chain_batch_add(nlc, ctx->batch, flags, ctx->seqnum);
-	nftnl_chain_free(nlc);
-
-	return err;
-}
-
-int netlink_rename_chain_batch(struct netlink_ctx *ctx, const struct handle *h,
-			       const struct cmd *cmd)
-{
-	const char *name = cmd->arg;
-	struct nftnl_chain *nlc;
-	int err;
-
-	nlc = alloc_nftnl_chain(h);
-	nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, name);
-	netlink_dump_chain(nlc, ctx);
-	err = mnl_nft_chain_batch_add(nlc, ctx->batch, 0, ctx->seqnum);
-	nftnl_chain_free(nlc);
-
-	return err;
-}
-
-int netlink_delete_chain_batch(struct netlink_ctx *ctx, const struct cmd *cmd)
-{
-	struct nftnl_chain *nlc;
-	int err;
-
-	nlc = alloc_nftnl_chain(&cmd->handle);
-	netlink_dump_chain(nlc, ctx);
-	err = mnl_nft_chain_batch_del(nlc, ctx->batch, 0, ctx->seqnum);
-	nftnl_chain_free(nlc);
-
-	return err;
-}
-
 struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
 					const struct nftnl_chain *nlc)
 {
diff --git a/src/rule.c b/src/rule.c
index 81d5c3e9f41f..b00a17d65200 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1412,7 +1412,7 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl)
 	case CMD_OBJ_TABLE:
 		return mnl_nft_table_add(ctx, cmd, flags);
 	case CMD_OBJ_CHAIN:
-		return netlink_add_chain_batch(ctx, cmd, flags);
+		return mnl_nft_chain_add(ctx, cmd, flags);
 	case CMD_OBJ_RULE:
 		return netlink_add_rule_batch(ctx, cmd, flags | NLM_F_APPEND);
 	case CMD_OBJ_SET:
@@ -1495,7 +1495,7 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
 	case CMD_OBJ_TABLE:
 		return mnl_nft_table_del(ctx, cmd);
 	case CMD_OBJ_CHAIN:
-		return netlink_delete_chain_batch(ctx, cmd);
+		return mnl_nft_chain_del(ctx, cmd);
 	case CMD_OBJ_RULE:
 		return netlink_del_rule_batch(ctx, cmd);
 	case CMD_OBJ_SET:
@@ -2278,13 +2278,13 @@ static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd)
 static int do_command_rename(struct netlink_ctx *ctx, struct cmd *cmd)
 {
 	struct table *table = table_lookup(&cmd->handle, ctx->cache);
-	struct chain *chain;
+	const struct chain *chain;
 
 	switch (cmd->obj) {
 	case CMD_OBJ_CHAIN:
 		chain = chain_lookup(table, &cmd->handle);
 
-		return netlink_rename_chain_batch(ctx, &chain->handle, cmd);
+		return mnl_nft_chain_rename(ctx, cmd, chain);
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
-- 
2.11.0




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux