We can remove alloc_nftnl_rule() and consolidate infrastructure in the
src/mnl.c file.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
include/mnl.h | 11 ++++---
include/netlink.h | 9 ------
src/mnl.c | 90 ++++++++++++++++++++++++++++++++++++++++++++-----------
src/netlink.c | 76 ++--------------------------------------------
src/rule.c | 8 ++---
5 files changed, 84 insertions(+), 110 deletions(-)
diff --git a/include/mnl.h b/include/mnl.h
index 96bf4b035d1d..c5fcb4cdc2ef 100644
--- a/include/mnl.h
+++ b/include/mnl.h
@@ -26,12 +26,11 @@ void mnl_batch_reset(struct nftnl_batch *batch);
uint32_t mnl_batch_begin(struct nftnl_batch *batch, uint32_t seqnum);
void mnl_batch_end(struct nftnl_batch *batch, uint32_t seqnum);
int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list);
-int mnl_nft_rule_batch_add(struct nftnl_rule *nlr, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum);
-int mnl_nft_rule_batch_del(struct nftnl_rule *nlr, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum);
-int mnl_nft_rule_batch_replace(struct nftnl_rule *nlr, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum);
+
+int mnl_nft_rule_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+ unsigned int flags);
+int mnl_nft_rule_del(struct netlink_ctx *ctx, const struct cmd *cmd);
+int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd);
struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx,
int family);
diff --git a/include/netlink.h b/include/netlink.h
index 4de4a09d5710..36a89b9bb05e 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -57,7 +57,6 @@ struct netlink_ctx {
struct nft_cache *cache;
};
-extern struct nftnl_rule *alloc_nftnl_rule(const struct handle *h);
extern struct nftnl_expr *alloc_nft_expr(const char *name);
extern struct nftnl_set *alloc_nftnl_set(const struct handle *h);
@@ -108,14 +107,6 @@ extern void netlink_linearize_rule(struct netlink_ctx *ctx,
extern struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
struct nftnl_rule *r);
-extern int netlink_add_rule_batch(struct netlink_ctx *ctx,
- const struct cmd *cmd,
- uint32_t flags);
-extern int netlink_del_rule_batch(struct netlink_ctx *ctx,
- const struct cmd *cmd);
-extern int netlink_replace_rule_batch(struct netlink_ctx *ctx,
- const struct cmd *cmd);
-
extern int netlink_list_chains(struct netlink_ctx *ctx, const struct handle *h);
extern int netlink_flush_chain(struct netlink_ctx *ctx, const struct cmd *cmd);
extern struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
diff --git a/src/mnl.c b/src/mnl.c
index 337e0658e123..07316395db66 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -287,47 +287,103 @@ int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list)
return err;
}
-int mnl_nft_rule_batch_add(struct nftnl_rule *nlr, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_rule_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+ unsigned int flags)
{
+ struct rule *rule = cmd->rule;
+ struct handle *h = &rule->handle;
+ struct nftnl_rule *nlr;
struct nlmsghdr *nlh;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+ nlr = nftnl_rule_alloc();
+ if (!nlr)
+ memory_allocation_error();
+
+ nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family);
+ nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table.name);
+ nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name);
+ if (h->position.id)
+ nftnl_rule_set_u64(nlr, NFTNL_RULE_POSITION, h->position.id);
+
+ netlink_linearize_rule(ctx, nlr, rule);
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
NFT_MSG_NEWRULE,
- nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY),
- NLM_F_CREATE | flags, seqnum);
+ cmd->handle.family,
+ NLM_F_CREATE | flags, ctx->seqnum);
nftnl_rule_nlmsg_build_payload(nlh, nlr);
- mnl_nft_batch_continue(batch);
+ nftnl_rule_free(nlr);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
-int mnl_nft_rule_batch_replace(struct nftnl_rule *nlr, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd)
{
+ struct rule *rule = cmd->rule;
+ struct handle *h = &rule->handle;
+ unsigned int flags = 0;
+ struct nftnl_rule *nlr;
struct nlmsghdr *nlh;
+ int err;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+ if (ctx->octx->echo) {
+ err = cache_update(ctx->nf_sock, ctx->cache,
+ CMD_INVALID, ctx->msgs,
+ ctx->debug_mask, ctx->octx);
+ if (err < 0)
+ return err;
+
+ flags |= NLM_F_ECHO;
+ }
+
+ nlr = nftnl_rule_alloc();
+ if (!nlr)
+ memory_allocation_error();
+
+ nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family);
+ nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table.name);
+ nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name);
+ nftnl_rule_set_u64(nlr, NFTNL_RULE_HANDLE, h->handle.id);
+
+ netlink_linearize_rule(ctx, nlr, rule);
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
NFT_MSG_NEWRULE,
- nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY),
- NLM_F_REPLACE | flags, seqnum);
+ cmd->handle.family,
+ NLM_F_REPLACE | flags, ctx->seqnum);
nftnl_rule_nlmsg_build_payload(nlh, nlr);
- mnl_nft_batch_continue(batch);
+ nftnl_rule_free(nlr);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
-int mnl_nft_rule_batch_del(struct nftnl_rule *nlr, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_rule_del(struct netlink_ctx *ctx, const struct cmd *cmd)
{
+ const struct handle *h = &cmd->handle;
+ struct nftnl_rule *nlr;
struct nlmsghdr *nlh;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+ nlr = nftnl_rule_alloc();
+ if (!nlr)
+ memory_allocation_error();
+
+ nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family);
+ nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table.name);
+ if (h->chain.name)
+ nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name);
+ if (h->handle.id)
+ nftnl_rule_set_u64(nlr, NFTNL_RULE_HANDLE, h->handle.id);
+
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
NFT_MSG_DELRULE,
nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY),
- 0, seqnum);
+ 0, ctx->seqnum);
nftnl_rule_nlmsg_build_payload(nlh, nlr);
- mnl_nft_batch_continue(batch);
+ nftnl_rule_free(nlr);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
diff --git a/src/netlink.c b/src/netlink.c
index d7b8da6bb3f0..5e205aa19e6e 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -111,26 +111,6 @@ void __noreturn __netlink_init_error(const char *filename, int line,
exit(NFT_EXIT_NONL);
}
-struct nftnl_rule *alloc_nftnl_rule(const struct handle *h)
-{
- struct nftnl_rule *nlr;
-
- nlr = nftnl_rule_alloc();
- if (nlr == NULL)
- memory_allocation_error();
-
- nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family);
- nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table.name);
- if (h->chain.name != NULL)
- nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name);
- if (h->handle.id)
- nftnl_rule_set_u64(nlr, NFTNL_RULE_HANDLE, h->handle.id);
- if (h->position.id)
- nftnl_rule_set_u64(nlr, NFTNL_RULE_POSITION, h->position.id);
-
- return nlr;
-}
-
struct nftnl_expr *alloc_nft_expr(const char *name)
{
struct nftnl_expr *nle;
@@ -421,58 +401,6 @@ struct expr *netlink_alloc_data(const struct location *loc,
}
}
-int netlink_add_rule_batch(struct netlink_ctx *ctx, const struct cmd *cmd,
- uint32_t flags)
-{
- struct rule *rule = cmd->rule;
- struct nftnl_rule *nlr;
- int err;
-
- nlr = alloc_nftnl_rule(&rule->handle);
- netlink_linearize_rule(ctx, nlr, rule);
- err = mnl_nft_rule_batch_add(nlr, ctx->batch, flags | NLM_F_EXCL,
- ctx->seqnum);
- nftnl_rule_free(nlr);
-
- return err;
-}
-
-int netlink_replace_rule_batch(struct netlink_ctx *ctx, const struct cmd *cmd)
-{
- struct rule *rule = cmd->rule;
- struct nftnl_rule *nlr;
- int err, flags = 0;
-
- if (ctx->octx->echo) {
- err = cache_update(ctx->nf_sock, ctx->cache,
- CMD_INVALID, ctx->msgs,
- ctx->debug_mask, ctx->octx);
- if (err < 0)
- return err;
-
- flags |= NLM_F_ECHO;
- }
-
- nlr = alloc_nftnl_rule(&rule->handle);
- netlink_linearize_rule(ctx, nlr, rule);
- err = mnl_nft_rule_batch_replace(nlr, ctx->batch, flags, ctx->seqnum);
- nftnl_rule_free(nlr);
-
- return err;
-}
-
-int netlink_del_rule_batch(struct netlink_ctx *ctx, const struct cmd *cmd)
-{
- struct nftnl_rule *nlr;
- int err;
-
- nlr = alloc_nftnl_rule(&cmd->handle);
- err = mnl_nft_rule_batch_del(nlr, ctx->batch, 0, ctx->seqnum);
- nftnl_rule_free(nlr);
-
- return err;
-}
-
void netlink_dump_rule(const struct nftnl_rule *nlr, struct netlink_ctx *ctx)
{
FILE *fp = ctx->octx->output_fp;
@@ -538,7 +466,7 @@ static int netlink_list_rules(struct netlink_ctx *ctx, const struct handle *h)
static int netlink_flush_rules(struct netlink_ctx *ctx, const struct cmd *cmd)
{
- return netlink_del_rule_batch(ctx, cmd);
+ return mnl_nft_rule_del(ctx, cmd);
}
void netlink_dump_chain(const struct nftnl_chain *nlc, struct netlink_ctx *ctx)
@@ -634,7 +562,7 @@ int netlink_list_chains(struct netlink_ctx *ctx, const struct handle *h)
int netlink_flush_chain(struct netlink_ctx *ctx, const struct cmd *cmd)
{
- return netlink_del_rule_batch(ctx, cmd);
+ return mnl_nft_rule_del(ctx, cmd);
}
struct table *netlink_delinearize_table(struct netlink_ctx *ctx,
diff --git a/src/rule.c b/src/rule.c
index b00a17d65200..b5014788961b 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1414,7 +1414,7 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl)
case CMD_OBJ_CHAIN:
return mnl_nft_chain_add(ctx, cmd, flags);
case CMD_OBJ_RULE:
- return netlink_add_rule_batch(ctx, cmd, flags | NLM_F_APPEND);
+ return mnl_nft_rule_add(ctx, cmd, flags | NLM_F_APPEND);
case CMD_OBJ_SET:
return do_add_set(ctx, cmd, flags);
case CMD_OBJ_SETELEM:
@@ -1437,7 +1437,7 @@ static int do_command_replace(struct netlink_ctx *ctx, struct cmd *cmd)
{
switch (cmd->obj) {
case CMD_OBJ_RULE:
- return netlink_replace_rule_batch(ctx, cmd);
+ return mnl_nft_rule_replace(ctx, cmd);
default:
BUG("invalid command object type %u\n", cmd->obj);
}
@@ -1461,7 +1461,7 @@ static int do_command_insert(struct netlink_ctx *ctx, struct cmd *cmd)
switch (cmd->obj) {
case CMD_OBJ_RULE:
- return netlink_add_rule_batch(ctx, cmd, flags);
+ return mnl_nft_rule_add(ctx, cmd, flags);
default:
BUG("invalid command object type %u\n", cmd->obj);
}
@@ -1497,7 +1497,7 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
case CMD_OBJ_CHAIN:
return mnl_nft_chain_del(ctx, cmd);
case CMD_OBJ_RULE:
- return netlink_del_rule_batch(ctx, cmd);
+ return mnl_nft_rule_del(ctx, cmd);
case CMD_OBJ_SET:
return netlink_delete_set_batch(ctx, cmd);
case CMD_OBJ_SETELEM:
--
2.11.0
