1140 lines
39 KiB
Diff
1140 lines
39 KiB
Diff
From da71df5d7e2602279cfe713be01bd402c699cd4e Mon Sep 17 00:00:00 2001
|
|
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Date: Mon, 22 Oct 2018 21:18:19 +0200
|
|
Subject: [PATCH] src: pass struct nft_ctx through struct netlink_ctx
|
|
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
(cherry picked from commit 2dc07bcd7eaa56369dff01b596acf010308007d3)
|
|
|
|
Conflicts:
|
|
src/evaluate.c
|
|
src/mnl.c
|
|
src/nfnl_osf.c
|
|
src/rule.c
|
|
-> Missing osf support
|
|
-> Missing cleanups
|
|
|
|
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
---
|
|
include/netlink.h | 9 +--
|
|
include/rule.h | 10 ++-
|
|
src/evaluate.c | 51 +++++----------
|
|
src/libnftables.c | 8 +--
|
|
src/mnl.c | 22 +++----
|
|
src/monitor.c | 52 ++++++++--------
|
|
src/netlink.c | 47 +++++++-------
|
|
src/netlink_delinearize.c | 4 +-
|
|
src/rule.c | 128 ++++++++++++++++++--------------------
|
|
9 files changed, 147 insertions(+), 184 deletions(-)
|
|
|
|
diff --git a/include/netlink.h b/include/netlink.h
|
|
index d153e2be03ac5..31465ff16822e 100644
|
|
--- a/include/netlink.h
|
|
+++ b/include/netlink.h
|
|
@@ -35,26 +35,21 @@ extern const struct location netlink_location;
|
|
/**
|
|
* struct netlink_ctx
|
|
*
|
|
+ * @nft: nftables context
|
|
* @msgs: message queue
|
|
* @list: list of parsed rules/chains/tables
|
|
* @set: current set
|
|
* @data: pointer to pass data to callback
|
|
* @seqnum: sequence number
|
|
- * @octx: output context
|
|
- * @debug_mask: display debugging information
|
|
- * @cache: cache context
|
|
*/
|
|
struct netlink_ctx {
|
|
- struct mnl_socket *nf_sock;
|
|
+ struct nft_ctx *nft;
|
|
struct list_head *msgs;
|
|
struct list_head list;
|
|
struct set *set;
|
|
const void *data;
|
|
uint32_t seqnum;
|
|
struct nftnl_batch *batch;
|
|
- unsigned int debug_mask;
|
|
- struct output_ctx *octx;
|
|
- struct nft_cache *cache;
|
|
};
|
|
|
|
extern struct nftnl_table *alloc_nftnl_table(const struct handle *h);
|
|
diff --git a/include/rule.h b/include/rule.h
|
|
index b1d15c8725813..12c2984a14362 100644
|
|
--- a/include/rule.h
|
|
+++ b/include/rule.h
|
|
@@ -574,12 +574,10 @@ extern struct error_record *rule_postprocess(struct rule *rule);
|
|
struct netlink_ctx;
|
|
extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
|
|
|
|
-extern int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache,
|
|
- enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_flag,
|
|
- struct output_ctx *octx);
|
|
-extern void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache,
|
|
- enum cmd_ops cmd, struct list_head *msgs,
|
|
- unsigned int debug_mask, struct output_ctx *octx);
|
|
+extern int cache_update(struct nft_ctx *ctx, enum cmd_ops cmd,
|
|
+ struct list_head *msgs);
|
|
+extern void cache_flush(struct nft_ctx *ctx, enum cmd_ops cmd,
|
|
+ struct list_head *msgs);
|
|
extern void cache_release(struct nft_cache *cache);
|
|
|
|
enum udata_type {
|
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
|
index 5e9c6328fc692..809920748c0a9 100644
|
|
--- a/src/evaluate.c
|
|
+++ b/src/evaluate.c
|
|
@@ -184,8 +184,7 @@ static int expr_evaluate_symbol(struct eval_ctx *ctx, struct expr **expr)
|
|
}
|
|
break;
|
|
case SYMBOL_SET:
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, ctx->cmd->op,
|
|
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, ctx->cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -2895,8 +2894,7 @@ static int rule_translate_index(struct eval_ctx *ctx, struct rule *rule)
|
|
int ret;
|
|
|
|
/* update cache with CMD_LIST so that rules are fetched, too */
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, CMD_LIST,
|
|
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, CMD_LIST, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -3088,15 +3086,13 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd)
|
|
|
|
switch (cmd->obj) {
|
|
case CMD_OBJ_SETELEM:
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op,
|
|
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
return setelem_evaluate(ctx, &cmd->expr);
|
|
case CMD_OBJ_SET:
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op,
|
|
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -3106,8 +3102,7 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd)
|
|
handle_merge(&cmd->rule->handle, &cmd->handle);
|
|
return rule_evaluate(ctx, cmd->rule);
|
|
case CMD_OBJ_CHAIN:
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op,
|
|
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -3115,8 +3110,7 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd)
|
|
case CMD_OBJ_TABLE:
|
|
return table_evaluate(ctx, cmd->table);
|
|
case CMD_OBJ_FLOWTABLE:
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op,
|
|
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -3138,8 +3132,7 @@ static int cmd_evaluate_delete(struct eval_ctx *ctx, struct cmd *cmd)
|
|
|
|
switch (cmd->obj) {
|
|
case CMD_OBJ_SETELEM:
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op,
|
|
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -3165,8 +3158,7 @@ static int cmd_evaluate_get(struct eval_ctx *ctx, struct cmd *cmd)
|
|
struct set *set;
|
|
int ret;
|
|
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
|
|
- ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -3215,8 +3207,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
|
|
struct set *set;
|
|
int ret;
|
|
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
|
|
- ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -3313,8 +3304,7 @@ static int cmd_evaluate_reset(struct eval_ctx *ctx, struct cmd *cmd)
|
|
{
|
|
int ret;
|
|
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
|
|
- ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -3343,8 +3333,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
|
|
|
|
switch (cmd->obj) {
|
|
case CMD_OBJ_RULESET:
|
|
- cache_flush(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
|
|
- ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ cache_flush(ctx->nft, cmd->op, ctx->msgs);
|
|
break;
|
|
case CMD_OBJ_TABLE:
|
|
/* Flushing a table does not empty the sets in the table nor remove
|
|
@@ -3354,8 +3343,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
|
|
/* Chains don't hold sets */
|
|
break;
|
|
case CMD_OBJ_SET:
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
|
|
- ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -3371,8 +3359,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
|
|
strerror(ENOENT));
|
|
return 0;
|
|
case CMD_OBJ_MAP:
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
|
|
- ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -3388,8 +3375,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
|
|
strerror(ENOENT));
|
|
return 0;
|
|
case CMD_OBJ_METER:
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
|
|
- ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -3417,8 +3403,7 @@ static int cmd_evaluate_rename(struct eval_ctx *ctx, struct cmd *cmd)
|
|
|
|
switch (cmd->obj) {
|
|
case CMD_OBJ_CHAIN:
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op,
|
|
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -3517,8 +3502,7 @@ static int cmd_evaluate_monitor(struct eval_ctx *ctx, struct cmd *cmd)
|
|
uint32_t event;
|
|
int ret;
|
|
|
|
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
|
|
- ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -3543,8 +3527,7 @@ static int cmd_evaluate_export(struct eval_ctx *ctx, struct cmd *cmd)
|
|
return cmd_error(ctx, &cmd->location,
|
|
"this output type is not supported");
|
|
|
|
- return cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
|
|
- ctx->nft->debug_mask, &ctx->nft->output);
|
|
+ return cache_update(ctx->nft, cmd->op, ctx->msgs);
|
|
}
|
|
|
|
static int cmd_evaluate_import(struct eval_ctx *ctx, struct cmd *cmd)
|
|
diff --git a/src/libnftables.c b/src/libnftables.c
|
|
index 91af169ca7190..848c9cba65657 100644
|
|
--- a/src/libnftables.c
|
|
+++ b/src/libnftables.c
|
|
@@ -40,10 +40,7 @@ static int nft_netlink(struct nft_ctx *nft,
|
|
ctx.msgs = msgs;
|
|
ctx.seqnum = cmd->seqnum = mnl_seqnum_alloc(&seqnum);
|
|
ctx.batch = batch;
|
|
- ctx.octx = &nft->output;
|
|
- ctx.nf_sock = nf_sock;
|
|
- ctx.cache = &nft->cache;
|
|
- ctx.debug_mask = nft->debug_mask;
|
|
+ ctx.nft = nft;
|
|
init_list_head(&ctx.list);
|
|
ret = do_command(&ctx, cmd);
|
|
if (ret < 0) {
|
|
@@ -480,8 +477,7 @@ int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename)
|
|
LIST_HEAD(cmds);
|
|
int rc;
|
|
|
|
- rc = cache_update(nft->nf_sock, &nft->cache, CMD_INVALID, &msgs,
|
|
- nft->debug_mask, &nft->output);
|
|
+ rc = cache_update(nft, CMD_INVALID, &msgs);
|
|
if (rc < 0)
|
|
return -1;
|
|
|
|
diff --git a/src/mnl.c b/src/mnl.c
|
|
index 42eacab74e4e0..fd89ee7f28aaf 100644
|
|
--- a/src/mnl.c
|
|
+++ b/src/mnl.c
|
|
@@ -51,13 +51,13 @@ nft_mnl_recv(struct netlink_ctx *ctx, uint32_t portid,
|
|
char buf[NFT_NLMSG_MAXSIZE];
|
|
int ret;
|
|
|
|
- ret = mnl_socket_recvfrom(ctx->nf_sock, buf, sizeof(buf));
|
|
+ ret = mnl_socket_recvfrom(ctx->nft->nf_sock, buf, sizeof(buf));
|
|
while (ret > 0) {
|
|
ret = mnl_cb_run(buf, ret, ctx->seqnum, portid, cb, cb_data);
|
|
if (ret <= 0)
|
|
goto out;
|
|
|
|
- ret = mnl_socket_recvfrom(ctx->nf_sock, buf, sizeof(buf));
|
|
+ ret = mnl_socket_recvfrom(ctx->nft->nf_sock, buf, sizeof(buf));
|
|
}
|
|
out:
|
|
if (ret < 0 && errno == EAGAIN)
|
|
@@ -70,13 +70,13 @@ static int
|
|
nft_mnl_talk(struct netlink_ctx *ctx, const void *data, unsigned int len,
|
|
int (*cb)(const struct nlmsghdr *nlh, void *data), void *cb_data)
|
|
{
|
|
- uint32_t portid = mnl_socket_get_portid(ctx->nf_sock);
|
|
+ uint32_t portid = mnl_socket_get_portid(ctx->nft->nf_sock);
|
|
|
|
- if (ctx->debug_mask & NFT_DEBUG_MNL)
|
|
- mnl_nlmsg_fprintf(ctx->octx->output_fp, data, len,
|
|
+ if (ctx->nft->debug_mask & NFT_DEBUG_MNL)
|
|
+ mnl_nlmsg_fprintf(ctx->nft->output.output_fp, data, len,
|
|
sizeof(struct nfgenmsg));
|
|
|
|
- if (mnl_socket_sendto(ctx->nf_sock, data, len) < 0)
|
|
+ if (mnl_socket_sendto(ctx->nft->nf_sock, data, len) < 0)
|
|
return -1;
|
|
|
|
return nft_mnl_recv(ctx, portid, cb, cb_data);
|
|
@@ -225,23 +225,23 @@ static ssize_t mnl_nft_socket_sendmsg(const struct netlink_ctx *ctx)
|
|
};
|
|
uint32_t i;
|
|
|
|
- mnl_set_sndbuffer(ctx->nf_sock, ctx->batch);
|
|
+ mnl_set_sndbuffer(ctx->nft->nf_sock, ctx->batch);
|
|
nftnl_batch_iovec(ctx->batch, iov, iov_len);
|
|
|
|
for (i = 0; i < iov_len; i++) {
|
|
- if (ctx->debug_mask & NFT_DEBUG_MNL) {
|
|
- mnl_nlmsg_fprintf(ctx->octx->output_fp,
|
|
+ if (ctx->nft->debug_mask & NFT_DEBUG_MNL) {
|
|
+ mnl_nlmsg_fprintf(ctx->nft->output.output_fp,
|
|
iov[i].iov_base, iov[i].iov_len,
|
|
sizeof(struct nfgenmsg));
|
|
}
|
|
}
|
|
|
|
- return sendmsg(mnl_socket_get_fd(ctx->nf_sock), &msg, 0);
|
|
+ return sendmsg(mnl_socket_get_fd(ctx->nft->nf_sock), &msg, 0);
|
|
}
|
|
|
|
int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list)
|
|
{
|
|
- struct mnl_socket *nl = ctx->nf_sock;
|
|
+ struct mnl_socket *nl = ctx->nft->nf_sock;
|
|
int ret, fd = mnl_socket_get_fd(nl), portid = mnl_socket_get_portid(nl);
|
|
char rcv_buf[MNL_SOCKET_BUFFER_SIZE];
|
|
fd_set readfds;
|
|
diff --git a/src/monitor.c b/src/monitor.c
|
|
index 213c40d119b4c..14ccbc5fe04ca 100644
|
|
--- a/src/monitor.c
|
|
+++ b/src/monitor.c
|
|
@@ -40,7 +40,7 @@
|
|
#include <iface.h>
|
|
#include <json.h>
|
|
|
|
-#define nft_mon_print(monh, ...) nft_print(monh->ctx->octx, __VA_ARGS__)
|
|
+#define nft_mon_print(monh, ...) nft_print(&monh->ctx->nft->output, __VA_ARGS__)
|
|
|
|
static struct nftnl_table *netlink_table_alloc(const struct nlmsghdr *nlh)
|
|
{
|
|
@@ -214,7 +214,7 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type,
|
|
|
|
nft_mon_print(monh, "%s %s", family2str(t->handle.family),
|
|
t->handle.table.name);
|
|
- if (monh->ctx->octx->handle > 0)
|
|
+ if (monh->ctx->nft->output.handle > 0)
|
|
nft_mon_print(monh, " # handle %" PRIu64 "",
|
|
t->handle.handle.id);
|
|
break;
|
|
@@ -245,7 +245,7 @@ static int netlink_events_chain_cb(const struct nlmsghdr *nlh, int type,
|
|
|
|
switch (type) {
|
|
case NFT_MSG_NEWCHAIN:
|
|
- chain_print_plain(c, monh->ctx->octx);
|
|
+ chain_print_plain(c, &monh->ctx->nft->output);
|
|
break;
|
|
case NFT_MSG_DELCHAIN:
|
|
nft_mon_print(monh, "chain %s %s %s",
|
|
@@ -292,7 +292,7 @@ static int netlink_events_set_cb(const struct nlmsghdr *nlh, int type,
|
|
|
|
switch (type) {
|
|
case NFT_MSG_NEWSET:
|
|
- set_print_plain(set, monh->ctx->octx);
|
|
+ set_print_plain(set, &monh->ctx->nft->output);
|
|
break;
|
|
case NFT_MSG_DELSET:
|
|
nft_mon_print(monh, "set %s %s %s", family,
|
|
@@ -386,7 +386,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type,
|
|
family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY);
|
|
cmd = netlink_msg2cmd(type);
|
|
|
|
- set = set_lookup_global(family, table, setname, monh->cache);
|
|
+ set = set_lookup_global(family, table, setname, &monh->ctx->nft->cache);
|
|
if (set == NULL) {
|
|
fprintf(stderr, "W: Received event for an unknown set.");
|
|
goto out;
|
|
@@ -417,7 +417,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type,
|
|
goto out;
|
|
}
|
|
if (netlink_delinearize_setelem(nlse, dummyset,
|
|
- monh->cache) < 0) {
|
|
+ &monh->ctx->nft->cache) < 0) {
|
|
set_free(dummyset);
|
|
nftnl_set_elems_iter_destroy(nlsei);
|
|
goto out;
|
|
@@ -435,7 +435,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type,
|
|
case NFTNL_OUTPUT_DEFAULT:
|
|
nft_mon_print(monh, "%s element %s %s %s ",
|
|
cmd, family2str(family), table, setname);
|
|
- expr_print(dummyset->init, monh->ctx->octx);
|
|
+ expr_print(dummyset->init, &monh->ctx->nft->output);
|
|
break;
|
|
case NFTNL_OUTPUT_JSON:
|
|
dummyset->handle.family = family;
|
|
@@ -477,7 +477,7 @@ static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type,
|
|
|
|
switch (type) {
|
|
case NFT_MSG_NEWOBJ:
|
|
- obj_print_plain(obj, monh->ctx->octx);
|
|
+ obj_print_plain(obj, &monh->ctx->nft->output);
|
|
break;
|
|
case NFT_MSG_DELOBJ:
|
|
nft_mon_print(monh, "%s %s %s %s",
|
|
@@ -513,7 +513,8 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type,
|
|
|
|
nlr = netlink_rule_alloc(nlh);
|
|
r = netlink_delinearize_rule(monh->ctx, nlr);
|
|
- nlr_for_each_set(nlr, rule_map_decompose_cb, NULL, monh->cache);
|
|
+ nlr_for_each_set(nlr, rule_map_decompose_cb, NULL,
|
|
+ &monh->ctx->nft->cache);
|
|
cmd = netlink_msg2cmd(type);
|
|
|
|
switch (monh->format) {
|
|
@@ -528,7 +529,7 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type,
|
|
|
|
switch (type) {
|
|
case NFT_MSG_NEWRULE:
|
|
- rule_print(r, monh->ctx->octx);
|
|
+ rule_print(r, &monh->ctx->nft->output);
|
|
|
|
break;
|
|
case NFT_MSG_DELRULE:
|
|
@@ -557,7 +558,7 @@ static void netlink_events_cache_addtable(struct netlink_mon_handler *monh,
|
|
t = netlink_delinearize_table(monh->ctx, nlt);
|
|
nftnl_table_free(nlt);
|
|
|
|
- table_add_hash(t, monh->cache);
|
|
+ table_add_hash(t, &monh->ctx->nft->cache);
|
|
}
|
|
|
|
static void netlink_events_cache_deltable(struct netlink_mon_handler *monh,
|
|
@@ -571,7 +572,7 @@ static void netlink_events_cache_deltable(struct netlink_mon_handler *monh,
|
|
h.family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY);
|
|
h.table.name = nftnl_table_get_str(nlt, NFTNL_TABLE_NAME);
|
|
|
|
- t = table_lookup(&h, monh->cache);
|
|
+ t = table_lookup(&h, &monh->ctx->nft->cache);
|
|
if (t == NULL)
|
|
goto out;
|
|
|
|
@@ -601,7 +602,7 @@ static void netlink_events_cache_addset(struct netlink_mon_handler *monh,
|
|
goto out;
|
|
s->init = set_expr_alloc(monh->loc, s);
|
|
|
|
- t = table_lookup(&s->handle, monh->cache);
|
|
+ t = table_lookup(&s->handle, &monh->ctx->nft->cache);
|
|
if (t == NULL) {
|
|
fprintf(stderr, "W: Unable to cache set: table not found.\n");
|
|
set_free(s);
|
|
@@ -628,7 +629,7 @@ static void netlink_events_cache_addsetelem(struct netlink_mon_handler *monh,
|
|
table = nftnl_set_get_str(nls, NFTNL_SET_TABLE);
|
|
setname = nftnl_set_get_str(nls, NFTNL_SET_NAME);
|
|
|
|
- set = set_lookup_global(family, table, setname, monh->cache);
|
|
+ set = set_lookup_global(family, table, setname, &monh->ctx->nft->cache);
|
|
if (set == NULL) {
|
|
fprintf(stderr,
|
|
"W: Unable to cache set_elem. Set not found.\n");
|
|
@@ -641,7 +642,8 @@ static void netlink_events_cache_addsetelem(struct netlink_mon_handler *monh,
|
|
|
|
nlse = nftnl_set_elems_iter_next(nlsei);
|
|
while (nlse != NULL) {
|
|
- if (netlink_delinearize_setelem(nlse, set, monh->cache) < 0) {
|
|
+ if (netlink_delinearize_setelem(nlse, set,
|
|
+ &monh->ctx->nft->cache) < 0) {
|
|
fprintf(stderr,
|
|
"W: Unable to cache set_elem. "
|
|
"Delinearize failed.\n");
|
|
@@ -668,7 +670,7 @@ static void netlink_events_cache_delsets(struct netlink_mon_handler *monh,
|
|
struct nftnl_rule *nlr = netlink_rule_alloc(nlh);
|
|
|
|
nlr_for_each_set(nlr, netlink_events_cache_delset_cb, NULL,
|
|
- monh->cache);
|
|
+ &monh->ctx->nft->cache);
|
|
nftnl_rule_free(nlr);
|
|
}
|
|
|
|
@@ -691,7 +693,7 @@ static void netlink_events_cache_addobj(struct netlink_mon_handler *monh,
|
|
if (obj == NULL)
|
|
goto out;
|
|
|
|
- t = table_lookup(&obj->handle, monh->cache);
|
|
+ t = table_lookup(&obj->handle, &monh->ctx->nft->cache);
|
|
if (t == NULL) {
|
|
fprintf(stderr, "W: Unable to cache object: table not found.\n");
|
|
obj_free(obj);
|
|
@@ -721,7 +723,7 @@ static void netlink_events_cache_delobj(struct netlink_mon_handler *monh,
|
|
type = nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE);
|
|
h.handle.id = nftnl_obj_get_u64(nlo, NFTNL_OBJ_HANDLE);
|
|
|
|
- t = table_lookup(&h, monh->cache);
|
|
+ t = table_lookup(&h, &monh->ctx->nft->cache);
|
|
if (t == NULL) {
|
|
fprintf(stderr, "W: Unable to cache object: table not found.\n");
|
|
goto out;
|
|
@@ -835,7 +837,7 @@ static int netlink_events_newgen_cb(const struct nlmsghdr *nlh, int type,
|
|
nft_mon_print(monh, "# new generation %d", genid);
|
|
if (pid >= 0) {
|
|
nft_mon_print(monh, " by process %d", pid);
|
|
- if (!monh->ctx->octx->numeric)
|
|
+ if (!monh->ctx->nft->output.numeric)
|
|
nft_mon_print(monh, " (%s)", name);
|
|
}
|
|
nft_mon_print(monh, "\n");
|
|
@@ -850,7 +852,7 @@ static int netlink_events_cb(const struct nlmsghdr *nlh, void *data)
|
|
uint16_t type = NFNL_MSG_TYPE(nlh->nlmsg_type);
|
|
struct netlink_mon_handler *monh = (struct netlink_mon_handler *)data;
|
|
|
|
- netlink_events_debug(type, monh->debug_mask);
|
|
+ netlink_events_debug(type, monh->ctx->nft->debug_mask);
|
|
netlink_events_cache_update(monh, nlh, type);
|
|
|
|
if (!(monh->monitor_flags & (1 << type)))
|
|
@@ -901,11 +903,9 @@ int netlink_echo_callback(const struct nlmsghdr *nlh, void *data)
|
|
.loc = &netlink_location,
|
|
.monitor_flags = 0xffffffff,
|
|
.cache_needed = true,
|
|
- .cache = ctx->cache,
|
|
- .debug_mask = ctx->debug_mask,
|
|
};
|
|
|
|
- if (!echo_monh.ctx->octx->echo)
|
|
+ if (!echo_monh.ctx->nft->output.echo)
|
|
return MNL_CB_OK;
|
|
|
|
return netlink_events_cb(nlh, &echo_monh);
|
|
@@ -929,7 +929,7 @@ int netlink_monitor(struct netlink_mon_handler *monhandler,
|
|
return -1;
|
|
}
|
|
|
|
- return mnl_nft_event_listener(nf_sock, monhandler->debug_mask,
|
|
- monhandler->ctx->octx, netlink_events_cb,
|
|
- monhandler);
|
|
+ return mnl_nft_event_listener(nf_sock, monhandler->ctx->nft->debug_mask,
|
|
+ &monhandler->ctx->nft->output,
|
|
+ netlink_events_cb, monhandler);
|
|
}
|
|
diff --git a/src/netlink.c b/src/netlink.c
|
|
index 4fd3f2dfefced..e16eb504fdef8 100644
|
|
--- a/src/netlink.c
|
|
+++ b/src/netlink.c
|
|
@@ -42,7 +42,7 @@
|
|
#include <erec.h>
|
|
#include <iface.h>
|
|
|
|
-#define nft_mon_print(monh, ...) nft_print(monh->ctx->octx, __VA_ARGS__)
|
|
+#define nft_mon_print(monh, ...) nft_print(&monh->ctx->nft->output, __VA_ARGS__)
|
|
|
|
const struct input_descriptor indesc_netlink = {
|
|
.name = "netlink",
|
|
@@ -475,10 +475,8 @@ int netlink_replace_rule_batch(struct netlink_ctx *ctx, const struct cmd *cmd)
|
|
struct nftnl_rule *nlr;
|
|
int err, flags = 0;
|
|
|
|
- if (ctx->octx->echo) {
|
|
- err = cache_update(ctx->nf_sock, ctx->cache,
|
|
- CMD_INVALID, ctx->msgs,
|
|
- ctx->debug_mask, ctx->octx);
|
|
+ if (ctx->nft->output.echo) {
|
|
+ err = cache_update(ctx->nft, CMD_INVALID, ctx->msgs);
|
|
if (err < 0)
|
|
return err;
|
|
|
|
@@ -507,9 +505,9 @@ int netlink_del_rule_batch(struct netlink_ctx *ctx, const struct cmd *cmd)
|
|
|
|
void netlink_dump_rule(const struct nftnl_rule *nlr, struct netlink_ctx *ctx)
|
|
{
|
|
- FILE *fp = ctx->octx->output_fp;
|
|
+ FILE *fp = ctx->nft->output.output_fp;
|
|
|
|
- if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp)
|
|
+ if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp)
|
|
return;
|
|
|
|
nftnl_rule_fprintf(fp, nlr, 0, 0);
|
|
@@ -575,9 +573,9 @@ static int netlink_flush_rules(struct netlink_ctx *ctx, const struct cmd *cmd)
|
|
|
|
void netlink_dump_chain(const struct nftnl_chain *nlc, struct netlink_ctx *ctx)
|
|
{
|
|
- FILE *fp = ctx->octx->output_fp;
|
|
+ FILE *fp = ctx->nft->output.output_fp;
|
|
|
|
- if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp)
|
|
+ if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp)
|
|
return;
|
|
|
|
nftnl_chain_fprintf(fp, nlc, 0, 0);
|
|
@@ -837,9 +835,9 @@ static const struct datatype *dtype_map_from_kernel(enum nft_data_types type)
|
|
|
|
void netlink_dump_set(const struct nftnl_set *nls, struct netlink_ctx *ctx)
|
|
{
|
|
- FILE *fp = ctx->octx->output_fp;
|
|
+ FILE *fp = ctx->nft->output.output_fp;
|
|
|
|
- if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp)
|
|
+ if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp)
|
|
return;
|
|
|
|
nftnl_set_fprintf(fp, nls, 0, 0);
|
|
@@ -1291,7 +1289,7 @@ out:
|
|
static int list_setelem_cb(struct nftnl_set_elem *nlse, void *arg)
|
|
{
|
|
struct netlink_ctx *ctx = arg;
|
|
- return netlink_delinearize_setelem(nlse, ctx->set, ctx->cache);
|
|
+ return netlink_delinearize_setelem(nlse, ctx->set, &ctx->nft->cache);
|
|
}
|
|
|
|
int netlink_list_setelems(struct netlink_ctx *ctx, const struct handle *h,
|
|
@@ -1362,9 +1360,9 @@ int netlink_get_setelem(struct netlink_ctx *ctx, const struct handle *h,
|
|
|
|
void netlink_dump_obj(struct nftnl_obj *nln, struct netlink_ctx *ctx)
|
|
{
|
|
- FILE *fp = ctx->octx->output_fp;
|
|
+ FILE *fp = ctx->nft->output.output_fp;
|
|
|
|
- if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp)
|
|
+ if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp)
|
|
return;
|
|
|
|
nftnl_obj_fprintf(fp, nln, 0, 0);
|
|
@@ -1476,9 +1474,9 @@ static struct nftnl_flowtable *alloc_nftnl_flowtable(const struct handle *h,
|
|
static void netlink_dump_flowtable(struct nftnl_flowtable *flo,
|
|
struct netlink_ctx *ctx)
|
|
{
|
|
- FILE *fp = ctx->octx->output_fp;
|
|
+ FILE *fp = ctx->nft->output.output_fp;
|
|
|
|
- if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp)
|
|
+ if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp)
|
|
return;
|
|
|
|
nftnl_flowtable_fprintf(fp, flo, 0, 0);
|
|
@@ -1930,16 +1928,17 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type,
|
|
case NFT_TRACETYPE_RULE:
|
|
if (nftnl_trace_is_set(nlt, NFTNL_TRACE_LL_HEADER) ||
|
|
nftnl_trace_is_set(nlt, NFTNL_TRACE_NETWORK_HEADER))
|
|
- trace_print_packet(nlt, monh->ctx->octx);
|
|
+ trace_print_packet(nlt, &monh->ctx->nft->output);
|
|
|
|
if (nftnl_trace_is_set(nlt, NFTNL_TRACE_RULE_HANDLE))
|
|
- trace_print_rule(nlt, monh->ctx->octx, monh->cache);
|
|
+ trace_print_rule(nlt, &monh->ctx->nft->output,
|
|
+ &monh->ctx->nft->cache);
|
|
break;
|
|
case NFT_TRACETYPE_POLICY:
|
|
- trace_print_hdr(nlt, monh->ctx->octx);
|
|
+ trace_print_hdr(nlt, &monh->ctx->nft->output);
|
|
|
|
if (nftnl_trace_is_set(nlt, NFTNL_TRACE_POLICY)) {
|
|
- trace_print_policy(nlt, monh->ctx->octx);
|
|
+ trace_print_policy(nlt, &monh->ctx->nft->output);
|
|
nft_mon_print(monh, " ");
|
|
}
|
|
|
|
@@ -1947,14 +1946,14 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type,
|
|
trace_print_expr(nlt, NFTNL_TRACE_MARK,
|
|
meta_expr_alloc(&netlink_location,
|
|
NFT_META_MARK),
|
|
- monh->ctx->octx);
|
|
+ &monh->ctx->nft->output);
|
|
nft_mon_print(monh, "\n");
|
|
break;
|
|
case NFT_TRACETYPE_RETURN:
|
|
- trace_print_hdr(nlt, monh->ctx->octx);
|
|
+ trace_print_hdr(nlt, &monh->ctx->nft->output);
|
|
|
|
if (nftnl_trace_is_set(nlt, NFTNL_TRACE_VERDICT)) {
|
|
- trace_print_verdict(nlt, monh->ctx->octx);
|
|
+ trace_print_verdict(nlt, &monh->ctx->nft->output);
|
|
nft_mon_print(monh, " ");
|
|
}
|
|
|
|
@@ -1962,7 +1961,7 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type,
|
|
trace_print_expr(nlt, NFTNL_TRACE_MARK,
|
|
meta_expr_alloc(&netlink_location,
|
|
NFT_META_MARK),
|
|
- monh->ctx->octx);
|
|
+ &monh->ctx->nft->output);
|
|
nft_mon_print(monh, "\n");
|
|
break;
|
|
}
|
|
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
|
|
index ae84512c56f3a..bf990e9e979d5 100644
|
|
--- a/src/netlink_delinearize.c
|
|
+++ b/src/netlink_delinearize.c
|
|
@@ -2508,7 +2508,7 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
|
|
|
|
memset(&_ctx, 0, sizeof(_ctx));
|
|
_ctx.msgs = ctx->msgs;
|
|
- _ctx.debug_mask = ctx->debug_mask;
|
|
+ _ctx.debug_mask = ctx->nft->debug_mask;
|
|
|
|
memset(&h, 0, sizeof(h));
|
|
h.family = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY);
|
|
@@ -2520,7 +2520,7 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
|
|
h.position.id = nftnl_rule_get_u64(nlr, NFTNL_RULE_POSITION);
|
|
|
|
pctx->rule = rule_alloc(&netlink_location, &h);
|
|
- pctx->table = table_lookup(&h, ctx->cache);
|
|
+ pctx->table = table_lookup(&h, &ctx->nft->cache);
|
|
assert(pctx->table != NULL);
|
|
|
|
if (nftnl_rule_is_set(nlr, NFTNL_RULE_USERDATA)) {
|
|
diff --git a/src/rule.c b/src/rule.c
|
|
index 3b5468d00e79c..6acfa3ac1695c 100644
|
|
--- a/src/rule.c
|
|
+++ b/src/rule.c
|
|
@@ -86,7 +86,7 @@ static int cache_init_objects(struct netlink_ctx *ctx, enum cmd_ops cmd)
|
|
struct set *set;
|
|
int ret;
|
|
|
|
- list_for_each_entry(table, &ctx->cache->list, list) {
|
|
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
|
|
ret = netlink_list_sets(ctx, &table->handle);
|
|
list_splice_tail_init(&ctx->list, &table->sets);
|
|
|
|
@@ -141,7 +141,7 @@ static int cache_init(struct netlink_ctx *ctx, enum cmd_ops cmd)
|
|
};
|
|
int ret;
|
|
|
|
- ret = cache_init_tables(ctx, &handle, ctx->cache);
|
|
+ ret = cache_init_tables(ctx, &handle, &ctx->nft->cache);
|
|
if (ret < 0)
|
|
return ret;
|
|
ret = cache_init_objects(ctx, cmd);
|
|
@@ -151,20 +151,18 @@ static int cache_init(struct netlink_ctx *ctx, enum cmd_ops cmd)
|
|
return 0;
|
|
}
|
|
|
|
-int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache,
|
|
- enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_mask,
|
|
- struct output_ctx *octx)
|
|
+int cache_update(struct nft_ctx *nft, enum cmd_ops cmd, struct list_head *msgs)
|
|
{
|
|
uint16_t genid;
|
|
int ret;
|
|
struct netlink_ctx ctx = {
|
|
.list = LIST_HEAD_INIT(ctx.list),
|
|
- .nf_sock = nf_sock,
|
|
- .cache = cache,
|
|
+ .nft = nft,
|
|
.msgs = msgs,
|
|
- .debug_mask = debug_mask,
|
|
- .octx = octx,
|
|
+ .nft = nft,
|
|
};
|
|
+ struct mnl_socket *nf_sock = nft->nf_sock;
|
|
+ struct nft_cache *cache = &nft->cache;
|
|
|
|
replay:
|
|
ctx.seqnum = cache->seqnum++;
|
|
@@ -197,18 +195,14 @@ static void __cache_flush(struct list_head *table_list)
|
|
}
|
|
}
|
|
|
|
-void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache,
|
|
- enum cmd_ops cmd, struct list_head *msgs,
|
|
- unsigned int debug_mask, struct output_ctx *octx)
|
|
+void cache_flush(struct nft_ctx *nft, enum cmd_ops cmd, struct list_head *msgs)
|
|
{
|
|
struct netlink_ctx ctx = {
|
|
.list = LIST_HEAD_INIT(ctx.list),
|
|
- .nf_sock = nf_sock,
|
|
- .cache = cache,
|
|
+ .nft = nft,
|
|
.msgs = msgs,
|
|
- .debug_mask = debug_mask,
|
|
- .octx = octx,
|
|
};
|
|
+ struct nft_cache *cache = &nft->cache;
|
|
|
|
__cache_flush(&cache->list);
|
|
cache->genid = netlink_genid_get(&ctx);
|
|
@@ -1121,12 +1115,12 @@ static int do_add_setelems(struct netlink_ctx *ctx, struct cmd *cmd,
|
|
struct table *table;
|
|
struct set *set;
|
|
|
|
- table = table_lookup(h, ctx->cache);
|
|
+ table = table_lookup(h, &ctx->nft->cache);
|
|
set = set_lookup(table, h->set.name);
|
|
|
|
if (set->flags & NFT_SET_INTERVAL &&
|
|
set_to_intervals(ctx->msgs, set, init, true,
|
|
- ctx->debug_mask, set->automerge) < 0)
|
|
+ ctx->nft->debug_mask, set->automerge) < 0)
|
|
return -1;
|
|
|
|
return __do_add_setelems(ctx, h, set, init, flags);
|
|
@@ -1140,7 +1134,7 @@ static int do_add_set(struct netlink_ctx *ctx, const struct cmd *cmd,
|
|
if (set->init != NULL) {
|
|
if (set->flags & NFT_SET_INTERVAL &&
|
|
set_to_intervals(ctx->msgs, set, set->init, true,
|
|
- ctx->debug_mask, set->automerge) < 0)
|
|
+ ctx->nft->debug_mask, set->automerge) < 0)
|
|
return -1;
|
|
}
|
|
if (netlink_add_set_batch(ctx, cmd, flags) < 0)
|
|
@@ -1156,11 +1150,10 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl)
|
|
{
|
|
uint32_t flags = excl ? NLM_F_EXCL : 0;
|
|
|
|
- if (ctx->octx->echo) {
|
|
+ if (ctx->nft->output.echo) {
|
|
int ret;
|
|
|
|
- ret = cache_update(ctx->nf_sock, ctx->cache, cmd->obj,
|
|
- ctx->msgs, ctx->debug_mask, ctx->octx);
|
|
+ ret = cache_update(ctx->nft, cmd->obj, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -1206,11 +1199,10 @@ static int do_command_insert(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
{
|
|
uint32_t flags = 0;
|
|
|
|
- if (ctx->octx->echo) {
|
|
+ if (ctx->nft->output.echo) {
|
|
int ret;
|
|
|
|
- ret = cache_update(ctx->nf_sock, ctx->cache, cmd->obj,
|
|
- ctx->msgs, ctx->debug_mask, ctx->octx);
|
|
+ ret = cache_update(ctx->nft, cmd->obj, ctx->msgs);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
@@ -1233,12 +1225,12 @@ static int do_delete_setelems(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
struct table *table;
|
|
struct set *set;
|
|
|
|
- table = table_lookup(h, ctx->cache);
|
|
+ table = table_lookup(h, &ctx->nft->cache);
|
|
set = set_lookup(table, h->set.name);
|
|
|
|
if (set->flags & NFT_SET_INTERVAL &&
|
|
set_to_intervals(ctx->msgs, set, expr, false,
|
|
- ctx->debug_mask, set->automerge) < 0)
|
|
+ ctx->nft->debug_mask, set->automerge) < 0)
|
|
return -1;
|
|
|
|
if (netlink_delete_setelems_batch(ctx, cmd) < 0)
|
|
@@ -1278,7 +1270,7 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
{
|
|
struct nftnl_ruleset *rs;
|
|
- FILE *fp = ctx->octx->output_fp;
|
|
+ FILE *fp = ctx->nft->output.output_fp;
|
|
|
|
do {
|
|
rs = netlink_dump_ruleset(ctx, &cmd->handle, &cmd->location);
|
|
@@ -1288,7 +1280,7 @@ static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
|
|
nftnl_ruleset_fprintf(fp, rs, cmd->markup->format, NFTNL_OF_EVENT_NEW);
|
|
|
|
- nft_print(ctx->octx, "\n");
|
|
+ nft_print(&ctx->nft->output, "\n");
|
|
|
|
nftnl_ruleset_free(rs);
|
|
return 0;
|
|
@@ -1319,7 +1311,7 @@ static int do_command_import(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
static int do_list_table(struct netlink_ctx *ctx, struct cmd *cmd,
|
|
struct table *table)
|
|
{
|
|
- table_print(table, ctx->octx);
|
|
+ table_print(table, &ctx->nft->output);
|
|
return 0;
|
|
}
|
|
|
|
@@ -1333,12 +1325,12 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
struct table *table;
|
|
struct set *set;
|
|
|
|
- list_for_each_entry(table, &ctx->cache->list, list) {
|
|
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
|
|
if (cmd->handle.family != NFPROTO_UNSPEC &&
|
|
cmd->handle.family != table->handle.family)
|
|
continue;
|
|
|
|
- nft_print(ctx->octx, "table %s %s {\n",
|
|
+ nft_print(&ctx->nft->output, "table %s %s {\n",
|
|
family2str(table->handle.family),
|
|
table->handle.table.name);
|
|
|
|
@@ -1353,11 +1345,11 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
if (cmd->obj == CMD_OBJ_MAPS &&
|
|
!(set->flags & NFT_SET_MAP))
|
|
continue;
|
|
- set_print_declaration(set, &opts, ctx->octx);
|
|
- nft_print(ctx->octx, "%s}%s", opts.tab, opts.nl);
|
|
+ set_print_declaration(set, &opts, &ctx->nft->output);
|
|
+ nft_print(&ctx->nft->output, "%s}%s", opts.tab, opts.nl);
|
|
}
|
|
|
|
- nft_print(ctx->octx, "}\n");
|
|
+ nft_print(&ctx->nft->output, "}\n");
|
|
}
|
|
return 0;
|
|
}
|
|
@@ -1588,14 +1580,14 @@ static int do_list_obj(struct netlink_ctx *ctx, struct cmd *cmd, uint32_t type)
|
|
struct table *table;
|
|
struct obj *obj;
|
|
|
|
- list_for_each_entry(table, &ctx->cache->list, list) {
|
|
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
|
|
if (cmd->handle.family != NFPROTO_UNSPEC &&
|
|
cmd->handle.family != table->handle.family)
|
|
continue;
|
|
|
|
if (cmd->handle.table.name != NULL &&
|
|
!strcmp(cmd->handle.table.name, table->handle.table.name)) {
|
|
- nft_print(ctx->octx, "table %s %s {\n",
|
|
+ nft_print(&ctx->nft->output, "table %s %s {\n",
|
|
family2str(table->handle.family),
|
|
cmd->handle.table.name);
|
|
} else
|
|
@@ -1607,10 +1599,10 @@ static int do_list_obj(struct netlink_ctx *ctx, struct cmd *cmd, uint32_t type)
|
|
strcmp(cmd->handle.obj.name, obj->handle.obj.name)))
|
|
continue;
|
|
|
|
- obj_print_declaration(obj, &opts, ctx->octx);
|
|
+ obj_print_declaration(obj, &opts, &ctx->nft->output);
|
|
}
|
|
|
|
- nft_print(ctx->octx, "}\n");
|
|
+ nft_print(&ctx->nft->output, "}\n");
|
|
}
|
|
return 0;
|
|
}
|
|
@@ -1705,21 +1697,21 @@ static int do_list_flowtables(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
struct flowtable *flowtable;
|
|
struct table *table;
|
|
|
|
- list_for_each_entry(table, &ctx->cache->list, list) {
|
|
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
|
|
if (cmd->handle.family != NFPROTO_UNSPEC &&
|
|
cmd->handle.family != table->handle.family)
|
|
continue;
|
|
|
|
- nft_print(ctx->octx, "table %s %s {\n",
|
|
+ nft_print(&ctx->nft->output, "table %s %s {\n",
|
|
family2str(table->handle.family),
|
|
table->handle.table.name);
|
|
|
|
list_for_each_entry(flowtable, &table->flowtables, list) {
|
|
- flowtable_print_declaration(flowtable, &opts, ctx->octx);
|
|
- nft_print(ctx->octx, "%s}%s", opts.tab, opts.nl);
|
|
+ flowtable_print_declaration(flowtable, &opts, &ctx->nft->output);
|
|
+ nft_print(&ctx->nft->output, "%s}%s", opts.tab, opts.nl);
|
|
}
|
|
|
|
- nft_print(ctx->octx, "}\n");
|
|
+ nft_print(&ctx->nft->output, "}\n");
|
|
}
|
|
return 0;
|
|
}
|
|
@@ -1729,7 +1721,7 @@ static int do_list_ruleset(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
unsigned int family = cmd->handle.family;
|
|
struct table *table;
|
|
|
|
- list_for_each_entry(table, &ctx->cache->list, list) {
|
|
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
|
|
if (family != NFPROTO_UNSPEC &&
|
|
table->handle.family != family)
|
|
continue;
|
|
@@ -1750,12 +1742,12 @@ static int do_list_tables(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
{
|
|
struct table *table;
|
|
|
|
- list_for_each_entry(table, &ctx->cache->list, list) {
|
|
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
|
|
if (cmd->handle.family != NFPROTO_UNSPEC &&
|
|
cmd->handle.family != table->handle.family)
|
|
continue;
|
|
|
|
- nft_print(ctx->octx, "table %s %s\n",
|
|
+ nft_print(&ctx->nft->output, "table %s %s\n",
|
|
family2str(table->handle.family),
|
|
table->handle.table.name);
|
|
}
|
|
@@ -1776,17 +1768,17 @@ static int do_list_chain(struct netlink_ctx *ctx, struct cmd *cmd,
|
|
{
|
|
struct chain *chain;
|
|
|
|
- table_print_declaration(table, ctx->octx);
|
|
+ table_print_declaration(table, &ctx->nft->output);
|
|
|
|
list_for_each_entry(chain, &table->chains, list) {
|
|
if (chain->handle.family != cmd->handle.family ||
|
|
strcmp(cmd->handle.chain.name, chain->handle.chain.name) != 0)
|
|
continue;
|
|
|
|
- chain_print(chain, ctx->octx);
|
|
+ chain_print(chain, &ctx->nft->output);
|
|
}
|
|
|
|
- nft_print(ctx->octx, "}\n");
|
|
+ nft_print(&ctx->nft->output, "}\n");
|
|
|
|
return 0;
|
|
}
|
|
@@ -1796,18 +1788,18 @@ static int do_list_chains(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
struct table *table;
|
|
struct chain *chain;
|
|
|
|
- list_for_each_entry(table, &ctx->cache->list, list) {
|
|
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
|
|
if (cmd->handle.family != NFPROTO_UNSPEC &&
|
|
cmd->handle.family != table->handle.family)
|
|
continue;
|
|
|
|
- table_print_declaration(table, ctx->octx);
|
|
+ table_print_declaration(table, &ctx->nft->output);
|
|
|
|
list_for_each_entry(chain, &table->chains, list) {
|
|
- chain_print_declaration(chain, ctx->octx);
|
|
- nft_print(ctx->octx, "\t}\n");
|
|
+ chain_print_declaration(chain, &ctx->nft->output);
|
|
+ nft_print(&ctx->nft->output, "\t}\n");
|
|
}
|
|
- nft_print(ctx->octx, "}\n");
|
|
+ nft_print(&ctx->nft->output, "}\n");
|
|
}
|
|
|
|
return 0;
|
|
@@ -1816,9 +1808,9 @@ static int do_list_chains(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
static void __do_list_set(struct netlink_ctx *ctx, struct cmd *cmd,
|
|
struct table *table, struct set *set)
|
|
{
|
|
- table_print_declaration(table, ctx->octx);
|
|
- set_print(set, ctx->octx);
|
|
- nft_print(ctx->octx, "}\n");
|
|
+ table_print_declaration(table, &ctx->nft->output);
|
|
+ set_print(set, &ctx->nft->output);
|
|
+ nft_print(&ctx->nft->output, "}\n");
|
|
}
|
|
|
|
static int do_list_set(struct netlink_ctx *ctx, struct cmd *cmd,
|
|
@@ -1839,11 +1831,11 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
{
|
|
struct table *table = NULL;
|
|
|
|
- if (ctx->octx->json)
|
|
+ if (ctx->nft->output.json)
|
|
return do_command_list_json(ctx, cmd);
|
|
|
|
if (cmd->handle.table.name != NULL)
|
|
- table = table_lookup(&cmd->handle, ctx->cache);
|
|
+ table = table_lookup(&cmd->handle, &ctx->nft->cache);
|
|
|
|
switch (cmd->obj) {
|
|
case CMD_OBJ_TABLE:
|
|
@@ -1925,7 +1917,7 @@ static int do_command_get(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
struct table *table = NULL;
|
|
|
|
if (cmd->handle.table.name != NULL)
|
|
- table = table_lookup(&cmd->handle, ctx->cache);
|
|
+ table = table_lookup(&cmd->handle, &ctx->nft->cache);
|
|
|
|
switch (cmd->obj) {
|
|
case CMD_OBJ_SETELEM:
|
|
@@ -1964,7 +1956,7 @@ static int do_command_reset(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
|
|
ret = netlink_reset_objs(ctx, cmd, type, dump);
|
|
list_for_each_entry_safe(obj, next, &ctx->list, list) {
|
|
- table = table_lookup(&obj->handle, ctx->cache);
|
|
+ table = table_lookup(&obj->handle, &ctx->nft->cache);
|
|
list_move(&obj->list, &table->objs);
|
|
}
|
|
if (ret < 0)
|
|
@@ -1994,7 +1986,7 @@ static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
|
|
static int do_command_rename(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
{
|
|
- struct table *table = table_lookup(&cmd->handle, ctx->cache);
|
|
+ struct table *table = table_lookup(&cmd->handle, &ctx->nft->cache);
|
|
struct chain *chain;
|
|
|
|
switch (cmd->obj) {
|
|
@@ -2034,8 +2026,8 @@ static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
.format = cmd->monitor->format,
|
|
.ctx = ctx,
|
|
.loc = &cmd->location,
|
|
- .cache = ctx->cache,
|
|
- .debug_mask = ctx->debug_mask,
|
|
+ .cache = &ctx->nft->cache,
|
|
+ .debug_mask = ctx->nft->debug_mask,
|
|
};
|
|
|
|
monhandler.cache_needed = need_cache(cmd);
|
|
@@ -2044,7 +2036,7 @@ static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
struct chain *chain;
|
|
int ret;
|
|
|
|
- list_for_each_entry(t, &ctx->cache->list, list) {
|
|
+ list_for_each_entry(t, &ctx->nft->cache.list, list) {
|
|
list_for_each_entry(s, &t->sets, list)
|
|
s->init = set_expr_alloc(&cmd->location, s);
|
|
|
|
@@ -2070,7 +2062,7 @@ static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
}
|
|
}
|
|
|
|
- return netlink_monitor(&monhandler, ctx->nf_sock);
|
|
+ return netlink_monitor(&monhandler, ctx->nft->nf_sock);
|
|
}
|
|
|
|
static int do_command_describe(struct netlink_ctx *ctx, struct cmd *cmd,
|
|
@@ -2129,7 +2121,7 @@ int do_command(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
case CMD_MONITOR:
|
|
return do_command_monitor(ctx, cmd);
|
|
case CMD_DESCRIBE:
|
|
- return do_command_describe(ctx, cmd, ctx->octx);
|
|
+ return do_command_describe(ctx, cmd, &ctx->nft->output);
|
|
default:
|
|
BUG("invalid command object type %u\n", cmd->obj);
|
|
}
|
|
--
|
|
2.21.0
|
|
|