#include <list.h>
#include <netlink.h>
+#include <rule.h>
#include <libmnl/libmnl.h>
struct mnl_socket *netlink_open_sock(void);
struct nftnl_chain_list *mnl_nft_chain_dump(struct netlink_ctx *ctx,
int family);
-int mnl_nft_table_batch_add(struct nftnl_table *nlt, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum);
-int mnl_nft_table_batch_del(struct nftnl_table *nlt, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum);
+int mnl_nft_table_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+ unsigned int flags);
+int mnl_nft_table_del(struct netlink_ctx *ctx, const struct cmd *cmd);
+
struct nftnl_table_list *mnl_nft_table_dump(struct netlink_ctx *ctx,
int family);
struct nft_cache *cache;
};
-extern struct nftnl_table *alloc_nftnl_table(const struct handle *h);
extern struct nftnl_chain *alloc_nftnl_chain(const struct handle *h);
extern struct nftnl_rule *alloc_nftnl_rule(const struct handle *h);
extern struct nftnl_expr *alloc_nft_expr(const char *name);
extern struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
const struct nftnl_chain *nlc);
-extern int netlink_add_table_batch(struct netlink_ctx *ctx,
- const struct cmd *cmd, uint32_t flags);
-extern int netlink_delete_table_batch(struct netlink_ctx *ctx,
- const struct cmd *cmd);
extern int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h);
extern int netlink_list_table(struct netlink_ctx *ctx, const struct handle *h);
extern int netlink_flush_table(struct netlink_ctx *ctx, const struct cmd *cmd);
__netlink_init_error(__FILE__, __LINE__, strerror(errno));
extern void __noreturn __netlink_init_error(const char *file, int line, const char *reason);
-extern int netlink_flush_ruleset(struct netlink_ctx *ctx, const struct cmd *cmd);
-
extern struct nftnl_ruleset *netlink_dump_ruleset(struct netlink_ctx *ctx,
const struct handle *h,
const struct location *loc);
/*
* Table
*/
-int mnl_nft_table_batch_add(struct nftnl_table *nlt, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_table_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+ unsigned int flags)
{
+ struct nftnl_table *nlt;
struct nlmsghdr *nlh;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+ nlt = nftnl_table_alloc();
+ if (nlt == NULL)
+ memory_allocation_error();
+
+ nftnl_table_set_u32(nlt, NFTNL_TABLE_FAMILY, cmd->handle.family);
+ nftnl_table_set(nlt, NFTNL_TABLE_NAME, cmd->handle.table.name);
+ if (cmd->table)
+ nftnl_table_set_u32(nlt, NFTNL_TABLE_FLAGS, cmd->table->flags);
+ else
+ nftnl_table_set_u32(nlt, NFTNL_TABLE_FLAGS, 0);
+
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
NFT_MSG_NEWTABLE,
- nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY),
- flags, seqnum);
+ cmd->handle.family,
+ flags, ctx->seqnum);
nftnl_table_nlmsg_build_payload(nlh, nlt);
- mnl_nft_batch_continue(batch);
+ nftnl_table_free(nlt);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
-int mnl_nft_table_batch_del(struct nftnl_table *nlt, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_table_del(struct netlink_ctx *ctx, const struct cmd *cmd)
{
+ struct nftnl_table *nlt;
struct nlmsghdr *nlh;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+ nlt = nftnl_table_alloc();
+ if (nlt == NULL)
+ memory_allocation_error();
+
+ nftnl_table_set_u32(nlt, NFTNL_TABLE_FAMILY, cmd->handle.family);
+ if (cmd->handle.table.name)
+ nftnl_table_set(nlt, NFTNL_TABLE_NAME, cmd->handle.table.name);
+ if (cmd->handle.handle.id)
+ nftnl_table_set_u64(nlt, NFTNL_TABLE_HANDLE,
+ cmd->handle.handle.id);
+
+ nlt = nftnl_table_alloc();
+ if (nlt == NULL)
+ memory_allocation_error();
+
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
NFT_MSG_DELTABLE,
- nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY),
- NLM_F_ACK, seqnum);
+ cmd->handle.family,
+ NLM_F_ACK, ctx->seqnum);
nftnl_table_nlmsg_build_payload(nlh, nlt);
- mnl_nft_batch_continue(batch);
+ nftnl_table_free(nlt);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
exit(NFT_EXIT_NONL);
}
-struct nftnl_table *alloc_nftnl_table(const struct handle *h)
-{
- struct nftnl_table *nlt;
-
- nlt = nftnl_table_alloc();
- if (nlt == NULL)
- memory_allocation_error();
-
- nftnl_table_set_u32(nlt, NFTNL_TABLE_FAMILY, h->family);
- if (h->table.name != NULL)
- nftnl_table_set(nlt, NFTNL_TABLE_NAME, h->table.name);
- if (h->handle.id)
- nftnl_table_set_u64(nlt, NFTNL_TABLE_HANDLE, h->handle.id);
-
- return nlt;
-}
-
struct nftnl_chain *alloc_nftnl_chain(const struct handle *h)
{
struct nftnl_chain *nlc;
return netlink_del_rule_batch(ctx, cmd);
}
-int netlink_add_table_batch(struct netlink_ctx *ctx, const struct cmd *cmd,
- uint32_t flags)
-{
- struct nftnl_table *nlt;
- int err;
-
- nlt = alloc_nftnl_table(&cmd->handle);
- if (cmd->table != NULL)
- nftnl_table_set_u32(nlt, NFTNL_TABLE_FLAGS, cmd->table->flags);
- else
- nftnl_table_set_u32(nlt, NFTNL_TABLE_FLAGS, 0);
-
- err = mnl_nft_table_batch_add(nlt, ctx->batch, flags, ctx->seqnum);
- nftnl_table_free(nlt);
-
- return err;
-}
-
-int netlink_delete_table_batch(struct netlink_ctx *ctx, const struct cmd *cmd)
-{
- struct nftnl_table *nlt;
- int err;
-
- nlt = alloc_nftnl_table(&cmd->handle);
- err = mnl_nft_table_batch_del(nlt, ctx->batch, 0, ctx->seqnum);
- nftnl_table_free(nlt);
-
- return err;
-}
-
struct table *netlink_delinearize_table(struct netlink_ctx *ctx,
const struct nftnl_table *nlt)
{
return mnl_batch_talk(ctx, err_list);
}
-int netlink_flush_ruleset(struct netlink_ctx *ctx, const struct cmd *cmd)
-{
- struct nftnl_table *nlt;
- int err;
-
- nlt = alloc_nftnl_table(&cmd->handle);
- err = mnl_nft_table_batch_del(nlt, ctx->batch, 0, ctx->seqnum);
- nftnl_table_free(nlt);
-
- return err;
-}
-
struct nftnl_ruleset *netlink_dump_ruleset(struct netlink_ctx *ctx,
const struct handle *h,
const struct location *loc)
#include <utils.h>
#include <netdb.h>
#include <netlink.h>
+#include <mnl.h>
#include <json.h>
#include <libnftnl/common.h>
switch (cmd->obj) {
case CMD_OBJ_TABLE:
- return netlink_add_table_batch(ctx, cmd, flags);
+ return mnl_nft_table_add(ctx, cmd, flags);
case CMD_OBJ_CHAIN:
return netlink_add_chain_batch(ctx, cmd, flags);
case CMD_OBJ_RULE:
{
switch (cmd->obj) {
case CMD_OBJ_TABLE:
- return netlink_delete_table_batch(ctx, cmd);
+ return mnl_nft_table_del(ctx, cmd);
case CMD_OBJ_CHAIN:
return netlink_delete_chain_batch(ctx, cmd);
case CMD_OBJ_RULE:
case CMD_OBJ_METER:
return netlink_flush_setelems(ctx, cmd);
case CMD_OBJ_RULESET:
- return netlink_flush_ruleset(ctx, cmd);
+ return mnl_nft_table_del(ctx, cmd);
default:
BUG("invalid command object type %u\n", cmd->obj);
}
projects / thirdparty / nftables.git / commitdiff
