/**
* struct netlink_ctx
*
+ * @nft: nftables context
* @msgs: message queue
* @list: list of parsed rules/chains/tables
* @set: current set
* @data: pointer to pass data to callback
* @seqnum: sequence number
- * @octx: output context
- * @debug_mask: display debugging information
- * @cache: cache context
*/
struct netlink_ctx {
- struct mnl_socket *nf_sock;
+ struct nft_ctx *nft;
struct list_head *msgs;
struct list_head list;
struct set *set;
const void *data;
uint32_t seqnum;
struct nftnl_batch *batch;
- unsigned int debug_mask;
- struct output_ctx *octx;
- struct nft_cache *cache;
};
extern struct nftnl_expr *alloc_nft_expr(const char *name);
struct netlink_ctx;
extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
-extern int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache,
- enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_flag,
- struct output_ctx *octx);
-extern void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache,
- enum cmd_ops cmd, struct list_head *msgs,
- unsigned int debug_mask, struct output_ctx *octx);
+extern int cache_update(struct nft_ctx *ctx, enum cmd_ops cmd,
+ struct list_head *msgs);
+extern void cache_flush(struct nft_ctx *ctx, enum cmd_ops cmd,
+ struct list_head *msgs);
extern void cache_release(struct nft_cache *cache);
enum udata_type {
}
break;
case SYMBOL_SET:
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, ctx->cmd->op,
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, ctx->cmd->op, ctx->msgs);
if (ret < 0)
return ret;
static int expr_evaluate_osf(struct eval_ctx *ctx, struct expr **expr)
{
struct netlink_ctx nl_ctx = {
- .nf_sock = ctx->nft->nf_sock,
- .debug_mask = ctx->nft->debug_mask,
- .octx = &ctx->nft->output,
+ .nft = ctx->nft,
.seqnum = time(NULL),
};
int ret;
/* update cache with CMD_LIST so that rules are fetched, too */
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, CMD_LIST,
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, CMD_LIST, ctx->msgs);
if (ret < 0)
return ret;
switch (cmd->obj) {
case CMD_OBJ_SETELEM:
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op,
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
if (ret < 0)
return ret;
return setelem_evaluate(ctx, &cmd->expr);
case CMD_OBJ_SET:
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op,
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
if (ret < 0)
return ret;
handle_merge(&cmd->rule->handle, &cmd->handle);
return rule_evaluate(ctx, cmd->rule);
case CMD_OBJ_CHAIN:
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op,
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
if (ret < 0)
return ret;
case CMD_OBJ_TABLE:
return table_evaluate(ctx, cmd->table);
case CMD_OBJ_FLOWTABLE:
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op,
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
if (ret < 0)
return ret;
switch (cmd->obj) {
case CMD_OBJ_SETELEM:
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op,
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
if (ret < 0)
return ret;
struct set *set;
int ret;
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
- ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
if (ret < 0)
return ret;
struct set *set;
int ret;
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
- ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
if (ret < 0)
return ret;
{
int ret;
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
- ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
if (ret < 0)
return ret;
switch (cmd->obj) {
case CMD_OBJ_RULESET:
- cache_flush(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
- ctx->nft->debug_mask, &ctx->nft->output);
+ cache_flush(ctx->nft, cmd->op, ctx->msgs);
break;
case CMD_OBJ_TABLE:
/* Flushing a table does not empty the sets in the table nor remove
/* Chains don't hold sets */
break;
case CMD_OBJ_SET:
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
- ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
if (ret < 0)
return ret;
strerror(ENOENT));
return 0;
case CMD_OBJ_MAP:
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
- ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
if (ret < 0)
return ret;
strerror(ENOENT));
return 0;
case CMD_OBJ_METER:
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
- ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
if (ret < 0)
return ret;
switch (cmd->obj) {
case CMD_OBJ_CHAIN:
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op,
- ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
if (ret < 0)
return ret;
uint32_t event;
int ret;
- ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
- ctx->nft->debug_mask, &ctx->nft->output);
+ ret = cache_update(ctx->nft, cmd->op, ctx->msgs);
if (ret < 0)
return ret;
return cmd_error(ctx, &cmd->location,
"this output type is not supported");
- return cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs,
- ctx->nft->debug_mask, &ctx->nft->output);
+ return cache_update(ctx->nft, cmd->op, ctx->msgs);
}
static int cmd_evaluate_import(struct eval_ctx *ctx, struct cmd *cmd)
ctx.msgs = msgs;
ctx.seqnum = cmd->seqnum = mnl_seqnum_alloc(&seqnum);
ctx.batch = batch;
- ctx.octx = &nft->output;
- ctx.nf_sock = nf_sock;
- ctx.cache = &nft->cache;
- ctx.debug_mask = nft->debug_mask;
+ ctx.nft = nft;
init_list_head(&ctx.list);
ret = do_command(&ctx, cmd);
if (ret < 0) {
LIST_HEAD(cmds);
int rc;
- rc = cache_update(nft->nf_sock, &nft->cache, CMD_INVALID, &msgs,
- nft->debug_mask, &nft->output);
+ rc = cache_update(nft, CMD_INVALID, &msgs);
if (rc < 0)
return -1;
char buf[NFT_NLMSG_MAXSIZE];
int ret;
- ret = mnl_socket_recvfrom(ctx->nf_sock, buf, sizeof(buf));
+ ret = mnl_socket_recvfrom(ctx->nft->nf_sock, buf, sizeof(buf));
while (ret > 0) {
ret = mnl_cb_run(buf, ret, ctx->seqnum, portid, cb, cb_data);
if (ret <= 0)
goto out;
- ret = mnl_socket_recvfrom(ctx->nf_sock, buf, sizeof(buf));
+ ret = mnl_socket_recvfrom(ctx->nft->nf_sock, buf, sizeof(buf));
}
out:
if (ret < 0 && errno == EAGAIN)
nft_mnl_talk(struct netlink_ctx *ctx, const void *data, unsigned int len,
int (*cb)(const struct nlmsghdr *nlh, void *data), void *cb_data)
{
- uint32_t portid = mnl_socket_get_portid(ctx->nf_sock);
+ uint32_t portid = mnl_socket_get_portid(ctx->nft->nf_sock);
- if (ctx->debug_mask & NFT_DEBUG_MNL)
- mnl_nlmsg_fprintf(ctx->octx->output_fp, data, len,
+ if (ctx->nft->debug_mask & NFT_DEBUG_MNL)
+ mnl_nlmsg_fprintf(ctx->nft->output.output_fp, data, len,
sizeof(struct nfgenmsg));
- if (mnl_socket_sendto(ctx->nf_sock, data, len) < 0)
+ if (mnl_socket_sendto(ctx->nft->nf_sock, data, len) < 0)
return -1;
return nft_mnl_recv(ctx, portid, cb, cb_data);
};
uint32_t i;
- mnl_set_sndbuffer(ctx->nf_sock, ctx->batch);
+ mnl_set_sndbuffer(ctx->nft->nf_sock, ctx->batch);
nftnl_batch_iovec(ctx->batch, iov, iov_len);
for (i = 0; i < iov_len; i++) {
- if (ctx->debug_mask & NFT_DEBUG_MNL) {
- mnl_nlmsg_fprintf(ctx->octx->output_fp,
+ if (ctx->nft->debug_mask & NFT_DEBUG_MNL) {
+ mnl_nlmsg_fprintf(ctx->nft->output.output_fp,
iov[i].iov_base, iov[i].iov_len,
sizeof(struct nfgenmsg));
}
}
- return sendmsg(mnl_socket_get_fd(ctx->nf_sock), &msg, 0);
+ return sendmsg(mnl_socket_get_fd(ctx->nft->nf_sock), &msg, 0);
}
int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list)
{
- struct mnl_socket *nl = ctx->nf_sock;
+ struct mnl_socket *nl = ctx->nft->nf_sock;
int ret, fd = mnl_socket_get_fd(nl), portid = mnl_socket_get_portid(nl);
char rcv_buf[MNL_SOCKET_BUFFER_SIZE];
fd_set readfds;
struct nlmsghdr *nlh;
int err;
- if (ctx->octx->echo) {
- err = cache_update(ctx->nf_sock, ctx->cache,
- CMD_INVALID, ctx->msgs,
- ctx->debug_mask, ctx->octx);
+ if (ctx->nft->output.echo) {
+ err = cache_update(ctx->nft, CMD_INVALID, ctx->msgs);
if (err < 0)
return err;
#include <iface.h>
#include <json.h>
-#define nft_mon_print(monh, ...) nft_print(monh->ctx->octx, __VA_ARGS__)
+#define nft_mon_print(monh, ...) nft_print(&monh->ctx->nft->output, __VA_ARGS__)
static struct nftnl_table *netlink_table_alloc(const struct nlmsghdr *nlh)
{
nft_mon_print(monh, "%s %s", family2str(t->handle.family),
t->handle.table.name);
- if (monh->ctx->octx->handle > 0)
+ if (monh->ctx->nft->output.handle > 0)
nft_mon_print(monh, " # handle %" PRIu64 "",
t->handle.handle.id);
break;
switch (type) {
case NFT_MSG_NEWCHAIN:
- chain_print_plain(c, monh->ctx->octx);
+ chain_print_plain(c, &monh->ctx->nft->output);
break;
case NFT_MSG_DELCHAIN:
nft_mon_print(monh, "chain %s %s %s",
switch (type) {
case NFT_MSG_NEWSET:
- set_print_plain(set, monh->ctx->octx);
+ set_print_plain(set, &monh->ctx->nft->output);
break;
case NFT_MSG_DELSET:
nft_mon_print(monh, "set %s %s %s", family,
family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY);
cmd = netlink_msg2cmd(type);
- set = set_lookup_global(family, table, setname, monh->cache);
+ set = set_lookup_global(family, table, setname, &monh->ctx->nft->cache);
if (set == NULL) {
fprintf(stderr, "W: Received event for an unknown set.");
goto out;
goto out;
}
if (netlink_delinearize_setelem(nlse, dummyset,
- monh->cache) < 0) {
+ &monh->ctx->nft->cache) < 0) {
set_free(dummyset);
nftnl_set_elems_iter_destroy(nlsei);
goto out;
case NFTNL_OUTPUT_DEFAULT:
nft_mon_print(monh, "%s element %s %s %s ",
cmd, family2str(family), table, setname);
- expr_print(dummyset->init, monh->ctx->octx);
+ expr_print(dummyset->init, &monh->ctx->nft->output);
break;
case NFTNL_OUTPUT_JSON:
dummyset->handle.family = family;
switch (type) {
case NFT_MSG_NEWOBJ:
- obj_print_plain(obj, monh->ctx->octx);
+ obj_print_plain(obj, &monh->ctx->nft->output);
break;
case NFT_MSG_DELOBJ:
nft_mon_print(monh, "%s %s %s %s",
nlr = netlink_rule_alloc(nlh);
r = netlink_delinearize_rule(monh->ctx, nlr);
- nlr_for_each_set(nlr, rule_map_decompose_cb, NULL, monh->cache);
+ nlr_for_each_set(nlr, rule_map_decompose_cb, NULL,
+ &monh->ctx->nft->cache);
cmd = netlink_msg2cmd(type);
switch (monh->format) {
switch (type) {
case NFT_MSG_NEWRULE:
- rule_print(r, monh->ctx->octx);
+ rule_print(r, &monh->ctx->nft->output);
break;
case NFT_MSG_DELRULE:
t = netlink_delinearize_table(monh->ctx, nlt);
nftnl_table_free(nlt);
- table_add_hash(t, monh->cache);
+ table_add_hash(t, &monh->ctx->nft->cache);
}
static void netlink_events_cache_deltable(struct netlink_mon_handler *monh,
h.family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY);
h.table.name = nftnl_table_get_str(nlt, NFTNL_TABLE_NAME);
- t = table_lookup(&h, monh->cache);
+ t = table_lookup(&h, &monh->ctx->nft->cache);
if (t == NULL)
goto out;
goto out;
s->init = set_expr_alloc(monh->loc, s);
- t = table_lookup(&s->handle, monh->cache);
+ t = table_lookup(&s->handle, &monh->ctx->nft->cache);
if (t == NULL) {
fprintf(stderr, "W: Unable to cache set: table not found.\n");
set_free(s);
table = nftnl_set_get_str(nls, NFTNL_SET_TABLE);
setname = nftnl_set_get_str(nls, NFTNL_SET_NAME);
- set = set_lookup_global(family, table, setname, monh->cache);
+ set = set_lookup_global(family, table, setname, &monh->ctx->nft->cache);
if (set == NULL) {
fprintf(stderr,
"W: Unable to cache set_elem. Set not found.\n");
nlse = nftnl_set_elems_iter_next(nlsei);
while (nlse != NULL) {
- if (netlink_delinearize_setelem(nlse, set, monh->cache) < 0) {
+ if (netlink_delinearize_setelem(nlse, set,
+ &monh->ctx->nft->cache) < 0) {
fprintf(stderr,
"W: Unable to cache set_elem. "
"Delinearize failed.\n");
struct nftnl_rule *nlr = netlink_rule_alloc(nlh);
nlr_for_each_set(nlr, netlink_events_cache_delset_cb, NULL,
- monh->cache);
+ &monh->ctx->nft->cache);
nftnl_rule_free(nlr);
}
if (obj == NULL)
goto out;
- t = table_lookup(&obj->handle, monh->cache);
+ t = table_lookup(&obj->handle, &monh->ctx->nft->cache);
if (t == NULL) {
fprintf(stderr, "W: Unable to cache object: table not found.\n");
obj_free(obj);
type = nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE);
h.handle.id = nftnl_obj_get_u64(nlo, NFTNL_OBJ_HANDLE);
- t = table_lookup(&h, monh->cache);
+ t = table_lookup(&h, &monh->ctx->nft->cache);
if (t == NULL) {
fprintf(stderr, "W: Unable to cache object: table not found.\n");
goto out;
nft_mon_print(monh, "# new generation %d", genid);
if (pid >= 0) {
nft_mon_print(monh, " by process %d", pid);
- if (!monh->ctx->octx->numeric)
+ if (!monh->ctx->nft->output.numeric)
nft_mon_print(monh, " (%s)", name);
}
nft_mon_print(monh, "\n");
uint16_t type = NFNL_MSG_TYPE(nlh->nlmsg_type);
struct netlink_mon_handler *monh = (struct netlink_mon_handler *)data;
- netlink_events_debug(type, monh->debug_mask);
+ netlink_events_debug(type, monh->ctx->nft->debug_mask);
netlink_events_cache_update(monh, nlh, type);
if (!(monh->monitor_flags & (1 << type)))
.loc = &netlink_location,
.monitor_flags = 0xffffffff,
.cache_needed = true,
- .cache = ctx->cache,
- .debug_mask = ctx->debug_mask,
};
- if (!echo_monh.ctx->octx->echo)
+ if (!echo_monh.ctx->nft->output.echo)
return MNL_CB_OK;
return netlink_events_cb(nlh, &echo_monh);
return -1;
}
- return mnl_nft_event_listener(nf_sock, monhandler->debug_mask,
- monhandler->ctx->octx, netlink_events_cb,
- monhandler);
+ return mnl_nft_event_listener(nf_sock, monhandler->ctx->nft->debug_mask,
+ &monhandler->ctx->nft->output,
+ netlink_events_cb, monhandler);
}
#include <erec.h>
#include <iface.h>
-#define nft_mon_print(monh, ...) nft_print(monh->ctx->octx, __VA_ARGS__)
+#define nft_mon_print(monh, ...) nft_print(&monh->ctx->nft->output, __VA_ARGS__)
const struct input_descriptor indesc_netlink = {
.name = "netlink",
void netlink_dump_rule(const struct nftnl_rule *nlr, struct netlink_ctx *ctx)
{
- FILE *fp = ctx->octx->output_fp;
+ FILE *fp = ctx->nft->output.output_fp;
- if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp)
+ if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp)
return;
nftnl_rule_fprintf(fp, nlr, 0, 0);
void netlink_dump_chain(const struct nftnl_chain *nlc, struct netlink_ctx *ctx)
{
- FILE *fp = ctx->octx->output_fp;
+ FILE *fp = ctx->nft->output.output_fp;
- if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp)
+ if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp)
return;
nftnl_chain_fprintf(fp, nlc, 0, 0);
void netlink_dump_set(const struct nftnl_set *nls, struct netlink_ctx *ctx)
{
- FILE *fp = ctx->octx->output_fp;
+ FILE *fp = ctx->nft->output.output_fp;
- if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp)
+ if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp)
return;
nftnl_set_fprintf(fp, nls, 0, 0);
static int list_setelem_cb(struct nftnl_set_elem *nlse, void *arg)
{
struct netlink_ctx *ctx = arg;
- return netlink_delinearize_setelem(nlse, ctx->set, ctx->cache);
+ return netlink_delinearize_setelem(nlse, ctx->set, &ctx->nft->cache);
}
int netlink_list_setelems(struct netlink_ctx *ctx, const struct handle *h,
void netlink_dump_obj(struct nftnl_obj *nln, struct netlink_ctx *ctx)
{
- FILE *fp = ctx->octx->output_fp;
+ FILE *fp = ctx->nft->output.output_fp;
- if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp)
+ if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp)
return;
nftnl_obj_fprintf(fp, nln, 0, 0);
static void netlink_dump_flowtable(struct nftnl_flowtable *flo,
struct netlink_ctx *ctx)
{
- FILE *fp = ctx->octx->output_fp;
+ FILE *fp = ctx->nft->output.output_fp;
- if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp)
+ if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp)
return;
nftnl_flowtable_fprintf(fp, flo, 0, 0);
case NFT_TRACETYPE_RULE:
if (nftnl_trace_is_set(nlt, NFTNL_TRACE_LL_HEADER) ||
nftnl_trace_is_set(nlt, NFTNL_TRACE_NETWORK_HEADER))
- trace_print_packet(nlt, monh->ctx->octx);
+ trace_print_packet(nlt, &monh->ctx->nft->output);
if (nftnl_trace_is_set(nlt, NFTNL_TRACE_RULE_HANDLE))
- trace_print_rule(nlt, monh->ctx->octx, monh->cache);
+ trace_print_rule(nlt, &monh->ctx->nft->output,
+ &monh->ctx->nft->cache);
break;
case NFT_TRACETYPE_POLICY:
- trace_print_hdr(nlt, monh->ctx->octx);
+ trace_print_hdr(nlt, &monh->ctx->nft->output);
if (nftnl_trace_is_set(nlt, NFTNL_TRACE_POLICY)) {
- trace_print_policy(nlt, monh->ctx->octx);
+ trace_print_policy(nlt, &monh->ctx->nft->output);
nft_mon_print(monh, " ");
}
trace_print_expr(nlt, NFTNL_TRACE_MARK,
meta_expr_alloc(&netlink_location,
NFT_META_MARK),
- monh->ctx->octx);
+ &monh->ctx->nft->output);
nft_mon_print(monh, "\n");
break;
case NFT_TRACETYPE_RETURN:
- trace_print_hdr(nlt, monh->ctx->octx);
+ trace_print_hdr(nlt, &monh->ctx->nft->output);
if (nftnl_trace_is_set(nlt, NFTNL_TRACE_VERDICT)) {
- trace_print_verdict(nlt, monh->ctx->octx);
+ trace_print_verdict(nlt, &monh->ctx->nft->output);
nft_mon_print(monh, " ");
}
trace_print_expr(nlt, NFTNL_TRACE_MARK,
meta_expr_alloc(&netlink_location,
NFT_META_MARK),
- monh->ctx->octx);
+ &monh->ctx->nft->output);
nft_mon_print(monh, "\n");
break;
}
memset(&_ctx, 0, sizeof(_ctx));
_ctx.msgs = ctx->msgs;
- _ctx.debug_mask = ctx->debug_mask;
+ _ctx.debug_mask = ctx->nft->debug_mask;
memset(&h, 0, sizeof(h));
h.family = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY);
h.position.id = nftnl_rule_get_u64(nlr, NFTNL_RULE_POSITION);
pctx->rule = rule_alloc(&netlink_location, &h);
- pctx->table = table_lookup(&h, ctx->cache);
+ pctx->table = table_lookup(&h, &ctx->nft->cache);
assert(pctx->table != NULL);
if (nftnl_rule_is_set(nlr, NFTNL_RULE_USERDATA)) {
memset(&f, 0, sizeof(struct nf_osf_user_finger));
- if (ctx->debug_mask & NFT_DEBUG_MNL)
- nft_print(ctx->octx, "Loading '%s'.\n", buffer);
+ if (ctx->nft->debug_mask & NFT_DEBUG_MNL)
+ nft_print(&ctx->nft->output, "Loading '%s'.\n", buffer);
for (i = 0; i < len && buffer[i] != '\0'; ++i) {
if (buffer[i] == ':')
}
if (cnt != 8) {
- if (ctx->debug_mask & NFT_DEBUG_MNL)
- nft_print(ctx->octx, "Wrong input line '%s': cnt: %d, must be 8, i: %d, must be %d.\n", buffer, cnt, i, len);
+ if (ctx->nft->debug_mask & NFT_DEBUG_MNL)
+ nft_print(&ctx->nft->output, "Wrong input line '%s': cnt: %d, must be 8, i: %d, must be %d.\n", buffer, cnt, i, len);
return -EINVAL;
}
int err = 0;
char buf[1024];
- if (ctx->debug_mask & NFT_DEBUG_MNL)
- nft_print(ctx->octx, "Opening OS signature file '%s'\n",
+ if (ctx->nft->debug_mask & NFT_DEBUG_MNL)
+ nft_print(&ctx->nft->output, "Opening OS signature file '%s'\n",
OS_SIGNATURES);
inf = fopen(OS_SIGNATURES, "r");
if (!inf) {
- if (ctx->debug_mask & NFT_DEBUG_MNL)
- nft_print(ctx->octx, "Failed to open file '%s'\n",
+ if (ctx->nft->debug_mask & NFT_DEBUG_MNL)
+ nft_print(&ctx->nft->output, "Failed to open file '%s'\n",
OS_SIGNATURES);
return -1;
struct set *set;
int ret;
- list_for_each_entry(table, &ctx->cache->list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
ret = netlink_list_sets(ctx, &table->handle);
list_splice_tail_init(&ctx->list, &table->sets);
};
int ret;
- ret = cache_init_tables(ctx, &handle, ctx->cache);
+ ret = cache_init_tables(ctx, &handle, &ctx->nft->cache);
if (ret < 0)
return ret;
ret = cache_init_objects(ctx, cmd);
return 0;
}
-int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache,
- enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_mask,
- struct output_ctx *octx)
+int cache_update(struct nft_ctx *nft, enum cmd_ops cmd, struct list_head *msgs)
{
uint16_t genid;
int ret;
struct netlink_ctx ctx = {
.list = LIST_HEAD_INIT(ctx.list),
- .nf_sock = nf_sock,
- .cache = cache,
+ .nft = nft,
.msgs = msgs,
- .debug_mask = debug_mask,
- .octx = octx,
+ .nft = nft,
};
+ struct mnl_socket *nf_sock = nft->nf_sock;
+ struct nft_cache *cache = &nft->cache;
replay:
ctx.seqnum = cache->seqnum++;
}
}
-void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache,
- enum cmd_ops cmd, struct list_head *msgs,
- unsigned int debug_mask, struct output_ctx *octx)
+void cache_flush(struct nft_ctx *nft, enum cmd_ops cmd, struct list_head *msgs)
{
struct netlink_ctx ctx = {
.list = LIST_HEAD_INIT(ctx.list),
- .nf_sock = nf_sock,
- .cache = cache,
+ .nft = nft,
.msgs = msgs,
- .debug_mask = debug_mask,
- .octx = octx,
};
+ struct nft_cache *cache = &nft->cache;
__cache_flush(&cache->list);
cache->genid = mnl_genid_get(&ctx);
struct table *table;
struct set *set;
- table = table_lookup(h, ctx->cache);
+ table = table_lookup(h, &ctx->nft->cache);
set = set_lookup(table, h->set.name);
if (set->flags & NFT_SET_INTERVAL &&
set_to_intervals(ctx->msgs, set, init, true,
- ctx->debug_mask, set->automerge) < 0)
+ ctx->nft->debug_mask, set->automerge) < 0)
return -1;
return __do_add_setelems(ctx, set, init, flags);
if (set->init != NULL) {
if (set->flags & NFT_SET_INTERVAL &&
set_to_intervals(ctx->msgs, set, set->init, true,
- ctx->debug_mask, set->automerge) < 0)
+ ctx->nft->debug_mask, set->automerge) < 0)
return -1;
}
if (mnl_nft_set_add(ctx, cmd, flags) < 0)
{
uint32_t flags = excl ? NLM_F_EXCL : 0;
- if (ctx->octx->echo) {
+ if (ctx->nft->output.echo) {
int ret;
- ret = cache_update(ctx->nf_sock, ctx->cache, cmd->obj,
- ctx->msgs, ctx->debug_mask, ctx->octx);
+ ret = cache_update(ctx->nft, cmd->obj, ctx->msgs);
if (ret < 0)
return ret;
{
uint32_t flags = 0;
- if (ctx->octx->echo) {
+ if (ctx->nft->output.echo) {
int ret;
- ret = cache_update(ctx->nf_sock, ctx->cache, cmd->obj,
- ctx->msgs, ctx->debug_mask, ctx->octx);
+ ret = cache_update(ctx->nft, cmd->obj, ctx->msgs);
if (ret < 0)
return ret;
struct table *table;
struct set *set;
- table = table_lookup(h, ctx->cache);
+ table = table_lookup(h, &ctx->nft->cache);
set = set_lookup(table, h->set.name);
if (set->flags & NFT_SET_INTERVAL &&
set_to_intervals(ctx->msgs, set, expr, false,
- ctx->debug_mask, set->automerge) < 0)
+ ctx->nft->debug_mask, set->automerge) < 0)
return -1;
if (mnl_nft_setelem_del(ctx, cmd) < 0)
static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd)
{
struct nftnl_ruleset *rs;
- FILE *fp = ctx->octx->output_fp;
+ FILE *fp = ctx->nft->output.output_fp;
do {
rs = netlink_dump_ruleset(ctx, &cmd->handle, &cmd->location);
nftnl_ruleset_fprintf(fp, rs, cmd->markup->format, NFTNL_OF_EVENT_NEW);
- nft_print(ctx->octx, "\n");
+ nft_print(&ctx->nft->output, "\n");
nftnl_ruleset_free(rs);
return 0;
static int do_list_table(struct netlink_ctx *ctx, struct cmd *cmd,
struct table *table)
{
- table_print(table, ctx->octx);
+ table_print(table, &ctx->nft->output);
return 0;
}
struct table *table;
struct set *set;
- list_for_each_entry(table, &ctx->cache->list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
- nft_print(ctx->octx, "table %s %s {\n",
+ nft_print(&ctx->nft->output, "table %s %s {\n",
family2str(table->handle.family),
table->handle.table.name);
if (cmd->obj == CMD_OBJ_MAPS &&
!(set->flags & NFT_SET_MAP))
continue;
- set_print_declaration(set, &opts, ctx->octx);
- nft_print(ctx->octx, "%s}%s", opts.tab, opts.nl);
+ set_print_declaration(set, &opts, &ctx->nft->output);
+ nft_print(&ctx->nft->output, "%s}%s", opts.tab, opts.nl);
}
- nft_print(ctx->octx, "}\n");
+ nft_print(&ctx->nft->output, "}\n");
}
return 0;
}
struct table *table;
struct obj *obj;
- list_for_each_entry(table, &ctx->cache->list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
if (cmd->handle.table.name != NULL &&
!strcmp(cmd->handle.table.name, table->handle.table.name)) {
- nft_print(ctx->octx, "table %s %s {\n",
+ nft_print(&ctx->nft->output, "table %s %s {\n",
family2str(table->handle.family),
cmd->handle.table.name);
} else
strcmp(cmd->handle.obj.name, obj->handle.obj.name)))
continue;
- obj_print_declaration(obj, &opts, ctx->octx);
+ obj_print_declaration(obj, &opts, &ctx->nft->output);
}
- nft_print(ctx->octx, "}\n");
+ nft_print(&ctx->nft->output, "}\n");
}
return 0;
}
struct flowtable *flowtable;
struct table *table;
- list_for_each_entry(table, &ctx->cache->list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
- nft_print(ctx->octx, "table %s %s {\n",
+ nft_print(&ctx->nft->output, "table %s %s {\n",
family2str(table->handle.family),
table->handle.table.name);
list_for_each_entry(flowtable, &table->flowtables, list) {
- flowtable_print_declaration(flowtable, &opts, ctx->octx);
- nft_print(ctx->octx, "%s}%s", opts.tab, opts.nl);
+ flowtable_print_declaration(flowtable, &opts, &ctx->nft->output);
+ nft_print(&ctx->nft->output, "%s}%s", opts.tab, opts.nl);
}
- nft_print(ctx->octx, "}\n");
+ nft_print(&ctx->nft->output, "}\n");
}
return 0;
}
unsigned int family = cmd->handle.family;
struct table *table;
- list_for_each_entry(table, &ctx->cache->list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
if (family != NFPROTO_UNSPEC &&
table->handle.family != family)
continue;
{
struct table *table;
- list_for_each_entry(table, &ctx->cache->list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
- nft_print(ctx->octx, "table %s %s\n",
+ nft_print(&ctx->nft->output, "table %s %s\n",
family2str(table->handle.family),
table->handle.table.name);
}
{
struct chain *chain;
- table_print_declaration(table, ctx->octx);
+ table_print_declaration(table, &ctx->nft->output);
list_for_each_entry(chain, &table->chains, list) {
if (chain->handle.family != cmd->handle.family ||
strcmp(cmd->handle.chain.name, chain->handle.chain.name) != 0)
continue;
- chain_print(chain, ctx->octx);
+ chain_print(chain, &ctx->nft->output);
}
- nft_print(ctx->octx, "}\n");
+ nft_print(&ctx->nft->output, "}\n");
return 0;
}
struct table *table;
struct chain *chain;
- list_for_each_entry(table, &ctx->cache->list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.list, list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
- table_print_declaration(table, ctx->octx);
+ table_print_declaration(table, &ctx->nft->output);
list_for_each_entry(chain, &table->chains, list) {
- chain_print_declaration(chain, ctx->octx);
- nft_print(ctx->octx, "\t}\n");
+ chain_print_declaration(chain, &ctx->nft->output);
+ nft_print(&ctx->nft->output, "\t}\n");
}
- nft_print(ctx->octx, "}\n");
+ nft_print(&ctx->nft->output, "}\n");
}
return 0;
static void __do_list_set(struct netlink_ctx *ctx, struct cmd *cmd,
struct table *table, struct set *set)
{
- table_print_declaration(table, ctx->octx);
- set_print(set, ctx->octx);
- nft_print(ctx->octx, "}\n");
+ table_print_declaration(table, &ctx->nft->output);
+ set_print(set, &ctx->nft->output);
+ nft_print(&ctx->nft->output, "}\n");
}
static int do_list_set(struct netlink_ctx *ctx, struct cmd *cmd,
{
struct table *table = NULL;
- if (ctx->octx->json)
+ if (ctx->nft->output.json)
return do_command_list_json(ctx, cmd);
if (cmd->handle.table.name != NULL)
- table = table_lookup(&cmd->handle, ctx->cache);
+ table = table_lookup(&cmd->handle, &ctx->nft->cache);
switch (cmd->obj) {
case CMD_OBJ_TABLE:
struct table *table = NULL;
if (cmd->handle.table.name != NULL)
- table = table_lookup(&cmd->handle, ctx->cache);
+ table = table_lookup(&cmd->handle, &ctx->nft->cache);
switch (cmd->obj) {
case CMD_OBJ_SETELEM:
ret = netlink_reset_objs(ctx, cmd, type, dump);
list_for_each_entry_safe(obj, next, &ctx->list, list) {
- table = table_lookup(&obj->handle, ctx->cache);
+ table = table_lookup(&obj->handle, &ctx->nft->cache);
list_move(&obj->list, &table->objs);
}
if (ret < 0)
static int do_command_rename(struct netlink_ctx *ctx, struct cmd *cmd)
{
- struct table *table = table_lookup(&cmd->handle, ctx->cache);
+ struct table *table = table_lookup(&cmd->handle, &ctx->nft->cache);
const struct chain *chain;
switch (cmd->obj) {
.format = cmd->monitor->format,
.ctx = ctx,
.loc = &cmd->location,
- .cache = ctx->cache,
- .debug_mask = ctx->debug_mask,
+ .cache = &ctx->nft->cache,
+ .debug_mask = ctx->nft->debug_mask,
};
monhandler.cache_needed = need_cache(cmd);
struct chain *chain;
int ret;
- list_for_each_entry(t, &ctx->cache->list, list) {
+ list_for_each_entry(t, &ctx->nft->cache.list, list) {
list_for_each_entry(s, &t->sets, list)
s->init = set_expr_alloc(&cmd->location, s);
}
}
- return netlink_monitor(&monhandler, ctx->nf_sock);
+ return netlink_monitor(&monhandler, ctx->nft->nf_sock);
}
static int do_command_describe(struct netlink_ctx *ctx, struct cmd *cmd,
case CMD_MONITOR:
return do_command_monitor(ctx, cmd);
case CMD_DESCRIBE:
- return do_command_describe(ctx, cmd, ctx->octx);
+ return do_command_describe(ctx, cmd, &ctx->nft->output);
default:
BUG("invalid command object type %u\n", cmd->obj);
}
projects / thirdparty / nftables.git / commitdiff
