extern struct nft_family_ops nft_family_ops_arp;
extern struct nft_family_ops nft_family_ops_bridge;
-void add_meta(struct nft_rule *r, uint32_t key)
+void add_meta(struct nftnl_rule *r, uint32_t key)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("meta");
+ expr = nftnl_expr_alloc("meta");
if (expr == NULL)
return;
- nft_rule_expr_set_u32(expr, NFT_EXPR_META_KEY, key);
- nft_rule_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, key);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
}
-void add_payload(struct nft_rule *r, int offset, int len, uint32_t base)
+void add_payload(struct nftnl_rule *r, int offset, int len, uint32_t base)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("payload");
+ expr = nftnl_expr_alloc("payload");
if (expr == NULL)
return;
- nft_rule_expr_set_u32(expr, NFT_EXPR_PAYLOAD_BASE, base);
- nft_rule_expr_set_u32(expr, NFT_EXPR_PAYLOAD_DREG, NFT_REG_1);
- nft_rule_expr_set_u32(expr, NFT_EXPR_PAYLOAD_OFFSET, offset);
- nft_rule_expr_set_u32(expr, NFT_EXPR_PAYLOAD_LEN, len);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_PAYLOAD_BASE, base);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_PAYLOAD_DREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_PAYLOAD_OFFSET, offset);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_PAYLOAD_LEN, len);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
}
/* bitwise operation is = sreg & mask ^ xor */
-void add_bitwise_u16(struct nft_rule *r, int mask, int xor)
+void add_bitwise_u16(struct nftnl_rule *r, int mask, int xor)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("bitwise");
+ expr = nftnl_expr_alloc("bitwise");
if (expr == NULL)
return;
- nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_SREG, NFT_REG_1);
- nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_DREG, NFT_REG_1);
- nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_LEN, sizeof(uint16_t));
- nft_rule_expr_set(expr, NFT_EXPR_BITWISE_MASK, &mask, sizeof(uint16_t));
- nft_rule_expr_set(expr, NFT_EXPR_BITWISE_XOR, &xor, sizeof(uint16_t));
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_BITWISE_SREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_BITWISE_DREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_BITWISE_LEN, sizeof(uint16_t));
+ nftnl_expr_set(expr, NFTNL_EXPR_BITWISE_MASK, &mask, sizeof(uint16_t));
+ nftnl_expr_set(expr, NFTNL_EXPR_BITWISE_XOR, &xor, sizeof(uint16_t));
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
}
-static void add_bitwise(struct nft_rule *r, uint8_t *mask, size_t len)
+static void add_bitwise(struct nftnl_rule *r, uint8_t *mask, size_t len)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
uint32_t xor[4] = { 0 };
- expr = nft_rule_expr_alloc("bitwise");
+ expr = nftnl_expr_alloc("bitwise");
if (expr == NULL)
return;
- nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_SREG, NFT_REG_1);
- nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_DREG, NFT_REG_1);
- nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_LEN, len);
- nft_rule_expr_set(expr, NFT_EXPR_BITWISE_MASK, mask, len);
- nft_rule_expr_set(expr, NFT_EXPR_BITWISE_XOR, &xor, len);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_BITWISE_SREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_BITWISE_DREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_BITWISE_LEN, len);
+ nftnl_expr_set(expr, NFTNL_EXPR_BITWISE_MASK, mask, len);
+ nftnl_expr_set(expr, NFTNL_EXPR_BITWISE_XOR, &xor, len);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
}
-void add_cmp_ptr(struct nft_rule *r, uint32_t op, void *data, size_t len)
+void add_cmp_ptr(struct nftnl_rule *r, uint32_t op, void *data, size_t len)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("cmp");
+ expr = nftnl_expr_alloc("cmp");
if (expr == NULL)
return;
- nft_rule_expr_set_u32(expr, NFT_EXPR_CMP_SREG, NFT_REG_1);
- nft_rule_expr_set_u32(expr, NFT_EXPR_CMP_OP, op);
- nft_rule_expr_set(expr, NFT_EXPR_CMP_DATA, data, len);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_SREG, NFT_REG_1);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_OP, op);
+ nftnl_expr_set(expr, NFTNL_EXPR_CMP_DATA, data, len);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
}
-void add_cmp_u8(struct nft_rule *r, uint8_t val, uint32_t op)
+void add_cmp_u8(struct nftnl_rule *r, uint8_t val, uint32_t op)
{
add_cmp_ptr(r, op, &val, sizeof(val));
}
-void add_cmp_u16(struct nft_rule *r, uint16_t val, uint32_t op)
+void add_cmp_u16(struct nftnl_rule *r, uint16_t val, uint32_t op)
{
add_cmp_ptr(r, op, &val, sizeof(val));
}
-void add_cmp_u32(struct nft_rule *r, uint32_t val, uint32_t op)
+void add_cmp_u32(struct nftnl_rule *r, uint32_t val, uint32_t op)
{
add_cmp_ptr(r, op, &val, sizeof(val));
}
-void add_iniface(struct nft_rule *r, char *iface, uint32_t op)
+void add_iniface(struct nftnl_rule *r, char *iface, uint32_t op)
{
int iface_len;
add_cmp_ptr(r, op, iface, iface_len + 1);
}
-void add_outiface(struct nft_rule *r, char *iface, uint32_t op)
+void add_outiface(struct nftnl_rule *r, char *iface, uint32_t op)
{
int iface_len;
add_cmp_ptr(r, op, iface, iface_len + 1);
}
-void add_addr(struct nft_rule *r, int offset,
+void add_addr(struct nftnl_rule *r, int offset,
void *data, void *mask, size_t len, uint32_t op)
{
add_payload(r, offset, len, NFT_PAYLOAD_NETWORK_HEADER);
add_cmp_ptr(r, op, data, len);
}
-void add_proto(struct nft_rule *r, int offset, size_t len,
+void add_proto(struct nftnl_rule *r, int offset, size_t len,
uint8_t proto, uint32_t op)
{
add_payload(r, offset, len, NFT_PAYLOAD_NETWORK_HEADER);
return true;
}
-int parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface,
+int parse_meta(struct nftnl_expr *e, uint8_t key, char *iniface,
unsigned char *iniface_mask, char *outiface,
unsigned char *outiface_mask, uint8_t *invflags)
{
switch(key) {
case NFT_META_IIF:
- value = nft_rule_expr_get_u32(e, NFT_EXPR_CMP_DATA);
- if (nft_rule_expr_get_u32(e, NFT_EXPR_CMP_OP) == NFT_CMP_NEQ)
+ value = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_DATA);
+ if (nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP) == NFT_CMP_NEQ)
*invflags |= IPT_INV_VIA_IN;
if_indextoname(value, iniface);
memset(iniface_mask, 0xff, strlen(iniface)+1);
break;
case NFT_META_OIF:
- value = nft_rule_expr_get_u32(e, NFT_EXPR_CMP_DATA);
- if (nft_rule_expr_get_u32(e, NFT_EXPR_CMP_OP) == NFT_CMP_NEQ)
+ value = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_DATA);
+ if (nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP) == NFT_CMP_NEQ)
*invflags |= IPT_INV_VIA_OUT;
if_indextoname(value, outiface);
memset(outiface_mask, 0xff, strlen(outiface)+1);
break;
case NFT_META_IIFNAME:
- ifname = nft_rule_expr_get(e, NFT_EXPR_CMP_DATA, &len);
- if (nft_rule_expr_get_u32(e, NFT_EXPR_CMP_OP) == NFT_CMP_NEQ)
+ ifname = nftnl_expr_get(e, NFTNL_EXPR_CMP_DATA, &len);
+ if (nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP) == NFT_CMP_NEQ)
*invflags |= IPT_INV_VIA_IN;
memcpy(iniface, ifname, len);
}
break;
case NFT_META_OIFNAME:
- ifname = nft_rule_expr_get(e, NFT_EXPR_CMP_DATA, &len);
- if (nft_rule_expr_get_u32(e, NFT_EXPR_CMP_OP) == NFT_CMP_NEQ)
+ ifname = nftnl_expr_get(e, NFTNL_EXPR_CMP_DATA, &len);
+ if (nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP) == NFT_CMP_NEQ)
*invflags |= IPT_INV_VIA_OUT;
memcpy(outiface, ifname, len);
}
}
-void nft_parse_target(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_target(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
uint32_t tg_len;
- const char *targname = nft_rule_expr_get_str(e, NFT_EXPR_TG_NAME);
- const void *targinfo = nft_rule_expr_get(e, NFT_EXPR_TG_INFO, &tg_len);
+ const char *targname = nftnl_expr_get_str(e, NFTNL_EXPR_TG_NAME);
+ const void *targinfo = nftnl_expr_get(e, NFTNL_EXPR_TG_INFO, &tg_len);
struct xtables_target *target;
struct xt_entry_target *t;
size_t size;
}
memcpy(&t->data, targinfo, tg_len);
t->u.target_size = size;
- t->u.user.revision = nft_rule_expr_get_u32(e, NFT_EXPR_TG_REV);
+ t->u.user.revision = nftnl_expr_get_u32(e, NFTNL_EXPR_TG_REV);
strcpy(t->u.user.name, target->name);
target->t = t;
ops->parse_target(target, data);
}
-void nft_parse_match(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_match(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
uint32_t mt_len;
- const char *mt_name = nft_rule_expr_get_str(e, NFT_EXPR_MT_NAME);
- const void *mt_info = nft_rule_expr_get(e, NFT_EXPR_MT_INFO, &mt_len);
+ const char *mt_name = nftnl_expr_get_str(e, NFTNL_EXPR_MT_NAME);
+ const void *mt_info = nftnl_expr_get(e, NFTNL_EXPR_MT_INFO, &mt_len);
struct xtables_match *match;
struct xtables_rule_match **matches;
struct xt_entry_match *m;
memcpy(&m->data, mt_info, mt_len);
m->u.match_size = mt_len + XT_ALIGN(sizeof(struct xt_entry_match));
- m->u.user.revision = nft_rule_expr_get_u32(e, NFT_EXPR_TG_REV);
+ m->u.user.revision = nftnl_expr_get_u32(e, NFTNL_EXPR_TG_REV);
strcpy(m->u.user.name, match->name);
match->m = m;
printf("-p %u ", proto);
}
-void get_cmp_data(struct nft_rule_expr *e, void *data, size_t dlen, bool *inv)
+void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv)
{
uint32_t len;
uint8_t op;
- memcpy(data, nft_rule_expr_get(e, NFT_EXPR_CMP_DATA, &len), dlen);
- op = nft_rule_expr_get_u32(e, NFT_EXPR_CMP_OP);
+ memcpy(data, nftnl_expr_get(e, NFTNL_EXPR_CMP_DATA, &len), dlen);
+ op = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP);
if (op == NFT_CMP_NEQ)
*inv = true;
else
*inv = false;
}
-void nft_parse_meta(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
- ctx->reg = nft_rule_expr_get_u32(e, NFT_EXPR_META_DREG);
- ctx->meta.key = nft_rule_expr_get_u32(e, NFT_EXPR_META_KEY);
+ ctx->reg = nftnl_expr_get_u32(e, NFTNL_EXPR_META_DREG);
+ ctx->meta.key = nftnl_expr_get_u32(e, NFTNL_EXPR_META_KEY);
ctx->flags |= NFT_XT_CTX_META;
}
-void nft_parse_payload(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_payload(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
- ctx->reg = nft_rule_expr_get_u32(e, NFT_EXPR_META_DREG);
- ctx->payload.offset = nft_rule_expr_get_u32(e, NFT_EXPR_PAYLOAD_OFFSET);
+ ctx->reg = nftnl_expr_get_u32(e, NFTNL_EXPR_META_DREG);
+ ctx->payload.offset = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_OFFSET);
ctx->flags |= NFT_XT_CTX_PAYLOAD;
}
-void nft_parse_bitwise(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_bitwise(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
uint32_t reg, len;
const void *data;
- reg = nft_rule_expr_get_u32(e, NFT_EXPR_BITWISE_SREG);
+ reg = nftnl_expr_get_u32(e, NFTNL_EXPR_BITWISE_SREG);
if (ctx->reg && reg != ctx->reg)
return;
- data = nft_rule_expr_get(e, NFT_EXPR_BITWISE_XOR, &len);
+ data = nftnl_expr_get(e, NFTNL_EXPR_BITWISE_XOR, &len);
memcpy(ctx->bitwise.xor, data, len);
- data = nft_rule_expr_get(e, NFT_EXPR_BITWISE_MASK, &len);
+ data = nftnl_expr_get(e, NFTNL_EXPR_BITWISE_MASK, &len);
memcpy(ctx->bitwise.mask, data, len);
ctx->flags |= NFT_XT_CTX_BITWISE;
}
-void nft_parse_cmp(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_cmp(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
struct nft_family_ops *ops = nft_family_ops_lookup(ctx->family);
void *data = nft_get_data(ctx);
uint32_t reg;
- reg = nft_rule_expr_get_u32(e, NFT_EXPR_CMP_SREG);
+ reg = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_SREG);
if (ctx->reg && reg != ctx->reg)
return;
}
}
-void nft_parse_counter(struct nft_rule_expr *e, struct xt_counters *counters)
+void nft_parse_counter(struct nftnl_expr *e, struct xt_counters *counters)
{
- counters->pcnt = nft_rule_expr_get_u64(e, NFT_EXPR_CTR_PACKETS);
- counters->bcnt = nft_rule_expr_get_u64(e, NFT_EXPR_CTR_BYTES);
+ counters->pcnt = nftnl_expr_get_u64(e, NFTNL_EXPR_CTR_PACKETS);
+ counters->bcnt = nftnl_expr_get_u64(e, NFTNL_EXPR_CTR_BYTES);
}
-void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
+void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
- int verdict = nft_rule_expr_get_u32(e, NFT_EXPR_IMM_VERDICT);
- const char *chain = nft_rule_expr_get_str(e, NFT_EXPR_IMM_CHAIN);
+ int verdict = nftnl_expr_get_u32(e, NFTNL_EXPR_IMM_VERDICT);
+ const char *chain = nftnl_expr_get_str(e, NFTNL_EXPR_IMM_CHAIN);
struct nft_family_ops *ops;
const char *jumpto = NULL;
bool nft_goto = false;
ops->parse_immediate(jumpto, nft_goto, data);
}
-void nft_rule_to_iptables_command_state(struct nft_rule *r,
+void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
struct iptables_command_state *cs)
{
- struct nft_rule_expr_iter *iter;
- struct nft_rule_expr *expr;
- int family = nft_rule_attr_get_u32(r, NFT_RULE_ATTR_FAMILY);
+ struct nftnl_expr_iter *iter;
+ struct nftnl_expr *expr;
+ int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
struct nft_xt_ctx ctx = {
.state.cs = cs,
.family = family,
};
- iter = nft_rule_expr_iter_create(r);
+ iter = nftnl_expr_iter_create(r);
if (iter == NULL)
return;
ctx.iter = iter;
- expr = nft_rule_expr_iter_next(iter);
+ expr = nftnl_expr_iter_next(iter);
while (expr != NULL) {
const char *name =
- nft_rule_expr_get_str(expr, NFT_RULE_EXPR_ATTR_NAME);
+ nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
if (strcmp(name, "counter") == 0)
nft_parse_counter(expr, &ctx.state.cs->counters);
else if (strcmp(name, "target") == 0)
nft_parse_target(&ctx, expr);
- expr = nft_rule_expr_iter_next(iter);
+ expr = nftnl_expr_iter_next(iter);
}
- nft_rule_expr_iter_destroy(iter);
+ nftnl_expr_iter_destroy(iter);
if (cs->target != NULL)
cs->jumpto = cs->target->name;
}
bool nft_ipv46_rule_find(struct nft_family_ops *ops,
- struct nft_rule *r, struct iptables_command_state *cs)
+ struct nftnl_rule *r, struct iptables_command_state *cs)
{
struct iptables_command_state this = {};
*/
#define BATCH_PAGE_SIZE getpagesize() * 32
-static struct mnl_nlmsg_batch *mnl_nft_batch_alloc(void)
+static struct mnl_nlmsg_batch *mnl_nftnl_batch_alloc(void)
{
static char *buf;
}
static struct mnl_nlmsg_batch *
-mnl_nft_batch_page_add(struct mnl_nlmsg_batch *batch)
+mnl_nftnl_batch_page_add(struct mnl_nlmsg_batch *batch)
{
struct batch_page *batch_page;
list_add_tail(&batch_page->head, &batch_page_list);
batch_num_pages++;
- return mnl_nft_batch_alloc();
+ return mnl_nftnl_batch_alloc();
}
static int nlbuffsiz;
nlbuffsiz = newbuffsiz;
}
-static void mnl_nft_batch_reset(void)
+static void mnl_nftnl_batch_reset(void)
{
struct batch_page *batch_page, *next;
}
ret = sendmsg(mnl_socket_get_fd(nl), &msg, 0);
- mnl_nft_batch_reset();
+ mnl_nftnl_batch_reset();
return ret;
}
-static int mnl_nft_batch_talk(struct nft_handle *h)
+static int mnl_nftnl_batch_talk(struct nft_handle *h)
{
int ret, fd = mnl_socket_get_fd(h->nl);
char rcv_buf[MNL_SOCKET_BUFFER_SIZE];
return err ? -1 : 0;
}
-static void mnl_nft_batch_begin(struct mnl_nlmsg_batch *batch, uint32_t seq)
+static void mnl_nftnl_batch_begin(struct mnl_nlmsg_batch *batch, uint32_t seq)
{
- nft_batch_begin(mnl_nlmsg_batch_current(batch), seq);
+ nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq);
if (!mnl_nlmsg_batch_next(batch))
- mnl_nft_batch_page_add(batch);
+ mnl_nftnl_batch_page_add(batch);
}
-static void mnl_nft_batch_end(struct mnl_nlmsg_batch *batch, uint32_t seq)
+static void mnl_nftnl_batch_end(struct mnl_nlmsg_batch *batch, uint32_t seq)
{
- nft_batch_end(mnl_nlmsg_batch_current(batch), seq);
+ nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq);
if (!mnl_nlmsg_batch_next(batch))
- mnl_nft_batch_page_add(batch);
+ mnl_nftnl_batch_page_add(batch);
}
enum obj_update_type {
struct list_head head;
enum obj_update_type type;
union {
- struct nft_table *table;
- struct nft_chain *chain;
- struct nft_rule *rule;
+ struct nftnl_table *table;
+ struct nftnl_chain *chain;
+ struct nftnl_rule *rule;
void *ptr;
};
};
}
static int batch_table_add(struct nft_handle *h, enum obj_update_type type,
- struct nft_table *t)
+ struct nftnl_table *t)
{
return batch_add(h, type, t);
}
static int batch_chain_add(struct nft_handle *h, enum obj_update_type type,
- struct nft_chain *c)
+ struct nftnl_chain *c)
{
return batch_add(h, type, c);
}
static int batch_rule_add(struct nft_handle *h, enum obj_update_type type,
- struct nft_rule *r)
+ struct nftnl_rule *r)
{
return batch_add(h, type, r);
}
},
};
-int nft_table_add(struct nft_handle *h, struct nft_table *t, uint16_t flags)
+int nft_table_add(struct nft_handle *h, struct nftnl_table *t, uint16_t flags)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
int ret;
- nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_NEWTABLE, h->family,
+ nlh = nftnl_table_nlmsg_build_hdr(buf, NFT_MSG_NEWTABLE, h->family,
NLM_F_ACK|flags, h->seq);
- nft_table_nlmsg_build_payload(nlh, t);
- nft_table_free(t);
+ nftnl_table_nlmsg_build_payload(nlh, t);
+ nftnl_table_free(t);
#ifdef NLDEBUG
char tmp[1024];
static int nft_table_builtin_add(struct nft_handle *h,
struct builtin_table *_t)
{
- struct nft_table *t;
+ struct nftnl_table *t;
int ret;
if (_t->initialized)
return 0;
- t = nft_table_alloc();
+ t = nftnl_table_alloc();
if (t == NULL)
return -1;
- nft_table_attr_set(t, NFT_TABLE_ATTR_NAME, (char *)_t->name);
+ nftnl_table_set(t, NFTNL_TABLE_NAME, (char *)_t->name);
if (h->batch_support)
ret = batch_table_add(h, NFT_COMPAT_TABLE_ADD, t);
return ret;
}
-static struct nft_chain *
+static struct nftnl_chain *
nft_chain_builtin_alloc(struct builtin_table *table,
struct builtin_chain *chain, int policy)
{
- struct nft_chain *c;
+ struct nftnl_chain *c;
- c = nft_chain_alloc();
+ c = nftnl_chain_alloc();
if (c == NULL)
return NULL;
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_TABLE, (char *)table->name);
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_NAME, (char *)chain->name);
- nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_HOOKNUM, chain->hook);
- nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_PRIO, chain->prio);
- nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_POLICY, policy);
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_TYPE, (char *)chain->type);
+ nftnl_chain_set(c, NFTNL_CHAIN_TABLE, (char *)table->name);
+ nftnl_chain_set(c, NFTNL_CHAIN_NAME, (char *)chain->name);
+ nftnl_chain_set_u32(c, NFTNL_CHAIN_HOOKNUM, chain->hook);
+ nftnl_chain_set_u32(c, NFTNL_CHAIN_PRIO, chain->prio);
+ nftnl_chain_set_u32(c, NFTNL_CHAIN_POLICY, policy);
+ nftnl_chain_set(c, NFTNL_CHAIN_TYPE, (char *)chain->type);
return c;
}
-int nft_chain_add(struct nft_handle *h, struct nft_chain *c, uint16_t flags)
+int nft_chain_add(struct nft_handle *h, struct nftnl_chain *c, uint16_t flags)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
/* NLM_F_CREATE requests module autoloading */
- nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, h->family,
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, h->family,
NLM_F_ACK|flags|NLM_F_CREATE,
h->seq);
- nft_chain_nlmsg_build_payload(nlh, c);
- nft_chain_free(c);
+ nftnl_chain_nlmsg_build_payload(nlh, c);
+ nftnl_chain_free(c);
#ifdef NLDEBUG
char tmp[1024];
struct builtin_table *table,
struct builtin_chain *chain)
{
- struct nft_chain *c;
+ struct nftnl_chain *c;
c = nft_chain_builtin_alloc(table, chain, NF_ACCEPT);
if (c == NULL)
struct builtin_table *table)
{
int i;
- struct nft_chain_list *list = nft_chain_dump(h);
- struct nft_chain *c;
+ struct nftnl_chain_list *list = nft_chain_dump(h);
+ struct nftnl_chain *c;
/* Initialize built-in chains if they don't exist yet */
for (i=0; i<NF_IP_NUMHOOKS && table->chains[i].name != NULL; i++) {
nft_chain_builtin_add(h, table, &table->chains[i]);
}
- nft_chain_list_free(list);
+ nftnl_chain_list_free(list);
}
static int nft_xt_builtin_init(struct nft_handle *h, const char *table)
return ret;
}
-static bool nft_chain_builtin(struct nft_chain *c)
+static bool nft_chain_builtin(struct nftnl_chain *c)
{
/* Check if this chain has hook number, in that case is built-in.
* Should we better export the flags to user-space via nf_tables?
*/
- return nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM) != NULL;
+ return nftnl_chain_get(c, NFTNL_CHAIN_HOOKNUM) != NULL;
}
static bool mnl_batch_supported(struct nft_handle *h)
uint32_t seq = 1;
int ret;
- mnl_nft_batch_begin(h->batch, seq++);
+ mnl_nftnl_batch_begin(h->batch, seq++);
- nft_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
+ nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
NFT_MSG_NEWSET, AF_INET,
NLM_F_ACK, seq++);
mnl_nlmsg_batch_next(h->batch);
- mnl_nft_batch_end(h->batch, seq++);
+ mnl_nftnl_batch_end(h->batch, seq++);
ret = mnl_socket_sendto(h->nl, mnl_nlmsg_batch_head(h->batch),
mnl_nlmsg_batch_size(h->batch));
INIT_LIST_HEAD(&h->obj_list);
- h->batch = mnl_nft_batch_alloc();
+ h->batch = mnl_nftnl_batch_alloc();
h->batch_support = mnl_batch_supported(h);
return 0;
mnl_nlmsg_batch_stop(h->batch);
}
-static void nft_chain_print_debug(struct nft_chain *c, struct nlmsghdr *nlh)
+static void nft_chain_print_debug(struct nftnl_chain *c, struct nlmsghdr *nlh)
{
#ifdef NLDEBUG
char tmp[1024];
#endif
}
-static struct nft_chain *nft_chain_new(struct nft_handle *h,
+static struct nftnl_chain *nft_chain_new(struct nft_handle *h,
const char *table, const char *chain,
int policy,
const struct xt_counters *counters)
{
- struct nft_chain *c;
+ struct nftnl_chain *c;
struct builtin_table *_t;
struct builtin_chain *_c;
}
if (counters) {
- nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_BYTES,
+ nftnl_chain_set_u64(c, NFTNL_CHAIN_BYTES,
counters->bcnt);
- nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_PACKETS,
+ nftnl_chain_set_u64(c, NFTNL_CHAIN_PACKETS,
counters->pcnt);
}
const char *chain, const char *policy,
const struct xt_counters *counters)
{
- struct nft_chain *c = NULL;
+ struct nftnl_chain *c = NULL;
int ret;
nft_fn = nft_chain_set;
return ret == 0 ? 1 : 0;
}
-static int __add_match(struct nft_rule_expr *e, struct xt_entry_match *m)
+static int __add_match(struct nftnl_expr *e, struct xt_entry_match *m)
{
void *info;
- nft_rule_expr_set(e, NFT_EXPR_MT_NAME, m->u.user.name, strlen(m->u.user.name));
- nft_rule_expr_set_u32(e, NFT_EXPR_MT_REV, m->u.user.revision);
+ nftnl_expr_set(e, NFTNL_EXPR_MT_NAME, m->u.user.name, strlen(m->u.user.name));
+ nftnl_expr_set_u32(e, NFTNL_EXPR_MT_REV, m->u.user.revision);
info = calloc(1, m->u.match_size);
if (info == NULL)
return -ENOMEM;
memcpy(info, m->data, m->u.match_size - sizeof(*m));
- nft_rule_expr_set(e, NFT_EXPR_MT_INFO, info, m->u.match_size - sizeof(*m));
+ nftnl_expr_set(e, NFTNL_EXPR_MT_INFO, info, m->u.match_size - sizeof(*m));
return 0;
}
-int add_match(struct nft_rule *r, struct xt_entry_match *m)
+int add_match(struct nftnl_rule *r, struct xt_entry_match *m)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
int ret;
- expr = nft_rule_expr_alloc("match");
+ expr = nftnl_expr_alloc("match");
if (expr == NULL)
return -ENOMEM;
ret = __add_match(expr, m);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
return ret;
}
-static int __add_target(struct nft_rule_expr *e, struct xt_entry_target *t)
+static int __add_target(struct nftnl_expr *e, struct xt_entry_target *t)
{
void *info;
- nft_rule_expr_set(e, NFT_EXPR_TG_NAME, t->u.user.name,
+ nftnl_expr_set(e, NFTNL_EXPR_TG_NAME, t->u.user.name,
strlen(t->u.user.name));
- nft_rule_expr_set_u32(e, NFT_EXPR_TG_REV, t->u.user.revision);
+ nftnl_expr_set_u32(e, NFTNL_EXPR_TG_REV, t->u.user.revision);
info = calloc(1, t->u.target_size);
if (info == NULL)
return -ENOMEM;
memcpy(info, t->data, t->u.target_size - sizeof(*t));
- nft_rule_expr_set(e, NFT_EXPR_TG_INFO, info, t->u.target_size - sizeof(*t));
+ nftnl_expr_set(e, NFTNL_EXPR_TG_INFO, info, t->u.target_size - sizeof(*t));
return 0;
}
-int add_target(struct nft_rule *r, struct xt_entry_target *t)
+int add_target(struct nftnl_rule *r, struct xt_entry_target *t)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
int ret;
- expr = nft_rule_expr_alloc("target");
+ expr = nftnl_expr_alloc("target");
if (expr == NULL)
return -ENOMEM;
ret = __add_target(expr, t);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
return ret;
}
-int add_jumpto(struct nft_rule *r, const char *name, int verdict)
+int add_jumpto(struct nftnl_rule *r, const char *name, int verdict)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("immediate");
+ expr = nftnl_expr_alloc("immediate");
if (expr == NULL)
return -ENOMEM;
- nft_rule_expr_set_u32(expr, NFT_EXPR_IMM_DREG, NFT_REG_VERDICT);
- nft_rule_expr_set_u32(expr, NFT_EXPR_IMM_VERDICT, verdict);
- nft_rule_expr_set_str(expr, NFT_EXPR_IMM_CHAIN, (char *)name);
- nft_rule_add_expr(r, expr);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_IMM_DREG, NFT_REG_VERDICT);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_IMM_VERDICT, verdict);
+ nftnl_expr_set_str(expr, NFTNL_EXPR_IMM_CHAIN, (char *)name);
+ nftnl_rule_add_expr(r, expr);
return 0;
}
-int add_verdict(struct nft_rule *r, int verdict)
+int add_verdict(struct nftnl_rule *r, int verdict)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("immediate");
+ expr = nftnl_expr_alloc("immediate");
if (expr == NULL)
return -ENOMEM;
- nft_rule_expr_set_u32(expr, NFT_EXPR_IMM_DREG, NFT_REG_VERDICT);
- nft_rule_expr_set_u32(expr, NFT_EXPR_IMM_VERDICT, verdict);
- nft_rule_add_expr(r, expr);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_IMM_DREG, NFT_REG_VERDICT);
+ nftnl_expr_set_u32(expr, NFTNL_EXPR_IMM_VERDICT, verdict);
+ nftnl_rule_add_expr(r, expr);
return 0;
}
-int add_action(struct nft_rule *r, struct iptables_command_state *cs,
+int add_action(struct nftnl_rule *r, struct iptables_command_state *cs,
bool goto_set)
{
int ret = 0;
return ret;
}
-static void nft_rule_print_debug(struct nft_rule *r, struct nlmsghdr *nlh)
+static void nft_rule_print_debug(struct nftnl_rule *r, struct nlmsghdr *nlh)
{
#ifdef NLDEBUG
char tmp[1024];
#endif
}
-int add_counters(struct nft_rule *r, uint64_t packets, uint64_t bytes)
+int add_counters(struct nftnl_rule *r, uint64_t packets, uint64_t bytes)
{
- struct nft_rule_expr *expr;
+ struct nftnl_expr *expr;
- expr = nft_rule_expr_alloc("counter");
+ expr = nftnl_expr_alloc("counter");
if (expr == NULL)
return -ENOMEM;
- nft_rule_expr_set_u64(expr, NFT_EXPR_CTR_PACKETS, packets);
- nft_rule_expr_set_u64(expr, NFT_EXPR_CTR_BYTES, bytes);
+ nftnl_expr_set_u64(expr, NFTNL_EXPR_CTR_PACKETS, packets);
+ nftnl_expr_set_u64(expr, NFTNL_EXPR_CTR_BYTES, bytes);
- nft_rule_add_expr(r, expr);
+ nftnl_rule_add_expr(r, expr);
return 0;
}
-void add_compat(struct nft_rule *r, uint32_t proto, bool inv)
+void add_compat(struct nftnl_rule *r, uint32_t proto, bool inv)
{
- nft_rule_attr_set_u32(r, NFT_RULE_ATTR_COMPAT_PROTO, proto);
- nft_rule_attr_set_u32(r, NFT_RULE_ATTR_COMPAT_FLAGS,
+ nftnl_rule_set_u32(r, NFTNL_RULE_COMPAT_PROTO, proto);
+ nftnl_rule_set_u32(r, NFTNL_RULE_COMPAT_FLAGS,
inv ? NFT_RULE_COMPAT_F_INV : 0);
}
-static struct nft_rule *
+static struct nftnl_rule *
nft_rule_new(struct nft_handle *h, const char *chain, const char *table,
void *data)
{
- struct nft_rule *r;
+ struct nftnl_rule *r;
- r = nft_rule_alloc();
+ r = nftnl_rule_alloc();
if (r == NULL)
return NULL;
- nft_rule_attr_set_u32(r, NFT_RULE_ATTR_FAMILY, h->family);
- nft_rule_attr_set(r, NFT_RULE_ATTR_TABLE, (char *)table);
- nft_rule_attr_set(r, NFT_RULE_ATTR_CHAIN, (char *)chain);
+ nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, h->family);
+ nftnl_rule_set(r, NFTNL_RULE_TABLE, (char *)table);
+ nftnl_rule_set(r, NFTNL_RULE_CHAIN, (char *)chain);
if (h->ops->add(r, data) < 0)
goto err;
return r;
err:
- nft_rule_free(r);
+ nftnl_rule_free(r);
return NULL;
}
nft_rule_append(struct nft_handle *h, const char *chain, const char *table,
void *data, uint64_t handle, bool verbose)
{
- struct nft_rule *r;
+ struct nftnl_rule *r;
int type;
/* If built-in chains don't exist for this table, create them */
return 0;
if (handle > 0) {
- nft_rule_attr_set(r, NFT_RULE_ATTR_HANDLE, &handle);
+ nftnl_rule_set(r, NFTNL_RULE_HANDLE, &handle);
type = NFT_COMPAT_RULE_REPLACE;
} else
type = NFT_COMPAT_RULE_APPEND;
if (batch_rule_add(h, type, r) < 0)
- nft_rule_free(r);
+ nftnl_rule_free(r);
return 1;
}
void
nft_rule_print_save(const void *data,
- struct nft_rule *r, enum nft_rule_print type,
+ struct nftnl_rule *r, enum nft_rule_print type,
unsigned int format)
{
- const char *chain = nft_rule_attr_get_str(r, NFT_RULE_ATTR_CHAIN);
- int family = nft_rule_attr_get_u32(r, NFT_RULE_ATTR_FAMILY);
+ const char *chain = nftnl_rule_get_str(r, NFTNL_RULE_CHAIN);
+ int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
struct nft_family_ops *ops;
ops = nft_family_ops_lookup(family);
}
-static int nft_chain_list_cb(const struct nlmsghdr *nlh, void *data)
+static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
{
- struct nft_chain *c;
- struct nft_chain_list *list = data;
+ struct nftnl_chain *c;
+ struct nftnl_chain_list *list = data;
- c = nft_chain_alloc();
+ c = nftnl_chain_alloc();
if (c == NULL)
goto err;
- if (nft_chain_nlmsg_parse(nlh, c) < 0)
+ if (nftnl_chain_nlmsg_parse(nlh, c) < 0)
goto out;
- nft_chain_list_add_tail(c, list);
+ nftnl_chain_list_add_tail(c, list);
return MNL_CB_OK;
out:
- nft_chain_free(c);
+ nftnl_chain_free(c);
err:
return MNL_CB_OK;
}
-static struct nft_chain_list *nft_chain_list_get(struct nft_handle *h)
+static struct nftnl_chain_list *nftnl_chain_list_get(struct nft_handle *h)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- struct nft_chain_list *list;
+ struct nftnl_chain_list *list;
- list = nft_chain_list_alloc();
+ list = nftnl_chain_list_alloc();
if (list == NULL) {
errno = ENOMEM;
return NULL;
}
- nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, h->family,
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, h->family,
NLM_F_DUMP, h->seq);
- mnl_talk(h, nlh, nft_chain_list_cb, list);
+ mnl_talk(h, nlh, nftnl_chain_list_cb, list);
return list;
}
-struct nft_chain_list *nft_chain_dump(struct nft_handle *h)
+struct nftnl_chain_list *nft_chain_dump(struct nft_handle *h)
{
- return nft_chain_list_get(h);
+ return nftnl_chain_list_get(h);
}
static const char *policy_name[NF_ACCEPT+1] = {
[NF_ACCEPT] = "ACCEPT",
};
-static void nft_chain_print_save(struct nft_chain *c, bool basechain)
+static void nft_chain_print_save(struct nftnl_chain *c, bool basechain)
{
- const char *chain = nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
- uint64_t pkts = nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_PACKETS);
- uint64_t bytes = nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_BYTES);
+ const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
+ uint64_t pkts = nftnl_chain_get_u64(c, NFTNL_CHAIN_PACKETS);
+ uint64_t bytes = nftnl_chain_get_u64(c, NFTNL_CHAIN_BYTES);
/* print chain name */
if (basechain) {
uint32_t pol = NF_ACCEPT;
/* no default chain policy? don't crash, display accept */
- if (nft_chain_attr_get(c, NFT_CHAIN_ATTR_POLICY))
- pol = nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_POLICY);
+ if (nftnl_chain_get(c, NFTNL_CHAIN_POLICY))
+ pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY);
printf(":%s %s [%"PRIu64":%"PRIu64"]\n", chain, policy_name[pol],
pkts, bytes);
printf(":%s - [%"PRIu64":%"PRIu64"]\n", chain, pkts, bytes);
}
-int nft_chain_save(struct nft_handle *h, struct nft_chain_list *list,
+int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list,
const char *table)
{
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
return 0;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *chain_table =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
bool basechain = false;
if (strcmp(table, chain_table) != 0)
basechain = nft_chain_builtin(c);
nft_chain_print_save(c, basechain);
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
- nft_chain_list_free(list);
+ nftnl_chain_list_iter_destroy(iter);
+ nftnl_chain_list_free(list);
return 1;
}
-static int nft_rule_list_cb(const struct nlmsghdr *nlh, void *data)
+static int nftnl_rule_list_cb(const struct nlmsghdr *nlh, void *data)
{
- struct nft_rule *r;
- struct nft_rule_list *list = data;
+ struct nftnl_rule *r;
+ struct nftnl_rule_list *list = data;
- r = nft_rule_alloc();
+ r = nftnl_rule_alloc();
if (r == NULL)
goto err;
- if (nft_rule_nlmsg_parse(nlh, r) < 0)
+ if (nftnl_rule_nlmsg_parse(nlh, r) < 0)
goto out;
- nft_rule_list_add_tail(r, list);
+ nftnl_rule_list_add_tail(r, list);
return MNL_CB_OK;
out:
- nft_rule_free(r);
- nft_rule_list_free(list);
+ nftnl_rule_free(r);
+ nftnl_rule_list_free(list);
err:
return MNL_CB_OK;
}
-static struct nft_rule_list *nft_rule_list_get(struct nft_handle *h)
+static struct nftnl_rule_list *nft_rule_list_get(struct nft_handle *h)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- struct nft_rule_list *list;
+ struct nftnl_rule_list *list;
int ret;
- list = nft_rule_list_alloc();
+ list = nftnl_rule_list_alloc();
if (list == NULL)
return 0;
- nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, h->family,
+ nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, h->family,
NLM_F_DUMP, h->seq);
- ret = mnl_talk(h, nlh, nft_rule_list_cb, list);
+ ret = mnl_talk(h, nlh, nftnl_rule_list_cb, list);
if (ret < 0) {
- nft_rule_list_free(list);
+ nftnl_rule_list_free(list);
return NULL;
}
int nft_rule_save(struct nft_handle *h, const char *table, bool counters)
{
- struct nft_rule_list *list;
- struct nft_rule_list_iter *iter;
- struct nft_rule *r;
+ struct nftnl_rule_list *list;
+ struct nftnl_rule_list_iter *iter;
+ struct nftnl_rule *r;
list = nft_rule_list_get(h);
if (list == NULL)
return 0;
- iter = nft_rule_list_iter_create(list);
+ iter = nftnl_rule_list_iter_create(list);
if (iter == NULL)
return 0;
- r = nft_rule_list_iter_next(iter);
+ r = nftnl_rule_list_iter_next(iter);
while (r != NULL) {
const char *rule_table =
- nft_rule_attr_get_str(r, NFT_RULE_ATTR_TABLE);
+ nftnl_rule_get_str(r, NFTNL_RULE_TABLE);
struct iptables_command_state cs = {};
if (strcmp(table, rule_table) != 0)
counters ? 0 : FMT_NOCOUNTS);
next:
- r = nft_rule_list_iter_next(iter);
+ r = nftnl_rule_list_iter_next(iter);
}
- nft_rule_list_iter_destroy(iter);
- nft_rule_list_free(list);
+ nftnl_rule_list_iter_destroy(iter);
+ nftnl_rule_list_free(list);
/* the core expects 1 for success and 0 for error */
return 1;
static void
__nft_rule_flush(struct nft_handle *h, const char *table, const char *chain)
{
- struct nft_rule *r;
+ struct nftnl_rule *r;
- r = nft_rule_alloc();
+ r = nftnl_rule_alloc();
if (r == NULL)
return;
- nft_rule_attr_set(r, NFT_RULE_ATTR_TABLE, (char *)table);
- nft_rule_attr_set(r, NFT_RULE_ATTR_CHAIN, (char *)chain);
+ nftnl_rule_set(r, NFTNL_RULE_TABLE, (char *)table);
+ nftnl_rule_set(r, NFTNL_RULE_CHAIN, (char *)chain);
if (batch_rule_add(h, NFT_COMPAT_RULE_FLUSH, r) < 0)
- nft_rule_free(r);
+ nftnl_rule_free(r);
}
int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table)
{
int ret;
- struct nft_chain_list *list;
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list *list;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
nft_fn = nft_rule_flush;
- list = nft_chain_list_get(h);
+ list = nftnl_chain_list_get(h);
if (list == NULL) {
ret = 0;
goto err;
}
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
goto err;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *table_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
const char *chain_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
if (strcmp(table, table_name) != 0)
goto next;
if (chain != NULL)
break;
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
err:
- nft_chain_list_free(list);
+ nftnl_chain_list_free(list);
/* the core expects 1 for success and 0 for error */
return ret == 0 ? 1 : 0;
int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *table)
{
- struct nft_chain *c;
+ struct nftnl_chain *c;
int ret;
nft_fn = nft_chain_user_add;
if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0)
nft_xt_builtin_init(h, table);
- c = nft_chain_alloc();
+ c = nftnl_chain_alloc();
if (c == NULL)
return 0;
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_TABLE, (char *)table);
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_NAME, (char *)chain);
+ nftnl_chain_set(c, NFTNL_CHAIN_TABLE, (char *)table);
+ nftnl_chain_set(c, NFTNL_CHAIN_NAME, (char *)chain);
if (h->batch_support) {
ret = batch_chain_add(h, NFT_COMPAT_CHAIN_USER_ADD, c);
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN,
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN,
h->family,
NLM_F_ACK|NLM_F_EXCL, h->seq);
- nft_chain_nlmsg_build_payload(nlh, c);
- nft_chain_free(c);
+ nftnl_chain_nlmsg_build_payload(nlh, c);
+ nftnl_chain_free(c);
ret = mnl_talk(h, nlh, NULL, NULL);
}
return ret == 0 ? 1 : 0;
}
-static int __nft_chain_del(struct nft_handle *h, struct nft_chain *c)
+static int __nft_chain_del(struct nft_handle *h, struct nftnl_chain *c)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_DELCHAIN, h->family,
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_DELCHAIN, h->family,
NLM_F_ACK, h->seq);
- nft_chain_nlmsg_build_payload(nlh, c);
+ nftnl_chain_nlmsg_build_payload(nlh, c);
return mnl_talk(h, nlh, NULL, NULL);
}
int nft_chain_user_del(struct nft_handle *h, const char *chain, const char *table)
{
- struct nft_chain_list *list;
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list *list;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
int ret = 0;
int deleted_ctr = 0;
- list = nft_chain_list_get(h);
+ list = nftnl_chain_list_get(h);
if (list == NULL)
goto err;
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
goto err;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *table_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
const char *chain_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
/* don't delete built-in chain */
if (nft_chain_builtin(c))
if (chain != NULL)
break;
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
err:
if (!h->batch_support)
- nft_chain_list_free(list);
+ nftnl_chain_list_free(list);
/* chain not found */
if (deleted_ctr == 0) {
return ret == 0 ? 1 : 0;
}
-struct nft_chain *
-nft_chain_list_find(struct nft_chain_list *list,
+struct nftnl_chain *
+nft_chain_list_find(struct nftnl_chain_list *list,
const char *table, const char *chain)
{
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
return NULL;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *table_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
const char *chain_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
if (strcmp(table, table_name) != 0)
goto next;
if (strcmp(chain, chain_name) != 0)
goto next;
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
return c;
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
return NULL;
}
-static struct nft_chain *
+static struct nftnl_chain *
nft_chain_find(struct nft_handle *h, const char *table, const char *chain)
{
- struct nft_chain_list *list;
+ struct nftnl_chain_list *list;
- list = nft_chain_list_get(h);
+ list = nftnl_chain_list_get(h);
if (list == NULL)
return NULL;
int nft_chain_user_rename(struct nft_handle *h,const char *chain,
const char *table, const char *newname)
{
- struct nft_chain *c;
+ struct nftnl_chain *c;
uint64_t handle;
int ret;
errno = ENOENT;
return -1;
}
- handle = nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_HANDLE);
+ handle = nftnl_chain_get_u64(c, NFTNL_CHAIN_HANDLE);
/* Now prepare the new name for the chain */
- c = nft_chain_alloc();
+ c = nftnl_chain_alloc();
if (c == NULL)
return -1;
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_TABLE, (char *)table);
- nft_chain_attr_set(c, NFT_CHAIN_ATTR_NAME, (char *)newname);
- nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_HANDLE, handle);
+ nftnl_chain_set(c, NFTNL_CHAIN_TABLE, (char *)table);
+ nftnl_chain_set(c, NFTNL_CHAIN_NAME, (char *)newname);
+ nftnl_chain_set_u64(c, NFTNL_CHAIN_HANDLE, handle);
if (h->batch_support) {
ret = batch_chain_add(h, NFT_COMPAT_CHAIN_RENAME, c);
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN,
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN,
h->family, NLM_F_ACK, h->seq);
- nft_chain_nlmsg_build_payload(nlh, c);
- nft_chain_free(c);
+ nftnl_chain_nlmsg_build_payload(nlh, c);
+ nftnl_chain_free(c);
ret = mnl_talk(h, nlh, NULL, NULL);
}
return ret == 0 ? 1 : 0;
}
-static int nft_table_list_cb(const struct nlmsghdr *nlh, void *data)
+static int nftnl_table_list_cb(const struct nlmsghdr *nlh, void *data)
{
- struct nft_table *t;
- struct nft_table_list *list = data;
+ struct nftnl_table *t;
+ struct nftnl_table_list *list = data;
- t = nft_table_alloc();
+ t = nftnl_table_alloc();
if (t == NULL)
goto err;
- if (nft_table_nlmsg_parse(nlh, t) < 0)
+ if (nftnl_table_nlmsg_parse(nlh, t) < 0)
goto out;
- nft_table_list_add_tail(t, list);
+ nftnl_table_list_add_tail(t, list);
return MNL_CB_OK;
out:
- nft_table_free(t);
+ nftnl_table_free(t);
err:
return MNL_CB_OK;
}
-static struct nft_table_list *nft_table_list_get(struct nft_handle *h)
+static struct nftnl_table_list *nftnl_table_list_get(struct nft_handle *h)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- struct nft_table_list *list;
+ struct nftnl_table_list *list;
- list = nft_table_list_alloc();
+ list = nftnl_table_list_alloc();
if (list == NULL)
return 0;
- nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, h->family,
+ nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, h->family,
NLM_F_DUMP, h->seq);
- mnl_talk(h, nlh, nft_table_list_cb, list);
+ mnl_talk(h, nlh, nftnl_table_list_cb, list);
return list;
}
bool nft_table_find(struct nft_handle *h, const char *tablename)
{
- struct nft_table_list *list;
- struct nft_table_list_iter *iter;
- struct nft_table *t;
+ struct nftnl_table_list *list;
+ struct nftnl_table_list_iter *iter;
+ struct nftnl_table *t;
bool ret = false;
- list = nft_table_list_get(h);
+ list = nftnl_table_list_get(h);
if (list == NULL)
goto err;
- iter = nft_table_list_iter_create(list);
+ iter = nftnl_table_list_iter_create(list);
if (iter == NULL)
goto err;
- t = nft_table_list_iter_next(iter);
+ t = nftnl_table_list_iter_next(iter);
while (t != NULL) {
const char *this_tablename =
- nft_table_attr_get(t, NFT_TABLE_ATTR_NAME);
+ nftnl_table_get(t, NFTNL_TABLE_NAME);
if (strcmp(tablename, this_tablename) == 0)
return true;
- t = nft_table_list_iter_next(iter);
+ t = nftnl_table_list_iter_next(iter);
}
- nft_table_list_free(list);
+ nftnl_table_list_free(list);
err:
return ret;
bool counters)
{
int ret = 1;
- struct nft_table_list *list;
- struct nft_table_list_iter *iter;
- struct nft_table *t;
+ struct nftnl_table_list *list;
+ struct nftnl_table_list_iter *iter;
+ struct nftnl_table *t;
- list = nft_table_list_get(h);
+ list = nftnl_table_list_get(h);
if (list == NULL) {
ret = 0;
goto err;
}
- iter = nft_table_list_iter_create(list);
+ iter = nftnl_table_list_iter_create(list);
if (iter == NULL)
return 0;
- t = nft_table_list_iter_next(iter);
+ t = nftnl_table_list_iter_next(iter);
while (t != NULL) {
const char *tablename =
- nft_table_attr_get(t, NFT_TABLE_ATTR_NAME);
+ nftnl_table_get(t, NFTNL_TABLE_NAME);
func(h, tablename, counters);
- t = nft_table_list_iter_next(iter);
+ t = nftnl_table_list_iter_next(iter);
}
- nft_table_list_free(list);
+ nftnl_table_list_free(list);
err:
/* the core expects 1 for success and 0 for error */
}
int nft_table_purge_chains(struct nft_handle *h, const char *this_table,
- struct nft_chain_list *chain_list)
+ struct nftnl_chain_list *chain_list)
{
- struct nft_chain_list_iter *iter;
- struct nft_chain *chain_obj;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *chain_obj;
- iter = nft_chain_list_iter_create(chain_list);
+ iter = nftnl_chain_list_iter_create(chain_list);
if (iter == NULL)
return 0;
- chain_obj = nft_chain_list_iter_next(iter);
+ chain_obj = nftnl_chain_list_iter_next(iter);
while (chain_obj != NULL) {
const char *table =
- nft_chain_attr_get_str(chain_obj, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(chain_obj, NFTNL_CHAIN_TABLE);
if (strcmp(this_table, table) != 0)
goto next;
return -1;
}
next:
- chain_obj = nft_chain_list_iter_next(iter);
+ chain_obj = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
return 0;
}
-static int __nft_rule_del(struct nft_handle *h, struct nft_rule_list *list,
- struct nft_rule *r)
+static int __nft_rule_del(struct nft_handle *h, struct nftnl_rule_list *list,
+ struct nftnl_rule *r)
{
int ret;
- nft_rule_list_del(r);
+ nftnl_rule_list_del(r);
ret = batch_rule_add(h, NFT_COMPAT_RULE_DELETE, r);
if (ret < 0) {
- nft_rule_free(r);
+ nftnl_rule_free(r);
return -1;
}
return 1;
}
-struct nft_rule_list *nft_rule_list_create(struct nft_handle *h)
+struct nftnl_rule_list *nft_rule_list_create(struct nft_handle *h)
{
return nft_rule_list_get(h);
}
-void nft_rule_list_destroy(struct nft_rule_list *list)
+void nft_rule_list_destroy(struct nftnl_rule_list *list)
{
- nft_rule_list_free(list);
+ nftnl_rule_list_free(list);
}
-static struct nft_rule *
-nft_rule_find(struct nft_handle *h, struct nft_rule_list *list,
+static struct nftnl_rule *
+nft_rule_find(struct nft_handle *h, struct nftnl_rule_list *list,
const char *chain, const char *table, void *data, int rulenum)
{
- struct nft_rule *r;
- struct nft_rule_list_iter *iter;
+ struct nftnl_rule *r;
+ struct nftnl_rule_list_iter *iter;
int rule_ctr = 0;
bool found = false;
- iter = nft_rule_list_iter_create(list);
+ iter = nftnl_rule_list_iter_create(list);
if (iter == NULL)
return 0;
- r = nft_rule_list_iter_next(iter);
+ r = nftnl_rule_list_iter_next(iter);
while (r != NULL) {
const char *rule_table =
- nft_rule_attr_get_str(r, NFT_RULE_ATTR_TABLE);
+ nftnl_rule_get_str(r, NFTNL_RULE_TABLE);
const char *rule_chain =
- nft_rule_attr_get_str(r, NFT_RULE_ATTR_CHAIN);
+ nftnl_rule_get_str(r, NFTNL_RULE_CHAIN);
if (strcmp(table, rule_table) != 0 ||
strcmp(chain, rule_chain) != 0) {
}
rule_ctr++;
next:
- r = nft_rule_list_iter_next(iter);
+ r = nftnl_rule_list_iter_next(iter);
}
- nft_rule_list_iter_destroy(iter);
+ nftnl_rule_list_iter_destroy(iter);
return found ? r : NULL;
}
int nft_rule_check(struct nft_handle *h, const char *chain,
const char *table, void *data, bool verbose)
{
- struct nft_rule_list *list;
+ struct nftnl_rule_list *list;
int ret;
nft_fn = nft_rule_check;
const char *table, void *data, bool verbose)
{
int ret = 0;
- struct nft_rule *r;
- struct nft_rule_list *list;
+ struct nftnl_rule *r;
+ struct nftnl_rule_list *list;
nft_fn = nft_rule_delete;
const char *table, struct iptables_command_state *cs,
uint64_t handle, bool verbose)
{
- struct nft_rule *r;
+ struct nftnl_rule *r;
r = nft_rule_new(h, chain, table, cs);
if (r == NULL)
return 0;
if (handle > 0)
- nft_rule_attr_set_u64(r, NFT_RULE_ATTR_POSITION, handle);
+ nftnl_rule_set_u64(r, NFTNL_RULE_POSITION, handle);
if (batch_rule_add(h, NFT_COMPAT_RULE_INSERT, r) < 0) {
- nft_rule_free(r);
+ nftnl_rule_free(r);
return 0;
}
int nft_rule_insert(struct nft_handle *h, const char *chain,
const char *table, void *data, int rulenum, bool verbose)
{
- struct nft_rule_list *list;
- struct nft_rule *r;
+ struct nftnl_rule_list *list;
+ struct nftnl_rule *r;
uint64_t handle = 0;
/* If built-in chains don't exist for this table, create them */
goto err;
}
- handle = nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE);
+ handle = nftnl_rule_get_u64(r, NFTNL_RULE_HANDLE);
DEBUGP("adding after rule handle %"PRIu64"\n", handle);
nft_rule_list_destroy(list);
const char *table, int rulenum, bool verbose)
{
int ret = 0;
- struct nft_rule *r;
- struct nft_rule_list *list;
+ struct nftnl_rule *r;
+ struct nftnl_rule_list *list;
nft_fn = nft_rule_delete_num;
const char *table, void *data, int rulenum, bool verbose)
{
int ret = 0;
- struct nft_rule *r;
- struct nft_rule_list *list;
+ struct nftnl_rule *r;
+ struct nftnl_rule_list *list;
nft_fn = nft_rule_replace;
if (r != NULL) {
DEBUGP("replacing rule with handle=%llu\n",
(unsigned long long)
- nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE));
+ nftnl_rule_get_u64(r, NFTNL_RULE_HANDLE));
ret = nft_rule_append(h, chain, table, data,
- nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE),
+ nftnl_rule_get_u64(r, NFTNL_RULE_HANDLE),
verbose);
} else
errno = ENOENT;
static int
__nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
int rulenum, unsigned int format,
- void (*cb)(struct nft_rule *r, unsigned int num,
+ void (*cb)(struct nftnl_rule *r, unsigned int num,
unsigned int format))
{
- struct nft_rule_list *list;
- struct nft_rule_list_iter *iter;
- struct nft_rule *r;
+ struct nftnl_rule_list *list;
+ struct nftnl_rule_list_iter *iter;
+ struct nftnl_rule *r;
int rule_ctr = 0, ret = 0;
list = nft_rule_list_get(h);
if (list == NULL)
return 0;
- iter = nft_rule_list_iter_create(list);
+ iter = nftnl_rule_list_iter_create(list);
if (iter == NULL)
goto err;
- r = nft_rule_list_iter_next(iter);
+ r = nftnl_rule_list_iter_next(iter);
while (r != NULL) {
const char *rule_table =
- nft_rule_attr_get_str(r, NFT_RULE_ATTR_TABLE);
+ nftnl_rule_get_str(r, NFTNL_RULE_TABLE);
const char *rule_chain =
- nft_rule_attr_get_str(r, NFT_RULE_ATTR_CHAIN);
+ nftnl_rule_get_str(r, NFTNL_RULE_CHAIN);
if (strcmp(table, rule_table) != 0 ||
strcmp(chain, rule_chain) != 0)
}
next:
- r = nft_rule_list_iter_next(iter);
+ r = nftnl_rule_list_iter_next(iter);
}
- nft_rule_list_iter_destroy(iter);
+ nftnl_rule_list_iter_destroy(iter);
err:
- nft_rule_list_free(list);
+ nftnl_rule_list_free(list);
if (ret == 0)
errno = ENOENT;
int rulenum, unsigned int format)
{
const struct nft_family_ops *ops;
- struct nft_chain_list *list;
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list *list;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
bool found = false;
/* If built-in chains don't exist for this table, create them */
list = nft_chain_dump(h);
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
goto err;
if (ops->print_table_header)
ops->print_table_header(table);
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *chain_table =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
const char *chain_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
uint32_t policy =
- nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_POLICY);
+ nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY);
uint32_t refs =
- nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_USE);
+ nftnl_chain_get_u32(c, NFTNL_CHAIN_USE);
struct xt_counters ctrs = {
- .pcnt = nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_PACKETS),
- .bcnt = nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_BYTES),
+ .pcnt = nftnl_chain_get_u64(c, NFTNL_CHAIN_PACKETS),
+ .bcnt = nftnl_chain_get_u64(c, NFTNL_CHAIN_BYTES),
};
bool basechain = false;
- if (nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM))
+ if (nftnl_chain_get(c, NFTNL_CHAIN_HOOKNUM))
basechain = true;
if (strcmp(table, chain_table) != 0)
found = true;
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
err:
- nft_chain_list_free(list);
+ nftnl_chain_list_free(list);
return 1;
}
static void
-list_save(struct nft_rule *r, unsigned int num, unsigned int format)
+list_save(struct nftnl_rule *r, unsigned int num, unsigned int format)
{
struct iptables_command_state cs = {};
}
static int
-nft_rule_list_chain_save(struct nft_handle *h, const char *chain,
- const char *table, struct nft_chain_list *list,
+nftnl_rule_list_chain_save(struct nft_handle *h, const char *chain,
+ const char *table, struct nftnl_chain_list *list,
int counters)
{
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
return 0;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *chain_table =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
const char *chain_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
uint32_t policy =
- nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_POLICY);
+ nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY);
if (strcmp(table, chain_table) != 0 ||
(chain && strcmp(chain, chain_name) != 0))
if (counters) {
printf(" -c %"PRIu64" %"PRIu64"\n",
- nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_PACKETS),
- nft_chain_attr_get_u64(c, NFT_CHAIN_ATTR_BYTES));
+ nftnl_chain_get_u64(c, NFTNL_CHAIN_PACKETS),
+ nftnl_chain_get_u64(c, NFTNL_CHAIN_BYTES));
} else
printf("\n");
} else {
printf("-N %s\n", chain_name);
}
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
return 1;
}
int nft_rule_list_save(struct nft_handle *h, const char *chain,
const char *table, int rulenum, int counters)
{
- struct nft_chain_list *list;
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list *list;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
int ret = 1;
list = nft_chain_dump(h);
/* Dump policies and custom chains first */
if (!rulenum)
- nft_rule_list_chain_save(h, chain, table, list, counters);
+ nftnl_rule_list_chain_save(h, chain, table, list, counters);
/* Now dump out rules in this table */
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
goto err;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *chain_table =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
const char *chain_name =
- nft_chain_attr_get_str(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
if (strcmp(table, chain_table) != 0)
goto next;
if (chain)
break;
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
err:
- nft_chain_list_free(list);
+ nftnl_chain_list_free(list);
return ret;
}
const char *table, int rulenum)
{
struct iptables_command_state cs = {};
- struct nft_rule_list *list;
- struct nft_rule *r;
+ struct nftnl_rule_list *list;
+ struct nftnl_rule *r;
int ret = 0;
nft_fn = nft_rule_delete;
cs.counters.pcnt = cs.counters.bcnt = 0;
ret = nft_rule_append(h, chain, table, &cs,
- nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE),
+ nftnl_rule_get_u64(r, NFTNL_RULE_HANDLE),
false);
error:
static void nft_compat_table_batch_add(struct nft_handle *h, uint16_t type,
uint16_t flags, uint32_t seq,
- struct nft_table *table)
+ struct nftnl_table *table)
{
struct nlmsghdr *nlh;
- nlh = nft_table_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
+ nlh = nftnl_table_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
type, h->family, flags, seq);
- nft_table_nlmsg_build_payload(nlh, table);
- nft_table_free(table);
+ nftnl_table_nlmsg_build_payload(nlh, table);
+ nftnl_table_free(table);
}
static void nft_compat_chain_batch_add(struct nft_handle *h, uint16_t type,
uint16_t flags, uint32_t seq,
- struct nft_chain *chain)
+ struct nftnl_chain *chain)
{
struct nlmsghdr *nlh;
- nlh = nft_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
+ nlh = nftnl_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
type, h->family, flags, seq);
- nft_chain_nlmsg_build_payload(nlh, chain);
+ nftnl_chain_nlmsg_build_payload(nlh, chain);
nft_chain_print_debug(chain, nlh);
- nft_chain_free(chain);
+ nftnl_chain_free(chain);
}
static void nft_compat_rule_batch_add(struct nft_handle *h, uint16_t type,
uint16_t flags, uint32_t seq,
- struct nft_rule *rule)
+ struct nftnl_rule *rule)
{
struct nlmsghdr *nlh;
- nlh = nft_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
+ nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(h->batch),
type, h->family, flags, seq);
- nft_rule_nlmsg_build_payload(nlh, rule);
+ nftnl_rule_nlmsg_build_payload(nlh, rule);
nft_rule_print_debug(rule, nlh);
- nft_rule_free(rule);
+ nftnl_rule_free(rule);
}
static int nft_action(struct nft_handle *h, int action)
uint32_t seq = 1;
int ret = 0;
- mnl_nft_batch_begin(h->batch, seq++);
+ mnl_nftnl_batch_begin(h->batch, seq++);
list_for_each_entry_safe(n, tmp, &h->obj_list, head) {
switch (n->type) {
free(n);
if (!mnl_nlmsg_batch_next(h->batch))
- h->batch = mnl_nft_batch_page_add(h->batch);
+ h->batch = mnl_nftnl_batch_page_add(h->batch);
}
switch (action) {
case NFT_COMPAT_COMMIT:
- mnl_nft_batch_end(h->batch, seq++);
+ mnl_nftnl_batch_end(h->batch, seq++);
break;
case NFT_COMPAT_ABORT:
break;
}
if (!mnl_nlmsg_batch_is_empty(h->batch))
- h->batch = mnl_nft_batch_page_add(h->batch);
+ h->batch = mnl_nftnl_batch_page_add(h->batch);
- ret = mnl_nft_batch_talk(h);
+ ret = mnl_nftnl_batch_talk(h);
mnl_nlmsg_batch_reset(h->batch);
int nft_xtables_config_load(struct nft_handle *h, const char *filename,
uint32_t flags)
{
- struct nft_table_list *table_list = nft_table_list_alloc();
- struct nft_chain_list *chain_list = nft_chain_list_alloc();
- struct nft_table_list_iter *titer = NULL;
- struct nft_chain_list_iter *citer = NULL;
- struct nft_table *table;
- struct nft_chain *chain;
+ struct nftnl_table_list *table_list = nftnl_table_list_alloc();
+ struct nftnl_chain_list *chain_list = nftnl_chain_list_alloc();
+ struct nftnl_table_list_iter *titer = NULL;
+ struct nftnl_chain_list_iter *citer = NULL;
+ struct nftnl_table *table;
+ struct nftnl_chain *chain;
uint32_t table_family, chain_family;
bool found = false;
}
/* Stage 1) create tables */
- titer = nft_table_list_iter_create(table_list);
- while ((table = nft_table_list_iter_next(titer)) != NULL) {
- table_family = nft_table_attr_get_u32(table,
- NFT_TABLE_ATTR_FAMILY);
+ titer = nftnl_table_list_iter_create(table_list);
+ while ((table = nftnl_table_list_iter_next(titer)) != NULL) {
+ table_family = nftnl_table_get_u32(table,
+ NFTNL_TABLE_FAMILY);
if (h->family != table_family)
continue;
if (errno == EEXIST) {
xtables_config_perror(flags,
"table `%s' already exists, skipping\n",
- (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME));
+ (char *)nftnl_table_get(table, NFTNL_TABLE_NAME));
} else {
xtables_config_perror(flags,
"table `%s' cannot be create, reason `%s'. Exitting\n",
- (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME),
+ (char *)nftnl_table_get(table, NFTNL_TABLE_NAME),
strerror(errno));
goto err;
}
continue;
}
xtables_config_perror(flags, "table `%s' has been created\n",
- (char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME));
+ (char *)nftnl_table_get(table, NFTNL_TABLE_NAME));
}
- nft_table_list_iter_destroy(titer);
- nft_table_list_free(table_list);
+ nftnl_table_list_iter_destroy(titer);
+ nftnl_table_list_free(table_list);
if (!found)
goto err;
/* Stage 2) create chains */
- citer = nft_chain_list_iter_create(chain_list);
- while ((chain = nft_chain_list_iter_next(citer)) != NULL) {
- chain_family = nft_chain_attr_get_u32(chain,
- NFT_CHAIN_ATTR_TABLE);
+ citer = nftnl_chain_list_iter_create(chain_list);
+ while ((chain = nftnl_chain_list_iter_next(citer)) != NULL) {
+ chain_family = nftnl_chain_get_u32(chain,
+ NFTNL_CHAIN_TABLE);
if (h->family != chain_family)
continue;
if (errno == EEXIST) {
xtables_config_perror(flags,
"chain `%s' already exists in table `%s', skipping\n",
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_TABLE));
+ (char *)nftnl_chain_get(chain, NFTNL_CHAIN_NAME),
+ (char *)nftnl_chain_get(chain, NFTNL_CHAIN_TABLE));
} else {
xtables_config_perror(flags,
"chain `%s' cannot be create, reason `%s'. Exitting\n",
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
+ (char *)nftnl_chain_get(chain, NFTNL_CHAIN_NAME),
strerror(errno));
goto err;
}
xtables_config_perror(flags,
"chain `%s' in table `%s' has been created\n",
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
- (char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_TABLE));
+ (char *)nftnl_chain_get(chain, NFTNL_CHAIN_NAME),
+ (char *)nftnl_chain_get(chain, NFTNL_CHAIN_TABLE));
}
- nft_chain_list_iter_destroy(citer);
- nft_chain_list_free(chain_list);
+ nftnl_chain_list_iter_destroy(citer);
+ nftnl_chain_list_free(chain_list);
return 0;
err:
- nft_table_list_free(table_list);
- nft_chain_list_free(chain_list);
+ nftnl_table_list_free(table_list);
+ nftnl_chain_list_free(chain_list);
if (titer != NULL)
- nft_table_list_iter_destroy(titer);
+ nftnl_table_list_iter_destroy(titer);
if (citer != NULL)
- nft_chain_list_iter_destroy(citer);
+ nftnl_chain_list_iter_destroy(citer);
return -1;
}
int nft_chain_zero_counters(struct nft_handle *h, const char *chain,
const char *table)
{
- struct nft_chain_list *list;
- struct nft_chain_list_iter *iter;
- struct nft_chain *c;
+ struct nftnl_chain_list *list;
+ struct nftnl_chain_list_iter *iter;
+ struct nftnl_chain *c;
int ret = 0;
- list = nft_chain_list_get(h);
+ list = nftnl_chain_list_get(h);
if (list == NULL)
goto err;
- iter = nft_chain_list_iter_create(list);
+ iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
goto err;
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
while (c != NULL) {
const char *chain_name =
- nft_chain_attr_get(c, NFT_CHAIN_ATTR_NAME);
+ nftnl_chain_get(c, NFTNL_CHAIN_NAME);
const char *chain_table =
- nft_chain_attr_get(c, NFT_CHAIN_ATTR_TABLE);
+ nftnl_chain_get(c, NFTNL_CHAIN_TABLE);
if (strcmp(table, chain_table) != 0)
goto next;
if (chain != NULL && strcmp(chain, chain_name) != 0)
goto next;
- nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_PACKETS, 0);
- nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_BYTES, 0);
+ nftnl_chain_set_u64(c, NFTNL_CHAIN_PACKETS, 0);
+ nftnl_chain_set_u64(c, NFTNL_CHAIN_BYTES, 0);
- nft_chain_attr_unset(c, NFT_CHAIN_ATTR_HANDLE);
+ nftnl_chain_unset(c, NFTNL_CHAIN_HANDLE);
if (h->batch_support) {
ret = batch_chain_add(h, NFT_COMPAT_CHAIN_ADD, c);
struct nlmsghdr *nlh;
char buf[MNL_SOCKET_BUFFER_SIZE];
- nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN,
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN,
h->family, NLM_F_ACK,
h->seq);
- nft_chain_nlmsg_build_payload(nlh, c);
+ nftnl_chain_nlmsg_build_payload(nlh, c);
ret = mnl_talk(h, nlh, NULL, NULL);
}
if (chain != NULL)
break;
next:
- c = nft_chain_list_iter_next(iter);
+ c = nftnl_chain_list_iter_next(iter);
}
if (!h->batch_support)
- nft_chain_list_free(list);
+ nftnl_chain_list_free(list);
- nft_chain_list_iter_destroy(iter);
+ nftnl_chain_list_iter_destroy(iter);
err:
/* the core expects 1 for success and 0 for error */
projects / thirdparty / iptables.git / commitdiff
