const char *table,
const char *name, uint32_t type,
bool dump, bool reset);
-int mnl_nft_obj_batch_add(struct nftnl_obj *nln, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum);
-int mnl_nft_obj_batch_del(struct nftnl_obj *nln, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum);
+int mnl_nft_obj_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+ unsigned int flags);
+int mnl_nft_obj_del(struct netlink_ctx *ctx, const struct cmd *cmd, int type);
struct nftnl_flowtable_list *
mnl_nft_flowtable_dump(struct netlink_ctx *ctx, int family, const char *table);
extern int netlink_list_objs(struct netlink_ctx *ctx, const struct handle *h);
extern int netlink_reset_objs(struct netlink_ctx *ctx, const struct cmd *cmd,
uint32_t type, bool dump);
-extern int netlink_add_obj(struct netlink_ctx *ctx, const struct cmd *cmd,
- uint32_t flags);
-extern int netlink_delete_obj(struct netlink_ctx *ctx, const struct cmd *cmd,
- uint32_t type);
extern struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx,
struct nftnl_obj *nlo);
return NULL;
}
-int mnl_nft_obj_batch_add(struct nftnl_obj *nln, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_obj_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+ unsigned int flags)
{
+ struct obj *obj = cmd->object;
+ struct nftnl_obj *nlo;
struct nlmsghdr *nlh;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
- NFT_MSG_NEWOBJ,
- nftnl_obj_get_u32(nln, NFTNL_OBJ_FAMILY),
- NLM_F_CREATE | flags, seqnum);
- nftnl_obj_nlmsg_build_payload(nlh, nln);
- mnl_nft_batch_continue(batch);
+ nlo = nftnl_obj_alloc();
+ if (!nlo)
+ memory_allocation_error();
+
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_FAMILY, cmd->handle.family);
+ nftnl_obj_set_str(nlo, NFTNL_OBJ_TABLE, cmd->handle.table.name);
+ nftnl_obj_set_str(nlo, NFTNL_OBJ_NAME, cmd->handle.obj.name);
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_TYPE, obj->type);
+
+ switch (obj->type) {
+ case NFT_OBJECT_COUNTER:
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_CTR_PKTS,
+ obj->counter.packets);
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_CTR_BYTES,
+ obj->counter.bytes);
+ break;
+ case NFT_OBJECT_QUOTA:
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_QUOTA_BYTES,
+ obj->quota.bytes);
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_QUOTA_CONSUMED,
+ obj->quota.used);
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_QUOTA_FLAGS,
+ obj->quota.flags);
+ break;
+ case NFT_OBJECT_LIMIT:
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_LIMIT_RATE, obj->limit.rate);
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_LIMIT_UNIT, obj->limit.unit);
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_LIMIT_BURST, obj->limit.burst);
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_LIMIT_TYPE, obj->limit.type);
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_LIMIT_FLAGS, obj->limit.flags);
+ break;
+ case NFT_OBJECT_CT_HELPER:
+ nftnl_obj_set_str(nlo, NFTNL_OBJ_CT_HELPER_NAME,
+ obj->ct_helper.name);
+ nftnl_obj_set_u8(nlo, NFTNL_OBJ_CT_HELPER_L4PROTO,
+ obj->ct_helper.l4proto);
+ if (obj->ct_helper.l3proto)
+ nftnl_obj_set_u16(nlo, NFTNL_OBJ_CT_HELPER_L3PROTO,
+ obj->ct_helper.l3proto);
+ break;
+ case NFT_OBJECT_CT_TIMEOUT:
+ nftnl_obj_set_u8(nlo, NFTNL_OBJ_CT_TIMEOUT_L4PROTO,
+ obj->ct_timeout.l4proto);
+ if (obj->ct_timeout.l3proto)
+ nftnl_obj_set_u16(nlo, NFTNL_OBJ_CT_TIMEOUT_L3PROTO,
+ obj->ct_timeout.l3proto);
+ nftnl_obj_set(nlo, NFTNL_OBJ_CT_TIMEOUT_ARRAY,
+ obj->ct_timeout.timeout);
+ break;
+ case NFT_OBJECT_SECMARK:
+ nftnl_obj_set_str(nlo, NFTNL_OBJ_SECMARK_CTX,
+ obj->secmark.ctx);
+ break;
+ default:
+ BUG("Unknown type %d\n", obj->type);
+ break;
+ }
+ netlink_dump_obj(nlo, ctx);
+
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
+ NFT_MSG_NEWOBJ, cmd->handle.family,
+ NLM_F_CREATE | flags, ctx->seqnum);
+ nftnl_obj_nlmsg_build_payload(nlh, nlo);
+ nftnl_obj_free(nlo);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
-int mnl_nft_obj_batch_del(struct nftnl_obj *nln, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_obj_del(struct netlink_ctx *ctx, const struct cmd *cmd, int type)
{
+ struct nftnl_obj *nlo;
struct nlmsghdr *nlh;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
- NFT_MSG_DELOBJ,
- nftnl_obj_get_u32(nln, NFTNL_OBJ_FAMILY),
- flags, seqnum);
- nftnl_obj_nlmsg_build_payload(nlh, nln);
- mnl_nft_batch_continue(batch);
+ nlo = nftnl_obj_alloc();
+ if (!nlo)
+ memory_allocation_error();
+
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_FAMILY, cmd->handle.family);
+ nftnl_obj_set_str(nlo, NFTNL_OBJ_TABLE, cmd->handle.table.name);
+ nftnl_obj_set_u32(nlo, NFTNL_OBJ_TYPE, type);
+ if (cmd->handle.obj.name)
+ nftnl_obj_set_str(nlo, NFTNL_OBJ_NAME, cmd->handle.obj.name);
+ else if (cmd->handle.handle.id)
+ nftnl_obj_set_u64(nlo, NFTNL_OBJ_HANDLE, cmd->handle.handle.id);
+
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
+ NFT_MSG_DELOBJ, cmd->handle.family,
+ 0, ctx->seqnum);
+ nftnl_obj_nlmsg_build_payload(nlh, nlo);
+ nftnl_obj_free(nlo);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
return nlse;
}
-static struct nftnl_obj *
-__alloc_nftnl_obj(const struct handle *h, uint32_t type)
-{
- struct nftnl_obj *nlo;
-
- nlo = nftnl_obj_alloc();
- if (nlo == NULL)
- memory_allocation_error();
-
- nftnl_obj_set_u32(nlo, NFTNL_OBJ_FAMILY, h->family);
- nftnl_obj_set_str(nlo, NFTNL_OBJ_TABLE, h->table.name);
- if (h->obj.name != NULL)
- nftnl_obj_set_str(nlo, NFTNL_OBJ_NAME, h->obj.name);
-
- nftnl_obj_set_u32(nlo, NFTNL_OBJ_TYPE, type);
- if (h->handle.id)
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_HANDLE, h->handle.id);
-
- return nlo;
-}
-
-static struct nftnl_obj *
-alloc_nftnl_obj(const struct handle *h, struct obj *obj)
-{
- struct nftnl_obj *nlo;
-
- nlo = __alloc_nftnl_obj(h, obj->type);
-
- switch (obj->type) {
- case NFT_OBJECT_COUNTER:
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_CTR_PKTS,
- obj->counter.packets);
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_CTR_BYTES,
- obj->counter.bytes);
- break;
- case NFT_OBJECT_QUOTA:
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_QUOTA_BYTES,
- obj->quota.bytes);
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_QUOTA_CONSUMED,
- obj->quota.used);
- nftnl_obj_set_u32(nlo, NFTNL_OBJ_QUOTA_FLAGS,
- obj->quota.flags);
- break;
- case NFT_OBJECT_SECMARK:
- nftnl_obj_set_str(nlo, NFTNL_OBJ_SECMARK_CTX,
- obj->secmark.ctx);
- break;
- case NFT_OBJECT_CT_HELPER:
- nftnl_obj_set_str(nlo, NFTNL_OBJ_CT_HELPER_NAME,
- obj->ct_helper.name);
- nftnl_obj_set_u8(nlo, NFTNL_OBJ_CT_HELPER_L4PROTO,
- obj->ct_helper.l4proto);
- if (obj->ct_helper.l3proto)
- nftnl_obj_set_u16(nlo, NFTNL_OBJ_CT_HELPER_L3PROTO,
- obj->ct_helper.l3proto);
- break;
- case NFT_OBJECT_CT_TIMEOUT:
- nftnl_obj_set_u8(nlo, NFTNL_OBJ_CT_TIMEOUT_L4PROTO,
- obj->ct_timeout.l4proto);
- if (obj->ct_timeout.l3proto)
- nftnl_obj_set_u16(nlo, NFTNL_OBJ_CT_TIMEOUT_L3PROTO,
- obj->ct_timeout.l3proto);
- nftnl_obj_set(nlo, NFTNL_OBJ_CT_TIMEOUT_ARRAY, obj->ct_timeout.timeout);
- break;
- case NFT_OBJECT_LIMIT:
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_LIMIT_RATE, obj->limit.rate);
- nftnl_obj_set_u64(nlo, NFTNL_OBJ_LIMIT_UNIT, obj->limit.unit);
- nftnl_obj_set_u32(nlo, NFTNL_OBJ_LIMIT_BURST, obj->limit.burst);
- nftnl_obj_set_u32(nlo, NFTNL_OBJ_LIMIT_TYPE, obj->limit.type);
- nftnl_obj_set_u32(nlo, NFTNL_OBJ_LIMIT_FLAGS, obj->limit.flags);
- break;
- default:
- BUG("Unknown type %d\n", obj->type);
- break;
- }
- return nlo;
-}
-
void netlink_gen_raw_data(const mpz_t value, enum byteorder byteorder,
unsigned int len, struct nft_data_linearize *data)
{
fprintf(fp, "\n");
}
-int netlink_add_obj(struct netlink_ctx *ctx, const struct cmd *cmd,
- uint32_t flags)
-{
- struct nftnl_obj *nlo;
- int err;
-
- nlo = alloc_nftnl_obj(&cmd->handle, cmd->object);
- netlink_dump_obj(nlo, ctx);
-
- err = mnl_nft_obj_batch_add(nlo, ctx->batch, flags, ctx->seqnum);
- nftnl_obj_free(nlo);
-
- return err;
-}
-
-int netlink_delete_obj(struct netlink_ctx *ctx, const struct cmd *cmd,
- uint32_t type)
-{
- struct nftnl_obj *nlo;
- int err;
-
- nlo = __alloc_nftnl_obj(&cmd->handle, type);
- netlink_dump_obj(nlo, ctx);
-
- err = mnl_nft_obj_batch_del(nlo, ctx->batch, 0, ctx->seqnum);
- nftnl_obj_free(nlo);
-
- return err;
-}
-
struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx,
struct nftnl_obj *nlo)
{
case CMD_OBJ_CT_TIMEOUT:
case CMD_OBJ_LIMIT:
case CMD_OBJ_SECMARK:
- return netlink_add_obj(ctx, cmd, flags);
+ return mnl_nft_obj_add(ctx, cmd, flags);
case CMD_OBJ_FLOWTABLE:
return netlink_add_flowtable(ctx, cmd, flags);
default:
case CMD_OBJ_SETELEM:
return do_delete_setelems(ctx, cmd);
case CMD_OBJ_COUNTER:
- return netlink_delete_obj(ctx, cmd, NFT_OBJECT_COUNTER);
+ return mnl_nft_obj_del(ctx, cmd, NFT_OBJECT_COUNTER);
case CMD_OBJ_QUOTA:
- return netlink_delete_obj(ctx, cmd, NFT_OBJECT_QUOTA);
+ return mnl_nft_obj_del(ctx, cmd, NFT_OBJECT_QUOTA);
case CMD_OBJ_CT_HELPER:
- return netlink_delete_obj(ctx, cmd, NFT_OBJECT_CT_HELPER);
+ return mnl_nft_obj_del(ctx, cmd, NFT_OBJECT_CT_HELPER);
case CMD_OBJ_CT_TIMEOUT:
- return netlink_delete_obj(ctx, cmd,
- NFT_OBJECT_CT_TIMEOUT);
+ return mnl_nft_obj_del(ctx, cmd, NFT_OBJECT_CT_TIMEOUT);
case CMD_OBJ_LIMIT:
- return netlink_delete_obj(ctx, cmd, NFT_OBJECT_LIMIT);
+ return mnl_nft_obj_del(ctx, cmd, NFT_OBJECT_LIMIT);
case CMD_OBJ_SECMARK:
- return netlink_delete_obj(ctx, cmd, NFT_OBJECT_SECMARK);
+ return mnl_nft_obj_del(ctx, cmd, NFT_OBJECT_SECMARK);
case CMD_OBJ_FLOWTABLE:
return netlink_delete_flowtable(ctx, cmd);
default:
projects / thirdparty / nftables.git / commitdiff
