uint32_t mnl_batch_begin(struct nftnl_batch *batch, uint32_t seqnum);
void mnl_batch_end(struct nftnl_batch *batch, uint32_t seqnum);
int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list);
-int mnl_nft_rule_batch_add(struct nftnl_rule *nlr, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum);
-int mnl_nft_rule_batch_del(struct nftnl_rule *nlr, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum);
-int mnl_nft_rule_batch_replace(struct nftnl_rule *nlr, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum);
+
+int mnl_nft_rule_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+ unsigned int flags);
+int mnl_nft_rule_del(struct netlink_ctx *ctx, const struct cmd *cmd);
+int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd);
struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx,
int family);
struct nft_cache *cache;
};
-extern struct nftnl_rule *alloc_nftnl_rule(const struct handle *h);
extern struct nftnl_expr *alloc_nft_expr(const char *name);
extern struct nftnl_set *alloc_nftnl_set(const struct handle *h);
extern struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
struct nftnl_rule *r);
-extern int netlink_add_rule_batch(struct netlink_ctx *ctx,
- const struct cmd *cmd,
- uint32_t flags);
-extern int netlink_del_rule_batch(struct netlink_ctx *ctx,
- const struct cmd *cmd);
-extern int netlink_replace_rule_batch(struct netlink_ctx *ctx,
- const struct cmd *cmd);
-
extern int netlink_list_chains(struct netlink_ctx *ctx, const struct handle *h);
extern int netlink_flush_chain(struct netlink_ctx *ctx, const struct cmd *cmd);
extern struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
return err;
}
-int mnl_nft_rule_batch_add(struct nftnl_rule *nlr, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_rule_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+ unsigned int flags)
{
+ struct rule *rule = cmd->rule;
+ struct handle *h = &rule->handle;
+ struct nftnl_rule *nlr;
struct nlmsghdr *nlh;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+ nlr = nftnl_rule_alloc();
+ if (!nlr)
+ memory_allocation_error();
+
+ nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family);
+ nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table.name);
+ nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name);
+ if (h->position.id)
+ nftnl_rule_set_u64(nlr, NFTNL_RULE_POSITION, h->position.id);
+
+ netlink_linearize_rule(ctx, nlr, rule);
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
NFT_MSG_NEWRULE,
- nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY),
- NLM_F_CREATE | flags, seqnum);
+ cmd->handle.family,
+ NLM_F_CREATE | flags, ctx->seqnum);
nftnl_rule_nlmsg_build_payload(nlh, nlr);
- mnl_nft_batch_continue(batch);
+ nftnl_rule_free(nlr);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
-int mnl_nft_rule_batch_replace(struct nftnl_rule *nlr, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd)
{
+ struct rule *rule = cmd->rule;
+ struct handle *h = &rule->handle;
+ unsigned int flags = 0;
+ struct nftnl_rule *nlr;
struct nlmsghdr *nlh;
+ int err;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+ if (ctx->octx->echo) {
+ err = cache_update(ctx->nf_sock, ctx->cache,
+ CMD_INVALID, ctx->msgs,
+ ctx->debug_mask, ctx->octx);
+ if (err < 0)
+ return err;
+
+ flags |= NLM_F_ECHO;
+ }
+
+ nlr = nftnl_rule_alloc();
+ if (!nlr)
+ memory_allocation_error();
+
+ nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family);
+ nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table.name);
+ nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name);
+ nftnl_rule_set_u64(nlr, NFTNL_RULE_HANDLE, h->handle.id);
+
+ netlink_linearize_rule(ctx, nlr, rule);
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
NFT_MSG_NEWRULE,
- nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY),
- NLM_F_REPLACE | flags, seqnum);
+ cmd->handle.family,
+ NLM_F_REPLACE | flags, ctx->seqnum);
nftnl_rule_nlmsg_build_payload(nlh, nlr);
- mnl_nft_batch_continue(batch);
+ nftnl_rule_free(nlr);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
-int mnl_nft_rule_batch_del(struct nftnl_rule *nlr, struct nftnl_batch *batch,
- unsigned int flags, uint32_t seqnum)
+int mnl_nft_rule_del(struct netlink_ctx *ctx, const struct cmd *cmd)
{
+ const struct handle *h = &cmd->handle;
+ struct nftnl_rule *nlr;
struct nlmsghdr *nlh;
- nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+ nlr = nftnl_rule_alloc();
+ if (!nlr)
+ memory_allocation_error();
+
+ nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family);
+ nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table.name);
+ if (h->chain.name)
+ nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name);
+ if (h->handle.id)
+ nftnl_rule_set_u64(nlr, NFTNL_RULE_HANDLE, h->handle.id);
+
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
NFT_MSG_DELRULE,
nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY),
- 0, seqnum);
+ 0, ctx->seqnum);
nftnl_rule_nlmsg_build_payload(nlh, nlr);
- mnl_nft_batch_continue(batch);
+ nftnl_rule_free(nlr);
+
+ mnl_nft_batch_continue(ctx->batch);
return 0;
}
exit(NFT_EXIT_NONL);
}
-struct nftnl_rule *alloc_nftnl_rule(const struct handle *h)
-{
- struct nftnl_rule *nlr;
-
- nlr = nftnl_rule_alloc();
- if (nlr == NULL)
- memory_allocation_error();
-
- nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family);
- nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table.name);
- if (h->chain.name != NULL)
- nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name);
- if (h->handle.id)
- nftnl_rule_set_u64(nlr, NFTNL_RULE_HANDLE, h->handle.id);
- if (h->position.id)
- nftnl_rule_set_u64(nlr, NFTNL_RULE_POSITION, h->position.id);
-
- return nlr;
-}
-
struct nftnl_expr *alloc_nft_expr(const char *name)
{
struct nftnl_expr *nle;
}
}
-int netlink_add_rule_batch(struct netlink_ctx *ctx, const struct cmd *cmd,
- uint32_t flags)
-{
- struct rule *rule = cmd->rule;
- struct nftnl_rule *nlr;
- int err;
-
- nlr = alloc_nftnl_rule(&rule->handle);
- netlink_linearize_rule(ctx, nlr, rule);
- err = mnl_nft_rule_batch_add(nlr, ctx->batch, flags | NLM_F_EXCL,
- ctx->seqnum);
- nftnl_rule_free(nlr);
-
- return err;
-}
-
-int netlink_replace_rule_batch(struct netlink_ctx *ctx, const struct cmd *cmd)
-{
- struct rule *rule = cmd->rule;
- struct nftnl_rule *nlr;
- int err, flags = 0;
-
- if (ctx->octx->echo) {
- err = cache_update(ctx->nf_sock, ctx->cache,
- CMD_INVALID, ctx->msgs,
- ctx->debug_mask, ctx->octx);
- if (err < 0)
- return err;
-
- flags |= NLM_F_ECHO;
- }
-
- nlr = alloc_nftnl_rule(&rule->handle);
- netlink_linearize_rule(ctx, nlr, rule);
- err = mnl_nft_rule_batch_replace(nlr, ctx->batch, flags, ctx->seqnum);
- nftnl_rule_free(nlr);
-
- return err;
-}
-
-int netlink_del_rule_batch(struct netlink_ctx *ctx, const struct cmd *cmd)
-{
- struct nftnl_rule *nlr;
- int err;
-
- nlr = alloc_nftnl_rule(&cmd->handle);
- err = mnl_nft_rule_batch_del(nlr, ctx->batch, 0, ctx->seqnum);
- nftnl_rule_free(nlr);
-
- return err;
-}
-
void netlink_dump_rule(const struct nftnl_rule *nlr, struct netlink_ctx *ctx)
{
FILE *fp = ctx->octx->output_fp;
static int netlink_flush_rules(struct netlink_ctx *ctx, const struct cmd *cmd)
{
- return netlink_del_rule_batch(ctx, cmd);
+ return mnl_nft_rule_del(ctx, cmd);
}
void netlink_dump_chain(const struct nftnl_chain *nlc, struct netlink_ctx *ctx)
int netlink_flush_chain(struct netlink_ctx *ctx, const struct cmd *cmd)
{
- return netlink_del_rule_batch(ctx, cmd);
+ return mnl_nft_rule_del(ctx, cmd);
}
struct table *netlink_delinearize_table(struct netlink_ctx *ctx,
case CMD_OBJ_CHAIN:
return mnl_nft_chain_add(ctx, cmd, flags);
case CMD_OBJ_RULE:
- return netlink_add_rule_batch(ctx, cmd, flags | NLM_F_APPEND);
+ return mnl_nft_rule_add(ctx, cmd, flags | NLM_F_APPEND);
case CMD_OBJ_SET:
return do_add_set(ctx, cmd, flags);
case CMD_OBJ_SETELEM:
{
switch (cmd->obj) {
case CMD_OBJ_RULE:
- return netlink_replace_rule_batch(ctx, cmd);
+ return mnl_nft_rule_replace(ctx, cmd);
default:
BUG("invalid command object type %u\n", cmd->obj);
}
switch (cmd->obj) {
case CMD_OBJ_RULE:
- return netlink_add_rule_batch(ctx, cmd, flags);
+ return mnl_nft_rule_add(ctx, cmd, flags);
default:
BUG("invalid command object type %u\n", cmd->obj);
}
case CMD_OBJ_CHAIN:
return mnl_nft_chain_del(ctx, cmd);
case CMD_OBJ_RULE:
- return netlink_del_rule_batch(ctx, cmd);
+ return mnl_nft_rule_del(ctx, cmd);
case CMD_OBJ_SET:
return netlink_delete_set_batch(ctx, cmd);
case CMD_OBJ_SETELEM:
projects / thirdparty / nftables.git / commitdiff
