nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_KEY, &nld.value, nld.len);
if (elem->timeout)
nftnl_set_elem_set_u64(nlse, NFTNL_SET_ELEM_TIMEOUT,
- elem->timeout);
+ elem->timeout);
if (elem->comment)
nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_USERDATA,
- elem->comment, strlen(elem->comment) + 1);
+ elem->comment, strlen(elem->comment) + 1);
if (data != NULL) {
netlink_gen_data(data, &nld);
switch (data->ops->type) {
case EXPR_VERDICT:
nftnl_set_elem_set_u32(nlse, NFTNL_SET_ELEM_VERDICT,
- data->verdict);
+ data->verdict);
if (data->chain != NULL)
nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_CHAIN,
- nld.chain, strlen(nld.chain));
+ nld.chain, strlen(nld.chain));
break;
case EXPR_VALUE:
nftnl_set_elem_set(nlse, NFTNL_SET_ELEM_DATA,
- nld.value, nld.len);
+ nld.value, nld.len);
break;
default:
BUG("unexpected set element expression\n");
if (expr->flags & EXPR_F_INTERVAL_END)
nftnl_set_elem_set_u32(nlse, NFTNL_SET_ELEM_FLAGS,
- NFT_SET_ELEM_INTERVAL_END);
+ NFT_SET_ELEM_INTERVAL_END);
return nlse;
}
if (chain != NULL) {
if (chain->flags & CHAIN_F_BASECHAIN) {
nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM,
- chain->hooknum);
+ chain->hooknum);
nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO,
- chain->priority);
+ chain->priority);
nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE,
- chain->type);
+ chain->type);
}
if (chain->policy != -1)
nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY,
- chain->policy);
+ chain->policy);
}
netlink_dump_chain(nlc);
if (chain != NULL) {
if (chain->flags & CHAIN_F_BASECHAIN) {
nftnl_chain_set_u32(nlc, NFTNL_CHAIN_HOOKNUM,
- chain->hooknum);
+ chain->hooknum);
nftnl_chain_set_s32(nlc, NFTNL_CHAIN_PRIO,
- chain->priority);
+ chain->priority);
nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE,
- chain->type);
+ chain->type);
}
if (chain->policy != -1)
nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY,
- chain->policy);
+ chain->policy);
if (chain->dev != NULL)
nftnl_chain_set_str(nlc, NFTNL_CHAIN_DEV,
- chain->dev);
+ chain->dev);
}
netlink_dump_chain(nlc);
struct table *table;
table = table_alloc();
- table->handle.family =
- nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY);
- table->handle.table =
- xstrdup(nftnl_table_get_str(nlt, NFTNL_TABLE_NAME));
- table->flags =
- nftnl_table_get_u32(nlt, NFTNL_TABLE_FLAGS);
+ table->handle.family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY);
+ table->handle.table = xstrdup(nftnl_table_get_str(nlt, NFTNL_TABLE_NAME));
+ table->flags = nftnl_table_get_u32(nlt, NFTNL_TABLE_FLAGS);
return table;
}
set = set_alloc(&netlink_location);
set->handle.family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY);
- set->handle.table =
- xstrdup(nftnl_set_get_str(nls, NFTNL_SET_TABLE));
- set->handle.set =
- xstrdup(nftnl_set_get_str(nls, NFTNL_SET_NAME));
+ set->handle.table = xstrdup(nftnl_set_get_str(nls, NFTNL_SET_TABLE));
+ set->handle.set = xstrdup(nftnl_set_get_str(nls, NFTNL_SET_NAME));
set->keytype = keytype;
- set->keylen =
- nftnl_set_get_u32(nls, NFTNL_SET_KEY_LEN) * BITS_PER_BYTE;
-
+ set->keylen = nftnl_set_get_u32(nls, NFTNL_SET_KEY_LEN) * BITS_PER_BYTE;
set->flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS);
set->datatype = datatype;
set->policy = nftnl_set_get_u32(nls, NFTNL_SET_POLICY);
if (nftnl_set_is_set(nls, NFTNL_SET_DESC_SIZE))
- set->desc.size = nftnl_set_get_u32(nls,
- NFTNL_SET_DESC_SIZE);
+ set->desc.size = nftnl_set_get_u32(nls, NFTNL_SET_DESC_SIZE);
return set;
}
nls = alloc_nftnl_set(h);
nftnl_set_set_u32(nls, NFTNL_SET_FLAGS, set->flags);
nftnl_set_set_u32(nls, NFTNL_SET_KEY_TYPE,
- dtype_map_to_kernel(set->keytype));
+ dtype_map_to_kernel(set->keytype));
nftnl_set_set_u32(nls, NFTNL_SET_KEY_LEN,
- div_round_up(set->keylen, BITS_PER_BYTE));
+ div_round_up(set->keylen, BITS_PER_BYTE));
if (set->flags & NFT_SET_MAP) {
nftnl_set_set_u32(nls, NFTNL_SET_DATA_TYPE,
- dtype_map_to_kernel(set->datatype));
+ dtype_map_to_kernel(set->datatype));
nftnl_set_set_u32(nls, NFTNL_SET_DATA_LEN,
- set->datalen / BITS_PER_BYTE);
+ set->datalen / BITS_PER_BYTE);
}
netlink_dump_set(nls);
netlink_io_error(ctx, &set->location, "Could not add set: %s",
strerror(errno));
- set->handle.set =
- xstrdup(nftnl_set_get_str(nls, NFTNL_SET_NAME));
+ set->handle.set = xstrdup(nftnl_set_get_str(nls, NFTNL_SET_NAME));
nftnl_set_free(nls);
return err;
nls = alloc_nftnl_set(h);
nftnl_set_set_u32(nls, NFTNL_SET_FLAGS, set->flags);
nftnl_set_set_u32(nls, NFTNL_SET_KEY_TYPE,
- dtype_map_to_kernel(set->keytype));
+ dtype_map_to_kernel(set->keytype));
nftnl_set_set_u32(nls, NFTNL_SET_KEY_LEN,
- div_round_up(set->keylen, BITS_PER_BYTE));
+ div_round_up(set->keylen, BITS_PER_BYTE));
if (set->flags & NFT_SET_MAP) {
nftnl_set_set_u32(nls, NFTNL_SET_DATA_TYPE,
- dtype_map_to_kernel(set->datatype));
+ dtype_map_to_kernel(set->datatype));
nftnl_set_set_u32(nls, NFTNL_SET_DATA_LEN,
- set->datalen / BITS_PER_BYTE);
+ set->datalen / BITS_PER_BYTE);
}
if (set->timeout)
nftnl_set_set_u64(nls, NFTNL_SET_TIMEOUT, set->timeout);
nftnl_set_set_u32(nls, NFTNL_SET_ID, set->handle.set_id);
if (!(set->flags & (SET_F_CONSTANT))) {
- if (set->policy != NFT_SET_POL_PERFORMANCE) {
- nftnl_set_set_u32(nls, NFTNL_SET_POLICY,
- set->policy);
- }
+ if (set->policy != NFT_SET_POL_PERFORMANCE)
+ nftnl_set_set_u32(nls, NFTNL_SET_POLICY, set->policy);
- if (set->desc.size != 0) {
+ if (set->desc.size != 0)
nftnl_set_set_u32(nls, NFTNL_SET_DESC_SIZE,
- set->desc.size);
- }
+ set->desc.size);
}
netlink_dump_set(nls);
} else {
if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_DATA)) {
nld.value = nftnl_set_elem_get(nlse, NFTNL_SET_ELEM_DATA,
- &nld.len);
+ &nld.len);
} else if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_CHAIN)) {
nld.chain = nftnl_set_elem_get_str(nlse, NFTNL_SET_ELEM_CHAIN);
nld.verdict = nftnl_set_elem_get_u32(nlse, NFTNL_SET_ELEM_VERDICT);
case NFTNL_OUTPUT_XML:
case NFTNL_OUTPUT_JSON:
nftnl_table_fprintf(stdout, nlt, monh->format,
- netlink_msg2nftnl_of(type));
+ netlink_msg2nftnl_of(type));
fprintf(stdout, "\n");
break;
}
chain_free(c);
break;
case NFT_MSG_DELCHAIN:
- family = nftnl_chain_get_u32(nlc,
- NFTNL_CHAIN_FAMILY);
+ family = nftnl_chain_get_u32(nlc, NFTNL_CHAIN_FAMILY);
printf("delete chain %s %s %s\n", family2str(family),
- nftnl_chain_get_str(nlc,
- NFTNL_CHAIN_TABLE),
- nftnl_chain_get_str(nlc,
- NFTNL_CHAIN_NAME));
+ nftnl_chain_get_str(nlc, NFTNL_CHAIN_TABLE),
+ nftnl_chain_get_str(nlc, NFTNL_CHAIN_NAME));
break;
}
break;
case NFTNL_OUTPUT_XML:
case NFTNL_OUTPUT_JSON:
nftnl_chain_fprintf(stdout, nlc, monh->format,
- netlink_msg2nftnl_of(type));
+ netlink_msg2nftnl_of(type));
fprintf(stdout, "\n");
break;
}
printf("\n");
break;
case NFT_MSG_DELSET:
- family = nftnl_set_get_u32(nls,
- NFTNL_SET_FAMILY);
+ family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY);
printf("delete set %s %s %s\n",
family2str(family),
nftnl_set_get_str(nls, NFTNL_SET_TABLE),
case NFTNL_OUTPUT_XML:
case NFTNL_OUTPUT_JSON:
nftnl_set_fprintf(stdout, nls, monh->format,
- netlink_msg2nftnl_of(type));
+ netlink_msg2nftnl_of(type));
fprintf(stdout, "\n");
break;
}
nld.verdict = nftnl_expr_get_u32(nle, NFTNL_EXPR_IMM_VERDICT);
if (nftnl_expr_is_set(nle, NFTNL_EXPR_IMM_CHAIN)) {
nld.chain = nftnl_expr_get(nle, NFTNL_EXPR_IMM_CHAIN,
- &nld.len);
+ &nld.len);
}
} else if (nftnl_expr_is_set(nle, NFTNL_EXPR_IMM_DATA)) {
nld.value = nftnl_expr_get(nle, NFTNL_EXPR_IMM_DATA, &nld.len);
if (mpz_cmp_ui(o, 0)) {
nld.value = nftnl_expr_get(nle, NFTNL_EXPR_BITWISE_XOR,
- &nld.len);
+ &nld.len);
or = netlink_alloc_value(loc, &nld);
mpz_set(or->value, o);
struct stmt *stmt;
stmt = counter_stmt_alloc(loc);
- stmt->counter.packets =
- nftnl_expr_get_u64(nle, NFTNL_EXPR_CTR_PACKETS);
- stmt->counter.bytes =
- nftnl_expr_get_u64(nle, NFTNL_EXPR_CTR_BYTES);
+ stmt->counter.packets = nftnl_expr_get_u64(nle, NFTNL_EXPR_CTR_PACKETS);
+ stmt->counter.bytes = nftnl_expr_get_u64(nle, NFTNL_EXPR_CTR_BYTES);
list_add_tail(&stmt->list, &ctx->rule->stmts);
}
stmt->log.flags |= STMT_LOG_PREFIX;
}
if (nftnl_expr_is_set(nle, NFTNL_EXPR_LOG_GROUP)) {
- stmt->log.group =
- nftnl_expr_get_u16(nle, NFTNL_EXPR_LOG_GROUP);
+ stmt->log.group = nftnl_expr_get_u16(nle, NFTNL_EXPR_LOG_GROUP);
stmt->log.flags |= STMT_LOG_GROUP;
}
if (nftnl_expr_is_set(nle, NFTNL_EXPR_LOG_SNAPLEN)) {
family = nftnl_expr_get_u32(nle, NFTNL_EXPR_NAT_FAMILY);
if (nftnl_expr_is_set(nle, NFTNL_EXPR_NAT_FLAGS))
- stmt->nat.flags = nftnl_expr_get_u32(nle,
- NFTNL_EXPR_NAT_FLAGS);
+ stmt->nat.flags = nftnl_expr_get_u32(nle, NFTNL_EXPR_NAT_FLAGS);
reg1 = netlink_parse_register(nle, NFTNL_EXPR_NAT_REG_ADDR_MIN);
if (reg1) {
nle = alloc_nft_expr("payload");
netlink_put_register(nle, NFTNL_EXPR_PAYLOAD_DREG, dreg);
nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_BASE,
- expr->payload.base - 1);
+ expr->payload.base - 1);
nftnl_expr_set_u32(nle, NFTNL_EXPR_PAYLOAD_OFFSET,
- expr->payload.offset / BITS_PER_BYTE);
+ expr->payload.offset / BITS_PER_BYTE);
nftnl_expr_set_u32(nle, NFT_EXPR_PAYLOAD_LEN,
div_round_up(expr->len, BITS_PER_BYTE));
nle = alloc_nft_expr("exthdr");
netlink_put_register(nle, NFTNL_EXPR_EXTHDR_DREG, dreg);
nftnl_expr_set_u8(nle, NFTNL_EXPR_EXTHDR_TYPE,
- expr->exthdr.desc->type);
+ expr->exthdr.desc->type);
nftnl_expr_set_u32(nle, NFTNL_EXPR_EXTHDR_OFFSET,
- expr->exthdr.tmpl->offset / BITS_PER_BYTE);
+ expr->exthdr.tmpl->offset / BITS_PER_BYTE);
nftnl_expr_set_u32(nle, NFTNL_EXPR_EXTHDR_LEN,
- expr->len / BITS_PER_BYTE);
+ expr->len / BITS_PER_BYTE);
nftnl_rule_add_expr(ctx->nlr, nle);
}
netlink_put_register(nle, NFTNL_EXPR_LOOKUP_SREG, sreg);
netlink_put_register(nle, NFTNL_EXPR_LOOKUP_DREG, dreg);
nftnl_expr_set_str(nle, NFTNL_EXPR_LOOKUP_SET,
- expr->mappings->set->handle.set);
+ expr->mappings->set->handle.set);
nftnl_expr_set_u32(nle, NFTNL_EXPR_LOOKUP_SET_ID,
- expr->mappings->set->handle.set_id);
+ expr->mappings->set->handle.set_id);
if (dreg == NFT_REG_VERDICT)
release_register(ctx, expr->map);
nle = alloc_nft_expr("lookup");
netlink_put_register(nle, NFTNL_EXPR_LOOKUP_SREG, sreg);
nftnl_expr_set_str(nle, NFTNL_EXPR_LOOKUP_SET,
- expr->right->set->handle.set);
+ expr->right->set->handle.set);
nftnl_expr_set_u32(nle, NFTNL_EXPR_LOOKUP_SET_ID,
- expr->right->set->handle.set_id);
+ expr->right->set->handle.set_id);
release_register(ctx, expr->left);
nftnl_rule_add_expr(ctx->nlr, nle);
nle = alloc_nft_expr("cmp");
netlink_put_register(nle, NFTNL_EXPR_CMP_SREG, sreg);
nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP,
- netlink_gen_cmp_op(expr->op));
+ netlink_gen_cmp_op(expr->op));
payload_shift_value(expr->left, right);
netlink_gen_data(right, &nld);
nftnl_expr_set(nle, NFTNL_EXPR_CMP_DATA, nld.value, len);
switch (expr->op) {
case OP_NEQ:
nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP,
- netlink_gen_cmp_op(OP_LT));
+ netlink_gen_cmp_op(OP_LT));
break;
case OP_RANGE:
case OP_EQ:
nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP,
- netlink_gen_cmp_op(OP_GTE));
+ netlink_gen_cmp_op(OP_GTE));
break;
default:
BUG("invalid range operation %u\n", expr->op);
switch (expr->op) {
case OP_NEQ:
nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP,
- netlink_gen_cmp_op(OP_GT));
+ netlink_gen_cmp_op(OP_GT));
break;
case OP_RANGE:
case OP_EQ:
nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP,
- netlink_gen_cmp_op(OP_LTE));
+ netlink_gen_cmp_op(OP_LTE));
break;
default:
BUG("invalid range operation %u\n", expr->op);
netlink_put_register(nle, NFTNL_EXPR_BYTEORDER_SREG, dreg);
netlink_put_register(nle, NFTNL_EXPR_BYTEORDER_DREG, dreg);
nftnl_expr_set_u32(nle, NFTNL_EXPR_BYTEORDER_LEN,
- expr->len / BITS_PER_BYTE);
+ expr->len / BITS_PER_BYTE);
nftnl_expr_set_u32(nle, NFTNL_EXPR_BYTEORDER_SIZE,
- expr->arg->len % 32 ? 2 : 4);
+ expr->arg->len % 32 ? 2 : 4);
nftnl_expr_set_u32(nle, NFTNL_EXPR_BYTEORDER_OP,
- netlink_gen_unary_op(expr->op));
+ netlink_gen_unary_op(expr->op));
nftnl_rule_add_expr(ctx->nlr, nle);
}
if ((expr->chain != NULL) &&
!nftnl_expr_is_set(nle, NFTNL_EXPR_IMM_CHAIN)) {
nftnl_expr_set_str(nle, NFTNL_EXPR_IMM_CHAIN,
- nld.chain);
+ nld.chain);
}
nftnl_expr_set_u32(nle, NFTNL_EXPR_IMM_VERDICT, nld.verdict);
break;
nle = alloc_nft_expr("counter");
if (stmt->counter.packets) {
nftnl_expr_set_u64(nle, NFTNL_EXPR_CTR_PACKETS,
- stmt->counter.packets);
+ stmt->counter.packets);
}
if (stmt->counter.bytes) {
nftnl_expr_set_u64(nle, NFTNL_EXPR_CTR_BYTES,
- stmt->counter.bytes);
+ stmt->counter.bytes);
}
nftnl_rule_add_expr(ctx->nlr, nle);
}
stmt->log.prefix);
}
if (stmt->log.flags & STMT_LOG_GROUP) {
- nftnl_expr_set_u16(nle, NFTNL_EXPR_LOG_GROUP,
- stmt->log.group);
+ nftnl_expr_set_u16(nle, NFTNL_EXPR_LOG_GROUP, stmt->log.group);
if (stmt->log.flags & STMT_LOG_SNAPLEN)
nftnl_expr_set_u32(nle, NFTNL_EXPR_LOG_SNAPLEN,
- stmt->log.snaplen);
+ stmt->log.snaplen);
if (stmt->log.flags & STMT_LOG_QTHRESHOLD)
nftnl_expr_set_u16(nle, NFTNL_EXPR_LOG_QTHRESHOLD,
- stmt->log.qthreshold);
+ stmt->log.qthreshold);
} else {
- if (stmt->log.flags & STMT_LOG_LEVEL) {
+ if (stmt->log.flags & STMT_LOG_LEVEL)
nftnl_expr_set_u32(nle, NFTNL_EXPR_LOG_LEVEL,
- stmt->log.level);
- }
+ stmt->log.level);
}
nftnl_rule_add_expr(ctx->nlr, nle);
}
nftnl_expr_set_u32(nle, NFTNL_EXPR_REJECT_TYPE, stmt->reject.type);
if (stmt->reject.icmp_code != -1)
nftnl_expr_set_u8(nle, NFTNL_EXPR_REJECT_CODE,
- stmt->reject.icmp_code);
+ stmt->reject.icmp_code);
nftnl_rule_add_expr(ctx->nlr, nle);
}
pmin_reg);
netlink_gen_expr(ctx, stmt->redir.proto->right,
pmax_reg);
- nftnl_expr_set_u32(nle,
- NFTNL_EXPR_REDIR_REG_PROTO_MIN,
- pmin_reg);
- nftnl_expr_set_u32(nle,
- NFTNL_EXPR_REDIR_REG_PROTO_MAX,
- pmax_reg);
+ nftnl_expr_set_u32(nle, NFTNL_EXPR_REDIR_REG_PROTO_MIN,
+ pmin_reg);
+ nftnl_expr_set_u32(nle, NFTNL_EXPR_REDIR_REG_PROTO_MAX,
+ pmax_reg);
} else {
netlink_gen_expr(ctx, stmt->redir.proto, pmin_reg);
- nftnl_expr_set_u32(nle,
- NFTNL_EXPR_REDIR_REG_PROTO_MIN,
- pmin_reg);
+ nftnl_expr_set_u32(nle, NFTNL_EXPR_REDIR_REG_PROTO_MIN,
+ pmin_reg);
}
}
nle = alloc_nft_expr("queue");
nftnl_expr_set_u16(nle, NFTNL_EXPR_QUEUE_NUM, mpz_get_uint16(low));
nftnl_expr_set_u16(nle, NFTNL_EXPR_QUEUE_TOTAL, total_queues);
- if (stmt->queue.flags) {
+ if (stmt->queue.flags)
nftnl_expr_set_u16(nle, NFTNL_EXPR_QUEUE_FLAGS,
- stmt->queue.flags);
- }
+ stmt->queue.flags);
+
nftnl_rule_add_expr(ctx->nlr, nle);
mpz_clear(low);
nle = alloc_nft_expr("dynset");
netlink_put_register(nle, NFTNL_EXPR_DYNSET_SREG_KEY, sreg_key);
nftnl_expr_set_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT,
- stmt->set.key->timeout);
+ stmt->set.key->timeout);
nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_OP, stmt->set.op);
nftnl_expr_set_str(nle, NFTNL_EXPR_DYNSET_SET_NAME,
- stmt->set.set->set->handle.set);
+ stmt->set.set->set->handle.set);
nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_SET_ID,
- stmt->set.set->set->handle.set_id);
+ stmt->set.set->set->handle.set_id);
nftnl_rule_add_expr(ctx->nlr, nle);
}
projects / thirdparty / nftables.git / commitdiff
