extern void rule_print(const struct rule *rule);
extern struct rule *rule_lookup(const struct chain *chain, uint64_t handle);
-/**
- * enum set_flags
- *
- * @SET_F_CONSTANT: Set content is constant
- * @SET_F_INTERVAL: set includes ranges and/or prefix expressions
- */
-enum set_flags {
- SET_F_ANONYMOUS = 0x1,
- SET_F_CONSTANT = 0x2,
- SET_F_INTERVAL = 0x4,
- SET_F_MAP = 0x8,
- SET_F_TIMEOUT = 0x10,
- SET_F_EVAL = 0x20,
-};
-
/**
* struct set - nftables set
*
struct handle h;
set = set_alloc(&expr->location);
- set->flags = SET_F_ANONYMOUS | expr->set_flags;
+ set->flags = NFT_SET_ANONYMOUS | expr->set_flags;
set->handle.set = xstrdup(name),
set->keytype = keytype;
set->keylen = keylen;
return -1;
if (ctx->set &&
- !(ctx->set->flags & (SET_F_ANONYMOUS | SET_F_INTERVAL))) {
+ !(ctx->set->flags & (NFT_SET_ANONYMOUS | NFT_SET_INTERVAL))) {
switch (elem->key->ops->type) {
case EXPR_PREFIX:
return expr_error(ctx->msgs, elem,
set->set_flags |= i->set_flags;
expr_free(i);
} else if (!expr_is_singleton(i))
- set->set_flags |= SET_F_INTERVAL;
+ set->set_flags |= NFT_SET_INTERVAL;
}
- set->set_flags |= SET_F_CONSTANT;
+ set->set_flags |= NFT_SET_CONSTANT;
set->dtype = ctx->ectx.dtype;
set->len = ctx->ectx.len;
"Map expression can not be constant");
mappings = map->mappings;
- mappings->set_flags |= SET_F_MAP;
+ mappings->set_flags |= NFT_SET_MAP;
switch (map->mappings->ops->type) {
case EXPR_SET:
map->flags |= EXPR_F_CONSTANT;
/* Data for range lookups needs to be in big endian order */
- if (map->mappings->set->flags & SET_F_INTERVAL &&
+ if (map->mappings->set->flags & NFT_SET_INTERVAL &&
byteorder_conversion(ctx, &map->map, BYTEORDER_BIG_ENDIAN) < 0)
return -1;
if (set == NULL)
return expr_error(ctx->msgs, mapping,
"mapping outside of map context");
- if (!(set->flags & SET_F_MAP))
+ if (!(set->flags & NFT_SET_MAP))
return set_error(ctx, set, "set is not a map");
expr_set_context(&ctx->ectx, set->keytype, set->keylen);
right->dtype->desc);
/* Data for range lookups needs to be in big endian order */
- if (right->set->flags & SET_F_INTERVAL &&
+ if (right->set->flags & NFT_SET_INTERVAL &&
byteorder_conversion(ctx, &rel->left,
BYTEORDER_BIG_ENDIAN) < 0)
return -1;
case EXPR_SET_REF:
assert(rel->op == OP_NEQ);
/* Data for range lookups needs to be in big endian order */
- if (right->set->flags & SET_F_INTERVAL &&
+ if (right->set->flags & NFT_SET_INTERVAL &&
byteorder_conversion(ctx, &rel->left, BYTEORDER_BIG_ENDIAN) < 0)
return -1;
break;
/* Declare an empty set */
key = stmt->flow.key;
set = set_expr_alloc(&key->location);
- set->set_flags |= SET_F_EVAL;
+ set->set_flags |= NFT_SET_EVAL;
if (key->timeout)
- set->set_flags |= SET_F_TIMEOUT;
+ set->set_flags |= NFT_SET_TIMEOUT;
setref = implicit_set_declaration(ctx, stmt->flow.table ?: "__ft%d",
key->dtype, key->len, set);
return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
ctx->cmd->handle.table);
- type = set->flags & SET_F_MAP ? "map" : "set";
+ type = set->flags & NFT_SET_MAP ? "map" : "set";
if (set->keytype == NULL)
return set_error(ctx, set, "%s definition does not specify "
return set_error(ctx, set, "unqualified key data type "
"specified in %s definition", type);
- if (set->flags & SET_F_MAP) {
+ if (set->flags & NFT_SET_MAP) {
if (set->datatype == NULL)
return set_error(ctx, set, "map definition does not "
"specify mapping data type");
/* Default timeout value implies timeout support */
if (set->timeout)
- set->flags |= SET_F_TIMEOUT;
+ set->flags |= NFT_SET_TIMEOUT;
return 0;
}
return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
cmd->handle.table);
set = set_lookup(table, cmd->handle.set);
- if (set == NULL || set->flags & (SET_F_MAP | SET_F_EVAL))
+ if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL))
return cmd_error(ctx, "Could not process rule: Set '%s' does not exist",
cmd->handle.set);
return 0;
return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
cmd->handle.table);
set = set_lookup(table, cmd->handle.set);
- if (set == NULL || !(set->flags & SET_F_EVAL))
+ if (set == NULL || !(set->flags & NFT_SET_EVAL))
return cmd_error(ctx, "Could not process rule: Flow table '%s' does not exist",
cmd->handle.set);
return 0;
return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
cmd->handle.table);
set = set_lookup(table, cmd->handle.set);
- if (set == NULL || !(set->flags & SET_F_MAP))
+ if (set == NULL || !(set->flags & NFT_SET_MAP))
return cmd_error(ctx, "Could not process rule: Map '%s' does not exist",
cmd->handle.set);
return 0;
static void set_ref_expr_print(const struct expr *expr)
{
- if (expr->set->flags & SET_F_ANONYMOUS) {
- if (expr->set->flags & SET_F_EVAL)
+ if (expr->set->flags & NFT_SET_ANONYMOUS) {
+ if (expr->set->flags & NFT_SET_EVAL)
printf("table %s", expr->set->handle.set);
else
expr_print(expr->set->init);
nftnl_set_set_u32(nls, NFTNL_SET_ID, set->handle.set_id);
- if (!(set->flags & (SET_F_CONSTANT))) {
+ if (!(set->flags & NFT_SET_CONSTANT)) {
if (set->policy != NFT_SET_POL_PERFORMANCE)
nftnl_set_set_u32(nls, NFTNL_SET_POLICY, set->policy);
if (set->keytype->subtypes)
key = netlink_parse_concat_elem(set->keytype, key);
- if (!(set->flags & SET_F_INTERVAL) &&
+ if (!(set->flags & NFT_SET_INTERVAL) &&
key->byteorder == BYTEORDER_HOST_ENDIAN)
mpz_switch_byteorder(key->value, key->len / BITS_PER_BYTE);
nls = netlink_set_alloc(nlh);
flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS);
- if (flags & SET_F_ANONYMOUS)
+ if (flags & NFT_SET_ANONYMOUS)
goto out;
switch (monh->format) {
switch (monh->format) {
case NFTNL_OUTPUT_DEFAULT:
- if (set->flags & SET_F_ANONYMOUS)
+ if (set->flags & NFT_SET_ANONYMOUS)
goto out;
/* we want to 'delinearize' the set_elem, but don't
| set_flag
;
-set_flag : CONSTANT { $$ = SET_F_CONSTANT; }
- | INTERVAL { $$ = SET_F_INTERVAL; }
- | TIMEOUT { $$ = SET_F_TIMEOUT; }
+set_flag : CONSTANT { $$ = NFT_SET_CONSTANT; }
+ | INTERVAL { $$ = NFT_SET_INTERVAL; }
+ | TIMEOUT { $$ = NFT_SET_TIMEOUT; }
;
map_block_alloc : /* empty */
const char *type;
uint32_t flags;
- if (set->flags & SET_F_MAP)
+ if (set->flags & NFT_SET_MAP)
type = "map";
- else if (set->flags & SET_F_EVAL)
+ else if (set->flags & NFT_SET_EVAL)
type = "flow table";
else
type = "set";
printf(" %s {%s", set->handle.set, opts->nl);
printf("%s%stype %s", opts->tab, opts->tab, set->keytype->name);
- if (set->flags & SET_F_MAP)
+ if (set->flags & NFT_SET_MAP)
printf(" : %s", set->datatype->name);
printf("%s", opts->stmt_separator);
- if (!(set->flags & (SET_F_CONSTANT))) {
+ if (!(set->flags & (NFT_SET_CONSTANT))) {
if (set->policy != NFT_SET_POL_PERFORMANCE) {
printf("%s%spolicy %s%s", opts->tab, opts->tab,
set_policy2str(set->policy),
flags = set->flags;
/* "timeout" flag is redundant if a default timeout exists */
if (set->timeout)
- flags &= ~SET_F_TIMEOUT;
+ flags &= ~NFT_SET_TIMEOUT;
- if (flags & (SET_F_CONSTANT | SET_F_INTERVAL | SET_F_TIMEOUT)) {
+ if (flags & (NFT_SET_CONSTANT | NFT_SET_INTERVAL | NFT_SET_TIMEOUT)) {
printf("%s%sflags ", opts->tab, opts->tab);
- if (set->flags & SET_F_CONSTANT) {
+ if (set->flags & NFT_SET_CONSTANT) {
printf("%sconstant", delim);
delim = ",";
}
- if (set->flags & SET_F_INTERVAL) {
+ if (set->flags & NFT_SET_INTERVAL) {
printf("%sinterval", delim);
delim = ",";
}
- if (set->flags & SET_F_TIMEOUT) {
+ if (set->flags & NFT_SET_TIMEOUT) {
printf("%stimeout", delim);
delim = ",";
}
table_print_options(table, &delim);
list_for_each_entry(set, &table->sets, list) {
- if (set->flags & SET_F_ANONYMOUS)
+ if (set->flags & NFT_SET_ANONYMOUS)
continue;
printf("%s", delim);
set_print(set);
static int __do_add_setelems(struct netlink_ctx *ctx, const struct handle *h,
struct set *set, struct expr *expr, bool excl)
{
- if (set->flags & SET_F_INTERVAL &&
+ if (set->flags & NFT_SET_INTERVAL &&
set_to_intervals(ctx->msgs, set, expr, true) < 0)
return -1;
table = table_lookup(h);
set = set_lookup(table, h->set);
- if (set->flags & SET_F_INTERVAL &&
+ if (set->flags & NFT_SET_INTERVAL &&
set_to_intervals(ctx->msgs, set, expr, false) < 0)
return -1;
list_for_each_entry(set, &table->sets, list) {
if (cmd->obj == CMD_OBJ_SETS &&
- (set->flags & SET_F_ANONYMOUS ||
- set->flags & SET_F_MAP))
+ (set->flags & NFT_SET_ANONYMOUS ||
+ set->flags & NFT_SET_MAP))
continue;
if (cmd->obj == CMD_OBJ_FLOWTABLES &&
- !(set->flags & SET_F_EVAL))
+ !(set->flags & NFT_SET_EVAL))
continue;
if (cmd->obj == CMD_OBJ_MAPS &&
- !(set->flags & SET_F_MAP))
+ !(set->flags & NFT_SET_MAP))
continue;
set_print_declaration(set, &opts);
printf("%s}%s", opts.tab, opts.nl);
* Insert elements into tree
*/
for (n = 0; n < init->size; n++) {
- if (init->set_flags & SET_F_MAP &&
+ if (init->set_flags & NFT_SET_MAP &&
n < init->size - 1 &&
interval_conflict(intervals[n], intervals[n+1]))
return expr_binary_error(msgs,
* 2) This set exists and it is empty.
* 3) This set is created with a number of initial elements.
*/
- if ((set->flags & SET_F_ANONYMOUS) ||
+ if ((set->flags & NFT_SET_ANONYMOUS) ||
(set->init && set->init->size == 0) ||
(set->init == init))
return true;
projects / thirdparty / nftables.git / commitdiff
