From: Pablo Neira Ayuso Date: Wed, 24 Oct 2018 17:18:50 +0000 (+0200) Subject: src: remove nftnl_rule_cmp() and nftnl_expr_cmp() X-Git-Tag: libnftnl-1.1.2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6dc1c3d8bb64077da7f3f28c7368fb087d10a492;p=thirdparty%2Flibnftnl.git src: remove nftnl_rule_cmp() and nftnl_expr_cmp() These functions are not very useful, rule comparison from this layer does not work well with implicit set definitions. This infrastructure was added as an attempt to support for deletion by name from this layer, which should be done from higher level libnftables library. Finally, we never had a client for this code in git.netfilter.org. Let's remove it and bump libversion for safety reasons. Signed-off-by: Pablo Neira Ayuso --- diff --git a/Make_global.am b/Make_global.am index e12a3f7d..307816b9 100644 --- a/Make_global.am +++ b/Make_global.am @@ -18,7 +18,7 @@ # set age to 0. # # -LIBVERSION=10:0:3 +LIBVERSION=11:0:0 AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_srcdir}/include ${LIBMNL_CFLAGS} ${LIBMXML_CFLAGS} AM_CFLAGS = ${regular_CFLAGS} ${GCC_FVISIBILITY_HIDDEN} diff --git a/include/data_reg.h b/include/data_reg.h index 3fec7cda..f2675f24 100644 --- a/include/data_reg.h +++ b/include/data_reg.h @@ -28,8 +28,6 @@ int nftnl_data_reg_snprintf(char *buf, size_t size, const union nftnl_data_reg *reg, uint32_t output_format, uint32_t flags, int reg_type); -bool nftnl_data_reg_cmp(const union nftnl_data_reg *r1, - const union nftnl_data_reg *r2, int reg_type); struct nlattr; int nftnl_parse_data(union nftnl_data_reg *data, struct nlattr *attr, int *type); diff --git a/include/expr_ops.h b/include/expr_ops.h index 00548b35..a7f1b9a6 100644 --- a/include/expr_ops.h +++ b/include/expr_ops.h @@ -13,7 +13,6 @@ struct expr_ops { uint32_t alloc_len; int max_attr; void (*free)(const struct nftnl_expr *e); - bool (*cmp)(const struct nftnl_expr *e1, const struct nftnl_expr *e2); int (*set)(struct nftnl_expr *e, uint16_t type, const void *data, uint32_t data_len); const void *(*get)(const struct nftnl_expr *e, uint16_t type, uint32_t *data_len); int (*parse)(struct nftnl_expr *e, struct nlattr *attr); diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h index 6988c629..cb1b54ba 100644 --- a/include/libnftnl/expr.h +++ b/include/libnftnl/expr.h @@ -36,8 +36,6 @@ uint32_t nftnl_expr_get_u32(const struct nftnl_expr *expr, uint16_t type); uint64_t nftnl_expr_get_u64(const struct nftnl_expr *expr, uint16_t type); const char *nftnl_expr_get_str(const struct nftnl_expr *expr, uint16_t type); -bool nftnl_expr_cmp(const struct nftnl_expr *e1, const struct nftnl_expr *e2); - int nftnl_expr_snprintf(char *buf, size_t buflen, const struct nftnl_expr *expr, uint32_t type, uint32_t flags); int nftnl_expr_fprintf(FILE *fp, const struct nftnl_expr *expr, uint32_t type, uint32_t flags); diff --git a/include/libnftnl/rule.h b/include/libnftnl/rule.h index 765d2ce6..8501c86e 100644 --- a/include/libnftnl/rule.h +++ b/include/libnftnl/rule.h @@ -51,8 +51,6 @@ uint64_t nftnl_rule_get_u64(const struct nftnl_rule *r, uint16_t attr); void nftnl_rule_add_expr(struct nftnl_rule *r, struct nftnl_expr *expr); -bool nftnl_rule_cmp(const struct nftnl_rule *r1, const struct nftnl_rule *r2); - struct nlmsghdr; void nftnl_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_rule *t); diff --git a/src/expr.c b/src/expr.c index 62565e04..80c4c36a 100644 --- a/src/expr.c +++ b/src/expr.c @@ -203,16 +203,6 @@ const char *nftnl_expr_get_str(const struct nftnl_expr *expr, uint16_t type) return (const char *)nftnl_expr_get(expr, type, &data_len); } -EXPORT_SYMBOL(nftnl_expr_cmp); -bool nftnl_expr_cmp(const struct nftnl_expr *e1, const struct nftnl_expr *e2) -{ - if (e1->flags != e2->flags || - strcmp(e1->ops->name, e2->ops->name) != 0) - return false; - - return e1->ops->cmp(e1, e2); -} - void nftnl_expr_build_payload(struct nlmsghdr *nlh, struct nftnl_expr *expr) { struct nlattr *nest; diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c index 79d6a518..c9d40df3 100644 --- a/src/expr/bitwise.c +++ b/src/expr/bitwise.c @@ -211,32 +211,10 @@ nftnl_expr_bitwise_snprintf(char *buf, size_t size, uint32_t type, return -1; } -static bool nftnl_expr_bitwise_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_bitwise *b1 = nftnl_expr_data(e1); - struct nftnl_expr_bitwise *b2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_BITWISE_SREG)) - eq &= (b1->sreg == b2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_BITWISE_DREG)) - eq &= (b1->dreg == b2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_BITWISE_LEN)) - eq &= (b1->len == b2->len); - if (e1->flags & (1 << NFTNL_EXPR_BITWISE_MASK)) - eq &= nftnl_data_reg_cmp(&b1->mask, &b2->mask, DATA_VALUE); - if (e1->flags & (1 << NFTNL_EXPR_BITWISE_XOR)) - eq &= nftnl_data_reg_cmp(&b1->xor, &b2->xor, DATA_VALUE); - - return eq; -} - struct expr_ops expr_ops_bitwise = { .name = "bitwise", .alloc_len = sizeof(struct nftnl_expr_bitwise), .max_attr = NFTA_BITWISE_MAX, - .cmp = nftnl_expr_bitwise_cmp, .set = nftnl_expr_bitwise_set, .get = nftnl_expr_bitwise_get, .parse = nftnl_expr_bitwise_parse, diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c index 35c14503..efdfa2b5 100644 --- a/src/expr/byteorder.c +++ b/src/expr/byteorder.c @@ -226,32 +226,10 @@ nftnl_expr_byteorder_snprintf(char *buf, size_t size, uint32_t type, return -1; } -static bool nftnl_expr_byteorder_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_byteorder *b1 = nftnl_expr_data(e1); - struct nftnl_expr_byteorder *b2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_BYTEORDER_SREG)) - eq &= (b1->sreg == b2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_BYTEORDER_DREG)) - eq &= (b1->dreg == b2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_BYTEORDER_OP)) - eq &= (b1->op == b2->op); - if (e1->flags & (1 << NFTNL_EXPR_BYTEORDER_LEN)) - eq &= (b1->len == b2->len); - if (e1->flags & (1 << NFTNL_EXPR_BYTEORDER_SIZE)) - eq &= (b1->size == b2->size); - - return eq; -} - struct expr_ops expr_ops_byteorder = { .name = "byteorder", .alloc_len = sizeof(struct nftnl_expr_byteorder), .max_attr = NFTA_BYTEORDER_MAX, - .cmp = nftnl_expr_byteorder_cmp, .set = nftnl_expr_byteorder_set, .get = nftnl_expr_byteorder_get, .parse = nftnl_expr_byteorder_parse, diff --git a/src/expr/cmp.c b/src/expr/cmp.c index e39a943d..86d7842d 100644 --- a/src/expr/cmp.c +++ b/src/expr/cmp.c @@ -208,28 +208,10 @@ nftnl_expr_cmp_snprintf(char *buf, size_t size, uint32_t type, return -1; } -static bool nftnl_expr_cmp_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_cmp *c1 = nftnl_expr_data(e1); - struct nftnl_expr_cmp *c2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_CMP_DATA)) - eq &= nftnl_data_reg_cmp(&c1->data, &c2->data, DATA_VALUE); - if (e1->flags & (1 << NFTNL_EXPR_CMP_SREG)) - eq &= (c1->sreg == c2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_CMP_OP)) - eq &= (c1->op == c2->op); - - return eq; -} - struct expr_ops expr_ops_cmp = { .name = "cmp", .alloc_len = sizeof(struct nftnl_expr_cmp), .max_attr = NFTA_CMP_MAX, - .cmp = nftnl_expr_cmp_cmp, .set = nftnl_expr_cmp_set, .get = nftnl_expr_cmp_get, .parse = nftnl_expr_cmp_parse, diff --git a/src/expr/connlimit.c b/src/expr/connlimit.c index 9fa0a7b7..53af93bd 100644 --- a/src/expr/connlimit.c +++ b/src/expr/connlimit.c @@ -141,26 +141,10 @@ static int nftnl_expr_connlimit_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_connlimit_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_connlimit *c1 = nftnl_expr_data(e1); - struct nftnl_expr_connlimit *c2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_CONNLIMIT_COUNT)) - eq &= (c1->count == c2->count); - if (e1->flags & (1 << NFTNL_EXPR_CONNLIMIT_FLAGS)) - eq &= (c1->flags == c2->flags); - - return eq; -} - struct expr_ops expr_ops_connlimit = { .name = "connlimit", .alloc_len = sizeof(struct nftnl_expr_connlimit), .max_attr = NFTA_CONNLIMIT_MAX, - .cmp = nftnl_expr_connlimit_cmp, .set = nftnl_expr_connlimit_set, .get = nftnl_expr_connlimit_get, .parse = nftnl_expr_connlimit_parse, diff --git a/src/expr/counter.c b/src/expr/counter.c index a1f6574c..89a602e0 100644 --- a/src/expr/counter.c +++ b/src/expr/counter.c @@ -139,26 +139,10 @@ static int nftnl_expr_counter_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_counter_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_counter *c1 = nftnl_expr_data(e1); - struct nftnl_expr_counter *c2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_CTR_PACKETS)) - eq &= (c1->pkts == c2->pkts); - if (e1->flags & (1 << NFTNL_EXPR_CTR_BYTES)) - eq &= (c1->pkts == c2->pkts); - - return eq; -} - struct expr_ops expr_ops_counter = { .name = "counter", .alloc_len = sizeof(struct nftnl_expr_counter), .max_attr = NFTA_COUNTER_MAX, - .cmp = nftnl_expr_counter_cmp, .set = nftnl_expr_counter_set, .get = nftnl_expr_counter_get, .parse = nftnl_expr_counter_parse, diff --git a/src/expr/ct.c b/src/expr/ct.c index e8a8c6c9..b9ca2dc6 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -264,30 +264,10 @@ nftnl_expr_ct_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_ct_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_ct *c1 = nftnl_expr_data(e1); - struct nftnl_expr_ct *c2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_CT_KEY)) - eq &= (c1->key == c2->key); - if (e1->flags & (1 << NFTNL_EXPR_CT_DREG)) - eq &= (c1->dreg == c2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_CT_SREG)) - eq &= (c1->sreg == c2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_CT_DIR)) - eq &= (c1->dir == c2->dir); - - return eq; -} - struct expr_ops expr_ops_ct = { .name = "ct", .alloc_len = sizeof(struct nftnl_expr_ct), .max_attr = NFTA_CT_MAX, - .cmp = nftnl_expr_ct_cmp, .set = nftnl_expr_ct_set, .get = nftnl_expr_ct_get, .parse = nftnl_expr_ct_parse, diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c index 48a012bb..67165feb 100644 --- a/src/expr/data_reg.c +++ b/src/expr/data_reg.c @@ -93,23 +93,6 @@ int nftnl_data_reg_snprintf(char *buf, size_t size, return -1; } -bool nftnl_data_reg_cmp(const union nftnl_data_reg *r1, - const union nftnl_data_reg *r2, int reg_type) -{ - switch (reg_type) { - case DATA_VALUE: - return r1->len == r2->len && - !memcmp(r1->val, r2->val, r1->len); - case DATA_VERDICT: - return r1->verdict == r2->verdict; - case DATA_CHAIN: - return r1->verdict == r2->verdict && - !strcmp(r1->chain, r2->chain); - default: - return false; - } -} - static int nftnl_data_parse_cb(const struct nlattr *attr, void *data) { const struct nlattr **tb = data; diff --git a/src/expr/dup.c b/src/expr/dup.c index c08ccd27..2bb35e55 100644 --- a/src/expr/dup.c +++ b/src/expr/dup.c @@ -146,26 +146,10 @@ static int nftnl_expr_dup_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_dup_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_dup *d1 = nftnl_expr_data(e1); - struct nftnl_expr_dup *d2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_DUP_SREG_ADDR)) - eq &= (d1->sreg_addr == d2->sreg_addr); - if (e1->flags & (1 << NFTNL_EXPR_DUP_SREG_DEV)) - eq &= (d1->sreg_dev == d2->sreg_dev); - - return eq; -} - struct expr_ops expr_ops_dup = { .name = "dup", .alloc_len = sizeof(struct nftnl_expr_dup), .max_attr = NFTA_DUP_MAX, - .cmp = nftnl_expr_dup_cmp, .set = nftnl_expr_dup_set, .get = nftnl_expr_dup_get, .parse = nftnl_expr_dup_parse, diff --git a/src/expr/dynset.c b/src/expr/dynset.c index f009ec4c..68115ba5 100644 --- a/src/expr/dynset.c +++ b/src/expr/dynset.c @@ -279,37 +279,11 @@ static void nftnl_expr_dynset_free(const struct nftnl_expr *e) xfree(dynset->set_name); } -static bool nftnl_expr_dynset_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_dynset *d1 = nftnl_expr_data(e1); - struct nftnl_expr_dynset *d2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_SREG_KEY)) - eq &= (d1->sreg_key == d2->sreg_key); - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_SREG_DATA)) - eq &= (d1->sreg_data == d2->sreg_data); - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_OP)) - eq &= (d1->op == d2->op); - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_TIMEOUT)) - eq &= (d1->timeout == d2->timeout); - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_EXPR)) - eq &= nftnl_expr_cmp(d1->expr, d2->expr); - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_SET_NAME)) - eq &= !strcmp(d1->set_name, d2->set_name); - if (e1->flags & (1 << NFTNL_EXPR_DYNSET_SET_ID)) - eq &= (d1->set_id == d2->set_id); - - return eq; -} - struct expr_ops expr_ops_dynset = { .name = "dynset", .alloc_len = sizeof(struct nftnl_expr_dynset), .max_attr = NFTA_DYNSET_MAX, .free = nftnl_expr_dynset_free, - .cmp = nftnl_expr_dynset_cmp, .set = nftnl_expr_dynset_set, .get = nftnl_expr_dynset_get, .parse = nftnl_expr_dynset_parse, diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c index 0e098148..bef453e0 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c @@ -263,36 +263,10 @@ nftnl_expr_exthdr_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_exthdr_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_exthdr *h1 = nftnl_expr_data(e1); - struct nftnl_expr_exthdr *h2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_DREG)) - eq &= (h1->dreg == h2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_SREG)) - eq &= (h1->sreg == h2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_OFFSET)) - eq &= (h1->offset == h2->offset); - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_LEN)) - eq &= (h1->len == h2->len); - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_TYPE)) - eq &= (h1->type == h2->type); - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_OP)) - eq &= (h1->op == h2->op); - if (e1->flags & (1 << NFTNL_EXPR_EXTHDR_FLAGS)) - eq &= (h1->flags == h2->flags); - - return eq; -} - struct expr_ops expr_ops_exthdr = { .name = "exthdr", .alloc_len = sizeof(struct nftnl_expr_exthdr), .max_attr = NFTA_EXTHDR_MAX, - .cmp = nftnl_expr_exthdr_cmp, .set = nftnl_expr_exthdr_set, .get = nftnl_expr_exthdr_get, .parse = nftnl_expr_exthdr_parse, diff --git a/src/expr/fib.c b/src/expr/fib.c index 2f2d2190..9475af40 100644 --- a/src/expr/fib.c +++ b/src/expr/fib.c @@ -205,28 +205,10 @@ nftnl_expr_fib_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_fib_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_fib *h1 = nftnl_expr_data(e1); - struct nftnl_expr_fib *h2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_FIB_RESULT)) - eq &= (h1->result == h2->result); - if (e1->flags & (1 << NFTNL_EXPR_FIB_DREG)) - eq &= (h1->dreg == h2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_FIB_FLAGS)) - eq &= (h1->flags == h2->flags); - - return eq; -} - struct expr_ops expr_ops_fib = { .name = "fib", .alloc_len = sizeof(struct nftnl_expr_fib), .max_attr = NFTA_FIB_MAX, - .cmp = nftnl_expr_fib_cmp, .set = nftnl_expr_fib_set, .get = nftnl_expr_fib_get, .parse = nftnl_expr_fib_parse, diff --git a/src/expr/flow_offload.c b/src/expr/flow_offload.c index 648099a2..6ccec9a1 100644 --- a/src/expr/flow_offload.c +++ b/src/expr/flow_offload.c @@ -125,25 +125,11 @@ static void nftnl_expr_flow_free(const struct nftnl_expr *e) xfree(flow->table_name); } -static bool nftnl_expr_flow_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_flow *l1 = nftnl_expr_data(e1); - struct nftnl_expr_flow *l2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_FLOW_TABLE_NAME)) - eq &= !strcmp(l1->table_name, l2->table_name); - - return eq; -} - struct expr_ops expr_ops_flow = { .name = "flow_offload", .alloc_len = sizeof(struct nftnl_expr_flow), .max_attr = NFTA_FLOW_MAX, .free = nftnl_expr_flow_free, - .cmp = nftnl_expr_flow_cmp, .set = nftnl_expr_flow_set, .get = nftnl_expr_flow_get, .parse = nftnl_expr_flow_parse, diff --git a/src/expr/fwd.c b/src/expr/fwd.c index 9cb0aca6..cff82351 100644 --- a/src/expr/fwd.c +++ b/src/expr/fwd.c @@ -166,28 +166,10 @@ static int nftnl_expr_fwd_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_fwd_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_fwd *f1 = nftnl_expr_data(e1); - struct nftnl_expr_fwd *f2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_FWD_SREG_DEV)) - eq &= (f1->sreg_dev == f2->sreg_dev); - if (e1->flags & (1 << NFTNL_EXPR_FWD_SREG_ADDR)) - eq &= (f1->sreg_addr == f2->sreg_addr); - if (e1->flags & (1 << NFTNL_EXPR_FWD_NFPROTO)) - eq &= (f1->nfproto == f2->nfproto); - - return eq; -} - struct expr_ops expr_ops_fwd = { .name = "fwd", .alloc_len = sizeof(struct nftnl_expr_fwd), .max_attr = NFTA_FWD_MAX, - .cmp = nftnl_expr_fwd_cmp, .set = nftnl_expr_fwd_set, .get = nftnl_expr_fwd_get, .parse = nftnl_expr_fwd_parse, diff --git a/src/expr/hash.c b/src/expr/hash.c index 46b79015..f553a3c3 100644 --- a/src/expr/hash.c +++ b/src/expr/hash.c @@ -276,40 +276,10 @@ nftnl_expr_hash_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_hash_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_hash *h1 = nftnl_expr_data(e1); - struct nftnl_expr_hash *h2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_HASH_SREG)) - eq &= (h1->sreg == h2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_HASH_DREG)) - eq &= (h1->dreg == h2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_HASH_LEN)) - eq &= (h1->len == h2->len); - if (e1->flags & (1 << NFTNL_EXPR_HASH_MODULUS)) - eq &= (h1->modulus == h2->modulus); - if (e1->flags & (1 << NFTNL_EXPR_HASH_SEED)) - eq &= (h1->seed == h2->seed); - if (e1->flags & (1 << NFTNL_EXPR_HASH_OFFSET)) - eq &= (h1->offset == h2->offset); - if (e1->flags & (1 << NFTNL_EXPR_HASH_TYPE)) - eq &= (h1->type == h2->type); - if (e1->flags & (1 << NFTNL_EXPR_HASH_SET_NAME)) - eq &= !strcmp(h1->map.name, h2->map.name); - if (e1->flags & (1 << NFTNL_EXPR_HASH_SET_ID)) - eq &= (h1->map.id == h2->map.id); - - return eq; -} - struct expr_ops expr_ops_hash = { .name = "hash", .alloc_len = sizeof(struct nftnl_expr_hash), .max_attr = NFTA_HASH_MAX, - .cmp = nftnl_expr_hash_cmp, .set = nftnl_expr_hash_set, .get = nftnl_expr_hash_get, .parse = nftnl_expr_hash_parse, diff --git a/src/expr/immediate.c b/src/expr/immediate.c index d5a7e86e..47106ae8 100644 --- a/src/expr/immediate.c +++ b/src/expr/immediate.c @@ -226,36 +226,11 @@ static void nftnl_expr_immediate_free(const struct nftnl_expr *e) nftnl_free_verdict(&imm->data); } -static bool nftnl_expr_immediate_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_immediate *i1 = nftnl_expr_data(e1); - struct nftnl_expr_immediate *i2 = nftnl_expr_data(e2); - bool eq = true; - int type = DATA_NONE; - - if (e1->flags & (1 << NFTNL_EXPR_IMM_DREG)) - eq &= (i1->dreg == i2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_IMM_VERDICT)) - if (e1->flags & (1 << NFTNL_EXPR_IMM_CHAIN)) - type = DATA_CHAIN; - else - type = DATA_VERDICT; - else if (e1->flags & (1 << NFTNL_EXPR_IMM_DATA)) - type = DATA_VALUE; - - if (type != DATA_NONE) - eq &= nftnl_data_reg_cmp(&i1->data, &i2->data, type); - - return eq; -} - struct expr_ops expr_ops_immediate = { .name = "immediate", .alloc_len = sizeof(struct nftnl_expr_immediate), .max_attr = NFTA_IMMEDIATE_MAX, .free = nftnl_expr_immediate_free, - .cmp = nftnl_expr_immediate_cmp, .set = nftnl_expr_immediate_set, .get = nftnl_expr_immediate_get, .parse = nftnl_expr_immediate_parse, diff --git a/src/expr/limit.c b/src/expr/limit.c index 2a0adba8..5872e276 100644 --- a/src/expr/limit.c +++ b/src/expr/limit.c @@ -208,33 +208,11 @@ nftnl_expr_limit_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_limit_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_limit *l1 = nftnl_expr_data(e1); - struct nftnl_expr_limit *l2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_LIMIT_RATE)) - eq &= (l1->rate == l2->rate); - if (e1->flags & (1 << NFTNL_EXPR_LIMIT_UNIT)) - eq &= (l1->unit == l2->unit); - if (e1->flags & (1 << NFTNL_EXPR_LIMIT_BURST)) - eq &= (l1->burst == l2->burst); - if (e1->flags & (1 << NFTNL_EXPR_LIMIT_TYPE)) - eq &= (l1->type == l2->type); - if (e1->flags & (1 << NFTNL_EXPR_LIMIT_FLAGS)) - eq &= (l1->flags == l2->flags); - - return eq; -} - struct expr_ops expr_ops_limit = { .name = "limit", .alloc_len = sizeof(struct nftnl_expr_limit), .max_attr = NFTA_LIMIT_MAX, .set = nftnl_expr_limit_set, - .cmp = nftnl_expr_limit_cmp, .get = nftnl_expr_limit_get, .parse = nftnl_expr_limit_parse, .build = nftnl_expr_limit_build, diff --git a/src/expr/log.c b/src/expr/log.c index 1119c538..bbe43d2d 100644 --- a/src/expr/log.c +++ b/src/expr/log.c @@ -258,35 +258,11 @@ static void nftnl_expr_log_free(const struct nftnl_expr *e) xfree(log->prefix); } -static bool nftnl_expr_log_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_log *l1 = nftnl_expr_data(e1); - struct nftnl_expr_log *l2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_LOG_SNAPLEN)) - eq &= (l1->snaplen == l2->snaplen); - if (e1->flags & (1 << NFTNL_EXPR_LOG_GROUP)) - eq &= (l1->group == l2->group); - if (e1->flags & (1 << NFTNL_EXPR_LOG_QTHRESHOLD)) - eq &= (l1->qthreshold == l2->qthreshold); - if (e1->flags & (1 << NFTNL_EXPR_LOG_LEVEL)) - eq &= (l1->level == l2->level); - if (e1->flags & (1 << NFTNL_EXPR_LOG_FLAGS)) - eq &= (l1->flags == l2->flags); - if (e1->flags & (1 << NFTNL_EXPR_LOG_PREFIX)) - eq &= !strcmp(l1->prefix, l2->prefix); - - return eq; -} - struct expr_ops expr_ops_log = { .name = "log", .alloc_len = sizeof(struct nftnl_expr_log), .max_attr = NFTA_LOG_MAX, .free = nftnl_expr_log_free, - .cmp = nftnl_expr_log_cmp, .set = nftnl_expr_log_set, .get = nftnl_expr_log_get, .parse = nftnl_expr_log_parse, diff --git a/src/expr/lookup.c b/src/expr/lookup.c index a502e2a5..a495ac0f 100644 --- a/src/expr/lookup.c +++ b/src/expr/lookup.c @@ -212,33 +212,11 @@ static void nftnl_expr_lookup_free(const struct nftnl_expr *e) xfree(lookup->set_name); } -static bool nftnl_expr_lookup_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_lookup *l1 = nftnl_expr_data(e1); - struct nftnl_expr_lookup *l2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_LOOKUP_SREG)) - eq &= (l1->sreg == l2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_LOOKUP_DREG)) - eq &= (l1->dreg == l2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_LOOKUP_SET)) - eq &= !strcmp(l1->set_name, l2->set_name); - if (e1->flags & (1 << NFTNL_EXPR_LOOKUP_SET_ID)) - eq &= (l1->set_id == l2->set_id); - if (e1->flags & (1 << NFTNL_EXPR_LOOKUP_FLAGS)) - eq &= (l1->flags == l2->flags); - - return eq; -} - struct expr_ops expr_ops_lookup = { .name = "lookup", .alloc_len = sizeof(struct nftnl_expr_lookup), .max_attr = NFTA_LOOKUP_MAX, .free = nftnl_expr_lookup_free, - .cmp = nftnl_expr_lookup_cmp, .set = nftnl_expr_lookup_set, .get = nftnl_expr_lookup_get, .parse = nftnl_expr_lookup_parse, diff --git a/src/expr/masq.c b/src/expr/masq.c index fe017f72..f6f3ceb6 100644 --- a/src/expr/masq.c +++ b/src/expr/masq.c @@ -161,28 +161,10 @@ static int nftnl_expr_masq_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_masq_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_masq *m1 = nftnl_expr_data(e1); - struct nftnl_expr_masq *m2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_MASQ_FLAGS)) - eq &= (m1->flags == m2->flags); - if (e1->flags & (1 << NFTNL_EXPR_MASQ_REG_PROTO_MIN)) - eq &= (m1->sreg_proto_min == m2->sreg_proto_min); - if (e1->flags & (1 << NFTNL_EXPR_MASQ_REG_PROTO_MAX)) - eq &= (m1->sreg_proto_max == m2->sreg_proto_max); - - return eq; -} - struct expr_ops expr_ops_masq = { .name = "masq", .alloc_len = sizeof(struct nftnl_expr_masq), .max_attr = NFTA_MASQ_MAX, - .cmp = nftnl_expr_masq_cmp, .set = nftnl_expr_masq_set, .get = nftnl_expr_masq_get, .parse = nftnl_expr_masq_parse, diff --git a/src/expr/match.c b/src/expr/match.c index 2b3321d1..4fa74b2d 100644 --- a/src/expr/match.c +++ b/src/expr/match.c @@ -189,31 +189,11 @@ static void nftnl_expr_match_free(const struct nftnl_expr *e) xfree(match->data); } -static bool nftnl_expr_match_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_match *m1 = nftnl_expr_data(e1); - struct nftnl_expr_match *m2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_MT_NAME)) - eq &= !strcmp(m1->name, m2->name); - if (e1->flags & (1 << NFTNL_EXPR_MT_REV)) - eq &= (m1->rev == m2->rev); - if (e1->flags & (1 << NFTNL_EXPR_MT_INFO)) { - eq &= (m1->data_len == m2->data_len); - eq &= !memcmp(m1->data, m2->data, m1->data_len); - } - - return eq; -} - struct expr_ops expr_ops_match = { .name = "match", .alloc_len = sizeof(struct nftnl_expr_match), .max_attr = NFTA_MATCH_MAX, .free = nftnl_expr_match_free, - .cmp = nftnl_expr_match_cmp, .set = nftnl_expr_match_set, .get = nftnl_expr_match_get, .parse = nftnl_expr_match_parse, diff --git a/src/expr/meta.c b/src/expr/meta.c index 3654837b..ffcc8967 100644 --- a/src/expr/meta.c +++ b/src/expr/meta.c @@ -214,28 +214,10 @@ nftnl_expr_meta_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_meta_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_meta *m1 = nftnl_expr_data(e1); - struct nftnl_expr_meta *m2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_META_KEY)) - eq &= (m1->key == m2->key); - if (e1->flags & (1 << NFTNL_EXPR_META_DREG)) - eq &= (m1->dreg == m2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_META_SREG)) - eq &= (m1->sreg == m2->sreg); - - return eq; -} - struct expr_ops expr_ops_meta = { .name = "meta", .alloc_len = sizeof(struct nftnl_expr_meta), .max_attr = NFTA_META_MAX, - .cmp = nftnl_expr_meta_cmp, .set = nftnl_expr_meta_set, .get = nftnl_expr_meta_get, .parse = nftnl_expr_meta_parse, diff --git a/src/expr/nat.c b/src/expr/nat.c index 38fccb0f..6b7d50ea 100644 --- a/src/expr/nat.c +++ b/src/expr/nat.c @@ -271,35 +271,10 @@ nftnl_expr_nat_snprintf(char *buf, size_t size, uint32_t type, return -1; } -static bool nftnl_expr_nat_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_nat *n1 = nftnl_expr_data(e1); - struct nftnl_expr_nat *n2 = nftnl_expr_data(e2); - bool eq = true; - if (e1->flags & (1 << NFTNL_EXPR_NAT_REG_ADDR_MIN)) - eq &= (n1->sreg_addr_min == n2->sreg_addr_min); - if (e1->flags & (1 << NFTNL_EXPR_NAT_REG_ADDR_MAX)) - eq &= (n1->sreg_addr_max == n2->sreg_addr_max); - if (e1->flags & (1 << NFTNL_EXPR_NAT_REG_PROTO_MIN)) - eq &= (n1->sreg_proto_min == n2->sreg_proto_min); - if (e1->flags & (1 << NFTNL_EXPR_NAT_REG_PROTO_MAX)) - eq &= (n1->sreg_proto_max == n2->sreg_proto_max); - if (e1->flags & (1 << NFTNL_EXPR_NAT_FAMILY)) - eq &= (n1->family == n2->family); - if (e1->flags & (1 << NFTNL_EXPR_NAT_TYPE)) - eq &= (n1->type == n2->type); - if (e1->flags & (1 << NFTNL_EXPR_NAT_FLAGS)) - eq &= (n1->flags == n2->flags); - - return eq; -} - struct expr_ops expr_ops_nat = { .name = "nat", .alloc_len = sizeof(struct nftnl_expr_nat), .max_attr = NFTA_NAT_MAX, - .cmp = nftnl_expr_nat_cmp, .set = nftnl_expr_nat_set, .get = nftnl_expr_nat_get, .parse = nftnl_expr_nat_parse, diff --git a/src/expr/numgen.c b/src/expr/numgen.c index f940081c..70d0d0d1 100644 --- a/src/expr/numgen.c +++ b/src/expr/numgen.c @@ -230,34 +230,10 @@ nftnl_expr_ng_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_ng_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_ng *n1 = nftnl_expr_data(e1); - struct nftnl_expr_ng *n2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_NG_DREG)) - eq &= (n1->dreg == n2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_NG_MODULUS)) - eq &= (n1->modulus == n2->modulus); - if (e1->flags & (1 << NFTNL_EXPR_NG_TYPE)) - eq &= (n1->type == n2->type); - if (e1->flags & (1 << NFTNL_EXPR_NG_OFFSET)) - eq &= (n1->offset == n2->offset); - if (e1->flags & (1 << NFTNL_EXPR_NG_SET_NAME)) - eq &= !strcmp(n1->map.name, n2->map.name); - if (e1->flags & (1 << NFTNL_EXPR_NG_SET_ID)) - eq &= (n1->map.id == n2->map.id); - - return eq; -} - struct expr_ops expr_ops_ng = { .name = "numgen", .alloc_len = sizeof(struct nftnl_expr_ng), .max_attr = NFTA_NG_MAX, - .cmp = nftnl_expr_ng_cmp, .set = nftnl_expr_ng_set, .get = nftnl_expr_ng_get, .parse = nftnl_expr_ng_parse, diff --git a/src/expr/objref.c b/src/expr/objref.c index 3b815f5c..7388b18a 100644 --- a/src/expr/objref.c +++ b/src/expr/objref.c @@ -202,32 +202,10 @@ static int nftnl_expr_objref_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_objref_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_objref *c1 = nftnl_expr_data(e1); - struct nftnl_expr_objref *c2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_OBJREF_IMM_TYPE)) - eq &= (c1->imm.type == c2->imm.type); - if (e1->flags & (1 << NFTNL_EXPR_OBJREF_IMM_NAME)) - eq &= !strcmp(c1->imm.name, c2->imm.name); - if (e1->flags & (1 << NFTNL_EXPR_OBJREF_SET_SREG)) - eq &= (c1->set.sreg == c2->set.sreg); - if (e1->flags & (1 << NFTNL_EXPR_OBJREF_SET_NAME)) - eq &= !strcmp(c1->set.name, c2->set.name); - if (e1->flags & (1 << NFTNL_EXPR_OBJREF_SET_ID)) - eq &= (c1->set.id == c2->set.id); - - return eq; -} - struct expr_ops expr_ops_objref = { .name = "objref", .alloc_len = sizeof(struct nftnl_expr_objref), .max_attr = NFTA_OBJREF_MAX, - .cmp = nftnl_expr_objref_cmp, .set = nftnl_expr_objref_set, .get = nftnl_expr_objref_get, .parse = nftnl_expr_objref_parse, diff --git a/src/expr/osf.c b/src/expr/osf.c index 08603286..52da21f4 100644 --- a/src/expr/osf.c +++ b/src/expr/osf.c @@ -136,27 +136,10 @@ nftnl_expr_osf_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_osf_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_osf *l1 = nftnl_expr_data(e1); - struct nftnl_expr_osf *l2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_OSF_DREG)) - eq &= (l1->dreg == l2->dreg); - - if (e1->flags & (1 << NFTNL_EXPR_OSF_TTL)) - eq &= (l1->ttl == l2->ttl); - - return eq; -} - struct expr_ops expr_ops_osf = { .name = "osf", .alloc_len = sizeof(struct nftnl_expr_osf), .max_attr = NFTA_OSF_MAX, - .cmp = nftnl_expr_osf_cmp, .set = nftnl_expr_osf_set, .get = nftnl_expr_osf_get, .parse = nftnl_expr_osf_parse, diff --git a/src/expr/payload.c b/src/expr/payload.c index 680da4a8..2192dad5 100644 --- a/src/expr/payload.c +++ b/src/expr/payload.c @@ -258,38 +258,10 @@ nftnl_expr_payload_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_payload_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_payload *p1 = nftnl_expr_data(e1); - struct nftnl_expr_payload *p2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_SREG)) - eq &= (p1->sreg == p2->sreg); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_DREG)) - eq &= (p1->dreg == p2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_BASE)) - eq &= (p1->base == p2->base); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_OFFSET)) - eq &= (p1->offset == p2->offset); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_LEN)) - eq &= (p1->len == p2->len); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_CSUM_TYPE)) - eq &= (p1->csum_type == p2->csum_type); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_CSUM_OFFSET)) - eq &= (p1->csum_offset == p2->csum_offset); - if (e1->flags & (1 << NFTNL_EXPR_PAYLOAD_FLAGS)) - eq &= (p1->csum_flags == p2->csum_flags); - - return eq; -} - struct expr_ops expr_ops_payload = { .name = "payload", .alloc_len = sizeof(struct nftnl_expr_payload), .max_attr = NFTA_PAYLOAD_MAX, - .cmp = nftnl_expr_payload_cmp, .set = nftnl_expr_payload_set, .get = nftnl_expr_payload_get, .parse = nftnl_expr_payload_parse, diff --git a/src/expr/queue.c b/src/expr/queue.c index f9d83139..051ef71e 100644 --- a/src/expr/queue.c +++ b/src/expr/queue.c @@ -199,30 +199,10 @@ nftnl_expr_queue_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_queue_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_queue *q1 = nftnl_expr_data(e1); - struct nftnl_expr_queue *q2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_QUEUE_NUM)) - eq &= (q1->queuenum == q2->queuenum); - if (e1->flags & (1 << NFTNL_EXPR_QUEUE_TOTAL)) - eq &= (q1->queues_total == q2->queues_total); - if (e1->flags & (1 << NFTNL_EXPR_QUEUE_FLAGS)) - eq &= (q1->flags == q2->flags); - if (e1->flags & (1 << NFTNL_EXPR_QUEUE_SREG_QNUM)) - eq &= (q1->sreg_qnum == q2->sreg_qnum); - - return eq; -} - struct expr_ops expr_ops_queue = { .name = "queue", .alloc_len = sizeof(struct nftnl_expr_queue), .max_attr = NFTA_QUEUE_MAX, - .cmp = nftnl_expr_queue_cmp, .set = nftnl_expr_queue_set, .get = nftnl_expr_queue_get, .parse = nftnl_expr_queue_parse, diff --git a/src/expr/redir.c b/src/expr/redir.c index 36c2e2b1..477659a3 100644 --- a/src/expr/redir.c +++ b/src/expr/redir.c @@ -173,28 +173,10 @@ nftnl_expr_redir_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_redir_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_redir *r1 = nftnl_expr_data(e1); - struct nftnl_expr_redir *r2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_REDIR_REG_PROTO_MIN)) - eq &= (r1->sreg_proto_min== r2->sreg_proto_min); - if (e1->flags & (1 << NFTNL_EXPR_REDIR_REG_PROTO_MAX)) - eq &= (r1->sreg_proto_max== r2->sreg_proto_max); - if (e1->flags & (1 << NFTNL_EXPR_REDIR_FLAGS)) - eq &= (r1->flags== r2->flags); - - return eq; -} - struct expr_ops expr_ops_redir = { .name = "redir", .alloc_len = sizeof(struct nftnl_expr_redir), .max_attr = NFTA_REDIR_MAX, - .cmp = nftnl_expr_redir_cmp, .set = nftnl_expr_redir_set, .get = nftnl_expr_redir_get, .parse = nftnl_expr_redir_parse, diff --git a/src/expr/reject.c b/src/expr/reject.c index 3e49076f..141942e6 100644 --- a/src/expr/reject.c +++ b/src/expr/reject.c @@ -140,26 +140,10 @@ nftnl_expr_reject_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_reject_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_reject *r1 = nftnl_expr_data(e1); - struct nftnl_expr_reject *r2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_REJECT_TYPE)) - eq &= (r1->type == r2->type); - if (e1->flags & (1 << NFTNL_EXPR_REJECT_CODE)) - eq &= (r1->icmp_code == r2->icmp_code); - - return eq; -} - struct expr_ops expr_ops_reject = { .name = "reject", .alloc_len = sizeof(struct nftnl_expr_reject), .max_attr = NFTA_REJECT_MAX, - .cmp = nftnl_expr_reject_cmp, .set = nftnl_expr_reject_set, .get = nftnl_expr_reject_get, .parse = nftnl_expr_reject_parse, diff --git a/src/expr/rt.c b/src/expr/rt.c index a112270c..0fce72d9 100644 --- a/src/expr/rt.c +++ b/src/expr/rt.c @@ -169,26 +169,10 @@ nftnl_expr_rt_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_rt_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_rt *r1 = nftnl_expr_data(e1); - struct nftnl_expr_rt *r2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_RT_KEY)) - eq &= (r1->key == r2->key); - if (e1->flags & (1 << NFTNL_EXPR_RT_DREG)) - eq &= (r1->dreg == r2->dreg); - - return eq; -} - struct expr_ops expr_ops_rt = { .name = "rt", .alloc_len = sizeof(struct nftnl_expr_rt), .max_attr = NFTA_RT_MAX, - .cmp = nftnl_expr_rt_cmp, .set = nftnl_expr_rt_set, .get = nftnl_expr_rt_get, .parse = nftnl_expr_rt_parse, diff --git a/src/expr/socket.c b/src/expr/socket.c index ebafa2f1..96550d58 100644 --- a/src/expr/socket.c +++ b/src/expr/socket.c @@ -166,26 +166,10 @@ nftnl_expr_socket_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_socket_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_socket *r1 = nftnl_expr_data(e1); - struct nftnl_expr_socket *r2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_SOCKET_KEY)) - eq &= (r1->key == r2->key); - if (e1->flags & (1 << NFTNL_EXPR_SOCKET_DREG)) - eq &= (r1->dreg == r2->dreg); - - return eq; -} - struct expr_ops expr_ops_socket = { .name = "socket", .alloc_len = sizeof(struct nftnl_expr_socket), .max_attr = NFTA_SOCKET_MAX, - .cmp = nftnl_expr_socket_cmp, .set = nftnl_expr_socket_set, .get = nftnl_expr_socket_get, .parse = nftnl_expr_socket_parse, diff --git a/src/expr/target.c b/src/expr/target.c index bf2ba77b..91000386 100644 --- a/src/expr/target.c +++ b/src/expr/target.c @@ -189,31 +189,11 @@ static void nftnl_expr_target_free(const struct nftnl_expr *e) xfree(target->data); } -static bool nftnl_expr_target_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_target *t1 = nftnl_expr_data(e1); - struct nftnl_expr_target *t2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_TG_NAME)) - eq &= !strcmp(t1->name, t2->name); - if (e1->flags & (1 << NFTNL_EXPR_TG_REV)) - eq &= (t1->rev == t2->rev); - if (e1->flags & (1 << NFTNL_EXPR_TG_INFO)) { - eq &= (t1->data_len == t2->data_len); - eq &= !memcmp(t1->data, t2->data, t1->data_len); - } - - return eq; -} - struct expr_ops expr_ops_target = { .name = "target", .alloc_len = sizeof(struct nftnl_expr_target), .max_attr = NFTA_TARGET_MAX, .free = nftnl_expr_target_free, - .cmp = nftnl_expr_target_cmp, .set = nftnl_expr_target_set, .get = nftnl_expr_target_get, .parse = nftnl_expr_target_parse, diff --git a/src/expr/tproxy.c b/src/expr/tproxy.c index d75abbc9..3827b75e 100644 --- a/src/expr/tproxy.c +++ b/src/expr/tproxy.c @@ -175,28 +175,10 @@ nftnl_expr_tproxy_snprintf(char *buf, size_t size, uint32_t type, return -1; } -static bool nftnl_expr_tproxy_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_tproxy *n1 = nftnl_expr_data(e1); - struct nftnl_expr_tproxy *n2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_TPROXY_REG_ADDR)) - eq &= (n1->sreg_addr == n2->sreg_addr); - if (e1->flags & (1 << NFTNL_EXPR_TPROXY_REG_PORT)) - eq &= (n1->sreg_port == n2->sreg_port); - if (e1->flags & (1 << NFTNL_EXPR_TPROXY_FAMILY)) - eq &= (n1->family == n2->family); - - return eq; -} - struct expr_ops expr_ops_tproxy = { .name = "tproxy", .alloc_len = sizeof(struct nftnl_expr_tproxy), .max_attr = NFTA_TPROXY_MAX, - .cmp = nftnl_expr_tproxy_cmp, .set = nftnl_expr_tproxy_set, .get = nftnl_expr_tproxy_get, .parse = nftnl_expr_tproxy_parse, diff --git a/src/expr/xfrm.c b/src/expr/xfrm.c index 7c6f98ee..8fe5438b 100644 --- a/src/expr/xfrm.c +++ b/src/expr/xfrm.c @@ -231,30 +231,10 @@ nftnl_expr_xfrm_snprintf(char *buf, size_t len, uint32_t type, return -1; } -static bool nftnl_expr_xfrm_cmp(const struct nftnl_expr *e1, - const struct nftnl_expr *e2) -{ - struct nftnl_expr_xfrm *x1 = nftnl_expr_data(e1); - struct nftnl_expr_xfrm *x2 = nftnl_expr_data(e2); - bool eq = true; - - if (e1->flags & (1 << NFTNL_EXPR_XFRM_KEY)) - eq &= (x1->key == x2->key); - if (e1->flags & (1 << NFTNL_EXPR_XFRM_DIR)) - eq &= (x1->dir == x2->dir); - if (e1->flags & (1 << NFTNL_EXPR_XFRM_SPNUM)) - eq &= (x1->spnum == x2->spnum); - if (e1->flags & (1 << NFTNL_EXPR_XFRM_DREG)) - eq &= (x1->dreg == x2->dreg); - - return eq; -} - struct expr_ops expr_ops_xfrm = { .name = "xfrm", .alloc_len = sizeof(struct nftnl_expr_xfrm), .max_attr = NFTA_XFRM_MAX, - .cmp = nftnl_expr_xfrm_cmp, .set = nftnl_expr_xfrm_set, .get = nftnl_expr_xfrm_get, .parse = nftnl_expr_xfrm_parse, diff --git a/src/libnftnl.map b/src/libnftnl.map index 0d6b20c8..89414f21 100644 --- a/src/libnftnl.map +++ b/src/libnftnl.map @@ -1,4 +1,4 @@ -LIBNFTNL_5 { +LIBNFTNL_11 { global: nftnl_table_alloc; nftnl_table_free; @@ -271,9 +271,6 @@ global: nftnl_udata_next; nftnl_udata_parse; - nftnl_rule_cmp; - nftnl_expr_cmp; - nftnl_obj_alloc; nftnl_obj_free; nftnl_obj_is_set; @@ -307,14 +304,8 @@ global: nftnl_obj_list_iter_next; nftnl_obj_list_iter_destroy; -local: *; -}; - -LIBNFTNL_6 { nftnl_expr_fprintf; -} LIBNFTNL_5; -LIBNFTNL_7 { nftnl_flowtable_alloc; nftnl_flowtable_free; nftnl_flowtable_is_set; @@ -341,8 +332,7 @@ LIBNFTNL_7 { nftnl_flowtable_list_del; nftnl_flowtable_list_foreach; -} LIBNFTNL_6; - -LIBNFTNL_8 { nftnl_rule_list_insert_at; -} LIBNFTNL_7; + +local: *; +}; diff --git a/src/rule.c b/src/rule.c index c3c8a8ba..9af8fae2 100644 --- a/src/rule.c +++ b/src/rule.c @@ -740,37 +740,6 @@ void nftnl_expr_iter_destroy(struct nftnl_expr_iter *iter) xfree(iter); } -EXPORT_SYMBOL(nftnl_rule_cmp); -bool nftnl_rule_cmp(const struct nftnl_rule *r1, const struct nftnl_rule *r2) -{ - struct nftnl_expr_iter it1, it2; - struct nftnl_expr *e1, *e2; - unsigned int eq = 1; - - if (r1->flags & r1->flags & (1 << NFTNL_RULE_TABLE)) - eq &= !strcmp(r1->table, r2->table); - if (r1->flags & r1->flags & (1 << NFTNL_RULE_CHAIN)) - eq &= !strcmp(r1->chain, r2->chain); - if (r1->flags & r1->flags & (1 << NFTNL_RULE_COMPAT_FLAGS)) - eq &= (r1->compat.flags == r2->compat.flags); - if (r1->flags & r1->flags & (1 << NFTNL_RULE_COMPAT_PROTO)) - eq &= (r1->compat.proto == r2->compat.proto); - - nftnl_expr_iter_init(r1, &it1); - nftnl_expr_iter_init(r2, &it2); - e1 = nftnl_expr_iter_next(&it1); - e2 = nftnl_expr_iter_next(&it2); - while (eq && e1 && e2) { - eq = nftnl_expr_cmp(e1, e2); - - e1 = nftnl_expr_iter_next(&it1); - e2 = nftnl_expr_iter_next(&it2); - } - eq &= (!e1 && !e2); - - return eq; -} - struct nftnl_rule_list { struct list_head list; };