src: osf: load pf.os from expr_evaluate_osf()

Remove osf_init variable and call nfnl_osf_load_fingerprints() from
expr_evaluate_osf() instead of doing that from do_command_add() path.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/osf.h b/include/osf.h
index 074ba9a3687ba22dfa884f3cb76083d4afd9dca9..54cdd4af5df34d29b47ab10171a1888d06a677ca 100644 (file)
--- a/include/osf.h
+++ b/include/osf.h
@@ -3,7 +3,6 @@
 
 struct expr *osf_expr_alloc(const struct location *loc);
 
-extern bool osf_init;
 extern int nfnl_osf_load_fingerprints(struct netlink_ctx *ctx, int del);
 
 #endif /* NFTABLES_OSF_H */

diff --git a/src/evaluate.c b/src/evaluate.c
index 9a7118eccc0c40c0e9eb7a9b34667fa4a9f56fa8..195508236e1e6a2a5b458f431f03ac11497443da 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -26,6 +26,8 @@
 
 #include <expression.h>
 #include <statement.h>
+#include <netlink.h>
+#include <time.h>
 #include <rule.h>
 #include <erec.h>
 #include <gmputil.h>
@@ -1727,6 +1729,15 @@ static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **expr)
 
 static int expr_evaluate_osf(struct eval_ctx *ctx, struct expr **expr)
 {
+       struct netlink_ctx nl_ctx = {
+               .nf_sock        = ctx->nf_sock,
+               .debug_mask     = ctx->debug_mask,
+               .octx           = ctx->octx,
+               .seqnum         = time(NULL),
+       };
+
+       nfnl_osf_load_fingerprints(&nl_ctx, 0);
+
        return expr_evaluate_primary(ctx, expr);
 }
 

diff --git a/src/nfnl_osf.c b/src/nfnl_osf.c
index e37510bd4a416d590cd4b05d2aadeb22127d74db..fb76fb0eeb1851fbec499fc03559ac530a2f9c5e 100644 (file)
--- a/src/nfnl_osf.c
+++ b/src/nfnl_osf.c
@@ -43,8 +43,6 @@
 #define OSFPDEL                ':'
 #define MAXOPTSTRLEN           128
 
-bool osf_init;
-
 static struct nf_osf_opt IANA_opts[] = {
        { .kind = 0, .length = 1,},
        { .kind=1, .length=1,},

diff --git a/src/osf.c b/src/osf.c
index fc09e1571da1c8cf7c962505f44b1ad298a490ab..85c957391b573e10020208e3feff304ae1148629 100644 (file)
--- a/src/osf.c
+++ b/src/osf.c
@@ -28,7 +28,6 @@ struct expr *osf_expr_alloc(const struct location *loc)
        const struct datatype *type = &string_type;
        struct expr *expr;
 
-       osf_init = true;
        expr = expr_alloc(loc, &osf_expr_ops, type,
                          BYTEORDER_HOST_ENDIAN, len);
 

diff --git a/src/rule.c b/src/rule.c
index 68abdc34d4c6197dfae4aaf16751863d899c5d27..e6d61b670688fcc8d7006b2d5412c78040099e8a 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -1394,7 +1394,6 @@ static int do_add_set(struct netlink_ctx *ctx, const struct cmd *cmd,
 static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl)
 {
        uint32_t flags = excl ? NLM_F_EXCL : 0;
-       int err;
 
        if (ctx->octx->echo) {
                int ret;
@@ -1413,10 +1412,7 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl)
        case CMD_OBJ_CHAIN:
                return netlink_add_chain_batch(ctx, cmd, flags);
        case CMD_OBJ_RULE:
-               err = netlink_add_rule_batch(ctx, cmd, flags | NLM_F_APPEND);
-               if (osf_init)
-                       nfnl_osf_load_fingerprints(ctx, 0);
-               return err;
+               return netlink_add_rule_batch(ctx, cmd, flags | NLM_F_APPEND);
        case CMD_OBJ_SET:
                return do_add_set(ctx, cmd, flags);
        case CMD_OBJ_SETELEM: