int sd_nfnl_message_batch_begin(sd_netlink *nfnl, sd_netlink_message **ret);
int sd_nfnl_message_batch_end(sd_netlink *nfnl, sd_netlink_message **ret);
int sd_nfnl_nft_message_del_table(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table);
+ int nfproto, const char *table);
int sd_nfnl_nft_message_new_table(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table);
+ int nfproto, const char *table);
int sd_nfnl_nft_message_new_basechain(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table, const char *chain,
+ int nfproto, const char *table, const char *chain,
const char *type, uint8_t hook, int prio);
int sd_nfnl_nft_message_new_rule(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table, const char *chain);
+ int nfproto, const char *table, const char *chain);
int sd_nfnl_nft_message_new_set(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table, const char *set_name,
+ int nfproto, const char *table, const char *set_name,
uint32_t setid, uint32_t klen);
int sd_nfnl_nft_message_new_setelems_begin(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table, const char *set_name);
+ int nfproto, const char *table, const char *set_name);
int sd_nfnl_nft_message_del_setelems_begin(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table, const char *set_name);
+ int nfproto, const char *table, const char *set_name);
int sd_nfnl_nft_message_add_setelem(sd_netlink_message *m,
- uint32_t num,
- const void *key, uint32_t klen,
- const void *data, uint32_t dlen);
+ uint32_t index,
+ const void *key, size_t key_len,
+ const void *data, size_t data_len);
int sd_nfnl_nft_message_add_setelem_end(sd_netlink_message *m);
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <netinet/in.h>
-#include <linux/if_addrlabel.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
-#include <linux/nexthop.h>
-#include <stdbool.h>
-#include <unistd.h>
+#include <linux/netfilter.h>
#include "sd-netlink.h"
-#include "format-util.h"
#include "netlink-internal.h"
#include "netlink-types.h"
-#include "socket-util.h"
-static int nft_message_new(sd_netlink *nfnl, sd_netlink_message **ret, int family, uint16_t msg_type, uint16_t flags) {
+static bool nfproto_is_valid(int nfproto) {
+ return IN_SET(nfproto,
+ NFPROTO_UNSPEC,
+ NFPROTO_INET,
+ NFPROTO_IPV4,
+ NFPROTO_ARP,
+ NFPROTO_NETDEV,
+ NFPROTO_BRIDGE,
+ NFPROTO_IPV6,
+ NFPROTO_DECNET);
+}
+
+static int nft_message_new(sd_netlink *nfnl, sd_netlink_message **ret, int nfproto, uint16_t msg_type, uint16_t flags) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
assert_return(nfnl, -EINVAL);
assert_return(ret, -EINVAL);
+ assert_return(nfproto_is_valid(nfproto), -EINVAL);
+ assert_return(NFNL_MSG_TYPE(msg_type) == msg_type, -EINVAL);
r = message_new(nfnl, &m, NFNL_SUBSYS_NFTABLES << 8 | msg_type);
if (r < 0)
m->hdr->nlmsg_flags |= flags;
*(struct nfgenmsg*) NLMSG_DATA(m->hdr) = (struct nfgenmsg) {
- .nfgen_family = family,
+ .nfgen_family = nfproto,
.version = NFNETLINK_V0,
.res_id = nfnl->serial,
};
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
+ assert_return(nfnl, -EINVAL);
+ assert_return(ret, -EINVAL);
+ assert_return(NFNL_MSG_TYPE(msg_type) == msg_type, -EINVAL);
+
r = message_new(nfnl, &m, NFNL_SUBSYS_NONE << 8 | msg_type);
if (r < 0)
return r;
*(struct nfgenmsg*) NLMSG_DATA(m->hdr) = (struct nfgenmsg) {
- .nfgen_family = AF_UNSPEC,
+ .nfgen_family = NFPROTO_UNSPEC,
.version = NFNETLINK_V0,
.res_id = NFNL_SUBSYS_NFTABLES,
};
int sd_nfnl_nft_message_new_basechain(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table,
const char *chain,
const char *type,
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_NEWCHAIN, NLM_F_CREATE);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_NEWCHAIN, NLM_F_CREATE);
if (r < 0)
return r;
int sd_nfnl_nft_message_del_table(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_DELTABLE, NLM_F_CREATE);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_DELTABLE, NLM_F_CREATE);
if (r < 0)
return r;
int sd_nfnl_nft_message_new_table(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_NEWTABLE, NLM_F_CREATE | NLM_F_EXCL);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_NEWTABLE, NLM_F_CREATE | NLM_F_EXCL);
if (r < 0)
return r;
int sd_nfnl_nft_message_new_rule(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table,
const char *chain) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_NEWRULE, NLM_F_CREATE);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_NEWRULE, NLM_F_CREATE);
if (r < 0)
return r;
int sd_nfnl_nft_message_new_set(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table,
const char *set_name,
uint32_t set_id,
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_NEWSET, NLM_F_CREATE);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_NEWSET, NLM_F_CREATE);
if (r < 0)
return r;
int sd_nfnl_nft_message_new_setelems_begin(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table,
const char *set_name) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_NEWSETELEM, NLM_F_CREATE);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_NEWSETELEM, NLM_F_CREATE);
if (r < 0)
return r;
int sd_nfnl_nft_message_del_setelems_begin(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table,
const char *set_name) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_DELSETELEM, 0);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_DELSETELEM, 0);
if (r < 0)
return r;
int sd_nfnl_nft_message_add_setelem(
sd_netlink_message *m,
- uint32_t num,
+ uint32_t index,
const void *key,
- uint32_t klen,
+ size_t key_len,
const void *data,
- uint32_t dlen) {
+ size_t data_len) {
int r;
- r = sd_netlink_message_open_array(m, num);
+ r = sd_netlink_message_open_array(m, index);
if (r < 0)
return r;
- r = add_data(m, NFTA_SET_ELEM_KEY, key, klen);
+ r = add_data(m, NFTA_SET_ELEM_KEY, key, key_len);
if (r < 0)
goto cancel;
if (data) {
- r = add_data(m, NFTA_SET_ELEM_DATA, data, dlen);
+ r = add_data(m, NFTA_SET_ELEM_DATA, data, data_len);
if (r < 0)
goto cancel;
}
projects / thirdparty / systemd.git / commitdiff
