From 61c295c9dec447239ed2c84b0073594ffecf7554 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 27 Apr 2022 14:46:47 +0200 Subject: [PATCH] src: add CMD_OBJ_SETELEMS Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2073287 Upstream Status: nftables commit c9eae091983ae Conflicts: Context change due to missing commit 086ec6f30c96e ("mnl: extended error support for create command"). commit c9eae091983ae9ffcf2ca5b666bc03d5a1916c2f Author: Pablo Neira Ayuso Date: Fri May 8 14:44:03 2020 +0200 src: add CMD_OBJ_SETELEMS This new command type results from expanding the set definition in two commands: One to add the set and another to add the elements. This results in 1:1 mapping between the command object to the netlink API. The command is then translated into a netlink message which gets a unique sequence number. This sequence number allows to correlate the netlink extended error reporting with the corresponding command. Signed-off-by: Pablo Neira Ayuso --- include/rule.h | 2 ++ src/rule.c | 23 +++++++++++++++++++---- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/include/rule.h b/include/rule.h index 7fe607f..1efd4fb 100644 --- a/include/rule.h +++ b/include/rule.h @@ -545,6 +545,7 @@ enum cmd_ops { * @CMD_OBJ_ELEMENTS: set element(s) * @CMD_OBJ_SET: set * @CMD_OBJ_SETS: multiple sets + * @CMD_OBJ_SETELEMS: set elements * @CMD_OBJ_RULE: rule * @CMD_OBJ_CHAIN: chain * @CMD_OBJ_CHAINS: multiple chains @@ -572,6 +573,7 @@ enum cmd_obj { CMD_OBJ_INVALID, CMD_OBJ_ELEMENTS, CMD_OBJ_SET, + CMD_OBJ_SETELEMS, CMD_OBJ_SETS, CMD_OBJ_RULE, CMD_OBJ_CHAIN, diff --git a/src/rule.c b/src/rule.c index afb6dc9..c43e0cd 100644 --- a/src/rule.c +++ b/src/rule.c @@ -1352,11 +1352,11 @@ struct cmd *cmd_alloc(enum cmd_ops op, enum cmd_obj obj, void nft_cmd_expand(struct cmd *cmd) { struct list_head new_cmds; + struct set *set, *newset; struct flowtable *ft; struct table *table; struct chain *chain; struct rule *rule; - struct set *set; struct obj *obj; struct cmd *new; struct handle h; @@ -1412,6 +1412,18 @@ void nft_cmd_expand(struct cmd *cmd) } list_splice(&new_cmds, &cmd->list); break; + case CMD_OBJ_SET: + set = cmd->set; + memset(&h, 0, sizeof(h)); + handle_merge(&h, &set->handle); + newset = set_clone(set); + newset->handle.set_id = set->handle.set_id; + newset->init = set->init; + set->init = NULL; + new = cmd_alloc(CMD_ADD, CMD_OBJ_SETELEMS, &h, + &set->location, newset); + list_add(&new->list, &cmd->list); + break; default: break; } @@ -1460,6 +1472,7 @@ void cmd_free(struct cmd *cmd) expr_free(cmd->expr); break; case CMD_OBJ_SET: + case CMD_OBJ_SETELEMS: set_free(cmd->set); break; case CMD_OBJ_RULE: @@ -1545,7 +1558,7 @@ static int do_add_setelems(struct netlink_ctx *ctx, struct cmd *cmd, } static int do_add_set(struct netlink_ctx *ctx, const struct cmd *cmd, - uint32_t flags) + uint32_t flags, bool add) { struct set *set = cmd->set; @@ -1556,7 +1569,7 @@ static int do_add_set(struct netlink_ctx *ctx, const struct cmd *cmd, &ctx->nft->output) < 0) return -1; } - if (mnl_nft_set_add(ctx, cmd, flags) < 0) + if (add && mnl_nft_set_add(ctx, cmd, flags) < 0) return -1; if (set->init != NULL) { return __do_add_setelems(ctx, set, set->init, flags); @@ -1579,7 +1592,9 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl) case CMD_OBJ_RULE: return mnl_nft_rule_add(ctx, cmd, flags | NLM_F_APPEND); case CMD_OBJ_SET: - return do_add_set(ctx, cmd, flags); + return do_add_set(ctx, cmd, flags, true); + case CMD_OBJ_SETELEMS: + return do_add_set(ctx, cmd, flags, false); case CMD_OBJ_ELEMENTS: return do_add_setelems(ctx, cmd, flags); case CMD_OBJ_COUNTER: -- 2.34.1