From da71df5d7e2602279cfe713be01bd402c699cd4e Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 22 Oct 2018 21:18:19 +0200 Subject: [PATCH] src: pass struct nft_ctx through struct netlink_ctx Signed-off-by: Pablo Neira Ayuso (cherry picked from commit 2dc07bcd7eaa56369dff01b596acf010308007d3) Conflicts: src/evaluate.c src/mnl.c src/nfnl_osf.c src/rule.c -> Missing osf support -> Missing cleanups Signed-off-by: Phil Sutter --- include/netlink.h | 9 +-- include/rule.h | 10 ++- src/evaluate.c | 51 +++++---------- src/libnftables.c | 8 +-- src/mnl.c | 22 +++---- src/monitor.c | 52 ++++++++-------- src/netlink.c | 47 +++++++------- src/netlink_delinearize.c | 4 +- src/rule.c | 128 ++++++++++++++++++-------------------- 9 files changed, 147 insertions(+), 184 deletions(-) diff --git a/include/netlink.h b/include/netlink.h index d153e2be03ac5..31465ff16822e 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -35,26 +35,21 @@ extern const struct location netlink_location; /** * struct netlink_ctx * + * @nft: nftables context * @msgs: message queue * @list: list of parsed rules/chains/tables * @set: current set * @data: pointer to pass data to callback * @seqnum: sequence number - * @octx: output context - * @debug_mask: display debugging information - * @cache: cache context */ struct netlink_ctx { - struct mnl_socket *nf_sock; + struct nft_ctx *nft; struct list_head *msgs; struct list_head list; struct set *set; const void *data; uint32_t seqnum; struct nftnl_batch *batch; - unsigned int debug_mask; - struct output_ctx *octx; - struct nft_cache *cache; }; extern struct nftnl_table *alloc_nftnl_table(const struct handle *h); diff --git a/include/rule.h b/include/rule.h index b1d15c8725813..12c2984a14362 100644 --- a/include/rule.h +++ b/include/rule.h @@ -574,12 +574,10 @@ extern struct error_record *rule_postprocess(struct rule *rule); struct netlink_ctx; extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd); -extern int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache, - enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_flag, - struct output_ctx *octx); -extern void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache, - enum cmd_ops cmd, struct list_head *msgs, - unsigned int debug_mask, struct output_ctx *octx); +extern int cache_update(struct nft_ctx *ctx, enum cmd_ops cmd, + struct list_head *msgs); +extern void cache_flush(struct nft_ctx *ctx, enum cmd_ops cmd, + struct list_head *msgs); extern void cache_release(struct nft_cache *cache); enum udata_type { diff --git a/src/evaluate.c b/src/evaluate.c index 5e9c6328fc692..809920748c0a9 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -184,8 +184,7 @@ static int expr_evaluate_symbol(struct eval_ctx *ctx, struct expr **expr) } break; case SYMBOL_SET: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, ctx->cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, ctx->cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -2895,8 +2894,7 @@ static int rule_translate_index(struct eval_ctx *ctx, struct rule *rule) int ret; /* update cache with CMD_LIST so that rules are fetched, too */ - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, CMD_LIST, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, CMD_LIST, ctx->msgs); if (ret < 0) return ret; @@ -3088,15 +3086,13 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_SETELEM: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; return setelem_evaluate(ctx, &cmd->expr); case CMD_OBJ_SET: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3106,8 +3102,7 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd) handle_merge(&cmd->rule->handle, &cmd->handle); return rule_evaluate(ctx, cmd->rule); case CMD_OBJ_CHAIN: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3115,8 +3110,7 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd) case CMD_OBJ_TABLE: return table_evaluate(ctx, cmd->table); case CMD_OBJ_FLOWTABLE: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3138,8 +3132,7 @@ static int cmd_evaluate_delete(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_SETELEM: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3165,8 +3158,7 @@ static int cmd_evaluate_get(struct eval_ctx *ctx, struct cmd *cmd) struct set *set; int ret; - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3215,8 +3207,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd) struct set *set; int ret; - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3313,8 +3304,7 @@ static int cmd_evaluate_reset(struct eval_ctx *ctx, struct cmd *cmd) { int ret; - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3343,8 +3333,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_RULESET: - cache_flush(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + cache_flush(ctx->nft, cmd->op, ctx->msgs); break; case CMD_OBJ_TABLE: /* Flushing a table does not empty the sets in the table nor remove @@ -3354,8 +3343,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) /* Chains don't hold sets */ break; case CMD_OBJ_SET: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3371,8 +3359,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) strerror(ENOENT)); return 0; case CMD_OBJ_MAP: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3388,8 +3375,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) strerror(ENOENT)); return 0; case CMD_OBJ_METER: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3417,8 +3403,7 @@ static int cmd_evaluate_rename(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_CHAIN: - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, - ctx->msgs, ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3517,8 +3502,7 @@ static int cmd_evaluate_monitor(struct eval_ctx *ctx, struct cmd *cmd) uint32_t event; int ret; - ret = cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + ret = cache_update(ctx->nft, cmd->op, ctx->msgs); if (ret < 0) return ret; @@ -3543,8 +3527,7 @@ static int cmd_evaluate_export(struct eval_ctx *ctx, struct cmd *cmd) return cmd_error(ctx, &cmd->location, "this output type is not supported"); - return cache_update(ctx->nft->nf_sock, &ctx->nft->cache, cmd->op, ctx->msgs, - ctx->nft->debug_mask, &ctx->nft->output); + return cache_update(ctx->nft, cmd->op, ctx->msgs); } static int cmd_evaluate_import(struct eval_ctx *ctx, struct cmd *cmd) diff --git a/src/libnftables.c b/src/libnftables.c index 91af169ca7190..848c9cba65657 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -40,10 +40,7 @@ static int nft_netlink(struct nft_ctx *nft, ctx.msgs = msgs; ctx.seqnum = cmd->seqnum = mnl_seqnum_alloc(&seqnum); ctx.batch = batch; - ctx.octx = &nft->output; - ctx.nf_sock = nf_sock; - ctx.cache = &nft->cache; - ctx.debug_mask = nft->debug_mask; + ctx.nft = nft; init_list_head(&ctx.list); ret = do_command(&ctx, cmd); if (ret < 0) { @@ -480,8 +477,7 @@ int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename) LIST_HEAD(cmds); int rc; - rc = cache_update(nft->nf_sock, &nft->cache, CMD_INVALID, &msgs, - nft->debug_mask, &nft->output); + rc = cache_update(nft, CMD_INVALID, &msgs); if (rc < 0) return -1; diff --git a/src/mnl.c b/src/mnl.c index 42eacab74e4e0..fd89ee7f28aaf 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -51,13 +51,13 @@ nft_mnl_recv(struct netlink_ctx *ctx, uint32_t portid, char buf[NFT_NLMSG_MAXSIZE]; int ret; - ret = mnl_socket_recvfrom(ctx->nf_sock, buf, sizeof(buf)); + ret = mnl_socket_recvfrom(ctx->nft->nf_sock, buf, sizeof(buf)); while (ret > 0) { ret = mnl_cb_run(buf, ret, ctx->seqnum, portid, cb, cb_data); if (ret <= 0) goto out; - ret = mnl_socket_recvfrom(ctx->nf_sock, buf, sizeof(buf)); + ret = mnl_socket_recvfrom(ctx->nft->nf_sock, buf, sizeof(buf)); } out: if (ret < 0 && errno == EAGAIN) @@ -70,13 +70,13 @@ static int nft_mnl_talk(struct netlink_ctx *ctx, const void *data, unsigned int len, int (*cb)(const struct nlmsghdr *nlh, void *data), void *cb_data) { - uint32_t portid = mnl_socket_get_portid(ctx->nf_sock); + uint32_t portid = mnl_socket_get_portid(ctx->nft->nf_sock); - if (ctx->debug_mask & NFT_DEBUG_MNL) - mnl_nlmsg_fprintf(ctx->octx->output_fp, data, len, + if (ctx->nft->debug_mask & NFT_DEBUG_MNL) + mnl_nlmsg_fprintf(ctx->nft->output.output_fp, data, len, sizeof(struct nfgenmsg)); - if (mnl_socket_sendto(ctx->nf_sock, data, len) < 0) + if (mnl_socket_sendto(ctx->nft->nf_sock, data, len) < 0) return -1; return nft_mnl_recv(ctx, portid, cb, cb_data); @@ -225,23 +225,23 @@ static ssize_t mnl_nft_socket_sendmsg(const struct netlink_ctx *ctx) }; uint32_t i; - mnl_set_sndbuffer(ctx->nf_sock, ctx->batch); + mnl_set_sndbuffer(ctx->nft->nf_sock, ctx->batch); nftnl_batch_iovec(ctx->batch, iov, iov_len); for (i = 0; i < iov_len; i++) { - if (ctx->debug_mask & NFT_DEBUG_MNL) { - mnl_nlmsg_fprintf(ctx->octx->output_fp, + if (ctx->nft->debug_mask & NFT_DEBUG_MNL) { + mnl_nlmsg_fprintf(ctx->nft->output.output_fp, iov[i].iov_base, iov[i].iov_len, sizeof(struct nfgenmsg)); } } - return sendmsg(mnl_socket_get_fd(ctx->nf_sock), &msg, 0); + return sendmsg(mnl_socket_get_fd(ctx->nft->nf_sock), &msg, 0); } int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list) { - struct mnl_socket *nl = ctx->nf_sock; + struct mnl_socket *nl = ctx->nft->nf_sock; int ret, fd = mnl_socket_get_fd(nl), portid = mnl_socket_get_portid(nl); char rcv_buf[MNL_SOCKET_BUFFER_SIZE]; fd_set readfds; diff --git a/src/monitor.c b/src/monitor.c index 213c40d119b4c..14ccbc5fe04ca 100644 --- a/src/monitor.c +++ b/src/monitor.c @@ -40,7 +40,7 @@ #include #include -#define nft_mon_print(monh, ...) nft_print(monh->ctx->octx, __VA_ARGS__) +#define nft_mon_print(monh, ...) nft_print(&monh->ctx->nft->output, __VA_ARGS__) static struct nftnl_table *netlink_table_alloc(const struct nlmsghdr *nlh) { @@ -214,7 +214,7 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type, nft_mon_print(monh, "%s %s", family2str(t->handle.family), t->handle.table.name); - if (monh->ctx->octx->handle > 0) + if (monh->ctx->nft->output.handle > 0) nft_mon_print(monh, " # handle %" PRIu64 "", t->handle.handle.id); break; @@ -245,7 +245,7 @@ static int netlink_events_chain_cb(const struct nlmsghdr *nlh, int type, switch (type) { case NFT_MSG_NEWCHAIN: - chain_print_plain(c, monh->ctx->octx); + chain_print_plain(c, &monh->ctx->nft->output); break; case NFT_MSG_DELCHAIN: nft_mon_print(monh, "chain %s %s %s", @@ -292,7 +292,7 @@ static int netlink_events_set_cb(const struct nlmsghdr *nlh, int type, switch (type) { case NFT_MSG_NEWSET: - set_print_plain(set, monh->ctx->octx); + set_print_plain(set, &monh->ctx->nft->output); break; case NFT_MSG_DELSET: nft_mon_print(monh, "set %s %s %s", family, @@ -386,7 +386,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY); cmd = netlink_msg2cmd(type); - set = set_lookup_global(family, table, setname, monh->cache); + set = set_lookup_global(family, table, setname, &monh->ctx->nft->cache); if (set == NULL) { fprintf(stderr, "W: Received event for an unknown set."); goto out; @@ -417,7 +417,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, goto out; } if (netlink_delinearize_setelem(nlse, dummyset, - monh->cache) < 0) { + &monh->ctx->nft->cache) < 0) { set_free(dummyset); nftnl_set_elems_iter_destroy(nlsei); goto out; @@ -435,7 +435,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, case NFTNL_OUTPUT_DEFAULT: nft_mon_print(monh, "%s element %s %s %s ", cmd, family2str(family), table, setname); - expr_print(dummyset->init, monh->ctx->octx); + expr_print(dummyset->init, &monh->ctx->nft->output); break; case NFTNL_OUTPUT_JSON: dummyset->handle.family = family; @@ -477,7 +477,7 @@ static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type, switch (type) { case NFT_MSG_NEWOBJ: - obj_print_plain(obj, monh->ctx->octx); + obj_print_plain(obj, &monh->ctx->nft->output); break; case NFT_MSG_DELOBJ: nft_mon_print(monh, "%s %s %s %s", @@ -513,7 +513,8 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, nlr = netlink_rule_alloc(nlh); r = netlink_delinearize_rule(monh->ctx, nlr); - nlr_for_each_set(nlr, rule_map_decompose_cb, NULL, monh->cache); + nlr_for_each_set(nlr, rule_map_decompose_cb, NULL, + &monh->ctx->nft->cache); cmd = netlink_msg2cmd(type); switch (monh->format) { @@ -528,7 +529,7 @@ static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, switch (type) { case NFT_MSG_NEWRULE: - rule_print(r, monh->ctx->octx); + rule_print(r, &monh->ctx->nft->output); break; case NFT_MSG_DELRULE: @@ -557,7 +558,7 @@ static void netlink_events_cache_addtable(struct netlink_mon_handler *monh, t = netlink_delinearize_table(monh->ctx, nlt); nftnl_table_free(nlt); - table_add_hash(t, monh->cache); + table_add_hash(t, &monh->ctx->nft->cache); } static void netlink_events_cache_deltable(struct netlink_mon_handler *monh, @@ -571,7 +572,7 @@ static void netlink_events_cache_deltable(struct netlink_mon_handler *monh, h.family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY); h.table.name = nftnl_table_get_str(nlt, NFTNL_TABLE_NAME); - t = table_lookup(&h, monh->cache); + t = table_lookup(&h, &monh->ctx->nft->cache); if (t == NULL) goto out; @@ -601,7 +602,7 @@ static void netlink_events_cache_addset(struct netlink_mon_handler *monh, goto out; s->init = set_expr_alloc(monh->loc, s); - t = table_lookup(&s->handle, monh->cache); + t = table_lookup(&s->handle, &monh->ctx->nft->cache); if (t == NULL) { fprintf(stderr, "W: Unable to cache set: table not found.\n"); set_free(s); @@ -628,7 +629,7 @@ static void netlink_events_cache_addsetelem(struct netlink_mon_handler *monh, table = nftnl_set_get_str(nls, NFTNL_SET_TABLE); setname = nftnl_set_get_str(nls, NFTNL_SET_NAME); - set = set_lookup_global(family, table, setname, monh->cache); + set = set_lookup_global(family, table, setname, &monh->ctx->nft->cache); if (set == NULL) { fprintf(stderr, "W: Unable to cache set_elem. Set not found.\n"); @@ -641,7 +642,8 @@ static void netlink_events_cache_addsetelem(struct netlink_mon_handler *monh, nlse = nftnl_set_elems_iter_next(nlsei); while (nlse != NULL) { - if (netlink_delinearize_setelem(nlse, set, monh->cache) < 0) { + if (netlink_delinearize_setelem(nlse, set, + &monh->ctx->nft->cache) < 0) { fprintf(stderr, "W: Unable to cache set_elem. " "Delinearize failed.\n"); @@ -668,7 +670,7 @@ static void netlink_events_cache_delsets(struct netlink_mon_handler *monh, struct nftnl_rule *nlr = netlink_rule_alloc(nlh); nlr_for_each_set(nlr, netlink_events_cache_delset_cb, NULL, - monh->cache); + &monh->ctx->nft->cache); nftnl_rule_free(nlr); } @@ -691,7 +693,7 @@ static void netlink_events_cache_addobj(struct netlink_mon_handler *monh, if (obj == NULL) goto out; - t = table_lookup(&obj->handle, monh->cache); + t = table_lookup(&obj->handle, &monh->ctx->nft->cache); if (t == NULL) { fprintf(stderr, "W: Unable to cache object: table not found.\n"); obj_free(obj); @@ -721,7 +723,7 @@ static void netlink_events_cache_delobj(struct netlink_mon_handler *monh, type = nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE); h.handle.id = nftnl_obj_get_u64(nlo, NFTNL_OBJ_HANDLE); - t = table_lookup(&h, monh->cache); + t = table_lookup(&h, &monh->ctx->nft->cache); if (t == NULL) { fprintf(stderr, "W: Unable to cache object: table not found.\n"); goto out; @@ -835,7 +837,7 @@ static int netlink_events_newgen_cb(const struct nlmsghdr *nlh, int type, nft_mon_print(monh, "# new generation %d", genid); if (pid >= 0) { nft_mon_print(monh, " by process %d", pid); - if (!monh->ctx->octx->numeric) + if (!monh->ctx->nft->output.numeric) nft_mon_print(monh, " (%s)", name); } nft_mon_print(monh, "\n"); @@ -850,7 +852,7 @@ static int netlink_events_cb(const struct nlmsghdr *nlh, void *data) uint16_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); struct netlink_mon_handler *monh = (struct netlink_mon_handler *)data; - netlink_events_debug(type, monh->debug_mask); + netlink_events_debug(type, monh->ctx->nft->debug_mask); netlink_events_cache_update(monh, nlh, type); if (!(monh->monitor_flags & (1 << type))) @@ -901,11 +903,9 @@ int netlink_echo_callback(const struct nlmsghdr *nlh, void *data) .loc = &netlink_location, .monitor_flags = 0xffffffff, .cache_needed = true, - .cache = ctx->cache, - .debug_mask = ctx->debug_mask, }; - if (!echo_monh.ctx->octx->echo) + if (!echo_monh.ctx->nft->output.echo) return MNL_CB_OK; return netlink_events_cb(nlh, &echo_monh); @@ -929,7 +929,7 @@ int netlink_monitor(struct netlink_mon_handler *monhandler, return -1; } - return mnl_nft_event_listener(nf_sock, monhandler->debug_mask, - monhandler->ctx->octx, netlink_events_cb, - monhandler); + return mnl_nft_event_listener(nf_sock, monhandler->ctx->nft->debug_mask, + &monhandler->ctx->nft->output, + netlink_events_cb, monhandler); } diff --git a/src/netlink.c b/src/netlink.c index 4fd3f2dfefced..e16eb504fdef8 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -42,7 +42,7 @@ #include #include -#define nft_mon_print(monh, ...) nft_print(monh->ctx->octx, __VA_ARGS__) +#define nft_mon_print(monh, ...) nft_print(&monh->ctx->nft->output, __VA_ARGS__) const struct input_descriptor indesc_netlink = { .name = "netlink", @@ -475,10 +475,8 @@ int netlink_replace_rule_batch(struct netlink_ctx *ctx, const struct cmd *cmd) struct nftnl_rule *nlr; int err, flags = 0; - if (ctx->octx->echo) { - err = cache_update(ctx->nf_sock, ctx->cache, - CMD_INVALID, ctx->msgs, - ctx->debug_mask, ctx->octx); + if (ctx->nft->output.echo) { + err = cache_update(ctx->nft, CMD_INVALID, ctx->msgs); if (err < 0) return err; @@ -507,9 +505,9 @@ int netlink_del_rule_batch(struct netlink_ctx *ctx, const struct cmd *cmd) void netlink_dump_rule(const struct nftnl_rule *nlr, struct netlink_ctx *ctx) { - FILE *fp = ctx->octx->output_fp; + FILE *fp = ctx->nft->output.output_fp; - if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp) + if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp) return; nftnl_rule_fprintf(fp, nlr, 0, 0); @@ -575,9 +573,9 @@ static int netlink_flush_rules(struct netlink_ctx *ctx, const struct cmd *cmd) void netlink_dump_chain(const struct nftnl_chain *nlc, struct netlink_ctx *ctx) { - FILE *fp = ctx->octx->output_fp; + FILE *fp = ctx->nft->output.output_fp; - if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp) + if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp) return; nftnl_chain_fprintf(fp, nlc, 0, 0); @@ -837,9 +835,9 @@ static const struct datatype *dtype_map_from_kernel(enum nft_data_types type) void netlink_dump_set(const struct nftnl_set *nls, struct netlink_ctx *ctx) { - FILE *fp = ctx->octx->output_fp; + FILE *fp = ctx->nft->output.output_fp; - if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp) + if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp) return; nftnl_set_fprintf(fp, nls, 0, 0); @@ -1291,7 +1289,7 @@ out: static int list_setelem_cb(struct nftnl_set_elem *nlse, void *arg) { struct netlink_ctx *ctx = arg; - return netlink_delinearize_setelem(nlse, ctx->set, ctx->cache); + return netlink_delinearize_setelem(nlse, ctx->set, &ctx->nft->cache); } int netlink_list_setelems(struct netlink_ctx *ctx, const struct handle *h, @@ -1362,9 +1360,9 @@ int netlink_get_setelem(struct netlink_ctx *ctx, const struct handle *h, void netlink_dump_obj(struct nftnl_obj *nln, struct netlink_ctx *ctx) { - FILE *fp = ctx->octx->output_fp; + FILE *fp = ctx->nft->output.output_fp; - if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp) + if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp) return; nftnl_obj_fprintf(fp, nln, 0, 0); @@ -1476,9 +1474,9 @@ static struct nftnl_flowtable *alloc_nftnl_flowtable(const struct handle *h, static void netlink_dump_flowtable(struct nftnl_flowtable *flo, struct netlink_ctx *ctx) { - FILE *fp = ctx->octx->output_fp; + FILE *fp = ctx->nft->output.output_fp; - if (!(ctx->debug_mask & NFT_DEBUG_NETLINK) || !fp) + if (!(ctx->nft->debug_mask & NFT_DEBUG_NETLINK) || !fp) return; nftnl_flowtable_fprintf(fp, flo, 0, 0); @@ -1930,16 +1928,17 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type, case NFT_TRACETYPE_RULE: if (nftnl_trace_is_set(nlt, NFTNL_TRACE_LL_HEADER) || nftnl_trace_is_set(nlt, NFTNL_TRACE_NETWORK_HEADER)) - trace_print_packet(nlt, monh->ctx->octx); + trace_print_packet(nlt, &monh->ctx->nft->output); if (nftnl_trace_is_set(nlt, NFTNL_TRACE_RULE_HANDLE)) - trace_print_rule(nlt, monh->ctx->octx, monh->cache); + trace_print_rule(nlt, &monh->ctx->nft->output, + &monh->ctx->nft->cache); break; case NFT_TRACETYPE_POLICY: - trace_print_hdr(nlt, monh->ctx->octx); + trace_print_hdr(nlt, &monh->ctx->nft->output); if (nftnl_trace_is_set(nlt, NFTNL_TRACE_POLICY)) { - trace_print_policy(nlt, monh->ctx->octx); + trace_print_policy(nlt, &monh->ctx->nft->output); nft_mon_print(monh, " "); } @@ -1947,14 +1946,14 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type, trace_print_expr(nlt, NFTNL_TRACE_MARK, meta_expr_alloc(&netlink_location, NFT_META_MARK), - monh->ctx->octx); + &monh->ctx->nft->output); nft_mon_print(monh, "\n"); break; case NFT_TRACETYPE_RETURN: - trace_print_hdr(nlt, monh->ctx->octx); + trace_print_hdr(nlt, &monh->ctx->nft->output); if (nftnl_trace_is_set(nlt, NFTNL_TRACE_VERDICT)) { - trace_print_verdict(nlt, monh->ctx->octx); + trace_print_verdict(nlt, &monh->ctx->nft->output); nft_mon_print(monh, " "); } @@ -1962,7 +1961,7 @@ int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type, trace_print_expr(nlt, NFTNL_TRACE_MARK, meta_expr_alloc(&netlink_location, NFT_META_MARK), - monh->ctx->octx); + &monh->ctx->nft->output); nft_mon_print(monh, "\n"); break; } diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index ae84512c56f3a..bf990e9e979d5 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -2508,7 +2508,7 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx, memset(&_ctx, 0, sizeof(_ctx)); _ctx.msgs = ctx->msgs; - _ctx.debug_mask = ctx->debug_mask; + _ctx.debug_mask = ctx->nft->debug_mask; memset(&h, 0, sizeof(h)); h.family = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY); @@ -2520,7 +2520,7 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx, h.position.id = nftnl_rule_get_u64(nlr, NFTNL_RULE_POSITION); pctx->rule = rule_alloc(&netlink_location, &h); - pctx->table = table_lookup(&h, ctx->cache); + pctx->table = table_lookup(&h, &ctx->nft->cache); assert(pctx->table != NULL); if (nftnl_rule_is_set(nlr, NFTNL_RULE_USERDATA)) { diff --git a/src/rule.c b/src/rule.c index 3b5468d00e79c..6acfa3ac1695c 100644 --- a/src/rule.c +++ b/src/rule.c @@ -86,7 +86,7 @@ static int cache_init_objects(struct netlink_ctx *ctx, enum cmd_ops cmd) struct set *set; int ret; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { ret = netlink_list_sets(ctx, &table->handle); list_splice_tail_init(&ctx->list, &table->sets); @@ -141,7 +141,7 @@ static int cache_init(struct netlink_ctx *ctx, enum cmd_ops cmd) }; int ret; - ret = cache_init_tables(ctx, &handle, ctx->cache); + ret = cache_init_tables(ctx, &handle, &ctx->nft->cache); if (ret < 0) return ret; ret = cache_init_objects(ctx, cmd); @@ -151,20 +151,18 @@ static int cache_init(struct netlink_ctx *ctx, enum cmd_ops cmd) return 0; } -int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache, - enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_mask, - struct output_ctx *octx) +int cache_update(struct nft_ctx *nft, enum cmd_ops cmd, struct list_head *msgs) { uint16_t genid; int ret; struct netlink_ctx ctx = { .list = LIST_HEAD_INIT(ctx.list), - .nf_sock = nf_sock, - .cache = cache, + .nft = nft, .msgs = msgs, - .debug_mask = debug_mask, - .octx = octx, + .nft = nft, }; + struct mnl_socket *nf_sock = nft->nf_sock; + struct nft_cache *cache = &nft->cache; replay: ctx.seqnum = cache->seqnum++; @@ -197,18 +195,14 @@ static void __cache_flush(struct list_head *table_list) } } -void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache, - enum cmd_ops cmd, struct list_head *msgs, - unsigned int debug_mask, struct output_ctx *octx) +void cache_flush(struct nft_ctx *nft, enum cmd_ops cmd, struct list_head *msgs) { struct netlink_ctx ctx = { .list = LIST_HEAD_INIT(ctx.list), - .nf_sock = nf_sock, - .cache = cache, + .nft = nft, .msgs = msgs, - .debug_mask = debug_mask, - .octx = octx, }; + struct nft_cache *cache = &nft->cache; __cache_flush(&cache->list); cache->genid = netlink_genid_get(&ctx); @@ -1121,12 +1115,12 @@ static int do_add_setelems(struct netlink_ctx *ctx, struct cmd *cmd, struct table *table; struct set *set; - table = table_lookup(h, ctx->cache); + table = table_lookup(h, &ctx->nft->cache); set = set_lookup(table, h->set.name); if (set->flags & NFT_SET_INTERVAL && set_to_intervals(ctx->msgs, set, init, true, - ctx->debug_mask, set->automerge) < 0) + ctx->nft->debug_mask, set->automerge) < 0) return -1; return __do_add_setelems(ctx, h, set, init, flags); @@ -1140,7 +1134,7 @@ static int do_add_set(struct netlink_ctx *ctx, const struct cmd *cmd, if (set->init != NULL) { if (set->flags & NFT_SET_INTERVAL && set_to_intervals(ctx->msgs, set, set->init, true, - ctx->debug_mask, set->automerge) < 0) + ctx->nft->debug_mask, set->automerge) < 0) return -1; } if (netlink_add_set_batch(ctx, cmd, flags) < 0) @@ -1156,11 +1150,10 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl) { uint32_t flags = excl ? NLM_F_EXCL : 0; - if (ctx->octx->echo) { + if (ctx->nft->output.echo) { int ret; - ret = cache_update(ctx->nf_sock, ctx->cache, cmd->obj, - ctx->msgs, ctx->debug_mask, ctx->octx); + ret = cache_update(ctx->nft, cmd->obj, ctx->msgs); if (ret < 0) return ret; @@ -1206,11 +1199,10 @@ static int do_command_insert(struct netlink_ctx *ctx, struct cmd *cmd) { uint32_t flags = 0; - if (ctx->octx->echo) { + if (ctx->nft->output.echo) { int ret; - ret = cache_update(ctx->nf_sock, ctx->cache, cmd->obj, - ctx->msgs, ctx->debug_mask, ctx->octx); + ret = cache_update(ctx->nft, cmd->obj, ctx->msgs); if (ret < 0) return ret; @@ -1233,12 +1225,12 @@ static int do_delete_setelems(struct netlink_ctx *ctx, struct cmd *cmd) struct table *table; struct set *set; - table = table_lookup(h, ctx->cache); + table = table_lookup(h, &ctx->nft->cache); set = set_lookup(table, h->set.name); if (set->flags & NFT_SET_INTERVAL && set_to_intervals(ctx->msgs, set, expr, false, - ctx->debug_mask, set->automerge) < 0) + ctx->nft->debug_mask, set->automerge) < 0) return -1; if (netlink_delete_setelems_batch(ctx, cmd) < 0) @@ -1278,7 +1270,7 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd) static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd) { struct nftnl_ruleset *rs; - FILE *fp = ctx->octx->output_fp; + FILE *fp = ctx->nft->output.output_fp; do { rs = netlink_dump_ruleset(ctx, &cmd->handle, &cmd->location); @@ -1288,7 +1280,7 @@ static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd) nftnl_ruleset_fprintf(fp, rs, cmd->markup->format, NFTNL_OF_EVENT_NEW); - nft_print(ctx->octx, "\n"); + nft_print(&ctx->nft->output, "\n"); nftnl_ruleset_free(rs); return 0; @@ -1319,7 +1311,7 @@ static int do_command_import(struct netlink_ctx *ctx, struct cmd *cmd) static int do_list_table(struct netlink_ctx *ctx, struct cmd *cmd, struct table *table) { - table_print(table, ctx->octx); + table_print(table, &ctx->nft->output); return 0; } @@ -1333,12 +1325,12 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd) struct table *table; struct set *set; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { if (cmd->handle.family != NFPROTO_UNSPEC && cmd->handle.family != table->handle.family) continue; - nft_print(ctx->octx, "table %s %s {\n", + nft_print(&ctx->nft->output, "table %s %s {\n", family2str(table->handle.family), table->handle.table.name); @@ -1353,11 +1345,11 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd) if (cmd->obj == CMD_OBJ_MAPS && !(set->flags & NFT_SET_MAP)) continue; - set_print_declaration(set, &opts, ctx->octx); - nft_print(ctx->octx, "%s}%s", opts.tab, opts.nl); + set_print_declaration(set, &opts, &ctx->nft->output); + nft_print(&ctx->nft->output, "%s}%s", opts.tab, opts.nl); } - nft_print(ctx->octx, "}\n"); + nft_print(&ctx->nft->output, "}\n"); } return 0; } @@ -1588,14 +1580,14 @@ static int do_list_obj(struct netlink_ctx *ctx, struct cmd *cmd, uint32_t type) struct table *table; struct obj *obj; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { if (cmd->handle.family != NFPROTO_UNSPEC && cmd->handle.family != table->handle.family) continue; if (cmd->handle.table.name != NULL && !strcmp(cmd->handle.table.name, table->handle.table.name)) { - nft_print(ctx->octx, "table %s %s {\n", + nft_print(&ctx->nft->output, "table %s %s {\n", family2str(table->handle.family), cmd->handle.table.name); } else @@ -1607,10 +1599,10 @@ static int do_list_obj(struct netlink_ctx *ctx, struct cmd *cmd, uint32_t type) strcmp(cmd->handle.obj.name, obj->handle.obj.name))) continue; - obj_print_declaration(obj, &opts, ctx->octx); + obj_print_declaration(obj, &opts, &ctx->nft->output); } - nft_print(ctx->octx, "}\n"); + nft_print(&ctx->nft->output, "}\n"); } return 0; } @@ -1705,21 +1697,21 @@ static int do_list_flowtables(struct netlink_ctx *ctx, struct cmd *cmd) struct flowtable *flowtable; struct table *table; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { if (cmd->handle.family != NFPROTO_UNSPEC && cmd->handle.family != table->handle.family) continue; - nft_print(ctx->octx, "table %s %s {\n", + nft_print(&ctx->nft->output, "table %s %s {\n", family2str(table->handle.family), table->handle.table.name); list_for_each_entry(flowtable, &table->flowtables, list) { - flowtable_print_declaration(flowtable, &opts, ctx->octx); - nft_print(ctx->octx, "%s}%s", opts.tab, opts.nl); + flowtable_print_declaration(flowtable, &opts, &ctx->nft->output); + nft_print(&ctx->nft->output, "%s}%s", opts.tab, opts.nl); } - nft_print(ctx->octx, "}\n"); + nft_print(&ctx->nft->output, "}\n"); } return 0; } @@ -1729,7 +1721,7 @@ static int do_list_ruleset(struct netlink_ctx *ctx, struct cmd *cmd) unsigned int family = cmd->handle.family; struct table *table; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { if (family != NFPROTO_UNSPEC && table->handle.family != family) continue; @@ -1750,12 +1742,12 @@ static int do_list_tables(struct netlink_ctx *ctx, struct cmd *cmd) { struct table *table; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { if (cmd->handle.family != NFPROTO_UNSPEC && cmd->handle.family != table->handle.family) continue; - nft_print(ctx->octx, "table %s %s\n", + nft_print(&ctx->nft->output, "table %s %s\n", family2str(table->handle.family), table->handle.table.name); } @@ -1776,17 +1768,17 @@ static int do_list_chain(struct netlink_ctx *ctx, struct cmd *cmd, { struct chain *chain; - table_print_declaration(table, ctx->octx); + table_print_declaration(table, &ctx->nft->output); list_for_each_entry(chain, &table->chains, list) { if (chain->handle.family != cmd->handle.family || strcmp(cmd->handle.chain.name, chain->handle.chain.name) != 0) continue; - chain_print(chain, ctx->octx); + chain_print(chain, &ctx->nft->output); } - nft_print(ctx->octx, "}\n"); + nft_print(&ctx->nft->output, "}\n"); return 0; } @@ -1796,18 +1788,18 @@ static int do_list_chains(struct netlink_ctx *ctx, struct cmd *cmd) struct table *table; struct chain *chain; - list_for_each_entry(table, &ctx->cache->list, list) { + list_for_each_entry(table, &ctx->nft->cache.list, list) { if (cmd->handle.family != NFPROTO_UNSPEC && cmd->handle.family != table->handle.family) continue; - table_print_declaration(table, ctx->octx); + table_print_declaration(table, &ctx->nft->output); list_for_each_entry(chain, &table->chains, list) { - chain_print_declaration(chain, ctx->octx); - nft_print(ctx->octx, "\t}\n"); + chain_print_declaration(chain, &ctx->nft->output); + nft_print(&ctx->nft->output, "\t}\n"); } - nft_print(ctx->octx, "}\n"); + nft_print(&ctx->nft->output, "}\n"); } return 0; @@ -1816,9 +1808,9 @@ static int do_list_chains(struct netlink_ctx *ctx, struct cmd *cmd) static void __do_list_set(struct netlink_ctx *ctx, struct cmd *cmd, struct table *table, struct set *set) { - table_print_declaration(table, ctx->octx); - set_print(set, ctx->octx); - nft_print(ctx->octx, "}\n"); + table_print_declaration(table, &ctx->nft->output); + set_print(set, &ctx->nft->output); + nft_print(&ctx->nft->output, "}\n"); } static int do_list_set(struct netlink_ctx *ctx, struct cmd *cmd, @@ -1839,11 +1831,11 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd) { struct table *table = NULL; - if (ctx->octx->json) + if (ctx->nft->output.json) return do_command_list_json(ctx, cmd); if (cmd->handle.table.name != NULL) - table = table_lookup(&cmd->handle, ctx->cache); + table = table_lookup(&cmd->handle, &ctx->nft->cache); switch (cmd->obj) { case CMD_OBJ_TABLE: @@ -1925,7 +1917,7 @@ static int do_command_get(struct netlink_ctx *ctx, struct cmd *cmd) struct table *table = NULL; if (cmd->handle.table.name != NULL) - table = table_lookup(&cmd->handle, ctx->cache); + table = table_lookup(&cmd->handle, &ctx->nft->cache); switch (cmd->obj) { case CMD_OBJ_SETELEM: @@ -1964,7 +1956,7 @@ static int do_command_reset(struct netlink_ctx *ctx, struct cmd *cmd) ret = netlink_reset_objs(ctx, cmd, type, dump); list_for_each_entry_safe(obj, next, &ctx->list, list) { - table = table_lookup(&obj->handle, ctx->cache); + table = table_lookup(&obj->handle, &ctx->nft->cache); list_move(&obj->list, &table->objs); } if (ret < 0) @@ -1994,7 +1986,7 @@ static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd) static int do_command_rename(struct netlink_ctx *ctx, struct cmd *cmd) { - struct table *table = table_lookup(&cmd->handle, ctx->cache); + struct table *table = table_lookup(&cmd->handle, &ctx->nft->cache); struct chain *chain; switch (cmd->obj) { @@ -2034,8 +2026,8 @@ static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd) .format = cmd->monitor->format, .ctx = ctx, .loc = &cmd->location, - .cache = ctx->cache, - .debug_mask = ctx->debug_mask, + .cache = &ctx->nft->cache, + .debug_mask = ctx->nft->debug_mask, }; monhandler.cache_needed = need_cache(cmd); @@ -2044,7 +2036,7 @@ static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd) struct chain *chain; int ret; - list_for_each_entry(t, &ctx->cache->list, list) { + list_for_each_entry(t, &ctx->nft->cache.list, list) { list_for_each_entry(s, &t->sets, list) s->init = set_expr_alloc(&cmd->location, s); @@ -2070,7 +2062,7 @@ static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd) } } - return netlink_monitor(&monhandler, ctx->nf_sock); + return netlink_monitor(&monhandler, ctx->nft->nf_sock); } static int do_command_describe(struct netlink_ctx *ctx, struct cmd *cmd, @@ -2129,7 +2121,7 @@ int do_command(struct netlink_ctx *ctx, struct cmd *cmd) case CMD_MONITOR: return do_command_monitor(ctx, cmd); case CMD_DESCRIBE: - return do_command_describe(ctx, cmd, ctx->octx); + return do_command_describe(ctx, cmd, &ctx->nft->output); default: BUG("invalid command object type %u\n", cmd->obj); } -- 2.21.0