[iptables,v3,01/12] nft: family_ops: Pass nft_handle to 'add' callback

Message ID	20191030172701.5892-2-phil@nwl.cc
State	Superseded
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Phil Sutter <phil@nwl.cc> To: Pablo Neira Ayuso <pablo@netfilter.org> Cc: netfilter-devel@vger.kernel.org Subject: [iptables PATCH v3 01/12] nft: family_ops: Pass nft_handle to 'add' callback Date: Wed, 30 Oct 2019 18:26:50 +0100 Message-Id: <20191030172701.5892-2-phil@nwl.cc> In-Reply-To: <20191030172701.5892-1-phil@nwl.cc> References: <20191030172701.5892-1-phil@nwl.cc> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	Implement among match support \| expand [iptables,v3,00/12] Implement among match support [iptables,v3,01/12] nft: family_ops: Pass nft_handle to 'add' callback [iptables,v3,02/12] nft: family_ops: Pass nft_handle to 'rule_find' callback [iptables,v3,03/12] nft: family_ops: Pass nft_handle to 'print_rule' callback [iptables,v3,04/12] nft: family_ops: Pass nft_handle to 'rule_to_cs' callback [iptables,v3,05/12] nft: Keep nft_handle pointer in nft_xt_ctx [iptables,v3,06/12] nft: Eliminate pointless calls to nft_family_ops_lookup() [iptables,v3,07/12] nft: Introduce NFT_CL_SETS cache level [iptables,v3,08/12] nft: Support NFT_COMPAT_SET_ADD [iptables,v3,09/12] nft: Bore up nft_parse_payload() [iptables,v3,10/12] nft: Embed rule's table name in nft_xt_ctx [iptables,v3,11/12] nft: Support parsing lookup expression [iptables,v3,12/12] nft: bridge: Rudimental among extension support

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index 7068f82c5495a..de7743392afa1 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -126,7 +126,7 @@ static bool need_devaddr(struct arpt_devaddr_info *info) return false; } -static int nft_arp_add(struct nftnl_rule *r, void *data) +static int nft_arp_add(struct nft_handle *h, struct nftnl_rule *r, void *data) { struct iptables_command_state *cs = data; struct arpt_entry *fw = &cs->arp; diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index 2e4b309b86135..0fc21b3a3c0d6 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -126,7 +126,8 @@ static int _add_action(struct nftnl_rule *r, struct iptables_command_state *cs) return add_action(r, cs, false); } -static int nft_bridge_add(struct nftnl_rule *r, void *data) +static int nft_bridge_add(struct nft_handle *h, + struct nftnl_rule *r, void *data) { struct iptables_command_state *cs = data; struct ebt_match *iter; @@ -182,7 +183,7 @@ static int nft_bridge_add(struct nftnl_rule *r, void *data) for (iter = cs->match_list; iter; iter = iter->next) { if (iter->ismatch) { - if (add_match(r, iter->u.match->m)) + if (add_match(h, r, iter->u.match->m)) break; } else { if (add_target(r, iter->u.watcher->t)) diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index 4497eb9b9347c..57d1b3c6d2d0c 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -26,7 +26,7 @@ #include "nft.h" #include "nft-shared.h" -static int nft_ipv4_add(struct nftnl_rule *r, void *data) +static int nft_ipv4_add(struct nft_handle *h, struct nftnl_rule *r, void *data) { struct iptables_command_state *cs = data; struct xtables_rule_match *matchp; @@ -77,7 +77,7 @@ static int nft_ipv4_add(struct nftnl_rule *r, void *data) add_compat(r, cs->fw.ip.proto, cs->fw.ip.invflags & XT_INV_PROTO); for (matchp = cs->matches; matchp; matchp = matchp->next) { - ret = add_match(r, matchp->match->m); + ret = add_match(h, r, matchp->match->m); if (ret < 0) return ret; } diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index cacb1c9e141f2..0e2c4a2946e25 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -25,7 +25,7 @@ #include "nft.h" #include "nft-shared.h" -static int nft_ipv6_add(struct nftnl_rule *r, void *data) +static int nft_ipv6_add(struct nft_handle *h, struct nftnl_rule *r, void *data) { struct iptables_command_state *cs = data; struct xtables_rule_match *matchp; @@ -66,7 +66,7 @@ static int nft_ipv6_add(struct nftnl_rule *r, void *data) add_compat(r, cs->fw6.ipv6.proto, cs->fw6.ipv6.invflags & XT_INV_PROTO); for (matchp = cs->matches; matchp; matchp = matchp->next) { - ret = add_match(r, matchp->match->m); + ret = add_match(h, r, matchp->match->m); if (ret < 0) return ret; } diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index e236a981119ac..b4a62619c09b6 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -35,6 +35,7 @@ #define FMT(tab,notab) ((format) & FMT_NOTABLE ? (notab) : (tab)) struct xtables_args; +struct nft_handle; struct xt_xlate; enum { @@ -69,7 +70,7 @@ struct nft_xt_ctx { }; struct nft_family_ops { - int (*add)(struct nftnl_rule *r, void *data); + int (*add)(struct nft_handle *h, struct nftnl_rule *r, void *data); bool (*is_same)(const void *data_a, const void *data_b); void (*print_payload)(struct nftnl_expr *e, @@ -163,7 +164,6 @@ void save_matches_and_target(const struct iptables_command_state *cs, struct nft_family_ops *nft_family_ops_lookup(int family); -struct nft_handle; void nft_ipv46_parse_target(struct xtables_target *t, void *data); bool nft_ipv46_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r, void *data); diff --git a/iptables/nft.c b/iptables/nft.c index 3c230c121f8b9..bb0f9dfcd558f 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -930,7 +930,8 @@ static int add_nft_limit(struct nftnl_rule *r, struct xt_entry_match *m) return 0; } -int add_match(struct nftnl_rule *r, struct xt_entry_match *m) +int add_match(struct nft_handle *h, + struct nftnl_rule *r, struct xt_entry_match *m) { struct nftnl_expr *expr; int ret; @@ -1152,7 +1153,7 @@ nft_rule_new(struct nft_handle *h, const char *chain, const char *table, nftnl_rule_set_str(r, NFTNL_RULE_TABLE, table); nftnl_rule_set_str(r, NFTNL_RULE_CHAIN, chain); - if (h->ops->add(r, data) < 0) + if (h->ops->add(h, r, data) < 0) goto err; return r; diff --git a/iptables/nft.h b/iptables/nft.h index 4b8b3033a56c0..94dc72d88b7db 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -135,7 +135,7 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain, const char * */ int add_counters(struct nftnl_rule *r, uint64_t packets, uint64_t bytes); int add_verdict(struct nftnl_rule *r, int verdict); -int add_match(struct nftnl_rule *r, struct xt_entry_match *m); +int add_match(struct nft_handle *h, struct nftnl_rule *r, struct xt_entry_match *m); int add_target(struct nftnl_rule *r, struct xt_entry_target *t); int add_jumpto(struct nftnl_rule *r, const char *name, int verdict); int add_action(struct nftnl_rule *r, struct iptables_command_state *cs, bool goto_set);

[iptables,v3,01/12] nft: family_ops: Pass nft_handle to 'add' callback

Commit Message

Comments

Patch