Message ID | 20170903220356.20178-2-eric@regit.org |
---|---|
State | Changes Requested |
Delegated to: | Pablo Neira |
Headers | show |
Series | libnftables preparation work | expand |
On Mon, Sep 04, 2017 at 12:03:55AM +0200, Eric Leblond wrote: > By adding flags to nft_ctx_new, we will have a minimum capabilities > of changing the way the nft_ctx is created. > > For now, this patch uses a simple value that allow the user to specify > that he will handle netlink by himself. > > Signed-off-by: Eric Leblond <eric@regit.org> > --- > include/nftables.h | 4 ++++ > src/main.c | 20 +++++++++++--------- > 2 files changed, 15 insertions(+), 9 deletions(-) > > diff --git a/include/nftables.h b/include/nftables.h > index 5035567..7c4e93f 100644 > --- a/include/nftables.h > +++ b/include/nftables.h > @@ -49,8 +49,12 @@ struct nft_ctx { > struct output_ctx output; > bool check; > struct nft_cache cache; > + uint32_t flags; > }; > > +#define NFT_CTX_CUSTOM_NETLINK (1<<0) > +#define NFT_CTX_DEFAULT 0 Better than flag, let's make this a type, ie. NFT_CTX_NETLINK is just 1. OK? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Sep 04, 2017 at 12:33:09AM +0200, Pablo Neira Ayuso wrote: > On Mon, Sep 04, 2017 at 12:03:55AM +0200, Eric Leblond wrote: > > By adding flags to nft_ctx_new, we will have a minimum capabilities > > of changing the way the nft_ctx is created. > > > > For now, this patch uses a simple value that allow the user to specify > > that he will handle netlink by himself. > > > > Signed-off-by: Eric Leblond <eric@regit.org> > > --- > > include/nftables.h | 4 ++++ > > src/main.c | 20 +++++++++++--------- > > 2 files changed, 15 insertions(+), 9 deletions(-) > > > > diff --git a/include/nftables.h b/include/nftables.h > > index 5035567..7c4e93f 100644 > > --- a/include/nftables.h > > +++ b/include/nftables.h > > @@ -49,8 +49,12 @@ struct nft_ctx { > > struct output_ctx output; > > bool check; > > struct nft_cache cache; > > + uint32_t flags; > > }; > > > > +#define NFT_CTX_CUSTOM_NETLINK (1<<0) > > +#define NFT_CTX_DEFAULT 0 > > Better than flag, let's make this a type, ie. NFT_CTX_NETLINK is just 1. > > OK? Actually, we keep this back, I mean, we just have NFT_CTX_DEFAULT, so we don't introduce NFT_CTX_NETLINK until we have the advanced API in place. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi, On Mon, 2017-09-04 at 00:45 +0200, Pablo Neira Ayuso wrote: > On Mon, Sep 04, 2017 at 12:33:09AM +0200, Pablo Neira Ayuso wrote: > > On Mon, Sep 04, 2017 at 12:03:55AM +0200, Eric Leblond wrote: > > > By adding flags to nft_ctx_new, we will have a minimum > > > capabilities > > > of changing the way the nft_ctx is created. > > > > > > For now, this patch uses a simple value that allow the user to > > > specify > > > that he will handle netlink by himself. > > > > > > Signed-off-by: Eric Leblond <eric@regit.org> > > > --- > > > include/nftables.h | 4 ++++ > > > src/main.c | 20 +++++++++++--------- > > > 2 files changed, 15 insertions(+), 9 deletions(-) > > > > > > diff --git a/include/nftables.h b/include/nftables.h > > > index 5035567..7c4e93f 100644 > > > --- a/include/nftables.h > > > +++ b/include/nftables.h > > > @@ -49,8 +49,12 @@ struct nft_ctx { > > > struct output_ctx output; > > > bool check; > > > struct nft_cache cache; > > > + uint32_t flags; > > > }; > > > > > > +#define NFT_CTX_CUSTOM_NETLINK (1<<0) > > > +#define NFT_CTX_DEFAULT 0 > > > > Better than flag, let's make this a type, ie. NFT_CTX_NETLINK is > > just 1. > > > > OK? > > Actually, we keep this back, I mean, we just have NFT_CTX_DEFAULT, so > we don't introduce NFT_CTX_NETLINK until we have the advanced API in > place. Yes, make sense, it was a bit artificial. I will cook updated patch today. BR,
diff --git a/include/nftables.h b/include/nftables.h index 5035567..7c4e93f 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -49,8 +49,12 @@ struct nft_ctx { struct output_ctx output; bool check; struct nft_cache cache; + uint32_t flags; }; +#define NFT_CTX_CUSTOM_NETLINK (1<<0) +#define NFT_CTX_DEFAULT 0 + enum nftables_exit_codes { NFT_EXIT_SUCCESS = 0, NFT_EXIT_FAILURE = 1, diff --git a/src/main.c b/src/main.c index fce9bfe..94f8a47 100644 --- a/src/main.c +++ b/src/main.c @@ -281,7 +281,12 @@ static void nft_exit(void) mark_table_exit(); } -static struct nft_ctx *nft_ctx_new(void) +static void nft_ctx_netlink_init(struct nft_ctx *ctx) +{ + ctx->nf_sock = netlink_open_sock(); +} + +static struct nft_ctx *nft_ctx_new(uint32_t flags) { struct nft_ctx *ctx; @@ -292,6 +297,10 @@ static struct nft_ctx *nft_ctx_new(void) ctx->num_include_paths = 1; ctx->parser_max_errors = 10; init_list_head(&ctx->cache.list); + ctx->flags = flags; + + if (! (flags & NFT_CTX_CUSTOM_NETLINK)) + nft_ctx_netlink_init(ctx); return ctx; } @@ -307,11 +316,6 @@ static void nft_ctx_free(const struct nft_ctx *ctx) nft_exit(); } -static void nft_ctx_netlink_init(struct nft_ctx *ctx) -{ - ctx->nf_sock = netlink_open_sock(); -} - static int nft_run_cmd_from_buffer(struct nft_ctx *nft, char *buf, size_t buflen) { @@ -367,9 +371,7 @@ int main(int argc, char * const *argv) struct parser_state state; int i, val, rc; - nft = nft_ctx_new(); - - nft_ctx_netlink_init(nft); + nft = nft_ctx_new(NFT_CTX_DEFAULT); while (1) { val = getopt_long(argc, argv, OPTSTRING, options, NULL);
By adding flags to nft_ctx_new, we will have a minimum capabilities of changing the way the nft_ctx is created. For now, this patch uses a simple value that allow the user to specify that he will handle netlink by himself. Signed-off-by: Eric Leblond <eric@regit.org> --- include/nftables.h | 4 ++++ src/main.c | 20 +++++++++++--------- 2 files changed, 15 insertions(+), 9 deletions(-)