pass rule type to the private arg of mnl_cb_run() callback
should fix #481
This commit is contained in:
Thomas Bernard
BERNARD Thomas
parent
a3522723ae
commit
3a17dea056
|
|
@ -494,6 +494,12 @@ rule_expr_cb(struct nftnl_expr *e, rule_t *r)
|
||||||
return MNL_CB_OK;
|
return MNL_CB_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
struct table_cb_data {
|
||||||
|
const char * table;
|
||||||
|
const char * chain;
|
||||||
|
enum rule_type type;
|
||||||
|
};
|
||||||
|
|
||||||
/* callback.
|
/* callback.
|
||||||
* return values :
|
* return values :
|
||||||
* MNL_CB_ERROR : an error has occurred. Stop callback runqueue.
|
* MNL_CB_ERROR : an error has occurred. Stop callback runqueue.
|
||||||
|
|
@ -506,8 +512,9 @@ table_cb(const struct nlmsghdr *nlh, void *data)
|
||||||
int result = MNL_CB_OK;
|
int result = MNL_CB_OK;
|
||||||
struct nftnl_rule *rule;
|
struct nftnl_rule *rule;
|
||||||
struct nftnl_expr_iter *itr;
|
struct nftnl_expr_iter *itr;
|
||||||
UNUSED(data);
|
#define CB_DATA(field) ((struct table_cb_data *)data)->field
|
||||||
|
|
||||||
|
syslog(LOG_DEBUG, "table_cb(%p, %p) %s %s %d", nlh, data, CB_DATA(table), CB_DATA(chain), CB_DATA(type));
|
||||||
rule = nftnl_rule_alloc();
|
rule = nftnl_rule_alloc();
|
||||||
if (rule == NULL) {
|
if (rule == NULL) {
|
||||||
log_error("nftnl_rule_alloc() FAILED");
|
log_error("nftnl_rule_alloc() FAILED");
|
||||||
|
|
@ -554,13 +561,7 @@ table_cb(const struct nlmsghdr *nlh, void *data)
|
||||||
r->handle = *(uint32_t *) nftnl_rule_get_data(rule,
|
r->handle = *(uint32_t *) nftnl_rule_get_data(rule,
|
||||||
NFTNL_RULE_HANDLE,
|
NFTNL_RULE_HANDLE,
|
||||||
&len);
|
&len);
|
||||||
r->type = RULE_NONE;
|
r->type = CB_DATA(type);
|
||||||
if (strcmp(chain, nft_prerouting_chain) == 0 ||
|
|
||||||
strcmp(chain, nft_postrouting_chain) == 0) {
|
|
||||||
r->type = RULE_NAT;
|
|
||||||
} else if (strcmp(chain, nft_forward_chain) == 0) {
|
|
||||||
r->type = RULE_FILTER;
|
|
||||||
}
|
|
||||||
|
|
||||||
itr = nftnl_expr_iter_create(rule);
|
itr = nftnl_expr_iter_create(rule);
|
||||||
if (itr == NULL) {
|
if (itr == NULL) {
|
||||||
|
|
@ -611,12 +612,13 @@ table_cb(const struct nlmsghdr *nlh, void *data)
|
||||||
nftnl_rule_free(rule);
|
nftnl_rule_free(rule);
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
#undef CB_DATA
|
||||||
|
|
||||||
int
|
int
|
||||||
refresh_nft_cache_filter(void)
|
refresh_nft_cache_filter(void)
|
||||||
{
|
{
|
||||||
if (rule_list_filter_validate != RULE_CACHE_VALID) {
|
if (rule_list_filter_validate != RULE_CACHE_VALID) {
|
||||||
if (refresh_nft_cache(&head_filter, nft_table, nft_forward_chain, NFPROTO_INET) < 0)
|
if (refresh_nft_cache(&head_filter, nft_table, nft_forward_chain, NFPROTO_INET, RULE_FILTER) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
rule_list_filter_validate = RULE_CACHE_VALID;
|
rule_list_filter_validate = RULE_CACHE_VALID;
|
||||||
}
|
}
|
||||||
|
|
@ -627,7 +629,7 @@ int
|
||||||
refresh_nft_cache_peer(void)
|
refresh_nft_cache_peer(void)
|
||||||
{
|
{
|
||||||
if (rule_list_peer_validate != RULE_CACHE_VALID) {
|
if (rule_list_peer_validate != RULE_CACHE_VALID) {
|
||||||
if (refresh_nft_cache(&head_peer, nft_table, nft_postrouting_chain, NFPROTO_IPV4) < 0)
|
if (refresh_nft_cache(&head_peer, nft_table, nft_postrouting_chain, NFPROTO_IPV4, RULE_NAT) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
rule_list_peer_validate = RULE_CACHE_VALID;
|
rule_list_peer_validate = RULE_CACHE_VALID;
|
||||||
}
|
}
|
||||||
|
|
@ -638,7 +640,7 @@ int
|
||||||
refresh_nft_cache_redirect(void)
|
refresh_nft_cache_redirect(void)
|
||||||
{
|
{
|
||||||
if (rule_list_redirect_validate != RULE_CACHE_VALID) {
|
if (rule_list_redirect_validate != RULE_CACHE_VALID) {
|
||||||
if (refresh_nft_cache(&head_redirect, nft_table, nft_prerouting_chain, NFPROTO_IPV4) < 0)
|
if (refresh_nft_cache(&head_redirect, nft_table, nft_prerouting_chain, NFPROTO_IPV4, RULE_NAT) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
rule_list_redirect_validate = RULE_CACHE_VALID;
|
rule_list_redirect_validate = RULE_CACHE_VALID;
|
||||||
}
|
}
|
||||||
|
|
@ -672,11 +674,11 @@ flush_nft_cache(struct rule_list *head)
|
||||||
* return -1 in case of error, 0 if OK
|
* return -1 in case of error, 0 if OK
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
refresh_nft_cache(struct rule_list *head, const char *table, const char *chain, uint32_t family)
|
refresh_nft_cache(struct rule_list *head, const char *table, const char *chain, uint32_t family, enum rule_type type)
|
||||||
{
|
{
|
||||||
char buf[MNL_SOCKET_BUFFER_SIZE];
|
char buf[MNL_SOCKET_BUFFER_SIZE];
|
||||||
struct nlmsghdr *nlh;
|
struct nlmsghdr *nlh;
|
||||||
uint32_t type = NFTNL_OUTPUT_DEFAULT;
|
struct table_cb_data data;
|
||||||
struct nftnl_rule *rule;
|
struct nftnl_rule *rule;
|
||||||
int ret;
|
int ret;
|
||||||
ssize_t n;
|
ssize_t n;
|
||||||
|
|
@ -706,6 +708,9 @@ refresh_nft_cache(struct rule_list *head, const char *table, const char *chain,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
data.table = table;
|
||||||
|
data.chain = chain;
|
||||||
|
data.type = type;
|
||||||
do {
|
do {
|
||||||
n = mnl_socket_recvfrom(mnl_sock, buf, sizeof(buf));
|
n = mnl_socket_recvfrom(mnl_sock, buf, sizeof(buf));
|
||||||
if (n < 0) {
|
if (n < 0) {
|
||||||
|
|
@ -715,7 +720,7 @@ refresh_nft_cache(struct rule_list *head, const char *table, const char *chain,
|
||||||
} else if (n == 0) {
|
} else if (n == 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
ret = mnl_cb_run(buf, n, mnl_seq, mnl_portid, table_cb, &type);
|
ret = mnl_cb_run(buf, n, mnl_seq, mnl_portid, table_cb, &data);
|
||||||
if (ret <= -1 /*== MNL_CB_ERROR*/) {
|
if (ret <= -1 /*== MNL_CB_ERROR*/) {
|
||||||
syslog(LOG_ERR, "%s: mnl_cb_run returned %d",
|
syslog(LOG_ERR, "%s: mnl_cb_run returned %d",
|
||||||
"refresh_nft_cache", ret);
|
"refresh_nft_cache", ret);
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
||||||
* (c) 2015 Tomofumi Hayashi
|
* (c) 2015 Tomofumi Hayashi
|
||||||
* (c) 2019 Paul Chambers
|
* (c) 2019 Paul Chambers
|
||||||
|
* (c) 2020 Thomas Bernard
|
||||||
*
|
*
|
||||||
* This software is subject to the conditions detailed
|
* This software is subject to the conditions detailed
|
||||||
* in the LICENCE file provided within the distribution.
|
* in the LICENCE file provided within the distribution.
|
||||||
|
|
@ -137,7 +138,7 @@ struct nftnl_rule *rule_del_handle(rule_t *r);
|
||||||
int refresh_nft_cache_filter(void);
|
int refresh_nft_cache_filter(void);
|
||||||
int refresh_nft_cache_redirect(void);
|
int refresh_nft_cache_redirect(void);
|
||||||
int refresh_nft_cache_peer(void);
|
int refresh_nft_cache_peer(void);
|
||||||
int refresh_nft_cache(struct rule_list *head, const char *table, const char *chain, uint32_t family);
|
int refresh_nft_cache(struct rule_list *head, const char *table, const char *chain, uint32_t family, enum rule_type type);
|
||||||
|
|
||||||
int
|
int
|
||||||
table_op(enum nf_tables_msg_types op, uint16_t family, const char * name);
|
table_op(enum nf_tables_msg_types op, uint16_t family, const char * name);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue