summaryrefslogtreecommitdiff
path: root/src/libsystemd/sd-netlink
diff options
context:
space:
mode:
authorYu Watanabe <watanabe.yu+github@gmail.com>2022-06-14 22:22:54 +0900
committerYu Watanabe <watanabe.yu+github@gmail.com>2022-07-23 23:52:42 +0900
commit64f090a61ab0886e70384c9c486ea9162b58c1a5 (patch)
tree288466fb718124a17fcac57df079bdf84b43e57c /src/libsystemd/sd-netlink
parent35cca046cf65be01db33c4a17076491c1c7682a3 (diff)
downloadsystemd-64f090a61ab0886e70384c9c486ea9162b58c1a5.tar.gz
sd-netlink: several cleanups for netfilter
- rename family -> nfproto, and other arguments, - check specified nfproto, - change type of several function arguments that specify data length, - add several assertions, - drop unnecessary headers.
Diffstat (limited to 'src/libsystemd/sd-netlink')
-rw-r--r--src/libsystemd/sd-netlink/netlink-internal.h20
-rw-r--r--src/libsystemd/sd-netlink/netlink-message-nfnl.c71
2 files changed, 52 insertions, 39 deletions
diff --git a/src/libsystemd/sd-netlink/netlink-internal.h b/src/libsystemd/sd-netlink/netlink-internal.h
index 497ffe9112..c0d7fa8336 100644
--- a/src/libsystemd/sd-netlink/netlink-internal.h
+++ b/src/libsystemd/sd-netlink/netlink-internal.h
@@ -179,23 +179,23 @@ int sd_nfnl_socket_open(sd_netlink **ret);
int sd_nfnl_message_batch_begin(sd_netlink *nfnl, sd_netlink_message **ret);
int sd_nfnl_message_batch_end(sd_netlink *nfnl, sd_netlink_message **ret);
int sd_nfnl_nft_message_del_table(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table);
+ int nfproto, const char *table);
int sd_nfnl_nft_message_new_table(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table);
+ int nfproto, const char *table);
int sd_nfnl_nft_message_new_basechain(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table, const char *chain,
+ int nfproto, const char *table, const char *chain,
const char *type, uint8_t hook, int prio);
int sd_nfnl_nft_message_new_rule(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table, const char *chain);
+ int nfproto, const char *table, const char *chain);
int sd_nfnl_nft_message_new_set(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table, const char *set_name,
+ int nfproto, const char *table, const char *set_name,
uint32_t setid, uint32_t klen);
int sd_nfnl_nft_message_new_setelems_begin(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table, const char *set_name);
+ int nfproto, const char *table, const char *set_name);
int sd_nfnl_nft_message_del_setelems_begin(sd_netlink *nfnl, sd_netlink_message **ret,
- int family, const char *table, const char *set_name);
+ int nfproto, const char *table, const char *set_name);
int sd_nfnl_nft_message_add_setelem(sd_netlink_message *m,
- uint32_t num,
- const void *key, uint32_t klen,
- const void *data, uint32_t dlen);
+ uint32_t index,
+ const void *key, size_t key_len,
+ const void *data, size_t data_len);
int sd_nfnl_nft_message_add_setelem_end(sd_netlink_message *m);
diff --git a/src/libsystemd/sd-netlink/netlink-message-nfnl.c b/src/libsystemd/sd-netlink/netlink-message-nfnl.c
index 6f32167772..e70cf52631 100644
--- a/src/libsystemd/sd-netlink/netlink-message-nfnl.c
+++ b/src/libsystemd/sd-netlink/netlink-message-nfnl.c
@@ -1,26 +1,35 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <netinet/in.h>
-#include <linux/if_addrlabel.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
-#include <linux/nexthop.h>
-#include <stdbool.h>
-#include <unistd.h>
+#include <linux/netfilter.h>
#include "sd-netlink.h"
-#include "format-util.h"
#include "netlink-internal.h"
#include "netlink-types.h"
-#include "socket-util.h"
-static int nft_message_new(sd_netlink *nfnl, sd_netlink_message **ret, int family, uint16_t msg_type, uint16_t flags) {
+static bool nfproto_is_valid(int nfproto) {
+ return IN_SET(nfproto,
+ NFPROTO_UNSPEC,
+ NFPROTO_INET,
+ NFPROTO_IPV4,
+ NFPROTO_ARP,
+ NFPROTO_NETDEV,
+ NFPROTO_BRIDGE,
+ NFPROTO_IPV6,
+ NFPROTO_DECNET);
+}
+
+static int nft_message_new(sd_netlink *nfnl, sd_netlink_message **ret, int nfproto, uint16_t msg_type, uint16_t flags) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
assert_return(nfnl, -EINVAL);
assert_return(ret, -EINVAL);
+ assert_return(nfproto_is_valid(nfproto), -EINVAL);
+ assert_return(NFNL_MSG_TYPE(msg_type) == msg_type, -EINVAL);
r = message_new(nfnl, &m, NFNL_SUBSYS_NFTABLES << 8 | msg_type);
if (r < 0)
@@ -29,7 +38,7 @@ static int nft_message_new(sd_netlink *nfnl, sd_netlink_message **ret, int famil
m->hdr->nlmsg_flags |= flags;
*(struct nfgenmsg*) NLMSG_DATA(m->hdr) = (struct nfgenmsg) {
- .nfgen_family = family,
+ .nfgen_family = nfproto,
.version = NFNETLINK_V0,
.res_id = nfnl->serial,
};
@@ -42,12 +51,16 @@ static int nfnl_message_batch(sd_netlink *nfnl, sd_netlink_message **ret, uint16
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
+ assert_return(nfnl, -EINVAL);
+ assert_return(ret, -EINVAL);
+ assert_return(NFNL_MSG_TYPE(msg_type) == msg_type, -EINVAL);
+
r = message_new(nfnl, &m, NFNL_SUBSYS_NONE << 8 | msg_type);
if (r < 0)
return r;
*(struct nfgenmsg*) NLMSG_DATA(m->hdr) = (struct nfgenmsg) {
- .nfgen_family = AF_UNSPEC,
+ .nfgen_family = NFPROTO_UNSPEC,
.version = NFNETLINK_V0,
.res_id = NFNL_SUBSYS_NFTABLES,
};
@@ -67,7 +80,7 @@ int sd_nfnl_message_batch_end(sd_netlink *nfnl, sd_netlink_message **ret) {
int sd_nfnl_nft_message_new_basechain(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table,
const char *chain,
const char *type,
@@ -77,7 +90,7 @@ int sd_nfnl_nft_message_new_basechain(
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_NEWCHAIN, NLM_F_CREATE);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_NEWCHAIN, NLM_F_CREATE);
if (r < 0)
return r;
@@ -116,13 +129,13 @@ int sd_nfnl_nft_message_new_basechain(
int sd_nfnl_nft_message_del_table(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_DELTABLE, NLM_F_CREATE);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_DELTABLE, NLM_F_CREATE);
if (r < 0)
return r;
@@ -137,13 +150,13 @@ int sd_nfnl_nft_message_del_table(
int sd_nfnl_nft_message_new_table(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_NEWTABLE, NLM_F_CREATE | NLM_F_EXCL);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_NEWTABLE, NLM_F_CREATE | NLM_F_EXCL);
if (r < 0)
return r;
@@ -158,14 +171,14 @@ int sd_nfnl_nft_message_new_table(
int sd_nfnl_nft_message_new_rule(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table,
const char *chain) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_NEWRULE, NLM_F_CREATE);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_NEWRULE, NLM_F_CREATE);
if (r < 0)
return r;
@@ -184,7 +197,7 @@ int sd_nfnl_nft_message_new_rule(
int sd_nfnl_nft_message_new_set(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table,
const char *set_name,
uint32_t set_id,
@@ -193,7 +206,7 @@ int sd_nfnl_nft_message_new_set(
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_NEWSET, NLM_F_CREATE);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_NEWSET, NLM_F_CREATE);
if (r < 0)
return r;
@@ -220,14 +233,14 @@ int sd_nfnl_nft_message_new_set(
int sd_nfnl_nft_message_new_setelems_begin(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table,
const char *set_name) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_NEWSETELEM, NLM_F_CREATE);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_NEWSETELEM, NLM_F_CREATE);
if (r < 0)
return r;
@@ -250,14 +263,14 @@ int sd_nfnl_nft_message_new_setelems_begin(
int sd_nfnl_nft_message_del_setelems_begin(
sd_netlink *nfnl,
sd_netlink_message **ret,
- int family,
+ int nfproto,
const char *table,
const char *set_name) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
- r = nft_message_new(nfnl, &m, family, NFT_MSG_DELSETELEM, 0);
+ r = nft_message_new(nfnl, &m, nfproto, NFT_MSG_DELSETELEM, 0);
if (r < 0)
return r;
@@ -293,24 +306,24 @@ static int add_data(sd_netlink_message *m, uint16_t attr, const void *data, uint
int sd_nfnl_nft_message_add_setelem(
sd_netlink_message *m,
- uint32_t num,
+ uint32_t index,
const void *key,
- uint32_t klen,
+ size_t key_len,
const void *data,
- uint32_t dlen) {
+ size_t data_len) {
int r;
- r = sd_netlink_message_open_array(m, num);
+ r = sd_netlink_message_open_array(m, index);
if (r < 0)
return r;
- r = add_data(m, NFTA_SET_ELEM_KEY, key, klen);
+ r = add_data(m, NFTA_SET_ELEM_KEY, key, key_len);
if (r < 0)
goto cancel;
if (data) {
- r = add_data(m, NFTA_SET_ELEM_DATA, data, dlen);
+ r = add_data(m, NFTA_SET_ELEM_DATA, data, data_len);
if (r < 0)
goto cancel;
}
View Lorry Controller Status