netfilter
firewalling, NAT, and packet mangling for linux
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
Functions | Variables
netlink.c File Reference
#include <string.h>
#include <fcntl.h>
#include <errno.h>
#include <libmnl/libmnl.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdlib.h>
#include <libnftnl/table.h>
#include <libnftnl/chain.h>
#include <libnftnl/expr.h>
#include <libnftnl/set.h>
#include <libnftnl/common.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
#include <linux/netfilter.h>
#include <nftables.h>
#include <netlink.h>
#include <mnl.h>
#include <expression.h>
#include <gmputil.h>
#include <utils.h>
#include <erec.h>
Include dependency graph for netlink.c:

Functions

void netlink_restart (void)
 
void netlink_genid_get (void)
 
void __noreturn __netlink_abi_error (const char *file, int line, const char *reason)
 
int netlink_io_error (struct netlink_ctx *ctx, const struct location *loc, const char *fmt,...)
 
void __noreturn netlink_open_error (void)
 
struct nft_tablealloc_nft_table (const struct handle *h)
 
struct nft_chainalloc_nft_chain (const struct handle *h)
 
struct nft_rulealloc_nft_rule (const struct handle *h)
 
struct nft_rule_expralloc_nft_expr (const char *name)
 
struct nft_setalloc_nft_set (const struct handle *h)
 
void netlink_gen_raw_data (const mpz_t value, enum byteorder byteorder, unsigned int len, struct nft_data_linearize *data)
 
void netlink_gen_data (const struct expr *expr, struct nft_data_linearize *data)
 
struct exprnetlink_alloc_value (const struct location *loc, const struct nft_data_delinearize *nld)
 
struct exprnetlink_alloc_data (const struct location *loc, const struct nft_data_delinearize *nld, enum nft_registers dreg)
 
int netlink_add_rule_batch (struct netlink_ctx *ctx, const struct handle *h, const struct rule *rule, uint32_t flags)
 
int netlink_add_rule_list (struct netlink_ctx *ctx, const struct handle *h, struct list_head *rule_list)
 
int netlink_del_rule_batch (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
void netlink_dump_rule (struct nft_rule *nlr)
 
void netlink_dump_expr (struct nft_rule_expr *nle)
 
void netlink_dump_chain (struct nft_chain *nlc)
 
int netlink_add_chain (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc, const struct chain *chain, bool excl)
 
int netlink_rename_chain (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc, const char *name)
 
int netlink_delete_chain (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
int netlink_list_chains (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
int netlink_get_chain (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
int netlink_list_chain (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
int netlink_flush_chain (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
int netlink_add_table (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc, const struct table *table, bool excl)
 
int netlink_delete_table (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
void netlink_dump_table (struct nft_table *nlt)
 
int netlink_list_tables (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
int netlink_get_table (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
int netlink_list_table (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
int netlink_flush_table (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
void netlink_dump_set (struct nft_set *nls)
 
int netlink_add_set (struct netlink_ctx *ctx, const struct handle *h, struct set *set)
 
int netlink_delete_set (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
int netlink_list_sets (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
int netlink_get_set (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
int netlink_add_setelems (struct netlink_ctx *ctx, const struct handle *h, const struct expr *expr)
 
int netlink_delete_setelems (struct netlink_ctx *ctx, const struct handle *h, const struct expr *expr)
 
void interval_map_decompose (struct expr *set)
 
int netlink_get_setelems (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc, struct set *set)
 
int netlink_batch_send (struct list_head *err_list)
 
int netlink_flush_ruleset (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
struct nft_rulesetnetlink_dump_ruleset (struct netlink_ctx *ctx, const struct handle *h, const struct location *loc)
 
int netlink_monitor (struct netlink_mon_handler *monhandler)
 
bool netlink_batch_supported (void)
 

Variables

const struct input_descriptor indesc_netlink
 
const struct location netlink_location
 

Function Documentation

void __noreturn __netlink_abi_error ( const char *  file,
int  line,
const char *  reason 
)

References NFT_EXIT_FAILURE.

struct nft_chain* alloc_nft_chain ( const struct handle h)

References handle::chain, handle::family, handle::handle, memory_allocation_error, nft_chain_alloc(), NFT_CHAIN_ATTR_FAMILY, NFT_CHAIN_ATTR_HANDLE, NFT_CHAIN_ATTR_NAME, nft_chain_attr_set_str(), nft_chain_attr_set_u32(), nft_chain_attr_set_u64(), NFT_CHAIN_ATTR_TABLE, NULL, and handle::table.

Referenced by netlink_get_chain().

Here is the call graph for this function:

Here is the caller graph for this function:

struct nft_rule_expr* alloc_nft_expr ( const char *  name)

References memory_allocation_error, nft_rule_expr_alloc(), and NULL.

Here is the call graph for this function:

struct nft_rule* alloc_nft_rule ( const struct handle h)

References handle::chain, handle::comment, handle::family, handle::handle, memory_allocation_error, nft_rule_alloc(), NFT_RULE_ATTR_CHAIN, NFT_RULE_ATTR_FAMILY, NFT_RULE_ATTR_HANDLE, NFT_RULE_ATTR_POSITION, nft_rule_attr_set_data(), nft_rule_attr_set_str(), nft_rule_attr_set_u32(), nft_rule_attr_set_u64(), NFT_RULE_ATTR_TABLE, NFT_RULE_ATTR_USERDATA, NULL, handle::position, and handle::table.

Referenced by netlink_add_rule_batch(), and netlink_del_rule_batch().

Here is the call graph for this function:

Here is the caller graph for this function:

struct nft_set* alloc_nft_set ( const struct handle h)

References handle::family, memory_allocation_error, nft_set_alloc(), NFT_SET_ATTR_FAMILY, NFT_SET_ATTR_ID, NFT_SET_ATTR_NAME, nft_set_attr_set_str(), nft_set_attr_set_u32(), NFT_SET_ATTR_TABLE, NULL, handle::set, handle::set_id, and handle::table.

Referenced by netlink_get_set(), and netlink_get_setelems().

Here is the call graph for this function:

Here is the caller graph for this function:

struct nft_table* alloc_nft_table ( const struct handle h)

References handle::family, memory_allocation_error, nft_table_alloc(), NFT_TABLE_ATTR_FAMILY, NFT_TABLE_ATTR_NAME, nft_table_attr_set(), nft_table_attr_set_u32(), NULL, and handle::table.

Referenced by netlink_flush_ruleset(), and netlink_get_table().

Here is the call graph for this function:

Here is the caller graph for this function:

void interval_map_decompose ( struct expr set)

References expr::byteorder, compound_expr_add(), compound_expr_remove(), constant_expr_alloc(), expr::dtype, DTYPE_F_PREFIX, expr_clone(), EXPR_F_INTERVAL_END, expr_free(), expr_get(), EXPR_MAPPING, expr::expressions, datatype::flags, expr::flags, len, expr::len, list_for_each_entry_safe, expr::location, mapping_expr_alloc(), mpz_add(), mpz_and(), mpz_cmp_ui(), mpz_init(), mpz_init_bitmask(), mpz_scan0(), mpz_set(), mpz_sub(), mpz_sub_ui(), NULL, expr::ops, expr::prefix, prefix_expr_alloc(), expr::prefix_len, range_expr_alloc(), expr::right, size, expr::size, expr_ops::type, value, and expr::value.

Referenced by netlink_get_setelems().

Here is the call graph for this function:

Here is the caller graph for this function:

int netlink_add_chain ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc,
const struct chain chain,
bool  excl 
)

References netlink_ctx::batch_supported.

int netlink_add_rule_batch ( struct netlink_ctx ctx,
const struct handle h,
const struct rule rule,
uint32_t  flags 
)

References alloc_nft_rule(), rule::handle, rule::location, mnl_nft_rule_batch_add(), netlink_io_error(), netlink_linearize_rule(), nft_rule_free(), NLM_F_EXCL, and netlink_ctx::seqnum.

Referenced by netlink_add_rule_list().

Here is the call graph for this function:

Here is the caller graph for this function:

int netlink_add_rule_list ( struct netlink_ctx ctx,
const struct handle h,
struct list_head rule_list 
)

References rule::handle, rule::list, list_for_each_entry, netlink_add_rule_batch(), and NLM_F_APPEND.

Here is the call graph for this function:

int netlink_add_set ( struct netlink_ctx ctx,
const struct handle h,
struct set set 
)

References netlink_ctx::batch_supported.

int netlink_add_setelems ( struct netlink_ctx ctx,
const struct handle h,
const struct expr expr 
)

References netlink_ctx::batch_supported.

int netlink_add_table ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc,
const struct table table,
bool  excl 
)

References netlink_ctx::batch_supported.

struct expr* netlink_alloc_data ( const struct location loc,
const struct nft_data_delinearize nld,
enum nft_registers  dreg 
)

References netlink_alloc_value(), and NFT_REG_VERDICT.

Here is the call graph for this function:

struct expr* netlink_alloc_value ( const struct location loc,
const struct nft_data_delinearize nld 
)

References BITS_PER_BYTE, BYTEORDER_INVALID, constant_expr_alloc(), invalid_type, nft_data_delinearize::len, and nft_data_delinearize::value.

Referenced by netlink_alloc_data().

Here is the call graph for this function:

Here is the caller graph for this function:

int netlink_batch_send ( struct list_head err_list)

References mnl_batch_talk().

Here is the call graph for this function:

bool netlink_batch_supported ( void  )

References mnl_batch_supported().

Here is the call graph for this function:

int netlink_del_rule_batch ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)

References alloc_nft_rule(), mnl_nft_rule_batch_del(), netlink_io_error(), nft_rule_free(), and netlink_ctx::seqnum.

Referenced by netlink_flush_chain().

Here is the call graph for this function:

Here is the caller graph for this function:

int netlink_delete_chain ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)

References netlink_ctx::batch_supported.

int netlink_delete_set ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)

References netlink_ctx::batch_supported.

int netlink_delete_setelems ( struct netlink_ctx ctx,
const struct handle h,
const struct expr expr 
)

References netlink_ctx::batch_supported.

int netlink_delete_table ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)

References netlink_ctx::batch_supported.

void netlink_dump_chain ( struct nft_chain nlc)

References buf, DEBUG_NETLINK, and nft_chain_snprintf().

Here is the call graph for this function:

void netlink_dump_expr ( struct nft_rule_expr nle)

References buf, DEBUG_NETLINK, and nft_rule_expr_snprintf().

Referenced by erec_print().

Here is the call graph for this function:

Here is the caller graph for this function:

void netlink_dump_rule ( struct nft_rule nlr)

References buf, DEBUG_NETLINK, and nft_rule_snprintf().

Referenced by netlink_linearize_rule().

Here is the call graph for this function:

Here is the caller graph for this function:

struct nft_ruleset* netlink_dump_ruleset ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)

References handle::family, mnl_nft_ruleset_dump(), netlink_io_error(), and NULL.

Here is the call graph for this function:

void netlink_dump_set ( struct nft_set nls)

References buf, DEBUG_NETLINK, and nft_set_snprintf().

Referenced by netlink_get_set(), and netlink_get_setelems().

Here is the call graph for this function:

Here is the caller graph for this function:

void netlink_dump_table ( struct nft_table nlt)

References buf, DEBUG_NETLINK, and nft_table_snprintf().

Here is the call graph for this function:

int netlink_flush_chain ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)

References netlink_del_rule_batch().

Here is the call graph for this function:

int netlink_flush_ruleset ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)

References alloc_nft_table(), netlink_ctx::batch_supported, mnl_nft_table_batch_del(), netlink_io_error(), nft_table_free(), and netlink_ctx::seqnum.

Here is the call graph for this function:

int netlink_flush_table ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)
void netlink_gen_data ( const struct expr expr,
struct nft_data_linearize data 
)

References BUG, EXPR_CONCAT, EXPR_VALUE, EXPR_VERDICT, expr_ops::name, expr::ops, and expr_ops::type.

void netlink_gen_raw_data ( const mpz_t  value,
enum byteorder byteorder  ,
unsigned int  len,
struct nft_data_linearize data 
)

References nft_data_linearize::len, len, mpz_export_data(), and nft_data_linearize::value.

Here is the call graph for this function:

void netlink_genid_get ( void  )

References mnl_genid_get().

Here is the call graph for this function:

int netlink_get_chain ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)

References alloc_nft_chain(), chain::chain, netlink_ctx::list, chain::list, mnl_nft_chain_get(), netlink_io_error(), and nft_chain_free().

Here is the call graph for this function:

int netlink_get_set ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)

References alloc_nft_set(), netlink_ctx::list, set::list, mnl_nft_set_get(), netlink_dump_set(), netlink_io_error(), nft_set_free(), and NULL.

Here is the call graph for this function:

int netlink_get_setelems ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc,
struct set set 
)

References alloc_nft_set(), set::flags, set::init, interval_map_decompose(), mnl_nft_setelem_get(), netlink_dump_set(), netlink_io_error(), nft_set_elem_foreach(), nft_set_free(), NFT_SET_INTERVAL, NULL, netlink_ctx::set, and set_expr_alloc().

Here is the call graph for this function:

int netlink_get_table ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)

References alloc_nft_table(), mnl_nft_table_get(), netlink_io_error(), and nft_table_free().

Here is the call graph for this function:

int netlink_io_error ( struct netlink_ctx ctx,
const struct location loc,
const char *  fmt,
  ... 
)

References EREC_ERROR, erec_vcreate(), netlink_ctx::msgs, netlink_location, and NULL.

Referenced by netlink_add_rule_batch(), netlink_del_rule_batch(), netlink_dump_ruleset(), netlink_flush_ruleset(), netlink_get_chain(), netlink_get_set(), netlink_get_setelems(), netlink_get_table(), netlink_list_chains(), netlink_list_sets(), netlink_list_tables(), and netlink_monitor().

Here is the call graph for this function:

Here is the caller graph for this function:

int netlink_list_chain ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)
int netlink_list_chains ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)

References handle::chain, chain::chain, netlink_ctx::data, handle::family, chain::handle, netlink_ctx::list, chain::list, list_for_each_entry, mnl_nft_chain_dump(), netlink_io_error(), nft_chain_list_foreach(), nft_chain_list_free(), NULL, and handle::table.

Here is the call graph for this function:

int netlink_list_sets ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)

References handle::family, mnl_nft_set_dump(), netlink_io_error(), nft_set_list_foreach(), nft_set_list_free(), NULL, and handle::table.

Here is the call graph for this function:

int netlink_list_table ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)
int netlink_list_tables ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc 
)

References handle::family, mnl_nft_table_dump(), netlink_io_error(), nft_table_list_foreach(), nft_table_list_free(), and NULL.

Here is the call graph for this function:

int netlink_monitor ( struct netlink_mon_handler monhandler)

References netlink_mon_handler::ctx, netlink_mon_handler::loc, mnl_nft_event_listener(), MNL_SOCKET_AUTOPID, mnl_socket_bind(), netlink_io_error(), and NFNLGRP_NFTABLES.

Here is the call graph for this function:

void __noreturn netlink_open_error ( void  )

References NFT_EXIT_NONL.

int netlink_rename_chain ( struct netlink_ctx ctx,
const struct handle h,
const struct location loc,
const char *  name 
)

References netlink_ctx::batch_supported.

void netlink_restart ( void  )

Referenced by nft_run().

Here is the caller graph for this function:

Variable Documentation

const struct input_descriptor indesc_netlink
Initial value:
= {
.name = "netlink",
.type = INDESC_NETLINK,
}
INDESC_NETLINK
Definition: nftables.h:78
const struct location netlink_location
Initial value:
= {
.indesc = &indesc_netlink,
}

Referenced by netlink_delinearize_rule(), and netlink_io_error().