[nftables] expressions: kill seperate sym_type datatype for symbols
Patrick McHardy
netfilter-cvslog-bounces at lists.netfilter.org
Wed Apr 8 06:33:20 CEST 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=nftables.git;a=commit;h=414fa58ae9f283c35c8510fc31f28ba77bb5fdf5
commit 414fa58ae9f283c35c8510fc31f28ba77bb5fdf5
Author: Patrick McHardy <kaber at trash.net>
AuthorDate: Wed Apr 1 12:56:44 2009 +0200
Commit: Patrick McHardy <kaber at trash.net>
CommitDate: Wed Apr 1 12:56:44 2009 +0200
expressions: kill seperate sym_type datatype for symbols
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 4ffa6882a5eafa50625d0e4d49cdaafe69d7877c
Author: Patrick McHardy <kaber at trash.net>
AuthorDate: Tue Mar 31 04:57:48 2009 +0200
Commit: Patrick McHardy <kaber at trash.net>
CommitDate: Tue Mar 31 04:57:48 2009 +0200
datatype: add/move size and byte order information into data types
Add size and type information to non-basetype types and remove the now
redundant information from the symbol tables.
This will be used to determine size and byteorder of set members without
analyzing the ruleset for incremental update operations.
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 4fee12b4b0a837b4d34d21be99cda8185563f784
Author: Patrick McHardy <kaber at trash.net>
AuthorDate: Tue Mar 31 04:14:26 2009 +0200
Commit: Patrick McHardy <kaber at trash.net>
CommitDate: Tue Mar 31 04:14:26 2009 +0200
datatype: maintain table of all datatypes and add registration/lookup function
Add a table containing all available datatypes and registration/lookup functions.
This will be used to associate a stand-alone set in the kernel with the correct
type without parsing the entire ruleset.
Additionally it would now be possible to remove the global declarations for the
core types. Not done yet though.
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 53fc2c7a799877c5859298bd16b578711af9cca2
Author: Patrick McHardy <kaber at trash.net>
AuthorDate: Tue Mar 31 04:14:26 2009 +0200
Commit: Patrick McHardy <kaber at trash.net>
CommitDate: Tue Mar 31 04:14:26 2009 +0200
netlink: move data related functions to netlink.c
Move the data related function to netlink.c as they're going to be needed
outside of rule context for set maintenance.
Signed-off-by: Patrick McHardy <kaber at trash.net>
via 414fa58ae9f283c35c8510fc31f28ba77bb5fdf5 (commit)
via 4ffa6882a5eafa50625d0e4d49cdaafe69d7877c (commit)
via 4fee12b4b0a837b4d34d21be99cda8185563f784 (commit)
via 53fc2c7a799877c5859298bd16b578711af9cca2 (commit)
from 9fe2e9d494a229a3f833add44d7242abe46aa156 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 414fa58ae9f283c35c8510fc31f28ba77bb5fdf5
Author: Patrick McHardy <kaber at trash.net>
Date: Wed Apr 1 12:56:44 2009 +0200
expressions: kill seperate sym_type datatype for symbols
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 4ffa6882a5eafa50625d0e4d49cdaafe69d7877c
Author: Patrick McHardy <kaber at trash.net>
Date: Tue Mar 31 04:57:48 2009 +0200
datatype: add/move size and byte order information into data types
Add size and type information to non-basetype types and remove the now
redundant information from the symbol tables.
This will be used to determine size and byteorder of set members without
analyzing the ruleset for incremental update operations.
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 4fee12b4b0a837b4d34d21be99cda8185563f784
Author: Patrick McHardy <kaber at trash.net>
Date: Tue Mar 31 04:14:26 2009 +0200
datatype: maintain table of all datatypes and add registration/lookup function
Add a table containing all available datatypes and registration/lookup functions.
This will be used to associate a stand-alone set in the kernel with the correct
type without parsing the entire ruleset.
Additionally it would now be possible to remove the global declarations for the
core types. Not done yet though.
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 53fc2c7a799877c5859298bd16b578711af9cca2
Author: Patrick McHardy <kaber at trash.net>
Date: Tue Mar 31 04:14:26 2009 +0200
netlink: move data related functions to netlink.c
Move the data related function to netlink.c as they're going to be needed
outside of rule context for set maintenance.
Signed-off-by: Patrick McHardy <kaber at trash.net>
-----------------------------------------------------------------------
include/datatype.h | 22 ++++++--
include/expression.h | 3 +-
include/netlink.h | 11 ++++
src/ct.c | 28 ++++++++----
src/datatype.c | 108 ++++++++++++++++++++++++++++++++++--------
src/evaluate.c | 10 ++--
src/expression.c | 8 ++--
src/exthdr.c | 12 ++++-
src/meta.c | 51 +++++++++++++++-----
src/netlink.c | 113 +++++++++++++++++++++++++++++++++++++++++++++
src/netlink_delinearize.c | 40 ----------------
src/netlink_linearize.c | 81 ++------------------------------
src/payload.c | 36 ++++++++++-----
13 files changed, 331 insertions(+), 192 deletions(-)
Move the data related function to netlink.c as they're going to be needed
outside of rule context for set maintenance.
Signed-off-by: Patrick McHardy <kaber at trash.net>
diff --git a/include/netlink.h b/include/netlink.h
index cec5247..ec9a614 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -30,6 +30,17 @@ extern struct nfnl_nft_rule *alloc_nft_rule(const struct handle *h);
extern struct nfnl_nft_expr *alloc_nft_expr(int (*init)(struct nfnl_nft_expr *));
extern struct nfnl_nft_data *alloc_nft_data(const void *data, unsigned int len);
+extern struct nfnl_nft_data *netlink_gen_data(const struct expr *expr);
+extern struct nfnl_nft_data *netlink_gen_raw_data(const mpz_t value,
+ enum byteorder byteorder,
+ unsigned int len);
+
+extern struct expr *netlink_alloc_value(const struct location *loc,
+ const struct nfnl_nft_data *nld);
+extern struct expr *netlink_alloc_data(const struct location *loc,
+ const struct nfnl_nft_data *nld,
+ enum nft_registers dreg);
+
extern int netlink_linearize_rule(struct netlink_ctx *ctx,
struct nfnl_nft_rule *nlr,
const struct rule *rule);
diff --git a/src/netlink.c b/src/netlink.c
index 548f4fb..8ef1401 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -20,6 +20,7 @@
#include <nftables.h>
#include <netlink.h>
#include <expression.h>
+#include <gmputil.h>
#include <utils.h>
#include <erec.h>
@@ -133,6 +134,118 @@ struct nfnl_nft_data *alloc_nft_data(const void *data, unsigned int len)
return nld;
}
+struct nfnl_nft_data *netlink_gen_raw_data(const mpz_t value,
+ enum byteorder byteorder,
+ unsigned int len)
+{
+ unsigned char data[len];
+
+ mpz_export_data(data, value, byteorder, len);
+ return alloc_nft_data(data, len);
+}
+
+static struct nfnl_nft_data *netlink_gen_concat_data(const struct expr *expr)
+{
+ const struct expr *i;
+ unsigned int len, offset;
+
+ len = 0;
+ list_for_each_entry(i, &expr->expressions, list)
+ len += i->len;
+
+ if (1) {
+ unsigned char data[len / BITS_PER_BYTE];
+
+ offset = 0;
+ list_for_each_entry(i, &expr->expressions, list) {
+ assert(i->ops->type == EXPR_VALUE);
+ mpz_export_data(data + offset, i->value, i->byteorder,
+ i->len / BITS_PER_BYTE);
+ offset += i->len / BITS_PER_BYTE;
+ }
+
+ return alloc_nft_data(data, len / BITS_PER_BYTE);
+ }
+}
+
+static struct nfnl_nft_data *netlink_gen_constant_data(const struct expr *expr)
+{
+ assert(expr->ops->type == EXPR_VALUE);
+ return netlink_gen_raw_data(expr->value, expr->byteorder,
+ div_round_up(expr->len, BITS_PER_BYTE));
+}
+
+static struct nfnl_nft_data *netlink_gen_verdict(const struct expr *expr)
+{
+ struct nfnl_nft_data *verdict;
+
+ verdict = nfnl_nft_verdict_alloc();
+ nfnl_nft_verdict_set_verdict(verdict, expr->verdict);
+
+ switch (expr->verdict) {
+ case NFT_JUMP:
+ case NFT_GOTO:
+ nfnl_nft_verdict_set_chain(verdict, expr->chain);
+ break;
+ }
+
+ return verdict;
+}
+
+struct nfnl_nft_data *netlink_gen_data(const struct expr *expr)
+{
+ switch (expr->ops->type) {
+ case EXPR_VALUE:
+ return netlink_gen_constant_data(expr);
+ case EXPR_CONCAT:
+ return netlink_gen_concat_data(expr);
+ case EXPR_VERDICT:
+ return netlink_gen_verdict(expr);
+ default:
+ BUG();
+ }
+}
+
+struct expr *netlink_alloc_value(const struct location *loc,
+ const struct nfnl_nft_data *nld)
+{
+ return constant_expr_alloc(loc, &invalid_type, BYTEORDER_INVALID,
+ nfnl_nft_data_get_size(nld) * BITS_PER_BYTE,
+ nfnl_nft_data_get(nld));
+}
+
+static struct expr *netlink_alloc_verdict(const struct location *loc,
+ const struct nfnl_nft_data *nld)
+{
+ unsigned int code;
+ char *chain;
+
+ code = nfnl_nft_verdict_get_verdict(nld);
+ switch (code) {
+ case NFT_JUMP:
+ case NFT_GOTO:
+ chain = xstrdup(nfnl_nft_verdict_get_chain(nld));
+ break;
+ default:
+ chain = NULL;
+ break;
+ }
+
+ return verdict_expr_alloc(loc, code, chain);
+}
+
+struct expr *netlink_alloc_data(const struct location *loc,
+ const struct nfnl_nft_data *nld,
+ enum nft_registers dreg)
+{
+ switch (dreg) {
+ case NFT_REG_VERDICT:
+ return netlink_alloc_verdict(loc, nld);
+ default:
+ return netlink_alloc_value(loc, nld);
+ }
+}
+
int netlink_add_rule(struct netlink_ctx *ctx, const struct handle *h,
const struct rule *rule)
{
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index be2271c..4b55939 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -66,46 +66,6 @@ static struct expr *netlink_get_register(struct netlink_parse_ctx *ctx,
return expr;
}
-static struct expr *netlink_alloc_value(const struct location *loc,
- const struct nfnl_nft_data *nld)
-{
- return constant_expr_alloc(loc, &invalid_type, BYTEORDER_INVALID,
- nfnl_nft_data_get_size(nld) * BITS_PER_BYTE,
- nfnl_nft_data_get(nld));
-}
-
-static struct expr *netlink_alloc_verdict(const struct location *loc,
- const struct nfnl_nft_data *nld)
-{
- unsigned int code;
- char *chain;
-
- code = nfnl_nft_verdict_get_verdict(nld);
- switch (code) {
- case NFT_JUMP:
- case NFT_GOTO:
- chain = xstrdup(nfnl_nft_verdict_get_chain(nld));
- break;
- default:
- chain = NULL;
- break;
- }
-
- return verdict_expr_alloc(loc, code, chain);
-}
-
-static struct expr *netlink_alloc_data(const struct location *loc,
- const struct nfnl_nft_data *nld,
- enum nft_registers dreg)
-{
- switch (dreg) {
- case NFT_REG_VERDICT:
- return netlink_alloc_verdict(loc, nld);
- default:
- return netlink_alloc_value(loc, nld);
- }
-}
-
static void netlink_parse_immediate(struct netlink_parse_ctx *ctx,
const struct location *loc,
const struct nfnl_nft_expr *nle)
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 0b3f819..65e4b69 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -34,79 +34,6 @@ static void release_register(struct netlink_linearize_ctx *ctx)
ctx->reg_low--;
}
-static struct nfnl_nft_data *netlink_gen_mpz_data(const mpz_t value,
- enum byteorder byteorder,
- unsigned int len)
-{
- unsigned char data[len];
-
- mpz_export_data(data, value, byteorder, len);
- return alloc_nft_data(data, len);
-}
-
-static struct nfnl_nft_data *netlink_gen_constant_data(const struct expr *expr)
-{
- assert(expr->ops->type == EXPR_VALUE);
- return netlink_gen_mpz_data(expr->value, expr->byteorder,
- div_round_up(expr->len, BITS_PER_BYTE));
-}
-
-static struct nfnl_nft_data *netlink_gen_concat_data(const struct expr *expr)
-{
- struct nfnl_nft_data *data;
- const struct expr *i;
- void *buf;
- unsigned int len, offset;
-
- len = 0;
- list_for_each_entry(i, &expr->expressions, list)
- len += i->len;
-
- buf = xmalloc(len / BITS_PER_BYTE);
-
- offset = 0;
- list_for_each_entry(i, &expr->expressions, list) {
- assert(i->ops->type == EXPR_VALUE);
- mpz_export_data(buf + offset, i->value, i->byteorder,
- i->len / BITS_PER_BYTE);
- offset += i->len / BITS_PER_BYTE;
- }
-
- data = alloc_nft_data(buf, len / BITS_PER_BYTE);
- xfree(buf);
- return data;
-}
-
-static struct nfnl_nft_data *netlink_gen_verdict(const struct expr *expr)
-{
- struct nfnl_nft_data *verdict;
-
- verdict = nfnl_nft_verdict_alloc();
- nfnl_nft_verdict_set_verdict(verdict, expr->verdict);
-
- switch (expr->verdict) {
- case NFT_JUMP:
- case NFT_GOTO:
- nfnl_nft_verdict_set_chain(verdict, expr->chain);
- }
-
- return verdict;
-}
-
-static struct nfnl_nft_data *netlink_gen_data(const struct expr *expr)
-{
- switch (expr->ops->type) {
- case EXPR_VALUE:
- return netlink_gen_constant_data(expr);
- case EXPR_CONCAT:
- return netlink_gen_concat_data(expr);
- case EXPR_VERDICT:
- return netlink_gen_verdict(expr);
- default:
- BUG();
- }
-}
-
static void netlink_gen_expr(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg);
@@ -361,7 +288,7 @@ static void netlink_gen_flagcmp(struct netlink_linearize_ctx *ctx,
mpz_init_set_ui(zero, 0);
nle = alloc_nft_expr(nfnl_nft_bitwise_init);
- nld = netlink_gen_mpz_data(zero, expr->right->byteorder, len);
+ nld = netlink_gen_raw_data(zero, expr->right->byteorder, len);
nfnl_nft_bitwise_set_sreg(nle, sreg);
nfnl_nft_bitwise_set_dreg(nle, sreg);
nfnl_nft_bitwise_set_len(nle, len);
@@ -370,7 +297,7 @@ static void netlink_gen_flagcmp(struct netlink_linearize_ctx *ctx,
nfnl_nft_rule_add_expr(ctx->nlr, nle);
nle = alloc_nft_expr(nfnl_nft_cmp_init);
- nld = netlink_gen_mpz_data(zero, expr->right->byteorder, len);
+ nld = netlink_gen_raw_data(zero, expr->right->byteorder, len);
nfnl_nft_cmp_set_sreg(nle, sreg);
nfnl_nft_cmp_set_op(nle, NFT_CMP_NEQ);
nfnl_nft_cmp_set_data(nle, nld);
@@ -467,10 +394,10 @@ static void netlink_gen_binop(struct netlink_linearize_ctx *ctx,
nfnl_nft_bitwise_set_dreg(nle, dreg);
nfnl_nft_bitwise_set_len(nle, len);
- nld = netlink_gen_mpz_data(mask, expr->byteorder, len);
+ nld = netlink_gen_raw_data(mask, expr->byteorder, len);
nfnl_nft_bitwise_set_mask(nle, nld);
- nld = netlink_gen_mpz_data(xor, expr->byteorder, len);
+ nld = netlink_gen_raw_data(xor, expr->byteorder, len);
nfnl_nft_bitwise_set_xor(nle, nld);
mpz_clear(tmp);
More information about the netfilter-cvslog
mailing list