From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Eric Leblond <eric@regit.org>,
netfilter-devel@vger.kernel.org, Florian Westphal <fw@strlen.de>
Subject: [nft PATCH 7/7] libnftables: Add remaining getters and setters
Date: Thu, 19 Oct 2017 10:18:47 +0200 [thread overview]
Message-ID: <20171019081847.16171-8-phil@nwl.cc> (raw)
In-Reply-To: <20171019081847.16171-1-phil@nwl.cc>
Provide API functions for remaining context settings changed by main.c,
then hide struct nft_ctx definition from applications. This allows us to
later change data structures internally without risk of breaking
applications.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
include/nftables.h | 27 +++++++++++++++++++++
include/nftables/nftables.h | 41 ++++++++++---------------------
src/libnftables.c | 59 +++++++++++++++++++++++++++++++++++++++++++++
src/main.c | 18 +++++++++-----
4 files changed, 111 insertions(+), 34 deletions(-)
diff --git a/include/nftables.h b/include/nftables.h
index a633e1a2cc2e2..ad72383303bdb 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -6,6 +6,33 @@
#include <utils.h>
#include <nftables/nftables.h>
+struct nft_cache {
+ bool initialized;
+ struct list_head list;
+ uint32_t seqnum;
+};
+
+struct output_ctx {
+ unsigned int numeric;
+ unsigned int stateless;
+ unsigned int ip2name;
+ unsigned int handle;
+ unsigned int echo;
+ FILE *output_fp;
+};
+
+struct nft_ctx {
+ struct mnl_socket *nf_sock;
+ char **include_paths;
+ unsigned int num_include_paths;
+ unsigned int parser_max_errors;
+ unsigned int debug_mask;
+ struct output_ctx output;
+ bool check;
+ struct nft_cache cache;
+ uint32_t flags;
+};
+
struct input_descriptor;
struct location {
const struct input_descriptor *indesc;
diff --git a/include/nftables/nftables.h b/include/nftables/nftables.h
index a752f20d74132..2bc3061457257 100644
--- a/include/nftables/nftables.h
+++ b/include/nftables/nftables.h
@@ -9,34 +9,7 @@
#ifndef LIB_NFTABLES_H
#define LIB_NFTABLES_H
-struct mnl_socket;
-
-struct nft_cache {
- bool initialized;
- struct list_head list;
- uint32_t seqnum;
-};
-
-struct output_ctx {
- unsigned int numeric;
- unsigned int stateless;
- unsigned int ip2name;
- unsigned int handle;
- unsigned int echo;
- FILE *output_fp;
-};
-
-struct nft_ctx {
- struct mnl_socket *nf_sock;
- char **include_paths;
- unsigned int num_include_paths;
- unsigned int parser_max_errors;
- unsigned int debug_mask;
- struct output_ctx output;
- bool check;
- struct nft_cache cache;
- uint32_t flags;
-};
+struct nft_ctx;
enum debug_level {
DEBUG_SCANNER = 0x1,
@@ -78,6 +51,18 @@ FILE *nft_ctx_set_output(struct nft_ctx *ctx, FILE *fp);
void nft_ctx_set_dry_run(struct nft_ctx *ctx, bool dry);
int nft_ctx_add_include_path(struct nft_ctx *ctx, const char *path);
void nft_ctx_clear_include_paths(struct nft_ctx *ctx);
+enum numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx);
+void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum numeric_level level);
+bool nft_ctx_output_get_stateless(struct nft_ctx *ctx);
+void nft_ctx_output_set_stateless(struct nft_ctx *ctx, bool val);
+bool nft_ctx_output_get_ip2name(struct nft_ctx *ctx);
+void nft_ctx_output_set_ip2name(struct nft_ctx *ctx, bool val);
+unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx);
+void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask);
+bool nft_ctx_output_get_handle(struct nft_ctx *ctx);
+void nft_ctx_output_set_handle(struct nft_ctx *ctx, bool val);
+bool nft_ctx_output_get_echo(struct nft_ctx *ctx);
+void nft_ctx_output_set_echo(struct nft_ctx *ctx, bool val);
void nft_ctx_flush_cache(struct nft_ctx *ctx);
diff --git a/src/libnftables.c b/src/libnftables.c
index 2f4275c9a0a94..925c96d1272a3 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -206,6 +206,65 @@ void nft_ctx_set_dry_run(struct nft_ctx *ctx, bool dry)
ctx->check = dry;
}
+enum numeric_level nft_ctx_output_get_numeric(struct nft_ctx *ctx)
+{
+ return ctx->output.numeric;
+}
+
+void nft_ctx_output_set_numeric(struct nft_ctx *ctx, enum numeric_level level)
+{
+ ctx->output.numeric = level;
+}
+
+bool nft_ctx_output_get_stateless(struct nft_ctx *ctx)
+{
+ return ctx->output.stateless;
+}
+
+void nft_ctx_output_set_stateless(struct nft_ctx *ctx, bool val)
+{
+ ctx->output.stateless = val;
+}
+
+bool nft_ctx_output_get_ip2name(struct nft_ctx *ctx)
+{
+ return ctx->output.ip2name;
+}
+
+void nft_ctx_output_set_ip2name(struct nft_ctx *ctx, bool val)
+{
+ ctx->output.ip2name = val;
+}
+
+unsigned int nft_ctx_output_get_debug(struct nft_ctx *ctx)
+{
+ return ctx->debug_mask;
+}
+void nft_ctx_output_set_debug(struct nft_ctx *ctx, unsigned int mask)
+{
+ ctx->debug_mask = mask;
+}
+
+bool nft_ctx_output_get_handle(struct nft_ctx *ctx)
+{
+ return ctx->output.handle;
+}
+
+void nft_ctx_output_set_handle(struct nft_ctx *ctx, bool val)
+{
+ ctx->output.handle = val;
+}
+
+bool nft_ctx_output_get_echo(struct nft_ctx *ctx)
+{
+ return ctx->output.echo;
+}
+
+void nft_ctx_output_set_echo(struct nft_ctx *ctx, bool val)
+{
+ ctx->output.echo = val;
+}
+
static const struct input_descriptor indesc_cmdline = {
.type = INDESC_BUFFER,
.name = "<cmdline>",
diff --git a/src/main.c b/src/main.c
index de5c115757f44..c65966bcf5995 100644
--- a/src/main.c
+++ b/src/main.c
@@ -169,6 +169,8 @@ int main(int argc, char * const *argv)
unsigned int len;
bool interactive = false;
int i, val, rc;
+ enum numeric_level numeric;
+ unsigned int debug_mask;
nft = nft_ctx_new(NFT_CTX_DEFAULT);
nft_ctx_set_output(nft, stdout);
@@ -204,20 +206,23 @@ int main(int argc, char * const *argv)
}
break;
case OPT_NUMERIC:
- if (++nft->output.numeric > NUMERIC_ALL) {
+ numeric = nft_ctx_output_get_numeric(nft);
+ if (numeric == NUMERIC_ALL) {
fprintf(stderr, "Too many numeric options "
"used, max. %u\n",
NUMERIC_ALL);
exit(NFT_EXIT_FAILURE);
}
+ nft_ctx_output_set_numeric(nft, numeric + 1);
break;
case OPT_STATELESS:
- nft->output.stateless++;
+ nft_ctx_output_set_stateless(nft, true);
break;
case OPT_IP2NAME:
- nft->output.ip2name++;
+ nft_ctx_output_set_ip2name(nft, true);
break;
case OPT_DEBUG:
+ debug_mask = nft_ctx_output_get_debug(nft);
for (;;) {
unsigned int i;
char *end;
@@ -229,7 +234,7 @@ int main(int argc, char * const *argv)
for (i = 0; i < array_size(debug_param); i++) {
if (strcmp(debug_param[i].name, optarg))
continue;
- nft->debug_mask |= debug_param[i].level;
+ debug_mask |= debug_param[i].level;
break;
}
@@ -243,12 +248,13 @@ int main(int argc, char * const *argv)
break;
optarg = end + 1;
}
+ nft_ctx_output_set_debug(nft, debug_mask);
break;
case OPT_HANDLE_OUTPUT:
- nft->output.handle++;
+ nft_ctx_output_set_handle(nft, true);
break;
case OPT_ECHO:
- nft->output.echo++;
+ nft_ctx_output_set_echo(nft, true);
break;
case OPT_INVALID:
exit(NFT_EXIT_FAILURE);
--
2.13.1
next prev parent reply other threads:[~2017-10-19 8:19 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-19 8:18 [nft PATCH 0/7] libnftables preparations Phil Sutter
2017-10-19 8:18 ` [nft PATCH 1/7] nft_ctx_free: Fix for wrong argument passed to cache_release Phil Sutter
2017-10-20 12:01 ` Pablo Neira Ayuso
2017-10-19 8:18 ` [nft PATCH 2/7] libnftables: Move library stuff out of main.c Phil Sutter
2017-10-20 12:12 ` Pablo Neira Ayuso
2017-10-20 17:02 ` Phil Sutter
2017-10-20 19:08 ` Pablo Neira Ayuso
2017-10-19 8:18 ` [nft PATCH 3/7] libnftables: Introduce nft_ctx_flush_cache() Phil Sutter
2017-10-20 12:13 ` Pablo Neira Ayuso
2017-10-20 17:05 ` Phil Sutter
2017-10-20 19:10 ` Pablo Neira Ayuso
2017-10-20 21:00 ` Phil Sutter
2017-10-19 8:18 ` [nft PATCH 4/7] cli: Use nft_run_cmd_from_buffer() Phil Sutter
2017-10-20 12:15 ` Pablo Neira Ayuso
2017-10-20 17:10 ` Phil Sutter
2017-10-20 19:18 ` Pablo Neira Ayuso
2017-10-20 21:05 ` Phil Sutter
2017-10-19 8:18 ` [nft PATCH 5/7] libnftables: Introduce nft_ctx_set_dry_run() Phil Sutter
2017-10-19 8:18 ` [nft PATCH 6/7] libnftables: Provide an API for include path handling Phil Sutter
2017-10-20 12:17 ` Pablo Neira Ayuso
2017-10-20 17:16 ` Phil Sutter
2017-10-20 19:16 ` Pablo Neira Ayuso
2017-10-20 21:12 ` Phil Sutter
2017-10-19 8:18 ` Phil Sutter [this message]
2017-10-20 12:18 ` [nft PATCH 7/7] libnftables: Add remaining getters and setters Pablo Neira Ayuso
2017-10-20 16:08 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171019081847.16171-8-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=eric@regit.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.