From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH v3 01/13] nft: Introduce builtin_tables_lookup()
Date: Fri, 15 Oct 2021 14:25:56 +0200 [thread overview]
Message-ID: <20211015122608.12474-2-phil@nwl.cc> (raw)
In-Reply-To: <20211015122608.12474-1-phil@nwl.cc>
The set of builtin tables to use is fully determined by the given family
so just look it up instead of having callers pass it explicitly.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/nft.c | 19 +++++++++++++++++--
iptables/nft.h | 2 +-
iptables/xtables-arp.c | 2 +-
iptables/xtables-eb.c | 2 +-
iptables/xtables-monitor.c | 2 +-
iptables/xtables-restore.c | 7 +------
iptables/xtables-save.c | 6 +-----
iptables/xtables-standalone.c | 2 +-
iptables/xtables-translate.c | 7 +------
9 files changed, 25 insertions(+), 24 deletions(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index dc1f5160eb983..1d3f3a3da1cbb 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -863,7 +863,22 @@ int nft_restart(struct nft_handle *h)
return 0;
}
-int nft_init(struct nft_handle *h, int family, const struct builtin_table *t)
+static const struct builtin_table *builtin_tables_lookup(int family)
+{
+ switch (family) {
+ case AF_INET:
+ case AF_INET6:
+ return xtables_ipv4;
+ case NFPROTO_ARP:
+ return xtables_arp;
+ case NFPROTO_BRIDGE:
+ return xtables_bridge;
+ default:
+ return NULL;
+ }
+}
+
+int nft_init(struct nft_handle *h, int family)
{
memset(h, 0, sizeof(*h));
@@ -881,7 +896,7 @@ int nft_init(struct nft_handle *h, int family, const struct builtin_table *t)
xtables_error(PARAMETER_PROBLEM, "Unknown family");
h->portid = mnl_socket_get_portid(h->nl);
- h->tables = t;
+ h->tables = builtin_tables_lookup(family);
h->cache = &h->__cache[0];
h->family = family;
diff --git a/iptables/nft.h b/iptables/nft.h
index ef79b018f7836..f189b03fbc6b9 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -123,7 +123,7 @@ extern const struct builtin_table xtables_bridge[NFT_TABLE_MAX];
int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh,
int (*cb)(const struct nlmsghdr *nlh, void *data),
void *data);
-int nft_init(struct nft_handle *h, int family, const struct builtin_table *t);
+int nft_init(struct nft_handle *h, int family);
void nft_fini(struct nft_handle *h);
int nft_restart(struct nft_handle *h);
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 9a079f06b948a..1d132bdf23546 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -397,7 +397,7 @@ int nft_init_arp(struct nft_handle *h, const char *pname)
init_extensionsa();
#endif
- if (nft_init(h, NFPROTO_ARP, xtables_arp) < 0)
+ if (nft_init(h, NFPROTO_ARP) < 0)
xtables_error(OTHER_PROBLEM,
"Could not initialize nftables layer.");
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 23023ce13e4b8..1ed6bcd8a7877 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -672,7 +672,7 @@ int nft_init_eb(struct nft_handle *h, const char *pname)
init_extensionsb();
#endif
- if (nft_init(h, NFPROTO_BRIDGE, xtables_bridge) < 0)
+ if (nft_init(h, NFPROTO_BRIDGE) < 0)
xtables_error(OTHER_PROBLEM,
"Could not initialize nftables layer.");
diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
index 21d4bec08fd9a..73dc80c24d722 100644
--- a/iptables/xtables-monitor.c
+++ b/iptables/xtables-monitor.c
@@ -631,7 +631,7 @@ int xtables_monitor_main(int argc, char *argv[])
init_extensions6();
#endif
- if (nft_init(&h, AF_INET, xtables_ipv4)) {
+ if (nft_init(&h, AF_INET)) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 72832103d6bc3..86dcede395e07 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -281,7 +281,6 @@ void xtables_restore_parse(struct nft_handle *h,
static int
xtables_restore_main(int family, const char *progname, int argc, char *argv[])
{
- const struct builtin_table *tables;
struct nft_xt_restore_parse p = {
.commit = true,
.cb = &restore_cb,
@@ -360,7 +359,6 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
switch (family) {
case NFPROTO_IPV4:
case NFPROTO_IPV6: /* fallthough, same table */
- tables = xtables_ipv4;
#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
@@ -368,17 +366,14 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
#endif
break;
case NFPROTO_ARP:
- tables = xtables_arp;
- break;
case NFPROTO_BRIDGE:
- tables = xtables_bridge;
break;
default:
fprintf(stderr, "Unknown family %d\n", family);
return 1;
}
- if (nft_init(&h, family, tables) < 0) {
+ if (nft_init(&h, family) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index f794e3ff1e318..c6ebb0ec94c4f 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -131,7 +131,6 @@ static int
xtables_save_main(int family, int argc, char *argv[],
const char *optstring, const struct option *longopts)
{
- const struct builtin_table *tables;
const char *tablename = NULL;
struct do_output_data d = {
.format = FMT_NOCOUNTS,
@@ -208,11 +207,9 @@ xtables_save_main(int family, int argc, char *argv[],
init_extensions4();
init_extensions6();
#endif
- tables = xtables_ipv4;
d.commit = true;
break;
case NFPROTO_ARP:
- tables = xtables_arp;
break;
case NFPROTO_BRIDGE: {
const char *ctr = getenv("EBTABLES_SAVE_COUNTER");
@@ -223,7 +220,6 @@ xtables_save_main(int family, int argc, char *argv[],
d.format &= ~FMT_NOCOUNTS;
d.format |= FMT_C_COUNTS | FMT_EBT_SAVE;
}
- tables = xtables_bridge;
break;
}
default:
@@ -231,7 +227,7 @@ xtables_save_main(int family, int argc, char *argv[],
return 1;
}
- if (nft_init(&h, family, tables) < 0) {
+ if (nft_init(&h, family) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
index 1a6b7cf73a4bb..f4d40cda6ae43 100644
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -60,7 +60,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
init_extensions6();
#endif
- if (nft_init(&h, family, xtables_ipv4) < 0) {
+ if (nft_init(&h, family) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index 2a00a85088e2c..086b85d2f9cef 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -465,7 +465,6 @@ static int xtables_xlate_main_common(struct nft_handle *h,
int family,
const char *progname)
{
- const struct builtin_table *tables;
int ret;
xtables_globals.program_name = progname;
@@ -485,20 +484,16 @@ static int xtables_xlate_main_common(struct nft_handle *h,
init_extensions4();
init_extensions6();
#endif
- tables = xtables_ipv4;
break;
case NFPROTO_ARP:
- tables = xtables_arp;
- break;
case NFPROTO_BRIDGE:
- tables = xtables_bridge;
break;
default:
fprintf(stderr, "Unknown family %d\n", family);
return 1;
}
- if (nft_init(h, family, tables) < 0) {
+ if (nft_init(h, family) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
--
2.33.0
next prev parent reply other threads:[~2021-10-15 12:26 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-15 12:25 [iptables PATCH v3 00/13] Eliminate dedicated arptables-nft parser Phil Sutter
2021-10-15 12:25 ` Phil Sutter [this message]
2021-10-15 12:25 ` [iptables PATCH v3 02/13] xshared: Store optstring in xtables_globals Phil Sutter
2021-10-15 12:25 ` [iptables PATCH v3 03/13] nft-shared: Introduce init_cs family ops callback Phil Sutter
2021-10-15 12:25 ` [iptables PATCH v3 04/13] xtables: Simplify addr_mask freeing Phil Sutter
2021-10-15 12:26 ` [iptables PATCH v3 05/13] nft: Add family ops callbacks wrapping different nft_cmd_* functions Phil Sutter
2021-10-15 12:26 ` [iptables PATCH v3 06/13] xtables-standalone: Drop version number from init errors Phil Sutter
2021-10-15 12:26 ` [iptables PATCH v3 07/13] libxtables: Introduce xtables_globals print_help callback Phil Sutter
2021-10-15 12:26 ` [iptables PATCH v3 08/13] arptables: Use standard data structures when parsing Phil Sutter
2021-10-15 12:26 ` [iptables PATCH v3 09/13] nft-arp: Introduce post_parse callback Phil Sutter
2021-10-15 12:26 ` [iptables PATCH v3 10/13] nft-shared: Make nft_check_xt_legacy() family agnostic Phil Sutter
2021-10-15 12:26 ` [iptables PATCH v3 11/13] xtables: Derive xtables_globals from family Phil Sutter
2021-10-15 12:26 ` [iptables PATCH v3 12/13] xtables: arptables accepts empty interface names Phil Sutter
2021-10-15 12:26 ` [iptables PATCH v3 13/13] nft: Merge xtables-arp-standalone.c into xtables-standalone.c Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211015122608.12474-2-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.