Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH nft 1/2] src: add parse_ctx object
@ 2019-08-07 22:39 Pablo Neira Ayuso
  2019-08-07 22:39 ` [PATCH nft 2/2] src: remove global symbol_table Pablo Neira Ayuso
  0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2019-08-07 22:39 UTC (permalink / raw)
  To: netfilter-devel; +Cc: fw

This object stores the dynamic symbol tables that are loaded from files.
Pass this object to datatype parse functions, although this is not used
yet.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/datatype.h | 14 +++++++++++---
 include/nftables.h |  8 ++++++++
 src/ct.c           |  3 ++-
 src/datatype.c     | 46 +++++++++++++++++++++++++++++-----------------
 src/evaluate.c     |  6 ++++--
 src/meta.c         | 17 +++++++++++------
 src/rt.c           |  5 +++--
 7 files changed, 68 insertions(+), 31 deletions(-)

diff --git a/include/datatype.h b/include/datatype.h
index 63617ebd2753..018f013aea04 100644
--- a/include/datatype.h
+++ b/include/datatype.h
@@ -123,6 +123,7 @@ enum datatype_flags {
 	DTYPE_F_PREFIX		= (1 << 1),
 };
 
+struct parse_ctx;
 /**
  * struct datatype
  *
@@ -154,7 +155,8 @@ struct datatype {
 						 struct output_ctx *octx);
 	json_t				*(*json)(const struct expr *expr,
 						 struct output_ctx *octx);
-	struct error_record		*(*parse)(const struct expr *sym,
+	struct error_record		*(*parse)(struct parse_ctx *ctx,
+						  const struct expr *sym,
 						  struct expr **res);
 	const struct symbol_table	*sym_tbl;
 	unsigned int			refcnt;
@@ -166,7 +168,12 @@ extern struct datatype *datatype_get(const struct datatype *dtype);
 extern void datatype_set(struct expr *expr, const struct datatype *dtype);
 extern void datatype_free(const struct datatype *dtype);
 
-extern struct error_record *symbol_parse(const struct expr *sym,
+struct parse_ctx {
+	struct symbol_tables	*tbl;
+};
+
+extern struct error_record *symbol_parse(struct parse_ctx *ctx,
+					 const struct expr *sym,
 					 struct expr **res);
 extern void datatype_print(const struct expr *expr, struct output_ctx *octx);
 
@@ -218,7 +225,8 @@ struct symbol_table {
 	struct symbolic_constant	symbols[];
 };
 
-extern struct error_record *symbolic_constant_parse(const struct expr *sym,
+extern struct error_record *symbolic_constant_parse(struct parse_ctx *ctx,
+						    const struct expr *sym,
 						    const struct symbol_table *tbl,
 						    struct expr **res);
 extern void symbolic_constant_print(const struct symbol_table *tbl,
diff --git a/include/nftables.h b/include/nftables.h
index ed446e2d16cf..407d76130e9f 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -15,6 +15,13 @@ struct cookie {
 	size_t pos;
 };
 
+struct symbol_tables {
+	const struct symbol_table	*mark;
+	const struct symbol_table	*devgroup;
+	const struct symbol_table	*ct_label;
+	const struct symbol_table	*realm;
+};
+
 struct output_ctx {
 	unsigned int flags;
 	union {
@@ -25,6 +32,7 @@ struct output_ctx {
 		FILE *error_fp;
 		struct cookie error_cookie;
 	};
+	struct symbol_tables tbl;
 };
 
 static inline bool nft_output_reversedns(const struct output_ctx *octx)
diff --git a/src/ct.c b/src/ct.c
index 14cc0e5e8a4e..c66b327a2237 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -171,7 +171,8 @@ static void ct_label_type_print(const struct expr *expr,
 	nft_print(octx, "%lu", bit);
 }
 
-static struct error_record *ct_label_type_parse(const struct expr *sym,
+static struct error_record *ct_label_type_parse(struct parse_ctx *ctx,
+						const struct expr *sym,
 						struct expr **res)
 {
 	const struct symbolic_constant *s;
diff --git a/src/datatype.c b/src/datatype.c
index 6d6826e9d745..039b4e529af0 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -113,7 +113,7 @@ void datatype_print(const struct expr *expr, struct output_ctx *octx)
 	    expr->dtype->name);
 }
 
-struct error_record *symbol_parse(const struct expr *sym,
+struct error_record *symbol_parse(struct parse_ctx *ctx, const struct expr *sym,
 				  struct expr **res)
 {
 	const struct datatype *dtype = sym->dtype;
@@ -124,9 +124,9 @@ struct error_record *symbol_parse(const struct expr *sym,
 		return error(&sym->location, "No symbol type information");
 	do {
 		if (dtype->parse != NULL)
-			return dtype->parse(sym, res);
+			return dtype->parse(ctx, sym, res);
 		if (dtype->sym_tbl != NULL)
-			return symbolic_constant_parse(sym, dtype->sym_tbl,
+			return symbolic_constant_parse(ctx, sym, dtype->sym_tbl,
 						       res);
 	} while ((dtype = dtype->basetype));
 
@@ -135,7 +135,8 @@ struct error_record *symbol_parse(const struct expr *sym,
 		     sym->dtype->desc);
 }
 
-struct error_record *symbolic_constant_parse(const struct expr *sym,
+struct error_record *symbolic_constant_parse(struct parse_ctx *ctx,
+					     const struct expr *sym,
 					     const struct symbol_table *tbl,
 					     struct expr **res)
 {
@@ -155,7 +156,7 @@ struct error_record *symbolic_constant_parse(const struct expr *sym,
 	*res = NULL;
 	do {
 		if (dtype->basetype->parse) {
-			erec = dtype->basetype->parse(sym, res);
+			erec = dtype->basetype->parse(ctx, sym, res);
 			if (erec != NULL)
 				return erec;
 			if (*res)
@@ -300,7 +301,8 @@ static void verdict_type_print(const struct expr *expr, struct output_ctx *octx)
 	}
 }
 
-static struct error_record *verdict_type_parse(const struct expr *sym,
+static struct error_record *verdict_type_parse(struct parse_ctx *ctx,
+					       const struct expr *sym,
 					       struct expr **res)
 {
 	*res = constant_expr_alloc(&sym->location, &string_type,
@@ -359,7 +361,8 @@ static void integer_type_print(const struct expr *expr, struct output_ctx *octx)
 	nft_gmp_print(octx, fmt, expr->value);
 }
 
-static struct error_record *integer_type_parse(const struct expr *sym,
+static struct error_record *integer_type_parse(struct parse_ctx *ctx,
+					       const struct expr *sym,
 					       struct expr **res)
 {
 	mpz_t v;
@@ -397,7 +400,8 @@ static void string_type_print(const struct expr *expr, struct output_ctx *octx)
 	nft_print(octx, "\"%s\"", data);
 }
 
-static struct error_record *string_type_parse(const struct expr *sym,
+static struct error_record *string_type_parse(struct parse_ctx *ctx,
+					      const struct expr *sym,
 	      				      struct expr **res)
 {
 	*res = constant_expr_alloc(&sym->location, &string_type,
@@ -432,7 +436,8 @@ static void lladdr_type_print(const struct expr *expr, struct output_ctx *octx)
 	}
 }
 
-static struct error_record *lladdr_type_parse(const struct expr *sym,
+static struct error_record *lladdr_type_parse(struct parse_ctx *ctx,
+					      const struct expr *sym,
 					      struct expr **res)
 {
 	char buf[strlen(sym->identifier) + 1], *p;
@@ -483,7 +488,8 @@ static void ipaddr_type_print(const struct expr *expr, struct output_ctx *octx)
 	nft_print(octx, "%s", buf);
 }
 
-static struct error_record *ipaddr_type_parse(const struct expr *sym,
+static struct error_record *ipaddr_type_parse(struct parse_ctx *ctx,
+					      const struct expr *sym,
 					      struct expr **res)
 {
 	struct addrinfo *ai, hints = { .ai_family = AF_INET,
@@ -541,7 +547,8 @@ static void ip6addr_type_print(const struct expr *expr, struct output_ctx *octx)
 	nft_print(octx, "%s", buf);
 }
 
-static struct error_record *ip6addr_type_parse(const struct expr *sym,
+static struct error_record *ip6addr_type_parse(struct parse_ctx *ctx,
+					       const struct expr *sym,
 					       struct expr **res)
 {
 	struct addrinfo *ai, hints = { .ai_family = AF_INET6,
@@ -595,7 +602,8 @@ static void inet_protocol_type_print(const struct expr *expr,
 	integer_type_print(expr, octx);
 }
 
-static struct error_record *inet_protocol_type_parse(const struct expr *sym,
+static struct error_record *inet_protocol_type_parse(struct parse_ctx *ctx,
+						     const struct expr *sym,
 						     struct expr **res)
 {
 	struct protoent *p;
@@ -676,7 +684,8 @@ void inet_service_type_print(const struct expr *expr, struct output_ctx *octx)
 	integer_type_print(expr, octx);
 }
 
-static struct error_record *inet_service_type_parse(const struct expr *sym,
+static struct error_record *inet_service_type_parse(struct parse_ctx *ctx,
+						    const struct expr *sym,
 						    struct expr **res)
 {
 	struct addrinfo *ai;
@@ -796,10 +805,11 @@ static void mark_type_print(const struct expr *expr, struct output_ctx *octx)
 	return symbolic_constant_print(mark_tbl, expr, true, octx);
 }
 
-static struct error_record *mark_type_parse(const struct expr *sym,
+static struct error_record *mark_type_parse(struct parse_ctx *ctx,
+					    const struct expr *sym,
 					    struct expr **res)
 {
-	return symbolic_constant_parse(sym, mark_tbl, res);
+	return symbolic_constant_parse(ctx, sym, mark_tbl, res);
 }
 
 const struct datatype mark_type = {
@@ -1019,7 +1029,8 @@ static void time_type_print(const struct expr *expr, struct output_ctx *octx)
 	time_print(mpz_get_uint64(expr->value), octx);
 }
 
-static struct error_record *time_type_parse(const struct expr *sym,
+static struct error_record *time_type_parse(struct parse_ctx *ctx,
+					    const struct expr *sym,
 					    struct expr **res)
 {
 	struct error_record *erec;
@@ -1050,7 +1061,8 @@ const struct datatype time_type = {
 	.parse		= time_type_parse,
 };
 
-static struct error_record *concat_type_parse(const struct expr *sym,
+static struct error_record *concat_type_parse(struct parse_ctx *ctx,
+					      const struct expr *sym,
 					      struct expr **res)
 {
 	return error(&sym->location, "invalid data type, expected %s",
diff --git a/src/evaluate.c b/src/evaluate.c
index 48c65cd2f35a..df8e808f92a9 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -223,6 +223,7 @@ static int set_not_found(struct eval_ctx *ctx, const struct location *loc,
  */
 static int expr_evaluate_symbol(struct eval_ctx *ctx, struct expr **expr)
 {
+	struct parse_ctx parse_ctx = { .tbl = &ctx->nft->output.tbl, };
 	struct error_record *erec;
 	struct table *table;
 	struct set *set;
@@ -231,7 +232,7 @@ static int expr_evaluate_symbol(struct eval_ctx *ctx, struct expr **expr)
 	switch ((*expr)->symtype) {
 	case SYMBOL_VALUE:
 		datatype_set(*expr, ctx->ectx.dtype);
-		erec = symbol_parse(*expr, &new);
+		erec = symbol_parse(&parse_ctx, *expr, &new);
 		if (erec != NULL) {
 			erec_queue(erec, ctx->msgs);
 			return -1;
@@ -2541,10 +2542,11 @@ static int stmt_evaluate_reject_default(struct eval_ctx *ctx,
 
 static int stmt_evaluate_reject_icmp(struct eval_ctx *ctx, struct stmt *stmt)
 {
+	struct parse_ctx parse_ctx = { .tbl = &ctx->nft->output.tbl, };
 	struct error_record *erec;
 	struct expr *code;
 
-	erec = symbol_parse(stmt->reject.expr, &code);
+	erec = symbol_parse(&parse_ctx, stmt->reject.expr, &code);
 	if (erec != NULL) {
 		erec_queue(erec, ctx->msgs);
 		return -1;
diff --git a/src/meta.c b/src/meta.c
index 1e8964eb48c4..5c0c4e29c062 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -68,7 +68,8 @@ static void tchandle_type_print(const struct expr *expr,
 	}
 }
 
-static struct error_record *tchandle_type_parse(const struct expr *sym,
+static struct error_record *tchandle_type_parse(struct parse_ctx *ctx,
+						const struct expr *sym,
 						struct expr **res)
 {
 	uint32_t handle;
@@ -142,7 +143,8 @@ static void ifindex_type_print(const struct expr *expr, struct output_ctx *octx)
 		nft_print(octx, "%d", ifindex);
 }
 
-static struct error_record *ifindex_type_parse(const struct expr *sym,
+static struct error_record *ifindex_type_parse(struct parse_ctx *ctx,
+					       const struct expr *sym,
 					       struct expr **res)
 {
 	int ifindex;
@@ -220,7 +222,8 @@ static void uid_type_print(const struct expr *expr, struct output_ctx *octx)
 	expr_basetype(expr)->print(expr, octx);
 }
 
-static struct error_record *uid_type_parse(const struct expr *sym,
+static struct error_record *uid_type_parse(struct parse_ctx *ctx,
+					   const struct expr *sym,
 					   struct expr **res)
 {
 	struct passwd *pw;
@@ -273,7 +276,8 @@ static void gid_type_print(const struct expr *expr, struct output_ctx *octx)
 	expr_basetype(expr)->print(expr, octx);
 }
 
-static struct error_record *gid_type_parse(const struct expr *sym,
+static struct error_record *gid_type_parse(struct parse_ctx *ctx,
+					   const struct expr *sym,
 					   struct expr **res)
 {
 	struct group *gr;
@@ -355,10 +359,11 @@ static void devgroup_type_print(const struct expr *expr,
 	return symbolic_constant_print(devgroup_tbl, expr, true, octx);
 }
 
-static struct error_record *devgroup_type_parse(const struct expr *sym,
+static struct error_record *devgroup_type_parse(struct parse_ctx *ctx,
+						const struct expr *sym,
 						struct expr **res)
 {
-	return symbolic_constant_parse(sym, devgroup_tbl, res);
+	return symbolic_constant_parse(ctx, sym, devgroup_tbl, res);
 }
 
 const struct datatype devgroup_type = {
diff --git a/src/rt.c b/src/rt.c
index 3ad77bcdda4d..cdd5e9d82b44 100644
--- a/src/rt.c
+++ b/src/rt.c
@@ -40,10 +40,11 @@ static void realm_type_print(const struct expr *expr, struct output_ctx *octx)
 	return symbolic_constant_print(realm_tbl, expr, true, octx);
 }
 
-static struct error_record *realm_type_parse(const struct expr *sym,
+static struct error_record *realm_type_parse(struct parse_ctx *ctx,
+					     const struct expr *sym,
 					     struct expr **res)
 {
-	return symbolic_constant_parse(sym, realm_tbl, res);
+	return symbolic_constant_parse(ctx, sym, realm_tbl, res);
 }
 
 const struct datatype realm_type = {
-- 
2.11.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH nft 2/2] src: remove global symbol_table
  2019-08-07 22:39 [PATCH nft 1/2] src: add parse_ctx object Pablo Neira Ayuso
@ 2019-08-07 22:39 ` Pablo Neira Ayuso
  2019-08-07 23:51   ` Florian Westphal
  0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2019-08-07 22:39 UTC (permalink / raw)
  To: netfilter-devel; +Cc: fw

Store symbol tables in context object instead.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/ct.h       |  3 ++-
 include/datatype.h |  4 +---
 include/meta.h     |  2 --
 include/nftables.h | 18 ++++++++----------
 src/ct.c           | 17 ++++++++---------
 src/datatype.c     | 16 +++++++---------
 src/json.c         |  6 +++---
 src/libnftables.c  | 29 ++++++++++++++---------------
 src/meta.c         | 27 +++++++--------------------
 src/rt.c           | 13 ++++++-------
 10 files changed, 56 insertions(+), 79 deletions(-)

diff --git a/include/ct.h b/include/ct.h
index 063f8cdf4aa4..efb2d4185543 100644
--- a/include/ct.h
+++ b/include/ct.h
@@ -33,7 +33,8 @@ extern struct stmt *notrack_stmt_alloc(const struct location *loc);
 extern struct stmt *flow_offload_stmt_alloc(const struct location *loc,
 					    const char *table_name);
 extern const char *ct_dir2str(int dir);
-extern const char *ct_label2str(unsigned long value);
+extern const char *ct_label2str(const struct symbol_table *tbl,
+				unsigned long value);
 
 extern const struct datatype ct_dir_type;
 extern const struct datatype ct_state_type;
diff --git a/include/datatype.h b/include/datatype.h
index 018f013aea04..cf1151582245 100644
--- a/include/datatype.h
+++ b/include/datatype.h
@@ -238,9 +238,7 @@ extern void symbol_table_print(const struct symbol_table *tbl,
 			       struct output_ctx *octx);
 
 extern struct symbol_table *rt_symbol_table_init(const char *filename);
-extern void rt_symbol_table_free(struct symbol_table *tbl);
-
-extern struct symbol_table *mark_tbl;
+extern void rt_symbol_table_free(const struct symbol_table *tbl);
 
 extern const struct datatype invalid_type;
 extern const struct datatype verdict_type;
diff --git a/include/meta.h b/include/meta.h
index a49b4ff54970..0fe95fd66824 100644
--- a/include/meta.h
+++ b/include/meta.h
@@ -42,6 +42,4 @@ extern const struct datatype devgroup_type;
 extern const struct datatype pkttype_type;
 extern const struct datatype ifname_type;
 
-extern struct symbol_table *devgroup_tbl;
-
 #endif /* NFTABLES_META_H */
diff --git a/include/nftables.h b/include/nftables.h
index 407d76130e9f..ef737c839b2e 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -184,19 +184,17 @@ struct input_descriptor {
 	off_t				line_offset;
 };
 
-void ct_label_table_init(void);
-void mark_table_init(void);
+void ct_label_table_init(struct nft_ctx *ctx);
+void mark_table_init(struct nft_ctx *ctx);
 void gmp_init(void);
-void realm_table_rt_init(void);
-void devgroup_table_init(void);
-void realm_table_meta_init(void);
+void realm_table_rt_init(struct nft_ctx *ctx);
+void devgroup_table_init(struct nft_ctx *ctx);
 void xt_init(void);
 
-void ct_label_table_exit(void);
-void mark_table_exit(void);
-void realm_table_meta_exit(void);
-void devgroup_table_exit(void);
-void realm_table_rt_exit(void);
+void ct_label_table_exit(struct nft_ctx *ctx);
+void mark_table_exit(struct nft_ctx *ctx);
+void devgroup_table_exit(struct nft_ctx *ctx);
+void realm_table_rt_exit(struct nft_ctx *ctx);
 
 int nft_print(struct output_ctx *octx, const char *fmt, ...)
 	__attribute__((format(printf, 2, 3)));
diff --git a/src/ct.c b/src/ct.c
index c66b327a2237..ed458e6b679b 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -141,11 +141,10 @@ static const struct datatype ct_event_type = {
 	.sym_tbl	= &ct_events_tbl,
 };
 
-static struct symbol_table *ct_label_tbl;
-
 #define CT_LABEL_BIT_SIZE 128
 
-const char *ct_label2str(unsigned long value)
+const char *ct_label2str(const struct symbol_table *ct_label_tbl,
+			 unsigned long value)
 {
 	const struct symbolic_constant *s;
 
@@ -161,7 +160,7 @@ static void ct_label_type_print(const struct expr *expr,
 				 struct output_ctx *octx)
 {
 	unsigned long bit = mpz_scan1(expr->value, 0);
-	const char *labelstr = ct_label2str(bit);
+	const char *labelstr = ct_label2str(octx->tbl.ct_label, bit);
 
 	if (labelstr) {
 		nft_print(octx, "\"%s\"", labelstr);
@@ -181,7 +180,7 @@ static struct error_record *ct_label_type_parse(struct parse_ctx *ctx,
 	uint64_t bit;
 	mpz_t value;
 
-	for (s = ct_label_tbl->symbols; s->identifier != NULL; s++) {
+	for (s = ctx->tbl->ct_label->symbols; s->identifier != NULL; s++) {
 		if (!strcmp(sym->identifier, s->identifier))
 			break;
 	}
@@ -230,14 +229,14 @@ static const struct datatype ct_label_type = {
 	.parse		= ct_label_type_parse,
 };
 
-void ct_label_table_init(void)
+void ct_label_table_init(struct nft_ctx *ctx)
 {
-	ct_label_tbl = rt_symbol_table_init(CONNLABEL_CONF);
+	ctx->output.tbl.ct_label = rt_symbol_table_init(CONNLABEL_CONF);
 }
 
-void ct_label_table_exit(void)
+void ct_label_table_exit(struct nft_ctx *ctx)
 {
-	rt_symbol_table_free(ct_label_tbl);
+	rt_symbol_table_free(ctx->output.tbl.ct_label);
 }
 
 #ifndef NF_CT_HELPER_NAME_LEN
diff --git a/src/datatype.c b/src/datatype.c
index 039b4e529af0..396a300cba4b 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -779,7 +779,7 @@ out:
 	return tbl;
 }
 
-void rt_symbol_table_free(struct symbol_table *tbl)
+void rt_symbol_table_free(const struct symbol_table *tbl)
 {
 	const struct symbolic_constant *s;
 
@@ -788,28 +788,26 @@ void rt_symbol_table_free(struct symbol_table *tbl)
 	xfree(tbl);
 }
 
-struct symbol_table *mark_tbl = NULL;
-
-void mark_table_init(void)
+void mark_table_init(struct nft_ctx *ctx)
 {
-	mark_tbl = rt_symbol_table_init("/etc/iproute2/rt_marks");
+	ctx->output.tbl.mark = rt_symbol_table_init("/etc/iproute2/rt_marks");
 }
 
-void mark_table_exit(void)
+void mark_table_exit(struct nft_ctx *ctx)
 {
-	rt_symbol_table_free(mark_tbl);
+	rt_symbol_table_free(ctx->output.tbl.mark);
 }
 
 static void mark_type_print(const struct expr *expr, struct output_ctx *octx)
 {
-	return symbolic_constant_print(mark_tbl, expr, true, octx);
+	return symbolic_constant_print(octx->tbl.mark, expr, true, octx);
 }
 
 static struct error_record *mark_type_parse(struct parse_ctx *ctx,
 					    const struct expr *sym,
 					    struct expr **res)
 {
-	return symbolic_constant_parse(ctx, sym, mark_tbl, res);
+	return symbolic_constant_parse(ctx, sym, ctx->tbl->mark, res);
 }
 
 const struct datatype mark_type = {
diff --git a/src/json.c b/src/json.c
index 33e0ec15f2ee..9dfa3076429d 100644
--- a/src/json.c
+++ b/src/json.c
@@ -1006,18 +1006,18 @@ json_t *inet_service_type_json(const struct expr *expr, struct output_ctx *octx)
 
 json_t *mark_type_json(const struct expr *expr, struct output_ctx *octx)
 {
-	return symbolic_constant_json(mark_tbl, expr, octx);
+	return symbolic_constant_json(octx->tbl.mark, expr, octx);
 }
 
 json_t *devgroup_type_json(const struct expr *expr, struct output_ctx *octx)
 {
-	return symbolic_constant_json(devgroup_tbl, expr, octx);
+	return symbolic_constant_json(octx->tbl.devgroup, expr, octx);
 }
 
 json_t *ct_label_type_json(const struct expr *expr, struct output_ctx *octx)
 {
 	unsigned long bit = mpz_scan1(expr->value, 0);
-	const char *labelstr = ct_label2str(bit);
+	const char *labelstr = ct_label2str(octx->tbl.ct_label, bit);
 
 	if (labelstr)
 		return json_string(labelstr);
diff --git a/src/libnftables.c b/src/libnftables.c
index 4a139c58b2b3..a693c0c69075 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -84,26 +84,25 @@ out:
 	return ret;
 }
 
-static void nft_init(void)
+static void nft_init(struct nft_ctx *ctx)
 {
-	mark_table_init();
-	realm_table_rt_init();
-	devgroup_table_init();
-	realm_table_meta_init();
-	ct_label_table_init();
+	mark_table_init(ctx);
+	realm_table_rt_init(ctx);
+	devgroup_table_init(ctx);
+	ct_label_table_init(ctx);
+
 	gmp_init();
 #ifdef HAVE_LIBXTABLES
 	xt_init();
 #endif
 }
 
-static void nft_exit(void)
+static void nft_exit(struct nft_ctx *ctx)
 {
-	ct_label_table_exit();
-	realm_table_rt_exit();
-	devgroup_table_exit();
-	realm_table_meta_exit();
-	mark_table_exit();
+	ct_label_table_exit(ctx);
+	realm_table_rt_exit(ctx);
+	devgroup_table_exit(ctx);
+	mark_table_exit(ctx);
 }
 
 EXPORT_SYMBOL(nft_ctx_add_include_path);
@@ -145,10 +144,10 @@ struct nft_ctx *nft_ctx_new(uint32_t flags)
 {
 	struct nft_ctx *ctx;
 
-	nft_init();
 	ctx = xzalloc(sizeof(struct nft_ctx));
-	ctx->state = xzalloc(sizeof(struct parser_state));
+	nft_init(ctx);
 
+	ctx->state = xzalloc(sizeof(struct parser_state));
 	nft_ctx_add_include_path(ctx, DEFAULT_INCLUDE_PATH);
 	ctx->parser_max_errors	= 10;
 	init_list_head(&ctx->cache.list);
@@ -291,7 +290,7 @@ void nft_ctx_free(struct nft_ctx *ctx)
 	nft_ctx_clear_include_paths(ctx);
 	xfree(ctx->state);
 	xfree(ctx);
-	nft_exit();
+	nft_exit(ctx);
 }
 
 EXPORT_SYMBOL(nft_ctx_set_output);
diff --git a/src/meta.c b/src/meta.c
index 5c0c4e29c062..5901c9919ed8 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -37,17 +37,6 @@
 #include <iface.h>
 #include <json.h>
 
-static struct symbol_table *realm_tbl;
-void realm_table_meta_init(void)
-{
-	realm_tbl = rt_symbol_table_init("/etc/iproute2/rt_realms");
-}
-
-void realm_table_meta_exit(void)
-{
-	rt_symbol_table_free(realm_tbl);
-}
-
 static void tchandle_type_print(const struct expr *expr,
 				struct output_ctx *octx)
 {
@@ -341,29 +330,27 @@ const struct datatype pkttype_type = {
 	.sym_tbl	= &pkttype_type_tbl,
 };
 
-struct symbol_table *devgroup_tbl = NULL;
-
-void devgroup_table_init(void)
+void devgroup_table_init(struct nft_ctx *ctx)
 {
-	devgroup_tbl = rt_symbol_table_init("/etc/iproute2/group");
+	ctx->output.tbl.devgroup = rt_symbol_table_init("/etc/iproute2/group");
 }
 
-void devgroup_table_exit(void)
+void devgroup_table_exit(struct nft_ctx *ctx)
 {
-	rt_symbol_table_free(devgroup_tbl);
+	rt_symbol_table_free(ctx->output.tbl.devgroup);
 }
 
 static void devgroup_type_print(const struct expr *expr,
-				 struct output_ctx *octx)
+				struct output_ctx *octx)
 {
-	return symbolic_constant_print(devgroup_tbl, expr, true, octx);
+	return symbolic_constant_print(octx->tbl.devgroup, expr, true, octx);
 }
 
 static struct error_record *devgroup_type_parse(struct parse_ctx *ctx,
 						const struct expr *sym,
 						struct expr **res)
 {
-	return symbolic_constant_parse(ctx, sym, devgroup_tbl, res);
+	return symbolic_constant_parse(ctx, sym, ctx->tbl->devgroup, res);
 }
 
 const struct datatype devgroup_type = {
diff --git a/src/rt.c b/src/rt.c
index cdd5e9d82b44..b19c44d6eefe 100644
--- a/src/rt.c
+++ b/src/rt.c
@@ -24,27 +24,26 @@
 #include <rule.h>
 #include <json.h>
 
-static struct symbol_table *realm_tbl;
-void realm_table_rt_init(void)
+void realm_table_rt_init(struct nft_ctx *ctx)
 {
-	realm_tbl = rt_symbol_table_init("/etc/iproute2/rt_realms");
+	ctx->output.tbl.realm = rt_symbol_table_init("/etc/iproute2/rt_realms");
 }
 
-void realm_table_rt_exit(void)
+void realm_table_rt_exit(struct nft_ctx *ctx)
 {
-	rt_symbol_table_free(realm_tbl);
+	rt_symbol_table_free(ctx->output.tbl.realm);
 }
 
 static void realm_type_print(const struct expr *expr, struct output_ctx *octx)
 {
-	return symbolic_constant_print(realm_tbl, expr, true, octx);
+	return symbolic_constant_print(octx->tbl.realm, expr, true, octx);
 }
 
 static struct error_record *realm_type_parse(struct parse_ctx *ctx,
 					     const struct expr *sym,
 					     struct expr **res)
 {
-	return symbolic_constant_parse(ctx, sym, realm_tbl, res);
+	return symbolic_constant_parse(ctx, sym, ctx->tbl->realm, res);
 }
 
 const struct datatype realm_type = {
-- 
2.11.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH nft 2/2] src: remove global symbol_table
  2019-08-07 22:39 ` [PATCH nft 2/2] src: remove global symbol_table Pablo Neira Ayuso
@ 2019-08-07 23:51   ` Florian Westphal
  0 siblings, 0 replies; 3+ messages in thread
From: Florian Westphal @ 2019-08-07 23:51 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel, fw

Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> Store symbol tables in context object instead.

Looks good to me and works fine for my purposes (no crash anymore),

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-07 22:39 [PATCH nft 1/2] src: add parse_ctx object Pablo Neira Ayuso
2019-08-07 22:39 ` [PATCH nft 2/2] src: remove global symbol_table Pablo Neira Ayuso
2019-08-07 23:51   ` Florian Westphal

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org netfilter-devel@archiver.kernel.org
	public-inbox-index netfilter-devel


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/ public-inbox