* [PATCH nft 1/2] src: introduce netlink_init_error() @ 2015-04-06 12:06 Pablo Neira Ayuso 2015-04-06 12:06 ` [PATCH nft 2/2] src: restore interface to index cache Pablo Neira Ayuso 0 siblings, 1 reply; 5+ messages in thread From: Pablo Neira Ayuso @ 2015-04-06 12:06 UTC (permalink / raw) To: netfilter-devel; +Cc: kaber Based on the existing netlink_open_error(), but indicate file and line where the error happens. This will helps us to diagnose what is going wrong when users can back to us to report problems. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- include/netlink.h | 4 +++- src/netlink.c | 9 +++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/include/netlink.h b/include/netlink.h index c1ff9c6..9f24ea5 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -145,7 +145,9 @@ extern void netlink_restart(void); extern void __noreturn __netlink_abi_error(const char *file, int line, const char *reason); extern int netlink_io_error(struct netlink_ctx *ctx, const struct location *loc, const char *fmt, ...); -extern void netlink_open_error(void) __noreturn; +#define netlink_init_error() \ + __netlink_init_error(__FILE__, __LINE__, strerror(errno)); +extern void __noreturn __netlink_init_error(const char *file, int line, const char *reason); extern int netlink_flush_ruleset(struct netlink_ctx *ctx, const struct handle *h, diff --git a/src/netlink.c b/src/netlink.c index a33bb0b..4155763 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -52,7 +52,7 @@ static struct mnl_socket *nfsock_open(void) s = mnl_socket_open(NETLINK_NETFILTER); if (s == NULL) - netlink_open_error(); + netlink_init_error(); return s; } @@ -110,10 +110,11 @@ int netlink_io_error(struct netlink_ctx *ctx, const struct location *loc, return -1; } -void __noreturn netlink_open_error(void) +void __noreturn __netlink_init_error(const char *filename, int line, + const char *reason) { - fprintf(stderr, "E: Unable to open Netlink socket: %s\n", - strerror(errno)); + fprintf(stderr, "%s:%d: Unable to initialize Netlink socket: %s\n", + filename, line, reason); exit(NFT_EXIT_NONL); } -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH nft 2/2] src: restore interface to index cache 2015-04-06 12:06 [PATCH nft 1/2] src: introduce netlink_init_error() Pablo Neira Ayuso @ 2015-04-06 12:06 ` Pablo Neira Ayuso 2015-04-06 12:39 ` Patrick McHardy 0 siblings, 1 reply; 5+ messages in thread From: Pablo Neira Ayuso @ 2015-04-06 12:06 UTC (permalink / raw) To: netfilter-devel; +Cc: kaber nftables used to have a cache to speed up interface name <-> index, restore it using libmnl. This reduces netlink traffic since if_nametoindex() and if_indexto_name() open, send request, receive and close a netlink socket for each call. I think this is also good for consistency since nft -f will operate with the same index number when reloading the ruleset. We still need special handling for the nft -i case. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- include/iface.h | 13 ++++++ src/Makefile.am | 1 + src/iface.c | 134 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/meta.c | 5 ++- 4 files changed, 151 insertions(+), 2 deletions(-) create mode 100644 include/iface.h create mode 100644 src/iface.c diff --git a/include/iface.h b/include/iface.h new file mode 100644 index 0000000..62e6a33 --- /dev/null +++ b/include/iface.h @@ -0,0 +1,13 @@ +#ifndef _NFTABLES_IFACE_H_ +#define _NFTABLES_IFACE_H_ + +struct iface { + struct list_head list; + char name[IFNAMSIZ]; + uint32_t ifindex; +}; + +unsigned int nft_if_nametoindex(const char *name); +int nft_if_indextoname(unsigned int ifindex, char *name); + +#endif diff --git a/src/Makefile.am b/src/Makefile.am index 2410fd3..fd63219 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -44,6 +44,7 @@ nft_SOURCES = main.c \ utils.c \ erec.c \ mnl.c \ + iface.c \ scanner.l \ parser_bison.y diff --git a/src/iface.c b/src/iface.c new file mode 100644 index 0000000..8c5f99c --- /dev/null +++ b/src/iface.c @@ -0,0 +1,134 @@ +/* + * Copyright (c) 2015 Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <net/if.h> +#include <time.h> +#include <string.h> +#include <errno.h> + +#include <libmnl/libmnl.h> +#include <linux/rtnetlink.h> + +#include <list.h> +#include <netlink.h> +#include <iface.h> + +static LIST_HEAD(iface_list); + +unsigned int nft_if_nametoindex(const char *name) +{ + struct iface *iface; + + list_for_each_entry(iface, &iface_list, list) { + if (strncmp(name, iface->name, IFNAMSIZ) == 0) + return iface->ifindex; + } + return 0; +} + +int nft_if_indextoname(unsigned int ifindex, char *name) +{ + struct iface *iface; + + list_for_each_entry(iface, &iface_list, list) { + if (iface->ifindex == ifindex) { + strncpy(name, iface->name, IFNAMSIZ); + return 1; + } + } + return 0; +} + +static int data_attr_cb(const struct nlattr *attr, void *data) +{ + const struct nlattr **tb = data; + int type = mnl_attr_get_type(attr); + + if (mnl_attr_type_valid(attr, IFLA_MAX) < 0) + return MNL_CB_OK; + + switch(type) { + case IFLA_IFNAME: + if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) + netlink_abi_error(); + break; + default: + return MNL_CB_OK; + } + tb[type] = attr; + return MNL_CB_OK; +} + +static int data_cb(const struct nlmsghdr *nlh, void *data) +{ + struct nlattr *tb[IFLA_MAX + 1] = {}; + struct ifinfomsg *ifm = mnl_nlmsg_get_payload(nlh); + struct iface *iface; + + iface = malloc(sizeof(struct iface)); + if (iface == NULL) + memory_allocation_error(); + + iface->ifindex = ifm->ifi_index; + mnl_attr_parse(nlh, sizeof(*ifm), data_attr_cb, tb); + strncpy(iface->name, mnl_attr_get_str(tb[IFLA_IFNAME]), IFNAMSIZ); + list_add(&iface->list, &iface_list); + + return MNL_CB_OK; +} + +static void __init iface_cache_init(void) +{ + char buf[MNL_SOCKET_BUFFER_SIZE]; + struct mnl_socket *nl; + struct nlmsghdr *nlh; + struct rtgenmsg *rt; + uint32_t seq, portid; + int ret; + + nlh = mnl_nlmsg_put_header(buf); + nlh->nlmsg_type = RTM_GETLINK; + nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP; + nlh->nlmsg_seq = seq = time(NULL); + rt = mnl_nlmsg_put_extra_header(nlh, sizeof(struct rtgenmsg)); + rt->rtgen_family = AF_PACKET; + + nl = mnl_socket_open(NETLINK_ROUTE); + if (nl == NULL) + netlink_init_error(); + + if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) + netlink_init_error(); + + portid = mnl_socket_get_portid(nl); + + if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) + netlink_init_error(); + + ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); + while (ret > 0) { + ret = mnl_cb_run(buf, ret, seq, portid, data_cb, NULL); + if (ret <= MNL_CB_STOP) + break; + ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); + } + if (ret == -1) + netlink_init_error(); + + mnl_socket_close(nl); +} + +static void __exit iface_cache_fini(void) +{ + struct iface *iface, *next; + + list_for_each_entry_safe(iface, next, &iface_list, list) + free(iface); +} diff --git a/src/meta.c b/src/meta.c index ad57228..bfc1258 100644 --- a/src/meta.c +++ b/src/meta.c @@ -30,6 +30,7 @@ #include <gmputil.h> #include <utils.h> #include <erec.h> +#include <iface.h> static struct symbol_table *realm_tbl; static void __init realm_table_init(void) @@ -138,7 +139,7 @@ static void ifindex_type_print(const struct expr *expr) int ifindex; ifindex = mpz_get_uint32(expr->value); - if (if_indextoname(ifindex, name)) + if (nft_if_indextoname(ifindex, name)) printf("%s", name); else printf("%d", ifindex); @@ -149,7 +150,7 @@ static struct error_record *ifindex_type_parse(const struct expr *sym, { int ifindex; - ifindex = if_nametoindex(sym->identifier); + ifindex = nft_if_nametoindex(sym->identifier); if (ifindex == 0) return error(&sym->location, "Interface does not exist"); -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH nft 2/2] src: restore interface to index cache 2015-04-06 12:06 ` [PATCH nft 2/2] src: restore interface to index cache Pablo Neira Ayuso @ 2015-04-06 12:39 ` Patrick McHardy 2015-04-06 12:58 ` Pablo Neira Ayuso 0 siblings, 1 reply; 5+ messages in thread From: Patrick McHardy @ 2015-04-06 12:39 UTC (permalink / raw) To: Pablo Neira Ayuso, netfilter-devel Am 6. April 2015 14:06:31 MESZ, schrieb Pablo Neira Ayuso <pablo@netfilter.org>: >nftables used to have a cache to speed up interface name <-> index, >restore it >using libmnl. > >This reduces netlink traffic since if_nametoindex() and >if_indexto_name() open, >send request, receive and close a netlink socket for each call. I >think this >is also good for consistency since nft -f will operate with the same >index >number when reloading the ruleset. > >We still need special handling for the nft -i case. > >Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> >--- > include/iface.h | 13 ++++++ > src/Makefile.am | 1 + >src/iface.c | 134 >+++++++++++++++++++++++++++++++++++++++++++++++++++++++ > src/meta.c | 5 ++- > 4 files changed, 151 insertions(+), 2 deletions(-) > create mode 100644 include/iface.h > create mode 100644 src/iface.c > >diff --git a/include/iface.h b/include/iface.h >new file mode 100644 >index 0000000..62e6a33 >--- /dev/null >+++ b/include/iface.h >@@ -0,0 +1,13 @@ >+#ifndef _NFTABLES_IFACE_H_ >+#define _NFTABLES_IFACE_H_ >+ >+struct iface { >+ struct list_head list; >+ char name[IFNAMSIZ]; >+ uint32_t ifindex; >+}; >+ >+unsigned int nft_if_nametoindex(const char *name); >+int nft_if_indextoname(unsigned int ifindex, char *name); >+ >+#endif >diff --git a/src/Makefile.am b/src/Makefile.am >index 2410fd3..fd63219 100644 >--- a/src/Makefile.am >+++ b/src/Makefile.am >@@ -44,6 +44,7 @@ nft_SOURCES = main.c \ > utils.c \ > erec.c \ > mnl.c \ >+ iface.c \ > scanner.l \ > parser_bison.y > >diff --git a/src/iface.c b/src/iface.c >new file mode 100644 >index 0000000..8c5f99c >--- /dev/null >+++ b/src/iface.c >@@ -0,0 +1,134 @@ >+/* >+ * Copyright (c) 2015 Pablo Neira Ayuso <pablo@netfilter.org> >+ * >+ * This program is free software; you can redistribute it and/or >modify >+ * it under the terms of the GNU General Public License version 2 as >+ * published by the Free Software Foundation. >+ */ >+ >+#include <stdio.h> >+#include <stdlib.h> >+#include <net/if.h> >+#include <time.h> >+#include <string.h> >+#include <errno.h> >+ >+#include <libmnl/libmnl.h> >+#include <linux/rtnetlink.h> >+ >+#include <list.h> >+#include <netlink.h> >+#include <iface.h> >+ >+static LIST_HEAD(iface_list); >+ >+unsigned int nft_if_nametoindex(const char *name) >+{ >+ struct iface *iface; >+ >+ list_for_each_entry(iface, &iface_list, list) { >+ if (strncmp(name, iface->name, IFNAMSIZ) == 0) >+ return iface->ifindex; >+ } >+ return 0; >+} >+ >+int nft_if_indextoname(unsigned int ifindex, char *name) >+{ >+ struct iface *iface; >+ >+ list_for_each_entry(iface, &iface_list, list) { >+ if (iface->ifindex == ifindex) { >+ strncpy(name, iface->name, IFNAMSIZ); >+ return 1; >+ } >+ } >+ return 0; >+} >+ >+static int data_attr_cb(const struct nlattr *attr, void *data) >+{ >+ const struct nlattr **tb = data; >+ int type = mnl_attr_get_type(attr); >+ >+ if (mnl_attr_type_valid(attr, IFLA_MAX) < 0) >+ return MNL_CB_OK; >+ >+ switch(type) { >+ case IFLA_IFNAME: >+ if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0) >+ netlink_abi_error(); >+ break; >+ default: >+ return MNL_CB_OK; >+ } >+ tb[type] = attr; >+ return MNL_CB_OK; >+} >+ >+static int data_cb(const struct nlmsghdr *nlh, void *data) >+{ >+ struct nlattr *tb[IFLA_MAX + 1] = {}; >+ struct ifinfomsg *ifm = mnl_nlmsg_get_payload(nlh); >+ struct iface *iface; >+ >+ iface = malloc(sizeof(struct iface)); >+ if (iface == NULL) >+ memory_allocation_error(); Why not use x*alloc here? Besides this: Acked-by: Patrick McHardy <kaber@trash.net> >+ >+ iface->ifindex = ifm->ifi_index; >+ mnl_attr_parse(nlh, sizeof(*ifm), data_attr_cb, tb); >+ strncpy(iface->name, mnl_attr_get_str(tb[IFLA_IFNAME]), IFNAMSIZ); >+ list_add(&iface->list, &iface_list); >+ >+ return MNL_CB_OK; >+} >+ >+static void __init iface_cache_init(void) >+{ >+ char buf[MNL_SOCKET_BUFFER_SIZE]; >+ struct mnl_socket *nl; >+ struct nlmsghdr *nlh; >+ struct rtgenmsg *rt; >+ uint32_t seq, portid; >+ int ret; >+ >+ nlh = mnl_nlmsg_put_header(buf); >+ nlh->nlmsg_type = RTM_GETLINK; >+ nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP; >+ nlh->nlmsg_seq = seq = time(NULL); >+ rt = mnl_nlmsg_put_extra_header(nlh, sizeof(struct rtgenmsg)); >+ rt->rtgen_family = AF_PACKET; >+ >+ nl = mnl_socket_open(NETLINK_ROUTE); >+ if (nl == NULL) >+ netlink_init_error(); >+ >+ if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) >+ netlink_init_error(); >+ >+ portid = mnl_socket_get_portid(nl); >+ >+ if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) >+ netlink_init_error(); >+ >+ ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); >+ while (ret > 0) { >+ ret = mnl_cb_run(buf, ret, seq, portid, data_cb, NULL); >+ if (ret <= MNL_CB_STOP) >+ break; >+ ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); >+ } >+ if (ret == -1) >+ netlink_init_error(); >+ >+ mnl_socket_close(nl); >+} >+ >+static void __exit iface_cache_fini(void) >+{ >+ struct iface *iface, *next; >+ >+ list_for_each_entry_safe(iface, next, &iface_list, list) >+ free(iface); >+} >diff --git a/src/meta.c b/src/meta.c >index ad57228..bfc1258 100644 >--- a/src/meta.c >+++ b/src/meta.c >@@ -30,6 +30,7 @@ > #include <gmputil.h> > #include <utils.h> > #include <erec.h> >+#include <iface.h> > > static struct symbol_table *realm_tbl; > static void __init realm_table_init(void) >@@ -138,7 +139,7 @@ static void ifindex_type_print(const struct expr >*expr) > int ifindex; > > ifindex = mpz_get_uint32(expr->value); >- if (if_indextoname(ifindex, name)) >+ if (nft_if_indextoname(ifindex, name)) > printf("%s", name); > else > printf("%d", ifindex); >@@ -149,7 +150,7 @@ static struct error_record >*ifindex_type_parse(const struct expr *sym, > { > int ifindex; > >- ifindex = if_nametoindex(sym->identifier); >+ ifindex = nft_if_nametoindex(sym->identifier); > if (ifindex == 0) > return error(&sym->location, "Interface does not exist"); > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH nft 2/2] src: restore interface to index cache 2015-04-06 12:39 ` Patrick McHardy @ 2015-04-06 12:58 ` Pablo Neira Ayuso 2015-04-06 12:58 ` Patrick McHardy 0 siblings, 1 reply; 5+ messages in thread From: Pablo Neira Ayuso @ 2015-04-06 12:58 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel On Mon, Apr 06, 2015 at 02:39:26PM +0200, Patrick McHardy wrote: > Am 6. April 2015 14:06:31 MESZ, schrieb Pablo Neira Ayuso <pablo@netfilter.org>: [...] > >+static int data_cb(const struct nlmsghdr *nlh, void *data) > >+{ > >+ struct nlattr *tb[IFLA_MAX + 1] = {}; > >+ struct ifinfomsg *ifm = mnl_nlmsg_get_payload(nlh); > >+ struct iface *iface; > >+ > >+ iface = malloc(sizeof(struct iface)); > >+ if (iface == NULL) > >+ memory_allocation_error(); > > Why not use x*alloc here? Just changed this here, thanks. BTW, not important but I'm still seeing netlink traffic here to NETLINK_ROUTE. Looking at the glibc code, it seems that getaddrinfo() also internally retrieves the list of interfaces via netlink for each call. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH nft 2/2] src: restore interface to index cache 2015-04-06 12:58 ` Pablo Neira Ayuso @ 2015-04-06 12:58 ` Patrick McHardy 0 siblings, 0 replies; 5+ messages in thread From: Patrick McHardy @ 2015-04-06 12:58 UTC (permalink / raw) To: Pablo Neira Ayuso; +Cc: netfilter-devel Am 6. April 2015 14:58:57 MESZ, schrieb Pablo Neira Ayuso <pablo@netfilter.org>: >On Mon, Apr 06, 2015 at 02:39:26PM +0200, Patrick McHardy wrote: >> Am 6. April 2015 14:06:31 MESZ, schrieb Pablo Neira Ayuso ><pablo@netfilter.org>: >[...] >> >+static int data_cb(const struct nlmsghdr *nlh, void *data) >> >+{ >> >+ struct nlattr *tb[IFLA_MAX + 1] = {}; >> >+ struct ifinfomsg *ifm = mnl_nlmsg_get_payload(nlh); >> >+ struct iface *iface; >> >+ >> >+ iface = malloc(sizeof(struct iface)); >> >+ if (iface == NULL) >> >+ memory_allocation_error(); >> >> Why not use x*alloc here? > >Just changed this here, thanks. > >BTW, not important but I'm still seeing netlink traffic here to >NETLINK_ROUTE. Looking at the glibc code, it seems that getaddrinfo() >also internally retrieves the list of interfaces via netlink for each >call. Makes sense since it doesn't know when to invalidate a cache. Which raises a question - do we need to listen to updates for interactive mode? I'd say yes. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-04-06 12:58 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-04-06 12:06 [PATCH nft 1/2] src: introduce netlink_init_error() Pablo Neira Ayuso 2015-04-06 12:06 ` [PATCH nft 2/2] src: restore interface to index cache Pablo Neira Ayuso 2015-04-06 12:39 ` Patrick McHardy 2015-04-06 12:58 ` Pablo Neira Ayuso 2015-04-06 12:58 ` Patrick McHardy
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).