Re: [libnftables PATCH v3] src: add _unset functions

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Arturo Borrero <arturo.borrero.glez@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [libnftables PATCH v3] src: add _unset functions
Date: Fri, 7 Jun 2013 14:06:31 +0200	[thread overview]
Message-ID: <20130607120631.GA6657@localhost> (raw)
In-Reply-To: <20130607105104.17347.95207.stgit@nfdev.cica.es>

On Fri, Jun 07, 2013 at 12:52:17PM +0200, Arturo Borrero wrote:
> These functions unset the flag for the given attribute in each object and free data in some cases.

Applied with minor changes, thanks Arturo.

See below.

> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
> ---
> v2: improved unset operation and freed data pointer set to NULL
> v3: set to null c->table
> 
>  include/libnftables/chain.h |    1 +
>  include/libnftables/rule.h  |    1 +
>  include/libnftables/set.h   |    2 ++
>  include/libnftables/table.h |    1 +
>  src/chain.c                 |   26 ++++++++++++++++++++++++++
>  src/libnftables.map         |    5 +++++
>  src/rule.c                  |   23 +++++++++++++++++++++++
>  src/set.c                   |   23 +++++++++++++++++++++++
>  src/set_elem.c              |   13 +++++++++++++
>  src/table.c                 |   15 ++++++++++++++-
>  10 files changed, 109 insertions(+), 1 deletion(-)
> 
> diff --git a/include/libnftables/chain.h b/include/libnftables/chain.h
> index b12474f..f06f743 100644
> --- a/include/libnftables/chain.h
> +++ b/include/libnftables/chain.h
> @@ -26,6 +26,7 @@ enum {
>  	NFT_CHAIN_ATTR_TYPE,
>  };
>  
> +void nft_chain_attr_unset(struct nft_chain *c, uint16_t attr);
>  void nft_chain_attr_set(struct nft_chain *t, uint16_t attr, const void *data);
>  void nft_chain_attr_set_u32(struct nft_chain *t, uint16_t attr, uint32_t data);
>  void nft_chain_attr_set_s32(struct nft_chain *t, uint16_t attr, int32_t data);
> diff --git a/include/libnftables/rule.h b/include/libnftables/rule.h
> index 9c4ab0d..9989f19 100644
> --- a/include/libnftables/rule.h
> +++ b/include/libnftables/rule.h
> @@ -23,6 +23,7 @@ enum {
>  	NFT_RULE_ATTR_COMPAT_FLAGS,
>  };
>  
> +void nft_rule_attr_unset(struct nft_rule *r, uint16_t attr);
>  void nft_rule_attr_set(struct nft_rule *r, uint16_t attr, const void *data);
>  void nft_rule_attr_set_u32(struct nft_rule *r, uint16_t attr, uint32_t val);
>  void nft_rule_attr_set_u64(struct nft_rule *r, uint16_t attr, uint64_t val);
> diff --git a/include/libnftables/set.h b/include/libnftables/set.h
> index 53c2947..211c065 100644
> --- a/include/libnftables/set.h
> +++ b/include/libnftables/set.h
> @@ -16,6 +16,7 @@ struct nft_set;
>  struct nft_set *nft_set_alloc(void);
>  void nft_set_free(struct nft_set *s);
>  
> +void nft_set_attr_unset(struct nft_set *s, uint16_t attr);
>  void nft_set_attr_set(struct nft_set *s, uint16_t attr, const void *data);
>  void nft_set_attr_set_u32(struct nft_set *s, uint16_t attr, uint32_t val);
>  void nft_set_attr_set_str(struct nft_set *s, uint16_t attr, const char *str);
> @@ -61,6 +62,7 @@ void nft_set_elem_free(struct nft_set_elem *s);
>  
>  void nft_set_elem_add(struct nft_set *s, struct nft_set_elem *elem);
>  
> +void nft_set_elem_attr_unset(struct nft_set_elem *s, uint16_t attr);
>  void nft_set_elem_attr_set(struct nft_set_elem *s, uint16_t attr, const void *data, size_t data_len);
>  void nft_set_elem_attr_set_u32(struct nft_set_elem *s, uint16_t attr, uint32_t val);
>  void nft_set_elem_attr_set_str(struct nft_set_elem *s, uint16_t attr, const char *str);
> diff --git a/include/libnftables/table.h b/include/libnftables/table.h
> index 658230c..09cd204 100644
> --- a/include/libnftables/table.h
> +++ b/include/libnftables/table.h
> @@ -18,6 +18,7 @@ enum {
>  	NFT_TABLE_ATTR_FLAGS,
>  };
>  
> +void nft_table_attr_unset(struct nft_table *t, uint16_t attr);
>  void nft_table_attr_set(struct nft_table *t, uint16_t attr, const void *data);
>  const void *nft_table_attr_get(struct nft_table *t, uint16_t attr);
>  
> diff --git a/src/chain.c b/src/chain.c
> index 093e3ea..2a1a7ce 100644
> --- a/src/chain.c
> +++ b/src/chain.c
> @@ -59,6 +59,32 @@ void nft_chain_free(struct nft_chain *c)
>  }
>  EXPORT_SYMBOL(nft_chain_free);
>  
> +void nft_chain_attr_unset(struct nft_chain *c, uint16_t attr)
> +{
> +	switch (attr) {
> +	case NFT_CHAIN_ATTR_TABLE:
> +		if (c->flags & (1 << NFT_CHAIN_ATTR_TABLE))
> +			if (c->table) {
> +				free(c->table);
> +				c->table = NULL;
> +			}
> +		break;
> +	case NFT_CHAIN_ATTR_USE:
> +		/* cannot be unset?, ignore it */
> +		return;
> +	case NFT_CHAIN_ATTR_TYPE:
> +		if (c->flags & (1 << NFT_CHAIN_ATTR_TYPE))
> +			if (c->type) {
> +				free(c->type);
> +				c->type = NULL;
> +			}
> +		break;

        default:
                return;

Added this just to skip for unknown attributes. It should not harm
though the current code, but just to ensure we don't spend cycles on
no operations.

> +	}
> +
> +	c->flags &= ~(1 << attr);
> +}
> +EXPORT_SYMBOL(nft_chain_attr_unset);
> +
[...]
> +void nft_table_attr_unset(struct nft_table *t, uint16_t attr)
> +{
> +	if (attr == NFT_TABLE_ATTR_NAME)
> +		if (t->flags & (1 << NFT_TABLE_ATTR_NAME))
> +			if (t->name) {
> +				free(t->name);
> +				t->name = NULL;
> +			}

Converted this to a switch. We only have one single choice now, but
there are other attributes like flags and family that we may want to
unset in the future.

Regards.

next prev parent reply	other threads:[~2013-06-07 12:06 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-06-07 10:52 [libnftables PATCH v3] src: add _unset functions Arturo Borrero
2013-06-07 12:06 ` Pablo Neira Ayuso [this message]
2013-06-07 12:13   ` Arturo Borrero Gonzalez
2013-06-07 12:15     ` Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130607120631.GA6657@localhost \
    --to=pablo@netfilter.org \
    --cc=arturo.borrero.glez@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).