Compare commits
1 Commits
0ce932bc7e
...
2858b58738
| Author | SHA1 | Date |
|---|---|---|
Jan Schär
|
2858b58738 |
33
conn.go
33
conn.go
|
|
@ -17,7 +17,6 @@ package nftables
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math"
|
|
||||||
"os"
|
"os"
|
||||||
"sync"
|
"sync"
|
||||||
"syscall"
|
"syscall"
|
||||||
|
|
@ -39,14 +38,12 @@ type Conn struct {
|
||||||
TestDial nltest.Func // for testing only; passed to nltest.Dial
|
TestDial nltest.Func // for testing only; passed to nltest.Dial
|
||||||
NetNS int // fd referencing the network namespace netlink will interact with.
|
NetNS int // fd referencing the network namespace netlink will interact with.
|
||||||
|
|
||||||
lasting bool // establish a lasting connection to be used across multiple netlink operations.
|
lasting bool // establish a lasting connection to be used across multiple netlink operations.
|
||||||
mu sync.Mutex // protects the following state
|
mu sync.Mutex // protects the following state
|
||||||
messages []netlink.Message
|
messages []netlink.Message
|
||||||
err error
|
err error
|
||||||
nlconn *netlink.Conn // netlink socket using NETLINK_NETFILTER protocol.
|
nlconn *netlink.Conn // netlink socket using NETLINK_NETFILTER protocol.
|
||||||
sockOptions []SockOption
|
sockOptions []SockOption
|
||||||
lastID uint32
|
|
||||||
allocatedIDs uint32
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ConnOption is an option to change the behavior of the nftables Conn returned by Open.
|
// ConnOption is an option to change the behavior of the nftables Conn returned by Open.
|
||||||
|
|
@ -247,7 +244,6 @@ func (cc *Conn) Flush() error {
|
||||||
cc.mu.Lock()
|
cc.mu.Lock()
|
||||||
defer func() {
|
defer func() {
|
||||||
cc.messages = nil
|
cc.messages = nil
|
||||||
cc.allocatedIDs = 0
|
|
||||||
cc.mu.Unlock()
|
cc.mu.Unlock()
|
||||||
}()
|
}()
|
||||||
if len(cc.messages) == 0 {
|
if len(cc.messages) == 0 {
|
||||||
|
|
@ -373,20 +369,3 @@ func batch(messages []netlink.Message) []netlink.Message {
|
||||||
|
|
||||||
return batch
|
return batch
|
||||||
}
|
}
|
||||||
|
|
||||||
// allocateTransactionID allocates an identifier which is only valid in the
|
|
||||||
// current transaction.
|
|
||||||
func (cc *Conn) allocateTransactionID() uint32 {
|
|
||||||
if cc.allocatedIDs == math.MaxUint32 {
|
|
||||||
panic(fmt.Sprintf("trying to allocate more than %d IDs in a single nftables transaction", math.MaxUint32))
|
|
||||||
}
|
|
||||||
// To make it more likely to catch when a transaction ID is erroneously used
|
|
||||||
// in a later transaction, cc.lastID is not reset after each transaction;
|
|
||||||
// instead it is only reset once it rolls over from math.MaxUint32 to 0.
|
|
||||||
cc.allocatedIDs++
|
|
||||||
cc.lastID++
|
|
||||||
if cc.lastID == 0 {
|
|
||||||
cc.lastID = 1
|
|
||||||
}
|
|
||||||
return cc.lastID
|
|
||||||
}
|
|
||||||
|
|
|
||||||
5
set.go
5
set.go
|
|
@ -46,6 +46,8 @@ const (
|
||||||
NFTA_SET_ELEM_EXPRESSIONS = 0x11
|
NFTA_SET_ELEM_EXPRESSIONS = 0x11
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var allocSetID uint32
|
||||||
|
|
||||||
// SetDatatype represents a datatype declared by nft.
|
// SetDatatype represents a datatype declared by nft.
|
||||||
type SetDatatype struct {
|
type SetDatatype struct {
|
||||||
Name string
|
Name string
|
||||||
|
|
@ -530,7 +532,8 @@ func (cc *Conn) AddSet(s *Set, vals []SetElement) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if s.ID == 0 {
|
if s.ID == 0 {
|
||||||
s.ID = cc.allocateTransactionID()
|
allocSetID++
|
||||||
|
s.ID = allocSetID
|
||||||
if s.Anonymous {
|
if s.Anonymous {
|
||||||
s.Name = "__set%d"
|
s.Name = "__set%d"
|
||||||
if s.IsMap {
|
if s.IsMap {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue