From d89114547431dd0d30c6e673b7ca492014ab25f8 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Thu, 18 Dec 2025 10:19:10 -0400 Subject: [PATCH] MT#55283 add sequencing to netlink messages Change-Id: I6346c79a204d0ee1f7587676848cdcfca7055262 --- daemon/nftables.c | 14 +++++++------- lib/netfilter_api.c | 7 +++++-- lib/netfilter_api.h | 2 +- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/daemon/nftables.c b/daemon/nftables.c index 754e4bb10..5a739c40e 100644 --- a/daemon/nftables.c +++ b/daemon/nftables.c @@ -165,7 +165,7 @@ static const char *nftables_do_rule(const int8_t *b, size_t l, void *data) { static char *iterate_rules(nfapi_socket *nl, int family, const char *chain, struct iterate_callbacks *callbacks) { - g_autoptr(nfapi_buf) b = nfapi_buf_new(); + g_autoptr(nfapi_buf) b = nfapi_buf_new(nl); nfapi_add_msg(b, NFT_MSG_GETRULE, family, NLM_F_REQUEST | NLM_F_DUMP, "get all rules [%d]", family); @@ -203,7 +203,7 @@ static void set_rule_handle(nfapi_buf *b, void *data) { static char *delete_rules(nfapi_socket *nl, int family, const char *chain, void (*callback)(nfapi_buf *b, void *data), void *data) { - g_autoptr(nfapi_buf) b = nfapi_buf_new(); + g_autoptr(nfapi_buf) b = nfapi_buf_new(nl); nfapi_batch_begin(b); @@ -269,7 +269,7 @@ static const char *nftables_do_chain(const int8_t *b, size_t l, void *userdata) static bool chain_exists(nfapi_socket *nl, int family, const char *chain) { - g_autoptr(nfapi_buf) b = nfapi_buf_new(); + g_autoptr(nfapi_buf) b = nfapi_buf_new(nl); nfapi_add_msg(b, NFT_MSG_GETCHAIN, family, NLM_F_REQUEST | NLM_F_ACK, "get chain [%d]", family); nfapi_add_str_attr(b, NFTA_CHAIN_TABLE, "filter", "table 'filter'"); @@ -293,7 +293,7 @@ static char *add_chain(nfapi_socket *nl, int family, const char *chain, if (chain_exists(nl, family, chain)) return NULL; - g_autoptr(nfapi_buf) b = nfapi_buf_new(); + g_autoptr(nfapi_buf) b = nfapi_buf_new(nl); nfapi_batch_begin(b); @@ -330,7 +330,7 @@ static char *add_chain(nfapi_socket *nl, int family, const char *chain, static char *add_rule(nfapi_socket *nl, int family, struct add_rule_callbacks callbacks) { - g_autoptr(nfapi_buf) b = nfapi_buf_new(); + g_autoptr(nfapi_buf) b = nfapi_buf_new(nl); nfapi_batch_begin(b); @@ -611,7 +611,7 @@ static const char *rtpe_target_filter(nfapi_buf *b, int family, struct add_rule_ static char *delete_chain(nfapi_socket *nl, int family, const char *chain) { - g_autoptr(nfapi_buf) b = nfapi_buf_new(); + g_autoptr(nfapi_buf) b = nfapi_buf_new(nl); nfapi_batch_begin(b); @@ -702,7 +702,7 @@ static char *nftables_shutdown_family(nfapi_socket *nl, int family, static char *add_table(nfapi_socket *nl, int family) { - g_autoptr(nfapi_buf) b = nfapi_buf_new(); + g_autoptr(nfapi_buf) b = nfapi_buf_new(nl); nfapi_batch_begin(b); diff --git a/lib/netfilter_api.c b/lib/netfilter_api.c index ae2fc5794..0f9f093de 100644 --- a/lib/netfilter_api.c +++ b/lib/netfilter_api.c @@ -18,6 +18,7 @@ struct nfapi_socket { int fd; struct sockaddr_nl addr; // local + uint16_t seq; }; struct nfapi_buf { @@ -25,6 +26,7 @@ struct nfapi_buf { ssize_t last_hdr; GQueue nested; GString *readable; + uint16_t seq; }; @@ -64,11 +66,12 @@ void nfapi_socket_close(nfapi_socket *s) { } -nfapi_buf *nfapi_buf_new(void) { +nfapi_buf *nfapi_buf_new(nfapi_socket *s) { nfapi_buf *b = g_new0(__typeof(*b), 1); b->s = g_string_new(""); b->last_hdr = -1; b->readable = g_string_new(""); + b->seq = ++s->seq; return b; } @@ -147,7 +150,7 @@ void nfapi_add_msg(nfapi_buf *b, uint16_t type, uint16_t family, uint16_t flags, readable_vadd(b->readable, fmt, va); va_end(va); - return add_msg(b, (NFNL_SUBSYS_NFTABLES << 8) | type, family, flags, 0, 0); + return add_msg(b, (NFNL_SUBSYS_NFTABLES << 8) | type, family, flags, b->seq, 0); } void nfapi_batch_begin(nfapi_buf *b) { diff --git a/lib/netfilter_api.h b/lib/netfilter_api.h index 28b252f57..6aa946a1d 100644 --- a/lib/netfilter_api.h +++ b/lib/netfilter_api.h @@ -22,7 +22,7 @@ nfapi_socket *nfapi_socket_open(void); void nfapi_socket_close(nfapi_socket *); -nfapi_buf *nfapi_buf_new(void); +nfapi_buf *nfapi_buf_new(nfapi_socket *); void nfapi_buf_free(nfapi_buf *); const char *nfapi_buf_msg(nfapi_buf *);