diff options
Diffstat (limited to 'meta-networking/recipes-filter')
22 files changed, 520 insertions, 4071 deletions
diff --git a/meta-networking/recipes-filter/arno-iptables-firewall/arno-iptables-firewall_2.0.1g.bb b/meta-networking/recipes-filter/arno-iptables-firewall/arno-iptables-firewall_2.0.3.bb index 6fd0affdf6..040c53f5c5 100644 --- a/meta-networking/recipes-filter/arno-iptables-firewall/arno-iptables-firewall_2.0.1g.bb +++ b/meta-networking/recipes-filter/arno-iptables-firewall/arno-iptables-firewall_2.0.3.bb @@ -4,12 +4,11 @@ HOMEPAGE = "http://rocky.eld.leidenuniv.nl/joomla/index.php?option=com_content&v LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://gpl_license.txt;md5=11c7b65c4a4acb9d5175f7e9bf99c403" -SRC_URI = "http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/${BPN}_${PV}.tar.gz \ - " -SRC_URI[md5sum] = "77eba7f148bf2840a3e35a6f50c9c353" -SRC_URI[sha256sum] = "0bafd85ddc235752250eaec0c7fdb21e530912483f6807a97f86158ed2d301f7" +SRC_URI = "https://github.com/arno-iptables-firewall/aif/archive/${PV}.tar.gz" +SRC_URI[md5sum] = "71271c08299aacd45ceb9c9400082d03" +SRC_URI[sha256sum] = "e2c4fb88a25f0cae8308a3b2bb922b5e2f52f24d8309b24e15a527a6b326e703" -S = "${WORKDIR}/${BPN}_${PV}" +S = "${WORKDIR}/aif-${PV}" inherit systemd diff --git a/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.4.bb b/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.5.bb index 46168b0ba4..51e0ec1a69 100644 --- a/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.4.bb +++ b/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.5.bb @@ -12,8 +12,8 @@ SRC_URI = "http://www.netfilter.org/projects/conntrack-tools/files/conntrack-too file://conntrack-failover \ file://init \ " -SRC_URI[tar.md5sum] = "acd9e0b27cf16ae3092ba900e4d7560e" -SRC_URI[tar.sha256sum] = "b7caf4fcc4c03575df57d25e5216584d597fd916c891f191dac616ce68bdba6c" +SRC_URI[tar.md5sum] = "9356a0cd4df81a597ac26d87ccfebac4" +SRC_URI[tar.sha256sum] = "36c6d99c7684851d4d72e75bd07ff3f0ff1baaf4b6f069eb7244990cd1a9a462" inherit autotools update-rc.d pkgconfig diff --git a/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb b/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb index f05bd615d5..276784009f 100644 --- a/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb +++ b/meta-networking/recipes-filter/ebtables/ebtables_2.0.10-4.bb @@ -12,6 +12,8 @@ RDEPENDS_${PN} += "bash" RRECOMMENDS_${PN} += "kernel-module-ebtables \ " +UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/ebtables/files/ebtables/" + SRC_URI = "${SOURCEFORGE_MIRROR}/ebtables/ebtables-v${PV}.tar.gz \ file://ebtables-save \ file://installnonroot.patch \ diff --git a/meta-networking/recipes-filter/libnetfilter/files/0001-Correct-typo-in-the-location-of-internal.h-in-includ.patch b/meta-networking/recipes-filter/libnetfilter/files/0001-Correct-typo-in-the-location-of-internal.h-in-includ.patch deleted file mode 100644 index 76d2d5d287..0000000000 --- a/meta-networking/recipes-filter/libnetfilter/files/0001-Correct-typo-in-the-location-of-internal.h-in-includ.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 32af64e1811c74292891dc4dc8455736f7d33ccf Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Thu, 30 Mar 2017 13:26:56 -0700 -Subject: [PATCH] Correct typo in the location of internal.h in #include - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - src/libnetfilter_queue.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c -index 211a8ba..065d618 100644 ---- a/src/libnetfilter_queue.c -+++ b/src/libnetfilter_queue.c -@@ -32,7 +32,7 @@ - - #include <libnfnetlink/libnfnetlink.h> - #include <libnetfilter_queue/libnetfilter_queue.h> --#include "src/internal.h" -+#include "internal.h" - - /** - * \mainpage --- -2.12.1 - diff --git a/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch b/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch index 946f1b71d7..aa9ff09a99 100644 --- a/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch +++ b/meta-networking/recipes-filter/libnetfilter/files/0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch @@ -1,4 +1,4 @@ -From 06562244ac4a1a61e1a2c6b219a517658f7349bf Mon Sep 17 00:00:00 2001 +From db7eb5f0a4e78c6bd3c4f9cbd8332d909eb82ad6 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 10 Apr 2017 12:09:41 -0700 Subject: [PATCH] Declare the define visivility attribute together @@ -9,16 +9,17 @@ symbols become hidden and consumers of this library fail to link due to these missing symbols Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- doxygen.cfg.in | 2 +- - src/extra/ipv4.c | 15 +++---- + src/extra/ipv4.c | 15 ++---- src/extra/ipv6.c | 9 ++-- - src/extra/pktbuff.c | 42 ++++++------------ - src/extra/tcp.c | 21 +++------ - src/extra/udp.c | 21 +++------ - src/internal.h | 5 +-- - src/libnetfilter_queue.c | 108 ++++++++++++++++------------------------------- - src/nlmsg.c | 21 +++------ + src/extra/pktbuff.c | 42 +++++---------- + src/extra/tcp.c | 21 +++----- + src/extra/udp.c | 21 +++----- + src/internal.h | 5 +- + src/libnetfilter_queue.c | 108 +++++++++++++-------------------------- + src/nlmsg.c | 21 +++----- 9 files changed, 82 insertions(+), 162 deletions(-) diff --git a/doxygen.cfg.in b/doxygen.cfg.in @@ -592,7 +593,7 @@ index 558d267..79b0752 100644 struct iphdr; diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c -index 065d618..ab0b66b 100644 +index 673e3b0..c12f068 100644 --- a/src/libnetfilter_queue.c +++ b/src/libnetfilter_queue.c @@ -133,8 +133,7 @@ struct nfq_data { @@ -772,7 +773,7 @@ index 065d618..ab0b66b 100644 /** * nfq_set_queue_flags - set flags (options) for the kernel queue -@@ -690,7 +678,7 @@ EXPORT_SYMBOL(nfq_set_mode); +@@ -708,7 +696,7 @@ EXPORT_SYMBOL(nfq_set_mode); * * \return -1 on error with errno set appropriately; =0 otherwise. */ @@ -781,7 +782,7 @@ index 065d618..ab0b66b 100644 uint32_t mask, uint32_t flags) { union { -@@ -711,7 +699,6 @@ int nfq_set_queue_flags(struct nfq_q_handle *qh, +@@ -729,7 +717,6 @@ int nfq_set_queue_flags(struct nfq_q_handle *qh, return nfnl_query(qh->h->nfnlh, &u.nmh); } @@ -789,7 +790,7 @@ index 065d618..ab0b66b 100644 /** * nfq_set_queue_maxlen - Set kernel queue maximum length parameter -@@ -724,7 +711,7 @@ EXPORT_SYMBOL(nfq_set_queue_flags); +@@ -742,7 +729,7 @@ EXPORT_SYMBOL(nfq_set_queue_flags); * * \return -1 on error; >=0 otherwise. */ @@ -798,7 +799,7 @@ index 065d618..ab0b66b 100644 uint32_t queuelen) { union { -@@ -742,7 +729,6 @@ int nfq_set_queue_maxlen(struct nfq_q_handle *qh, +@@ -760,7 +747,6 @@ int nfq_set_queue_maxlen(struct nfq_q_handle *qh, return nfnl_query(qh->h->nfnlh, &u.nmh); } @@ -806,7 +807,7 @@ index 065d618..ab0b66b 100644 /** * @} -@@ -829,14 +815,13 @@ static int __set_verdict(struct nfq_q_handle *qh, uint32_t id, +@@ -847,14 +833,13 @@ static int __set_verdict(struct nfq_q_handle *qh, uint32_t id, * * \return -1 on error; >= 0 otherwise. */ @@ -822,7 +823,7 @@ index 065d618..ab0b66b 100644 /** * nfq_set_verdict2 - like nfq_set_verdict, but you can set the mark. -@@ -847,14 +832,13 @@ EXPORT_SYMBOL(nfq_set_verdict); +@@ -865,14 +850,13 @@ EXPORT_SYMBOL(nfq_set_verdict); * \param data_len number of bytes of data pointed to by #buf * \param buf the buffer that contains the packet data */ @@ -838,7 +839,7 @@ index 065d618..ab0b66b 100644 /** * nfq_set_verdict_batch - issue verdicts on several packets at once -@@ -868,13 +852,12 @@ EXPORT_SYMBOL(nfq_set_verdict2); +@@ -886,13 +870,12 @@ EXPORT_SYMBOL(nfq_set_verdict2); * batch support was added in Linux 3.1. * These functions will fail silently on older kernels. */ @@ -853,7 +854,7 @@ index 065d618..ab0b66b 100644 /** * nfq_set_verdict_batch2 - like nfq_set_verdict_batch, but you can set a mark. -@@ -883,13 +866,12 @@ EXPORT_SYMBOL(nfq_set_verdict_batch); +@@ -901,13 +884,12 @@ EXPORT_SYMBOL(nfq_set_verdict_batch); * \param verdict verdict to return to netfilter (NF_ACCEPT, NF_DROP) * \param mark mark to put on packet */ @@ -868,7 +869,7 @@ index 065d618..ab0b66b 100644 /** * nfq_set_verdict_mark - like nfq_set_verdict, but you can set the mark. -@@ -905,14 +887,13 @@ EXPORT_SYMBOL(nfq_set_verdict_batch2); +@@ -923,14 +905,13 @@ EXPORT_SYMBOL(nfq_set_verdict_batch2); * This function is deprecated since it is broken, its use is highly * discouraged. Please, use nfq_set_verdict2 instead. */ @@ -884,7 +885,7 @@ index 065d618..ab0b66b 100644 /** * @} -@@ -947,12 +928,11 @@ EXPORT_SYMBOL(nfq_set_verdict_mark); +@@ -965,12 +946,11 @@ EXPORT_SYMBOL(nfq_set_verdict_mark); } __attribute__ ((packed)); \endverbatim */ @@ -898,7 +899,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_nfmark - get the packet mark -@@ -960,11 +940,10 @@ EXPORT_SYMBOL(nfq_get_msg_packet_hdr); +@@ -978,11 +958,10 @@ EXPORT_SYMBOL(nfq_get_msg_packet_hdr); * * \return the netfilter mark currently assigned to the given queued packet. */ @@ -911,7 +912,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_timestamp - get the packet timestamp -@@ -975,7 +954,7 @@ EXPORT_SYMBOL(nfq_get_nfmark); +@@ -993,7 +972,7 @@ EXPORT_SYMBOL(nfq_get_nfmark); * * \return 0 on success, non-zero on failure. */ @@ -920,7 +921,7 @@ index 065d618..ab0b66b 100644 { struct nfqnl_msg_packet_timestamp *qpt; qpt = nfnl_get_pointer_to_data(nfad->data, NFQA_TIMESTAMP, -@@ -988,7 +967,6 @@ int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv) +@@ -1006,7 +985,6 @@ int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv) return 0; } @@ -928,7 +929,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_indev - get the interface that the packet was received through -@@ -1001,11 +979,10 @@ EXPORT_SYMBOL(nfq_get_timestamp); +@@ -1019,11 +997,10 @@ EXPORT_SYMBOL(nfq_get_timestamp); * \warning all nfq_get_dev() functions return 0 if not set, since linux * only allows ifindex >= 1, see net/core/dev.c:2600 (in 2.6.13.1) */ @@ -941,7 +942,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_physindev - get the physical interface that the packet was received -@@ -1015,11 +992,10 @@ EXPORT_SYMBOL(nfq_get_indev); +@@ -1033,11 +1010,10 @@ EXPORT_SYMBOL(nfq_get_indev); * If the returned index is 0, the packet was locally generated or the * physical input interface is no longer known (ie. POSTROUTING?). */ @@ -954,7 +955,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_outdev - gets the interface that the packet will be routed out -@@ -1029,11 +1005,10 @@ EXPORT_SYMBOL(nfq_get_physindev); +@@ -1047,11 +1023,10 @@ EXPORT_SYMBOL(nfq_get_physindev); * returned index is 0, the packet is destined for localhost or the output * interface is not yet known (ie. PREROUTING?). */ @@ -967,7 +968,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_physoutdev - get the physical interface that the packet output -@@ -1045,11 +1020,10 @@ EXPORT_SYMBOL(nfq_get_outdev); +@@ -1063,11 +1038,10 @@ EXPORT_SYMBOL(nfq_get_outdev); * * \return The index of physical interface that the packet output will be routed out. */ @@ -980,7 +981,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_indev_name - get the name of the interface the packet -@@ -1089,13 +1063,12 @@ EXPORT_SYMBOL(nfq_get_physoutdev); +@@ -1107,13 +1081,12 @@ EXPORT_SYMBOL(nfq_get_physoutdev); \endverbatim * */ @@ -995,7 +996,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_physindev_name - get the name of the physical interface the -@@ -1109,13 +1082,12 @@ EXPORT_SYMBOL(nfq_get_indev_name); +@@ -1127,13 +1100,12 @@ EXPORT_SYMBOL(nfq_get_indev_name); * * \return -1 in case of error, > 0 if it succeed. */ @@ -1010,7 +1011,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_outdev_name - get the name of the physical interface the -@@ -1129,13 +1101,12 @@ EXPORT_SYMBOL(nfq_get_physindev_name); +@@ -1147,13 +1119,12 @@ EXPORT_SYMBOL(nfq_get_physindev_name); * * \return -1 in case of error, > 0 if it succeed. */ @@ -1025,7 +1026,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_physoutdev_name - get the name of the interface the -@@ -1150,13 +1121,12 @@ EXPORT_SYMBOL(nfq_get_outdev_name); +@@ -1168,13 +1139,12 @@ EXPORT_SYMBOL(nfq_get_outdev_name); * \return -1 in case of error, > 0 if it succeed. */ @@ -1040,7 +1041,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_packet_hw -@@ -1180,12 +1150,11 @@ EXPORT_SYMBOL(nfq_get_physoutdev_name); +@@ -1198,12 +1168,11 @@ EXPORT_SYMBOL(nfq_get_physoutdev_name); } __attribute__ ((packed)); \endverbatim */ @@ -1054,7 +1055,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_uid - get the UID of the user the packet belongs to -@@ -1193,7 +1162,7 @@ EXPORT_SYMBOL(nfq_get_packet_hw); +@@ -1215,7 +1184,7 @@ EXPORT_SYMBOL(nfq_get_packet_hw); * * \return 1 if there is a UID available, 0 otherwise. */ @@ -1063,7 +1064,7 @@ index 065d618..ab0b66b 100644 { if (!nfnl_attr_present(nfad->data, NFQA_UID)) return 0; -@@ -1201,7 +1170,6 @@ int nfq_get_uid(struct nfq_data *nfad, uint32_t *uid) +@@ -1223,7 +1192,6 @@ int nfq_get_uid(struct nfq_data *nfad, uint32_t *uid) *uid = ntohl(nfnl_get_data(nfad->data, NFQA_UID, uint32_t)); return 1; } @@ -1071,7 +1072,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_gid - get the GID of the user the packet belongs to -@@ -1209,7 +1177,7 @@ EXPORT_SYMBOL(nfq_get_uid); +@@ -1235,7 +1203,7 @@ EXPORT_SYMBOL(nfq_get_uid); * * \return 1 if there is a GID available, 0 otherwise. */ @@ -1080,15 +1081,15 @@ index 065d618..ab0b66b 100644 { if (!nfnl_attr_present(nfad->data, NFQA_GID)) return 0; -@@ -1217,7 +1185,6 @@ int nfq_get_gid(struct nfq_data *nfad, uint32_t *gid) +@@ -1243,7 +1211,6 @@ int nfq_get_gid(struct nfq_data *nfad, uint32_t *gid) *gid = ntohl(nfnl_get_data(nfad->data, NFQA_GID, uint32_t)); return 1; } -EXPORT_SYMBOL(nfq_get_gid); - /** -@@ -1227,7 +1194,7 @@ EXPORT_SYMBOL(nfq_get_gid); + * nfq_get_secctx - get the security context for this packet +@@ -1256,7 +1223,7 @@ EXPORT_SYMBOL(nfq_get_gid); * * \return -1 on error, otherwise > 0 */ @@ -1097,7 +1098,7 @@ index 065d618..ab0b66b 100644 { if (!nfnl_attr_present(nfad->data, NFQA_SECCTX)) return -1; -@@ -1240,7 +1207,6 @@ int nfq_get_secctx(struct nfq_data *nfad, unsigned char **secdata) +@@ -1269,7 +1236,6 @@ int nfq_get_secctx(struct nfq_data *nfad, unsigned char **secdata) return 0; } @@ -1105,7 +1106,7 @@ index 065d618..ab0b66b 100644 /** * nfq_get_payload - get payload -@@ -1253,7 +1219,7 @@ EXPORT_SYMBOL(nfq_get_secctx); +@@ -1282,7 +1248,7 @@ EXPORT_SYMBOL(nfq_get_secctx); * * \return -1 on error, otherwise > 0. */ @@ -1114,7 +1115,7 @@ index 065d618..ab0b66b 100644 { *data = (unsigned char *) nfnl_get_pointer_to_data(nfad->data, NFQA_PAYLOAD, char); -@@ -1262,7 +1228,6 @@ int nfq_get_payload(struct nfq_data *nfad, unsigned char **data) +@@ -1291,7 +1257,6 @@ int nfq_get_payload(struct nfq_data *nfad, unsigned char **data) return -1; } @@ -1122,7 +1123,7 @@ index 065d618..ab0b66b 100644 /** * @} -@@ -1307,7 +1272,7 @@ do { \ +@@ -1336,7 +1301,7 @@ do { \ * would have been printed into the buffer (in case that there is enough * room in it). See snprintf() return value for more information. */ @@ -1131,7 +1132,7 @@ index 065d618..ab0b66b 100644 { struct nfqnl_msg_packet_hdr *ph; struct nfqnl_msg_packet_hw *hwph; -@@ -1460,7 +1425,6 @@ int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) +@@ -1489,7 +1454,6 @@ int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) return len; } @@ -1224,6 +1225,3 @@ index ba28c77..5582407 100644 /** * @} --- -2.12.2 - diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.6.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.7.bb index e4e186bdbb..5c81501567 100644 --- a/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.6.bb +++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-conntrack_1.0.7.bb @@ -6,10 +6,9 @@ LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" DEPENDS = "libnfnetlink libmnl" -SRC_URI = "http://www.netfilter.org/projects/libnetfilter_conntrack/files/libnetfilter_conntrack-${PV}.tar.bz2;name=tar \ -" -SRC_URI[tar.md5sum] = "7139c5f408dd9606ffecfd5dcda8175b" -SRC_URI[tar.sha256sum] = "efcc08021284e75f4d96d3581c5155a11f08fd63316b1938cbcb269c87f37feb" +SRC_URI = "https://www.netfilter.org/projects/libnetfilter_conntrack/files/libnetfilter_conntrack-${PV}.tar.bz2" +SRC_URI[md5sum] = "013d182c2df716fcb5eb2a1fb7febd1f" +SRC_URI[sha256sum] = "33685351e29dff93cc21f5344b6e628e41e32b9f9e567f4bec0478eb41f989b6" S = "${WORKDIR}/libnetfilter_conntrack-${PV}" diff --git a/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.2.bb b/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.3.bb index 754e11d999..896cfdfaa4 100644 --- a/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.2.bb +++ b/meta-networking/recipes-filter/libnetfilter/libnetfilter-queue_1.0.3.bb @@ -6,11 +6,9 @@ LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" DEPENDS = "libnfnetlink libmnl" -PV .= "+git${SRCREV}" -SRCREV = "981025e103d887fb6a9c9bb49c74ec323108d098" +SRCREV = "601abd1c71ccdf90753cf294c120ad43fb25dc54" SRC_URI = "git://git.netfilter.org/libnetfilter_queue \ - file://0001-Correct-typo-in-the-location-of-internal.h-in-includ.patch \ file://0001-libnetfilter-queue-Declare-the-define-visivility-attribute-together.patch \ " diff --git a/meta-networking/recipes-filter/libnftnl/libnftnl/0001-Declare-the-define-visivility-attribute-together.patch b/meta-networking/recipes-filter/libnftnl/libnftnl/0001-Declare-the-define-visivility-attribute-together.patch deleted file mode 100644 index e82b23813f..0000000000 --- a/meta-networking/recipes-filter/libnftnl/libnftnl/0001-Declare-the-define-visivility-attribute-together.patch +++ /dev/null @@ -1,2949 +0,0 @@ -From bd01f785da5222d0662be3182fe2650e1c12f43e Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 10 Apr 2017 14:07:07 -0700 -Subject: [PATCH] Declare the define visivility attribute together - -clang ignores the visibility attribute if its not -defined before the definition. As a result these -symbols become hidden and consumers of this library -fail to link due to these missing symbols - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - doxygen.cfg.in | 2 +- - include/utils.h | 5 +-- - src/batch.c | 21 ++++------- - src/chain.c | 102 +++++++++++++++++--------------------------------- - src/common.c | 21 ++++------- - src/expr.c | 51 +++++++++---------------- - src/gen.c | 39 +++++++------------ - src/object.c | 99 ++++++++++++++++-------------------------------- - src/rule.c | 114 +++++++++++++++++++------------------------------------- - src/ruleset.c | 48 ++++++++---------------- - src/set.c | 96 ++++++++++++++++------------------------------- - src/set_elem.c | 72 ++++++++++++----------------------- - src/table.c | 90 +++++++++++++++----------------------------- - src/trace.c | 27 +++++--------- - src/udata.c | 48 ++++++++---------------- - 15 files changed, 279 insertions(+), 556 deletions(-) - -diff --git a/doxygen.cfg.in b/doxygen.cfg.in -index 23fcad4..e49f28d 100644 ---- a/doxygen.cfg.in -+++ b/doxygen.cfg.in -@@ -72,7 +72,7 @@ RECURSIVE = YES - EXCLUDE = - EXCLUDE_SYMLINKS = NO - EXCLUDE_PATTERNS = */.git/* .*.d --EXCLUDE_SYMBOLS = EXPORT_SYMBOL -+EXCLUDE_SYMBOLS = - EXAMPLE_PATH = - EXAMPLE_PATTERNS = - EXAMPLE_RECURSIVE = NO -diff --git a/include/utils.h b/include/utils.h -index 2f5cf34..ff8207e 100644 ---- a/include/utils.h -+++ b/include/utils.h -@@ -9,10 +9,9 @@ - - #include "config.h" - #ifdef HAVE_VISIBILITY_HIDDEN --# define __visible __attribute__((visibility("default"))) --# define EXPORT_SYMBOL(x) typeof(x) (x) __visible; -+# define __EXPORTED __attribute__((visibility("default"))) - #else --# define EXPORT_SYMBOL -+# define __EXPORT - #endif - - #define __noreturn __attribute__((__noreturn__)) -diff --git a/src/batch.c b/src/batch.c -index 5ee3fd7..3bedd26 100644 ---- a/src/batch.c -+++ b/src/batch.c -@@ -57,7 +57,7 @@ static void nftnl_batch_add_page(struct nftnl_batch_page *page, - list_add_tail(&page->head, &batch->page_list); - } - --struct nftnl_batch *nftnl_batch_alloc(uint32_t pg_size, uint32_t pg_overrun_size) -+struct nftnl_batch __EXPORTED *nftnl_batch_alloc(uint32_t pg_size, uint32_t pg_overrun_size) - { - struct nftnl_batch *batch; - struct nftnl_batch_page *page; -@@ -80,9 +80,8 @@ err1: - free(batch); - return NULL; - } --EXPORT_SYMBOL(nftnl_batch_alloc); - --void nftnl_batch_free(struct nftnl_batch *batch) -+void __EXPORTED nftnl_batch_free(struct nftnl_batch *batch) - { - struct nftnl_batch_page *page, *next; - -@@ -94,9 +93,8 @@ void nftnl_batch_free(struct nftnl_batch *batch) - - free(batch); - } --EXPORT_SYMBOL(nftnl_batch_free); - --int nftnl_batch_update(struct nftnl_batch *batch) -+int __EXPORTED nftnl_batch_update(struct nftnl_batch *batch) - { - struct nftnl_batch_page *page; - struct nlmsghdr *last_nlh; -@@ -119,21 +117,18 @@ int nftnl_batch_update(struct nftnl_batch *batch) - err1: - return -1; - } --EXPORT_SYMBOL(nftnl_batch_update); - --void *nftnl_batch_buffer(struct nftnl_batch *batch) -+void __EXPORTED *nftnl_batch_buffer(struct nftnl_batch *batch) - { - return mnl_nlmsg_batch_current(batch->current_page->batch); - } --EXPORT_SYMBOL(nftnl_batch_buffer); - --uint32_t nftnl_batch_buffer_len(struct nftnl_batch *batch) -+uint32_t __EXPORTED nftnl_batch_buffer_len(struct nftnl_batch *batch) - { - return mnl_nlmsg_batch_size(batch->current_page->batch); - } --EXPORT_SYMBOL(nftnl_batch_buffer_len); - --int nftnl_batch_iovec_len(struct nftnl_batch *batch) -+int __EXPORTED nftnl_batch_iovec_len(struct nftnl_batch *batch) - { - int num_pages = batch->num_pages; - -@@ -143,9 +138,8 @@ int nftnl_batch_iovec_len(struct nftnl_batch *batch) - - return num_pages; - } --EXPORT_SYMBOL(nftnl_batch_iovec_len); - --void nftnl_batch_iovec(struct nftnl_batch *batch, struct iovec *iov, -+void __EXPORTED nftnl_batch_iovec(struct nftnl_batch *batch, struct iovec *iov, - uint32_t iovlen) - { - struct nftnl_batch_page *page; -@@ -160,4 +154,3 @@ void nftnl_batch_iovec(struct nftnl_batch *batch, struct iovec *iov, - i++; - } - } --EXPORT_SYMBOL(nftnl_batch_iovec); -diff --git a/src/chain.c b/src/chain.c -index 29860c5..362fa0d 100644 ---- a/src/chain.c -+++ b/src/chain.c -@@ -87,13 +87,12 @@ static const char *nftnl_hooknum2str(int family, int hooknum) - return "unknown"; - } - --struct nftnl_chain *nftnl_chain_alloc(void) -+struct nftnl_chain __EXPORTED *nftnl_chain_alloc(void) - { - return calloc(1, sizeof(struct nftnl_chain)); - } --EXPORT_SYMBOL(nftnl_chain_alloc); - --void nftnl_chain_free(const struct nftnl_chain *c) -+void __EXPORTED nftnl_chain_free(const struct nftnl_chain *c) - { - if (c->flags & (1 << NFTNL_CHAIN_NAME)) - xfree(c->name); -@@ -105,15 +104,13 @@ void nftnl_chain_free(const struct nftnl_chain *c) - xfree(c->dev); - xfree(c); - } --EXPORT_SYMBOL(nftnl_chain_free); - --bool nftnl_chain_is_set(const struct nftnl_chain *c, uint16_t attr) -+bool __EXPORTED nftnl_chain_is_set(const struct nftnl_chain *c, uint16_t attr) - { - return c->flags & (1 << attr); - } --EXPORT_SYMBOL(nftnl_chain_is_set); - --void nftnl_chain_unset(struct nftnl_chain *c, uint16_t attr) -+void __EXPORTED nftnl_chain_unset(struct nftnl_chain *c, uint16_t attr) - { - if (!(c->flags & (1 << attr))) - return; -@@ -147,7 +144,6 @@ void nftnl_chain_unset(struct nftnl_chain *c, uint16_t attr) - - c->flags &= ~(1 << attr); - } --EXPORT_SYMBOL(nftnl_chain_unset); - - static uint32_t nftnl_chain_validate[NFTNL_CHAIN_MAX + 1] = { - [NFTNL_CHAIN_HOOKNUM] = sizeof(uint32_t), -@@ -159,7 +155,7 @@ static uint32_t nftnl_chain_validate[NFTNL_CHAIN_MAX + 1] = { - [NFTNL_CHAIN_FAMILY] = sizeof(uint32_t), - }; - --int nftnl_chain_set_data(struct nftnl_chain *c, uint16_t attr, -+int __EXPORTED nftnl_chain_set_data(struct nftnl_chain *c, uint16_t attr, - const void *data, uint32_t data_len) - { - nftnl_assert_attr_exists(attr, NFTNL_CHAIN_MAX); -@@ -226,45 +222,38 @@ int nftnl_chain_set_data(struct nftnl_chain *c, uint16_t attr, - c->flags |= (1 << attr); - return 0; - } --EXPORT_SYMBOL(nftnl_chain_set_data); - --void nftnl_chain_set(struct nftnl_chain *c, uint16_t attr, const void *data) -+void __EXPORTED nftnl_chain_set(struct nftnl_chain *c, uint16_t attr, const void *data) - { - nftnl_chain_set_data(c, attr, data, nftnl_chain_validate[attr]); - } --EXPORT_SYMBOL(nftnl_chain_set); - --void nftnl_chain_set_u32(struct nftnl_chain *c, uint16_t attr, uint32_t data) -+void __EXPORTED nftnl_chain_set_u32(struct nftnl_chain *c, uint16_t attr, uint32_t data) - { - nftnl_chain_set_data(c, attr, &data, sizeof(uint32_t)); - } --EXPORT_SYMBOL(nftnl_chain_set_u32); - --void nftnl_chain_set_s32(struct nftnl_chain *c, uint16_t attr, int32_t data) -+void __EXPORTED nftnl_chain_set_s32(struct nftnl_chain *c, uint16_t attr, int32_t data) - { - nftnl_chain_set_data(c, attr, &data, sizeof(int32_t)); - } --EXPORT_SYMBOL(nftnl_chain_set_s32); - --void nftnl_chain_set_u64(struct nftnl_chain *c, uint16_t attr, uint64_t data) -+void __EXPORTED nftnl_chain_set_u64(struct nftnl_chain *c, uint16_t attr, uint64_t data) - { - nftnl_chain_set_data(c, attr, &data, sizeof(uint64_t)); - } --EXPORT_SYMBOL(nftnl_chain_set_u64); - --void nftnl_chain_set_u8(struct nftnl_chain *c, uint16_t attr, uint8_t data) -+void __EXPORTED nftnl_chain_set_u8(struct nftnl_chain *c, uint16_t attr, uint8_t data) - { - nftnl_chain_set_data(c, attr, &data, sizeof(uint8_t)); - } --EXPORT_SYMBOL(nftnl_chain_set_u8); - --int nftnl_chain_set_str(struct nftnl_chain *c, uint16_t attr, const char *str) -+int __EXPORTED nftnl_chain_set_str(struct nftnl_chain *c, uint16_t attr, const char *str) - { - return nftnl_chain_set_data(c, attr, str, strlen(str) + 1); - } --EXPORT_SYMBOL(nftnl_chain_set_str); - --const void *nftnl_chain_get_data(const struct nftnl_chain *c, uint16_t attr, -+const void __EXPORTED *nftnl_chain_get_data(const struct nftnl_chain *c, uint16_t attr, - uint32_t *data_len) - { - if (!(c->flags & (1 << attr))) -@@ -310,22 +299,19 @@ const void *nftnl_chain_get_data(const struct nftnl_chain *c, uint16_t attr, - } - return NULL; - } --EXPORT_SYMBOL(nftnl_chain_get_data); - --const void *nftnl_chain_get(const struct nftnl_chain *c, uint16_t attr) -+const void __EXPORTED *nftnl_chain_get(const struct nftnl_chain *c, uint16_t attr) - { - uint32_t data_len; - return nftnl_chain_get_data(c, attr, &data_len); - } --EXPORT_SYMBOL(nftnl_chain_get); - --const char *nftnl_chain_get_str(const struct nftnl_chain *c, uint16_t attr) -+const char __EXPORTED *nftnl_chain_get_str(const struct nftnl_chain *c, uint16_t attr) - { - return nftnl_chain_get(c, attr); - } --EXPORT_SYMBOL(nftnl_chain_get_str); - --uint32_t nftnl_chain_get_u32(const struct nftnl_chain *c, uint16_t attr) -+uint32_t __EXPORTED nftnl_chain_get_u32(const struct nftnl_chain *c, uint16_t attr) - { - uint32_t data_len; - const uint32_t *val = nftnl_chain_get_data(c, attr, &data_len); -@@ -334,9 +320,8 @@ uint32_t nftnl_chain_get_u32(const struct nftnl_chain *c, uint16_t attr) - - return val ? *val : 0; - } --EXPORT_SYMBOL(nftnl_chain_get_u32); - --int32_t nftnl_chain_get_s32(const struct nftnl_chain *c, uint16_t attr) -+int32_t __EXPORTED nftnl_chain_get_s32(const struct nftnl_chain *c, uint16_t attr) - { - uint32_t data_len; - const int32_t *val = nftnl_chain_get_data(c, attr, &data_len); -@@ -345,9 +330,8 @@ int32_t nftnl_chain_get_s32(const struct nftnl_chain *c, uint16_t attr) - - return val ? *val : 0; - } --EXPORT_SYMBOL(nftnl_chain_get_s32); - --uint64_t nftnl_chain_get_u64(const struct nftnl_chain *c, uint16_t attr) -+uint64_t __EXPORTED nftnl_chain_get_u64(const struct nftnl_chain *c, uint16_t attr) - { - uint32_t data_len; - const uint64_t *val = nftnl_chain_get_data(c, attr, &data_len); -@@ -356,9 +340,8 @@ uint64_t nftnl_chain_get_u64(const struct nftnl_chain *c, uint16_t attr) - - return val ? *val : 0; - } --EXPORT_SYMBOL(nftnl_chain_get_u64); - --uint8_t nftnl_chain_get_u8(const struct nftnl_chain *c, uint16_t attr) -+uint8_t __EXPORTED nftnl_chain_get_u8(const struct nftnl_chain *c, uint16_t attr) - { - uint32_t data_len; - const uint8_t *val = nftnl_chain_get_data(c, attr, &data_len); -@@ -367,9 +350,8 @@ uint8_t nftnl_chain_get_u8(const struct nftnl_chain *c, uint16_t attr) - - return val ? *val : 0; - } --EXPORT_SYMBOL(nftnl_chain_get_u8); - --void nftnl_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nftnl_chain *c) -+void __EXPORTED nftnl_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nftnl_chain *c) - { - if (c->flags & (1 << NFTNL_CHAIN_TABLE)) - mnl_attr_put_strz(nlh, NFTA_CHAIN_TABLE, c->table); -@@ -404,7 +386,6 @@ void nftnl_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nftnl_ch - if (c->flags & (1 << NFTNL_CHAIN_TYPE)) - mnl_attr_put_strz(nlh, NFTA_CHAIN_TYPE, c->type); - } --EXPORT_SYMBOL(nftnl_chain_nlmsg_build_payload); - - static int nftnl_chain_parse_attr_cb(const struct nlattr *attr, void *data) - { -@@ -529,7 +510,7 @@ static int nftnl_chain_parse_hook(struct nlattr *attr, struct nftnl_chain *c) - return 0; - } - --int nftnl_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_chain *c) -+int __EXPORTED nftnl_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_chain *c) - { - struct nlattr *tb[NFTA_CHAIN_MAX+1] = {}; - struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh); -@@ -590,7 +571,6 @@ int nftnl_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_chain *c) - - return ret; - } --EXPORT_SYMBOL(nftnl_chain_nlmsg_parse); - - static inline int nftnl_str2hooknum(int family, const char *hook) - { -@@ -732,19 +712,17 @@ static int nftnl_chain_do_parse(struct nftnl_chain *c, enum nftnl_parse_type typ - return ret; - } - --int nftnl_chain_parse(struct nftnl_chain *c, enum nftnl_parse_type type, -+int __EXPORTED nftnl_chain_parse(struct nftnl_chain *c, enum nftnl_parse_type type, - const char *data, struct nftnl_parse_err *err) - { - return nftnl_chain_do_parse(c, type, data, err, NFTNL_PARSE_BUFFER); - } --EXPORT_SYMBOL(nftnl_chain_parse); - --int nftnl_chain_parse_file(struct nftnl_chain *c, enum nftnl_parse_type type, -+int __EXPORTED nftnl_chain_parse_file(struct nftnl_chain *c, enum nftnl_parse_type type, - FILE *fp, struct nftnl_parse_err *err) - { - return nftnl_chain_do_parse(c, type, fp, err, NFTNL_PARSE_FILE); - } --EXPORT_SYMBOL(nftnl_chain_parse_file); - - static int nftnl_chain_export(char *buf, size_t size, - const struct nftnl_chain *c, int type) -@@ -841,13 +819,12 @@ static int nftnl_chain_cmd_snprintf(char *buf, size_t size, - return offset; - } - --int nftnl_chain_snprintf(char *buf, size_t size, const struct nftnl_chain *c, -+int __EXPORTED nftnl_chain_snprintf(char *buf, size_t size, const struct nftnl_chain *c, - uint32_t type, uint32_t flags) - { - return nftnl_chain_cmd_snprintf(buf, size, c, nftnl_flag2cmd(flags), type, - flags); - } --EXPORT_SYMBOL(nftnl_chain_snprintf); - - static int nftnl_chain_do_snprintf(char *buf, size_t size, const void *c, - uint32_t cmd, uint32_t type, uint32_t flags) -@@ -855,19 +832,18 @@ static int nftnl_chain_do_snprintf(char *buf, size_t size, const void *c, - return nftnl_chain_snprintf(buf, size, c, type, flags); - } - --int nftnl_chain_fprintf(FILE *fp, const struct nftnl_chain *c, uint32_t type, -+int __EXPORTED nftnl_chain_fprintf(FILE *fp, const struct nftnl_chain *c, uint32_t type, - uint32_t flags) - { - return nftnl_fprintf(fp, c, NFTNL_CMD_UNSPEC, type, flags, - nftnl_chain_do_snprintf); - } --EXPORT_SYMBOL(nftnl_chain_fprintf); - - struct nftnl_chain_list { - struct list_head list; - }; - --struct nftnl_chain_list *nftnl_chain_list_alloc(void) -+struct nftnl_chain_list __EXPORTED *nftnl_chain_list_alloc(void) - { - struct nftnl_chain_list *list; - -@@ -879,9 +855,8 @@ struct nftnl_chain_list *nftnl_chain_list_alloc(void) - - return list; - } --EXPORT_SYMBOL(nftnl_chain_list_alloc); - --void nftnl_chain_list_free(struct nftnl_chain_list *list) -+void __EXPORTED nftnl_chain_list_free(struct nftnl_chain_list *list) - { - struct nftnl_chain *r, *tmp; - -@@ -891,33 +866,28 @@ void nftnl_chain_list_free(struct nftnl_chain_list *list) - } - xfree(list); - } --EXPORT_SYMBOL(nftnl_chain_list_free); - --int nftnl_chain_list_is_empty(const struct nftnl_chain_list *list) -+int __EXPORTED nftnl_chain_list_is_empty(const struct nftnl_chain_list *list) - { - return list_empty(&list->list); - } --EXPORT_SYMBOL(nftnl_chain_list_is_empty); - --void nftnl_chain_list_add(struct nftnl_chain *r, struct nftnl_chain_list *list) -+void __EXPORTED nftnl_chain_list_add(struct nftnl_chain *r, struct nftnl_chain_list *list) - { - list_add(&r->head, &list->list); - } --EXPORT_SYMBOL(nftnl_chain_list_add); - --void nftnl_chain_list_add_tail(struct nftnl_chain *r, struct nftnl_chain_list *list) -+void __EXPORTED nftnl_chain_list_add_tail(struct nftnl_chain *r, struct nftnl_chain_list *list) - { - list_add_tail(&r->head, &list->list); - } --EXPORT_SYMBOL(nftnl_chain_list_add_tail); - --void nftnl_chain_list_del(struct nftnl_chain *r) -+void __EXPORTED nftnl_chain_list_del(struct nftnl_chain *r) - { - list_del(&r->head); - } --EXPORT_SYMBOL(nftnl_chain_list_del); - --int nftnl_chain_list_foreach(struct nftnl_chain_list *chain_list, -+int __EXPORTED nftnl_chain_list_foreach(struct nftnl_chain_list *chain_list, - int (*cb)(struct nftnl_chain *r, void *data), - void *data) - { -@@ -931,14 +901,13 @@ int nftnl_chain_list_foreach(struct nftnl_chain_list *chain_list, - } - return 0; - } --EXPORT_SYMBOL(nftnl_chain_list_foreach); - - struct nftnl_chain_list_iter { - const struct nftnl_chain_list *list; - struct nftnl_chain *cur; - }; - --struct nftnl_chain_list_iter * -+struct nftnl_chain_list_iter __EXPORTED * - nftnl_chain_list_iter_create(const struct nftnl_chain_list *l) - { - struct nftnl_chain_list_iter *iter; -@@ -955,9 +924,8 @@ nftnl_chain_list_iter_create(const struct nftnl_chain_list *l) - - return iter; - } --EXPORT_SYMBOL(nftnl_chain_list_iter_create); - --struct nftnl_chain *nftnl_chain_list_iter_next(struct nftnl_chain_list_iter *iter) -+struct nftnl_chain __EXPORTED *nftnl_chain_list_iter_next(struct nftnl_chain_list_iter *iter) - { - struct nftnl_chain *r = iter->cur; - -@@ -971,10 +939,8 @@ struct nftnl_chain *nftnl_chain_list_iter_next(struct nftnl_chain_list_iter *ite - - return r; - } --EXPORT_SYMBOL(nftnl_chain_list_iter_next); - --void nftnl_chain_list_iter_destroy(struct nftnl_chain_list_iter *iter) -+void __EXPORTED nftnl_chain_list_iter_destroy(struct nftnl_chain_list_iter *iter) - { - xfree(iter); - } --EXPORT_SYMBOL(nftnl_chain_list_iter_destroy); -diff --git a/src/common.c b/src/common.c -index a95883c..68bce2e 100644 ---- a/src/common.c -+++ b/src/common.c -@@ -43,15 +43,14 @@ static struct nlmsghdr *__nftnl_nlmsg_build_hdr(char *buf, uint16_t type, - return nlh; - } - --struct nlmsghdr *nftnl_nlmsg_build_hdr(char *buf, uint16_t type, uint16_t family, -+struct nlmsghdr __EXPORTED *nftnl_nlmsg_build_hdr(char *buf, uint16_t type, uint16_t family, - uint16_t flags, uint32_t seq) - { - return __nftnl_nlmsg_build_hdr(buf, (NFNL_SUBSYS_NFTABLES << 8) | type, - family, flags, seq, 0); - } --EXPORT_SYMBOL(nftnl_nlmsg_build_hdr); - --struct nftnl_parse_err *nftnl_parse_err_alloc(void) -+struct nftnl_parse_err __EXPORTED *nftnl_parse_err_alloc(void) - { - struct nftnl_parse_err *err; - -@@ -63,15 +62,13 @@ struct nftnl_parse_err *nftnl_parse_err_alloc(void) - - return err; - } --EXPORT_SYMBOL(nftnl_parse_err_alloc); - --void nftnl_parse_err_free(struct nftnl_parse_err *err) -+void __EXPORTED nftnl_parse_err_free(struct nftnl_parse_err *err) - { - xfree(err); - } --EXPORT_SYMBOL(nftnl_parse_err_free); - --int nftnl_parse_perror(const char *msg, struct nftnl_parse_err *err) -+int __EXPORTED nftnl_parse_perror(const char *msg, struct nftnl_parse_err *err) - { - switch (err->error) { - case NFTNL_PARSE_EBADINPUT: -@@ -89,7 +86,6 @@ int nftnl_parse_perror(const char *msg, struct nftnl_parse_err *err) - return fprintf(stderr, "%s: Undefined error\n", msg); - } - } --EXPORT_SYMBOL(nftnl_parse_perror); - - int nftnl_cmd_header_snprintf(char *buf, size_t size, uint32_t cmd, uint32_t type, - uint32_t flags) -@@ -165,21 +161,19 @@ int nftnl_cmd_footer_fprintf(FILE *fp, uint32_t cmd, uint32_t type, - nftnl_cmd_footer_fprintf_cb); - } - --struct nlmsghdr *nftnl_batch_begin(char *buf, uint32_t seq) -+struct nlmsghdr __EXPORTED *nftnl_batch_begin(char *buf, uint32_t seq) - { - return __nftnl_nlmsg_build_hdr(buf, NFNL_MSG_BATCH_BEGIN, AF_UNSPEC, - 0, seq, NFNL_SUBSYS_NFTABLES); - } --EXPORT_SYMBOL(nftnl_batch_begin); - --struct nlmsghdr *nftnl_batch_end(char *buf, uint32_t seq) -+struct nlmsghdr __EXPORTED *nftnl_batch_end(char *buf, uint32_t seq) - { - return __nftnl_nlmsg_build_hdr(buf, NFNL_MSG_BATCH_END, AF_UNSPEC, - 0, seq, NFNL_SUBSYS_NFTABLES); - } --EXPORT_SYMBOL(nftnl_batch_end); - --int nftnl_batch_is_supported(void) -+int __EXPORTED nftnl_batch_is_supported(void) - { - struct mnl_socket *nl; - struct mnl_nlmsg_batch *b; -@@ -236,4 +230,3 @@ err: - mnl_nlmsg_batch_stop(b); - return -1; - } --EXPORT_SYMBOL(nftnl_batch_is_supported); -diff --git a/src/expr.c b/src/expr.c -index 10ba2c4..c7eb2b4 100644 ---- a/src/expr.c -+++ b/src/expr.c -@@ -24,7 +24,7 @@ - - #include <libnftnl/expr.h> - --struct nftnl_expr *nftnl_expr_alloc(const char *name) -+struct nftnl_expr __EXPORTED *nftnl_expr_alloc(const char *name) - { - struct nftnl_expr *expr; - struct expr_ops *ops; -@@ -43,24 +43,21 @@ struct nftnl_expr *nftnl_expr_alloc(const char *name) - - return expr; - } --EXPORT_SYMBOL(nftnl_expr_alloc); - --void nftnl_expr_free(const struct nftnl_expr *expr) -+void __EXPORTED nftnl_expr_free(const struct nftnl_expr *expr) - { - if (expr->ops->free) - expr->ops->free(expr); - - xfree(expr); - } --EXPORT_SYMBOL(nftnl_expr_free); - --bool nftnl_expr_is_set(const struct nftnl_expr *expr, uint16_t type) -+bool __EXPORTED nftnl_expr_is_set(const struct nftnl_expr *expr, uint16_t type) - { - return expr->flags & (1 << type); - } --EXPORT_SYMBOL(nftnl_expr_is_set); - --int nftnl_expr_set(struct nftnl_expr *expr, uint16_t type, -+int __EXPORTED nftnl_expr_set(struct nftnl_expr *expr, uint16_t type, - const void *data, uint32_t data_len) - { - switch(type) { -@@ -73,43 +70,37 @@ int nftnl_expr_set(struct nftnl_expr *expr, uint16_t type, - expr->flags |= (1 << type); - return 0; - } --EXPORT_SYMBOL(nftnl_expr_set); - --void -+void __EXPORTED - nftnl_expr_set_u8(struct nftnl_expr *expr, uint16_t type, uint8_t data) - { - nftnl_expr_set(expr, type, &data, sizeof(uint8_t)); - } --EXPORT_SYMBOL(nftnl_expr_set_u8); - --void -+void __EXPORTED - nftnl_expr_set_u16(struct nftnl_expr *expr, uint16_t type, uint16_t data) - { - nftnl_expr_set(expr, type, &data, sizeof(uint16_t)); - } --EXPORT_SYMBOL(nftnl_expr_set_u16); - --void -+void __EXPORTED - nftnl_expr_set_u32(struct nftnl_expr *expr, uint16_t type, uint32_t data) - { - nftnl_expr_set(expr, type, &data, sizeof(uint32_t)); - } --EXPORT_SYMBOL(nftnl_expr_set_u32); - --void -+void __EXPORTED - nftnl_expr_set_u64(struct nftnl_expr *expr, uint16_t type, uint64_t data) - { - nftnl_expr_set(expr, type, &data, sizeof(uint64_t)); - } --EXPORT_SYMBOL(nftnl_expr_set_u64); - --int nftnl_expr_set_str(struct nftnl_expr *expr, uint16_t type, const char *str) -+int __EXPORTED nftnl_expr_set_str(struct nftnl_expr *expr, uint16_t type, const char *str) - { - return nftnl_expr_set(expr, type, str, strlen(str) + 1); - } --EXPORT_SYMBOL(nftnl_expr_set_str); - --const void *nftnl_expr_get(const struct nftnl_expr *expr, -+const void __EXPORTED *nftnl_expr_get(const struct nftnl_expr *expr, - uint16_t type, uint32_t *data_len) - { - const void *ret; -@@ -129,9 +120,8 @@ const void *nftnl_expr_get(const struct nftnl_expr *expr, - - return ret; - } --EXPORT_SYMBOL(nftnl_expr_get); - --uint8_t nftnl_expr_get_u8(const struct nftnl_expr *expr, uint16_t type) -+uint8_t __EXPORTED nftnl_expr_get_u8(const struct nftnl_expr *expr, uint16_t type) - { - const void *data; - uint32_t data_len; -@@ -145,9 +135,8 @@ uint8_t nftnl_expr_get_u8(const struct nftnl_expr *expr, uint16_t type) - - return *((uint8_t *)data); - } --EXPORT_SYMBOL(nftnl_expr_get_u8); - --uint16_t nftnl_expr_get_u16(const struct nftnl_expr *expr, uint16_t type) -+uint16_t __EXPORTED nftnl_expr_get_u16(const struct nftnl_expr *expr, uint16_t type) - { - const void *data; - uint32_t data_len; -@@ -161,9 +150,8 @@ uint16_t nftnl_expr_get_u16(const struct nftnl_expr *expr, uint16_t type) - - return *((uint16_t *)data); - } --EXPORT_SYMBOL(nftnl_expr_get_u16); - --uint32_t nftnl_expr_get_u32(const struct nftnl_expr *expr, uint16_t type) -+uint32_t __EXPORTED nftnl_expr_get_u32(const struct nftnl_expr *expr, uint16_t type) - { - const void *data; - uint32_t data_len; -@@ -177,9 +165,8 @@ uint32_t nftnl_expr_get_u32(const struct nftnl_expr *expr, uint16_t type) - - return *((uint32_t *)data); - } --EXPORT_SYMBOL(nftnl_expr_get_u32); - --uint64_t nftnl_expr_get_u64(const struct nftnl_expr *expr, uint16_t type) -+uint64_t __EXPORTED nftnl_expr_get_u64(const struct nftnl_expr *expr, uint16_t type) - { - const void *data; - uint32_t data_len; -@@ -193,17 +180,15 @@ uint64_t nftnl_expr_get_u64(const struct nftnl_expr *expr, uint16_t type) - - return *((uint64_t *)data); - } --EXPORT_SYMBOL(nftnl_expr_get_u64); - --const char *nftnl_expr_get_str(const struct nftnl_expr *expr, uint16_t type) -+const char __EXPORTED *nftnl_expr_get_str(const struct nftnl_expr *expr, uint16_t type) - { - uint32_t data_len; - - return (const char *)nftnl_expr_get(expr, type, &data_len); - } --EXPORT_SYMBOL(nftnl_expr_get_str); - --bool nftnl_expr_cmp(const struct nftnl_expr *e1, const struct nftnl_expr *e2) -+bool __EXPORTED nftnl_expr_cmp(const struct nftnl_expr *e1, const struct nftnl_expr *e2) - { - if (e1->flags != e2->flags || - strcmp(e1->ops->name, e2->ops->name) != 0) -@@ -211,7 +196,6 @@ bool nftnl_expr_cmp(const struct nftnl_expr *e1, const struct nftnl_expr *e2) - - return e1->ops->cmp(e1, e2); - } --EXPORT_SYMBOL(nftnl_expr_cmp); - - void nftnl_expr_build_payload(struct nlmsghdr *nlh, struct nftnl_expr *expr) - { -@@ -275,7 +259,7 @@ err1: - return NULL; - } - --int nftnl_expr_snprintf(char *buf, size_t size, const struct nftnl_expr *expr, -+int __EXPORTED nftnl_expr_snprintf(char *buf, size_t size, const struct nftnl_expr *expr, - uint32_t type, uint32_t flags) - { - int ret; -@@ -289,4 +273,3 @@ int nftnl_expr_snprintf(char *buf, size_t size, const struct nftnl_expr *expr, - - return offset; - } --EXPORT_SYMBOL(nftnl_expr_snprintf); -diff --git a/src/gen.c b/src/gen.c -index 213562e..8b45caa 100644 ---- a/src/gen.c -+++ b/src/gen.c -@@ -29,25 +29,22 @@ struct nftnl_gen { - uint32_t flags; - }; - --struct nftnl_gen *nftnl_gen_alloc(void) -+struct nftnl_gen __EXPORTED *nftnl_gen_alloc(void) - { - return calloc(1, sizeof(struct nftnl_gen)); - } --EXPORT_SYMBOL(nftnl_gen_alloc); - --void nftnl_gen_free(const struct nftnl_gen *gen) -+void __EXPORTED nftnl_gen_free(const struct nftnl_gen *gen) - { - xfree(gen); - } --EXPORT_SYMBOL(nftnl_gen_free); - --bool nftnl_gen_is_set(const struct nftnl_gen *gen, uint16_t attr) -+bool __EXPORTED nftnl_gen_is_set(const struct nftnl_gen *gen, uint16_t attr) - { - return gen->flags & (1 << attr); - } --EXPORT_SYMBOL(nftnl_gen_is_set); - --void nftnl_gen_unset(struct nftnl_gen *gen, uint16_t attr) -+void __EXPORTED nftnl_gen_unset(struct nftnl_gen *gen, uint16_t attr) - { - if (!(gen->flags & (1 << attr))) - return; -@@ -58,13 +55,12 @@ void nftnl_gen_unset(struct nftnl_gen *gen, uint16_t attr) - } - gen->flags &= ~(1 << attr); - } --EXPORT_SYMBOL(nftnl_gen_unset); - - static uint32_t nftnl_gen_validate[NFTNL_GEN_MAX + 1] = { - [NFTNL_GEN_ID] = sizeof(uint32_t), - }; - --int nftnl_gen_set_data(struct nftnl_gen *gen, uint16_t attr, -+int __EXPORTED nftnl_gen_set_data(struct nftnl_gen *gen, uint16_t attr, - const void *data, uint32_t data_len) - { - nftnl_assert_attr_exists(attr, NFTNL_GEN_MAX); -@@ -78,21 +74,18 @@ int nftnl_gen_set_data(struct nftnl_gen *gen, uint16_t attr, - gen->flags |= (1 << attr); - return 0; - } --EXPORT_SYMBOL(nftnl_gen_set_data); - --int nftnl_gen_set(struct nftnl_gen *gen, uint16_t attr, const void *data) -+int __EXPORTED nftnl_gen_set(struct nftnl_gen *gen, uint16_t attr, const void *data) - { - return nftnl_gen_set_data(gen, attr, data, nftnl_gen_validate[attr]); - } --EXPORT_SYMBOL(nftnl_gen_set); - --void nftnl_gen_set_u32(struct nftnl_gen *gen, uint16_t attr, uint32_t val) -+void __EXPORTED nftnl_gen_set_u32(struct nftnl_gen *gen, uint16_t attr, uint32_t val) - { - nftnl_gen_set_data(gen, attr, &val, sizeof(uint32_t)); - } --EXPORT_SYMBOL(nftnl_gen_set_u32); - --const void *nftnl_gen_get_data(const struct nftnl_gen *gen, uint16_t attr, -+const void __EXPORTED *nftnl_gen_get_data(const struct nftnl_gen *gen, uint16_t attr, - uint32_t *data_len) - { - if (!(gen->flags & (1 << attr))) -@@ -105,21 +98,18 @@ const void *nftnl_gen_get_data(const struct nftnl_gen *gen, uint16_t attr, - } - return NULL; - } --EXPORT_SYMBOL(nftnl_gen_get_data); - --const void *nftnl_gen_get(const struct nftnl_gen *gen, uint16_t attr) -+const void __EXPORTED *nftnl_gen_get(const struct nftnl_gen *gen, uint16_t attr) - { - uint32_t data_len; - return nftnl_gen_get_data(gen, attr, &data_len); - } --EXPORT_SYMBOL(nftnl_gen_get); - --uint32_t nftnl_gen_get_u32(const struct nftnl_gen *gen, uint16_t attr) -+uint32_t __EXPORTED nftnl_gen_get_u32(const struct nftnl_gen *gen, uint16_t attr) - { - const void *ret = nftnl_gen_get(gen, attr); - return ret == NULL ? 0 : *((uint32_t *)ret); - } --EXPORT_SYMBOL(nftnl_gen_get_u32); - - static int nftnl_gen_parse_attr_cb(const struct nlattr *attr, void *data) - { -@@ -140,7 +130,7 @@ static int nftnl_gen_parse_attr_cb(const struct nlattr *attr, void *data) - return MNL_CB_OK; - } - --int nftnl_gen_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_gen *gen) -+int __EXPORTED nftnl_gen_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_gen *gen) - { - struct nlattr *tb[NFTA_GEN_MAX + 1] = {}; - struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh); -@@ -154,7 +144,6 @@ int nftnl_gen_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_gen *gen) - } - return 0; - } --EXPORT_SYMBOL(nftnl_gen_nlmsg_parse); - - static int nftnl_gen_snprintf_default(char *buf, size_t size, - const struct nftnl_gen *gen) -@@ -186,13 +175,12 @@ static int nftnl_gen_cmd_snprintf(char *buf, size_t size, - return offset; - } - --int nftnl_gen_snprintf(char *buf, size_t size, const struct nftnl_gen *gen, -+int __EXPORTED nftnl_gen_snprintf(char *buf, size_t size, const struct nftnl_gen *gen, - uint32_t type, uint32_t flags) - {; - return nftnl_gen_cmd_snprintf(buf, size, gen, nftnl_flag2cmd(flags), type, - flags); - } --EXPORT_SYMBOL(nftnl_gen_snprintf); - - static int nftnl_gen_do_snprintf(char *buf, size_t size, const void *gen, - uint32_t cmd, uint32_t type, uint32_t flags) -@@ -200,10 +188,9 @@ static int nftnl_gen_do_snprintf(char *buf, size_t size, const void *gen, - return nftnl_gen_snprintf(buf, size, gen, type, flags); - } - --int nftnl_gen_fprintf(FILE *fp, const struct nftnl_gen *gen, uint32_t type, -+int __EXPORTED nftnl_gen_fprintf(FILE *fp, const struct nftnl_gen *gen, uint32_t type, - uint32_t flags) - { - return nftnl_fprintf(fp, gen, NFTNL_CMD_UNSPEC, type, flags, - nftnl_gen_do_snprintf); - } --EXPORT_SYMBOL(nftnl_gen_fprintf); -diff --git a/src/object.c b/src/object.c -index e1a5ac4..d409c6d 100644 ---- a/src/object.c -+++ b/src/object.c -@@ -39,13 +39,12 @@ static struct obj_ops *nftnl_obj_ops_lookup(uint32_t type) - return obj_ops[type]; - } - --struct nftnl_obj *nftnl_obj_alloc(void) -+struct nftnl_obj __EXPORTED *nftnl_obj_alloc(void) - { - return calloc(1, sizeof(struct nftnl_obj)); - } --EXPORT_SYMBOL(nftnl_obj_alloc); - --void nftnl_obj_free(const struct nftnl_obj *obj) -+void __EXPORTED nftnl_obj_free(const struct nftnl_obj *obj) - { - if (obj->flags & (1 << NFTNL_OBJ_TABLE)) - xfree(obj->table); -@@ -54,20 +53,18 @@ void nftnl_obj_free(const struct nftnl_obj *obj) - - xfree(obj); - } --EXPORT_SYMBOL(nftnl_obj_free); - --bool nftnl_obj_is_set(const struct nftnl_obj *obj, uint16_t attr) -+bool __EXPORTED nftnl_obj_is_set(const struct nftnl_obj *obj, uint16_t attr) - { - return obj->flags & (1 << attr); - } --EXPORT_SYMBOL(nftnl_obj_is_set); - - static uint32_t nftnl_obj_validate[NFTNL_OBJ_MAX + 1] = { - [NFTNL_OBJ_FAMILY] = sizeof(uint32_t), - [NFTNL_OBJ_USE] = sizeof(uint32_t), - }; - --void nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr, -+void __EXPORTED nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr, - const void *data, uint32_t data_len) - { - if (attr < NFTNL_OBJ_MAX) -@@ -100,45 +97,38 @@ void nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr, - } - obj->flags |= (1 << attr); - } --EXPORT_SYMBOL(nftnl_obj_set_data); - --void nftnl_obj_set(struct nftnl_obj *obj, uint16_t attr, const void *data) -+void __EXPORTED nftnl_obj_set(struct nftnl_obj *obj, uint16_t attr, const void *data) - { - nftnl_obj_set_data(obj, attr, data, nftnl_obj_validate[attr]); - } --EXPORT_SYMBOL(nftnl_obj_set); - --void nftnl_obj_set_u8(struct nftnl_obj *obj, uint16_t attr, uint8_t val) -+void __EXPORTED nftnl_obj_set_u8(struct nftnl_obj *obj, uint16_t attr, uint8_t val) - { - nftnl_obj_set_data(obj, attr, &val, sizeof(uint8_t)); - } --EXPORT_SYMBOL(nftnl_obj_set_u8); - --void nftnl_obj_set_u16(struct nftnl_obj *obj, uint16_t attr, uint16_t val) -+void __EXPORTED nftnl_obj_set_u16(struct nftnl_obj *obj, uint16_t attr, uint16_t val) - { - nftnl_obj_set_data(obj, attr, &val, sizeof(uint16_t)); - } --EXPORT_SYMBOL(nftnl_obj_set_u16); - --void nftnl_obj_set_u32(struct nftnl_obj *obj, uint16_t attr, uint32_t val) -+void __EXPORTED nftnl_obj_set_u32(struct nftnl_obj *obj, uint16_t attr, uint32_t val) - { - nftnl_obj_set_data(obj, attr, &val, sizeof(uint32_t)); - } --EXPORT_SYMBOL(nftnl_obj_set_u32); - --void nftnl_obj_set_u64(struct nftnl_obj *obj, uint16_t attr, uint64_t val) -+void __EXPORTED nftnl_obj_set_u64(struct nftnl_obj *obj, uint16_t attr, uint64_t val) - { - nftnl_obj_set_data(obj, attr, &val, sizeof(uint64_t)); - } --EXPORT_SYMBOL(nftnl_obj_set_u64); - --void nftnl_obj_set_str(struct nftnl_obj *obj, uint16_t attr, const char *str) -+void __EXPORTED nftnl_obj_set_str(struct nftnl_obj *obj, uint16_t attr, const char *str) - { - nftnl_obj_set_data(obj, attr, str, 0); - } --EXPORT_SYMBOL(nftnl_obj_set_str); - --const void *nftnl_obj_get_data(struct nftnl_obj *obj, uint16_t attr, -+const void __EXPORTED *nftnl_obj_get_data(struct nftnl_obj *obj, uint16_t attr, - uint32_t *data_len) - { - if (!(obj->flags & (1 << attr))) -@@ -168,50 +158,43 @@ const void *nftnl_obj_get_data(struct nftnl_obj *obj, uint16_t attr, - } - return NULL; - } --EXPORT_SYMBOL(nftnl_obj_get_data); - --const void *nftnl_obj_get(struct nftnl_obj *obj, uint16_t attr) -+const void __EXPORTED *nftnl_obj_get(struct nftnl_obj *obj, uint16_t attr) - { - uint32_t data_len; - return nftnl_obj_get_data(obj, attr, &data_len); - } --EXPORT_SYMBOL(nftnl_obj_get); - --uint8_t nftnl_obj_get_u8(struct nftnl_obj *obj, uint16_t attr) -+uint8_t __EXPORTED nftnl_obj_get_u8(struct nftnl_obj *obj, uint16_t attr) - { - const void *ret = nftnl_obj_get(obj, attr); - return ret == NULL ? 0 : *((uint8_t *)ret); - } --EXPORT_SYMBOL(nftnl_obj_get_u8); - --uint16_t nftnl_obj_get_u16(struct nftnl_obj *obj, uint16_t attr) -+uint16_t __EXPORTED nftnl_obj_get_u16(struct nftnl_obj *obj, uint16_t attr) - { - const void *ret = nftnl_obj_get(obj, attr); - return ret == NULL ? 0 : *((uint16_t *)ret); - } --EXPORT_SYMBOL(nftnl_obj_get_u16); - --uint32_t nftnl_obj_get_u32(struct nftnl_obj *obj, uint16_t attr) -+uint32_t __EXPORTED nftnl_obj_get_u32(struct nftnl_obj *obj, uint16_t attr) - { - const void *ret = nftnl_obj_get(obj, attr); - return ret == NULL ? 0 : *((uint32_t *)ret); - } --EXPORT_SYMBOL(nftnl_obj_get_u32); - --uint64_t nftnl_obj_get_u64(struct nftnl_obj *obj, uint16_t attr) -+uint64_t __EXPORTED nftnl_obj_get_u64(struct nftnl_obj *obj, uint16_t attr) - { - const void *ret = nftnl_obj_get(obj, attr); - return ret == NULL ? 0 : *((uint64_t *)ret); - } --EXPORT_SYMBOL(nftnl_obj_get_u64); - --const char *nftnl_obj_get_str(struct nftnl_obj *obj, uint16_t attr) -+const char __EXPORTED *nftnl_obj_get_str(struct nftnl_obj *obj, uint16_t attr) - { - return nftnl_obj_get(obj, attr); - } --EXPORT_SYMBOL(nftnl_obj_get_str); - --void nftnl_obj_nlmsg_build_payload(struct nlmsghdr *nlh, -+void __EXPORTED nftnl_obj_nlmsg_build_payload(struct nlmsghdr *nlh, - const struct nftnl_obj *obj) - { - if (obj->flags & (1 << NFTNL_OBJ_TABLE)) -@@ -228,7 +211,6 @@ void nftnl_obj_nlmsg_build_payload(struct nlmsghdr *nlh, - mnl_attr_nest_end(nlh, nest); - } - } --EXPORT_SYMBOL(nftnl_obj_nlmsg_build_payload); - - static int nftnl_obj_parse_attr_cb(const struct nlattr *attr, void *data) - { -@@ -258,7 +240,7 @@ static int nftnl_obj_parse_attr_cb(const struct nlattr *attr, void *data) - return MNL_CB_OK; - } - --int nftnl_obj_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_obj *obj) -+int __EXPORTED nftnl_obj_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_obj *obj) - { - struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh); - struct nlattr *tb[NFTA_OBJ_MAX + 1] = {}; -@@ -299,7 +281,6 @@ int nftnl_obj_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_obj *obj) - - return 0; - } --EXPORT_SYMBOL(nftnl_obj_nlmsg_parse); - - #ifdef JSON_PARSING - static int nftnl_jansson_parse_obj(struct nftnl_obj *t, json_t *tree, -@@ -377,19 +358,17 @@ static int nftnl_obj_do_parse(struct nftnl_obj *obj, enum nftnl_parse_type type, - return ret; - } - --int nftnl_obj_parse(struct nftnl_obj *obj, enum nftnl_parse_type type, -+int __EXPORTED nftnl_obj_parse(struct nftnl_obj *obj, enum nftnl_parse_type type, - const char *data, struct nftnl_parse_err *err) - { - return nftnl_obj_do_parse(obj, type, data, err, NFTNL_PARSE_BUFFER); - } --EXPORT_SYMBOL(nftnl_obj_parse); - --int nftnl_obj_parse_file(struct nftnl_obj *obj, enum nftnl_parse_type type, -+int __EXPORTED nftnl_obj_parse_file(struct nftnl_obj *obj, enum nftnl_parse_type type, - FILE *fp, struct nftnl_parse_err *err) - { - return nftnl_obj_do_parse(obj, type, fp, err, NFTNL_PARSE_FILE); - } --EXPORT_SYMBOL(nftnl_obj_parse_file); - - static int nftnl_obj_export(char *buf, size_t size, - const struct nftnl_obj *obj, -@@ -469,13 +448,12 @@ static int nftnl_obj_cmd_snprintf(char *buf, size_t size, - return offset; - } - --int nftnl_obj_snprintf(char *buf, size_t size, const struct nftnl_obj *obj, -+int __EXPORTED nftnl_obj_snprintf(char *buf, size_t size, const struct nftnl_obj *obj, - uint32_t type, uint32_t flags) - { - return nftnl_obj_cmd_snprintf(buf, size, obj, nftnl_flag2cmd(flags), - type, flags); - } --EXPORT_SYMBOL(nftnl_obj_snprintf); - - static int nftnl_obj_do_snprintf(char *buf, size_t size, const void *obj, - uint32_t cmd, uint32_t type, uint32_t flags) -@@ -483,19 +461,18 @@ static int nftnl_obj_do_snprintf(char *buf, size_t size, const void *obj, - return nftnl_obj_snprintf(buf, size, obj, type, flags); - } - --int nftnl_obj_fprintf(FILE *fp, const struct nftnl_obj *obj, uint32_t type, -+int __EXPORTED nftnl_obj_fprintf(FILE *fp, const struct nftnl_obj *obj, uint32_t type, - uint32_t flags) - { - return nftnl_fprintf(fp, obj, NFTNL_CMD_UNSPEC, type, flags, - nftnl_obj_do_snprintf); - } --EXPORT_SYMBOL(nftnl_obj_fprintf); - - struct nftnl_obj_list { - struct list_head list; - }; - --struct nftnl_obj_list *nftnl_obj_list_alloc(void) -+struct nftnl_obj_list __EXPORTED *nftnl_obj_list_alloc(void) - { - struct nftnl_obj_list *list; - -@@ -507,9 +484,8 @@ struct nftnl_obj_list *nftnl_obj_list_alloc(void) - - return list; - } --EXPORT_SYMBOL(nftnl_obj_list_alloc); - --void nftnl_obj_list_free(struct nftnl_obj_list *list) -+void __EXPORTED nftnl_obj_list_free(struct nftnl_obj_list *list) - { - struct nftnl_obj *r, *tmp; - -@@ -519,34 +495,29 @@ void nftnl_obj_list_free(struct nftnl_obj_list *list) - } - xfree(list); - } --EXPORT_SYMBOL(nftnl_obj_list_free); - --int nftnl_obj_list_is_empty(struct nftnl_obj_list *list) -+int __EXPORTED nftnl_obj_list_is_empty(struct nftnl_obj_list *list) - { - return list_empty(&list->list); - } --EXPORT_SYMBOL(nftnl_obj_list_is_empty); - --void nftnl_obj_list_add(struct nftnl_obj *r, struct nftnl_obj_list *list) -+void __EXPORTED nftnl_obj_list_add(struct nftnl_obj *r, struct nftnl_obj_list *list) - { - list_add(&r->head, &list->list); - } --EXPORT_SYMBOL(nftnl_obj_list_add); - --void nftnl_obj_list_add_tail(struct nftnl_obj *r, -+void __EXPORTED nftnl_obj_list_add_tail(struct nftnl_obj *r, - struct nftnl_obj_list *list) - { - list_add_tail(&r->head, &list->list); - } --EXPORT_SYMBOL(nftnl_obj_list_add_tail); - --void nftnl_obj_list_del(struct nftnl_obj *t) -+void __EXPORTED nftnl_obj_list_del(struct nftnl_obj *t) - { - list_del(&t->head); - } --EXPORT_SYMBOL(nftnl_obj_list_del); - --int nftnl_obj_list_foreach(struct nftnl_obj_list *table_list, -+int __EXPORTED nftnl_obj_list_foreach(struct nftnl_obj_list *table_list, - int (*cb)(struct nftnl_obj *t, void *data), - void *data) - { -@@ -560,14 +531,13 @@ int nftnl_obj_list_foreach(struct nftnl_obj_list *table_list, - } - return 0; - } --EXPORT_SYMBOL(nftnl_obj_list_foreach); - - struct nftnl_obj_list_iter { - struct nftnl_obj_list *list; - struct nftnl_obj *cur; - }; - --struct nftnl_obj_list_iter * -+struct nftnl_obj_list_iter __EXPORTED * - nftnl_obj_list_iter_create(struct nftnl_obj_list *l) - { - struct nftnl_obj_list_iter *iter; -@@ -584,9 +554,8 @@ nftnl_obj_list_iter_create(struct nftnl_obj_list *l) - - return iter; - } --EXPORT_SYMBOL(nftnl_obj_list_iter_create); - --struct nftnl_obj *nftnl_obj_list_iter_next(struct nftnl_obj_list_iter *iter) -+struct nftnl_obj __EXPORTED *nftnl_obj_list_iter_next(struct nftnl_obj_list_iter *iter) - { - struct nftnl_obj *r = iter->cur; - -@@ -600,10 +569,8 @@ struct nftnl_obj *nftnl_obj_list_iter_next(struct nftnl_obj_list_iter *iter) - - return r; - } --EXPORT_SYMBOL(nftnl_obj_list_iter_next); - --void nftnl_obj_list_iter_destroy(struct nftnl_obj_list_iter *iter) -+void __EXPORTED nftnl_obj_list_iter_destroy(struct nftnl_obj_list_iter *iter) - { - xfree(iter); - } --EXPORT_SYMBOL(nftnl_obj_list_iter_destroy); -diff --git a/src/rule.c b/src/rule.c -index 6c22141..ad8609f 100644 ---- a/src/rule.c -+++ b/src/rule.c -@@ -52,7 +52,7 @@ struct nftnl_rule { - struct list_head expr_list; - }; - --struct nftnl_rule *nftnl_rule_alloc(void) -+struct nftnl_rule __EXPORTED *nftnl_rule_alloc(void) - { - struct nftnl_rule *r; - -@@ -64,9 +64,8 @@ struct nftnl_rule *nftnl_rule_alloc(void) - - return r; - } --EXPORT_SYMBOL(nftnl_rule_alloc); - --void nftnl_rule_free(const struct nftnl_rule *r) -+void __EXPORTED nftnl_rule_free(const struct nftnl_rule *r) - { - struct nftnl_expr *e, *tmp; - -@@ -82,15 +81,13 @@ void nftnl_rule_free(const struct nftnl_rule *r) - - xfree(r); - } --EXPORT_SYMBOL(nftnl_rule_free); - --bool nftnl_rule_is_set(const struct nftnl_rule *r, uint16_t attr) -+bool __EXPORTED nftnl_rule_is_set(const struct nftnl_rule *r, uint16_t attr) - { - return r->flags & (1 << attr); - } --EXPORT_SYMBOL(nftnl_rule_is_set); - --void nftnl_rule_unset(struct nftnl_rule *r, uint16_t attr) -+void __EXPORTED nftnl_rule_unset(struct nftnl_rule *r, uint16_t attr) - { - if (!(r->flags & (1 << attr))) - return; -@@ -116,7 +113,6 @@ void nftnl_rule_unset(struct nftnl_rule *r, uint16_t attr) - - r->flags &= ~(1 << attr); - } --EXPORT_SYMBOL(nftnl_rule_unset); - - static uint32_t nftnl_rule_validate[NFTNL_RULE_MAX + 1] = { - [NFTNL_RULE_HANDLE] = sizeof(uint64_t), -@@ -127,7 +123,7 @@ static uint32_t nftnl_rule_validate[NFTNL_RULE_MAX + 1] = { - [NFTNL_RULE_ID] = sizeof(uint32_t), - }; - --int nftnl_rule_set_data(struct nftnl_rule *r, uint16_t attr, -+int __EXPORTED nftnl_rule_set_data(struct nftnl_rule *r, uint16_t attr, - const void *data, uint32_t data_len) - { - nftnl_assert_attr_exists(attr, NFTNL_RULE_MAX); -@@ -183,33 +179,28 @@ int nftnl_rule_set_data(struct nftnl_rule *r, uint16_t attr, - r->flags |= (1 << attr); - return 0; - } --EXPORT_SYMBOL(nftnl_rule_set_data); - --int nftnl_rule_set(struct nftnl_rule *r, uint16_t attr, const void *data) -+int __EXPORTED nftnl_rule_set(struct nftnl_rule *r, uint16_t attr, const void *data) - { - return nftnl_rule_set_data(r, attr, data, nftnl_rule_validate[attr]); - } --EXPORT_SYMBOL(nftnl_rule_set); - --void nftnl_rule_set_u32(struct nftnl_rule *r, uint16_t attr, uint32_t val) -+void __EXPORTED nftnl_rule_set_u32(struct nftnl_rule *r, uint16_t attr, uint32_t val) - { - nftnl_rule_set_data(r, attr, &val, sizeof(uint32_t)); - } --EXPORT_SYMBOL(nftnl_rule_set_u32); - --void nftnl_rule_set_u64(struct nftnl_rule *r, uint16_t attr, uint64_t val) -+void __EXPORTED nftnl_rule_set_u64(struct nftnl_rule *r, uint16_t attr, uint64_t val) - { - nftnl_rule_set_data(r, attr, &val, sizeof(uint64_t)); - } --EXPORT_SYMBOL(nftnl_rule_set_u64); - --int nftnl_rule_set_str(struct nftnl_rule *r, uint16_t attr, const char *str) -+int __EXPORTED nftnl_rule_set_str(struct nftnl_rule *r, uint16_t attr, const char *str) - { - return nftnl_rule_set_data(r, attr, str, strlen(str) + 1); - } --EXPORT_SYMBOL(nftnl_rule_set_str); - --const void *nftnl_rule_get_data(const struct nftnl_rule *r, uint16_t attr, -+const void __EXPORTED *nftnl_rule_get_data(const struct nftnl_rule *r, uint16_t attr, - uint32_t *data_len) - { - if (!(r->flags & (1 << attr))) -@@ -246,22 +237,19 @@ const void *nftnl_rule_get_data(const struct nftnl_rule *r, uint16_t attr, - } - return NULL; - } --EXPORT_SYMBOL(nftnl_rule_get_data); - --const void *nftnl_rule_get(const struct nftnl_rule *r, uint16_t attr) -+const void __EXPORTED *nftnl_rule_get(const struct nftnl_rule *r, uint16_t attr) - { - uint32_t data_len; - return nftnl_rule_get_data(r, attr, &data_len); - } --EXPORT_SYMBOL(nftnl_rule_get); - --const char *nftnl_rule_get_str(const struct nftnl_rule *r, uint16_t attr) -+const char __EXPORTED *nftnl_rule_get_str(const struct nftnl_rule *r, uint16_t attr) - { - return nftnl_rule_get(r, attr); - } --EXPORT_SYMBOL(nftnl_rule_get_str); - --uint32_t nftnl_rule_get_u32(const struct nftnl_rule *r, uint16_t attr) -+uint32_t __EXPORTED nftnl_rule_get_u32(const struct nftnl_rule *r, uint16_t attr) - { - uint32_t data_len; - const uint32_t *val = nftnl_rule_get_data(r, attr, &data_len); -@@ -270,9 +258,8 @@ uint32_t nftnl_rule_get_u32(const struct nftnl_rule *r, uint16_t attr) - - return val ? *val : 0; - } --EXPORT_SYMBOL(nftnl_rule_get_u32); - --uint64_t nftnl_rule_get_u64(const struct nftnl_rule *r, uint16_t attr) -+uint64_t __EXPORTED nftnl_rule_get_u64(const struct nftnl_rule *r, uint16_t attr) - { - uint32_t data_len; - const uint64_t *val = nftnl_rule_get_data(r, attr, &data_len); -@@ -281,9 +268,8 @@ uint64_t nftnl_rule_get_u64(const struct nftnl_rule *r, uint16_t attr) - - return val ? *val : 0; - } --EXPORT_SYMBOL(nftnl_rule_get_u64); - --uint8_t nftnl_rule_get_u8(const struct nftnl_rule *r, uint16_t attr) -+uint8_t __EXPORTED nftnl_rule_get_u8(const struct nftnl_rule *r, uint16_t attr) - { - uint32_t data_len; - const uint8_t *val = nftnl_rule_get_data(r, attr, &data_len); -@@ -292,9 +278,8 @@ uint8_t nftnl_rule_get_u8(const struct nftnl_rule *r, uint16_t attr) - - return val ? *val : 0; - } --EXPORT_SYMBOL(nftnl_rule_get_u8); - --void nftnl_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_rule *r) -+void __EXPORTED nftnl_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_rule *r) - { - struct nftnl_expr *expr; - struct nlattr *nest, *nest2; -@@ -335,13 +320,11 @@ void nftnl_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_rule *r) - if (r->flags & (1 << NFTNL_RULE_ID)) - mnl_attr_put_u32(nlh, NFTA_RULE_ID, htonl(r->id)); - } --EXPORT_SYMBOL(nftnl_rule_nlmsg_build_payload); - --void nftnl_rule_add_expr(struct nftnl_rule *r, struct nftnl_expr *expr) -+void __EXPORTED nftnl_rule_add_expr(struct nftnl_rule *r, struct nftnl_expr *expr) - { - list_add_tail(&expr->head, &r->expr_list); - } --EXPORT_SYMBOL(nftnl_rule_add_expr); - - static int nftnl_rule_parse_attr_cb(const struct nlattr *attr, void *data) - { -@@ -441,7 +424,7 @@ static int nftnl_rule_parse_compat(struct nlattr *nest, struct nftnl_rule *r) - return 0; - } - --int nftnl_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_rule *r) -+int __EXPORTED nftnl_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_rule *r) - { - struct nlattr *tb[NFTA_RULE_MAX+1] = {}; - struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh); -@@ -510,7 +493,6 @@ int nftnl_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_rule *r) - - return 0; - } --EXPORT_SYMBOL(nftnl_rule_nlmsg_parse); - - #ifdef JSON_PARSING - int nftnl_jansson_parse_rule(struct nftnl_rule *r, json_t *tree, -@@ -658,19 +640,17 @@ static int nftnl_rule_do_parse(struct nftnl_rule *r, enum nftnl_parse_type type, - - return ret; - } --int nftnl_rule_parse(struct nftnl_rule *r, enum nftnl_parse_type type, -+int __EXPORTED nftnl_rule_parse(struct nftnl_rule *r, enum nftnl_parse_type type, - const char *data, struct nftnl_parse_err *err) - { - return nftnl_rule_do_parse(r, type, data, err, NFTNL_PARSE_BUFFER); - } --EXPORT_SYMBOL(nftnl_rule_parse); - --int nftnl_rule_parse_file(struct nftnl_rule *r, enum nftnl_parse_type type, -+int __EXPORTED nftnl_rule_parse_file(struct nftnl_rule *r, enum nftnl_parse_type type, - FILE *fp, struct nftnl_parse_err *err) - { - return nftnl_rule_do_parse(r, type, fp, err, NFTNL_PARSE_FILE); - } --EXPORT_SYMBOL(nftnl_rule_parse_file); - - static int nftnl_rule_export(char *buf, size_t size, - const struct nftnl_rule *r, -@@ -819,13 +799,12 @@ static int nftnl_rule_cmd_snprintf(char *buf, size_t size, - return offset; - } - --int nftnl_rule_snprintf(char *buf, size_t size, const struct nftnl_rule *r, -+int __EXPORTED nftnl_rule_snprintf(char *buf, size_t size, const struct nftnl_rule *r, - uint32_t type, uint32_t flags) - { - return nftnl_rule_cmd_snprintf(buf, size, r, nftnl_flag2cmd(flags), type, - flags); - } --EXPORT_SYMBOL(nftnl_rule_snprintf); - - static int nftnl_rule_do_snprintf(char *buf, size_t size, const void *r, - uint32_t cmd, uint32_t type, uint32_t flags) -@@ -833,15 +812,14 @@ static int nftnl_rule_do_snprintf(char *buf, size_t size, const void *r, - return nftnl_rule_snprintf(buf, size, r, type, flags); - } - --int nftnl_rule_fprintf(FILE *fp, const struct nftnl_rule *r, uint32_t type, -+int __EXPORTED nftnl_rule_fprintf(FILE *fp, const struct nftnl_rule *r, uint32_t type, - uint32_t flags) - { - return nftnl_fprintf(fp, r, NFTNL_CMD_UNSPEC, type, flags, - nftnl_rule_do_snprintf); - } --EXPORT_SYMBOL(nftnl_rule_fprintf); - --int nftnl_expr_foreach(struct nftnl_rule *r, -+int __EXPORTED nftnl_expr_foreach(struct nftnl_rule *r, - int (*cb)(struct nftnl_expr *e, void *data), - void *data) - { -@@ -855,7 +833,6 @@ int nftnl_expr_foreach(struct nftnl_rule *r, - } - return 0; - } --EXPORT_SYMBOL(nftnl_expr_foreach); - - struct nftnl_expr_iter { - const struct nftnl_rule *r; -@@ -873,7 +850,7 @@ static void nftnl_expr_iter_init(const struct nftnl_rule *r, - head); - } - --struct nftnl_expr_iter *nftnl_expr_iter_create(const struct nftnl_rule *r) -+struct nftnl_expr_iter __EXPORTED *nftnl_expr_iter_create(const struct nftnl_rule *r) - { - struct nftnl_expr_iter *iter; - -@@ -885,9 +862,8 @@ struct nftnl_expr_iter *nftnl_expr_iter_create(const struct nftnl_rule *r) - - return iter; - } --EXPORT_SYMBOL(nftnl_expr_iter_create); - --struct nftnl_expr *nftnl_expr_iter_next(struct nftnl_expr_iter *iter) -+struct nftnl_expr __EXPORTED *nftnl_expr_iter_next(struct nftnl_expr_iter *iter) - { - struct nftnl_expr *expr = iter->cur; - -@@ -901,15 +877,13 @@ struct nftnl_expr *nftnl_expr_iter_next(struct nftnl_expr_iter *iter) - - return expr; - } --EXPORT_SYMBOL(nftnl_expr_iter_next); - --void nftnl_expr_iter_destroy(struct nftnl_expr_iter *iter) -+void __EXPORTED nftnl_expr_iter_destroy(struct nftnl_expr_iter *iter) - { - xfree(iter); - } --EXPORT_SYMBOL(nftnl_expr_iter_destroy); - --bool nftnl_rule_cmp(const struct nftnl_rule *r1, const struct nftnl_rule *r2) -+bool __EXPORTED nftnl_rule_cmp(const struct nftnl_rule *r1, const struct nftnl_rule *r2) - { - struct nftnl_expr_iter it1, it2; - struct nftnl_expr *e1, *e2; -@@ -938,13 +912,12 @@ bool nftnl_rule_cmp(const struct nftnl_rule *r1, const struct nftnl_rule *r2) - - return eq; - } --EXPORT_SYMBOL(nftnl_rule_cmp); - - struct nftnl_rule_list { - struct list_head list; - }; - --struct nftnl_rule_list *nftnl_rule_list_alloc(void) -+struct nftnl_rule_list __EXPORTED *nftnl_rule_list_alloc(void) - { - struct nftnl_rule_list *list; - -@@ -956,9 +929,8 @@ struct nftnl_rule_list *nftnl_rule_list_alloc(void) - - return list; - } --EXPORT_SYMBOL(nftnl_rule_list_alloc); - --void nftnl_rule_list_free(struct nftnl_rule_list *list) -+void __EXPORTED nftnl_rule_list_free(struct nftnl_rule_list *list) - { - struct nftnl_rule *r, *tmp; - -@@ -968,33 +940,28 @@ void nftnl_rule_list_free(struct nftnl_rule_list *list) - } - xfree(list); - } --EXPORT_SYMBOL(nftnl_rule_list_free); - --int nftnl_rule_list_is_empty(const struct nftnl_rule_list *list) -+int __EXPORTED nftnl_rule_list_is_empty(const struct nftnl_rule_list *list) - { - return list_empty(&list->list); - } --EXPORT_SYMBOL(nftnl_rule_list_is_empty); - --void nftnl_rule_list_add(struct nftnl_rule *r, struct nftnl_rule_list *list) -+void __EXPORTED nftnl_rule_list_add(struct nftnl_rule *r, struct nftnl_rule_list *list) - { - list_add(&r->head, &list->list); - } --EXPORT_SYMBOL(nftnl_rule_list_add); - --void nftnl_rule_list_add_tail(struct nftnl_rule *r, struct nftnl_rule_list *list) -+void __EXPORTED nftnl_rule_list_add_tail(struct nftnl_rule *r, struct nftnl_rule_list *list) - { - list_add_tail(&r->head, &list->list); - } --EXPORT_SYMBOL(nftnl_rule_list_add_tail); - --void nftnl_rule_list_del(struct nftnl_rule *r) -+void __EXPORTED nftnl_rule_list_del(struct nftnl_rule *r) - { - list_del(&r->head); - } --EXPORT_SYMBOL(nftnl_rule_list_del); - --int nftnl_rule_list_foreach(struct nftnl_rule_list *rule_list, -+int __EXPORTED nftnl_rule_list_foreach(struct nftnl_rule_list *rule_list, - int (*cb)(struct nftnl_rule *r, void *data), - void *data) - { -@@ -1008,14 +975,13 @@ int nftnl_rule_list_foreach(struct nftnl_rule_list *rule_list, - } - return 0; - } --EXPORT_SYMBOL(nftnl_rule_list_foreach); - - struct nftnl_rule_list_iter { - const struct nftnl_rule_list *list; - struct nftnl_rule *cur; - }; - --struct nftnl_rule_list_iter * -+struct nftnl_rule_list_iter __EXPORTED * - nftnl_rule_list_iter_create(const struct nftnl_rule_list *l) - { - struct nftnl_rule_list_iter *iter; -@@ -1032,15 +998,13 @@ nftnl_rule_list_iter_create(const struct nftnl_rule_list *l) - - return iter; - } --EXPORT_SYMBOL(nftnl_rule_list_iter_create); - --struct nftnl_rule *nftnl_rule_list_iter_cur(struct nftnl_rule_list_iter *iter) -+struct nftnl_rule __EXPORTED *nftnl_rule_list_iter_cur(struct nftnl_rule_list_iter *iter) - { - return iter->cur; - } --EXPORT_SYMBOL(nftnl_rule_list_iter_cur); - --struct nftnl_rule *nftnl_rule_list_iter_next(struct nftnl_rule_list_iter *iter) -+struct nftnl_rule __EXPORTED *nftnl_rule_list_iter_next(struct nftnl_rule_list_iter *iter) - { - struct nftnl_rule *r = iter->cur; - -@@ -1054,10 +1018,8 @@ struct nftnl_rule *nftnl_rule_list_iter_next(struct nftnl_rule_list_iter *iter) - - return r; - } --EXPORT_SYMBOL(nftnl_rule_list_iter_next); - --void nftnl_rule_list_iter_destroy(const struct nftnl_rule_list_iter *iter) -+void __EXPORTED nftnl_rule_list_iter_destroy(const struct nftnl_rule_list_iter *iter) - { - xfree(iter); - } --EXPORT_SYMBOL(nftnl_rule_list_iter_destroy); -diff --git a/src/ruleset.c b/src/ruleset.c -index 6ef2956..10d48f6 100644 ---- a/src/ruleset.c -+++ b/src/ruleset.c -@@ -55,13 +55,12 @@ struct nftnl_parse_ctx { - uint16_t flags; - }; - --struct nftnl_ruleset *nftnl_ruleset_alloc(void) -+struct nftnl_ruleset __EXPORTED *nftnl_ruleset_alloc(void) - { - return calloc(1, sizeof(struct nftnl_ruleset)); - } --EXPORT_SYMBOL(nftnl_ruleset_alloc); - --void nftnl_ruleset_free(const struct nftnl_ruleset *r) -+void __EXPORTED nftnl_ruleset_free(const struct nftnl_ruleset *r) - { - if (r->flags & (1 << NFTNL_RULESET_TABLELIST)) - nftnl_table_list_free(r->table_list); -@@ -73,15 +72,13 @@ void nftnl_ruleset_free(const struct nftnl_ruleset *r) - nftnl_rule_list_free(r->rule_list); - xfree(r); - } --EXPORT_SYMBOL(nftnl_ruleset_free); - --bool nftnl_ruleset_is_set(const struct nftnl_ruleset *r, uint16_t attr) -+bool __EXPORTED nftnl_ruleset_is_set(const struct nftnl_ruleset *r, uint16_t attr) - { - return r->flags & (1 << attr); - } --EXPORT_SYMBOL(nftnl_ruleset_is_set); - --void nftnl_ruleset_unset(struct nftnl_ruleset *r, uint16_t attr) -+void __EXPORTED nftnl_ruleset_unset(struct nftnl_ruleset *r, uint16_t attr) - { - if (!(r->flags & (1 << attr))) - return; -@@ -102,9 +99,8 @@ void nftnl_ruleset_unset(struct nftnl_ruleset *r, uint16_t attr) - } - r->flags &= ~(1 << attr); - } --EXPORT_SYMBOL(nftnl_ruleset_unset); - --void nftnl_ruleset_set(struct nftnl_ruleset *r, uint16_t attr, void *data) -+void __EXPORTED nftnl_ruleset_set(struct nftnl_ruleset *r, uint16_t attr, void *data) - { - switch (attr) { - case NFTNL_RULESET_TABLELIST: -@@ -128,9 +124,8 @@ void nftnl_ruleset_set(struct nftnl_ruleset *r, uint16_t attr, void *data) - } - r->flags |= (1 << attr); - } --EXPORT_SYMBOL(nftnl_ruleset_set); - --void *nftnl_ruleset_get(const struct nftnl_ruleset *r, uint16_t attr) -+void __EXPORTED *nftnl_ruleset_get(const struct nftnl_ruleset *r, uint16_t attr) - { - if (!(r->flags & (1 << attr))) - return NULL; -@@ -148,9 +143,8 @@ void *nftnl_ruleset_get(const struct nftnl_ruleset *r, uint16_t attr) - return NULL; - } - } --EXPORT_SYMBOL(nftnl_ruleset_get); - --void nftnl_ruleset_ctx_free(const struct nftnl_parse_ctx *ctx) -+void __EXPORTED nftnl_ruleset_ctx_free(const struct nftnl_parse_ctx *ctx) - { - switch (ctx->type) { - case NFTNL_RULESET_TABLE: -@@ -171,15 +165,13 @@ void nftnl_ruleset_ctx_free(const struct nftnl_parse_ctx *ctx) - break; - } - } --EXPORT_SYMBOL(nftnl_ruleset_ctx_free); - --bool nftnl_ruleset_ctx_is_set(const struct nftnl_parse_ctx *ctx, uint16_t attr) -+bool __EXPORTED nftnl_ruleset_ctx_is_set(const struct nftnl_parse_ctx *ctx, uint16_t attr) - { - return ctx->flags & (1 << attr); - } --EXPORT_SYMBOL(nftnl_ruleset_ctx_is_set); - --void *nftnl_ruleset_ctx_get(const struct nftnl_parse_ctx *ctx, uint16_t attr) -+void __EXPORTED *nftnl_ruleset_ctx_get(const struct nftnl_parse_ctx *ctx, uint16_t attr) - { - if (!(ctx->flags & (1 << attr))) - return NULL; -@@ -203,14 +195,12 @@ void *nftnl_ruleset_ctx_get(const struct nftnl_parse_ctx *ctx, uint16_t attr) - return NULL; - } - } --EXPORT_SYMBOL(nftnl_ruleset_ctx_get); - --uint32_t nftnl_ruleset_ctx_get_u32(const struct nftnl_parse_ctx *ctx, uint16_t attr) -+uint32_t __EXPORTED nftnl_ruleset_ctx_get_u32(const struct nftnl_parse_ctx *ctx, uint16_t attr) - { - const void *ret = nftnl_ruleset_ctx_get(ctx, attr); - return ret == NULL ? 0 : *((uint32_t *)ret); - } --EXPORT_SYMBOL(nftnl_ruleset_ctx_get_u32); - - #if defined(JSON_PARSING) - static void nftnl_ruleset_ctx_set(struct nftnl_parse_ctx *ctx, uint16_t attr, -@@ -593,22 +583,20 @@ nftnl_ruleset_do_parse(enum nftnl_parse_type type, const void *data, - return ret; - } - --int nftnl_ruleset_parse_file_cb(enum nftnl_parse_type type, FILE *fp, -+int __EXPORTED nftnl_ruleset_parse_file_cb(enum nftnl_parse_type type, FILE *fp, - struct nftnl_parse_err *err, void *data, - int (*cb)(const struct nftnl_parse_ctx *ctx)) - { - return nftnl_ruleset_do_parse(type, fp, err, NFTNL_PARSE_FILE, data, cb); - } --EXPORT_SYMBOL(nftnl_ruleset_parse_file_cb); - --int nftnl_ruleset_parse_buffer_cb(enum nftnl_parse_type type, const char *buffer, -+int __EXPORTED nftnl_ruleset_parse_buffer_cb(enum nftnl_parse_type type, const char *buffer, - struct nftnl_parse_err *err, void *data, - int (*cb)(const struct nftnl_parse_ctx *ctx)) - { - return nftnl_ruleset_do_parse(type, buffer, err, NFTNL_PARSE_BUFFER, data, - cb); - } --EXPORT_SYMBOL(nftnl_ruleset_parse_buffer_cb); - - static int nftnl_ruleset_cb(const struct nftnl_parse_ctx *ctx) - { -@@ -671,19 +659,17 @@ static int nftnl_ruleset_cb(const struct nftnl_parse_ctx *ctx) - return 0; - } - --int nftnl_ruleset_parse(struct nftnl_ruleset *r, enum nftnl_parse_type type, -+int __EXPORTED nftnl_ruleset_parse(struct nftnl_ruleset *r, enum nftnl_parse_type type, - const char *data, struct nftnl_parse_err *err) - { - return nftnl_ruleset_parse_buffer_cb(type, data, err, r, nftnl_ruleset_cb); - } --EXPORT_SYMBOL(nftnl_ruleset_parse); - --int nftnl_ruleset_parse_file(struct nftnl_ruleset *rs, enum nftnl_parse_type type, -+int __EXPORTED nftnl_ruleset_parse_file(struct nftnl_ruleset *rs, enum nftnl_parse_type type, - FILE *fp, struct nftnl_parse_err *err) - { - return nftnl_ruleset_parse_file_cb(type, fp, err, rs, nftnl_ruleset_cb); - } --EXPORT_SYMBOL(nftnl_ruleset_parse_file); - - static const char *nftnl_ruleset_o_opentag(uint32_t type) - { -@@ -928,7 +914,7 @@ static int nftnl_ruleset_cmd_snprintf(char *buf, size_t size, - } - } - --int nftnl_ruleset_snprintf(char *buf, size_t size, const struct nftnl_ruleset *r, -+int __EXPORTED nftnl_ruleset_snprintf(char *buf, size_t size, const struct nftnl_ruleset *r, - uint32_t type, uint32_t flags) - { - switch (type) { -@@ -943,7 +929,6 @@ int nftnl_ruleset_snprintf(char *buf, size_t size, const struct nftnl_ruleset *r - return -1; - } - } --EXPORT_SYMBOL(nftnl_ruleset_snprintf); - - static int nftnl_ruleset_fprintf_tables(FILE *fp, const struct nftnl_ruleset *rs, - uint32_t type, uint32_t flags) -@@ -1157,10 +1142,9 @@ static int nftnl_ruleset_cmd_fprintf(FILE *fp, const struct nftnl_ruleset *rs, - return len; - } - --int nftnl_ruleset_fprintf(FILE *fp, const struct nftnl_ruleset *rs, uint32_t type, -+int __EXPORTED nftnl_ruleset_fprintf(FILE *fp, const struct nftnl_ruleset *rs, uint32_t type, - uint32_t flags) - { - return nftnl_ruleset_cmd_fprintf(fp, rs, nftnl_flag2cmd(flags), type, - flags); - } --EXPORT_SYMBOL(nftnl_ruleset_fprintf); -diff --git a/src/set.c b/src/set.c -index cce5e63..33a6794 100644 ---- a/src/set.c -+++ b/src/set.c -@@ -27,7 +27,7 @@ - #include <libnftnl/set.h> - #include <libnftnl/expr.h> - --struct nftnl_set *nftnl_set_alloc(void) -+struct nftnl_set __EXPORTED *nftnl_set_alloc(void) - { - struct nftnl_set *s; - -@@ -38,9 +38,8 @@ struct nftnl_set *nftnl_set_alloc(void) - INIT_LIST_HEAD(&s->element_list); - return s; - } --EXPORT_SYMBOL(nftnl_set_alloc); - --void nftnl_set_free(const struct nftnl_set *s) -+void __EXPORTED nftnl_set_free(const struct nftnl_set *s) - { - struct nftnl_set_elem *elem, *tmp; - -@@ -55,15 +54,13 @@ void nftnl_set_free(const struct nftnl_set *s) - } - xfree(s); - } --EXPORT_SYMBOL(nftnl_set_free); - --bool nftnl_set_is_set(const struct nftnl_set *s, uint16_t attr) -+bool __EXPORTED nftnl_set_is_set(const struct nftnl_set *s, uint16_t attr) - { - return s->flags & (1 << attr); - } --EXPORT_SYMBOL(nftnl_set_is_set); - --void nftnl_set_unset(struct nftnl_set *s, uint16_t attr) -+void __EXPORTED nftnl_set_unset(struct nftnl_set *s, uint16_t attr) - { - if (!(s->flags & (1 << attr))) - return; -@@ -97,7 +94,6 @@ void nftnl_set_unset(struct nftnl_set *s, uint16_t attr) - - s->flags &= ~(1 << attr); - } --EXPORT_SYMBOL(nftnl_set_unset); - - static uint32_t nftnl_set_validate[NFTNL_SET_MAX + 1] = { - [NFTNL_SET_FLAGS] = sizeof(uint32_t), -@@ -113,7 +109,7 @@ static uint32_t nftnl_set_validate[NFTNL_SET_MAX + 1] = { - [NFTNL_SET_GC_INTERVAL] = sizeof(uint32_t), - }; - --int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data, -+int __EXPORTED nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data, - uint32_t data_len) - { - nftnl_assert_attr_exists(attr, NFTNL_SET_MAX); -@@ -186,33 +182,28 @@ int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data, - s->flags |= (1 << attr); - return 0; - } --EXPORT_SYMBOL(nftnl_set_set_data); - --int nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data) -+int __EXPORTED nftnl_set_set(struct nftnl_set *s, uint16_t attr, const void *data) - { - return nftnl_set_set_data(s, attr, data, nftnl_set_validate[attr]); - } --EXPORT_SYMBOL(nftnl_set_set); - --void nftnl_set_set_u32(struct nftnl_set *s, uint16_t attr, uint32_t val) -+void __EXPORTED nftnl_set_set_u32(struct nftnl_set *s, uint16_t attr, uint32_t val) - { - nftnl_set_set(s, attr, &val); - } --EXPORT_SYMBOL(nftnl_set_set_u32); - --void nftnl_set_set_u64(struct nftnl_set *s, uint16_t attr, uint64_t val) -+void __EXPORTED nftnl_set_set_u64(struct nftnl_set *s, uint16_t attr, uint64_t val) - { - nftnl_set_set(s, attr, &val); - } --EXPORT_SYMBOL(nftnl_set_set_u64); - --int nftnl_set_set_str(struct nftnl_set *s, uint16_t attr, const char *str) -+int __EXPORTED nftnl_set_set_str(struct nftnl_set *s, uint16_t attr, const char *str) - { - return nftnl_set_set_data(s, attr, str, strlen(str) + 1); - } --EXPORT_SYMBOL(nftnl_set_set_str); - --const void *nftnl_set_get_data(const struct nftnl_set *s, uint16_t attr, -+const void __EXPORTED *nftnl_set_get_data(const struct nftnl_set *s, uint16_t attr, - uint32_t *data_len) - { - if (!(s->flags & (1 << attr))) -@@ -267,22 +258,19 @@ const void *nftnl_set_get_data(const struct nftnl_set *s, uint16_t attr, - } - return NULL; - } --EXPORT_SYMBOL(nftnl_set_get_data); - --const void *nftnl_set_get(const struct nftnl_set *s, uint16_t attr) -+const void __EXPORTED *nftnl_set_get(const struct nftnl_set *s, uint16_t attr) - { - uint32_t data_len; - return nftnl_set_get_data(s, attr, &data_len); - } --EXPORT_SYMBOL(nftnl_set_get); - --const char *nftnl_set_get_str(const struct nftnl_set *s, uint16_t attr) -+const char __EXPORTED *nftnl_set_get_str(const struct nftnl_set *s, uint16_t attr) - { - return nftnl_set_get(s, attr); - } --EXPORT_SYMBOL(nftnl_set_get_str); - --uint32_t nftnl_set_get_u32(const struct nftnl_set *s, uint16_t attr) -+uint32_t __EXPORTED nftnl_set_get_u32(const struct nftnl_set *s, uint16_t attr) - { - uint32_t data_len; - const uint32_t *val = nftnl_set_get_data(s, attr, &data_len); -@@ -291,9 +279,8 @@ uint32_t nftnl_set_get_u32(const struct nftnl_set *s, uint16_t attr) - - return val ? *val : 0; - } --EXPORT_SYMBOL(nftnl_set_get_u32); - --uint64_t nftnl_set_get_u64(const struct nftnl_set *s, uint16_t attr) -+uint64_t __EXPORTED nftnl_set_get_u64(const struct nftnl_set *s, uint16_t attr) - { - uint32_t data_len; - const uint64_t *val = nftnl_set_get_data(s, attr, &data_len); -@@ -302,7 +289,6 @@ uint64_t nftnl_set_get_u64(const struct nftnl_set *s, uint16_t attr) - - return val ? *val : 0; - } --EXPORT_SYMBOL(nftnl_set_get_u64); - - struct nftnl_set *nftnl_set_clone(const struct nftnl_set *set) - { -@@ -351,7 +337,7 @@ nftnl_set_nlmsg_build_desc_payload(struct nlmsghdr *nlh, struct nftnl_set *s) - mnl_attr_nest_end(nlh, nest); - } - --void nftnl_set_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set *s) -+void __EXPORTED nftnl_set_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set *s) - { - if (s->flags & (1 << NFTNL_SET_TABLE)) - mnl_attr_put_strz(nlh, NFTA_SET_TABLE, s->table); -@@ -383,7 +369,6 @@ void nftnl_set_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set *s) - if (s->flags & (1 << NFTNL_SET_USERDATA)) - mnl_attr_put(nlh, NFTA_SET_USERDATA, s->user.len, s->user.data); - } --EXPORT_SYMBOL(nftnl_set_nlmsg_build_payload); - - static int nftnl_set_parse_attr_cb(const struct nlattr *attr, void *data) - { -@@ -463,7 +448,7 @@ static int nftnl_set_desc_parse(struct nftnl_set *s, - return 0; - } - --int nftnl_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_set *s) -+int __EXPORTED nftnl_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_set *s) - { - struct nlattr *tb[NFTA_SET_MAX+1] = {}; - struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh); -@@ -546,7 +531,6 @@ int nftnl_set_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_set *s) - - return 0; - } --EXPORT_SYMBOL(nftnl_set_nlmsg_parse); - - #ifdef JSON_PARSING - static int nftnl_jansson_parse_set_info(struct nftnl_set *s, json_t *tree, -@@ -718,19 +702,17 @@ static int nftnl_set_do_parse(struct nftnl_set *s, enum nftnl_parse_type type, - - return ret; - } --int nftnl_set_parse(struct nftnl_set *s, enum nftnl_parse_type type, -+int __EXPORTED nftnl_set_parse(struct nftnl_set *s, enum nftnl_parse_type type, - const char *data, struct nftnl_parse_err *err) - { - return nftnl_set_do_parse(s, type, data, err, NFTNL_PARSE_BUFFER); - } --EXPORT_SYMBOL(nftnl_set_parse); - --int nftnl_set_parse_file(struct nftnl_set *s, enum nftnl_parse_type type, -+int __EXPORTED nftnl_set_parse_file(struct nftnl_set *s, enum nftnl_parse_type type, - FILE *fp, struct nftnl_parse_err *err) - { - return nftnl_set_do_parse(s, type, fp, err, NFTNL_PARSE_FILE); - } --EXPORT_SYMBOL(nftnl_set_parse_file); - - static int nftnl_set_snprintf_json(char *buf, size_t size, - const struct nftnl_set *s, -@@ -918,13 +900,12 @@ static int nftnl_set_cmd_snprintf(char *buf, size_t size, - return offset; - } - --int nftnl_set_snprintf(char *buf, size_t size, const struct nftnl_set *s, -+int __EXPORTED nftnl_set_snprintf(char *buf, size_t size, const struct nftnl_set *s, - uint32_t type, uint32_t flags) - { - return nftnl_set_cmd_snprintf(buf, size, s, nftnl_flag2cmd(flags), type, - flags); - } --EXPORT_SYMBOL(nftnl_set_snprintf); - - static int nftnl_set_do_snprintf(char *buf, size_t size, const void *s, - uint32_t cmd, uint32_t type, uint32_t flags) -@@ -932,25 +913,23 @@ static int nftnl_set_do_snprintf(char *buf, size_t size, const void *s, - return nftnl_set_snprintf(buf, size, s, type, flags); - } - --int nftnl_set_fprintf(FILE *fp, const struct nftnl_set *s, uint32_t type, -+int __EXPORTED nftnl_set_fprintf(FILE *fp, const struct nftnl_set *s, uint32_t type, - uint32_t flags) - { - return nftnl_fprintf(fp, s, NFTNL_CMD_UNSPEC, type, flags, - nftnl_set_do_snprintf); - } --EXPORT_SYMBOL(nftnl_set_fprintf); - --void nftnl_set_elem_add(struct nftnl_set *s, struct nftnl_set_elem *elem) -+void __EXPORTED nftnl_set_elem_add(struct nftnl_set *s, struct nftnl_set_elem *elem) - { - list_add_tail(&elem->head, &s->element_list); - } --EXPORT_SYMBOL(nftnl_set_elem_add); - - struct nftnl_set_list { - struct list_head list; - }; - --struct nftnl_set_list *nftnl_set_list_alloc(void) -+struct nftnl_set_list __EXPORTED *nftnl_set_list_alloc(void) - { - struct nftnl_set_list *list; - -@@ -962,9 +941,8 @@ struct nftnl_set_list *nftnl_set_list_alloc(void) - - return list; - } --EXPORT_SYMBOL(nftnl_set_list_alloc); - --void nftnl_set_list_free(struct nftnl_set_list *list) -+void __EXPORTED nftnl_set_list_free(struct nftnl_set_list *list) - { - struct nftnl_set *s, *tmp; - -@@ -974,33 +952,28 @@ void nftnl_set_list_free(struct nftnl_set_list *list) - } - xfree(list); - } --EXPORT_SYMBOL(nftnl_set_list_free); - --int nftnl_set_list_is_empty(const struct nftnl_set_list *list) -+int __EXPORTED nftnl_set_list_is_empty(const struct nftnl_set_list *list) - { - return list_empty(&list->list); - } --EXPORT_SYMBOL(nftnl_set_list_is_empty); - --void nftnl_set_list_add(struct nftnl_set *s, struct nftnl_set_list *list) -+void __EXPORTED nftnl_set_list_add(struct nftnl_set *s, struct nftnl_set_list *list) - { - list_add(&s->head, &list->list); - } --EXPORT_SYMBOL(nftnl_set_list_add); - --void nftnl_set_list_add_tail(struct nftnl_set *s, struct nftnl_set_list *list) -+void __EXPORTED nftnl_set_list_add_tail(struct nftnl_set *s, struct nftnl_set_list *list) - { - list_add_tail(&s->head, &list->list); - } --EXPORT_SYMBOL(nftnl_set_list_add_tail); - --void nftnl_set_list_del(struct nftnl_set *s) -+void __EXPORTED nftnl_set_list_del(struct nftnl_set *s) - { - list_del(&s->head); - } --EXPORT_SYMBOL(nftnl_set_list_del); - --int nftnl_set_list_foreach(struct nftnl_set_list *set_list, -+int __EXPORTED nftnl_set_list_foreach(struct nftnl_set_list *set_list, - int (*cb)(struct nftnl_set *t, void *data), void *data) - { - struct nftnl_set *cur, *tmp; -@@ -1013,14 +986,13 @@ int nftnl_set_list_foreach(struct nftnl_set_list *set_list, - } - return 0; - } --EXPORT_SYMBOL(nftnl_set_list_foreach); - - struct nftnl_set_list_iter { - const struct nftnl_set_list *list; - struct nftnl_set *cur; - }; - --struct nftnl_set_list_iter * -+struct nftnl_set_list_iter __EXPORTED * - nftnl_set_list_iter_create(const struct nftnl_set_list *l) - { - struct nftnl_set_list_iter *iter; -@@ -1037,16 +1009,14 @@ nftnl_set_list_iter_create(const struct nftnl_set_list *l) - - return iter; - } --EXPORT_SYMBOL(nftnl_set_list_iter_create); - --struct nftnl_set * -+struct nftnl_set __EXPORTED * - nftnl_set_list_iter_cur(const struct nftnl_set_list_iter *iter) - { - return iter->cur; - } --EXPORT_SYMBOL(nftnl_set_list_iter_cur); - --struct nftnl_set *nftnl_set_list_iter_next(struct nftnl_set_list_iter *iter) -+struct nftnl_set __EXPORTED *nftnl_set_list_iter_next(struct nftnl_set_list_iter *iter) - { - struct nftnl_set *s = iter->cur; - -@@ -1060,13 +1030,11 @@ struct nftnl_set *nftnl_set_list_iter_next(struct nftnl_set_list_iter *iter) - - return s; - } --EXPORT_SYMBOL(nftnl_set_list_iter_next); - --void nftnl_set_list_iter_destroy(const struct nftnl_set_list_iter *iter) -+void __EXPORTED nftnl_set_list_iter_destroy(const struct nftnl_set_list_iter *iter) - { - xfree(iter); - } --EXPORT_SYMBOL(nftnl_set_list_iter_destroy); - - static struct nftnl_set *nftnl_set_lookup(const char *this_set_name, - struct nftnl_set_list *set_list) -diff --git a/src/set_elem.c b/src/set_elem.c -index 433b896..bd1e895 100644 ---- a/src/set_elem.c -+++ b/src/set_elem.c -@@ -27,7 +27,7 @@ - #include <libnftnl/rule.h> - #include <libnftnl/expr.h> - --struct nftnl_set_elem *nftnl_set_elem_alloc(void) -+struct nftnl_set_elem __EXPORTED *nftnl_set_elem_alloc(void) - { - struct nftnl_set_elem *s; - -@@ -37,9 +37,8 @@ struct nftnl_set_elem *nftnl_set_elem_alloc(void) - - return s; - } --EXPORT_SYMBOL(nftnl_set_elem_alloc); - --void nftnl_set_elem_free(struct nftnl_set_elem *s) -+void __EXPORTED nftnl_set_elem_free(struct nftnl_set_elem *s) - { - if (s->flags & (1 << NFTNL_SET_ELEM_CHAIN)) - xfree(s->data.chain); -@@ -55,15 +54,13 @@ void nftnl_set_elem_free(struct nftnl_set_elem *s) - - xfree(s); - } --EXPORT_SYMBOL(nftnl_set_elem_free); - --bool nftnl_set_elem_is_set(const struct nftnl_set_elem *s, uint16_t attr) -+bool __EXPORTED nftnl_set_elem_is_set(const struct nftnl_set_elem *s, uint16_t attr) - { - return s->flags & (1 << attr); - } --EXPORT_SYMBOL(nftnl_set_elem_is_set); - --void nftnl_set_elem_unset(struct nftnl_set_elem *s, uint16_t attr) -+void __EXPORTED nftnl_set_elem_unset(struct nftnl_set_elem *s, uint16_t attr) - { - if (!(s->flags & (1 << attr))) - return; -@@ -94,9 +91,8 @@ void nftnl_set_elem_unset(struct nftnl_set_elem *s, uint16_t attr) - - s->flags &= ~(1 << attr); - } --EXPORT_SYMBOL(nftnl_set_elem_unset); - --int nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr, -+int __EXPORTED nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr, - const void *data, uint32_t data_len) - { - switch(attr) { -@@ -147,27 +143,23 @@ int nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr, - s->flags |= (1 << attr); - return -1; - } --EXPORT_SYMBOL(nftnl_set_elem_set); - --void nftnl_set_elem_set_u32(struct nftnl_set_elem *s, uint16_t attr, uint32_t val) -+void __EXPORTED nftnl_set_elem_set_u32(struct nftnl_set_elem *s, uint16_t attr, uint32_t val) - { - nftnl_set_elem_set(s, attr, &val, sizeof(uint32_t)); - } --EXPORT_SYMBOL(nftnl_set_elem_set_u32); - --void nftnl_set_elem_set_u64(struct nftnl_set_elem *s, uint16_t attr, uint64_t val) -+void __EXPORTED nftnl_set_elem_set_u64(struct nftnl_set_elem *s, uint16_t attr, uint64_t val) - { - nftnl_set_elem_set(s, attr, &val, sizeof(uint64_t)); - } --EXPORT_SYMBOL(nftnl_set_elem_set_u64); - --int nftnl_set_elem_set_str(struct nftnl_set_elem *s, uint16_t attr, const char *str) -+int __EXPORTED nftnl_set_elem_set_str(struct nftnl_set_elem *s, uint16_t attr, const char *str) - { - return nftnl_set_elem_set(s, attr, str, strlen(str) + 1); - } --EXPORT_SYMBOL(nftnl_set_elem_set_str); - --const void *nftnl_set_elem_get(struct nftnl_set_elem *s, uint16_t attr, uint32_t *data_len) -+const void __EXPORTED *nftnl_set_elem_get(struct nftnl_set_elem *s, uint16_t attr, uint32_t *data_len) - { - if (!(s->flags & (1 << attr))) - return NULL; -@@ -205,31 +197,27 @@ const void *nftnl_set_elem_get(struct nftnl_set_elem *s, uint16_t attr, uint32_t - } - return NULL; - } --EXPORT_SYMBOL(nftnl_set_elem_get); - --const char *nftnl_set_elem_get_str(struct nftnl_set_elem *s, uint16_t attr) -+const char __EXPORTED *nftnl_set_elem_get_str(struct nftnl_set_elem *s, uint16_t attr) - { - uint32_t size; - - return nftnl_set_elem_get(s, attr, &size); - } --EXPORT_SYMBOL(nftnl_set_elem_get_str); - --uint32_t nftnl_set_elem_get_u32(struct nftnl_set_elem *s, uint16_t attr) -+uint32_t __EXPORTED nftnl_set_elem_get_u32(struct nftnl_set_elem *s, uint16_t attr) - { - uint32_t size; - uint32_t val = *((uint32_t *)nftnl_set_elem_get(s, attr, &size)); - return val; - } --EXPORT_SYMBOL(nftnl_set_elem_get_u32); - --uint64_t nftnl_set_elem_get_u64(struct nftnl_set_elem *s, uint16_t attr) -+uint64_t __EXPORTED nftnl_set_elem_get_u64(struct nftnl_set_elem *s, uint16_t attr) - { - uint32_t size; - uint64_t val = *((uint64_t *)nftnl_set_elem_get(s, attr, &size)); - return val; - } --EXPORT_SYMBOL(nftnl_set_elem_get_u64); - - struct nftnl_set_elem *nftnl_set_elem_clone(struct nftnl_set_elem *elem) - { -@@ -315,7 +303,7 @@ static struct nlattr *nftnl_set_elem_build(struct nlmsghdr *nlh, - return nest2; - } - --void nftnl_set_elems_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set *s) -+void __EXPORTED nftnl_set_elems_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set *s) - { - struct nftnl_set_elem *elem; - struct nlattr *nest1; -@@ -332,7 +320,6 @@ void nftnl_set_elems_nlmsg_build_payload(struct nlmsghdr *nlh, struct nftnl_set - - mnl_attr_nest_end(nlh, nest1); - } --EXPORT_SYMBOL(nftnl_set_elems_nlmsg_build_payload); - - static int nftnl_set_elem_parse_attr_cb(const struct nlattr *attr, void *data) - { -@@ -503,7 +490,7 @@ static int nftnl_set_elems_parse(struct nftnl_set *s, const struct nlattr *nest) - return ret; - } - --int nftnl_set_elems_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_set *s) -+int __EXPORTED nftnl_set_elems_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_set *s) - { - struct nlattr *tb[NFTA_SET_ELEM_LIST_MAX+1] = {}; - struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh); -@@ -546,7 +533,6 @@ int nftnl_set_elems_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_set *s) - - return 0; - } --EXPORT_SYMBOL(nftnl_set_elems_nlmsg_parse); - - static int nftnl_set_elem_json_parse(struct nftnl_set_elem *e, const void *json, - struct nftnl_parse_err *err, -@@ -587,19 +573,17 @@ nftnl_set_elem_do_parse(struct nftnl_set_elem *e, enum nftnl_parse_type type, - - return ret; - } --int nftnl_set_elem_parse(struct nftnl_set_elem *e, enum nftnl_parse_type type, -+int __EXPORTED nftnl_set_elem_parse(struct nftnl_set_elem *e, enum nftnl_parse_type type, - const char *data, struct nftnl_parse_err *err) - { - return nftnl_set_elem_do_parse(e, type, data, err, NFTNL_PARSE_BUFFER); - } --EXPORT_SYMBOL(nftnl_set_elem_parse); - --int nftnl_set_elem_parse_file(struct nftnl_set_elem *e, enum nftnl_parse_type type, -+int __EXPORTED nftnl_set_elem_parse_file(struct nftnl_set_elem *e, enum nftnl_parse_type type, - FILE *fp, struct nftnl_parse_err *err) - { - return nftnl_set_elem_do_parse(e, type, fp, err, NFTNL_PARSE_FILE); - } --EXPORT_SYMBOL(nftnl_set_elem_parse_file); - - static int nftnl_set_elem_snprintf_json(char *buf, size_t size, - const struct nftnl_set_elem *e, -@@ -719,14 +703,13 @@ static int nftnl_set_elem_cmd_snprintf(char *buf, size_t size, - return offset; - } - --int nftnl_set_elem_snprintf(char *buf, size_t size, -+int __EXPORTED nftnl_set_elem_snprintf(char *buf, size_t size, - const struct nftnl_set_elem *e, - uint32_t type, uint32_t flags) - { - return nftnl_set_elem_cmd_snprintf(buf, size, e, nftnl_flag2cmd(flags), - type, flags); - } --EXPORT_SYMBOL(nftnl_set_elem_snprintf); - - static int nftnl_set_elem_do_snprintf(char *buf, size_t size, const void *e, - uint32_t cmd, uint32_t type, -@@ -735,15 +718,14 @@ static int nftnl_set_elem_do_snprintf(char *buf, size_t size, const void *e, - return nftnl_set_elem_snprintf(buf, size, e, type, flags); - } - --int nftnl_set_elem_fprintf(FILE *fp, struct nftnl_set_elem *se, uint32_t type, -+int __EXPORTED nftnl_set_elem_fprintf(FILE *fp, struct nftnl_set_elem *se, uint32_t type, - uint32_t flags) - { - return nftnl_fprintf(fp, se, NFTNL_CMD_UNSPEC, type, flags, - nftnl_set_elem_do_snprintf); - } --EXPORT_SYMBOL(nftnl_set_elem_fprintf); - --int nftnl_set_elem_foreach(struct nftnl_set *s, -+int __EXPORTED nftnl_set_elem_foreach(struct nftnl_set *s, - int (*cb)(struct nftnl_set_elem *e, void *data), - void *data) - { -@@ -757,7 +739,6 @@ int nftnl_set_elem_foreach(struct nftnl_set *s, - } - return 0; - } --EXPORT_SYMBOL(nftnl_set_elem_foreach); - - struct nftnl_set_elems_iter { - const struct nftnl_set *set; -@@ -765,7 +746,7 @@ struct nftnl_set_elems_iter { - struct nftnl_set_elem *cur; - }; - --struct nftnl_set_elems_iter * -+struct nftnl_set_elems_iter __EXPORTED * - nftnl_set_elems_iter_create(const struct nftnl_set *s) - { - struct nftnl_set_elems_iter *iter; -@@ -784,16 +765,14 @@ nftnl_set_elems_iter_create(const struct nftnl_set *s) - - return iter; - } --EXPORT_SYMBOL(nftnl_set_elems_iter_create); - --struct nftnl_set_elem * -+struct nftnl_set_elem __EXPORTED * - nftnl_set_elems_iter_cur(const struct nftnl_set_elems_iter *iter) - { - return iter->cur; - } --EXPORT_SYMBOL(nftnl_set_elems_iter_cur); - --struct nftnl_set_elem *nftnl_set_elems_iter_next(struct nftnl_set_elems_iter *iter) -+struct nftnl_set_elem __EXPORTED *nftnl_set_elems_iter_next(struct nftnl_set_elems_iter *iter) - { - struct nftnl_set_elem *s = iter->cur; - -@@ -806,13 +785,11 @@ struct nftnl_set_elem *nftnl_set_elems_iter_next(struct nftnl_set_elems_iter *it - - return s; - } --EXPORT_SYMBOL(nftnl_set_elems_iter_next); - --void nftnl_set_elems_iter_destroy(struct nftnl_set_elems_iter *iter) -+void __EXPORTED nftnl_set_elems_iter_destroy(struct nftnl_set_elems_iter *iter) - { - xfree(iter); - } --EXPORT_SYMBOL(nftnl_set_elems_iter_destroy); - - static bool nftnl_attr_nest_overflow(struct nlmsghdr *nlh, - const struct nlattr *from, -@@ -831,7 +808,7 @@ static bool nftnl_attr_nest_overflow(struct nlmsghdr *nlh, - return false; - } - --int nftnl_set_elems_nlmsg_build_payload_iter(struct nlmsghdr *nlh, -+int __EXPORTED nftnl_set_elems_nlmsg_build_payload_iter(struct nlmsghdr *nlh, - struct nftnl_set_elems_iter *iter) - { - struct nftnl_set_elem *elem; -@@ -861,4 +838,3 @@ int nftnl_set_elems_nlmsg_build_payload_iter(struct nlmsghdr *nlh, - - return ret; - } --EXPORT_SYMBOL(nftnl_set_elems_nlmsg_build_payload_iter); -diff --git a/src/table.c b/src/table.c -index a7d5a8f..0e99f3c 100644 ---- a/src/table.c -+++ b/src/table.c -@@ -36,28 +36,25 @@ struct nftnl_table { - uint32_t flags; - }; - --struct nftnl_table *nftnl_table_alloc(void) -+struct nftnl_table __EXPORTED *nftnl_table_alloc(void) - { - return calloc(1, sizeof(struct nftnl_table)); - } --EXPORT_SYMBOL(nftnl_table_alloc); - --void nftnl_table_free(const struct nftnl_table *t) -+void __EXPORTED nftnl_table_free(const struct nftnl_table *t) - { - if (t->flags & (1 << NFTNL_TABLE_NAME)) - xfree(t->name); - - xfree(t); - } --EXPORT_SYMBOL(nftnl_table_free); - --bool nftnl_table_is_set(const struct nftnl_table *t, uint16_t attr) -+bool __EXPORTED nftnl_table_is_set(const struct nftnl_table *t, uint16_t attr) - { - return t->flags & (1 << attr); - } --EXPORT_SYMBOL(nftnl_table_is_set); - --void nftnl_table_unset(struct nftnl_table *t, uint16_t attr) -+void __EXPORTED nftnl_table_unset(struct nftnl_table *t, uint16_t attr) - { - if (!(t->flags & (1 << attr))) - return; -@@ -74,14 +71,13 @@ void nftnl_table_unset(struct nftnl_table *t, uint16_t attr) - } - t->flags &= ~(1 << attr); - } --EXPORT_SYMBOL(nftnl_table_unset); - - static uint32_t nftnl_table_validate[NFTNL_TABLE_MAX + 1] = { - [NFTNL_TABLE_FLAGS] = sizeof(uint32_t), - [NFTNL_TABLE_FAMILY] = sizeof(uint32_t), - }; - --int nftnl_table_set_data(struct nftnl_table *t, uint16_t attr, -+int __EXPORTED nftnl_table_set_data(struct nftnl_table *t, uint16_t attr, - const void *data, uint32_t data_len) - { - nftnl_assert_attr_exists(attr, NFTNL_TABLE_MAX); -@@ -109,33 +105,28 @@ int nftnl_table_set_data(struct nftnl_table *t, uint16_t attr, - t->flags |= (1 << attr); - return 0; - } --EXPORT_SYMBOL(nftnl_table_set_data); - --void nftnl_table_set(struct nftnl_table *t, uint16_t attr, const void *data) -+void __EXPORTED nftnl_table_set(struct nftnl_table *t, uint16_t attr, const void *data) - { - nftnl_table_set_data(t, attr, data, nftnl_table_validate[attr]); - } --EXPORT_SYMBOL(nftnl_table_set); - --void nftnl_table_set_u32(struct nftnl_table *t, uint16_t attr, uint32_t val) -+void __EXPORTED nftnl_table_set_u32(struct nftnl_table *t, uint16_t attr, uint32_t val) - { - nftnl_table_set_data(t, attr, &val, sizeof(uint32_t)); - } --EXPORT_SYMBOL(nftnl_table_set_u32); - --void nftnl_table_set_u8(struct nftnl_table *t, uint16_t attr, uint8_t val) -+void __EXPORTED nftnl_table_set_u8(struct nftnl_table *t, uint16_t attr, uint8_t val) - { - nftnl_table_set_data(t, attr, &val, sizeof(uint8_t)); - } --EXPORT_SYMBOL(nftnl_table_set_u8); - --int nftnl_table_set_str(struct nftnl_table *t, uint16_t attr, const char *str) -+int __EXPORTED nftnl_table_set_str(struct nftnl_table *t, uint16_t attr, const char *str) - { - return nftnl_table_set_data(t, attr, str, strlen(str) + 1); - } --EXPORT_SYMBOL(nftnl_table_set_str); - --const void *nftnl_table_get_data(const struct nftnl_table *t, uint16_t attr, -+const void __EXPORTED *nftnl_table_get_data(const struct nftnl_table *t, uint16_t attr, - uint32_t *data_len) - { - if (!(t->flags & (1 << attr))) -@@ -157,43 +148,37 @@ const void *nftnl_table_get_data(const struct nftnl_table *t, uint16_t attr, - } - return NULL; - } --EXPORT_SYMBOL(nftnl_table_get_data); - --const void *nftnl_table_get(const struct nftnl_table *t, uint16_t attr) -+const void __EXPORTED *nftnl_table_get(const struct nftnl_table *t, uint16_t attr) - { - uint32_t data_len; - return nftnl_table_get_data(t, attr, &data_len); - } --EXPORT_SYMBOL(nftnl_table_get); - --uint32_t nftnl_table_get_u32(const struct nftnl_table *t, uint16_t attr) -+uint32_t __EXPORTED nftnl_table_get_u32(const struct nftnl_table *t, uint16_t attr) - { - const void *ret = nftnl_table_get(t, attr); - return ret == NULL ? 0 : *((uint32_t *)ret); - } --EXPORT_SYMBOL(nftnl_table_get_u32); - --uint8_t nftnl_table_get_u8(const struct nftnl_table *t, uint16_t attr) -+uint8_t __EXPORTED nftnl_table_get_u8(const struct nftnl_table *t, uint16_t attr) - { - const void *ret = nftnl_table_get(t, attr); - return ret == NULL ? 0 : *((uint8_t *)ret); - } --EXPORT_SYMBOL(nftnl_table_get_u8); - --const char *nftnl_table_get_str(const struct nftnl_table *t, uint16_t attr) -+const char __EXPORTED *nftnl_table_get_str(const struct nftnl_table *t, uint16_t attr) - { - return nftnl_table_get(t, attr); - } --EXPORT_SYMBOL(nftnl_table_get_str); - --void nftnl_table_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nftnl_table *t) -+void __EXPORTED nftnl_table_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nftnl_table *t) - { - if (t->flags & (1 << NFTNL_TABLE_NAME)) - mnl_attr_put_strz(nlh, NFTA_TABLE_NAME, t->name); - if (t->flags & (1 << NFTNL_TABLE_FLAGS)) - mnl_attr_put_u32(nlh, NFTA_TABLE_FLAGS, htonl(t->table_flags)); - } --EXPORT_SYMBOL(nftnl_table_nlmsg_build_payload); - - static int nftnl_table_parse_attr_cb(const struct nlattr *attr, void *data) - { -@@ -219,7 +204,7 @@ static int nftnl_table_parse_attr_cb(const struct nlattr *attr, void *data) - return MNL_CB_OK; - } - --int nftnl_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_table *t) -+int __EXPORTED nftnl_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_table *t) - { - struct nlattr *tb[NFTA_TABLE_MAX+1] = {}; - struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh); -@@ -249,7 +234,6 @@ int nftnl_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_table *t) - - return 0; - } --EXPORT_SYMBOL(nftnl_table_nlmsg_parse); - - #ifdef JSON_PARSING - int nftnl_jansson_parse_table(struct nftnl_table *t, json_t *tree, -@@ -330,19 +314,17 @@ static int nftnl_table_do_parse(struct nftnl_table *t, enum nftnl_parse_type typ - return ret; - } - --int nftnl_table_parse(struct nftnl_table *t, enum nftnl_parse_type type, -+int __EXPORTED nftnl_table_parse(struct nftnl_table *t, enum nftnl_parse_type type, - const char *data, struct nftnl_parse_err *err) - { - return nftnl_table_do_parse(t, type, data, err, NFTNL_PARSE_BUFFER); - } --EXPORT_SYMBOL(nftnl_table_parse); - --int nftnl_table_parse_file(struct nftnl_table *t, enum nftnl_parse_type type, -+int __EXPORTED nftnl_table_parse_file(struct nftnl_table *t, enum nftnl_parse_type type, - FILE *fp, struct nftnl_parse_err *err) - { - return nftnl_table_do_parse(t, type, fp, err, NFTNL_PARSE_FILE); - } --EXPORT_SYMBOL(nftnl_table_parse_file); - - static int nftnl_table_export(char *buf, size_t size, - const struct nftnl_table *t, int type) -@@ -400,13 +382,12 @@ static int nftnl_table_cmd_snprintf(char *buf, size_t size, - return offset; - } - --int nftnl_table_snprintf(char *buf, size_t size, const struct nftnl_table *t, -+int __EXPORTED nftnl_table_snprintf(char *buf, size_t size, const struct nftnl_table *t, - uint32_t type, uint32_t flags) - { - return nftnl_table_cmd_snprintf(buf, size, t, nftnl_flag2cmd(flags), type, - flags); - } --EXPORT_SYMBOL(nftnl_table_snprintf); - - static int nftnl_table_do_snprintf(char *buf, size_t size, const void *t, - uint32_t cmd, uint32_t type, uint32_t flags) -@@ -414,19 +395,18 @@ static int nftnl_table_do_snprintf(char *buf, size_t size, const void *t, - return nftnl_table_snprintf(buf, size, t, type, flags); - } - --int nftnl_table_fprintf(FILE *fp, const struct nftnl_table *t, uint32_t type, -+int __EXPORTED nftnl_table_fprintf(FILE *fp, const struct nftnl_table *t, uint32_t type, - uint32_t flags) - { - return nftnl_fprintf(fp, t, NFTNL_CMD_UNSPEC, type, flags, - nftnl_table_do_snprintf); - } --EXPORT_SYMBOL(nftnl_table_fprintf); - - struct nftnl_table_list { - struct list_head list; - }; - --struct nftnl_table_list *nftnl_table_list_alloc(void) -+struct nftnl_table_list __EXPORTED *nftnl_table_list_alloc(void) - { - struct nftnl_table_list *list; - -@@ -438,9 +418,8 @@ struct nftnl_table_list *nftnl_table_list_alloc(void) - - return list; - } --EXPORT_SYMBOL(nftnl_table_list_alloc); - --void nftnl_table_list_free(struct nftnl_table_list *list) -+void __EXPORTED nftnl_table_list_free(struct nftnl_table_list *list) - { - struct nftnl_table *r, *tmp; - -@@ -450,33 +429,28 @@ void nftnl_table_list_free(struct nftnl_table_list *list) - } - xfree(list); - } --EXPORT_SYMBOL(nftnl_table_list_free); - --int nftnl_table_list_is_empty(const struct nftnl_table_list *list) -+int __EXPORTED nftnl_table_list_is_empty(const struct nftnl_table_list *list) - { - return list_empty(&list->list); - } --EXPORT_SYMBOL(nftnl_table_list_is_empty); - --void nftnl_table_list_add(struct nftnl_table *r, struct nftnl_table_list *list) -+void __EXPORTED nftnl_table_list_add(struct nftnl_table *r, struct nftnl_table_list *list) - { - list_add(&r->head, &list->list); - } --EXPORT_SYMBOL(nftnl_table_list_add); - --void nftnl_table_list_add_tail(struct nftnl_table *r, struct nftnl_table_list *list) -+void __EXPORTED nftnl_table_list_add_tail(struct nftnl_table *r, struct nftnl_table_list *list) - { - list_add_tail(&r->head, &list->list); - } --EXPORT_SYMBOL(nftnl_table_list_add_tail); - --void nftnl_table_list_del(struct nftnl_table *t) -+void __EXPORTED nftnl_table_list_del(struct nftnl_table *t) - { - list_del(&t->head); - } --EXPORT_SYMBOL(nftnl_table_list_del); - --int nftnl_table_list_foreach(struct nftnl_table_list *table_list, -+int __EXPORTED nftnl_table_list_foreach(struct nftnl_table_list *table_list, - int (*cb)(struct nftnl_table *t, void *data), - void *data) - { -@@ -490,14 +464,13 @@ int nftnl_table_list_foreach(struct nftnl_table_list *table_list, - } - return 0; - } --EXPORT_SYMBOL(nftnl_table_list_foreach); - - struct nftnl_table_list_iter { - const struct nftnl_table_list *list; - struct nftnl_table *cur; - }; - --struct nftnl_table_list_iter * -+struct nftnl_table_list_iter __EXPORTED * - nftnl_table_list_iter_create(const struct nftnl_table_list *l) - { - struct nftnl_table_list_iter *iter; -@@ -514,9 +487,8 @@ nftnl_table_list_iter_create(const struct nftnl_table_list *l) - - return iter; - } --EXPORT_SYMBOL(nftnl_table_list_iter_create); - --struct nftnl_table *nftnl_table_list_iter_next(struct nftnl_table_list_iter *iter) -+struct nftnl_table __EXPORTED *nftnl_table_list_iter_next(struct nftnl_table_list_iter *iter) - { - struct nftnl_table *r = iter->cur; - -@@ -530,10 +502,8 @@ struct nftnl_table *nftnl_table_list_iter_next(struct nftnl_table_list_iter *ite - - return r; - } --EXPORT_SYMBOL(nftnl_table_list_iter_next); - --void nftnl_table_list_iter_destroy(const struct nftnl_table_list_iter *iter) -+void __EXPORTED nftnl_table_list_iter_destroy(const struct nftnl_table_list_iter *iter) - { - xfree(iter); - } --EXPORT_SYMBOL(nftnl_table_list_iter_destroy); -diff --git a/src/trace.c b/src/trace.c -index bd05d3c..4739ef9 100644 ---- a/src/trace.c -+++ b/src/trace.c -@@ -52,14 +52,12 @@ struct nftnl_trace { - uint32_t flags; - }; - --EXPORT_SYMBOL(nftnl_trace_alloc); --struct nftnl_trace *nftnl_trace_alloc(void) -+struct nftnl_trace __EXPORTED *nftnl_trace_alloc(void) - { - return calloc(1, sizeof(struct nftnl_trace)); - } - --EXPORT_SYMBOL(nftnl_trace_free); --void nftnl_trace_free(const struct nftnl_trace *t) -+void __EXPORTED nftnl_trace_free(const struct nftnl_trace *t) - { - xfree(t->chain); - xfree(t->table); -@@ -70,8 +68,7 @@ void nftnl_trace_free(const struct nftnl_trace *t) - xfree(t); - } - --EXPORT_SYMBOL(nftnl_trace_is_set); --bool nftnl_trace_is_set(const struct nftnl_trace *t, uint16_t attr) -+bool __EXPORTED nftnl_trace_is_set(const struct nftnl_trace *t, uint16_t attr) - { - return t->flags & (1 << attr); - } -@@ -130,8 +127,7 @@ static int nftnl_trace_parse_attr_cb(const struct nlattr *attr, void *data) - return MNL_CB_OK; - } - --EXPORT_SYMBOL(nftnl_trace_get_data); --const void *nftnl_trace_get_data(const struct nftnl_trace *trace, -+const void __EXPORTED *nftnl_trace_get_data(const struct nftnl_trace *trace, - uint16_t type, uint32_t *data_len) - { - enum nftnl_trace_attr attr = type; -@@ -201,8 +197,7 @@ const void *nftnl_trace_get_data(const struct nftnl_trace *trace, - return NULL; - } - --EXPORT_SYMBOL(nftnl_trace_get_str); --const char *nftnl_trace_get_str(const struct nftnl_trace *trace, uint16_t type) -+const char __EXPORTED *nftnl_trace_get_str(const struct nftnl_trace *trace, uint16_t type) - { - if (!nftnl_trace_is_set(trace, type)) - return NULL; -@@ -216,8 +211,7 @@ const char *nftnl_trace_get_str(const struct nftnl_trace *trace, uint16_t type) - return NULL; - } - --EXPORT_SYMBOL(nftnl_trace_get_u16); --uint16_t nftnl_trace_get_u16(const struct nftnl_trace *trace, uint16_t type) -+uint16_t __EXPORTED nftnl_trace_get_u16(const struct nftnl_trace *trace, uint16_t type) - { - const uint16_t *d; - uint32_t dlen; -@@ -229,8 +223,7 @@ uint16_t nftnl_trace_get_u16(const struct nftnl_trace *trace, uint16_t type) - return 0; - } - --EXPORT_SYMBOL(nftnl_trace_get_u32); --uint32_t nftnl_trace_get_u32(const struct nftnl_trace *trace, uint16_t type) -+uint32_t __EXPORTED nftnl_trace_get_u32(const struct nftnl_trace *trace, uint16_t type) - { - const uint32_t *d; - uint32_t dlen; -@@ -242,8 +235,7 @@ uint32_t nftnl_trace_get_u32(const struct nftnl_trace *trace, uint16_t type) - return 0; - } - --EXPORT_SYMBOL(nftnl_trace_get_u64); --uint64_t nftnl_trace_get_u64(const struct nftnl_trace *trace, uint16_t type) -+uint64_t __EXPORTED nftnl_trace_get_u64(const struct nftnl_trace *trace, uint16_t type) - { - const uint64_t *d; - uint32_t dlen; -@@ -323,9 +315,8 @@ static int nftnl_trace_parse_verdict(const struct nlattr *attr, - } - return 0; - } --EXPORT_SYMBOL(nftnl_trace_nlmsg_parse); - --int nftnl_trace_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_trace *t) -+int __EXPORTED nftnl_trace_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_trace *t) - { - struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh); - struct nlattr *tb[NFTA_TRACE_MAX+1] = {}; -diff --git a/src/udata.c b/src/udata.c -index d679dd0..7e2de0f 100644 ---- a/src/udata.c -+++ b/src/udata.c -@@ -16,7 +16,7 @@ - #include <stdint.h> - #include <string.h> - --struct nftnl_udata_buf *nftnl_udata_buf_alloc(uint32_t data_size) -+struct nftnl_udata_buf __EXPORTED *nftnl_udata_buf_alloc(uint32_t data_size) - { - struct nftnl_udata_buf *buf; - -@@ -28,47 +28,40 @@ struct nftnl_udata_buf *nftnl_udata_buf_alloc(uint32_t data_size) - - return buf; - } --EXPORT_SYMBOL(nftnl_udata_buf_alloc); - --void nftnl_udata_buf_free(const struct nftnl_udata_buf *buf) -+void __EXPORTED nftnl_udata_buf_free(const struct nftnl_udata_buf *buf) - { - xfree(buf); - } --EXPORT_SYMBOL(nftnl_udata_buf_free); - --uint32_t nftnl_udata_buf_len(const struct nftnl_udata_buf *buf) -+uint32_t __EXPORTED nftnl_udata_buf_len(const struct nftnl_udata_buf *buf) - { - return (uint32_t)(buf->end - buf->data); - } --EXPORT_SYMBOL(nftnl_udata_buf_len); - --void *nftnl_udata_buf_data(const struct nftnl_udata_buf *buf) -+void __EXPORTED *nftnl_udata_buf_data(const struct nftnl_udata_buf *buf) - { - return (void *)buf->data; - } --EXPORT_SYMBOL(nftnl_udata_buf_data); - --void nftnl_udata_buf_put(struct nftnl_udata_buf *buf, const void *data, -+void __EXPORTED nftnl_udata_buf_put(struct nftnl_udata_buf *buf, const void *data, - uint32_t len) - { - memcpy(buf->data, data, len <= buf->size ? len : buf->size); - buf->end = buf->data + len; - } --EXPORT_SYMBOL(nftnl_udata_buf_put); - --struct nftnl_udata *nftnl_udata_start(const struct nftnl_udata_buf *buf) -+struct nftnl_udata __EXPORTED *nftnl_udata_start(const struct nftnl_udata_buf *buf) - { - return (struct nftnl_udata *)buf->data; - } --EXPORT_SYMBOL(nftnl_udata_start); - --struct nftnl_udata *nftnl_udata_end(const struct nftnl_udata_buf *buf) -+struct nftnl_udata __EXPORTED *nftnl_udata_end(const struct nftnl_udata_buf *buf) - { - return (struct nftnl_udata *)buf->end; - } --EXPORT_SYMBOL(nftnl_udata_end); - --bool nftnl_udata_put(struct nftnl_udata_buf *buf, uint8_t type, uint32_t len, -+bool __EXPORTED nftnl_udata_put(struct nftnl_udata_buf *buf, uint8_t type, uint32_t len, - const void *value) - { - struct nftnl_udata *attr; -@@ -85,55 +78,47 @@ bool nftnl_udata_put(struct nftnl_udata_buf *buf, uint8_t type, uint32_t len, - - return true; - } --EXPORT_SYMBOL(nftnl_udata_put); - --bool nftnl_udata_put_strz(struct nftnl_udata_buf *buf, uint8_t type, -+bool __EXPORTED nftnl_udata_put_strz(struct nftnl_udata_buf *buf, uint8_t type, - const char *strz) - { - return nftnl_udata_put(buf, type, strlen(strz) + 1, strz); - } --EXPORT_SYMBOL(nftnl_udata_put_strz); - --bool nftnl_udata_put_u32(struct nftnl_udata_buf *buf, uint8_t type, -+bool __EXPORTED nftnl_udata_put_u32(struct nftnl_udata_buf *buf, uint8_t type, - uint32_t data) - { - return nftnl_udata_put(buf, type, sizeof(data), &data); - } --EXPORT_SYMBOL(nftnl_udata_put_u32); - --uint8_t nftnl_udata_type(const struct nftnl_udata *attr) -+uint8_t __EXPORTED nftnl_udata_type(const struct nftnl_udata *attr) - { - return attr->type; - } --EXPORT_SYMBOL(nftnl_udata_type); - --uint8_t nftnl_udata_len(const struct nftnl_udata *attr) -+uint8_t __EXPORTED nftnl_udata_len(const struct nftnl_udata *attr) - { - return attr->len; - } --EXPORT_SYMBOL(nftnl_udata_len); - --void *nftnl_udata_get(const struct nftnl_udata *attr) -+void __EXPORTED *nftnl_udata_get(const struct nftnl_udata *attr) - { - return (void *)attr->value; - } --EXPORT_SYMBOL(nftnl_udata_get); - --uint32_t nftnl_udata_get_u32(const struct nftnl_udata *attr) -+uint32_t __EXPORTED nftnl_udata_get_u32(const struct nftnl_udata *attr) - { - uint32_t *data = (uint32_t *)attr->value; - - return *data; - } --EXPORT_SYMBOL(nftnl_udata_get_u32); - --struct nftnl_udata *nftnl_udata_next(const struct nftnl_udata *attr) -+struct nftnl_udata __EXPORTED *nftnl_udata_next(const struct nftnl_udata *attr) - { - return (struct nftnl_udata *)&attr->value[attr->len]; - } --EXPORT_SYMBOL(nftnl_udata_next); - --int nftnl_udata_parse(const void *data, uint32_t data_len, nftnl_udata_cb_t cb, -+int __EXPORTED nftnl_udata_parse(const void *data, uint32_t data_len, nftnl_udata_cb_t cb, - void *cb_data) - { - int ret = 0; -@@ -147,4 +132,3 @@ int nftnl_udata_parse(const void *data, uint32_t data_len, nftnl_udata_cb_t cb, - - return ret; - } --EXPORT_SYMBOL(nftnl_udata_parse); --- -2.11.0 (Apple Git-81) - diff --git a/meta-networking/recipes-filter/libnftnl/libnftnl/0001-Move-exports-before-symbol-definition.patch b/meta-networking/recipes-filter/libnftnl/libnftnl/0001-Move-exports-before-symbol-definition.patch new file mode 100644 index 0000000000..995fd59a53 --- /dev/null +++ b/meta-networking/recipes-filter/libnftnl/libnftnl/0001-Move-exports-before-symbol-definition.patch @@ -0,0 +1,289 @@ +From 21eb59fbd071ebffb8495232766824944fb521a0 Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alex.kiernan@gmail.com> +Date: Wed, 7 Nov 2018 21:19:53 +0000 +Subject: [PATCH] Move exports before symbol definition + +Based on 7966020 ("src: Fix exporting symbols with clang"), when +EXPORT_SYMBOL is located after function definition, clang won't properly +export the function, resulting in a library with no symbols when built with +clang. + +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + src/flowtable.c | 54 +++++++++++++++++++++++++++--------------------------- + 1 file changed, 27 insertions(+), 27 deletions(-) + +diff --git a/src/flowtable.c b/src/flowtable.c +index c1ddae4..d7434e3 100644 +--- a/src/flowtable.c ++++ b/src/flowtable.c +@@ -34,12 +34,13 @@ struct nftnl_flowtable { + uint32_t flags; + }; + ++EXPORT_SYMBOL(nftnl_flowtable_alloc); + struct nftnl_flowtable *nftnl_flowtable_alloc(void) + { + return calloc(1, sizeof(struct nftnl_flowtable)); + } +-EXPORT_SYMBOL(nftnl_flowtable_alloc); + ++EXPORT_SYMBOL(nftnl_flowtable_free); + void nftnl_flowtable_free(const struct nftnl_flowtable *c) + { + int i; +@@ -56,14 +57,14 @@ void nftnl_flowtable_free(const struct nftnl_flowtable *c) + } + xfree(c); + } +-EXPORT_SYMBOL(nftnl_flowtable_free); + ++EXPORT_SYMBOL(nftnl_flowtable_is_set); + bool nftnl_flowtable_is_set(const struct nftnl_flowtable *c, uint16_t attr) + { + return c->flags & (1 << attr); + } +-EXPORT_SYMBOL(nftnl_flowtable_is_set); + ++EXPORT_SYMBOL(nftnl_flowtable_unset); + void nftnl_flowtable_unset(struct nftnl_flowtable *c, uint16_t attr) + { + int i; +@@ -96,7 +97,6 @@ void nftnl_flowtable_unset(struct nftnl_flowtable *c, uint16_t attr) + + c->flags &= ~(1 << attr); + } +-EXPORT_SYMBOL(nftnl_flowtable_unset); + + static uint32_t nftnl_flowtable_validate[NFTNL_FLOWTABLE_MAX + 1] = { + [NFTNL_FLOWTABLE_HOOKNUM] = sizeof(uint32_t), +@@ -105,6 +105,7 @@ static uint32_t nftnl_flowtable_validate[NFTNL_FLOWTABLE_MAX + 1] = { + [NFTNL_FLOWTABLE_FLAGS] = sizeof(uint32_t), + }; + ++EXPORT_SYMBOL(nftnl_flowtable_set_data); + int nftnl_flowtable_set_data(struct nftnl_flowtable *c, uint16_t attr, + const void *data, uint32_t data_len) + { +@@ -170,32 +171,32 @@ int nftnl_flowtable_set_data(struct nftnl_flowtable *c, uint16_t attr, + c->flags |= (1 << attr); + return 0; + } +-EXPORT_SYMBOL(nftnl_flowtable_set_data); + ++EXPORT_SYMBOL(nftnl_flowtable_set); + void nftnl_flowtable_set(struct nftnl_flowtable *c, uint16_t attr, const void *data) + { + nftnl_flowtable_set_data(c, attr, data, nftnl_flowtable_validate[attr]); + } +-EXPORT_SYMBOL(nftnl_flowtable_set); + ++EXPORT_SYMBOL(nftnl_flowtable_set_u32); + void nftnl_flowtable_set_u32(struct nftnl_flowtable *c, uint16_t attr, uint32_t data) + { + nftnl_flowtable_set_data(c, attr, &data, sizeof(uint32_t)); + } +-EXPORT_SYMBOL(nftnl_flowtable_set_u32); + ++EXPORT_SYMBOL(nftnl_flowtable_set_s32); + void nftnl_flowtable_set_s32(struct nftnl_flowtable *c, uint16_t attr, int32_t data) + { + nftnl_flowtable_set_data(c, attr, &data, sizeof(int32_t)); + } +-EXPORT_SYMBOL(nftnl_flowtable_set_s32); + ++EXPORT_SYMBOL(nftnl_flowtable_set_str); + int nftnl_flowtable_set_str(struct nftnl_flowtable *c, uint16_t attr, const char *str) + { + return nftnl_flowtable_set_data(c, attr, str, strlen(str) + 1); + } +-EXPORT_SYMBOL(nftnl_flowtable_set_str); + ++EXPORT_SYMBOL(nftnl_flowtable_get_data); + const void *nftnl_flowtable_get_data(const struct nftnl_flowtable *c, + uint16_t attr, uint32_t *data_len) + { +@@ -229,21 +230,21 @@ const void *nftnl_flowtable_get_data(const struct nftnl_flowtable *c, + } + return NULL; + } +-EXPORT_SYMBOL(nftnl_flowtable_get_data); + ++EXPORT_SYMBOL(nftnl_flowtable_get); + const void *nftnl_flowtable_get(const struct nftnl_flowtable *c, uint16_t attr) + { + uint32_t data_len; + return nftnl_flowtable_get_data(c, attr, &data_len); + } +-EXPORT_SYMBOL(nftnl_flowtable_get); + ++EXPORT_SYMBOL(nftnl_flowtable_get_str); + const char *nftnl_flowtable_get_str(const struct nftnl_flowtable *c, uint16_t attr) + { + return nftnl_flowtable_get(c, attr); + } +-EXPORT_SYMBOL(nftnl_flowtable_get_str); + ++EXPORT_SYMBOL(nftnl_flowtable_get_u32); + uint32_t nftnl_flowtable_get_u32(const struct nftnl_flowtable *c, uint16_t attr) + { + uint32_t data_len; +@@ -253,8 +254,8 @@ uint32_t nftnl_flowtable_get_u32(const struct nftnl_flowtable *c, uint16_t attr) + + return val ? *val : 0; + } +-EXPORT_SYMBOL(nftnl_flowtable_get_u32); + ++EXPORT_SYMBOL(nftnl_flowtable_get_s32); + int32_t nftnl_flowtable_get_s32(const struct nftnl_flowtable *c, uint16_t attr) + { + uint32_t data_len; +@@ -264,8 +265,8 @@ int32_t nftnl_flowtable_get_s32(const struct nftnl_flowtable *c, uint16_t attr) + + return val ? *val : 0; + } +-EXPORT_SYMBOL(nftnl_flowtable_get_s32); + ++EXPORT_SYMBOL(nftnl_flowtable_nlmsg_build_payload); + void nftnl_flowtable_nlmsg_build_payload(struct nlmsghdr *nlh, + const struct nftnl_flowtable *c) + { +@@ -301,7 +302,6 @@ void nftnl_flowtable_nlmsg_build_payload(struct nlmsghdr *nlh, + if (c->flags & (1 << NFTNL_FLOWTABLE_SIZE)) + mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_SIZE, htonl(c->size)); + } +-EXPORT_SYMBOL(nftnl_flowtable_nlmsg_build_payload); + + static int nftnl_flowtable_parse_attr_cb(const struct nlattr *attr, void *data) + { +@@ -412,6 +412,7 @@ static int nftnl_flowtable_parse_hook(struct nlattr *attr, struct nftnl_flowtabl + return 0; + } + ++EXPORT_SYMBOL(nftnl_flowtable_nlmsg_parse); + int nftnl_flowtable_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_flowtable *c) + { + struct nlattr *tb[NFTA_FLOWTABLE_MAX + 1] = {}; +@@ -460,7 +461,6 @@ int nftnl_flowtable_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_flowtab + + return ret; + } +-EXPORT_SYMBOL(nftnl_flowtable_nlmsg_parse); + + static const char *nftnl_hooknum2str(int family, int hooknum) + { +@@ -612,20 +612,20 @@ static int nftnl_flowtable_do_parse(struct nftnl_flowtable *c, + return ret; + } + ++EXPORT_SYMBOL(nftnl_flowtable_parse); + int nftnl_flowtable_parse(struct nftnl_flowtable *c, enum nftnl_parse_type type, + const char *data, struct nftnl_parse_err *err) + { + return nftnl_flowtable_do_parse(c, type, data, err, NFTNL_PARSE_BUFFER); + } +-EXPORT_SYMBOL(nftnl_flowtable_parse); + ++EXPORT_SYMBOL(nftnl_flowtable_parse_file); + int nftnl_flowtable_parse_file(struct nftnl_flowtable *c, + enum nftnl_parse_type type, + FILE *fp, struct nftnl_parse_err *err) + { + return nftnl_flowtable_do_parse(c, type, fp, err, NFTNL_PARSE_FILE); + } +-EXPORT_SYMBOL(nftnl_flowtable_parse_file); + + static int nftnl_flowtable_export(char *buf, size_t size, + const struct nftnl_flowtable *c, int type) +@@ -720,6 +720,7 @@ static int nftnl_flowtable_cmd_snprintf(char *buf, size_t size, + return offset; + } + ++EXPORT_SYMBOL(nftnl_flowtable_snprintf); + int nftnl_flowtable_snprintf(char *buf, size_t size, const struct nftnl_flowtable *c, + uint32_t type, uint32_t flags) + { +@@ -729,7 +730,6 @@ int nftnl_flowtable_snprintf(char *buf, size_t size, const struct nftnl_flowtabl + return nftnl_flowtable_cmd_snprintf(buf, size, c, nftnl_flag2cmd(flags), + type, flags); + } +-EXPORT_SYMBOL(nftnl_flowtable_snprintf); + + static int nftnl_flowtable_do_snprintf(char *buf, size_t size, const void *c, + uint32_t cmd, uint32_t type, uint32_t flags) +@@ -737,18 +737,19 @@ static int nftnl_flowtable_do_snprintf(char *buf, size_t size, const void *c, + return nftnl_flowtable_snprintf(buf, size, c, type, flags); + } + ++EXPORT_SYMBOL(nftnl_flowtable_fprintf); + int nftnl_flowtable_fprintf(FILE *fp, const struct nftnl_flowtable *c, + uint32_t type, uint32_t flags) + { + return nftnl_fprintf(fp, c, NFTNL_CMD_UNSPEC, type, flags, + nftnl_flowtable_do_snprintf); + } +-EXPORT_SYMBOL(nftnl_flowtable_fprintf); + + struct nftnl_flowtable_list { + struct list_head list; + }; + ++EXPORT_SYMBOL(nftnl_flowtable_list_alloc); + struct nftnl_flowtable_list *nftnl_flowtable_list_alloc(void) + { + struct nftnl_flowtable_list *list; +@@ -761,8 +762,8 @@ struct nftnl_flowtable_list *nftnl_flowtable_list_alloc(void) + + return list; + } +-EXPORT_SYMBOL(nftnl_flowtable_list_alloc); + ++EXPORT_SYMBOL(nftnl_flowtable_list_free); + void nftnl_flowtable_list_free(struct nftnl_flowtable_list *list) + { + struct nftnl_flowtable *s, *tmp; +@@ -773,34 +774,34 @@ void nftnl_flowtable_list_free(struct nftnl_flowtable_list *list) + } + xfree(list); + } +-EXPORT_SYMBOL(nftnl_flowtable_list_free); + ++EXPORT_SYMBOL(nftnl_flowtable_list_is_empty); + int nftnl_flowtable_list_is_empty(const struct nftnl_flowtable_list *list) + { + return list_empty(&list->list); + } +-EXPORT_SYMBOL(nftnl_flowtable_list_is_empty); + ++EXPORT_SYMBOL(nftnl_flowtable_list_add); + void nftnl_flowtable_list_add(struct nftnl_flowtable *s, + struct nftnl_flowtable_list *list) + { + list_add(&s->head, &list->list); + } +-EXPORT_SYMBOL(nftnl_flowtable_list_add); + ++EXPORT_SYMBOL(nftnl_flowtable_list_add_tail); + void nftnl_flowtable_list_add_tail(struct nftnl_flowtable *s, + struct nftnl_flowtable_list *list) + { + list_add_tail(&s->head, &list->list); + } +-EXPORT_SYMBOL(nftnl_flowtable_list_add_tail); + ++EXPORT_SYMBOL(nftnl_flowtable_list_del); + void nftnl_flowtable_list_del(struct nftnl_flowtable *s) + { + list_del(&s->head); + } +-EXPORT_SYMBOL(nftnl_flowtable_list_del); + ++EXPORT_SYMBOL(nftnl_flowtable_list_foreach); + int nftnl_flowtable_list_foreach(struct nftnl_flowtable_list *flowtable_list, + int (*cb)(struct nftnl_flowtable *t, void *data), void *data) + { +@@ -814,4 +815,3 @@ int nftnl_flowtable_list_foreach(struct nftnl_flowtable_list *flowtable_list, + } + return 0; + } +-EXPORT_SYMBOL(nftnl_flowtable_list_foreach); diff --git a/meta-networking/recipes-filter/libnftnl/libnftnl/0001-avoid-naming-local-function-as-one-of-printf-family.patch b/meta-networking/recipes-filter/libnftnl/libnftnl/0002-avoid-naming-local-function-as-one-of-printf-family.patch index 06e68177ce..e7e8f6fe91 100644 --- a/meta-networking/recipes-filter/libnftnl/libnftnl/0001-avoid-naming-local-function-as-one-of-printf-family.patch +++ b/meta-networking/recipes-filter/libnftnl/libnftnl/0002-avoid-naming-local-function-as-one-of-printf-family.patch @@ -1,51 +1,55 @@ -From f840cc0da571d98beb17855c177e9986bd096b72 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Thu, 13 Apr 2017 11:46:09 -0700 +From 5ea9fa9d345005f2f53b1b598edb85f5f24ca9da Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alex.kiernan@gmail.com> +Date: Wed, 7 Nov 2018 19:41:54 +0000 Subject: [PATCH] avoid naming local function as one of printf family Fixes build issues with clang error: no member named '__builtin___snprintf_chk' in 'struct expr_ops' Signed-off-by: Khem Raj <raj.khem@gmail.com> +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> --- - include/expr_ops.h | 2 +- - include/obj.h | 2 +- - src/buffer.c | 2 +- - src/expr.c | 4 ++-- - src/expr/bitwise.c | 2 +- - src/expr/byteorder.c | 2 +- - src/expr/cmp.c | 2 +- - src/expr/counter.c | 2 +- - src/expr/ct.c | 2 +- - src/expr/dup.c | 2 +- - src/expr/dynset.c | 2 +- - src/expr/exthdr.c | 2 +- - src/expr/fib.c | 2 +- - src/expr/fwd.c | 2 +- - src/expr/hash.c | 2 +- - src/expr/immediate.c | 2 +- - src/expr/limit.c | 2 +- - src/expr/log.c | 2 +- - src/expr/lookup.c | 2 +- - src/expr/masq.c | 2 +- - src/expr/match.c | 2 +- - src/expr/meta.c | 2 +- - src/expr/nat.c | 2 +- - src/expr/numgen.c | 2 +- - src/expr/objref.c | 2 +- - src/expr/payload.c | 2 +- - src/expr/queue.c | 2 +- - src/expr/quota.c | 2 +- - src/expr/range.c | 2 +- - src/expr/redir.c | 2 +- - src/expr/reject.c | 2 +- - src/expr/rt.c | 2 +- - src/expr/target.c | 2 +- - src/obj/counter.c | 2 +- - src/obj/ct_helper.c | 2 +- - src/obj/quota.c | 2 +- - src/object.c | 4 ++-- - 37 files changed, 39 insertions(+), 39 deletions(-) + include/expr_ops.h | 2 +- + include/obj.h | 2 +- + src/expr.c | 4 ++-- + src/expr/bitwise.c | 2 +- + src/expr/byteorder.c | 2 +- + src/expr/cmp.c | 2 +- + src/expr/connlimit.c | 2 +- + src/expr/counter.c | 2 +- + src/expr/ct.c | 2 +- + src/expr/dup.c | 2 +- + src/expr/dynset.c | 2 +- + src/expr/exthdr.c | 2 +- + src/expr/fib.c | 2 +- + src/expr/flow_offload.c | 2 +- + src/expr/fwd.c | 2 +- + src/expr/hash.c | 2 +- + src/expr/immediate.c | 2 +- + src/expr/limit.c | 2 +- + src/expr/log.c | 2 +- + src/expr/lookup.c | 2 +- + src/expr/masq.c | 2 +- + src/expr/match.c | 2 +- + src/expr/meta.c | 2 +- + src/expr/nat.c | 2 +- + src/expr/numgen.c | 2 +- + src/expr/objref.c | 2 +- + src/expr/payload.c | 2 +- + src/expr/queue.c | 2 +- + src/expr/quota.c | 2 +- + src/expr/range.c | 2 +- + src/expr/redir.c | 2 +- + src/expr/reject.c | 2 +- + src/expr/rt.c | 2 +- + src/expr/socket.c | 2 +- + src/expr/target.c | 2 +- + src/obj/counter.c | 2 +- + src/obj/ct_helper.c | 2 +- + src/obj/limit.c | 2 +- + src/obj/quota.c | 2 +- + src/object.c | 4 ++-- + 40 files changed, 42 insertions(+), 42 deletions(-) diff --git a/include/expr_ops.h b/include/expr_ops.h index e639390..c4fe050 100644 @@ -61,10 +65,10 @@ index e639390..c4fe050 100644 struct nftnl_parse_err *err); }; diff --git a/include/obj.h b/include/obj.h -index d90919f..772caff 100644 +index 4a728c8..4c20bd1 100644 --- a/include/obj.h +++ b/include/obj.h -@@ -47,7 +47,7 @@ struct obj_ops { +@@ -55,7 +55,7 @@ struct obj_ops { const void *(*get)(const struct nftnl_obj *e, uint16_t type, uint32_t *data_len); int (*parse)(struct nftnl_obj *e, struct nlattr *attr); void (*build)(struct nlmsghdr *nlh, const struct nftnl_obj *e); @@ -73,38 +77,25 @@ index d90919f..772caff 100644 int (*json_parse)(struct nftnl_obj *e, json_t *data, struct nftnl_parse_err *err); }; -diff --git a/src/buffer.c b/src/buffer.c -index f9d5a83..db656e2 100644 ---- a/src/buffer.c -+++ b/src/buffer.c -@@ -206,7 +206,7 @@ int nftnl_buf_expr(struct nftnl_buf *b, int type, uint32_t flags, - case NFTNL_OUTPUT_JSON: - nftnl_buf_put(b, "{"); - nftnl_buf_str(b, type, expr->ops->name, TYPE); -- ret = expr->ops->snprintf(b->buf + b->off, b->len, type, flags, -+ ret = expr->ops->snprintf_(b->buf + b->off, b->len, type, flags, - expr); - if (ret > 0) - nftnl_buf_update(b, ret); diff --git a/src/expr.c b/src/expr.c -index c7eb2b4..24f8f8c 100644 +index 62565e0..2489c30 100644 --- a/src/expr.c +++ b/src/expr.c -@@ -265,10 +265,10 @@ int __EXPORTED nftnl_expr_snprintf(char *buf, size_t size, const struct nftnl_ex - int ret; - unsigned int offset = 0, len = size; +@@ -285,10 +285,10 @@ int nftnl_expr_snprintf(char *buf, size_t size, const struct nftnl_expr *expr, + if (size) + buf[0] = '\0'; - if (!expr->ops->snprintf) + if (!expr->ops->snprintf_) return 0; -- ret = expr->ops->snprintf(buf+offset, len, type, flags, expr); -+ ret = expr->ops->snprintf_(buf+offset, len, type, flags, expr); - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); +- ret = expr->ops->snprintf(buf + offset, remain, type, flags, expr); ++ ret = expr->ops->snprintf_(buf + offset, remain, type, flags, expr); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); return offset; diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c -index 0febc9d..9b48e79 100644 +index a89734b..f8360b1 100644 --- a/src/expr/bitwise.c +++ b/src/expr/bitwise.c @@ -299,6 +299,6 @@ struct expr_ops expr_ops_bitwise = { @@ -116,7 +107,7 @@ index 0febc9d..9b48e79 100644 .json_parse = nftnl_expr_bitwise_json_parse, }; diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c -index 3805307..079582f 100644 +index 47c04cf..61f733f 100644 --- a/src/expr/byteorder.c +++ b/src/expr/byteorder.c @@ -314,6 +314,6 @@ struct expr_ops expr_ops_byteorder = { @@ -128,7 +119,7 @@ index 3805307..079582f 100644 .json_parse = nftnl_expr_byteorder_json_parse, }; diff --git a/src/expr/cmp.c b/src/expr/cmp.c -index 353e907..99b497c 100644 +index b26d0eb..522c7be 100644 --- a/src/expr/cmp.c +++ b/src/expr/cmp.c @@ -284,6 +284,6 @@ struct expr_ops expr_ops_cmp = { @@ -139,6 +130,18 @@ index 353e907..99b497c 100644 + .snprintf_ = nftnl_expr_cmp_snprintf, .json_parse = nftnl_expr_cmp_json_parse, }; +diff --git a/src/expr/connlimit.c b/src/expr/connlimit.c +index 60965b5..4e41866 100644 +--- a/src/expr/connlimit.c ++++ b/src/expr/connlimit.c +@@ -202,6 +202,6 @@ struct expr_ops expr_ops_connlimit = { + .get = nftnl_expr_connlimit_get, + .parse = nftnl_expr_connlimit_parse, + .build = nftnl_expr_connlimit_build, +- .snprintf = nftnl_expr_connlimit_snprintf, ++ .snprintf_ = nftnl_expr_connlimit_snprintf, + .json_parse = nftnl_expr_connlimit_json_parse, + }; diff --git a/src/expr/counter.c b/src/expr/counter.c index 21901e8..9fd7655 100644 --- a/src/expr/counter.c @@ -152,10 +155,10 @@ index 21901e8..9fd7655 100644 .json_parse = nftnl_expr_counter_json_parse, }; diff --git a/src/expr/ct.c b/src/expr/ct.c -index cdd08e9..6ce5478 100644 +index 39e9be6..b363f7c 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c -@@ -356,6 +356,6 @@ struct expr_ops expr_ops_ct = { +@@ -357,6 +357,6 @@ struct expr_ops expr_ops_ct = { .get = nftnl_expr_ct_get, .parse = nftnl_expr_ct_parse, .build = nftnl_expr_ct_build, @@ -164,7 +167,7 @@ index cdd08e9..6ce5478 100644 .json_parse = nftnl_expr_ct_json_parse, }; diff --git a/src/expr/dup.c b/src/expr/dup.c -index 9aa332b..2f491d8 100644 +index ed8e620..8d603e3 100644 --- a/src/expr/dup.c +++ b/src/expr/dup.c @@ -206,6 +206,6 @@ struct expr_ops expr_ops_dup = { @@ -176,7 +179,7 @@ index 9aa332b..2f491d8 100644 .json_parse = nftnl_expr_dup_json_parse, }; diff --git a/src/expr/dynset.c b/src/expr/dynset.c -index f7b99ea..758f07c 100644 +index 160d0e1..a43f4da 100644 --- a/src/expr/dynset.c +++ b/src/expr/dynset.c @@ -368,6 +368,6 @@ struct expr_ops expr_ops_dynset = { @@ -188,10 +191,10 @@ index f7b99ea..758f07c 100644 .json_parse = nftnl_expr_dynset_json_parse, }; diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c -index d4f1665..a834782 100644 +index 75cafbc..89ea7f5 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c -@@ -356,6 +356,6 @@ struct expr_ops expr_ops_exthdr = { +@@ -385,6 +385,6 @@ struct expr_ops expr_ops_exthdr = { .get = nftnl_expr_exthdr_get, .parse = nftnl_expr_exthdr_parse, .build = nftnl_expr_exthdr_build, @@ -200,10 +203,10 @@ index d4f1665..a834782 100644 .json_parse = nftnl_expr_exthdr_json_parse, }; diff --git a/src/expr/fib.c b/src/expr/fib.c -index f3be081..3c353b2 100644 +index b922b26..ece4645 100644 --- a/src/expr/fib.c +++ b/src/expr/fib.c -@@ -272,6 +272,6 @@ struct expr_ops expr_ops_fib = { +@@ -274,6 +274,6 @@ struct expr_ops expr_ops_fib = { .get = nftnl_expr_fib_get, .parse = nftnl_expr_fib_parse, .build = nftnl_expr_fib_build, @@ -211,11 +214,23 @@ index f3be081..3c353b2 100644 + .snprintf_ = nftnl_expr_fib_snprintf, .json_parse = nftnl_expr_fib_json_parse, }; +diff --git a/src/expr/flow_offload.c b/src/expr/flow_offload.c +index a2001c9..9cdbc21 100644 +--- a/src/expr/flow_offload.c ++++ b/src/expr/flow_offload.c +@@ -179,6 +179,6 @@ struct expr_ops expr_ops_flow = { + .get = nftnl_expr_flow_get, + .parse = nftnl_expr_flow_parse, + .build = nftnl_expr_flow_build, +- .snprintf = nftnl_expr_flow_snprintf, ++ .snprintf_ = nftnl_expr_flow_snprintf, + .json_parse = nftnl_expr_flow_json_parse, + }; diff --git a/src/expr/fwd.c b/src/expr/fwd.c -index c30d494..f6e41f1 100644 +index 9021606..7178f43 100644 --- a/src/expr/fwd.c +++ b/src/expr/fwd.c -@@ -180,6 +180,6 @@ struct expr_ops expr_ops_fwd = { +@@ -233,6 +233,6 @@ struct expr_ops expr_ops_fwd = { .get = nftnl_expr_fwd_get, .parse = nftnl_expr_fwd_parse, .build = nftnl_expr_fwd_build, @@ -224,10 +239,10 @@ index c30d494..f6e41f1 100644 .json_parse = nftnl_expr_fwd_json_parse, }; diff --git a/src/expr/hash.c b/src/expr/hash.c -index d870510..5acb66a 100644 +index 415537e..186c5b0 100644 --- a/src/expr/hash.c +++ b/src/expr/hash.c -@@ -332,6 +332,6 @@ struct expr_ops expr_ops_hash = { +@@ -383,6 +383,6 @@ struct expr_ops expr_ops_hash = { .get = nftnl_expr_hash_get, .parse = nftnl_expr_hash_parse, .build = nftnl_expr_hash_build, @@ -236,7 +251,7 @@ index d870510..5acb66a 100644 .json_parse = nftnl_expr_hash_json_parse, }; diff --git a/src/expr/immediate.c b/src/expr/immediate.c -index 0b188cc..94bd6da 100644 +index b0570bd..91ccbdc 100644 --- a/src/expr/immediate.c +++ b/src/expr/immediate.c @@ -316,6 +316,6 @@ struct expr_ops expr_ops_immediate = { @@ -260,10 +275,10 @@ index 856ab18..e71fc2f 100644 .json_parse = nftnl_expr_limit_json_parse, }; diff --git a/src/expr/log.c b/src/expr/log.c -index b642255..71dd83a 100644 +index 86d9651..5769c1c 100644 --- a/src/expr/log.c +++ b/src/expr/log.c -@@ -352,6 +352,6 @@ struct expr_ops expr_ops_log = { +@@ -353,6 +353,6 @@ struct expr_ops expr_ops_log = { .get = nftnl_expr_log_get, .parse = nftnl_expr_log_parse, .build = nftnl_expr_log_build, @@ -272,10 +287,10 @@ index b642255..71dd83a 100644 .json_parse = nftnl_expr_log_json_parse, }; diff --git a/src/expr/lookup.c b/src/expr/lookup.c -index 861815f..6049913 100644 +index 5fcb81f..b2f0dd6 100644 --- a/src/expr/lookup.c +++ b/src/expr/lookup.c -@@ -293,6 +293,6 @@ struct expr_ops expr_ops_lookup = { +@@ -292,6 +292,6 @@ struct expr_ops expr_ops_lookup = { .get = nftnl_expr_lookup_get, .parse = nftnl_expr_lookup_parse, .build = nftnl_expr_lookup_build, @@ -308,10 +323,10 @@ index dd09e1e..f0d8868 100644 .json_parse = nftnl_expr_match_json_parse, }; diff --git a/src/expr/meta.c b/src/expr/meta.c -index 2c75841..907a677 100644 +index de82105..91f1ebb 100644 --- a/src/expr/meta.c +++ b/src/expr/meta.c -@@ -290,6 +290,6 @@ struct expr_ops expr_ops_meta = { +@@ -291,6 +291,6 @@ struct expr_ops expr_ops_meta = { .get = nftnl_expr_meta_get, .parse = nftnl_expr_meta_parse, .build = nftnl_expr_meta_build, @@ -320,10 +335,10 @@ index 2c75841..907a677 100644 .json_parse = nftnl_expr_meta_json_parse, }; diff --git a/src/expr/nat.c b/src/expr/nat.c -index 29bc3a2..d476283 100644 +index 9271303..427c282 100644 --- a/src/expr/nat.c +++ b/src/expr/nat.c -@@ -383,6 +383,6 @@ struct expr_ops expr_ops_nat = { +@@ -384,6 +384,6 @@ struct expr_ops expr_ops_nat = { .get = nftnl_expr_nat_get, .parse = nftnl_expr_nat_parse, .build = nftnl_expr_nat_build, @@ -332,10 +347,10 @@ index 29bc3a2..d476283 100644 .json_parse = nftnl_expr_nat_json_parse, }; diff --git a/src/expr/numgen.c b/src/expr/numgen.c -index a15f03a..28ef741 100644 +index 5336fde..8e0479a 100644 --- a/src/expr/numgen.c +++ b/src/expr/numgen.c -@@ -264,6 +264,6 @@ struct expr_ops expr_ops_ng = { +@@ -313,6 +313,6 @@ struct expr_ops expr_ops_ng = { .get = nftnl_expr_ng_get, .parse = nftnl_expr_ng_parse, .build = nftnl_expr_ng_build, @@ -344,7 +359,7 @@ index a15f03a..28ef741 100644 .json_parse = nftnl_expr_ng_json_parse, }; diff --git a/src/expr/objref.c b/src/expr/objref.c -index 4cfa3cb..c394290 100644 +index 64ee863..4504488 100644 --- a/src/expr/objref.c +++ b/src/expr/objref.c @@ -278,6 +278,6 @@ struct expr_ops expr_ops_objref = { @@ -368,10 +383,10 @@ index 91e1587..894ac08 100644 .json_parse = nftnl_expr_payload_json_parse, }; diff --git a/src/expr/queue.c b/src/expr/queue.c -index 8a9deda..389af83 100644 +index a392a27..ee26c10 100644 --- a/src/expr/queue.c +++ b/src/expr/queue.c -@@ -276,6 +276,6 @@ struct expr_ops expr_ops_queue = { +@@ -275,6 +275,6 @@ struct expr_ops expr_ops_queue = { .get = nftnl_expr_queue_get, .parse = nftnl_expr_queue_parse, .build = nftnl_expr_queue_build, @@ -392,7 +407,7 @@ index 667e6e1..ff5d182 100644 .json_parse = nftnl_expr_quota_json_parse, }; diff --git a/src/expr/range.c b/src/expr/range.c -index 8c8ce12..34d422b 100644 +index b2789ff..8910f8a 100644 --- a/src/expr/range.c +++ b/src/expr/range.c @@ -283,6 +283,6 @@ struct expr_ops expr_ops_range = { @@ -404,7 +419,7 @@ index 8c8ce12..34d422b 100644 .json_parse = nftnl_expr_range_json_parse, }; diff --git a/src/expr/redir.c b/src/expr/redir.c -index 43538d5..8a21f93 100644 +index b2aa345..41b77ab 100644 --- a/src/expr/redir.c +++ b/src/expr/redir.c @@ -242,6 +242,6 @@ struct expr_ops expr_ops_redir = { @@ -428,10 +443,10 @@ index 11d8b20..b10e729 100644 .json_parse = nftnl_expr_reject_json_parse, }; diff --git a/src/expr/rt.c b/src/expr/rt.c -index 5088e66..9f44b29 100644 +index c3c92c7..688a042 100644 --- a/src/expr/rt.c +++ b/src/expr/rt.c -@@ -238,6 +238,6 @@ struct expr_ops expr_ops_rt = { +@@ -235,6 +235,6 @@ struct expr_ops expr_ops_rt = { .get = nftnl_expr_rt_get, .parse = nftnl_expr_rt_parse, .build = nftnl_expr_rt_build, @@ -439,6 +454,17 @@ index 5088e66..9f44b29 100644 + .snprintf_ = nftnl_expr_rt_snprintf, .json_parse = nftnl_expr_rt_json_parse, }; +diff --git a/src/expr/socket.c b/src/expr/socket.c +index db160a1..4c50011 100644 +--- a/src/expr/socket.c ++++ b/src/expr/socket.c +@@ -204,5 +204,5 @@ struct expr_ops expr_ops_socket = { + .get = nftnl_expr_socket_get, + .parse = nftnl_expr_socket_parse, + .build = nftnl_expr_socket_build, +- .snprintf = nftnl_expr_socket_snprintf, ++ .snprintf_ = nftnl_expr_socket_snprintf, + }; diff --git a/src/expr/target.c b/src/expr/target.c index ed4bf7d..2ef4078 100644 --- a/src/expr/target.c @@ -452,10 +478,10 @@ index ed4bf7d..2ef4078 100644 .json_parse = nftnl_expr_target_json_parse, }; diff --git a/src/obj/counter.c b/src/obj/counter.c -index beadc93..8c4cc25 100644 +index 332bb2b..edeb7be 100644 --- a/src/obj/counter.c +++ b/src/obj/counter.c -@@ -179,6 +179,6 @@ struct obj_ops obj_ops_counter = { +@@ -182,6 +182,6 @@ struct obj_ops obj_ops_counter = { .get = nftnl_obj_counter_get, .parse = nftnl_obj_counter_parse, .build = nftnl_obj_counter_build, @@ -464,10 +490,10 @@ index beadc93..8c4cc25 100644 .json_parse = nftnl_obj_counter_json_parse, }; diff --git a/src/obj/ct_helper.c b/src/obj/ct_helper.c -index d6d3111..4c7c88b 100644 +index 62569fe..69757ff 100644 --- a/src/obj/ct_helper.c +++ b/src/obj/ct_helper.c -@@ -205,6 +205,6 @@ struct obj_ops obj_ops_ct_helper = { +@@ -208,6 +208,6 @@ struct obj_ops obj_ops_ct_helper = { .get = nftnl_obj_ct_helper_get, .parse = nftnl_obj_ct_helper_parse, .build = nftnl_obj_ct_helper_build, @@ -475,11 +501,23 @@ index d6d3111..4c7c88b 100644 + .snprintf_ = nftnl_obj_ct_helper_snprintf, .json_parse = nftnl_obj_quota_json_parse, }; +diff --git a/src/obj/limit.c b/src/obj/limit.c +index 7f8bcf7..25018b6 100644 +--- a/src/obj/limit.c ++++ b/src/obj/limit.c +@@ -236,6 +236,6 @@ struct obj_ops obj_ops_limit = { + .get = nftnl_obj_limit_get, + .parse = nftnl_obj_limit_parse, + .build = nftnl_obj_limit_build, +- .snprintf = nftnl_obj_limit_snprintf, ++ .snprintf_ = nftnl_obj_limit_snprintf, + .json_parse = nftnl_obj_limit_json_parse, + }; diff --git a/src/obj/quota.c b/src/obj/quota.c -index d5757b2..e959ff8 100644 +index 6d36784..ecaa8b1 100644 --- a/src/obj/quota.c +++ b/src/obj/quota.c -@@ -200,6 +200,6 @@ struct obj_ops obj_ops_quota = { +@@ -203,6 +203,6 @@ struct obj_ops obj_ops_quota = { .get = nftnl_obj_quota_get, .parse = nftnl_obj_quota_parse, .build = nftnl_obj_quota_build, @@ -488,11 +526,11 @@ index d5757b2..e959ff8 100644 .json_parse = nftnl_obj_quota_json_parse, }; diff --git a/src/object.c b/src/object.c -index d409c6d..b938c97 100644 +index d8278f3..9654b7b 100644 --- a/src/object.c +++ b/src/object.c -@@ -389,7 +389,7 @@ static int nftnl_obj_export(char *buf, size_t size, - nftnl_buf_u32(&b, type, obj->use, USE); +@@ -429,7 +429,7 @@ static int nftnl_obj_export(char *buf, size_t size, + nftnl_buf_u64(&b, type, obj->handle, HANDLE); if (obj->ops) - ret = obj->ops->snprintf(buf + b.len, size - b.len, type, @@ -500,15 +538,12 @@ index d409c6d..b938c97 100644 flags, obj); b.len += ret; -@@ -410,7 +410,7 @@ static int nftnl_obj_snprintf_dflt(char *buf, size_t size, - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); +@@ -450,7 +450,7 @@ static int nftnl_obj_snprintf_dflt(char *buf, size_t size, + SNPRINTF_BUFFER_SIZE(ret, remain, offset); if (obj->ops) { -- ret = obj->ops->snprintf(buf + offset, offset, type, flags, obj); -+ ret = obj->ops->snprintf_(buf + offset, offset, type, flags, obj); - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); +- ret = obj->ops->snprintf(buf + offset, offset, type, flags, ++ ret = obj->ops->snprintf_(buf + offset, offset, type, flags, + obj); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); } - ret = snprintf(buf + offset, offset, "]"); --- -2.12.2 - diff --git a/meta-networking/recipes-filter/libnftnl/libnftnl_1.0.7.bb b/meta-networking/recipes-filter/libnftnl/libnftnl_1.1.1.bb index ca01c0a611..77959a7309 100644 --- a/meta-networking/recipes-filter/libnftnl/libnftnl_1.0.7.bb +++ b/meta-networking/recipes-filter/libnftnl/libnftnl_1.1.1.bb @@ -4,13 +4,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=79808397c3355f163c012616125c9e26" SECTION = "libs" DEPENDS = "libmnl" PV .= "+git${SRCPV}" -SRCREV = "4b89c0cb0883f638ff1abbc2ff47c43cdc26aac5" +SRCREV = "d379dfcb6c94dcb93a8f16896572d6e162138e0f" SRC_URI = "git://git.netfilter.org/libnftnl \ - file://0001-Declare-the-define-visivility-attribute-together.patch \ - file://0001-avoid-naming-local-function-as-one-of-printf-family.patch \ + file://0001-Move-exports-before-symbol-definition.patch \ + file://0002-avoid-naming-local-function-as-one-of-printf-family.patch \ " -SRC_URI[md5sum] = "82183867168eb6644926c48b991b8aac" -SRC_URI[sha256sum] = "9bb66ecbc64b8508249402f0093829f44177770ad99f6042b86b3a467d963982" S = "${WORKDIR}/git" diff --git a/meta-networking/recipes-filter/nfacct/nfacct_1.0.2.bb b/meta-networking/recipes-filter/nfacct/nfacct_1.0.2.bb index 8177ebcc2a..3245455271 100644 --- a/meta-networking/recipes-filter/nfacct/nfacct_1.0.2.bb +++ b/meta-networking/recipes-filter/nfacct/nfacct_1.0.2.bb @@ -3,6 +3,8 @@ HOMEPAGE = "http://netfilter.org/projects/nfacct/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" +UPSTREAM_CHECK_URI = "ftp://ftp.netfilter.org/pub/nfacct/" + SRC_URI = "ftp://ftp.netfilter.org/pub/${BPN}/${BP}.tar.bz2" SRC_URI[md5sum] = "94faafdaaed85ca9220c5692be8a408e" diff --git a/meta-networking/recipes-filter/nftables/files/0001-payload-explicit-network-ctx-assignment-for-icmp-icm.patch b/meta-networking/recipes-filter/nftables/files/0001-payload-explicit-network-ctx-assignment-for-icmp-icm.patch deleted file mode 100644 index 86a3d53dfd..0000000000 --- a/meta-networking/recipes-filter/nftables/files/0001-payload-explicit-network-ctx-assignment-for-icmp-icm.patch +++ /dev/null @@ -1,323 +0,0 @@ -From 0011985554e269e1cc8f8e5b41eb9dcd795ebe8c Mon Sep 17 00:00:00 2001 -From: Arturo Borrero Gonzalez <arturo@debian.org> -Date: Wed, 25 Jan 2017 12:51:08 +0100 -Subject: [PATCH] payload: explicit network ctx assignment for icmp/icmp6 in - special families - -In the inet, bridge and netdev families, we can add rules like these: - -% nft add rule inet t c ip protocol icmp icmp type echo-request -% nft add rule inet t c ip6 nexthdr icmpv6 icmpv6 type echo-request - -However, when we print the ruleset: - -% nft list ruleset -table inet t { - chain c { - icmpv6 type echo-request - icmp type echo-request - } -} - -These rules we obtain can't be added again: - -% nft add rule inet t c icmp type echo-request -<cmdline>:1:19-27: Error: conflicting protocols specified: inet-service vs. icmp -add rule inet t c icmp type echo-request - ^^^^^^^^^ - -% nft add rule inet t c icmpv6 type echo-request -<cmdline>:1:19-29: Error: conflicting protocols specified: inet-service vs. icmpv6 -add rule inet t c icmpv6 type echo-request - ^^^^^^^^^^^ - -Since I wouldn't expect an IP packet carrying ICMPv6, or IPv6 packet -carrying ICMP, if the link layer is inet, the network layer protocol context -can be safely update to 'ip' or 'ip6'. - -Moreover, nft currently generates a 'meta nfproto ipvX' depedency when -using icmp or icmp6 in the inet family, and similar in netdev and bridge -families. - -While at it, a bit of code factorization is introduced. - -Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=1073 -Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- -Upstream-Status: Backport -Signed-off-by: André Draszik <adraszik@tycoint.com> - src/payload.c | 70 ++++++++++++++++--------------------- - tests/py/any/icmpX.t.netdev | 8 +++++ - tests/py/any/icmpX.t.netdev.payload | 36 +++++++++++++++++++ - tests/py/bridge/icmpX.t | 8 +++++ - tests/py/bridge/icmpX.t.payload | 36 +++++++++++++++++++ - tests/py/inet/icmpX.t | 8 +++++ - tests/py/inet/icmpX.t.payload | 36 +++++++++++++++++++ - 7 files changed, 162 insertions(+), 40 deletions(-) - create mode 100644 tests/py/any/icmpX.t.netdev - create mode 100644 tests/py/any/icmpX.t.netdev.payload - create mode 100644 tests/py/bridge/icmpX.t - create mode 100644 tests/py/bridge/icmpX.t.payload - create mode 100644 tests/py/inet/icmpX.t - create mode 100644 tests/py/inet/icmpX.t.payload - -diff --git a/src/payload.c b/src/payload.c -index af533b2..74f8254 100644 ---- a/src/payload.c -+++ b/src/payload.c -@@ -223,6 +223,34 @@ static int payload_add_dependency(struct eval_ctx *ctx, - return 0; - } - -+static const struct proto_desc * -+payload_gen_special_dependency(struct eval_ctx *ctx, const struct expr *expr) -+{ -+ switch (expr->payload.base) { -+ case PROTO_BASE_LL_HDR: -+ switch (ctx->pctx.family) { -+ case NFPROTO_INET: -+ return &proto_inet; -+ case NFPROTO_BRIDGE: -+ return &proto_eth; -+ case NFPROTO_NETDEV: -+ return &proto_netdev; -+ default: -+ break; -+ } -+ break; -+ case PROTO_BASE_TRANSPORT_HDR: -+ if (expr->payload.desc == &proto_icmp) -+ return &proto_ip; -+ if (expr->payload.desc == &proto_icmp6) -+ return &proto_ip6; -+ return &proto_inet_service; -+ default: -+ break; -+ } -+ return NULL; -+} -+ - /** - * payload_gen_dependency - generate match expression on payload dependency - * -@@ -276,46 +304,8 @@ int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr, - - desc = ctx->pctx.protocol[expr->payload.base - 1].desc; - /* Special case for mixed IPv4/IPv6 and bridge tables */ -- if (desc == NULL) { -- switch (ctx->pctx.family) { -- case NFPROTO_INET: -- switch (expr->payload.base) { -- case PROTO_BASE_LL_HDR: -- desc = &proto_inet; -- break; -- case PROTO_BASE_TRANSPORT_HDR: -- desc = &proto_inet_service; -- break; -- default: -- break; -- } -- break; -- case NFPROTO_BRIDGE: -- switch (expr->payload.base) { -- case PROTO_BASE_LL_HDR: -- desc = &proto_eth; -- break; -- case PROTO_BASE_TRANSPORT_HDR: -- desc = &proto_inet_service; -- break; -- default: -- break; -- } -- break; -- case NFPROTO_NETDEV: -- switch (expr->payload.base) { -- case PROTO_BASE_LL_HDR: -- desc = &proto_netdev; -- break; -- case PROTO_BASE_TRANSPORT_HDR: -- desc = &proto_inet_service; -- break; -- default: -- break; -- } -- break; -- } -- } -+ if (desc == NULL) -+ desc = payload_gen_special_dependency(ctx, expr); - - if (desc == NULL) - return expr_error(ctx->msgs, expr, -diff --git a/tests/py/any/icmpX.t.netdev b/tests/py/any/icmpX.t.netdev -new file mode 100644 -index 0000000..a327ce6 ---- /dev/null -+++ b/tests/py/any/icmpX.t.netdev -@@ -0,0 +1,8 @@ -+:ingress;type filter hook ingress device lo priority 0 -+ -+*netdev;test-netdev;ingress -+ -+ip protocol icmp icmp type echo-request;ok;icmp type echo-request -+icmp type echo-request;ok -+ip6 nexthdr icmpv6 icmpv6 type echo-request;ok;icmpv6 type echo-request -+icmpv6 type echo-request;ok -diff --git a/tests/py/any/icmpX.t.netdev.payload b/tests/py/any/icmpX.t.netdev.payload -new file mode 100644 -index 0000000..8b8107c ---- /dev/null -+++ b/tests/py/any/icmpX.t.netdev.payload -@@ -0,0 +1,36 @@ -+# ip protocol icmp icmp type echo-request -+netdev test-netdev ingress -+ [ meta load protocol => reg 1 ] -+ [ cmp eq reg 1 0x00000008 ] -+ [ payload load 1b @ network header + 9 => reg 1 ] -+ [ cmp eq reg 1 0x00000001 ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000008 ] -+ -+# icmp type echo-request -+netdev test-netdev ingress -+ [ meta load protocol => reg 1 ] -+ [ cmp eq reg 1 0x00000008 ] -+ [ payload load 1b @ network header + 9 => reg 1 ] -+ [ cmp eq reg 1 0x00000001 ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000008 ] -+ -+# ip6 nexthdr icmpv6 icmpv6 type echo-request -+netdev test-netdev ingress -+ [ meta load protocol => reg 1 ] -+ [ cmp eq reg 1 0x0000dd86 ] -+ [ payload load 1b @ network header + 6 => reg 1 ] -+ [ cmp eq reg 1 0x0000003a ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000080 ] -+ -+# icmpv6 type echo-request -+netdev test-netdev ingress -+ [ meta load protocol => reg 1 ] -+ [ cmp eq reg 1 0x0000dd86 ] -+ [ payload load 1b @ network header + 6 => reg 1 ] -+ [ cmp eq reg 1 0x0000003a ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000080 ] -+ -diff --git a/tests/py/bridge/icmpX.t b/tests/py/bridge/icmpX.t -new file mode 100644 -index 0000000..8c0a597 ---- /dev/null -+++ b/tests/py/bridge/icmpX.t -@@ -0,0 +1,8 @@ -+:input;type filter hook input priority 0 -+ -+*bridge;test-bridge;input -+ -+ip protocol icmp icmp type echo-request;ok;icmp type echo-request -+icmp type echo-request;ok -+ip6 nexthdr icmpv6 icmpv6 type echo-request;ok;icmpv6 type echo-request -+icmpv6 type echo-request;ok -diff --git a/tests/py/bridge/icmpX.t.payload b/tests/py/bridge/icmpX.t.payload -new file mode 100644 -index 0000000..19efdd8 ---- /dev/null -+++ b/tests/py/bridge/icmpX.t.payload -@@ -0,0 +1,36 @@ -+# ip protocol icmp icmp type echo-request -+bridge test-bridge input -+ [ payload load 2b @ link header + 12 => reg 1 ] -+ [ cmp eq reg 1 0x00000008 ] -+ [ payload load 1b @ network header + 9 => reg 1 ] -+ [ cmp eq reg 1 0x00000001 ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000008 ] -+ -+# icmp type echo-request -+bridge test-bridge input -+ [ payload load 2b @ link header + 12 => reg 1 ] -+ [ cmp eq reg 1 0x00000008 ] -+ [ payload load 1b @ network header + 9 => reg 1 ] -+ [ cmp eq reg 1 0x00000001 ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000008 ] -+ -+# ip6 nexthdr icmpv6 icmpv6 type echo-request -+bridge test-bridge input -+ [ payload load 2b @ link header + 12 => reg 1 ] -+ [ cmp eq reg 1 0x0000dd86 ] -+ [ payload load 1b @ network header + 6 => reg 1 ] -+ [ cmp eq reg 1 0x0000003a ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000080 ] -+ -+# icmpv6 type echo-request -+bridge test-bridge input -+ [ payload load 2b @ link header + 12 => reg 1 ] -+ [ cmp eq reg 1 0x0000dd86 ] -+ [ payload load 1b @ network header + 6 => reg 1 ] -+ [ cmp eq reg 1 0x0000003a ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000080 ] -+ -diff --git a/tests/py/inet/icmpX.t b/tests/py/inet/icmpX.t -new file mode 100644 -index 0000000..1b467a1 ---- /dev/null -+++ b/tests/py/inet/icmpX.t -@@ -0,0 +1,8 @@ -+:input;type filter hook input priority 0 -+ -+*inet;test-inet;input -+ -+ip protocol icmp icmp type echo-request;ok;icmp type echo-request -+icmp type echo-request;ok -+ip6 nexthdr icmpv6 icmpv6 type echo-request;ok;icmpv6 type echo-request -+icmpv6 type echo-request;ok -diff --git a/tests/py/inet/icmpX.t.payload b/tests/py/inet/icmpX.t.payload -new file mode 100644 -index 0000000..81ca774 ---- /dev/null -+++ b/tests/py/inet/icmpX.t.payload -@@ -0,0 +1,36 @@ -+# ip protocol icmp icmp type echo-request -+inet test-inet input -+ [ meta load nfproto => reg 1 ] -+ [ cmp eq reg 1 0x00000002 ] -+ [ payload load 1b @ network header + 9 => reg 1 ] -+ [ cmp eq reg 1 0x00000001 ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000008 ] -+ -+# icmp type echo-request -+inet test-inet input -+ [ meta load nfproto => reg 1 ] -+ [ cmp eq reg 1 0x00000002 ] -+ [ payload load 1b @ network header + 9 => reg 1 ] -+ [ cmp eq reg 1 0x00000001 ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000008 ] -+ -+# ip6 nexthdr icmpv6 icmpv6 type echo-request -+inet test-inet input -+ [ meta load nfproto => reg 1 ] -+ [ cmp eq reg 1 0x0000000a ] -+ [ payload load 1b @ network header + 6 => reg 1 ] -+ [ cmp eq reg 1 0x0000003a ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000080 ] -+ -+# icmpv6 type echo-request -+inet test-inet input -+ [ meta load nfproto => reg 1 ] -+ [ cmp eq reg 1 0x0000000a ] -+ [ payload load 1b @ network header + 6 => reg 1 ] -+ [ cmp eq reg 1 0x0000003a ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000080 ] -+ --- -2.11.0 - diff --git a/meta-networking/recipes-filter/nftables/files/0002-proto-Add-some-exotic-ICMPv6-types.patch b/meta-networking/recipes-filter/nftables/files/0002-proto-Add-some-exotic-ICMPv6-types.patch deleted file mode 100644 index 4d9e9d11a4..0000000000 --- a/meta-networking/recipes-filter/nftables/files/0002-proto-Add-some-exotic-ICMPv6-types.patch +++ /dev/null @@ -1,147 +0,0 @@ -From 9ade8fb75f8963375b45b3f2973b8bb7aa66ad76 Mon Sep 17 00:00:00 2001 -From: Phil Sutter <phil@nwl.cc> -Date: Thu, 16 Mar 2017 13:43:20 +0100 -Subject: [PATCH] proto: Add some exotic ICMPv6 types - -This adds support for matching on inverse ND messages as defined by -RFC3122 (not implemented in Linux) and MLDv2 as defined by RFC3810. - -Note that ICMPV6_MLD2_REPORT macro is defined in linux/icmpv6.h but -including that header leads to conflicts with symbols defined in -netinet/icmp6.h. - -In addition to the above, "mld-listener-done" is introduced as an alias -for "mld-listener-reduction". - -Signed-off-by: Phil Sutter <phil@nwl.cc> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- -Upstream-Status: Backport -Signed-off-by: André Draszik <adraszik@tycoint.com> - src/proto.c | 8 ++++++++ - tests/py/ip6/icmpv6.t | 8 ++++++-- - tests/py/ip6/icmpv6.t.payload.ip6 | 34 +++++++++++++++++++++++++++++++++- - 3 files changed, 47 insertions(+), 3 deletions(-) - -diff --git a/src/proto.c b/src/proto.c -index fb96530..79e9dbf 100644 ---- a/src/proto.c -+++ b/src/proto.c -@@ -632,6 +632,10 @@ const struct proto_desc proto_ip = { - - #include <netinet/icmp6.h> - -+#define IND_NEIGHBOR_SOLICIT 141 -+#define IND_NEIGHBOR_ADVERT 142 -+#define ICMPV6_MLD2_REPORT 143 -+ - static const struct symbol_table icmp6_type_tbl = { - .base = BASE_DECIMAL, - .symbols = { -@@ -643,6 +647,7 @@ static const struct symbol_table icmp6_type_tbl = { - SYMBOL("echo-reply", ICMP6_ECHO_REPLY), - SYMBOL("mld-listener-query", MLD_LISTENER_QUERY), - SYMBOL("mld-listener-report", MLD_LISTENER_REPORT), -+ SYMBOL("mld-listener-done", MLD_LISTENER_REDUCTION), - SYMBOL("mld-listener-reduction", MLD_LISTENER_REDUCTION), - SYMBOL("nd-router-solicit", ND_ROUTER_SOLICIT), - SYMBOL("nd-router-advert", ND_ROUTER_ADVERT), -@@ -650,6 +655,9 @@ static const struct symbol_table icmp6_type_tbl = { - SYMBOL("nd-neighbor-advert", ND_NEIGHBOR_ADVERT), - SYMBOL("nd-redirect", ND_REDIRECT), - SYMBOL("router-renumbering", ICMP6_ROUTER_RENUMBERING), -+ SYMBOL("ind-neighbor-solicit", IND_NEIGHBOR_SOLICIT), -+ SYMBOL("ind-neighbor-advert", IND_NEIGHBOR_ADVERT), -+ SYMBOL("mld2-listener-report", ICMPV6_MLD2_REPORT), - SYMBOL_LIST_END - }, - }; -diff --git a/tests/py/ip6/icmpv6.t b/tests/py/ip6/icmpv6.t -index afbd451..a898fe3 100644 ---- a/tests/py/ip6/icmpv6.t -+++ b/tests/py/ip6/icmpv6.t -@@ -11,7 +11,8 @@ icmpv6 type echo-request accept;ok - icmpv6 type echo-reply accept;ok - icmpv6 type mld-listener-query accept;ok - icmpv6 type mld-listener-report accept;ok --icmpv6 type mld-listener-reduction accept;ok -+icmpv6 type mld-listener-done accept;ok -+icmpv6 type mld-listener-reduction accept;ok;icmpv6 type mld-listener-done accept - icmpv6 type nd-router-solicit accept;ok - icmpv6 type nd-router-advert accept;ok - icmpv6 type nd-neighbor-solicit accept;ok -@@ -19,8 +20,11 @@ icmpv6 type nd-neighbor-advert accept;ok - icmpv6 type nd-redirect accept;ok - icmpv6 type parameter-problem accept;ok - icmpv6 type router-renumbering accept;ok -+icmpv6 type ind-neighbor-solicit accept;ok -+icmpv6 type ind-neighbor-advert accept;ok -+icmpv6 type mld2-listener-report accept;ok - icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept;ok --icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept;ok -+icmpv6 type {router-renumbering, mld-listener-done, time-exceeded, nd-router-solicit} accept;ok - icmpv6 type {mld-listener-query, time-exceeded, nd-router-advert} accept;ok - icmpv6 type != {mld-listener-query, time-exceeded, nd-router-advert} accept;ok - -diff --git a/tests/py/ip6/icmpv6.t.payload.ip6 b/tests/py/ip6/icmpv6.t.payload.ip6 -index 9fe2496..30f58ca 100644 ---- a/tests/py/ip6/icmpv6.t.payload.ip6 -+++ b/tests/py/ip6/icmpv6.t.payload.ip6 -@@ -54,6 +54,14 @@ ip6 test-ip6 input - [ cmp eq reg 1 0x00000083 ] - [ immediate reg 0 accept ] - -+# icmpv6 type mld-listener-done accept -+ip6 test-ip6 input -+ [ payload load 1b @ network header + 6 => reg 1 ] -+ [ cmp eq reg 1 0x0000003a ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000084 ] -+ [ immediate reg 0 accept ] -+ - # icmpv6 type mld-listener-reduction accept - ip6 test-ip6 input - [ payload load 1b @ network header + 6 => reg 1 ] -@@ -118,6 +126,30 @@ ip6 test-ip6 input - [ cmp eq reg 1 0x0000008a ] - [ immediate reg 0 accept ] - -+# icmpv6 type ind-neighbor-solicit accept -+ip6 test-ip6 input -+ [ payload load 1b @ network header + 6 => reg 1 ] -+ [ cmp eq reg 1 0x0000003a ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x0000008d ] -+ [ immediate reg 0 accept ] -+ -+# icmpv6 type ind-neighbor-advert accept -+ip6 test-ip6 input -+ [ payload load 1b @ network header + 6 => reg 1 ] -+ [ cmp eq reg 1 0x0000003a ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x0000008e ] -+ [ immediate reg 0 accept ] -+ -+# icmpv6 type mld2-listener-report accept -+ip6 test-ip6 input -+ [ payload load 1b @ network header + 6 => reg 1 ] -+ [ cmp eq reg 1 0x0000003a ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x0000008f ] -+ [ immediate reg 0 accept ] -+ - # icmpv6 type {destination-unreachable, time-exceeded, nd-router-solicit} accept - __set%d test-ip6 3 - __set%d test-ip6 0 -@@ -129,7 +161,7 @@ ip6 test-ip6 input - [ lookup reg 1 set __set%d ] - [ immediate reg 0 accept ] - --# icmpv6 type {router-renumbering, mld-listener-reduction, time-exceeded, nd-router-solicit} accept -+# icmpv6 type {router-renumbering, mld-listener-done, time-exceeded, nd-router-solicit} accept - __set%d test-ip6 3 - __set%d test-ip6 0 - element 0000008a : 0 [end] element 00000084 : 0 [end] element 00000003 : 0 [end] element 00000085 : 0 [end] --- -2.11.0 - diff --git a/meta-networking/recipes-filter/nftables/files/0003-payload-split-ll-proto-dependency-into-helper.patch b/meta-networking/recipes-filter/nftables/files/0003-payload-split-ll-proto-dependency-into-helper.patch deleted file mode 100644 index 50cac300e8..0000000000 --- a/meta-networking/recipes-filter/nftables/files/0003-payload-split-ll-proto-dependency-into-helper.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 8d8cfe5ad6ca460a5262fb15fdbef3601058c784 Mon Sep 17 00:00:00 2001 -From: Florian Westphal <fw@strlen.de> -Date: Thu, 18 May 2017 13:30:54 +0200 -Subject: [PATCH 1/4] payload: split ll proto dependency into helper - -will be re-used in folloup patch for icmp/icmpv6 depenency -handling. - -Signed-off-by: Florian Westphal <fw@strlen.de> ---- -Upstream-Status: Backport -Signed-off-by: André Draszik <adraszik@tycoint.com> - src/payload.c | 29 ++++++++++++++++++----------- - 1 file changed, 18 insertions(+), 11 deletions(-) - -diff --git a/src/payload.c b/src/payload.c -index 55128fe..31e5a02 100644 ---- a/src/payload.c -+++ b/src/payload.c -@@ -224,21 +224,28 @@ static int payload_add_dependency(struct eval_ctx *ctx, - } - - static const struct proto_desc * -+payload_get_get_ll_hdr(const struct eval_ctx *ctx) -+{ -+ switch (ctx->pctx.family) { -+ case NFPROTO_INET: -+ return &proto_inet; -+ case NFPROTO_BRIDGE: -+ return &proto_eth; -+ case NFPROTO_NETDEV: -+ return &proto_netdev; -+ default: -+ break; -+ } -+ -+ return NULL; -+} -+ -+static const struct proto_desc * - payload_gen_special_dependency(struct eval_ctx *ctx, const struct expr *expr) - { - switch (expr->payload.base) { - case PROTO_BASE_LL_HDR: -- switch (ctx->pctx.family) { -- case NFPROTO_INET: -- return &proto_inet; -- case NFPROTO_BRIDGE: -- return &proto_eth; -- case NFPROTO_NETDEV: -- return &proto_netdev; -- default: -- break; -- } -- break; -+ return payload_get_get_ll_hdr(ctx); - case PROTO_BASE_TRANSPORT_HDR: - if (expr->payload.desc == &proto_icmp) - return &proto_ip; --- -2.11.0 - diff --git a/meta-networking/recipes-filter/nftables/files/0004-src-allow-update-of-net-base-w.-meta-l4proto-icmpv6.patch b/meta-networking/recipes-filter/nftables/files/0004-src-allow-update-of-net-base-w.-meta-l4proto-icmpv6.patch deleted file mode 100644 index 180edb3504..0000000000 --- a/meta-networking/recipes-filter/nftables/files/0004-src-allow-update-of-net-base-w.-meta-l4proto-icmpv6.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 9a1f2bbf3cd2417e0c10d18578e224abe2071d68 Mon Sep 17 00:00:00 2001 -From: Florian Westphal <fw@strlen.de> -Date: Tue, 21 Mar 2017 19:47:22 +0100 -Subject: [PATCH 2/4] src: allow update of net base w. meta l4proto icmpv6 - -nft add rule ip6 f i meta l4proto ipv6-icmp icmpv6 type nd-router-advert -<cmdline>:1:50-60: Error: conflicting protocols specified: unknown vs. icmpv6 - -add icmpv6 to nexthdr list so base gets updated correctly. - -Reported-by: Thomas Woerner <twoerner@redhat.com> -Signed-off-by: Florian Westphal <fw@strlen.de> ---- -Upstream-Status: Backport -Signed-off-by: André Draszik <adraszik@tycoint.com> - src/proto.c | 1 + - tests/py/any/meta.t | 1 + - tests/py/any/meta.t.payload | 7 +++++++ - 3 files changed, 9 insertions(+) - -diff --git a/src/proto.c b/src/proto.c -index 79e9dbf..fcdfbe7 100644 ---- a/src/proto.c -+++ b/src/proto.c -@@ -779,6 +779,7 @@ const struct proto_desc proto_inet_service = { - PROTO_LINK(IPPROTO_TCP, &proto_tcp), - PROTO_LINK(IPPROTO_DCCP, &proto_dccp), - PROTO_LINK(IPPROTO_SCTP, &proto_sctp), -+ PROTO_LINK(IPPROTO_ICMPV6, &proto_icmp6), - }, - .templates = { - [0] = PROTO_META_TEMPLATE("l4proto", &inet_protocol_type, NFT_META_L4PROTO, 8), -diff --git a/tests/py/any/meta.t b/tests/py/any/meta.t -index c3ac0a4..2ff942f 100644 ---- a/tests/py/any/meta.t -+++ b/tests/py/any/meta.t -@@ -38,6 +38,7 @@ meta l4proto { 33, 55, 67, 88};ok;meta l4proto { 33, 55, 67, 88} - meta l4proto != { 33, 55, 67, 88};ok - meta l4proto { 33-55};ok - meta l4proto != { 33-55};ok -+meta l4proto ipv6-icmp icmpv6 type nd-router-advert;ok;icmpv6 type nd-router-advert - - meta priority root;ok - meta priority none;ok -diff --git a/tests/py/any/meta.t.payload b/tests/py/any/meta.t.payload -index e432656..871f1ad 100644 ---- a/tests/py/any/meta.t.payload -+++ b/tests/py/any/meta.t.payload -@@ -187,6 +187,13 @@ ip test-ip4 input - [ byteorder reg 1 = hton(reg 1, 2, 1) ] - [ lookup reg 1 set __set%d 0x1 ] - -+# meta l4proto ipv6-icmp icmpv6 type nd-router-advert -+ip test-ip4 input -+ [ meta load l4proto => reg 1 ] -+ [ cmp eq reg 1 0x0000003a ] -+ [ payload load 1b @ transport header + 0 => reg 1 ] -+ [ cmp eq reg 1 0x00000086 ] -+ - # meta mark 0x4 - ip test-ip4 input - [ meta load mark => reg 1 ] --- -2.11.0 - diff --git a/meta-networking/recipes-filter/nftables/files/0005-src-ipv6-switch-implicit-dependencies-to-meta-l4prot.patch b/meta-networking/recipes-filter/nftables/files/0005-src-ipv6-switch-implicit-dependencies-to-meta-l4prot.patch deleted file mode 100644 index f600ae05c0..0000000000 --- a/meta-networking/recipes-filter/nftables/files/0005-src-ipv6-switch-implicit-dependencies-to-meta-l4prot.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 2366ed9ffcb4f5f5341f10f0a1d1a4688d37ad87 Mon Sep 17 00:00:00 2001 -From: Florian Westphal <fw@strlen.de> -Date: Wed, 22 Mar 2017 15:08:48 +0100 -Subject: [PATCH 3/4] src: ipv6: switch implicit dependencies to meta l4proto - -when using rule like - -ip6 filter input tcp dport 22 -nft generates: - [ payload load 1b @ network header + 6 => reg 1 ] - [ cmp eq reg 1 0x00000006 ] - [ payload load 2b @ transport header + 2 => reg 1 ] - [ cmp eq reg 1 0x00001600 ] - -which is: ip6 filter input ip6 nexthdr tcp dport 22 -IOW, such a rule won't match if e.g. a fragment header is in place. - -This changes ip6_proto to use 'meta l4proto' which is the protocol header -found by exthdr walk. - -A side effect is that for bridge we get a shorter dependency chain as it -no longer needs to prepend 'ether proto ipv6' for old 'ip6 nexthdr' dep. - -Only problem: - -ip6 nexthdr tcp tcp dport 22 -will now inject a (useless) meta l4 dependency as ip6 nexthdr is no -longer flagged as EXPR_F_PROTOCOL, to avoid this add a small helper -that skips the unneded meta dependency in that case. - -Signed-off-by: Florian Westphal <fw@strlen.de> ---- -Upstream-Status: Backport -Signed-off-by: André Draszik <adraszik@tycoint.com> - src/payload.c | 19 ++++++++++++++++++- - src/proto.c | 2 +- - 2 files changed, 19 insertions(+), 2 deletions(-) - -diff --git a/src/payload.c b/src/payload.c -index 31e5a02..38db15e 100644 ---- a/src/payload.c -+++ b/src/payload.c -@@ -117,6 +117,23 @@ static const struct expr_ops payload_expr_ops = { - .pctx_update = payload_expr_pctx_update, - }; - -+/* -+ * ipv6 is special case, we normally use 'meta l4proto' to fetch the last -+ * l4 header of the ipv6 extension header chain so we will also match -+ * tcp after a fragmentation header, for instance. -+ * -+ * If user specifically asks for nexthdr x, treat is as a full -+ * dependency rather than injecting another (useless) meta l4 one. -+ */ -+static bool proto_key_is_protocol(const struct proto_desc *desc, unsigned int type) -+{ -+ if (type == desc->protocol_key || -+ (desc == &proto_ip6 && type == IP6HDR_NEXTHDR)) -+ return true; -+ -+ return false; -+} -+ - struct expr *payload_expr_alloc(const struct location *loc, - const struct proto_desc *desc, - unsigned int type) -@@ -129,7 +146,7 @@ struct expr *payload_expr_alloc(const struct location *loc, - if (desc != NULL) { - tmpl = &desc->templates[type]; - base = desc->base; -- if (type == desc->protocol_key) -+ if (proto_key_is_protocol(desc, type)) - flags = EXPR_F_PROTOCOL; - } else { - tmpl = &proto_unknown_template; -diff --git a/src/proto.c b/src/proto.c -index fcdfbe7..3b20a5f 100644 ---- a/src/proto.c -+++ b/src/proto.c -@@ -707,7 +707,6 @@ const struct proto_desc proto_icmp6 = { - const struct proto_desc proto_ip6 = { - .name = "ip6", - .base = PROTO_BASE_NETWORK_HDR, -- .protocol_key = IP6HDR_NEXTHDR, - .protocols = { - PROTO_LINK(IPPROTO_ESP, &proto_esp), - PROTO_LINK(IPPROTO_AH, &proto_ah), -@@ -720,6 +719,7 @@ const struct proto_desc proto_ip6 = { - PROTO_LINK(IPPROTO_ICMPV6, &proto_icmp6), - }, - .templates = { -+ [0] = PROTO_META_TEMPLATE("l4proto", &inet_protocol_type, NFT_META_L4PROTO, 8), - [IP6HDR_VERSION] = HDR_BITFIELD("version", &integer_type, 0, 4), - [IP6HDR_DSCP] = HDR_BITFIELD("dscp", &dscp_type, 4, 6), - [IP6HDR_ECN] = HDR_BITFIELD("ecn", &ecn_type, 10, 2), --- -2.11.0 - diff --git a/meta-networking/recipes-filter/nftables/files/0006-payload-enforce-ip-ip6-protocol-depending-on-icmp-or.patch b/meta-networking/recipes-filter/nftables/files/0006-payload-enforce-ip-ip6-protocol-depending-on-icmp-or.patch deleted file mode 100644 index 00076d7cef..0000000000 --- a/meta-networking/recipes-filter/nftables/files/0006-payload-enforce-ip-ip6-protocol-depending-on-icmp-or.patch +++ /dev/null @@ -1,84 +0,0 @@ -From f21a7a4849b50c30341ec571813bd7fe37040ad3 Mon Sep 17 00:00:00 2001 -From: Florian Westphal <fw@strlen.de> -Date: Thu, 18 May 2017 13:30:54 +0200 -Subject: [PATCH 4/4] payload: enforce ip/ip6 protocol depending on icmp or - icmpv6 - -After some discussion with Pablo we agreed to treat icmp/icmpv6 specially. - -in the case of a rule like 'tcp dport 22' the inet, bridge and netdev -families only care about the lower layer protocol. - -In the icmpv6 case however we'd like to also enforce an ipv6 protocol check -(and ipv4 check in icmp case). - -This extends payload_gen_special_dependency() to consider this. -With this patch: - -add rule $pf filter input meta l4proto icmpv6 -add rule $pf filter input meta l4proto icmpv6 icmpv6 type echo-request -add rule $pf filter input icmpv6 type echo-request - -will work in all tables and all families. -For inet/bridge/netdev, an ipv6 protocol dependency is added; this will -not match ipv4 packets with ip->protocol == icmpv6, EXCEPT in the case -of the ip family. - -Its still possible to match icmpv6-in-ipv4 in inet/bridge/netdev with an -explicit dependency: - -add rule inet f i ip protocol ipv6-icmp meta l4proto ipv6-icmp icmpv6 type ... - -Implicit dependencies won't get removed at the moment, so - bridge ... icmp type echo-request -will be shown as - ether type ip meta l4proto 1 icmp type echo-request - -Signed-off-by: Florian Westphal <fw@strlen.de> ---- -Upstream-Status: Backport -Signed-off-by: André Draszik <adraszik@tycoint.com> - src/payload.c | 27 +++++++++++++++++++++++---- - 1 file changed, 23 insertions(+), 4 deletions(-) - -diff --git a/src/payload.c b/src/payload.c -index 38db15e..8796ee5 100644 ---- a/src/payload.c -+++ b/src/payload.c -@@ -264,10 +264,29 @@ payload_gen_special_dependency(struct eval_ctx *ctx, const struct expr *expr) - case PROTO_BASE_LL_HDR: - return payload_get_get_ll_hdr(ctx); - case PROTO_BASE_TRANSPORT_HDR: -- if (expr->payload.desc == &proto_icmp) -- return &proto_ip; -- if (expr->payload.desc == &proto_icmp6) -- return &proto_ip6; -+ if (expr->payload.desc == &proto_icmp || -+ expr->payload.desc == &proto_icmp6) { -+ const struct proto_desc *desc, *desc_upper; -+ struct stmt *nstmt; -+ -+ desc = ctx->pctx.protocol[PROTO_BASE_LL_HDR].desc; -+ if (!desc) { -+ desc = payload_get_get_ll_hdr(ctx); -+ if (!desc) -+ break; -+ } -+ -+ desc_upper = &proto_ip6; -+ if (expr->payload.desc == &proto_icmp) -+ desc_upper = &proto_ip; -+ -+ if (payload_add_dependency(ctx, desc, desc_upper, -+ expr, &nstmt) < 0) -+ return NULL; -+ -+ list_add_tail(&nstmt->list, &ctx->stmt->list); -+ return desc_upper; -+ } - return &proto_inet_service; - default: - break; --- -2.11.0 - diff --git a/meta-networking/recipes-filter/nftables/files/0007-src-ip-switch-implicit-dependencies-to-meta-l4proto-.patch b/meta-networking/recipes-filter/nftables/files/0007-src-ip-switch-implicit-dependencies-to-meta-l4proto-.patch deleted file mode 100644 index 5b72437d27..0000000000 --- a/meta-networking/recipes-filter/nftables/files/0007-src-ip-switch-implicit-dependencies-to-meta-l4proto-.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 0825c57d571bb7121e7048e198b9b023f7e7f358 Mon Sep 17 00:00:00 2001 -From: Florian Westphal <fw@strlen.de> -Date: Sun, 7 May 2017 03:53:30 +0200 -Subject: [PATCH] src: ip: switch implicit dependencies to meta l4proto too - -after ip6 nexthdr also switch ip to meta l4proto instead of ip protocol. - -While its needed for ipv6 (due to extension headers) this isn't needed -for ip but it has the advantage that - -tcp dport 22 - -produces same expressions for ip/ip6/inet families. - -Signed-off-by: Florian Westphal <fw@strlen.de> ---- -Upstream-Status: Backport -Signed-off-by: André Draszik <adraszik@tycoint.com> - src/payload.c | 17 +++++++++++------ - src/proto.c | 3 ++- - 2 files changed, 13 insertions(+), 7 deletions(-) - -diff --git a/src/payload.c b/src/payload.c -index 8796ee5..11b6df3 100644 ---- a/src/payload.c -+++ b/src/payload.c -@@ -118,17 +118,22 @@ static const struct expr_ops payload_expr_ops = { - }; - - /* -- * ipv6 is special case, we normally use 'meta l4proto' to fetch the last -- * l4 header of the ipv6 extension header chain so we will also match -+ * We normally use 'meta l4proto' to fetch the last l4 header of the -+ * ipv6 extension header chain so we will also match - * tcp after a fragmentation header, for instance. -+ * For consistency we also use meta l4proto for ipv4. - * -- * If user specifically asks for nexthdr x, treat is as a full -- * dependency rather than injecting another (useless) meta l4 one. -+ * If user specifically asks for nexthdr x, don't add another (useless) -+ * meta dependency. - */ - static bool proto_key_is_protocol(const struct proto_desc *desc, unsigned int type) - { -- if (type == desc->protocol_key || -- (desc == &proto_ip6 && type == IP6HDR_NEXTHDR)) -+ if (type == desc->protocol_key) -+ return true; -+ -+ if (desc == &proto_ip6 && type == IP6HDR_NEXTHDR) -+ return true; -+ if (desc == &proto_ip && type == IPHDR_PROTOCOL) - return true; - - return false; -diff --git a/src/proto.c b/src/proto.c -index 3b20a5f..2afedf7 100644 ---- a/src/proto.c -+++ b/src/proto.c -@@ -587,7 +587,6 @@ const struct proto_desc proto_ip = { - .name = "ip", - .base = PROTO_BASE_NETWORK_HDR, - .checksum_key = IPHDR_CHECKSUM, -- .protocol_key = IPHDR_PROTOCOL, - .protocols = { - PROTO_LINK(IPPROTO_ICMP, &proto_icmp), - PROTO_LINK(IPPROTO_ESP, &proto_esp), -@@ -600,6 +599,7 @@ const struct proto_desc proto_ip = { - PROTO_LINK(IPPROTO_SCTP, &proto_sctp), - }, - .templates = { -+ [0] = PROTO_META_TEMPLATE("l4proto", &inet_protocol_type, NFT_META_L4PROTO, 8), - [IPHDR_VERSION] = HDR_BITFIELD("version", &integer_type, 0, 4), - [IPHDR_HDRLENGTH] = HDR_BITFIELD("hdrlength", &integer_type, 4, 4), - [IPHDR_DSCP] = HDR_BITFIELD("dscp", &dscp_type, 8, 6), -@@ -779,6 +779,7 @@ const struct proto_desc proto_inet_service = { - PROTO_LINK(IPPROTO_TCP, &proto_tcp), - PROTO_LINK(IPPROTO_DCCP, &proto_dccp), - PROTO_LINK(IPPROTO_SCTP, &proto_sctp), -+ PROTO_LINK(IPPROTO_ICMP, &proto_icmp), - PROTO_LINK(IPPROTO_ICMPV6, &proto_icmp6), - }, - .templates = { --- -2.11.0 - diff --git a/meta-networking/recipes-filter/nftables/files/fix-to-generate-ntf.8.patch b/meta-networking/recipes-filter/nftables/files/fix-to-generate-ntf.8.patch deleted file mode 100644 index 8dce90a754..0000000000 --- a/meta-networking/recipes-filter/nftables/files/fix-to-generate-ntf.8.patch +++ /dev/null @@ -1,26 +0,0 @@ -[PATCH] disable to make ntf.8 man - -Upstream-Status: Pending - -$DB2MAN do not support the xinclude parameter whether it is -docbook2x-man or other, so disable to make ntf.8 man - -Signed-off-by: Roy Li <rongqing.li@windriver.com> ---- - doc/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/doc/Makefile.am b/doc/Makefile.am -index a92de7f..537c36b 100644 ---- a/doc/Makefile.am -+++ b/doc/Makefile.am -@@ -1,5 +1,5 @@ - if BUILD_MAN --man_MANS = nft.8 -+#man_MANS = nft.8 - endif - - if BUILD_PDF --- -1.9.1 - diff --git a/meta-networking/recipes-filter/nftables/nftables_0.7.bb b/meta-networking/recipes-filter/nftables/nftables_0.7.bb deleted file mode 100644 index 287c350b9c..0000000000 --- a/meta-networking/recipes-filter/nftables/nftables_0.7.bb +++ /dev/null @@ -1,27 +0,0 @@ -SUMMARY = "Netfilter Tables userspace utillites" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=d1a78fdd879a263a5e0b42d1fc565e79" -SECTION = "net" - -DEPENDS = "libmnl libnftnl readline gmp bison-native" -RRECOMMENDS_${PN} += "kernel-module-nf-tables \ - " - -SRC_URI = "http://www.netfilter.org/projects/nftables/files/${BP}.tar.bz2 \ - file://fix-to-generate-ntf.8.patch \ - \ - file://0001-payload-explicit-network-ctx-assignment-for-icmp-icm.patch \ - file://0002-proto-Add-some-exotic-ICMPv6-types.patch \ - \ - file://0003-payload-split-ll-proto-dependency-into-helper.patch \ - file://0004-src-allow-update-of-net-base-w.-meta-l4proto-icmpv6.patch \ - file://0005-src-ipv6-switch-implicit-dependencies-to-meta-l4prot.patch \ - file://0006-payload-enforce-ip-ip6-protocol-depending-on-icmp-or.patch \ - file://0007-src-ip-switch-implicit-dependencies-to-meta-l4proto-.patch \ - " -SRC_URI[md5sum] = "4c005e76a15a029afaba71d7db21d065" -SRC_URI[sha256sum] = "fe639239d801ce5890397f6f4391c58a934bfc27d8b7d5ef922692de5ec4ed43" - -ASNEEDED = "" - -inherit autotools pkgconfig diff --git a/meta-networking/recipes-filter/nftables/nftables_0.9.0.bb b/meta-networking/recipes-filter/nftables/nftables_0.9.0.bb new file mode 100644 index 0000000000..3ff9583fcc --- /dev/null +++ b/meta-networking/recipes-filter/nftables/nftables_0.9.0.bb @@ -0,0 +1,22 @@ +SUMMARY = "Netfilter Tables userspace utillites" +SECTION = "net" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=d1a78fdd879a263a5e0b42d1fc565e79" + +DEPENDS = "libmnl libnftnl readline gmp bison-native" + +UPSTREAM_CHECK_URI = "https://www.netfilter.org/projects/nftables/files/" + +SRC_URI = "http://www.netfilter.org/projects/nftables/files/${BP}.tar.bz2 \ + " +SRC_URI[md5sum] = "d4dcb61df80aa544b2e142e91d937635" +SRC_URI[sha256sum] = "ad8181b5fcb9ca572f444bed54018749588522ee97e4c21922648bb78d7e7e91" + +inherit autotools manpages pkgconfig + +PACKAGECONFIG ?= "" +PACKAGECONFIG[man] = "--enable--man-doc, --disable-man-doc" + +ASNEEDED = "" + +RRECOMMENDS_${PN} += "kernel-module-nf-tables" |