facebook
diff --git a/‎doc/usage/daemon.rst‎
Lines changed: 0 additions & 12 deletions b/‎doc/usage/daemon.rst‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎src/bpfilter/cgen/cgen.c‎
Lines changed: 45 additions & 44 deletions b/‎src/bpfilter/cgen/cgen.c‎
Lines changed: 45 additions & 44 deletions
diff --git a/‎src/bpfilter/cgen/cgen.h‎
Lines changed: 0 additions & 11 deletions b/‎src/bpfilter/cgen/cgen.h‎
Lines changed: 0 additions & 11 deletions
@@ -17,18 +17,6 @@ It is possible to customize the daemon's behavior using the following command-li
 - ``--usage``: print a short usage message.
 - ``-?``, ``--help``: print the help message.
 
-
-Runtime data
-------------
-
-``bpfilter`` runtime data is located in two different directories:
-
-- ``/run/bpfilter``: runtime context. Contains the socket used to communicate with the daemon, and the serialized data (except in ``--transient`` mode).
-- ``/sys/fs/bpf/bpfilter``: directory used to pin the BPF objects (except in ``--transient`` mode) so they persist across restarts of the daemon.
-
-.. warning::
-    If ``bpfilter`` fails to restore its state after restarting, its data can be cleanup up by removing both those directories. Doing so will remove all your filtering rules.
-
 Namespaces
 ----------
 
 
@@ -118,6 +118,46 @@ static int _bf_cgen_persist(const struct bf_cgen *cgen, int dir_fd)
     return 0;
 }
 
+static int _bf_cgen_new_from_pack(struct bf_cgen **cgen, bf_rpack_node_t node)
+{
+    _free_bf_cgen_ struct bf_cgen *_cgen = NULL;
+    _cleanup_close_ int dir_fd = -1;
+    bf_rpack_node_t child;
+    int r;
+
+    assert(cgen);
+
+    _cgen = calloc(1, sizeof(*_cgen));
+    if (!_cgen)
+        return -ENOMEM;
+
+    r = bf_rpack_kv_obj(node, "chain", &child);
+    if (r)
+        return bf_rpack_key_err(r, "bf_cgen.chain");
+
+    r = bf_chain_new_from_pack(&_cgen->chain, child);
+    if (r)
+        return bf_rpack_key_err(r, "bf_cgen.chain");
+
+    r = bf_rpack_kv_node(node, "handle", &child);
+    if (r)
+        return bf_rpack_key_err(r, "bf_cgen.handle");
+
+    dir_fd = _bf_cgen_get_chain_pindir_fd(_cgen->chain->name);
+    if (dir_fd < 0) {
+        return bf_err_r(dir_fd, "failed to open chain pin directory for '%s'",
+                        _cgen->chain->name);
+    }
+
+    r = bf_handle_new_from_pack(&_cgen->handle, dir_fd, child);
+    if (r)
+        return r;
+
+    *cgen = TAKE_PTR(_cgen);
+
+    return 0;
+}
+
 int bf_cgen_new_from_dir_fd(struct bf_cgen **cgen, int dir_fd)
 {
     _free_bf_rpack_ bf_rpack_t *pack = NULL;
@@ -150,7 +190,7 @@ int bf_cgen_new_from_dir_fd(struct bf_cgen **cgen, int dir_fd)
     if (r)
         return bf_err_r(r, "failed to create rpack for bf_cgen");
 
-    r = bf_cgen_new_from_pack(cgen, bf_rpack_root(pack));
+    r = _bf_cgen_new_from_pack(cgen, bf_rpack_root(pack));
     if (r)
         return bf_err_r(r, "failed to deserialize cgen from context map");
 
@@ -180,45 +220,6 @@ int bf_cgen_new(struct bf_cgen **cgen, struct bf_chain **chain)
     return 0;
 }
 
-int bf_cgen_new_from_pack(struct bf_cgen **cgen, bf_rpack_node_t node)
-{
-    _free_bf_cgen_ struct bf_cgen *_cgen = NULL;
-    _cleanup_close_ int dir_fd = -1;
-    bf_rpack_node_t child;
-    int r;
-
-    assert(cgen);
-
-    _cgen = calloc(1, sizeof(*_cgen));
-    if (!_cgen)
-        return -ENOMEM;
-
-    r = bf_rpack_kv_obj(node, "chain", &child);
-    if (r)
-        return bf_rpack_key_err(r, "bf_cgen.chain");
-
-    r = bf_chain_new_from_pack(&_cgen->chain, child);
-    if (r)
-        return bf_rpack_key_err(r, "bf_cgen.chain");
-
-    r = bf_rpack_kv_node(node, "handle", &child);
-    if (r)
-        return bf_rpack_key_err(r, "bf_cgen.handle");
-
-    if ((dir_fd = _bf_cgen_get_chain_pindir_fd(_cgen->chain->name)) < 0) {
-        return bf_err_r(dir_fd, "failed to open chain pin directory for '%s'",
-                        _cgen->chain->name);
-    }
-
-    r = bf_handle_new_from_pack(&_cgen->handle, dir_fd, child);
-    if (r)
-        return r;
-
-    *cgen = TAKE_PTR(_cgen);
-
-    return 0;
-}
-
 void bf_cgen_free(struct bf_cgen **cgen)
 {
     _cleanup_close_ int pin_fd = -1;
@@ -570,21 +571,21 @@ int bf_cgen_update(struct bf_cgen *cgen, struct bf_chain **new_chain,
         bf_swap(new_handle->link, old_handle->link);
     }
 
+    bf_swap(cgen->handle, new_handle);
+
     if (persist) {
-        r = bf_handle_pin(new_handle, pindir_fd);
+        r = bf_handle_pin(cgen->handle, pindir_fd);
         if (r)
             return bf_err_r(r, "failed to pin new handle, ignoring");
 
         r = _bf_cgen_persist(cgen, pindir_fd);
         if (r) {
-            bf_handle_unpin(new_handle, pindir_fd);
+            bf_handle_unpin(cgen->handle, pindir_fd);
             return bf_err_r(r, "failed to persist cgen for '%s'",
                             cgen->chain->name);
         }
     }
 
-    bf_swap(cgen->handle, new_handle);
-
     bf_chain_free(&cgen->chain);
     cgen->chain = TAKE_PTR(*new_chain);
 
 
@@ -49,17 +49,6 @@ struct bf_cgen
  */
 int bf_cgen_new(struct bf_cgen **cgen, struct bf_chain **chain);
 
-/**
- * @brief Allocate and initialize a new codegen from serialized data.
- *
- * @param cgen Codegen object to allocate and initialize from the serialized
- *        data. The caller will own the object. On failure, `*cgen` is
- *        unchanged. Can't be NULL.
- * @param node Node containing the serialized codegen.
- * @return 0 on success, or a negative errno value on failure.
- */
-int bf_cgen_new_from_pack(struct bf_cgen **cgen, bf_rpack_node_t node);
-
 /**
  * @brief Allocate and initialize a codegen from a pinned context map.
  *