int nfct_close(struct nfct_handle *cth)
{
int err;
if (cth->nfnlssh_exp) {
nfnl_subsys_close(cth->nfnlssh_exp);
cth->nfnlssh_exp = NULL;
}
if (cth->nfnlssh_ct) {
nfnl_subsys_close(cth->nfnlssh_ct);
cth->nfnlssh_ct = NULL;
}
/* required by the new API */
cth->cb = NULL;
cth->cb2 = NULL;
cth->expect_cb = NULL;
cth->expect_cb2 = NULL;
free(cth->nfnl_cb.data);
cth->nfnl_cb.call = NULL;
cth->nfnl_cb.data = NULL;
cth->nfnl_cb.attr_count = 0;
err = nfnl_close(cth->nfnlh);
free(cth);
return err;
}
int main(int argc, char *argv[])
{
int ch, del = 0, err;
char *fingerprints = NULL;
while ((ch = getopt(argc, argv, "f:dh")) != -1) {
switch (ch) {
case 'f':
fingerprints = optarg;
break;
case 'd':
del = 1;
break;
default:
fprintf(stderr,
"Usage: %s -f fingerprints -d <del rules> -h\n",
argv[0]);
return -1;
}
}
if (!fingerprints) {
err = -ENOENT;
goto err_out_exit;
}
nfnlh = nfnl_open();
if (!nfnlh) {
err = -EINVAL;
ulog_err("Failed to create nfnl handler");
goto err_out_exit;
}
#ifndef NFNL_SUBSYS_OSF
#define NFNL_SUBSYS_OSF 5
#endif
nfnlssh = nfnl_subsys_open(nfnlh, NFNL_SUBSYS_OSF, OSF_MSG_MAX, 0);
if (!nfnlssh) {
err = -EINVAL;
ulog_err("Faied to create nfnl subsystem");
goto err_out_close;
}
err = osf_load_entries(fingerprints, del);
if (err)
goto err_out_close_subsys;
nfnl_subsys_close(nfnlssh);
nfnl_close(nfnlh);
return 0;
err_out_close_subsys:
nfnl_subsys_close(nfnlssh);
err_out_close:
nfnl_close(nfnlh);
err_out_exit:
return err;
}
struct nfct_handle *nfct_open_nfnl(struct nfnl_handle *nfnlh,
u_int8_t subsys_id,
unsigned int subscriptions)
{
struct nfct_handle *cth;
cth = (struct nfct_handle *) malloc(sizeof(struct nfct_handle));
if (!cth)
return NULL;
memset(cth, 0, sizeof(*cth));
cth->nfnlh = nfnlh;
if (subsys_id == 0 || subsys_id == NFNL_SUBSYS_CTNETLINK) {
cth->nfnlssh_ct = nfnl_subsys_open(cth->nfnlh,
NFNL_SUBSYS_CTNETLINK,
IPCTNL_MSG_MAX,
subscriptions);
if (!cth->nfnlssh_ct)
goto out_free;
}
if (subsys_id == 0 || subsys_id == NFNL_SUBSYS_CTNETLINK_EXP) {
cth->nfnlssh_exp = nfnl_subsys_open(cth->nfnlh,
NFNL_SUBSYS_CTNETLINK_EXP,
IPCTNL_MSG_EXP_MAX,
subscriptions);
if (!cth->nfnlssh_exp)
goto out_free;
}
return cth;
out_free:
if (cth->nfnlssh_exp) {
nfnl_subsys_close(cth->nfnlssh_exp);
cth->nfnlssh_exp = NULL;
}
if (cth->nfnlssh_ct) {
nfnl_subsys_close(cth->nfnlssh_ct);
cth->nfnlssh_ct = NULL;
}
free(cth);
return NULL;
}
/**
* nfnl_close - close a nfnetlink handler
* @nfnlh: nfnetlink handler
*
* This function closes the nfnetlink handler. On success, 0 is returned.
* On error, -1 is returned and errno is set appropiately.
*/
int nfnl_close(struct nfnl_handle *nfnlh)
{
int i, ret;
assert(nfnlh);
for (i = 0; i < NFNL_MAX_SUBSYS; i++)
nfnl_subsys_close(&nfnlh->subsys[i]);
ret = close(nfnlh->fd);
if (ret < 0)
return ret;
free(nfnlh);
return 0;
}