void
npfctl_config_init(bool debug)
{
npf_conf = npf_config_create();
if (npf_conf == NULL) {
errx(EXIT_FAILURE, "npf_config_create failed");
}
npf_debug = true;
}
int
npf_config_flush(int fd)
{
nl_config_t *ncf;
int error;
ncf = npf_config_create();
if (ncf == NULL) {
return ENOMEM;
}
ncf->ncf_flush = true;
error = npf_config_submit(ncf, fd);
npf_config_destroy(ncf);
return error;
}
int
Mod_fw_replace(FW_handle_T handle, const char *set_name, List_T cidrs, short af)
{
struct fw_handle *fwh = handle->fwh;
int fd, nadded = 0;
char *cidr, *fd_path = NULL;
char *table = (char *) set_name;
void *handler;
struct List_entry *entry;
nl_config_t *ncf;
nl_table_t *nt;
struct IP_addr m, n;
int ret;
uint8_t maskbits;
char parsed[INET6_ADDRSTRLEN];
if(List_size(cidrs) == 0)
return 0;
ncf = npf_config_create();
nt = npf_table_create(TABLE_ID, NPF_TABLE_HASH);
/* This should somehow be atomic. */
LIST_EACH(cidrs, entry) {
if((cidr = List_entry_value(entry)) != NULL
&& IP_str_to_addr_mask(cidr, &n, &m) != -1)
{
ret = sscanf(cidr, "%39[^/]/%u", parsed, &maskbits);
if(ret != 2 || maskbits == 0 || maskbits > IP_MAX_MASKBITS)
continue;
npf_table_add_entry(nt, af, (npf_addr_t *) &n, *((npf_netmask_t *) &maskbits));
nadded++;
}
}
npf_table_insert(ncf, nt);
npf_config_submit(ncf, fwh->npfdev);
npf_config_destroy(ncf);
npf_table_destroy(nt);
nt = NULL;
ncf = NULL;
return nadded;
err:
return -1;
}
