static int chain_cmd(struct mnl_socket *nl, struct nftnl_chain *chain,
uint16_t cmd, int family, uint16_t type,
enum callback_return_type cb_type, uint64_t *cb_val)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct mnl_nlmsg_batch *batch;
struct nlmsghdr *nlh;
uint32_t seq = 0;
int err;
bzero(buf, sizeof(buf));
batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
nlh = nftnl_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
cmd, family, type, seq++);
nftnl_chain_nlmsg_build_payload(nlh, chain);
nftnl_chain_free(chain);
mnl_nlmsg_batch_next(batch);
nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
err = send_and_dispatch(nl, mnl_nlmsg_batch_head(batch),
mnl_nlmsg_batch_size(batch), cb_type, cb_val);
mnl_nlmsg_batch_stop(batch);
return err;
}
static int table_cmd(struct mnl_socket *nl, struct nftnl_table *t,
uint16_t cmd, uint16_t family, uint16_t type)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct mnl_nlmsg_batch *batch;
struct nlmsghdr *nlh;
uint32_t seq = 0;
int err;
bzero(buf, sizeof(buf));
batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
nlh = nftnl_table_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
cmd, family, type, seq++);
nftnl_table_nlmsg_build_payload(nlh, t);
nftnl_table_free(t);
mnl_nlmsg_batch_next(batch);
nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
/* The current table commands do not support any callback returns. */
err = send_and_dispatch(nl, mnl_nlmsg_batch_head(batch),
mnl_nlmsg_batch_size(batch), 0, NULL);
mnl_nlmsg_batch_stop(batch);
return err;
}
int nftnl_batch_is_supported(void)
{
struct mnl_socket *nl;
struct mnl_nlmsg_batch *b;
char buf[MNL_SOCKET_BUFFER_SIZE];
uint32_t seq = time(NULL), req_seq;
int ret;
nl = mnl_socket_open(NETLINK_NETFILTER);
if (nl == NULL)
return -1;
if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0)
return -1;
b = mnl_nlmsg_batch_start(buf, sizeof(buf));
nftnl_batch_begin(mnl_nlmsg_batch_current(b), seq++);
mnl_nlmsg_batch_next(b);
req_seq = seq;
nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(b),
NFT_MSG_NEWSET, AF_INET,
NLM_F_ACK, seq++);
mnl_nlmsg_batch_next(b);
nftnl_batch_end(mnl_nlmsg_batch_current(b), seq++);
mnl_nlmsg_batch_next(b);
ret = mnl_socket_sendto(nl, mnl_nlmsg_batch_head(b),
mnl_nlmsg_batch_size(b));
if (ret < 0)
goto err;
mnl_nlmsg_batch_stop(b);
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
while (ret > 0) {
ret = mnl_cb_run(buf, ret, req_seq, mnl_socket_get_portid(nl),
NULL, NULL);
if (ret <= 0)
break;
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
}
mnl_socket_close(nl);
/* We're sending an incomplete message to see if the kernel supports
* set messages in batches. EINVAL means that we sent an incomplete
* message with missing attributes. The kernel just ignores messages
* that we cannot include in the batch.
*/
return (ret == -1 && errno == EINVAL) ? 1 : 0;
err:
mnl_nlmsg_batch_stop(b);
return -1;
}
int main(int argc, char *argv[])
{
struct mnl_socket *nl;
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
uint32_t portid, seq, set_seq;
struct nftnl_set *s;
int ret, batching;
uint16_t family, format, outformat;
struct mnl_nlmsg_batch *batch;
if (argc < 2) {
printf("Usage: %s {xml|json} <file>\n", argv[0]);
exit(EXIT_FAILURE);
}
if (strcmp(argv[1], "xml") == 0) {
format = NFTNL_PARSE_XML;
outformat = NFTNL_OUTPUT_XML;
} else if (strcmp(argv[1], "json") == 0) {
format = NFTNL_PARSE_JSON;
outformat = NFTNL_OUTPUT_JSON;
} else {
printf("Unknown format: xml, json\n");
exit(EXIT_FAILURE);
}
s = set_parse_file(argv[2], format);
if (s == NULL)
exit(EXIT_FAILURE);
nftnl_set_fprintf(stdout, s, outformat, 0);
fprintf(stdout, "\n");
seq = time(NULL);
batching = nftnl_batch_is_supported();
if (batching < 0) {
perror("cannot talk to nfnetlink");
exit(EXIT_FAILURE);
}
batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
if (batching) {
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
}
family = nftnl_set_get_u32(s, NFTNL_SET_FAMILY);
set_seq = seq;
nlh = nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
NFT_MSG_NEWSET, family,
NLM_F_CREATE|NLM_F_ACK, seq++);
nftnl_set_nlmsg_build_payload(nlh, s);
nftnl_set_free(s);
mnl_nlmsg_batch_next(batch);
if (batching) {
nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
}
nl = mnl_socket_open(NETLINK_NETFILTER);
if (nl == NULL) {
perror("mnl_socket_open");
exit(EXIT_FAILURE);
}
if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
perror("mnl_socket_bind");
exit(EXIT_FAILURE);
}
portid = mnl_socket_get_portid(nl);
if (mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch),
mnl_nlmsg_batch_size(batch)) < 0) {
perror("mnl_socket_send");
exit(EXIT_FAILURE);
}
mnl_nlmsg_batch_stop(batch);
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
while (ret > 0) {
ret = mnl_cb_run(buf, ret, set_seq, portid, NULL, NULL);
if (ret <= 0)
break;
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
}
if (ret == -1) {
perror("error");
exit(EXIT_FAILURE);
}
mnl_socket_close(nl);
return EXIT_SUCCESS;
}
