int main(int argc, char *argv[])
{
struct nftnl_rule *a, *b;
struct nftnl_expr *ex;
struct nlmsghdr *nlh;
char buf[4096];
struct nftnl_expr_iter *iter_a, *iter_b;
struct nftnl_expr *rule_a, *rule_b;
uint32_t chain_t = 0x12345678;
uint32_t data_t = 0x12345678;
a = nftnl_rule_alloc();
b = nftnl_rule_alloc();
if (a == NULL || b == NULL)
print_err("OOM");
ex = nftnl_expr_alloc("immediate");
if (ex == NULL)
print_err("OOM");
nftnl_expr_set_u32(ex, NFTNL_EXPR_IMM_DREG, 0x1234568);
nftnl_expr_set(ex, NFTNL_EXPR_IMM_DATA, &chain_t, sizeof(chain_t));
nftnl_expr_set_u32(ex, NFTNL_EXPR_IMM_VERDICT, 0x12345678);
nftnl_expr_set(ex, NFTNL_EXPR_IMM_CHAIN, &data_t, sizeof(data_t));
nftnl_rule_add_expr(a, ex);
nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234);
nftnl_rule_nlmsg_build_payload(nlh, a);
if (nftnl_rule_nlmsg_parse(nlh, b) < 0)
print_err("parsing problems");
iter_a = nftnl_expr_iter_create(a);
iter_b = nftnl_expr_iter_create(b);
if (iter_a == NULL || iter_b == NULL)
print_err("OOM");
rule_a = nftnl_expr_iter_next(iter_a);
rule_b = nftnl_expr_iter_next(iter_b);
if (rule_a == NULL || rule_b == NULL)
print_err("OOM");
cmp_nftnl_expr(rule_a, rule_b);
if (nftnl_expr_iter_next(iter_a) != NULL ||
nftnl_expr_iter_next(iter_b) != NULL)
print_err("More 1 expr.");
nftnl_expr_iter_destroy(iter_a);
nftnl_expr_iter_destroy(iter_b);
nftnl_rule_free(a);
nftnl_rule_free(b);
if (!test_ok)
exit(EXIT_FAILURE);
printf("%s: \033[32mOK\e[0m\n", argv[0]);
return EXIT_SUCCESS;
}
int main(int argc, char *argv[])
{
struct nftnl_rule *a, *b;
struct nftnl_expr *ex;
struct nlmsghdr *nlh;
char buf[4096];
struct nftnl_expr_iter *iter_a, *iter_b;
struct nftnl_expr *rule_a, *rule_b;
a = nftnl_rule_alloc();
b = nftnl_rule_alloc();
if (a == NULL || b == NULL)
print_err("OOM");
ex = nftnl_expr_alloc("byteorder");
if (ex == NULL)
print_err("OOM");
nftnl_expr_set_u32(ex, NFTNL_EXPR_BYTEORDER_SREG, 0x12345678);
nftnl_expr_set_u32(ex, NFTNL_EXPR_BYTEORDER_DREG, 0x12345678);
nftnl_expr_set_u32(ex, NFTNL_EXPR_BYTEORDER_OP, 0x12345678);
nftnl_expr_set_u32(ex, NFTNL_EXPR_BYTEORDER_LEN, 0x12345678);
nftnl_expr_set_u32(ex, NFTNL_EXPR_BYTEORDER_SIZE, 0x12345678);
nftnl_rule_add_expr(a, ex);
nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234);
nftnl_rule_nlmsg_build_payload(nlh, a);
if (nftnl_rule_nlmsg_parse(nlh, b) < 0)
print_err("parsing problems");
iter_a = nftnl_expr_iter_create(a);
iter_b = nftnl_expr_iter_create(b);
if (iter_a == NULL || iter_b == NULL)
print_err("OOM");
rule_a = nftnl_expr_iter_next(iter_a);
rule_b = nftnl_expr_iter_next(iter_b);
if (rule_a == NULL || rule_b == NULL)
print_err("OOM");
cmp_nftnl_expr(rule_a,rule_b);
if (nftnl_expr_iter_next(iter_a) != NULL ||
nftnl_expr_iter_next(iter_b) != NULL)
print_err("More 1 expr.");
nftnl_expr_iter_destroy(iter_a);
nftnl_expr_iter_destroy(iter_b);
nftnl_rule_free(a);
nftnl_rule_free(b);
if (!test_ok)
exit(EXIT_FAILURE);
printf("%s: \033[32mOK\e[0m\n", argv[0]);
return EXIT_SUCCESS;
}
void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
struct iptables_command_state *cs)
{
struct nftnl_expr_iter *iter;
struct nftnl_expr *expr;
int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
struct nft_xt_ctx ctx = {
.state.cs = cs,
.family = family,
};
iter = nftnl_expr_iter_create(r);
if (iter == NULL)
return;
ctx.iter = iter;
expr = nftnl_expr_iter_next(iter);
while (expr != NULL) {
const char *name =
nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
if (strcmp(name, "counter") == 0)
nft_parse_counter(expr, &ctx.state.cs->counters);
else if (strcmp(name, "payload") == 0)
nft_parse_payload(&ctx, expr);
else if (strcmp(name, "meta") == 0)
nft_parse_meta(&ctx, expr);
else if (strcmp(name, "bitwise") == 0)
nft_parse_bitwise(&ctx, expr);
else if (strcmp(name, "cmp") == 0)
nft_parse_cmp(&ctx, expr);
else if (strcmp(name, "immediate") == 0)
nft_parse_immediate(&ctx, expr);
else if (strcmp(name, "match") == 0)
nft_parse_match(&ctx, expr);
else if (strcmp(name, "target") == 0)
nft_parse_target(&ctx, expr);
expr = nftnl_expr_iter_next(iter);
}
nftnl_expr_iter_destroy(iter);
if (cs->target != NULL)
cs->jumpto = cs->target->name;
else if (cs->jumpto != NULL)
cs->target = xtables_find_target(cs->jumpto, XTF_TRY_LOAD);
else
cs->jumpto = "";
}
void print_header(unsigned int format, const char *chain, const char *pol,
const struct xt_counters *counters, bool basechain,
uint32_t refs)
{
printf("Chain %s", chain);
if (basechain) {
printf(" (policy %s", pol);
if (!(format & FMT_NOCOUNTS)) {
fputc(' ', stdout);
xtables_print_num(counters->pcnt, (format|FMT_NOTABLE));
fputs("packets, ", stdout);
xtables_print_num(counters->bcnt, (format|FMT_NOTABLE));
fputs("bytes", stdout);
}
printf(")\n");
} else {
printf(" (%u references)\n", refs);
}
if (format & FMT_LINENUMBERS)
printf(FMT("%-4s ", "%s "), "num");
if (!(format & FMT_NOCOUNTS)) {
if (format & FMT_KILOMEGAGIGA) {
printf(FMT("%5s ","%s "), "pkts");
printf(FMT("%5s ","%s "), "bytes");
} else {
printf(FMT("%8s ","%s "), "pkts");
printf(FMT("%10s ","%s "), "bytes");
}
}
if (!(format & FMT_NOTARGET))
printf(FMT("%-9s ","%s "), "target");
fputs(" prot ", stdout);
if (format & FMT_OPTIONS)
fputs("opt", stdout);
if (format & FMT_VIA) {
printf(FMT(" %-6s ","%s "), "in");
printf(FMT("%-6s ","%s "), "out");
}
printf(FMT(" %-19s ","%s "), "source");
printf(FMT(" %-19s "," %s "), "destination");
printf("\n");
}
void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
struct iptables_command_state *cs)
{
struct nftnl_expr_iter *iter;
struct nftnl_expr *expr;
int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
struct nft_xt_ctx ctx = {
.state.cs = cs,
.family = family,
};
iter = nftnl_expr_iter_create(r);
if (iter == NULL)
return;
ctx.iter = iter;
expr = nftnl_expr_iter_next(iter);
while (expr != NULL) {
const char *name =
nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
if (strcmp(name, "counter") == 0)
nft_parse_counter(expr, &ctx.state.cs->counters);
else if (strcmp(name, "payload") == 0)
nft_parse_payload(&ctx, expr);
else if (strcmp(name, "meta") == 0)
nft_parse_meta(&ctx, expr);
else if (strcmp(name, "bitwise") == 0)
nft_parse_bitwise(&ctx, expr);
else if (strcmp(name, "cmp") == 0)
nft_parse_cmp(&ctx, expr);
else if (strcmp(name, "immediate") == 0)
nft_parse_immediate(&ctx, expr);
else if (strcmp(name, "match") == 0)
nft_parse_match(&ctx, expr);
else if (strcmp(name, "target") == 0)
nft_parse_target(&ctx, expr);
expr = nftnl_expr_iter_next(iter);
}
nftnl_expr_iter_destroy(iter);
if (nftnl_rule_is_set(r, NFTNL_RULE_USERDATA)) {
const void *data;
uint32_t len;
struct xtables_match *match;
struct xt_entry_match *m;
data = nftnl_rule_get_data(r, NFTNL_RULE_USERDATA, &len);
match = xtables_find_match("comment", XTF_TRY_LOAD,
&cs->matches);
if (match == NULL)
return;
m = calloc(1, sizeof(struct xt_entry_match) + len);
if (m == NULL) {
fprintf(stderr, "OOM");
exit(EXIT_FAILURE);
}
memcpy(&m->data, get_comment(data, len), len);
m->u.match_size = len + XT_ALIGN(sizeof(struct xt_entry_match));
m->u.user.revision = 0;
strcpy(m->u.user.name, match->name);
match->m = m;
}
if (cs->target != NULL)
cs->jumpto = cs->target->name;
else if (cs->jumpto != NULL)
cs->target = xtables_find_target(cs->jumpto, XTF_TRY_LOAD);
else
cs->jumpto = "";
}
void print_header(unsigned int format, const char *chain, const char *pol,
const struct xt_counters *counters, bool basechain,
uint32_t refs)
{
printf("Chain %s", chain);
if (basechain) {
printf(" (policy %s", pol);
if (!(format & FMT_NOCOUNTS)) {
fputc(' ', stdout);
xtables_print_num(counters->pcnt, (format|FMT_NOTABLE));
fputs("packets, ", stdout);
xtables_print_num(counters->bcnt, (format|FMT_NOTABLE));
fputs("bytes", stdout);
}
printf(")\n");
} else {
printf(" (%u references)\n", refs);
}
if (format & FMT_LINENUMBERS)
printf(FMT("%-4s ", "%s "), "num");
if (!(format & FMT_NOCOUNTS)) {
if (format & FMT_KILOMEGAGIGA) {
printf(FMT("%5s ","%s "), "pkts");
printf(FMT("%5s ","%s "), "bytes");
} else {
printf(FMT("%8s ","%s "), "pkts");
printf(FMT("%10s ","%s "), "bytes");
}
}
if (!(format & FMT_NOTARGET))
printf(FMT("%-9s ","%s "), "target");
fputs(" prot ", stdout);
if (format & FMT_OPTIONS)
fputs("opt", stdout);
if (format & FMT_VIA) {
printf(FMT(" %-6s ","%s "), "in");
printf(FMT("%-6s ","%s "), "out");
}
printf(FMT(" %-19s ","%s "), "source");
printf(FMT(" %-19s "," %s "), "destination");
printf("\n");
}
