int main(int argc, char *argv[]) { struct nftnl_rule *a, *b; struct nftnl_expr *ex; struct nlmsghdr *nlh; char buf[4096]; struct nftnl_expr_iter *iter_a, *iter_b; struct nftnl_expr *rule_a, *rule_b; uint32_t chain_t = 0x12345678; uint32_t data_t = 0x12345678; a = nftnl_rule_alloc(); b = nftnl_rule_alloc(); if (a == NULL || b == NULL) print_err("OOM"); ex = nftnl_expr_alloc("immediate"); if (ex == NULL) print_err("OOM"); nftnl_expr_set_u32(ex, NFTNL_EXPR_IMM_DREG, 0x1234568); nftnl_expr_set(ex, NFTNL_EXPR_IMM_DATA, &chain_t, sizeof(chain_t)); nftnl_expr_set_u32(ex, NFTNL_EXPR_IMM_VERDICT, 0x12345678); nftnl_expr_set(ex, NFTNL_EXPR_IMM_CHAIN, &data_t, sizeof(data_t)); nftnl_rule_add_expr(a, ex); nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) print_err("parsing problems"); iter_a = nftnl_expr_iter_create(a); iter_b = nftnl_expr_iter_create(b); if (iter_a == NULL || iter_b == NULL) print_err("OOM"); rule_a = nftnl_expr_iter_next(iter_a); rule_b = nftnl_expr_iter_next(iter_b); if (rule_a == NULL || rule_b == NULL) print_err("OOM"); cmp_nftnl_expr(rule_a, rule_b); if (nftnl_expr_iter_next(iter_a) != NULL || nftnl_expr_iter_next(iter_b) != NULL) print_err("More 1 expr."); nftnl_expr_iter_destroy(iter_a); nftnl_expr_iter_destroy(iter_b); nftnl_rule_free(a); nftnl_rule_free(b); if (!test_ok) exit(EXIT_FAILURE); printf("%s: \033[32mOK\e[0m\n", argv[0]); return EXIT_SUCCESS; }
int main(int argc, char *argv[]) { struct nftnl_rule *a, *b; struct nftnl_expr *ex; struct nlmsghdr *nlh; char buf[4096]; struct nftnl_expr_iter *iter_a, *iter_b; struct nftnl_expr *rule_a, *rule_b; a = nftnl_rule_alloc(); b = nftnl_rule_alloc(); if (a == NULL || b == NULL) print_err("OOM"); ex = nftnl_expr_alloc("byteorder"); if (ex == NULL) print_err("OOM"); nftnl_expr_set_u32(ex, NFTNL_EXPR_BYTEORDER_SREG, 0x12345678); nftnl_expr_set_u32(ex, NFTNL_EXPR_BYTEORDER_DREG, 0x12345678); nftnl_expr_set_u32(ex, NFTNL_EXPR_BYTEORDER_OP, 0x12345678); nftnl_expr_set_u32(ex, NFTNL_EXPR_BYTEORDER_LEN, 0x12345678); nftnl_expr_set_u32(ex, NFTNL_EXPR_BYTEORDER_SIZE, 0x12345678); nftnl_rule_add_expr(a, ex); nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234); nftnl_rule_nlmsg_build_payload(nlh, a); if (nftnl_rule_nlmsg_parse(nlh, b) < 0) print_err("parsing problems"); iter_a = nftnl_expr_iter_create(a); iter_b = nftnl_expr_iter_create(b); if (iter_a == NULL || iter_b == NULL) print_err("OOM"); rule_a = nftnl_expr_iter_next(iter_a); rule_b = nftnl_expr_iter_next(iter_b); if (rule_a == NULL || rule_b == NULL) print_err("OOM"); cmp_nftnl_expr(rule_a,rule_b); if (nftnl_expr_iter_next(iter_a) != NULL || nftnl_expr_iter_next(iter_b) != NULL) print_err("More 1 expr."); nftnl_expr_iter_destroy(iter_a); nftnl_expr_iter_destroy(iter_b); nftnl_rule_free(a); nftnl_rule_free(b); if (!test_ok) exit(EXIT_FAILURE); printf("%s: \033[32mOK\e[0m\n", argv[0]); return EXIT_SUCCESS; }
static int rule_cmd(struct mnl_socket *nl, struct nftnl_rule *rule, uint16_t cmd, uint16_t family, uint16_t type, enum callback_return_type callback_type, uint64_t *callback_value) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct mnl_nlmsg_batch *batch; struct nlmsghdr *nlh; uint32_t seq = 0; int err; bzero(buf, sizeof(buf)); debug_netlink_dump_rule(rule); batch = mnl_nlmsg_batch_start(buf, sizeof(buf)); put_batch_headers(mnl_nlmsg_batch_current(batch), NFNL_MSG_BATCH_BEGIN, seq++); mnl_nlmsg_batch_next(batch); nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), cmd, family, type, seq++); nftnl_rule_nlmsg_build_payload(nlh, rule); mnl_nlmsg_batch_next(batch); put_batch_headers(mnl_nlmsg_batch_current(batch), NFNL_MSG_BATCH_END, seq++); mnl_nlmsg_batch_next(batch); err = send_and_dispatch(nl, mnl_nlmsg_batch_head(batch), mnl_nlmsg_batch_size(batch), callback_type, callback_value); mnl_nlmsg_batch_stop(batch); return err; }
int main(int argc, char *argv[]) { struct mnl_socket *nl; struct nftnl_rule *r; struct nlmsghdr *nlh; struct mnl_nlmsg_batch *batch; uint8_t family; char buf[MNL_SOCKET_BUFFER_SIZE]; uint32_t seq = time(NULL); int ret; if (argc < 4 || argc > 5) { fprintf(stderr, "Usage: %s <family> <table> <chain>\n", argv[0]); exit(EXIT_FAILURE); } if (strcmp(argv[1], "ip") == 0) family = NFPROTO_IPV4; else if (strcmp(argv[1], "ip6") == 0) family = NFPROTO_IPV6; else { fprintf(stderr, "Unknown family: ip, ip6\n"); exit(EXIT_FAILURE); } if (argc != 5) r = setup_rule(family, argv[2], argv[3], NULL); else r = setup_rule(family, argv[2], argv[3], argv[4]); nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { perror("mnl_socket_open"); exit(EXIT_FAILURE); } if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) { perror("mnl_socket_bind"); exit(EXIT_FAILURE); } batch = mnl_nlmsg_batch_start(buf, sizeof(buf)); nftnl_mnl_batch_put(mnl_nlmsg_batch_current(batch), NFNL_MSG_BATCH_BEGIN, seq++); mnl_nlmsg_batch_next(batch); nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), NFT_MSG_NEWRULE, nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY), NLM_F_APPEND|NLM_F_CREATE|NLM_F_ACK, seq++); nftnl_rule_nlmsg_build_payload(nlh, r); nftnl_rule_free(r); mnl_nlmsg_batch_next(batch); nftnl_mnl_batch_put(mnl_nlmsg_batch_current(batch), NFNL_MSG_BATCH_END, seq++); mnl_nlmsg_batch_next(batch); ret = mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch), mnl_nlmsg_batch_size(batch)); if (ret == -1) { perror("mnl_socket_sendto"); exit(EXIT_FAILURE); } mnl_nlmsg_batch_stop(batch); ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); if (ret == -1) { perror("mnl_socket_recvfrom"); exit(EXIT_FAILURE); } ret = mnl_cb_run(buf, ret, 0, mnl_socket_get_portid(nl), NULL, NULL); if (ret < 0) { perror("mnl_cb_run"); exit(EXIT_FAILURE); } mnl_socket_close(nl); return EXIT_SUCCESS; }