int main(int argc, char *argv[])
{
int ch, del = 0, err;
char *fingerprints = NULL;
while ((ch = getopt(argc, argv, "f:dh")) != -1) {
switch (ch) {
case 'f':
fingerprints = optarg;
break;
case 'd':
del = 1;
break;
default:
fprintf(stderr,
"Usage: %s -f fingerprints -d <del rules> -h\n",
argv[0]);
return -1;
}
}
if (!fingerprints) {
err = -ENOENT;
goto err_out_exit;
}
nfnlh = nfnl_open();
if (!nfnlh) {
err = -EINVAL;
ulog_err("Failed to create nfnl handler");
goto err_out_exit;
}
#ifndef NFNL_SUBSYS_OSF
#define NFNL_SUBSYS_OSF 5
#endif
nfnlssh = nfnl_subsys_open(nfnlh, NFNL_SUBSYS_OSF, OSF_MSG_MAX, 0);
if (!nfnlssh) {
err = -EINVAL;
ulog_err("Faied to create nfnl subsystem");
goto err_out_close;
}
err = osf_load_entries(fingerprints, del);
if (err)
goto err_out_close_subsys;
nfnl_subsys_close(nfnlssh);
nfnl_close(nfnlh);
return 0;
err_out_close_subsys:
nfnl_subsys_close(nfnlssh);
err_out_close:
nfnl_close(nfnlh);
err_out_exit:
return err;
}
struct nflog_handle *nflog_open_nfnl(struct nfnl_handle *nfnlh)
{
struct nflog_handle *h;
int err;
h = malloc(sizeof(*h));
if (!h)
return NULL;
memset(h, 0, sizeof(*h));
h->nfnlh = nfnlh;
h->nfnlssh = nfnl_subsys_open(h->nfnlh, NFNL_SUBSYS_ULOG,
NFULNL_MSG_MAX, 0);
if (!h->nfnlssh) {
/* FIXME: nflog_errno */
goto out_free;
}
pkt_cb.data = h;
err = nfnl_callback_register(h->nfnlssh, NFULNL_MSG_PACKET, &pkt_cb);
if (err < 0) {
nflog_errno = err;
goto out_close;
}
return h;
out_close:
nfnl_close(h->nfnlh);
out_free:
free(h);
return NULL;
}
int nfct_close(struct nfct_handle *cth)
{
int err;
if (cth->nfnlssh_exp) {
nfnl_subsys_close(cth->nfnlssh_exp);
cth->nfnlssh_exp = NULL;
}
if (cth->nfnlssh_ct) {
nfnl_subsys_close(cth->nfnlssh_ct);
cth->nfnlssh_ct = NULL;
}
/* required by the new API */
cth->cb = NULL;
cth->cb2 = NULL;
cth->expect_cb = NULL;
cth->expect_cb2 = NULL;
free(cth->nfnl_cb.data);
cth->nfnl_cb.call = NULL;
cth->nfnl_cb.data = NULL;
cth->nfnl_cb.attr_count = 0;
err = nfnl_close(cth->nfnlh);
free(cth);
return err;
}
struct nfct_handle *nfct_open(u_int8_t subsys_id, unsigned subscriptions)
{
struct nfnl_handle *nfnlh = nfnl_open();
struct nfct_handle *nfcth;
if (!nfnlh)
return NULL;
nfcth = nfct_open_nfnl(nfnlh, subsys_id, subscriptions);
if (!nfcth)
nfnl_close(nfnlh);
return nfcth;
}
struct nflog_handle *nflog_open(void)
{
struct nfnl_handle *nfnlh;
struct nflog_handle *lh;
nfnlh = nfnl_open();
if (!nfnlh) {
/* FIXME: nflog_errno */
return NULL;
}
lh = nflog_open_nfnl(nfnlh);
if (!lh)
nfnl_close(nfnlh);
return lh;
}
/**
* nflog_open - open a nflog handler
*
* This function obtains a netfilter log connection handle. When you are
* finished with the handle returned by this function, you should destroy
* it by calling nflog_close(). A new netlink connection is obtained internally
* and associated with the log connection handle returned.
*
* \return a pointer to a new log handle or NULL on failure.
*/
struct nflog_handle *nflog_open(void)
{
struct nfnl_handle *nfnlh;
struct nflog_handle *lh;
nfnlh = nfnl_open();
if (!nfnlh) {
/* FIXME: nflog_errno */
return NULL;
}
/* disable netlink sequence tracking by default */
nfnl_unset_sequence_tracking(nfnlh);
lh = nflog_open_nfnl(nfnlh);
if (!lh)
nfnl_close(nfnlh);
return lh;
}
/**
* nflog_close - close a nflog handler
* \param h Netfilter log handle obtained via call to nflog_open()
*
* This function closes the nflog handler and free associated resources.
*
* \return 0 on success, non-zero on failure.
*/
int nflog_close(struct nflog_handle *h)
{
int ret = nfnl_close(h->nfnlh);
free(h);
return ret;
}
int nflog_close(struct nflog_handle *h)
{
return nfnl_close(h->nfnlh);
}