void npfctl_config_init(bool debug) { npf_conf = npf_config_create(); if (npf_conf == NULL) { errx(EXIT_FAILURE, "npf_config_create failed"); } npf_debug = true; }
int npf_config_flush(int fd) { nl_config_t *ncf; int error; ncf = npf_config_create(); if (ncf == NULL) { return ENOMEM; } ncf->ncf_flush = true; error = npf_config_submit(ncf, fd); npf_config_destroy(ncf); return error; }
int Mod_fw_replace(FW_handle_T handle, const char *set_name, List_T cidrs, short af) { struct fw_handle *fwh = handle->fwh; int fd, nadded = 0; char *cidr, *fd_path = NULL; char *table = (char *) set_name; void *handler; struct List_entry *entry; nl_config_t *ncf; nl_table_t *nt; struct IP_addr m, n; int ret; uint8_t maskbits; char parsed[INET6_ADDRSTRLEN]; if(List_size(cidrs) == 0) return 0; ncf = npf_config_create(); nt = npf_table_create(TABLE_ID, NPF_TABLE_HASH); /* This should somehow be atomic. */ LIST_EACH(cidrs, entry) { if((cidr = List_entry_value(entry)) != NULL && IP_str_to_addr_mask(cidr, &n, &m) != -1) { ret = sscanf(cidr, "%39[^/]/%u", parsed, &maskbits); if(ret != 2 || maskbits == 0 || maskbits > IP_MAX_MASKBITS) continue; npf_table_add_entry(nt, af, (npf_addr_t *) &n, *((npf_netmask_t *) &maskbits)); nadded++; } } npf_table_insert(ncf, nt); npf_config_submit(ncf, fwh->npfdev); npf_config_destroy(ncf); npf_table_destroy(nt); nt = NULL; ncf = NULL; return nadded; err: return -1; }