summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Make_global.am2
-rw-r--r--configure.ac2
-rw-r--r--examples/nft-chain-add.c4
-rw-r--r--examples/nft-chain-del.c4
-rw-r--r--examples/nft-chain-get.c4
-rw-r--r--examples/nft-ct-timeout-add.c4
-rw-r--r--examples/nft-flowtable-add.c4
-rw-r--r--examples/nft-flowtable-del.c4
-rw-r--r--examples/nft-flowtable-get.c4
-rw-r--r--examples/nft-map-add.c2
-rw-r--r--examples/nft-obj-add.c4
-rw-r--r--examples/nft-obj-del.c4
-rw-r--r--examples/nft-obj-get.c4
-rw-r--r--examples/nft-rule-add.c4
-rw-r--r--examples/nft-rule-ct-helper-add.c4
-rw-r--r--examples/nft-rule-ct-timeout-add.c4
-rw-r--r--examples/nft-rule-del.c4
-rw-r--r--examples/nft-rule-get.c4
-rw-r--r--examples/nft-set-add.c4
-rw-r--r--examples/nft-set-del.c4
-rw-r--r--examples/nft-set-elem-add.c4
-rw-r--r--examples/nft-set-elem-del.c4
-rw-r--r--examples/nft-set-elem-get.c4
-rw-r--r--examples/nft-set-get.c4
-rw-r--r--examples/nft-table-add.c4
-rw-r--r--examples/nft-table-del.c4
-rw-r--r--examples/nft-table-get.c4
-rw-r--r--examples/nft-table-upd.c4
-rw-r--r--include/libnftnl/chain.h1
-rw-r--r--include/libnftnl/expr.h2
-rw-r--r--include/libnftnl/object.h1
-rw-r--r--include/libnftnl/rule.h1
-rw-r--r--include/libnftnl/set.h2
-rw-r--r--include/libnftnl/table.h1
-rw-r--r--include/libnftnl/udata.h19
-rw-r--r--include/linux/netfilter/nf_tables.h7
-rw-r--r--include/obj.h5
-rw-r--r--src/chain.c31
-rw-r--r--src/expr.c1
-rw-r--r--src/expr/socket.c1
-rw-r--r--src/libnftnl.map8
-rw-r--r--src/object.c26
-rw-r--r--src/rule.c6
-rw-r--r--src/set_elem.c2
-rw-r--r--src/table.c33
45 files changed, 223 insertions, 30 deletions
diff --git a/Make_global.am b/Make_global.am
index 44f0762..b2f2f66 100644
--- a/Make_global.am
+++ b/Make_global.am
@@ -18,7 +18,7 @@
# set age to 0.
# </snippet>
#
-LIBVERSION=14:0:3
+LIBVERSION=15:0:4
AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_srcdir}/include ${LIBMNL_CFLAGS} ${LIBMXML_CFLAGS}
AM_CFLAGS = ${regular_CFLAGS} ${GCC_FVISIBILITY_HIDDEN}
diff --git a/configure.ac b/configure.ac
index c447d7f..3d6ce92 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,6 @@
dnl Process this file with autoconf to create configure.
-AC_INIT([libnftnl], [1.1.7])
+AC_INIT([libnftnl], [1.1.8])
AC_CONFIG_AUX_DIR([build-aux])
AC_CANONICAL_HOST
AC_CONFIG_MACRO_DIR([m4])
diff --git a/examples/nft-chain-add.c b/examples/nft-chain-add.c
index cde4c97..f711e09 100644
--- a/examples/nft-chain-add.c
+++ b/examples/nft-chain-add.c
@@ -79,12 +79,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-chain-del.c b/examples/nft-chain-del.c
index 9956009..bcc714e 100644
--- a/examples/nft-chain-del.c
+++ b/examples/nft-chain-del.c
@@ -56,12 +56,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-chain-get.c b/examples/nft-chain-get.c
index 4e3b3c1..8a6ef91 100644
--- a/examples/nft-chain-get.c
+++ b/examples/nft-chain-get.c
@@ -67,6 +67,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -74,7 +76,7 @@ int main(int argc, char *argv[])
else if (strcmp(argv[1], "unspec") == 0)
family = NFPROTO_UNSPEC;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp, unspec\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp, unspec\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-ct-timeout-add.c b/examples/nft-ct-timeout-add.c
index 913290f..4c2052e 100644
--- a/examples/nft-ct-timeout-add.c
+++ b/examples/nft-ct-timeout-add.c
@@ -31,12 +31,14 @@ static struct nftnl_obj *obj_add_parse(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
return NULL;
}
diff --git a/examples/nft-flowtable-add.c b/examples/nft-flowtable-add.c
index f42d206..5ca62be 100644
--- a/examples/nft-flowtable-add.c
+++ b/examples/nft-flowtable-add.c
@@ -59,12 +59,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-flowtable-del.c b/examples/nft-flowtable-del.c
index 4866ea2..91e5d3a 100644
--- a/examples/nft-flowtable-del.c
+++ b/examples/nft-flowtable-del.c
@@ -45,12 +45,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-flowtable-get.c b/examples/nft-flowtable-get.c
index 0d92fff..38929f3 100644
--- a/examples/nft-flowtable-get.c
+++ b/examples/nft-flowtable-get.c
@@ -56,6 +56,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -63,7 +65,7 @@ int main(int argc, char *argv[])
else if (strcmp(argv[1], "unspec") == 0)
family = NFPROTO_UNSPEC;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp, unspec\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp, unspec\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-map-add.c b/examples/nft-map-add.c
index d87d841..7c6eeb9 100644
--- a/examples/nft-map-add.c
+++ b/examples/nft-map-add.c
@@ -74,6 +74,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
diff --git a/examples/nft-obj-add.c b/examples/nft-obj-add.c
index 83941c4..f526b3c 100644
--- a/examples/nft-obj-add.c
+++ b/examples/nft-obj-add.c
@@ -27,12 +27,14 @@ static struct nftnl_obj *obj_add_parse(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
return NULL;
}
diff --git a/examples/nft-obj-del.c b/examples/nft-obj-del.c
index 0aa63c0..ae4f703 100644
--- a/examples/nft-obj-del.c
+++ b/examples/nft-obj-del.c
@@ -29,12 +29,14 @@ static struct nftnl_obj *obj_del_parse(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
return NULL;
}
diff --git a/examples/nft-obj-get.c b/examples/nft-obj-get.c
index 87be3b4..e560ed0 100644
--- a/examples/nft-obj-get.c
+++ b/examples/nft-obj-get.c
@@ -65,6 +65,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -72,7 +74,7 @@ int main(int argc, char *argv[])
else if (strcmp(argv[1], "unspec") == 0)
family = NFPROTO_UNSPEC;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp, unspec\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp, unspec\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-rule-add.c b/examples/nft-rule-add.c
index 9780515..77ee480 100644
--- a/examples/nft-rule-add.c
+++ b/examples/nft-rule-add.c
@@ -137,8 +137,10 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else {
- fprintf(stderr, "Unknown family: ip, ip6\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-rule-ct-helper-add.c b/examples/nft-rule-ct-helper-add.c
index 632cc5c..e0338a8 100644
--- a/examples/nft-rule-ct-helper-add.c
+++ b/examples/nft-rule-ct-helper-add.c
@@ -89,8 +89,10 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else {
- fprintf(stderr, "Unknown family: ip, ip6\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-rule-ct-timeout-add.c b/examples/nft-rule-ct-timeout-add.c
index d3f843e..d93cde1 100644
--- a/examples/nft-rule-ct-timeout-add.c
+++ b/examples/nft-rule-ct-timeout-add.c
@@ -89,8 +89,10 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else {
- fprintf(stderr, "Unknown family: ip, ip6\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-rule-del.c b/examples/nft-rule-del.c
index fee3011..035aaa2 100644
--- a/examples/nft-rule-del.c
+++ b/examples/nft-rule-del.c
@@ -48,12 +48,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-rule-get.c b/examples/nft-rule-get.c
index 8a980ef..8fb654f 100644
--- a/examples/nft-rule-get.c
+++ b/examples/nft-rule-get.c
@@ -91,6 +91,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -98,7 +100,7 @@ int main(int argc, char *argv[])
else if (strcmp(argv[1], "unspec") == 0)
family = NFPROTO_UNSPEC;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp, unspec\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp, unspec\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-set-add.c b/examples/nft-set-add.c
index d8e3e4e..c9e249d 100644
--- a/examples/nft-set-add.c
+++ b/examples/nft-set-add.c
@@ -70,12 +70,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-set-del.c b/examples/nft-set-del.c
index 7f20e21..eafd5d7 100644
--- a/examples/nft-set-del.c
+++ b/examples/nft-set-del.c
@@ -46,12 +46,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-set-elem-add.c b/examples/nft-set-elem-add.c
index 438966f..4b8b37c 100644
--- a/examples/nft-set-elem-add.c
+++ b/examples/nft-set-elem-add.c
@@ -48,12 +48,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-set-elem-del.c b/examples/nft-set-elem-del.c
index 157fbcf..b569fea 100644
--- a/examples/nft-set-elem-del.c
+++ b/examples/nft-set-elem-del.c
@@ -48,12 +48,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-set-elem-get.c b/examples/nft-set-elem-get.c
index 778e40f..52cdd51 100644
--- a/examples/nft-set-elem-get.c
+++ b/examples/nft-set-elem-get.c
@@ -70,12 +70,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-set-get.c b/examples/nft-set-get.c
index bb33674..cbe3f85 100644
--- a/examples/nft-set-get.c
+++ b/examples/nft-set-get.c
@@ -70,6 +70,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -77,7 +79,7 @@ int main(int argc, char *argv[])
else if (strcmp(argv[1], "unspec") == 0)
family = NFPROTO_UNSPEC;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp, unspec\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp, unspec\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-table-add.c b/examples/nft-table-add.c
index 4418a51..5b5c1dd 100644
--- a/examples/nft-table-add.c
+++ b/examples/nft-table-add.c
@@ -29,12 +29,14 @@ static struct nftnl_table *table_add_parse(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
return NULL;
}
diff --git a/examples/nft-table-del.c b/examples/nft-table-del.c
index aa1827d..3d78fd4 100644
--- a/examples/nft-table-del.c
+++ b/examples/nft-table-del.c
@@ -29,12 +29,14 @@ static struct nftnl_table *table_del_parse(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
return NULL;
}
diff --git a/examples/nft-table-get.c b/examples/nft-table-get.c
index c0c8454..64fd66c 100644
--- a/examples/nft-table-get.c
+++ b/examples/nft-table-get.c
@@ -65,6 +65,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -72,7 +74,7 @@ int main(int argc, char *argv[])
else if (strcmp(argv[1], "unspec") == 0)
family = NFPROTO_UNSPEC;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp, unspec\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp, unspec\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-table-upd.c b/examples/nft-table-upd.c
index 1c7f9b3..663d09f 100644
--- a/examples/nft-table-upd.c
+++ b/examples/nft-table-upd.c
@@ -51,6 +51,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -59,7 +61,7 @@ int main(int argc, char *argv[])
family = NFPROTO_NETDEV;
else {
fprintf(stderr,
- "Unknown family: ip, ip6, bridge, arp, netdev\n");
+ "Unknown family: ip, ip6, inet, bridge, arp, netdev\n");
exit(EXIT_FAILURE);
}
diff --git a/include/libnftnl/chain.h b/include/libnftnl/chain.h
index 0e57a5a..f56e581 100644
--- a/include/libnftnl/chain.h
+++ b/include/libnftnl/chain.h
@@ -34,6 +34,7 @@ enum nftnl_chain_attr {
NFTNL_CHAIN_DEVICES,
NFTNL_CHAIN_FLAGS,
NFTNL_CHAIN_ID,
+ NFTNL_CHAIN_USERDATA,
__NFTNL_CHAIN_MAX
};
#define NFTNL_CHAIN_MAX (__NFTNL_CHAIN_MAX - 1)
diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
index dcbcf5c..c2b2d86 100644
--- a/include/libnftnl/expr.h
+++ b/include/libnftnl/expr.h
@@ -36,6 +36,8 @@ uint32_t nftnl_expr_get_u32(const struct nftnl_expr *expr, uint16_t type);
uint64_t nftnl_expr_get_u64(const struct nftnl_expr *expr, uint16_t type);
const char *nftnl_expr_get_str(const struct nftnl_expr *expr, uint16_t type);
+void nftnl_expr_build_payload(struct nlmsghdr *nlh, struct nftnl_expr *expr);
+
int nftnl_expr_snprintf(char *buf, size_t buflen, const struct nftnl_expr *expr, uint32_t type, uint32_t flags);
int nftnl_expr_fprintf(FILE *fp, const struct nftnl_expr *expr, uint32_t type, uint32_t flags);
diff --git a/include/libnftnl/object.h b/include/libnftnl/object.h
index 4c23774..9bd83a5 100644
--- a/include/libnftnl/object.h
+++ b/include/libnftnl/object.h
@@ -19,6 +19,7 @@ enum {
NFTNL_OBJ_FAMILY,
NFTNL_OBJ_USE,
NFTNL_OBJ_HANDLE,
+ NFTNL_OBJ_USERDATA,
NFTNL_OBJ_BASE = 16,
__NFTNL_OBJ_MAX
};
diff --git a/include/libnftnl/rule.h b/include/libnftnl/rule.h
index e5d1ca0..b6b93c6 100644
--- a/include/libnftnl/rule.h
+++ b/include/libnftnl/rule.h
@@ -51,6 +51,7 @@ uint32_t nftnl_rule_get_u32(const struct nftnl_rule *r, uint16_t attr);
uint64_t nftnl_rule_get_u64(const struct nftnl_rule *r, uint16_t attr);
void nftnl_rule_add_expr(struct nftnl_rule *r, struct nftnl_expr *expr);
+void nftnl_rule_del_expr(struct nftnl_expr *expr);
struct nlmsghdr;
diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h
index 5138bb9..961ce5d 100644
--- a/include/libnftnl/set.h
+++ b/include/libnftnl/set.h
@@ -142,7 +142,7 @@ int nftnl_set_elem_parse(struct nftnl_set_elem *e, enum nftnl_parse_type type,
int nftnl_set_elem_parse_file(struct nftnl_set_elem *e, enum nftnl_parse_type type,
FILE *fp, struct nftnl_parse_err *err);
int nftnl_set_elem_snprintf(char *buf, size_t size, const struct nftnl_set_elem *s, uint32_t type, uint32_t flags);
-int nftnl_set_elem_fprintf(FILE *fp, struct nftnl_set_elem *se, uint32_t type, uint32_t flags);
+int nftnl_set_elem_fprintf(FILE *fp, const struct nftnl_set_elem *se, uint32_t type, uint32_t flags);
int nftnl_set_elem_foreach(struct nftnl_set *s, int (*cb)(struct nftnl_set_elem *e, void *data), void *data);
diff --git a/include/libnftnl/table.h b/include/libnftnl/table.h
index 5faec81..a37fba2 100644
--- a/include/libnftnl/table.h
+++ b/include/libnftnl/table.h
@@ -23,6 +23,7 @@ enum nftnl_table_attr {
NFTNL_TABLE_FLAGS,
NFTNL_TABLE_USE,
NFTNL_TABLE_HANDLE,
+ NFTNL_TABLE_USERDATA,
__NFTNL_TABLE_MAX
};
#define NFTNL_TABLE_MAX (__NFTNL_TABLE_MAX - 1)
diff --git a/include/libnftnl/udata.h b/include/libnftnl/udata.h
index 661493b..dbf3a60 100644
--- a/include/libnftnl/udata.h
+++ b/include/libnftnl/udata.h
@@ -9,6 +9,18 @@
extern "C" {
#endif
+enum nftnl_udata_table_types {
+ NFTNL_UDATA_TABLE_COMMENT,
+ __NFTNL_UDATA_TABLE_MAX
+};
+#define NFTNL_UDATA_TABLE_MAX (__NFTNL_UDATA_TABLE_MAX - 1)
+
+enum nftnl_udata_chain_types {
+ NFTNL_UDATA_CHAIN_COMMENT,
+ __NFTNL_UDATA_CHAIN_MAX
+};
+#define NFTNL_UDATA_CHAIN_MAX (__NFTNL_UDATA_CHAIN_MAX - 1)
+
enum nftnl_udata_rule_types {
NFTNL_UDATA_RULE_COMMENT,
NFTNL_UDATA_RULE_EBTABLES_POLICY,
@@ -16,6 +28,12 @@ enum nftnl_udata_rule_types {
};
#define NFTNL_UDATA_RULE_MAX (__NFTNL_UDATA_RULE_MAX - 1)
+enum nftnl_udata_obj_types {
+ NFTNL_UDATA_OBJ_COMMENT,
+ __NFTNL_UDATA_OBJ_MAX
+};
+#define NFTNL_UDATA_OBJ_MAX (__NFTNL_UDATA_OBJ_MAX - 1)
+
#define NFTNL_UDATA_COMMENT_MAXLEN 128
enum nftnl_udata_set_types {
@@ -26,6 +44,7 @@ enum nftnl_udata_set_types {
NFTNL_UDATA_SET_DATA_TYPEOF,
NFTNL_UDATA_SET_EXPR,
NFTNL_UDATA_SET_DATA_INTERVAL,
+ NFTNL_UDATA_SET_COMMENT,
__NFTNL_UDATA_SET_MAX
};
#define NFTNL_UDATA_SET_MAX (__NFTNL_UDATA_SET_MAX - 1)
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index d9b0daa..e4cdf78 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -180,6 +180,7 @@ enum nft_table_attributes {
NFTA_TABLE_USE,
NFTA_TABLE_HANDLE,
NFTA_TABLE_PAD,
+ NFTA_TABLE_USERDATA,
__NFTA_TABLE_MAX
};
#define NFTA_TABLE_MAX (__NFTA_TABLE_MAX - 1)
@@ -196,6 +197,7 @@ enum nft_table_attributes {
* @NFTA_CHAIN_TYPE: type name of the string (NLA_NUL_STRING)
* @NFTA_CHAIN_COUNTERS: counter specification of the chain (NLA_NESTED: nft_counter_attributes)
* @NFTA_CHAIN_FLAGS: chain flags
+ * @NFTA_CHAIN_USERDATA: user data (NLA_BINARY)
*/
enum nft_chain_attributes {
NFTA_CHAIN_UNSPEC,
@@ -210,6 +212,7 @@ enum nft_chain_attributes {
NFTA_CHAIN_PAD,
NFTA_CHAIN_FLAGS,
NFTA_CHAIN_ID,
+ NFTA_CHAIN_USERDATA,
__NFTA_CHAIN_MAX
};
#define NFTA_CHAIN_MAX (__NFTA_CHAIN_MAX - 1)
@@ -994,10 +997,12 @@ enum nft_socket_attributes {
*
* @NFT_SOCKET_TRANSPARENT: Value of the IP(V6)_TRANSPARENT socket option
* @NFT_SOCKET_MARK: Value of the socket mark
+ * @NFT_SOCKET_WILDCARD: Whether the socket is zero-bound (e.g. 0.0.0.0 or ::0)
*/
enum nft_socket_keys {
NFT_SOCKET_TRANSPARENT,
NFT_SOCKET_MARK,
+ NFT_SOCKET_WILDCARD,
__NFT_SOCKET_MAX
};
#define NFT_SOCKET_MAX (__NFT_SOCKET_MAX - 1)
@@ -1541,6 +1546,7 @@ enum nft_ct_expectation_attributes {
* @NFTA_OBJ_DATA: stateful object data (NLA_NESTED)
* @NFTA_OBJ_USE: number of references to this expression (NLA_U32)
* @NFTA_OBJ_HANDLE: object handle (NLA_U64)
+ * @NFTA_OBJ_USERDATA: user data (NLA_BINARY)
*/
enum nft_object_attributes {
NFTA_OBJ_UNSPEC,
@@ -1551,6 +1557,7 @@ enum nft_object_attributes {
NFTA_OBJ_USE,
NFTA_OBJ_HANDLE,
NFTA_OBJ_PAD,
+ NFTA_OBJ_USERDATA,
__NFTA_OBJ_MAX
};
#define NFTA_OBJ_MAX (__NFTA_OBJ_MAX - 1)
diff --git a/include/obj.h b/include/obj.h
index 10f806c..d9e856a 100644
--- a/include/obj.h
+++ b/include/obj.h
@@ -22,6 +22,11 @@ struct nftnl_obj {
uint32_t flags;
uint64_t handle;
+ struct {
+ void *data;
+ uint32_t len;
+ } user;
+
union {
struct nftnl_obj_counter {
uint64_t pkts;
diff --git a/src/chain.c b/src/chain.c
index 94efa90..aac9da6 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -51,6 +51,11 @@ struct nftnl_chain {
uint32_t flags;
uint32_t chain_id;
+ struct {
+ void *data;
+ uint32_t len;
+ } user;
+
struct list_head rule_list;
};
@@ -125,6 +130,8 @@ void nftnl_chain_free(const struct nftnl_chain *c)
xfree(c->type);
if (c->flags & (1 << NFTNL_CHAIN_DEV))
xfree(c->dev);
+ if (c->flags & (1 << NFTNL_CHAIN_USERDATA))
+ xfree(c->user.data);
if (c->flags & (1 << NFTNL_CHAIN_DEVICES)) {
for (i = 0; i < c->dev_array_len; i++)
xfree(c->dev_array[i]);
@@ -290,6 +297,16 @@ int nftnl_chain_set_data(struct nftnl_chain *c, uint16_t attr,
case NFTNL_CHAIN_ID:
memcpy(&c->chain_id, data, sizeof(c->chain_id));
break;
+ case NFTNL_CHAIN_USERDATA:
+ if (c->flags & (1 << NFTNL_CHAIN_USERDATA))
+ xfree(c->user.data);
+
+ c->user.data = malloc(data_len);
+ if (!c->user.data)
+ return -1;
+ memcpy(c->user.data, data, data_len);
+ c->user.len = data_len;
+ break;
}
c->flags |= (1 << attr);
return 0;
@@ -391,6 +408,9 @@ const void *nftnl_chain_get_data(const struct nftnl_chain *c, uint16_t attr,
case NFTNL_CHAIN_ID:
*data_len = sizeof(uint32_t);
return &c->chain_id;
+ case NFTNL_CHAIN_USERDATA:
+ *data_len = c->user.len;
+ return c->user.data;
}
return NULL;
}
@@ -513,6 +533,8 @@ void nftnl_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nftnl_ch
mnl_attr_put_u32(nlh, NFTA_CHAIN_FLAGS, htonl(c->chain_flags));
if (c->flags & (1 << NFTNL_CHAIN_ID))
mnl_attr_put_u32(nlh, NFTA_CHAIN_ID, htonl(c->chain_id));
+ if (c->flags & (1 << NFTNL_CHAIN_USERDATA))
+ mnl_attr_put(nlh, NFTA_CHAIN_USERDATA, c->user.len, c->user.data);
}
EXPORT_SYMBOL(nftnl_chain_rule_add);
@@ -576,6 +598,10 @@ static int nftnl_chain_parse_attr_cb(const struct nlattr *attr, void *data)
if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0)
abi_breakage();
break;
+ case NFTA_CHAIN_USERDATA:
+ if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
+ abi_breakage();
+ break;
}
tb[type] = attr;
@@ -777,6 +803,11 @@ int nftnl_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_chain *c)
c->chain_id = ntohl(mnl_attr_get_u32(tb[NFTA_CHAIN_ID]));
c->flags |= (1 << NFTNL_CHAIN_ID);
}
+ if (tb[NFTA_CHAIN_USERDATA]) {
+ nftnl_chain_set_data(c, NFTNL_CHAIN_USERDATA,
+ mnl_attr_get_payload(tb[NFTA_CHAIN_USERDATA]),
+ mnl_attr_get_payload_len(tb[NFTA_CHAIN_USERDATA]));
+ }
c->family = nfg->nfgen_family;
c->flags |= (1 << NFTNL_CHAIN_FAMILY);
diff --git a/src/expr.c b/src/expr.c
index 80c4c36..ed2f60e 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -203,6 +203,7 @@ const char *nftnl_expr_get_str(const struct nftnl_expr *expr, uint16_t type)
return (const char *)nftnl_expr_get(expr, type, &data_len);
}
+EXPORT_SYMBOL(nftnl_expr_build_payload);
void nftnl_expr_build_payload(struct nlmsghdr *nlh, struct nftnl_expr *expr)
{
struct nlattr *nest;
diff --git a/src/expr/socket.c b/src/expr/socket.c
index 96550d5..8cd4536 100644
--- a/src/expr/socket.c
+++ b/src/expr/socket.c
@@ -115,6 +115,7 @@ nftnl_expr_socket_parse(struct nftnl_expr *e, struct nlattr *attr)
static const char *socket_key2str_array[NFT_SOCKET_MAX + 1] = {
[NFT_SOCKET_TRANSPARENT] = "transparent",
[NFT_SOCKET_MARK] = "mark",
+ [NFT_SOCKET_WILDCARD] = "wildcard",
};
static const char *socket_key2str(uint8_t key)
diff --git a/src/libnftnl.map b/src/libnftnl.map
index f62640f..2d35ace 100644
--- a/src/libnftnl.map
+++ b/src/libnftnl.map
@@ -169,7 +169,7 @@ global:
nftnl_set_elem_parse;
nftnl_set_elem_parse_file;
nftnl_set_elem_snprintf;
- nftnl_set_elem_fprinf;
+ nftnl_set_elem_fprintf;
nftnl_set_elems_nlmsg_build_payload;
nftnl_set_elems_nlmsg_parse;
@@ -368,3 +368,9 @@ LIBNFTNL_14 {
nftnl_flowtable_set_array;
nftnl_flowtable_get_array;
} LIBNFTNL_13;
+
+LIBNFTNL_15 {
+ nftnl_obj_get_data;
+ nftnl_expr_build_payload;
+ nftnl_rule_del_expr;
+} LIBNFTNL_14;
diff --git a/src/object.c b/src/object.c
index 4f58272..008bade 100644
--- a/src/object.c
+++ b/src/object.c
@@ -57,6 +57,8 @@ void nftnl_obj_free(const struct nftnl_obj *obj)
xfree(obj->table);
if (obj->flags & (1 << NFTNL_OBJ_NAME))
xfree(obj->name);
+ if (obj->flags & (1 << NFTNL_OBJ_USERDATA))
+ xfree(obj->user.data);
xfree(obj);
}
@@ -103,6 +105,16 @@ void nftnl_obj_set_data(struct nftnl_obj *obj, uint16_t attr,
case NFTNL_OBJ_HANDLE:
memcpy(&obj->handle, data, sizeof(obj->handle));
break;
+ case NFTNL_OBJ_USERDATA:
+ if (obj->flags & (1 << NFTNL_OBJ_USERDATA))
+ xfree(obj->user.data);
+
+ obj->user.data = malloc(data_len);
+ if (!obj->user.data)
+ return;
+ memcpy(obj->user.data, data, data_len);
+ obj->user.len = data_len;
+ break;
default:
if (obj->ops)
obj->ops->set(obj, attr, data, data_len);
@@ -174,6 +186,9 @@ const void *nftnl_obj_get_data(struct nftnl_obj *obj, uint16_t attr,
case NFTNL_OBJ_HANDLE:
*data_len = sizeof(uint64_t);
return &obj->handle;
+ case NFTNL_OBJ_USERDATA:
+ *data_len = obj->user.len;
+ return obj->user.data;
default:
if (obj->ops)
return obj->ops->get(obj, attr, data_len);
@@ -235,6 +250,8 @@ void nftnl_obj_nlmsg_build_payload(struct nlmsghdr *nlh,
mnl_attr_put_u32(nlh, NFTA_OBJ_TYPE, htonl(obj->ops->type));
if (obj->flags & (1 << NFTNL_OBJ_HANDLE))
mnl_attr_put_u64(nlh, NFTA_OBJ_HANDLE, htobe64(obj->handle));
+ if (obj->flags & (1 << NFTNL_OBJ_USERDATA))
+ mnl_attr_put(nlh, NFTA_OBJ_USERDATA, obj->user.len, obj->user.data);
if (obj->ops) {
struct nlattr *nest = mnl_attr_nest_start(nlh, NFTA_OBJ_DATA);
@@ -269,6 +286,10 @@ static int nftnl_obj_parse_attr_cb(const struct nlattr *attr, void *data)
if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
abi_breakage();
break;
+ case NFTA_OBJ_USERDATA:
+ if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
+ abi_breakage();
+ break;
}
tb[type] = attr;
@@ -315,6 +336,11 @@ int nftnl_obj_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_obj *obj)
obj->handle = be64toh(mnl_attr_get_u64(tb[NFTA_OBJ_HANDLE]));
obj->flags |= (1 << NFTNL_OBJ_HANDLE);
}
+ if (tb[NFTA_OBJ_USERDATA]) {
+ nftnl_obj_set_data(obj, NFTNL_OBJ_USERDATA,
+ mnl_attr_get_payload(tb[NFTA_OBJ_USERDATA]),
+ mnl_attr_get_payload_len(tb[NFTA_OBJ_USERDATA]));
+ }
obj->family = nfg->nfgen_family;
obj->flags |= (1 << NFTNL_OBJ_FAMILY);
diff --git a/src/rule.c b/src/rule.c
index 8d7e068..480afc8 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -330,6 +330,12 @@ void nftnl_rule_add_expr(struct nftnl_rule *r, struct nftnl_expr *expr)
list_add_tail(&expr->head, &r->expr_list);
}
+EXPORT_SYMBOL(nftnl_rule_del_expr);
+void nftnl_rule_del_expr(struct nftnl_expr *expr)
+{
+ list_del(&expr->head);
+}
+
static int nftnl_rule_parse_attr_cb(const struct nlattr *attr, void *data)
{
const struct nlattr **tb = data;
diff --git a/src/set_elem.c b/src/set_elem.c
index 4421322..e82684b 100644
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -706,7 +706,7 @@ static int nftnl_set_elem_do_snprintf(char *buf, size_t size, const void *e,
}
EXPORT_SYMBOL(nftnl_set_elem_fprintf);
-int nftnl_set_elem_fprintf(FILE *fp, struct nftnl_set_elem *se, uint32_t type,
+int nftnl_set_elem_fprintf(FILE *fp, const struct nftnl_set_elem *se, uint32_t type,
uint32_t flags)
{
return nftnl_fprintf(fp, se, NFTNL_CMD_UNSPEC, type, flags,
diff --git a/src/table.c b/src/table.c
index 94d522b..731c818 100644
--- a/src/table.c
+++ b/src/table.c
@@ -34,6 +34,10 @@ struct nftnl_table {
uint64_t handle;
uint32_t use;
uint32_t flags;
+ struct {
+ void *data;
+ uint32_t len;
+ } user;
};
EXPORT_SYMBOL(nftnl_table_alloc);
@@ -47,6 +51,8 @@ void nftnl_table_free(const struct nftnl_table *t)
{
if (t->flags & (1 << NFTNL_TABLE_NAME))
xfree(t->name);
+ if (t->flags & (1 << NFTNL_TABLE_USERDATA))
+ xfree(t->user.data);
xfree(t);
}
@@ -111,6 +117,16 @@ int nftnl_table_set_data(struct nftnl_table *t, uint16_t attr,
case NFTNL_TABLE_USE:
memcpy(&t->use, data, sizeof(t->use));
break;
+ case NFTNL_TABLE_USERDATA:
+ if (t->flags & (1 << NFTNL_TABLE_USERDATA))
+ xfree(t->user.data);
+
+ t->user.data = malloc(data_len);
+ if (!t->user.data)
+ return -1;
+ memcpy(t->user.data, data, data_len);
+ t->user.len = data_len;
+ break;
}
t->flags |= (1 << attr);
return 0;
@@ -169,6 +185,9 @@ const void *nftnl_table_get_data(const struct nftnl_table *t, uint16_t attr,
case NFTNL_TABLE_USE:
*data_len = sizeof(uint32_t);
return &t->use;
+ case NFTNL_TABLE_USERDATA:
+ *data_len = t->user.len;
+ return t->user.data;
}
return NULL;
}
@@ -216,6 +235,8 @@ void nftnl_table_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nftnl_ta
mnl_attr_put_u64(nlh, NFTA_TABLE_HANDLE, htobe64(t->handle));
if (t->flags & (1 << NFTNL_TABLE_FLAGS))
mnl_attr_put_u32(nlh, NFTA_TABLE_FLAGS, htonl(t->table_flags));
+ if (t->flags & (1 << NFTNL_TABLE_USERDATA))
+ mnl_attr_put(nlh, NFTA_TABLE_USERDATA, t->user.len, t->user.data);
}
static int nftnl_table_parse_attr_cb(const struct nlattr *attr, void *data)
@@ -240,6 +261,10 @@ static int nftnl_table_parse_attr_cb(const struct nlattr *attr, void *data)
if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
abi_breakage();
break;
+ case NFTA_TABLE_USERDATA:
+ if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
+ abi_breakage();
+ break;
}
tb[type] = attr;
@@ -251,6 +276,7 @@ int nftnl_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_table *t)
{
struct nlattr *tb[NFTA_TABLE_MAX+1] = {};
struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh);
+ int ret;
if (mnl_attr_parse(nlh, sizeof(*nfg), nftnl_table_parse_attr_cb, tb) < 0)
return -1;
@@ -275,6 +301,13 @@ int nftnl_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_table *t)
t->handle = be64toh(mnl_attr_get_u64(tb[NFTA_TABLE_HANDLE]));
t->flags |= (1 << NFTNL_TABLE_HANDLE);
}
+ if (tb[NFTA_TABLE_USERDATA]) {
+ ret = nftnl_table_set_data(t, NFTNL_TABLE_USERDATA,
+ mnl_attr_get_payload(tb[NFTA_TABLE_USERDATA]),
+ mnl_attr_get_payload_len(tb[NFTA_TABLE_USERDATA]));
+ if (ret < 0)
+ return ret;
+ }
t->family = nfg->nfgen_family;
t->flags |= (1 << NFTNL_TABLE_FAMILY);