summaryrefslogtreecommitdiffstats
path: root/examples
diff options
context:
space:
mode:
Diffstat (limited to 'examples')
-rw-r--r--examples/nft-chain-add.c10
-rw-r--r--examples/nft-chain-del.c9
-rw-r--r--examples/nft-chain-get.c12
-rw-r--r--examples/nft-ct-timeout-add.c4
-rw-r--r--examples/nft-flowtable-add.c29
-rw-r--r--examples/nft-flowtable-del.c30
-rw-r--r--examples/nft-flowtable-get.c12
-rw-r--r--examples/nft-map-add.c8
-rw-r--r--examples/nft-obj-add.c4
-rw-r--r--examples/nft-obj-del.c4
-rw-r--r--examples/nft-obj-get.c4
-rw-r--r--examples/nft-rule-add.c14
-rw-r--r--examples/nft-rule-ct-expectation-add.c11
-rw-r--r--examples/nft-rule-ct-helper-add.c14
-rw-r--r--examples/nft-rule-ct-timeout-add.c14
-rw-r--r--examples/nft-rule-del.c11
-rw-r--r--examples/nft-rule-get.c8
-rw-r--r--examples/nft-ruleset-get.c26
-rw-r--r--examples/nft-set-add.c10
-rw-r--r--examples/nft-set-del.c9
-rw-r--r--examples/nft-set-elem-add.c4
-rw-r--r--examples/nft-set-elem-del.c9
-rw-r--r--examples/nft-set-elem-get.c8
-rw-r--r--examples/nft-set-get.c8
-rw-r--r--examples/nft-table-add.c10
-rw-r--r--examples/nft-table-del.c10
-rw-r--r--examples/nft-table-get.c12
-rw-r--r--examples/nft-table-upd.c9
28 files changed, 168 insertions, 145 deletions
diff --git a/examples/nft-chain-add.c b/examples/nft-chain-add.c
index cde4c97..13be982 100644
--- a/examples/nft-chain-add.c
+++ b/examples/nft-chain-add.c
@@ -79,12 +79,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
@@ -99,9 +101,9 @@ int main(int argc, char *argv[])
mnl_nlmsg_batch_next(batch);
chain_seq = seq;
- nlh = nftnl_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_NEWCHAIN, family,
- NLM_F_CREATE|NLM_F_ACK, seq++);
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_NEWCHAIN, family,
+ NLM_F_CREATE | NLM_F_ACK, seq++);
nftnl_chain_nlmsg_build_payload(nlh, t);
nftnl_chain_free(t);
mnl_nlmsg_batch_next(batch);
diff --git a/examples/nft-chain-del.c b/examples/nft-chain-del.c
index 9956009..3cd483e 100644
--- a/examples/nft-chain-del.c
+++ b/examples/nft-chain-del.c
@@ -56,12 +56,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
@@ -76,9 +78,8 @@ int main(int argc, char *argv[])
mnl_nlmsg_batch_next(batch);
chain_seq = seq;
- nlh = nftnl_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_DELCHAIN, family,
- NLM_F_ACK, seq++);
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_DELCHAIN, family, NLM_F_ACK, seq++);
nftnl_chain_nlmsg_build_payload(nlh, t);
nftnl_chain_free(t);
mnl_nlmsg_batch_next(batch);
diff --git a/examples/nft-chain-get.c b/examples/nft-chain-get.c
index 4e3b3c1..612f58b 100644
--- a/examples/nft-chain-get.c
+++ b/examples/nft-chain-get.c
@@ -67,6 +67,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -74,7 +76,7 @@ int main(int argc, char *argv[])
else if (strcmp(argv[1], "unspec") == 0)
family = NFPROTO_UNSPEC;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp, unspec\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp, unspec\n");
exit(EXIT_FAILURE);
}
@@ -84,15 +86,15 @@ int main(int argc, char *argv[])
perror("OOM");
exit(EXIT_FAILURE);
}
- nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family,
- NLM_F_ACK, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family,
+ NLM_F_ACK, seq);
nftnl_chain_set_str(t, NFTNL_CHAIN_TABLE, argv[2]);
nftnl_chain_set_str(t, NFTNL_CHAIN_NAME, argv[3]);
nftnl_chain_nlmsg_build_payload(nlh, t);
nftnl_chain_free(t);
} else if (argc >= 2) {
- nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family,
- NLM_F_DUMP, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family,
+ NLM_F_DUMP, seq);
}
nl = mnl_socket_open(NETLINK_NETFILTER);
diff --git a/examples/nft-ct-timeout-add.c b/examples/nft-ct-timeout-add.c
index 913290f..4c2052e 100644
--- a/examples/nft-ct-timeout-add.c
+++ b/examples/nft-ct-timeout-add.c
@@ -31,12 +31,14 @@ static struct nftnl_obj *obj_add_parse(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
return NULL;
}
diff --git a/examples/nft-flowtable-add.c b/examples/nft-flowtable-add.c
index f42d206..f509f23 100644
--- a/examples/nft-flowtable-add.c
+++ b/examples/nft-flowtable-add.c
@@ -47,7 +47,6 @@ int main(int argc, char *argv[])
int ret, family;
struct nftnl_flowtable *t;
struct mnl_nlmsg_batch *batch;
- int batching;
if (argc != 6) {
fprintf(stderr, "Usage: %s <family> <table> <name> <hook> <prio>\n",
@@ -59,12 +58,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
@@ -72,32 +73,22 @@ int main(int argc, char *argv[])
if (t == NULL)
exit(EXIT_FAILURE);
- batching = nftnl_batch_is_supported();
- if (batching < 0) {
- perror("cannot talk to nfnetlink");
- exit(EXIT_FAILURE);
- }
-
seq = time(NULL);
batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
- if (batching) {
- nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
- mnl_nlmsg_batch_next(batch);
- }
+ nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
+ mnl_nlmsg_batch_next(batch);
flowtable_seq = seq;
- nlh = nftnl_flowtable_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_NEWFLOWTABLE, family,
- NLM_F_CREATE|NLM_F_ACK, seq++);
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_NEWFLOWTABLE, family,
+ NLM_F_CREATE | NLM_F_ACK, seq++);
nftnl_flowtable_nlmsg_build_payload(nlh, t);
nftnl_flowtable_free(t);
mnl_nlmsg_batch_next(batch);
- if (batching) {
- nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++);
- mnl_nlmsg_batch_next(batch);
- }
+ nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++);
+ mnl_nlmsg_batch_next(batch);
nl = mnl_socket_open(NETLINK_NETFILTER);
if (nl == NULL) {
diff --git a/examples/nft-flowtable-del.c b/examples/nft-flowtable-del.c
index 4866ea2..c5ce339 100644
--- a/examples/nft-flowtable-del.c
+++ b/examples/nft-flowtable-del.c
@@ -33,7 +33,7 @@ int main(int argc, char *argv[])
struct nlmsghdr *nlh;
uint32_t portid, seq, flowtable_seq;
struct nftnl_flowtable *t;
- int ret, family, batching;
+ int ret, family;
if (argc != 4) {
fprintf(stderr, "Usage: %s <family> <table> <flowtable>\n",
@@ -45,12 +45,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
@@ -58,32 +60,22 @@ int main(int argc, char *argv[])
if (t == NULL)
exit(EXIT_FAILURE);
- batching = nftnl_batch_is_supported();
- if (batching < 0) {
- perror("cannot talk to nfnetlink");
- exit(EXIT_FAILURE);
- }
-
seq = time(NULL);
batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
- if (batching) {
- nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
- mnl_nlmsg_batch_next(batch);
- }
+ nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
+ mnl_nlmsg_batch_next(batch);
flowtable_seq = seq;
- nlh = nftnl_flowtable_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_DELFLOWTABLE, family,
- NLM_F_ACK, seq++);
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_DELFLOWTABLE, family,
+ NLM_F_ACK, seq++);
nftnl_flowtable_nlmsg_build_payload(nlh, t);
nftnl_flowtable_free(t);
mnl_nlmsg_batch_next(batch);
- if (batching) {
- nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++);
- mnl_nlmsg_batch_next(batch);
- }
+ nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++);
+ mnl_nlmsg_batch_next(batch);
nl = mnl_socket_open(NETLINK_NETFILTER);
if (nl == NULL) {
diff --git a/examples/nft-flowtable-get.c b/examples/nft-flowtable-get.c
index 0d92fff..1d10cc8 100644
--- a/examples/nft-flowtable-get.c
+++ b/examples/nft-flowtable-get.c
@@ -56,6 +56,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -63,7 +65,7 @@ int main(int argc, char *argv[])
else if (strcmp(argv[1], "unspec") == 0)
family = NFPROTO_UNSPEC;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp, unspec\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp, unspec\n");
exit(EXIT_FAILURE);
}
@@ -73,15 +75,15 @@ int main(int argc, char *argv[])
perror("OOM");
exit(EXIT_FAILURE);
}
- nlh = nftnl_flowtable_nlmsg_build_hdr(buf, NFT_MSG_GETFLOWTABLE, family,
- NLM_F_ACK, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETFLOWTABLE, family,
+ NLM_F_ACK, seq);
nftnl_flowtable_set_str(t, NFTNL_FLOWTABLE_TABLE, argv[2]);
nftnl_flowtable_set_str(t, NFTNL_FLOWTABLE_NAME, argv[3]);
nftnl_flowtable_nlmsg_build_payload(nlh, t);
nftnl_flowtable_free(t);
} else if (argc >= 2) {
- nlh = nftnl_flowtable_nlmsg_build_hdr(buf, NFT_MSG_GETFLOWTABLE, family,
- NLM_F_DUMP, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETFLOWTABLE, family,
+ NLM_F_DUMP, seq);
}
nl = mnl_socket_open(NETLINK_NETFILTER);
diff --git a/examples/nft-map-add.c b/examples/nft-map-add.c
index d87d841..e5ce664 100644
--- a/examples/nft-map-add.c
+++ b/examples/nft-map-add.c
@@ -74,6 +74,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -101,9 +103,9 @@ int main(int argc, char *argv[])
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
- nlh = nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_NEWSET, family,
- NLM_F_CREATE|NLM_F_ACK, seq++);
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_NEWSET, family,
+ NLM_F_CREATE | NLM_F_ACK, seq++);
nftnl_set_nlmsg_build_payload(nlh, s);
nftnl_set_free(s);
diff --git a/examples/nft-obj-add.c b/examples/nft-obj-add.c
index 83941c4..f526b3c 100644
--- a/examples/nft-obj-add.c
+++ b/examples/nft-obj-add.c
@@ -27,12 +27,14 @@ static struct nftnl_obj *obj_add_parse(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
return NULL;
}
diff --git a/examples/nft-obj-del.c b/examples/nft-obj-del.c
index 0aa63c0..ae4f703 100644
--- a/examples/nft-obj-del.c
+++ b/examples/nft-obj-del.c
@@ -29,12 +29,14 @@ static struct nftnl_obj *obj_del_parse(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
return NULL;
}
diff --git a/examples/nft-obj-get.c b/examples/nft-obj-get.c
index 87be3b4..e560ed0 100644
--- a/examples/nft-obj-get.c
+++ b/examples/nft-obj-get.c
@@ -65,6 +65,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -72,7 +74,7 @@ int main(int argc, char *argv[])
else if (strcmp(argv[1], "unspec") == 0)
family = NFPROTO_UNSPEC;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp, unspec\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp, unspec\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-rule-add.c b/examples/nft-rule-add.c
index 9780515..7d13b92 100644
--- a/examples/nft-rule-add.c
+++ b/examples/nft-rule-add.c
@@ -137,8 +137,10 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else {
- fprintf(stderr, "Unknown family: ip, ip6\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet\n");
exit(EXIT_FAILURE);
}
@@ -163,11 +165,11 @@ int main(int argc, char *argv[])
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
- nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_NEWRULE,
- nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY),
- NLM_F_APPEND|NLM_F_CREATE|NLM_F_ACK, seq++);
-
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_NEWRULE,
+ nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY),
+ NLM_F_APPEND | NLM_F_CREATE | NLM_F_ACK,
+ seq++);
nftnl_rule_nlmsg_build_payload(nlh, r);
nftnl_rule_free(r);
mnl_nlmsg_batch_next(batch);
diff --git a/examples/nft-rule-ct-expectation-add.c b/examples/nft-rule-ct-expectation-add.c
index 2012b3c..07c8306 100644
--- a/examples/nft-rule-ct-expectation-add.c
+++ b/examples/nft-rule-ct-expectation-add.c
@@ -123,12 +123,11 @@ int main(int argc, char *argv[])
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
- nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_NEWRULE,
- nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY),
- NLM_F_APPEND|NLM_F_CREATE|NLM_F_ACK,
- seq++);
-
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_NEWRULE,
+ nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY),
+ NLM_F_APPEND | NLM_F_CREATE | NLM_F_ACK,
+ seq++);
nftnl_rule_nlmsg_build_payload(nlh, r);
nftnl_rule_free(r);
mnl_nlmsg_batch_next(batch);
diff --git a/examples/nft-rule-ct-helper-add.c b/examples/nft-rule-ct-helper-add.c
index 632cc5c..594e6ba 100644
--- a/examples/nft-rule-ct-helper-add.c
+++ b/examples/nft-rule-ct-helper-add.c
@@ -89,8 +89,10 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else {
- fprintf(stderr, "Unknown family: ip, ip6\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet\n");
exit(EXIT_FAILURE);
}
@@ -115,11 +117,11 @@ int main(int argc, char *argv[])
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
- nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_NEWRULE,
- nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY),
- NLM_F_APPEND|NLM_F_CREATE|NLM_F_ACK, seq++);
-
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_NEWRULE,
+ nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY),
+ NLM_F_APPEND | NLM_F_CREATE | NLM_F_ACK,
+ seq++);
nftnl_rule_nlmsg_build_payload(nlh, r);
nftnl_rule_free(r);
mnl_nlmsg_batch_next(batch);
diff --git a/examples/nft-rule-ct-timeout-add.c b/examples/nft-rule-ct-timeout-add.c
index d3f843e..0953cb4 100644
--- a/examples/nft-rule-ct-timeout-add.c
+++ b/examples/nft-rule-ct-timeout-add.c
@@ -89,8 +89,10 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else {
- fprintf(stderr, "Unknown family: ip, ip6\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet\n");
exit(EXIT_FAILURE);
}
@@ -115,11 +117,11 @@ int main(int argc, char *argv[])
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
- nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_NEWRULE,
- nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY),
- NLM_F_APPEND|NLM_F_CREATE|NLM_F_ACK, seq++);
-
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_NEWRULE,
+ nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY),
+ NLM_F_APPEND | NLM_F_CREATE | NLM_F_ACK,
+ seq++);
nftnl_rule_nlmsg_build_payload(nlh, r);
nftnl_rule_free(r);
mnl_nlmsg_batch_next(batch);
diff --git a/examples/nft-rule-del.c b/examples/nft-rule-del.c
index fee3011..cb085ff 100644
--- a/examples/nft-rule-del.c
+++ b/examples/nft-rule-del.c
@@ -48,12 +48,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
@@ -70,11 +72,8 @@ int main(int argc, char *argv[])
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
- nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_DELRULE,
- family,
- NLM_F_ACK, seq++);
-
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_DELRULE, family, NLM_F_ACK, seq++);
nftnl_rule_nlmsg_build_payload(nlh, r);
nftnl_rule_free(r);
mnl_nlmsg_batch_next(batch);
diff --git a/examples/nft-rule-get.c b/examples/nft-rule-get.c
index 8a980ef..8da5b59 100644
--- a/examples/nft-rule-get.c
+++ b/examples/nft-rule-get.c
@@ -91,6 +91,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -98,7 +100,7 @@ int main(int argc, char *argv[])
else if (strcmp(argv[1], "unspec") == 0)
family = NFPROTO_UNSPEC;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp, unspec\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp, unspec\n");
exit(EXIT_FAILURE);
}
@@ -109,8 +111,8 @@ int main(int argc, char *argv[])
}
seq = time(NULL);
- nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family,
- NLM_F_DUMP, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family,
+ NLM_F_DUMP, seq);
r = setup_rule(family, table, chain, NULL);
if (!r) {
diff --git a/examples/nft-ruleset-get.c b/examples/nft-ruleset-get.c
index 7098437..34ebe1f 100644
--- a/examples/nft-ruleset-get.c
+++ b/examples/nft-ruleset-get.c
@@ -5,9 +5,9 @@
*
* Copyright (c) 2013 Pablo Neira Ayuso <pablo@netfilter.org>
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
*
*/
@@ -97,8 +97,8 @@ static struct nftnl_rule_list *mnl_rule_dump(struct mnl_socket *nf_sock,
if (nlr_list == NULL)
memory_allocation_error();
- nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family,
- NLM_F_DUMP, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family,
+ NLM_F_DUMP, seq);
ret = mnl_talk(nf_sock, nlh, nlh->nlmsg_len, rule_cb, nlr_list);
if (ret < 0)
@@ -145,8 +145,8 @@ static struct nftnl_chain_list *mnl_chain_dump(struct mnl_socket *nf_sock,
if (nlc_list == NULL)
memory_allocation_error();
- nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family,
- NLM_F_DUMP, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, family,
+ NLM_F_DUMP, seq);
ret = mnl_talk(nf_sock, nlh, nlh->nlmsg_len, chain_cb, nlc_list);
if (ret < 0)
@@ -193,8 +193,8 @@ static struct nftnl_table_list *mnl_table_dump(struct mnl_socket *nf_sock,
if (nlt_list == NULL)
memory_allocation_error();
- nlh = nftnl_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family,
- NLM_F_DUMP, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family,
+ NLM_F_DUMP, seq);
ret = mnl_talk(nf_sock, nlh, nlh->nlmsg_len, table_cb, nlt_list);
if (ret < 0)
@@ -221,8 +221,8 @@ static int mnl_setelem_get(struct mnl_socket *nf_sock, struct nftnl_set *nls)
struct nlmsghdr *nlh;
uint32_t family = nftnl_set_get_u32(nls, NFTNL_SET_FAMILY);
- nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, family,
- NLM_F_DUMP|NLM_F_ACK, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, family,
+ NLM_F_DUMP | NLM_F_ACK, seq);
nftnl_set_nlmsg_build_payload(nlh, nls);
return mnl_talk(nf_sock, nlh, nlh->nlmsg_len, set_elem_cb, nls);
@@ -266,8 +266,8 @@ mnl_set_dump(struct mnl_socket *nf_sock, int family)
if (s == NULL)
memory_allocation_error();
- nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family,
- NLM_F_DUMP|NLM_F_ACK, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family,
+ NLM_F_DUMP | NLM_F_ACK, seq);
nftnl_set_nlmsg_build_payload(nlh, s);
nftnl_set_free(s);
diff --git a/examples/nft-set-add.c b/examples/nft-set-add.c
index d8e3e4e..109e33a 100644
--- a/examples/nft-set-add.c
+++ b/examples/nft-set-add.c
@@ -70,12 +70,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
@@ -97,9 +99,9 @@ int main(int argc, char *argv[])
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
- nlh = nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_NEWSET, family,
- NLM_F_CREATE|NLM_F_ACK, seq++);
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_NEWSET, family,
+ NLM_F_CREATE | NLM_F_ACK, seq++);
nftnl_set_nlmsg_build_payload(nlh, s);
nftnl_set_free(s);
diff --git a/examples/nft-set-del.c b/examples/nft-set-del.c
index 7f20e21..5e8dea9 100644
--- a/examples/nft-set-del.c
+++ b/examples/nft-set-del.c
@@ -46,12 +46,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
@@ -60,9 +62,8 @@ int main(int argc, char *argv[])
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
- nlh = nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_DELSET, family,
- NLM_F_ACK, seq);
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_DELSET, family, NLM_F_ACK, seq);
nftnl_set_set_str(t, NFTNL_SET_TABLE, argv[2]);
nftnl_set_set_str(t, NFTNL_SET_NAME, argv[3]);
diff --git a/examples/nft-set-elem-add.c b/examples/nft-set-elem-add.c
index 438966f..4b8b37c 100644
--- a/examples/nft-set-elem-add.c
+++ b/examples/nft-set-elem-add.c
@@ -48,12 +48,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
diff --git a/examples/nft-set-elem-del.c b/examples/nft-set-elem-del.c
index 157fbcf..1e6c90d 100644
--- a/examples/nft-set-elem-del.c
+++ b/examples/nft-set-elem-del.c
@@ -48,12 +48,14 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
@@ -85,9 +87,8 @@ int main(int argc, char *argv[])
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
- nlh = nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_DELSETELEM, family,
- NLM_F_ACK, seq);
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_DELSETELEM, family, NLM_F_ACK, seq);
nftnl_set_elems_nlmsg_build_payload(nlh, s);
nftnl_set_free(s);
mnl_nlmsg_batch_next(batch);
diff --git a/examples/nft-set-elem-get.c b/examples/nft-set-elem-get.c
index 778e40f..7f99a60 100644
--- a/examples/nft-set-elem-get.c
+++ b/examples/nft-set-elem-get.c
@@ -70,17 +70,19 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
exit(EXIT_FAILURE);
}
- nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, family,
- NLM_F_DUMP|NLM_F_ACK, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, family,
+ NLM_F_DUMP | NLM_F_ACK, seq);
nftnl_set_set_str(t, NFTNL_SET_NAME, argv[3]);
nftnl_set_set_str(t, NFTNL_SET_TABLE, argv[2]);
nftnl_set_elems_nlmsg_build_payload(nlh, t);
diff --git a/examples/nft-set-get.c b/examples/nft-set-get.c
index bb33674..48a0699 100644
--- a/examples/nft-set-get.c
+++ b/examples/nft-set-get.c
@@ -70,6 +70,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -77,12 +79,12 @@ int main(int argc, char *argv[])
else if (strcmp(argv[1], "unspec") == 0)
family = NFPROTO_UNSPEC;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp, unspec\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp, unspec\n");
exit(EXIT_FAILURE);
}
- nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family,
- NLM_F_DUMP|NLM_F_ACK, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family,
+ NLM_F_DUMP | NLM_F_ACK, seq);
/* Use this below if you want to obtain sets per table */
/* nftnl_set_set(t, NFT_SET_TABLE, argv[2]); */
nftnl_set_nlmsg_build_payload(nlh, t);
diff --git a/examples/nft-table-add.c b/examples/nft-table-add.c
index 4418a51..3d54e0e 100644
--- a/examples/nft-table-add.c
+++ b/examples/nft-table-add.c
@@ -29,12 +29,14 @@ static struct nftnl_table *table_add_parse(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
return NULL;
}
@@ -77,9 +79,9 @@ int main(int argc, char *argv[])
table_seq = seq;
family = nftnl_table_get_u32(t, NFTNL_TABLE_FAMILY);
- nlh = nftnl_table_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_NEWTABLE, family,
- NLM_F_CREATE|NLM_F_ACK, seq++);
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_NEWTABLE, family,
+ NLM_F_CREATE | NLM_F_ACK, seq++);
nftnl_table_nlmsg_build_payload(nlh, t);
nftnl_table_free(t);
mnl_nlmsg_batch_next(batch);
diff --git a/examples/nft-table-del.c b/examples/nft-table-del.c
index aa1827d..44f0b1f 100644
--- a/examples/nft-table-del.c
+++ b/examples/nft-table-del.c
@@ -29,12 +29,14 @@ static struct nftnl_table *table_del_parse(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
family = NFPROTO_ARP;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
return NULL;
}
@@ -77,9 +79,9 @@ int main(int argc, char *argv[])
table_seq = seq;
family = nftnl_table_get_u32(t, NFTNL_TABLE_FAMILY);
- nlh = nftnl_table_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_DELTABLE, family,
- NLM_F_ACK, seq++);
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_DELTABLE, family,
+ NLM_F_ACK, seq++);
nftnl_table_nlmsg_build_payload(nlh, t);
mnl_nlmsg_batch_next(batch);
nftnl_table_free(t);
diff --git a/examples/nft-table-get.c b/examples/nft-table-get.c
index c0c8454..58eca9c 100644
--- a/examples/nft-table-get.c
+++ b/examples/nft-table-get.c
@@ -65,6 +65,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -72,7 +74,7 @@ int main(int argc, char *argv[])
else if (strcmp(argv[1], "unspec") == 0)
family = NFPROTO_UNSPEC;
else {
- fprintf(stderr, "Unknown family: ip, ip6, bridge, arp, unspec\n");
+ fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp, unspec\n");
exit(EXIT_FAILURE);
}
@@ -86,11 +88,11 @@ int main(int argc, char *argv[])
seq = time(NULL);
if (t == NULL) {
- nlh = nftnl_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family,
- NLM_F_DUMP, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family,
+ NLM_F_DUMP, seq);
} else {
- nlh = nftnl_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family,
- NLM_F_ACK, seq);
+ nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, family,
+ NLM_F_ACK, seq);
nftnl_table_set_str(t, NFTNL_TABLE_NAME, argv[2]);
nftnl_table_nlmsg_build_payload(nlh, t);
nftnl_table_free(t);
diff --git a/examples/nft-table-upd.c b/examples/nft-table-upd.c
index 1c7f9b3..7346636 100644
--- a/examples/nft-table-upd.c
+++ b/examples/nft-table-upd.c
@@ -51,6 +51,8 @@ int main(int argc, char *argv[])
family = NFPROTO_IPV4;
else if (strcmp(argv[1], "ip6") == 0)
family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "inet") == 0)
+ family = NFPROTO_INET;
else if (strcmp(argv[1], "bridge") == 0)
family = NFPROTO_BRIDGE;
else if (strcmp(argv[1], "arp") == 0)
@@ -59,7 +61,7 @@ int main(int argc, char *argv[])
family = NFPROTO_NETDEV;
else {
fprintf(stderr,
- "Unknown family: ip, ip6, bridge, arp, netdev\n");
+ "Unknown family: ip, ip6, inet, bridge, arp, netdev\n");
exit(EXIT_FAILURE);
}
@@ -76,9 +78,8 @@ int main(int argc, char *argv[])
nftnl_table_set_u32(t, NFTNL_TABLE_FLAGS, flags);
table_seq = seq;
- nlh = nftnl_table_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
- NFT_MSG_NEWTABLE, family,
- NLM_F_ACK, seq++);
+ nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+ NFT_MSG_NEWTABLE, family, NLM_F_ACK, seq++);
nftnl_table_nlmsg_build_payload(nlh, t);
nftnl_table_free(t);
mnl_nlmsg_batch_next(batch);