From 682b656b5749507bc0db7dbf172b822dbf474d44 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 11 Nov 2012 22:53:57 +0100
Subject: examples: table: add example of dormant tables

Now we add a non-dormant table which is not active. We can add
chains and rules to it that would not have any effect. Once we
change the flag to wake it up, the rule-set becomes active.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 examples/nft-table-upd.c | 102 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 102 insertions(+)
 create mode 100644 examples/nft-table-upd.c

(limited to 'examples/nft-table-upd.c')

diff --git a/examples/nft-table-upd.c b/examples/nft-table-upd.c
new file mode 100644
index 0000000..6b938bf
--- /dev/null
+++ b/examples/nft-table-upd.c
@@ -0,0 +1,102 @@
+/*
+ * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software has been sponsored by Sophos Astaro <http://www.sophos.com>
+ */
+
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <netinet/in.h>
+
+#include <linux/netfilter/nf_tables.h>
+
+#include <libmnl/libmnl.h>
+#include <libnftables/table.h>
+
+int main(int argc, char *argv[])
+{
+	struct mnl_socket *nl;
+	char buf[MNL_SOCKET_BUFFER_SIZE];
+	struct nlmsghdr *nlh;
+	uint32_t portid, seq, family, flags;
+	struct nft_table *t = NULL;
+	int ret;
+
+	if (argc != 4) {
+		fprintf(stderr, "%s <family> <name> <state>\n", argv[0]);
+		exit(EXIT_FAILURE);
+	}
+
+	t = nft_table_alloc();
+	if (t == NULL) {
+		perror("OOM");
+		exit(EXIT_FAILURE);
+	}
+
+	seq = time(NULL);
+	if (strcmp(argv[1], "ip") == 0)
+		family = AF_INET;
+	else if (strcmp(argv[1], "ip6") == 0)
+		family = AF_INET6;
+	else if (strcmp(argv[1], "bridge") == 0)
+		family = AF_BRIDGE;
+	else {
+		fprintf(stderr, "Unknown family: ip, ip6, bridge\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if (strcmp(argv[3], "active") == 0)
+		flags = 0;
+	else if (strcmp(argv[3], "dormant") == 0)
+		flags = NFT_TABLE_F_DORMANT;
+	else {
+		fprintf(stderr, "Unknown state: active, dormant\n");
+		exit(EXIT_FAILURE);
+	}
+
+	nft_table_attr_set(t, NFT_TABLE_ATTR_NAME, argv[2]);
+	nft_table_attr_set_u32(t, NFT_TABLE_ATTR_FLAGS, flags);
+
+	nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_NEWTABLE, family,
+					NLM_F_ACK, seq);
+	nft_table_nlmsg_build_payload(nlh, t);
+	nft_table_free(t);
+
+	nl = mnl_socket_open(NETLINK_NETFILTER);
+	if (nl == NULL) {
+		perror("mnl_socket_open");
+		exit(EXIT_FAILURE);
+	}
+
+	if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
+		perror("mnl_socket_bind");
+		exit(EXIT_FAILURE);
+	}
+	portid = mnl_socket_get_portid(nl);
+
+	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
+		perror("mnl_socket_send");
+		exit(EXIT_FAILURE);
+	}
+
+	ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
+	while (ret > 0) {
+		ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
+		if (ret <= 0)
+			break;
+		ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
+	}
+	if (ret == -1) {
+		perror("error");
+		exit(EXIT_FAILURE);
+	}
+	mnl_socket_close(nl);
+
+	return EXIT_SUCCESS;
+}
-- 
cgit v1.2.3