diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-11-27 23:35:25 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-01-03 14:21:53 +0100 |
| commit | 4756d92e517ae1f7d662c0ed083b54d8dc822e4a (patch) | |
| tree | 5130faa44f2f3e72b257f4d30fd1752749109049 /src/mnl.c | |
| parent | d156fd17ee7ff9a2822d7714e1c8dfe7b6b18f55 (diff) | |
src: listing of stateful objects
This patch allows you to dump existing stateful objects, eg.
# nft list ruleset
table ip filter {
counter test {
packets 64 bytes 1268
}
quota test {
over 1 mbytes used 1268 bytes
}
chain input {
type filter hook input priority 0; policy accept;
quota name test drop
counter name test
}
}
# nft list quotas
table ip filter {
quota test {
over 1 mbytes used 1268 bytes
}
}
# nft list counters
table ip filter {
counter test {
packets 64 bytes 1268
}
}
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/mnl.c')
| -rw-r--r-- | src/mnl.c | 59 |
1 files changed, 59 insertions, 0 deletions
@@ -16,6 +16,7 @@ #include <libnftnl/rule.h> #include <libnftnl/expr.h> #include <libnftnl/set.h> +#include <libnftnl/object.h> #include <libnftnl/batch.h> #include <linux/netfilter/nfnetlink.h> @@ -795,6 +796,64 @@ err: return NULL; } +static int obj_cb(const struct nlmsghdr *nlh, void *data) +{ + struct nftnl_obj_list *nln_list = data; + struct nftnl_obj *n; + + if (check_genid(nlh) < 0) + return MNL_CB_ERROR; + + n = nftnl_obj_alloc(); + if (n == NULL) + memory_allocation_error(); + + if (nftnl_obj_nlmsg_parse(nlh, n) < 0) + goto err_free; + + nftnl_obj_list_add_tail(n, nln_list); + return MNL_CB_OK; + +err_free: + nftnl_obj_free(n); + return MNL_CB_OK; +} + + +struct nftnl_obj_list * +mnl_nft_obj_dump(struct mnl_socket *nf_sock, int family, const char *table) +{ + struct nftnl_obj_list *nln_list; + char buf[MNL_SOCKET_BUFFER_SIZE]; + struct nftnl_obj *n; + struct nlmsghdr *nlh; + int ret; + + n = nftnl_obj_alloc(); + if (n == NULL) + memory_allocation_error(); + + nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETOBJ, family, + NLM_F_DUMP | NLM_F_ACK, seq); + if (table != NULL) + nftnl_obj_set(n, NFTNL_OBJ_TABLE, table); + nftnl_obj_nlmsg_build_payload(nlh, n); + nftnl_obj_free(n); + + nln_list = nftnl_obj_list_alloc(); + if (nln_list == NULL) + memory_allocation_error(); + + ret = nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, obj_cb, nln_list); + if (ret < 0) + goto err; + + return nln_list; +err: + nftnl_obj_list_free(nln_list); + return NULL; +} + static int set_get_cb(const struct nlmsghdr *nlh, void *data) { struct nftnl_set *s = data; |