summaryrefslogtreecommitdiffstats
path: root/src/netlink.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/netlink.c')
-rw-r--r--src/netlink.c27
1 files changed, 23 insertions, 4 deletions
diff --git a/src/netlink.c b/src/netlink.c
index 7f69995d..98e7fc6c 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -13,12 +13,15 @@
#include <fcntl.h>
#include <errno.h>
#include <libmnl/libmnl.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
#include <libnftnl/table.h>
#include <libnftnl/chain.h>
#include <libnftnl/expr.h>
#include <libnftnl/set.h>
#include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter.h>
#include <nftables.h>
#include <netlink.h>
@@ -451,7 +454,8 @@ void netlink_dump_chain(struct nft_chain *nlc)
}
int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h,
- const struct location *loc, const struct chain *chain)
+ const struct location *loc, const struct chain *chain,
+ bool excl)
{
struct nft_chain *nlc;
int err;
@@ -466,7 +470,7 @@ int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h,
chain->type);
}
netlink_dump_chain(nlc);
- err = mnl_nft_chain_add(nf_sock, nlc, NLM_F_EXCL);
+ err = mnl_nft_chain_add(nf_sock, nlc, excl ? NLM_F_EXCL : 0);
nft_chain_free(nlc);
if (err < 0)
@@ -625,13 +629,14 @@ int netlink_flush_chain(struct netlink_ctx *ctx, const struct handle *h,
}
int netlink_add_table(struct netlink_ctx *ctx, const struct handle *h,
- const struct location *loc, const struct table *table)
+ const struct location *loc, const struct table *table,
+ bool excl)
{
struct nft_table *nlt;
int err;
nlt = alloc_nft_table(h);
- err = mnl_nft_table_add(nf_sock, nlt, NLM_F_EXCL);
+ err = mnl_nft_table_add(nf_sock, nlt, excl ? NLM_F_EXCL : 0);
nft_table_free(nlt);
if (err < 0)
@@ -1048,3 +1053,17 @@ int netlink_batch_send(struct list_head *err_list)
{
return mnl_batch_talk(nf_sock, err_list);
}
+
+struct nft_ruleset *netlink_dump_ruleset(struct netlink_ctx *ctx,
+ const struct handle *h,
+ const struct location *loc)
+{
+ struct nft_ruleset *rs;
+
+ rs = mnl_nft_ruleset_dump(nf_sock, h->family);
+ if (rs == NULL)
+ netlink_io_error(ctx, loc, "Could not receive ruleset: %s",
+ strerror(errno));
+
+ return rs;
+}