diff options
Diffstat (limited to 'src/rule.c')
| -rw-r--r-- | src/rule.c | 45 |
1 files changed, 36 insertions, 9 deletions
@@ -18,7 +18,10 @@ #include <statement.h> #include <rule.h> #include <utils.h> +#include <netlink.h> +#include <libnftnl/common.h> +#include <libnftnl/ruleset.h> #include <netinet/ip.h> #include <linux/netfilter.h> #include <linux/netfilter_arp.h> @@ -283,6 +286,8 @@ static const char *family2str(unsigned int family) return "ip"; case NFPROTO_IPV6: return "ip6"; + case NFPROTO_INET: + return "inet"; case NFPROTO_ARP: return "arp"; case NFPROTO_BRIDGE: @@ -299,6 +304,7 @@ static const char *hooknum2str(unsigned int family, unsigned int hooknum) case NFPROTO_IPV4: case NFPROTO_BRIDGE: case NFPROTO_IPV6: + case NFPROTO_INET: switch (hooknum) { case NF_INET_PRE_ROUTING: return "prerouting"; @@ -459,9 +465,10 @@ void cmd_free(struct cmd *cmd) #include <netlink.h> static int do_add_chain(struct netlink_ctx *ctx, const struct handle *h, - const struct location *loc, struct chain *chain) + const struct location *loc, struct chain *chain, + bool excl) { - if (netlink_add_chain(ctx, h, loc, chain) < 0) + if (netlink_add_chain(ctx, h, loc, chain, excl) < 0) return -1; if (chain != NULL) { if (netlink_add_rule_list(ctx, h, &chain->rules) < 0) @@ -493,12 +500,13 @@ static int do_add_set(struct netlink_ctx *ctx, const struct handle *h, } static int do_add_table(struct netlink_ctx *ctx, const struct handle *h, - const struct location *loc, struct table *table) + const struct location *loc, struct table *table, + bool excl) { struct chain *chain; struct set *set; - if (netlink_add_table(ctx, h, loc, table) < 0) + if (netlink_add_table(ctx, h, loc, table, excl) < 0) return -1; if (table != NULL) { list_for_each_entry(set, &table->sets, list) { @@ -508,22 +516,22 @@ static int do_add_table(struct netlink_ctx *ctx, const struct handle *h, } list_for_each_entry(chain, &table->chains, list) { if (do_add_chain(ctx, &chain->handle, &chain->location, - chain) < 0) + chain, excl) < 0) return -1; } } return 0; } -static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd) +static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl) { switch (cmd->obj) { case CMD_OBJ_TABLE: return do_add_table(ctx, &cmd->handle, &cmd->location, - cmd->table); + cmd->table, excl); case CMD_OBJ_CHAIN: return do_add_chain(ctx, &cmd->handle, &cmd->location, - cmd->chain); + cmd->chain, excl); case CMD_OBJ_RULE: return netlink_add_rule_batch(ctx, &cmd->handle, cmd->rule, NLM_F_APPEND); @@ -584,6 +592,21 @@ static int do_list_sets(struct netlink_ctx *ctx, const struct location *loc, return 0; } +static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd) +{ + struct nft_ruleset *rs = netlink_dump_ruleset(ctx, &cmd->handle, + &cmd->location); + + if (rs == NULL) + return -1; + + nft_ruleset_fprintf(stdout, rs, cmd->format, 0); + fprintf(stdout, "\n"); + + nft_ruleset_free(rs); + return 0; +} + static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd) { struct table *table = NULL; @@ -723,7 +746,9 @@ int do_command(struct netlink_ctx *ctx, struct cmd *cmd) { switch (cmd->op) { case CMD_ADD: - return do_command_add(ctx, cmd); + return do_command_add(ctx, cmd, false); + case CMD_CREATE: + return do_command_add(ctx, cmd, true); case CMD_INSERT: return do_command_insert(ctx, cmd); case CMD_DELETE: @@ -734,6 +759,8 @@ int do_command(struct netlink_ctx *ctx, struct cmd *cmd) return do_command_flush(ctx, cmd); case CMD_RENAME: return do_command_rename(ctx, cmd); + case CMD_EXPORT: + return do_command_export(ctx, cmd); default: BUG("invalid command object type %u\n", cmd->obj); } |