1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
/*
* (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published
* by the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This code has been sponsored by Sophos Astaro <http://www.sophos.com>
*/
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <stdbool.h>
#include <string.h>
#include <errno.h>
#include <libnftables/table.h>
#include <libnftables/chain.h>
#include "xtables-multi.h"
#include "xtables-config-parser.h"
#include "nft.h"
extern int xtables_config_parse(const char *filename,
struct nft_table_list *table_list,
struct nft_chain_list *chain_list);
#define XTABLES_CONFIG_DEFAULT "/etc/xtables.conf"
int xtables_config_main(int argc, char *argv[])
{
struct nft_table_list *table_list = nft_table_list_alloc();
struct nft_chain_list *chain_list = nft_chain_list_alloc();
struct nft_table_list_iter *titer;
struct nft_chain_list_iter *citer;
struct nft_table *table;
struct nft_chain *chain;
const char *filename = NULL;
struct nft_handle h;
if (argc > 2) {
fprintf(stderr, "Usage: %s [<config_file>]\n", argv[0]);
return EXIT_SUCCESS;
}
if (argc == 1)
filename = XTABLES_CONFIG_DEFAULT;
else
filename = argv[1];
if (xtables_config_parse(filename, table_list, chain_list) < 0) {
if (errno == ENOENT) {
fprintf(stderr, "configuration file `%s' does not "
"exists\n", filename);
} else {
fprintf(stderr, "Fatal error: %s\n", strerror(errno));
}
return EXIT_FAILURE;
}
nft_init(&h);
/* Stage 1) create tables */
titer = nft_table_list_iter_create(table_list);
while ((table = nft_table_list_iter_next(titer)) != NULL) {
if (nft_table_add(&h, table) < 0) {
if (errno == EEXIST) {
printf("table `%s' already exists, skipping\n",
(char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME));
} else {
printf("table `%s' cannot be create, reason `%s'. Exitting\n",
(char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME),
strerror(errno));
return EXIT_FAILURE;
}
continue;
}
printf("table `%s' has been created\n",
(char *)nft_table_attr_get(table, NFT_TABLE_ATTR_NAME));
}
/* Stage 2) create chains */
citer = nft_chain_list_iter_create(chain_list);
while ((chain = nft_chain_list_iter_next(citer)) != NULL) {
if (nft_chain_add(&h, chain) < 0) {
if (errno == EEXIST) {
printf("chain `%s' already exists in table `%s', skipping\n",
(char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
(char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_TABLE));
} else {
printf("chain `%s' cannot be create, reason `%s'. Exitting\n",
(char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
strerror(errno));
return EXIT_FAILURE;
}
continue;
}
printf("chain `%s' in table `%s' has been created\n",
(char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_NAME),
(char *)nft_chain_attr_get(chain, NFT_CHAIN_ATTR_TABLE));
}
return EXIT_SUCCESS;
}
|
