summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--examples/nft-rule-get.c33
1 files changed, 27 insertions, 6 deletions
diff --git a/examples/nft-rule-get.c b/examples/nft-rule-get.c
index 2404f27..707e9ca 100644
--- a/examples/nft-rule-get.c
+++ b/examples/nft-rule-get.c
@@ -14,6 +14,7 @@
#include <string.h>
#include <netinet/in.h>
+#include <linux/netfilter.h>
#include <linux/netfilter/nf_tables.h>
#include <libmnl/libmnl.h>
@@ -52,12 +53,32 @@ int main(int argc, char *argv[])
struct nlmsghdr *nlh;
uint32_t portid, seq, type = NFT_RULE_O_DEFAULT;
struct nft_rule *t = NULL;
- int ret;
+ int ret, family;
- if (argc == 2 && strcmp(argv[1], "xml") == 0 ){
- type = NFT_RULE_O_XML;
- }else if (argc == 2 && strcmp(argv[1], "json") == 0 ){
- type = NFT_RULE_O_JSON;
+ if (argc < 2 || argc > 3) {
+ fprintf(stderr, "Usage: %s <family> [xml|json]\n",
+ argv[0]);
+ exit(EXIT_FAILURE);
+ }
+
+ if (strcmp(argv[1], "ip") == 0)
+ family = NFPROTO_IPV4;
+ else if (strcmp(argv[1], "ip6") == 0)
+ family = NFPROTO_IPV6;
+ else if (strcmp(argv[1], "bridge") == 0)
+ family = NFPROTO_BRIDGE;
+ else if (strcmp(argv[1], "arp") == 0)
+ family = NFPROTO_ARP;
+ else {
+ fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+ exit(EXIT_FAILURE);
+ }
+
+ if (argc == 3) {
+ if (strcmp(argv[2], "xml") == 0)
+ type = NFT_RULE_O_XML;
+ else if (strcmp(argv[2], "json") == 0)
+ type = NFT_RULE_O_JSON;
}
/* XXX requires table, chain and handle attributes for selective get */
@@ -69,7 +90,7 @@ int main(int argc, char *argv[])
}
seq = time(NULL);
- nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, AF_INET,
+ nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family,
NLM_F_DUMP, seq);
nl = mnl_socket_open(NETLINK_NETFILTER);