From 0b3161731262d3a8c6110c17fd818af325dbf491 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 10 Dec 2013 17:21:47 +0100
Subject: examples: nft-rule-add: use existing batch infrastructure

This patch reworks the existing example to add the rule:

  nft add rule ip filter input tcp dport 22 counter

It uses the existing nfnl batching approach using the generic mnl
netlink message batching infrastructure. It also removed the code
that uses xtables compat code.

Based on original patch by Arturo Borrero Gonzalez.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 examples/nft-rule-add.c | 257 +++++++++++++++++++++++++++---------------------
 1 file changed, 147 insertions(+), 110 deletions(-)

(limited to 'examples')

diff --git a/examples/nft-rule-add.c b/examples/nft-rule-add.c
index f896bc0..0534fa5 100644
--- a/examples/nft-rule-add.c
+++ b/examples/nft-rule-add.c
@@ -14,126 +14,178 @@
 #include <string.h>
 #include <stddef.h>	/* for offsetof */
 #include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
 #include <arpa/inet.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <errno.h>
 
 #include <linux/netfilter.h>
+#include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
 #include <libnftables/rule.h>
 #include <libnftables/expr.h>
 
-#include <linux/netfilter_ipv4/ipt_LOG.h>
-#include <linux/netfilter/xt_iprange.h>
-
-#include <netinet/ip.h>
-
-static void add_target_log(struct nft_rule_expr *e)
+static void add_payload(struct nft_rule *r, uint32_t base, uint32_t dreg,
+			uint32_t offset, uint32_t len)
 {
-	struct ipt_log_info *info;
+	struct nft_rule_expr *e;
 
-	nft_rule_expr_set(e, NFT_EXPR_TG_NAME, "LOG", strlen("LOG"));
-	nft_rule_expr_set_u32(e, NFT_EXPR_TG_REV, 0);
-
-	info = calloc(1, sizeof(struct ipt_log_info));
-	if (info == NULL)
-		return;
+	e = nft_rule_expr_alloc("payload");
+	if (e == NULL) {
+		perror("expr payload oom");
+		exit(EXIT_FAILURE);
+	}
 
-	sprintf(info->prefix, "test: ");
-	info->prefix[sizeof(info->prefix)-1] = '\0';
-	info->logflags = 0x0f;
-	info->level = 5;
+	nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_BASE, base);
+	nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_DREG, dreg);
+	nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_OFFSET, offset);
+	nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_LEN, len);
 
-	nft_rule_expr_set(e, NFT_EXPR_TG_INFO, info, sizeof(*info));
+	nft_rule_add_expr(r, e);
 }
 
-static void add_expr_target(struct nft_rule *r)
+static void add_cmp(struct nft_rule *r, uint32_t sreg, uint32_t op,
+		    const void *data, uint32_t data_len)
 {
-	struct nft_rule_expr *expr;
+	struct nft_rule_expr *e;
 
-	expr = nft_rule_expr_alloc("target");
-	if (expr == NULL)
-		return;
+	e = nft_rule_expr_alloc("cmp");
+	if (e == NULL) {
+		perror("expr cmp oom");
+		exit(EXIT_FAILURE);
+	}
 
-	add_target_log(expr);
+	nft_rule_expr_set_u32(e, NFT_EXPR_CMP_SREG, sreg);
+	nft_rule_expr_set_u32(e, NFT_EXPR_CMP_OP, op);
+	nft_rule_expr_set(e, NFT_EXPR_CMP_DATA, data, data_len);
 
-	nft_rule_add_expr(r, expr);
+	nft_rule_add_expr(r, e);
 }
 
-static void add_match_iprange(struct nft_rule_expr *e)
+static void add_counter(struct nft_rule *r)
 {
-	struct xt_iprange_mtinfo *info;
-
-	nft_rule_expr_set(e, NFT_EXPR_MT_NAME, "iprange", strlen("iprange"));
-	nft_rule_expr_set_u32(e, NFT_EXPR_MT_REV, 1);
+	struct nft_rule_expr *e;
 
-	info = calloc(1, sizeof(struct xt_iprange_mtinfo));
-	if (info == NULL)
-		return;
-
-	info->src_min.ip = info->dst_min.ip = inet_addr("127.0.0.1");
-	info->src_max.ip = info->dst_max.ip = inet_addr("127.0.0.1");
-	info->flags = IPRANGE_SRC;
+	e = nft_rule_expr_alloc("counter");
+	if (e == NULL) {
+		perror("expr counter oom");
+		exit(EXIT_FAILURE);
+	}
 
-	nft_rule_expr_set(e, NFT_EXPR_MT_INFO, info, sizeof(*info));
+	nft_rule_add_expr(r, e);
 }
 
-static void add_expr_match(struct nft_rule *r)
+static struct nft_rule *setup_rule(uint8_t family, const char *table,
+				   const char *chain)
 {
-	struct nft_rule_expr *expr;
+	struct nft_rule *r = NULL;
+	uint8_t proto;
+	uint16_t dport;
 
-	expr = nft_rule_expr_alloc("match");
-	if (expr == NULL)
-		return;
+	r = nft_rule_alloc();
+	if (r == NULL) {
+		perror("OOM");
+		exit(EXIT_FAILURE);
+	}
 
-	add_match_iprange(expr);
+	nft_rule_attr_set(r, NFT_RULE_ATTR_TABLE, table);
+	nft_rule_attr_set(r, NFT_RULE_ATTR_CHAIN, chain);
+	nft_rule_attr_set_u32(r, NFT_RULE_ATTR_FAMILY, family);
 
-	nft_rule_add_expr(r, expr);
-}
+	proto = IPPROTO_TCP;
+	add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,
+		    offsetof(struct iphdr, protocol), sizeof(uint8_t));
+	add_cmp(r, NFT_REG_1, NFT_CMP_EQ, &proto, sizeof(uint8_t));
 
-#define field_sizeof(t, f)	(sizeof(((t *)NULL)->f))
+	dport = htons(22);
+	add_payload(r, NFT_PAYLOAD_TRANSPORT_HEADER, NFT_REG_1,
+		    offsetof(struct tcphdr, dest), sizeof(uint16_t));
+	add_cmp(r, NFT_REG_1, NFT_CMP_EQ, &dport, sizeof(uint16_t));
 
-static void add_payload2(struct nft_rule_expr *e)
-{
-	nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_BASE,
-			      NFT_PAYLOAD_NETWORK_HEADER);
-	nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_DREG, NFT_REG_1);
-	nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_OFFSET,
-			      offsetof(struct iphdr, protocol));
-	nft_rule_expr_set_u32(e, NFT_EXPR_PAYLOAD_LEN, 1);
+	add_counter(r);
+
+	return r;
 }
 
-static void add_payload(struct nft_rule *r)
+static int seq;
+
+static void nft_mnl_batch_put(struct mnl_nlmsg_batch *batch, int type)
 {
-	struct nft_rule_expr *expr;
+	struct nlmsghdr *nlh;
+	struct nfgenmsg *nfg;
 
-	expr = nft_rule_expr_alloc("payload");
-	if (expr == NULL)
-		return;
+	nlh = mnl_nlmsg_put_header(mnl_nlmsg_batch_current(batch));
+	nlh->nlmsg_type = type;
+	nlh->nlmsg_flags = NLM_F_REQUEST;
+	nlh->nlmsg_seq = seq++;
 
-	add_payload2(expr);
+	nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
+	nfg->nfgen_family = AF_INET;
+	nfg->version = NFNETLINK_V0;
+	nfg->res_id = NFNL_SUBSYS_NFTABLES;
 
-	nft_rule_add_expr(r, expr);
+	mnl_nlmsg_batch_next(batch);
+}
+
+static int nft_mnl_batch_talk(struct mnl_socket *nl, struct mnl_nlmsg_batch *b)
+{
+	int ret, fd = mnl_socket_get_fd(nl);
+	char rcv_buf[MNL_SOCKET_BUFFER_SIZE];
+	fd_set readfds;
+	struct timeval tv = {
+		.tv_sec		= 0,
+		.tv_usec	= 0
+	};
+
+	ret = mnl_socket_sendto(nl, mnl_nlmsg_batch_head(b),
+				mnl_nlmsg_batch_size(b));
+	if (ret == -1)
+		goto err;
+
+	FD_ZERO(&readfds);
+	FD_SET(fd, &readfds);
+
+	/* receive and digest all the acknowledgments from the kernel. */
+	ret = select(fd+1, &readfds, NULL, NULL, &tv);
+	if (ret == -1)
+		goto err;
+
+	while (ret > 0 && FD_ISSET(fd, &readfds)) {
+		ret = mnl_socket_recvfrom(nl, rcv_buf, sizeof(rcv_buf));
+		if (ret == -1)
+			goto err;
+
+		ret = mnl_cb_run(rcv_buf, ret, 0, mnl_socket_get_portid(nl),
+				 NULL, NULL);
+		if (ret < 0)
+			goto err;
+
+		ret = select(fd+1, &readfds, NULL, NULL, &tv);
+		if (ret == -1)
+			goto err;
+
+		FD_ZERO(&readfds);
+		FD_SET(fd, &readfds);
+	}
+err:
+	return ret;
 }
 
 int main(int argc, char *argv[])
 {
 	struct mnl_socket *nl;
-	char buf[MNL_SOCKET_BUFFER_SIZE];
+	struct nft_rule *r;
 	struct nlmsghdr *nlh;
-	uint32_t portid, seq;
-	struct nft_rule *r = NULL;
-	int ret, family;
+	struct mnl_nlmsg_batch *batch;
+	uint8_t family;
+	char buf[4096];
 
 	if (argc != 4) {
-		fprintf(stderr, "Usage: %s <family> <table> <chain>\n",
-			argv[0]);
-		exit(EXIT_FAILURE);
-	}
-
-	r = nft_rule_alloc();
-	if (r == NULL) {
-		perror("OOM");
+		fprintf(stderr, "Usage: %s <family> <table> <chain>\n", argv[0]);
 		exit(EXIT_FAILURE);
 	}
 
@@ -141,32 +193,12 @@ int main(int argc, char *argv[])
 		family = NFPROTO_IPV4;
 	else if (strcmp(argv[1], "ip6") == 0)
 		family = NFPROTO_IPV6;
-	else if (strcmp(argv[1], "bridge") == 0)
-		family = NFPROTO_BRIDGE;
-	else if (strcmp(argv[1], "arp") == 0)
-		family = NFPROTO_ARP;
 	else {
-		fprintf(stderr, "Unknown family: ip, ip6, bridge, arp\n");
+		fprintf(stderr, "Unknown family: ip, ip6\n");
 		exit(EXIT_FAILURE);
 	}
 
-	nft_rule_attr_set(r, NFT_RULE_ATTR_TABLE, argv[2]);
-	nft_rule_attr_set(r, NFT_RULE_ATTR_CHAIN, argv[3]);
-
-	add_expr_match(r);
-	add_payload(r);
-	add_expr_target(r);
-
-	char tmp[1024];
-	nft_rule_snprintf(tmp, sizeof(tmp), r, 0, 0);
-	printf("%s\n", tmp);
-
-	seq = time(NULL);
-	nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, family,
-					NLM_F_APPEND|NLM_F_ACK|NLM_F_CREATE,
-					seq);
-	nft_rule_nlmsg_build_payload(nlh, r);
-	nft_rule_free(r);
+	r = setup_rule(family, argv[2], argv[3]);
 
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL) {
@@ -178,24 +210,29 @@ int main(int argc, char *argv[])
 		perror("mnl_socket_bind");
 		exit(EXIT_FAILURE);
 	}
-	portid = mnl_socket_get_portid(nl);
 
-	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
-		perror("mnl_socket_send");
-		exit(EXIT_FAILURE);
-	}
+	batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
 
-	ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
-	while (ret > 0) {
-		ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
-		if (ret <= 0)
-			break;
-		ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
-	}
-	if (ret == -1) {
-		perror("error");
+	nft_mnl_batch_put(batch, NFNL_MSG_BATCH_BEGIN);
+
+	nlh = nft_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+			NFT_MSG_NEWRULE,
+			nft_rule_attr_get_u32(r, NFT_RULE_ATTR_FAMILY),
+			NLM_F_APPEND|NLM_F_CREATE, seq);
+
+	nft_rule_nlmsg_build_payload(nlh, r);
+	nft_rule_free(r);
+	mnl_nlmsg_batch_next(batch);
+
+	nft_mnl_batch_put(batch, NFNL_MSG_BATCH_END);
+
+	if (nft_mnl_batch_talk(nl, batch) < 0) {
+		perror("Netlink problem");
 		exit(EXIT_FAILURE);
 	}
+
+	mnl_nlmsg_batch_stop(batch);
+
 	mnl_socket_close(nl);
 
 	return EXIT_SUCCESS;
-- 
cgit v1.2.3


From e87d2f9ef8a4a298de5514b30ec2d43d3c90a644 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lvaro=20Neira=20Ayuso?= <alvaroneay@gmail.com>
Date: Mon, 6 Jan 2014 00:51:14 +0100
Subject: src: new error reporting approach for XML/JSON parsers

I have added a new structure for reporting some errors in parser
that we can't cover with errno.

In this patch, we have three errors that we can't cover with errno:

NFT_PARSE_EBADINPUT : Bad XML/JSON format in the input
NFT_PARSE_EMISSINGNODE : Missing node in our input
NFT_PARSE_EBADTYPE : Wrong type value in a node

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 examples/nft-chain-json-add.c | 12 ++++++++++--
 examples/nft-chain-xml-add.c  | 12 ++++++++++--
 examples/nft-rule-json-add.c  | 12 ++++++++++--
 examples/nft-rule-xml-add.c   | 12 ++++++++++--
 examples/nft-set-json-add.c   | 12 ++++++++++--
 examples/nft-table-json-add.c | 12 ++++++++++--
 examples/nft-table-xml-add.c  | 13 +++++++++++--
 7 files changed, 71 insertions(+), 14 deletions(-)

(limited to 'examples')

diff --git a/examples/nft-chain-json-add.c b/examples/nft-chain-json-add.c
index 50cb29f..1802fb0 100644
--- a/examples/nft-chain-json-add.c
+++ b/examples/nft-chain-json-add.c
@@ -39,6 +39,7 @@ int main(int argc, char *argv[])
 	uint16_t family;
 	char json[4096];
 	char reprint[4096];
+	struct nft_parse_err *err;
 
 	if (argc < 2) {
 		printf("Usage: %s <json-file>\n", argv[0]);
@@ -63,10 +64,16 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
+	err = nft_parse_err_alloc();
+	if (err == NULL) {
+		perror("error");
+		exit(EXIT_FAILURE);
+	}
+
 	close(fd);
 
-	if (nft_chain_parse(c, NFT_PARSE_JSON, json) < 0) {
-		printf("E: Unable to parse JSON file: %s\n", strerror(errno));
+	if (nft_chain_parse(c, NFT_PARSE_JSON, json, err) < 0) {
+		nft_parse_perror("Unable to parse JSON file", err);
 		exit(EXIT_FAILURE);
 	}
 
@@ -82,6 +89,7 @@ int main(int argc, char *argv[])
 	nft_chain_nlmsg_build_payload(nlh, c);
 
 	nft_chain_free(c);
+	nft_parse_err_free(err);
 
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL) {
diff --git a/examples/nft-chain-xml-add.c b/examples/nft-chain-xml-add.c
index 03a2950..79b1541 100644
--- a/examples/nft-chain-xml-add.c
+++ b/examples/nft-chain-xml-add.c
@@ -37,6 +37,7 @@ int main(int argc, char *argv[])
 	uint16_t family;
 	char xml[4096];
 	char reprint[4096];
+	struct nft_parse_err *err;
 
 	if (argc < 2) {
 		printf("Usage: %s <xml-file>\n", argv[0]);
@@ -49,6 +50,12 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
+	err = nft_parse_err_alloc();
+	if (err == NULL) {
+		perror("error");
+		exit(EXIT_FAILURE);
+	}
+
         fd = open(argv[1], O_RDONLY);
         if (fd < 0) {
                 perror("open");
@@ -63,8 +70,8 @@ int main(int argc, char *argv[])
 
 	close(fd);
 
-	if (nft_chain_parse(c, NFT_PARSE_XML, xml) < 0) {
-		printf("E: Unable to parse XML file: %s\n", strerror(errno));
+	if (nft_chain_parse(c, NFT_PARSE_XML, xml, err) < 0) {
+		nft_parse_perror("Unable to parse XML file", err);
 		exit(EXIT_FAILURE);
 	}
 
@@ -80,6 +87,7 @@ int main(int argc, char *argv[])
 	nft_chain_nlmsg_build_payload(nlh, c);
 
 	nft_chain_free(c);
+	nft_parse_err_free(err);
 
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL) {
diff --git a/examples/nft-rule-json-add.c b/examples/nft-rule-json-add.c
index 8659081..de1fb54 100644
--- a/examples/nft-rule-json-add.c
+++ b/examples/nft-rule-json-add.c
@@ -38,6 +38,7 @@ int main(int argc, char *argv[])
 	uint8_t family;
 	char json[4096];
 	char reprint[4096];
+	struct nft_parse_err *err;
 
 	if (argc < 2) {
 		printf("Usage: %s <json-file>\n", argv[0]);
@@ -63,8 +64,14 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	if (nft_rule_parse(r, NFT_PARSE_JSON, json) < 0) {
-		printf("E: Unable to parse JSON file: %s\n", strerror(errno));
+	err = nft_parse_err_alloc();
+	if (err == NULL) {
+		perror("error");
+		exit(EXIT_FAILURE);
+	}
+
+	if (nft_rule_parse(r, NFT_PARSE_JSON, json, err) < 0) {
+		nft_parse_perror("Unable to parse JSON file", err);
 		exit(EXIT_FAILURE);
 	}
 
@@ -80,6 +87,7 @@ int main(int argc, char *argv[])
 				       seq);
 	nft_rule_nlmsg_build_payload(nlh, r);
 	nft_rule_free(r);
+	nft_parse_err_free(err);
 
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL) {
diff --git a/examples/nft-rule-xml-add.c b/examples/nft-rule-xml-add.c
index ce33fe7..8a7685d 100644
--- a/examples/nft-rule-xml-add.c
+++ b/examples/nft-rule-xml-add.c
@@ -38,6 +38,7 @@ int main(int argc, char *argv[])
 	uint8_t family;
 	char xml[4096];
 	char reprint[4096];
+	struct nft_parse_err *err;
 
 	if (argc < 2) {
 		printf("Usage: %s <xml-file>\n", argv[0]);
@@ -63,8 +64,14 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	if (nft_rule_parse(r, NFT_PARSE_XML, xml) < 0) {
-		printf("E: Unable to parse XML file: %s\n", strerror(errno));
+	err = nft_parse_err_alloc();
+	if (err == NULL) {
+		perror("error");
+		exit(EXIT_FAILURE);
+	}
+
+	if (nft_rule_parse(r, NFT_PARSE_XML, xml, err) < 0) {
+		nft_parse_perror("Unable to parse XML file", err);
 		exit(EXIT_FAILURE);
 	}
 
@@ -80,6 +87,7 @@ int main(int argc, char *argv[])
 				       seq);
 	nft_rule_nlmsg_build_payload(nlh, r);
 	nft_rule_free(r);
+	nft_parse_err_free(err);
 
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL) {
diff --git a/examples/nft-set-json-add.c b/examples/nft-set-json-add.c
index 9a4aa48..9553ebf 100644
--- a/examples/nft-set-json-add.c
+++ b/examples/nft-set-json-add.c
@@ -38,6 +38,7 @@ int main(int argc, char *argv[])
 	uint16_t family;
 	char json[4096];
 	char reprint[4096];
+	struct nft_parse_err *err;
 
 	if (argc < 2) {
 		printf("Usage: %s <json-file>\n", argv[0]);
@@ -62,10 +63,16 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
+	err = nft_parse_err_alloc();
+	if (err == NULL) {
+		perror("error");
+		exit(EXIT_FAILURE);
+	}
+
 	close(fd);
 
-	if (nft_set_parse(s, NFT_PARSE_JSON, json) < 0) {
-		printf("E: Unable to parse JSON file: %s\n", strerror(errno));
+	if (nft_set_parse(s, NFT_PARSE_JSON, json, err) < 0) {
+		nft_parse_perror("Unable to parse JSON file", err);
 		exit(EXIT_FAILURE);
 	}
 
@@ -80,6 +87,7 @@ int main(int argc, char *argv[])
 					NLM_F_CREATE|NLM_F_ACK, seq);
 	nft_set_nlmsg_build_payload(nlh, s);
 	nft_set_free(s);
+	nft_parse_err_free(err);
 
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL) {
diff --git a/examples/nft-table-json-add.c b/examples/nft-table-json-add.c
index 6b16c7f..f3a57c0 100644
--- a/examples/nft-table-json-add.c
+++ b/examples/nft-table-json-add.c
@@ -39,6 +39,7 @@ int main(int argc, char *argv[])
 	uint16_t family;
 	char json[4096];
 	char reprint[4096];
+	struct nft_parse_err *err;
 
 	if (argc < 2) {
 		printf("Usage: %s <json-file>\n", argv[0]);
@@ -64,8 +65,14 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	if (nft_table_parse(t, NFT_PARSE_JSON, json) < 0) {
-		printf("E: Unable to parse JSON file: %s\n", strerror(errno));
+	err = nft_parse_err_alloc();
+	if (err == NULL) {
+		perror("error");
+		exit(EXIT_FAILURE);
+	}
+
+	if (nft_table_parse(t, NFT_PARSE_JSON, json, err) < 0) {
+		nft_parse_perror("Unable to parse JSON file", err);
 		exit(EXIT_FAILURE);
 	}
 
@@ -80,6 +87,7 @@ int main(int argc, char *argv[])
 					NLM_F_CREATE|NLM_F_ACK, seq);
 	nft_table_nlmsg_build_payload(nlh, t);
 	nft_table_free(t);
+	nft_parse_err_free(err);
 
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL) {
diff --git a/examples/nft-table-xml-add.c b/examples/nft-table-xml-add.c
index 6a9163b..edef1d4 100644
--- a/examples/nft-table-xml-add.c
+++ b/examples/nft-table-xml-add.c
@@ -23,6 +23,7 @@
 
 #include <libmnl/libmnl.h>
 #include <libnftables/table.h>
+#include <libnftables/common.h>
 
 int main(int argc, char *argv[])
 {
@@ -35,6 +36,7 @@ int main(int argc, char *argv[])
 	uint16_t family;
 	char xml[4096];
 	char reprint[4096];
+	struct nft_parse_err *err;
 
 	if (argc < 2) {
 		printf("Usage: %s <xml-file>\n", argv[0]);
@@ -60,8 +62,14 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	if (nft_table_parse(t, NFT_PARSE_XML, xml) < 0) {
-		printf("E: Unable to parse XML file: %s\n", strerror(errno));
+	err = nft_parse_err_alloc();
+	if (err == NULL) {
+		perror("error");
+		exit(EXIT_FAILURE);
+	}
+
+	if (nft_table_parse(t, NFT_PARSE_XML, xml, err) < 0) {
+		nft_parse_perror("Unable to parse XML file", err);
 		exit(EXIT_FAILURE);
 	}
 
@@ -76,6 +84,7 @@ int main(int argc, char *argv[])
 					NLM_F_CREATE|NLM_F_ACK, seq);
 	nft_table_nlmsg_build_payload(nlh, t);
 	nft_table_free(t);
+	nft_parse_err_free(err);
 
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL) {
-- 
cgit v1.2.3


From 59e949294f4688bafe44b7def2972987224520c8 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 20 Jan 2014 10:26:57 +0100
Subject: rename library to libnftnl

We plan to use this library name for the higher layer library.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 examples/Makefile.am          | 52 +++++++++++++++++++++----------------------
 examples/nft-chain-add.c      |  2 +-
 examples/nft-chain-del.c      |  2 +-
 examples/nft-chain-get.c      |  2 +-
 examples/nft-chain-json-add.c |  4 ++--
 examples/nft-chain-xml-add.c  |  4 ++--
 examples/nft-events.c         |  6 ++---
 examples/nft-rule-add.c       |  4 ++--
 examples/nft-rule-del.c       |  2 +-
 examples/nft-rule-get.c       |  2 +-
 examples/nft-rule-insert.c    |  4 ++--
 examples/nft-rule-json-add.c  |  2 +-
 examples/nft-rule-xml-add.c   |  2 +-
 examples/nft-set-add.c        |  4 ++--
 examples/nft-set-del.c        |  2 +-
 examples/nft-set-elem-add.c   |  2 +-
 examples/nft-set-elem-del.c   |  2 +-
 examples/nft-set-elem-get.c   |  2 +-
 examples/nft-set-get.c        |  2 +-
 examples/nft-set-json-add.c   |  2 +-
 examples/nft-table-add.c      |  2 +-
 examples/nft-table-del.c      |  2 +-
 examples/nft-table-get.c      |  2 +-
 examples/nft-table-json-add.c |  2 +-
 examples/nft-table-upd.c      |  2 +-
 examples/nft-table-xml-add.c  |  4 ++--
 26 files changed, 59 insertions(+), 59 deletions(-)

(limited to 'examples')

diff --git a/examples/Makefile.am b/examples/Makefile.am
index 9965387..13b7e79 100644
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -28,79 +28,79 @@ check_PROGRAMS = nft-table-add		\
 		 nft-compat-get
 
 nft_table_add_SOURCES = nft-table-add.c
-nft_table_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_table_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_table_xml_add_SOURCES = nft-table-xml-add.c
-nft_table_xml_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_table_xml_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_table_json_add_SOURCES = nft-table-json-add.c
-nft_table_json_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_table_json_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_table_upd_SOURCES = nft-table-upd.c
-nft_table_upd_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_table_upd_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_table_del_SOURCES = nft-table-del.c
-nft_table_del_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_table_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_table_get_SOURCES = nft-table-get.c
-nft_table_get_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_table_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_chain_add_SOURCES = nft-chain-add.c
-nft_chain_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_chain_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_chain_xml_add_SOURCES = nft-chain-xml-add.c
-nft_chain_xml_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_chain_xml_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_chain_json_add_SOURCES = nft-chain-json-add.c
-nft_chain_json_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} ${LIBXML_LIBS} ${LIBJSON_LIBS}
+nft_chain_json_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} ${LIBXML_LIBS} ${LIBJSON_LIBS}
 
 nft_chain_del_SOURCES = nft-chain-del.c
-nft_chain_del_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_chain_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_chain_get_SOURCES = nft-chain-get.c
-nft_chain_get_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_chain_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_rule_add_SOURCES = nft-rule-add.c
-nft_rule_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_rule_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_rule_insert_SOURCES = nft-rule-insert.c
-nft_rule_insert_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} ${LIBXML_LIBS}
+nft_rule_insert_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} ${LIBXML_LIBS}
 
 nft_rule_xml_add_SOURCES = nft-rule-xml-add.c
-nft_rule_xml_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_rule_xml_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_rule_json_add_SOURCES = nft-rule-json-add.c
-nft_rule_json_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_rule_json_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_rule_del_SOURCES = nft-rule-del.c
-nft_rule_del_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_rule_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_rule_get_SOURCES = nft-rule-get.c
-nft_rule_get_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_rule_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_events_SOURCES = nft-events.c
-nft_events_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_events_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_set_add_SOURCES = nft-set-add.c
-nft_set_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_set_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_set_json_add_SOURCES = nft-set-json-add.c
-nft_set_json_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_set_json_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_set_del_SOURCES = nft-set-del.c
-nft_set_del_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_set_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_set_get_SOURCES = nft-set-get.c
-nft_set_get_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_set_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_set_elem_add_SOURCES = nft-set-elem-add.c
-nft_set_elem_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_set_elem_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_set_elem_del_SOURCES = nft-set-elem-del.c
-nft_set_elem_del_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_set_elem_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_set_elem_get_SOURCES = nft-set-elem-get.c
-nft_set_elem_get_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_set_elem_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_compat_get_SOURCES = nft-compat-get.c
-nft_compat_get_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
+nft_compat_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
diff --git a/examples/nft-chain-add.c b/examples/nft-chain-add.c
index 22f9f3b..3edff86 100644
--- a/examples/nft-chain-add.c
+++ b/examples/nft-chain-add.c
@@ -18,7 +18,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/chain.h>
+#include <libnftnl/chain.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-chain-del.c b/examples/nft-chain-del.c
index 95a1a7f..c87ab92 100644
--- a/examples/nft-chain-del.c
+++ b/examples/nft-chain-del.c
@@ -18,7 +18,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/chain.h>
+#include <libnftnl/chain.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-chain-get.c b/examples/nft-chain-get.c
index 7e162f6..76fa5d9 100644
--- a/examples/nft-chain-get.c
+++ b/examples/nft-chain-get.c
@@ -18,7 +18,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/chain.h>
+#include <libnftnl/chain.h>
 
 static int table_cb(const struct nlmsghdr *nlh, void *data)
 {
diff --git a/examples/nft-chain-json-add.c b/examples/nft-chain-json-add.c
index 1802fb0..4fd0551 100644
--- a/examples/nft-chain-json-add.c
+++ b/examples/nft-chain-json-add.c
@@ -25,8 +25,8 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/chain.h>
-#include <libnftables/rule.h>
+#include <libnftnl/chain.h>
+#include <libnftnl/rule.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-chain-xml-add.c b/examples/nft-chain-xml-add.c
index 79b1541..5d26af6 100644
--- a/examples/nft-chain-xml-add.c
+++ b/examples/nft-chain-xml-add.c
@@ -23,8 +23,8 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/chain.h>
-#include <libnftables/rule.h>
+#include <libnftnl/chain.h>
+#include <libnftnl/rule.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-events.c b/examples/nft-events.c
index 29cb659..150346a 100644
--- a/examples/nft-events.c
+++ b/examples/nft-events.c
@@ -18,9 +18,9 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/table.h>
-#include <libnftables/chain.h>
-#include <libnftables/rule.h>
+#include <libnftnl/table.h>
+#include <libnftnl/chain.h>
+#include <libnftnl/rule.h>
 
 static int table_cb(const struct nlmsghdr *nlh, int type)
 {
diff --git a/examples/nft-rule-add.c b/examples/nft-rule-add.c
index 0534fa5..dbe93f5 100644
--- a/examples/nft-rule-add.c
+++ b/examples/nft-rule-add.c
@@ -26,8 +26,8 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/rule.h>
-#include <libnftables/expr.h>
+#include <libnftnl/rule.h>
+#include <libnftnl/expr.h>
 
 static void add_payload(struct nft_rule *r, uint32_t base, uint32_t dreg,
 			uint32_t offset, uint32_t len)
diff --git a/examples/nft-rule-del.c b/examples/nft-rule-del.c
index c2b1a70..6f665b0 100644
--- a/examples/nft-rule-del.c
+++ b/examples/nft-rule-del.c
@@ -19,7 +19,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/rule.h>
+#include <libnftnl/rule.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-rule-get.c b/examples/nft-rule-get.c
index f17630b..5803143 100644
--- a/examples/nft-rule-get.c
+++ b/examples/nft-rule-get.c
@@ -18,7 +18,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/rule.h>
+#include <libnftnl/rule.h>
 
 static int table_cb(const struct nlmsghdr *nlh, void *data)
 {
diff --git a/examples/nft-rule-insert.c b/examples/nft-rule-insert.c
index 1418127..1b377de 100644
--- a/examples/nft-rule-insert.c
+++ b/examples/nft-rule-insert.c
@@ -20,8 +20,8 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/rule.h>
-#include <libnftables/expr.h>
+#include <libnftnl/rule.h>
+#include <libnftnl/expr.h>
 
 #include <linux/netfilter_ipv4/ipt_LOG.h>
 #include <linux/netfilter/xt_iprange.h>
diff --git a/examples/nft-rule-json-add.c b/examples/nft-rule-json-add.c
index de1fb54..b33025b 100644
--- a/examples/nft-rule-json-add.c
+++ b/examples/nft-rule-json-add.c
@@ -25,7 +25,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/rule.h>
+#include <libnftnl/rule.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-rule-xml-add.c b/examples/nft-rule-xml-add.c
index 8a7685d..dd16922 100644
--- a/examples/nft-rule-xml-add.c
+++ b/examples/nft-rule-xml-add.c
@@ -25,7 +25,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/rule.h>
+#include <libnftnl/rule.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-set-add.c b/examples/nft-set-add.c
index 0d17c38..4e54c39 100644
--- a/examples/nft-set-add.c
+++ b/examples/nft-set-add.c
@@ -18,8 +18,8 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/table.h>
-#include <libnftables/set.h>
+#include <libnftnl/table.h>
+#include <libnftnl/set.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-set-del.c b/examples/nft-set-del.c
index 7828ae0..5abd3b1 100644
--- a/examples/nft-set-del.c
+++ b/examples/nft-set-del.c
@@ -18,7 +18,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/set.h>
+#include <libnftnl/set.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-set-elem-add.c b/examples/nft-set-elem-add.c
index e2e278d..ffc025c 100644
--- a/examples/nft-set-elem-add.c
+++ b/examples/nft-set-elem-add.c
@@ -18,7 +18,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/set.h>
+#include <libnftnl/set.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-set-elem-del.c b/examples/nft-set-elem-del.c
index 36f1016..af70cde 100644
--- a/examples/nft-set-elem-del.c
+++ b/examples/nft-set-elem-del.c
@@ -18,7 +18,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/set.h>
+#include <libnftnl/set.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-set-elem-get.c b/examples/nft-set-elem-get.c
index 0b46f36..6908c2a 100644
--- a/examples/nft-set-elem-get.c
+++ b/examples/nft-set-elem-get.c
@@ -18,7 +18,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/set.h>
+#include <libnftnl/set.h>
 
 static int set_cb(const struct nlmsghdr *nlh, void *data)
 {
diff --git a/examples/nft-set-get.c b/examples/nft-set-get.c
index 6762032..7a94506 100644
--- a/examples/nft-set-get.c
+++ b/examples/nft-set-get.c
@@ -18,7 +18,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/set.h>
+#include <libnftnl/set.h>
 
 static int set_cb(const struct nlmsghdr *nlh, void *data)
 {
diff --git a/examples/nft-set-json-add.c b/examples/nft-set-json-add.c
index 9553ebf..a4535da 100644
--- a/examples/nft-set-json-add.c
+++ b/examples/nft-set-json-add.c
@@ -25,7 +25,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/set.h>
+#include <libnftnl/set.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-table-add.c b/examples/nft-table-add.c
index e4d7db9..3b7572f 100644
--- a/examples/nft-table-add.c
+++ b/examples/nft-table-add.c
@@ -18,7 +18,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/table.h>
+#include <libnftnl/table.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-table-del.c b/examples/nft-table-del.c
index 11762fe..ed1140d 100644
--- a/examples/nft-table-del.c
+++ b/examples/nft-table-del.c
@@ -18,7 +18,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/table.h>
+#include <libnftnl/table.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-table-get.c b/examples/nft-table-get.c
index c5bc89d..6ac56d6 100644
--- a/examples/nft-table-get.c
+++ b/examples/nft-table-get.c
@@ -18,7 +18,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/table.h>
+#include <libnftnl/table.h>
 
 static int table_cb(const struct nlmsghdr *nlh, void *data)
 {
diff --git a/examples/nft-table-json-add.c b/examples/nft-table-json-add.c
index f3a57c0..a9bd217 100644
--- a/examples/nft-table-json-add.c
+++ b/examples/nft-table-json-add.c
@@ -26,7 +26,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/table.h>
+#include <libnftnl/table.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-table-upd.c b/examples/nft-table-upd.c
index 1cf41a4..9f0e809 100644
--- a/examples/nft-table-upd.c
+++ b/examples/nft-table-upd.c
@@ -18,7 +18,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/table.h>
+#include <libnftnl/table.h>
 
 int main(int argc, char *argv[])
 {
diff --git a/examples/nft-table-xml-add.c b/examples/nft-table-xml-add.c
index edef1d4..f36f0ab 100644
--- a/examples/nft-table-xml-add.c
+++ b/examples/nft-table-xml-add.c
@@ -22,8 +22,8 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
-#include <libnftables/table.h>
-#include <libnftables/common.h>
+#include <libnftnl/table.h>
+#include <libnftnl/common.h>
 
 int main(int argc, char *argv[])
 {
-- 
cgit v1.2.3