From 80077787f8f21da1efd8dc27a4c5767ab47a1df6 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 9 Oct 2018 00:03:28 +0200 Subject: src: remove json support We have better json support in libnftables these days. Signed-off-by: Pablo Neira Ayuso --- examples/Makefile.am | 20 -- examples/nft-chain-get.c | 5 +- examples/nft-chain-parse-add.c | 160 ------------- examples/nft-ct-helper-get.c | 14 +- examples/nft-ct-timeout-get.c | 15 +- examples/nft-events.c | 12 +- examples/nft-flowtable-get.c | 5 +- examples/nft-obj-get.c | 15 +- examples/nft-rule-get.c | 8 +- examples/nft-rule-parse-add.c | 159 ------------- examples/nft-ruleset-get.c | 12 +- examples/nft-ruleset-parse-file.c | 467 -------------------------------------- examples/nft-set-elem-get.c | 6 +- examples/nft-set-get.c | 5 +- examples/nft-set-parse-add.c | 162 ------------- examples/nft-table-get.c | 11 +- examples/nft-table-parse-add.c | 157 ------------- 17 files changed, 11 insertions(+), 1222 deletions(-) delete mode 100644 examples/nft-chain-parse-add.c delete mode 100644 examples/nft-rule-parse-add.c delete mode 100644 examples/nft-ruleset-parse-file.c delete mode 100644 examples/nft-set-parse-add.c delete mode 100644 examples/nft-table-parse-add.c (limited to 'examples') diff --git a/examples/Makefile.am b/examples/Makefile.am index 67f0156..d044b90 100644 --- a/examples/Makefile.am +++ b/examples/Makefile.am @@ -1,21 +1,17 @@ include $(top_srcdir)/Make_global.am check_PROGRAMS = nft-table-add \ - nft-table-parse-add \ nft-table-upd \ nft-table-del \ nft-table-get \ nft-chain-add \ - nft-chain-parse-add \ nft-chain-del \ nft-chain-get \ nft-rule-add \ - nft-rule-parse-add \ nft-rule-del \ nft-rule-get \ nft-events \ nft-set-add \ - nft-set-parse-add \ nft-set-get \ nft-set-del \ nft-map-add \ @@ -32,7 +28,6 @@ check_PROGRAMS = nft-table-add \ nft-flowtable-del \ nft-flowtable-get \ nft-ruleset-get \ - nft-ruleset-parse-file \ nft-compat-get \ nft-ct-helper-add \ nft-ct-helper-get \ @@ -43,9 +38,6 @@ check_PROGRAMS = nft-table-add \ nft_table_add_SOURCES = nft-table-add.c nft_table_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} -nft_table_parse_add_SOURCES = nft-table-parse-add.c -nft_table_parse_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} - nft_table_upd_SOURCES = nft-table-upd.c nft_table_upd_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} @@ -58,9 +50,6 @@ nft_table_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_chain_add_SOURCES = nft-chain-add.c nft_chain_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} -nft_chain_parse_add_SOURCES = nft-chain-parse-add.c -nft_chain_parse_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} - nft_chain_del_SOURCES = nft-chain-del.c nft_chain_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} @@ -70,9 +59,6 @@ nft_chain_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_rule_add_SOURCES = nft-rule-add.c nft_rule_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} -nft_rule_parse_add_SOURCES = nft-rule-parse-add.c -nft_rule_parse_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} - nft_rule_del_SOURCES = nft-rule-del.c nft_rule_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} @@ -85,9 +71,6 @@ nft_events_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_set_add_SOURCES = nft-set-add.c nft_set_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} -nft_set_parse_add_SOURCES = nft-set-parse-add.c -nft_set_parse_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} - nft_set_del_SOURCES = nft-set-del.c nft_set_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} @@ -136,9 +119,6 @@ nft_flowtable_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} nft_ruleset_get_SOURCES = nft-ruleset-get.c nft_ruleset_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} -nft_ruleset_parse_file_SOURCES = nft-ruleset-parse-file.c -nft_ruleset_parse_file_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} - nft_compat_get_SOURCES = nft-compat-get.c nft_compat_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} diff --git a/examples/nft-chain-get.c b/examples/nft-chain-get.c index 6fda2d8..fcccbf7 100644 --- a/examples/nft-chain-get.c +++ b/examples/nft-chain-get.c @@ -58,7 +58,7 @@ int main(int argc, char *argv[]) seq = time(NULL); if (argc < 2 || argc > 5) { - fprintf(stderr, "Usage: %s [] [json]\n", + fprintf(stderr, "Usage: %s [
]\n", argv[0]); exit(EXIT_FAILURE); } @@ -95,9 +95,6 @@ int main(int argc, char *argv[]) NLM_F_DUMP, seq); } - if (strcmp(argv[argc-1], "json") == 0) - type = NFTNL_OUTPUT_JSON; - nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { perror("mnl_socket_open"); diff --git a/examples/nft-chain-parse-add.c b/examples/nft-chain-parse-add.c deleted file mode 100644 index 9198615..0000000 --- a/examples/nft-chain-parse-add.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - * (C) 2013 by Pablo Neira Ayuso - * (C) 2014 by Arturo Borrero Gonzalez - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This code has been sponsored by Sophos Astaro - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include -#include -#include - -static struct nftnl_chain *chain_parse_file(const char *file, uint16_t format) -{ - int fd; - struct nftnl_chain *c; - struct nftnl_parse_err *err; - char data[4096]; - - c = nftnl_chain_alloc(); - if (c == NULL) { - perror("OOM"); - return NULL; - } - - fd = open(file, O_RDONLY); - if (fd < 0) { - perror("open"); - return NULL; - } - - if (read(fd, data, sizeof(data)) < 0) { - perror("read"); - close(fd); - return NULL; - } - - close(fd); - - err = nftnl_parse_err_alloc(); - if (err == NULL) { - perror("OOM"); - return NULL; - } - - if (nftnl_chain_parse(c, format, data, err) < 0) { - nftnl_parse_perror("Unable to parse file", err); - nftnl_parse_err_free(err); - return NULL; - } - - nftnl_parse_err_free(err); - return c; -} - -int main(int argc, char *argv[]) -{ - struct mnl_socket *nl; - char buf[MNL_SOCKET_BUFFER_SIZE]; - struct nlmsghdr *nlh; - uint32_t portid, seq, chain_seq; - struct nftnl_chain *c; - uint16_t family, format, outformat; - struct mnl_nlmsg_batch *batch; - int ret; - - if (argc < 3) { - printf("Usage: %s {json} \n", argv[0]); - exit(EXIT_FAILURE); - } - - if (strcmp(argv[1], "json") == 0) { - format = NFTNL_PARSE_JSON; - outformat = NFTNL_OUTPUT_JSON; - } else { - printf("Unknown format: only json is supported\n"); - exit(EXIT_FAILURE); - } - - c = chain_parse_file(argv[2], format); - if (c == NULL) - exit(EXIT_FAILURE); - - nftnl_chain_fprintf(stdout, c, outformat, 0); - fprintf(stdout, "\n"); - - nftnl_chain_unset(c, NFTNL_CHAIN_HANDLE); - family = nftnl_chain_get_u32(c, NFTNL_CHAIN_FAMILY); - - seq = time(NULL); - - batch = mnl_nlmsg_batch_start(buf, sizeof(buf)); - - nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - - chain_seq = seq; - nlh = nftnl_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWCHAIN, family, - NLM_F_ACK, seq++); - nftnl_chain_nlmsg_build_payload(nlh, c); - nftnl_chain_free(c); - mnl_nlmsg_batch_next(batch); - - nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - - nl = mnl_socket_open(NETLINK_NETFILTER); - if (nl == NULL) { - perror("mnl_socket_open"); - exit(EXIT_FAILURE); - } - - if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) { - perror("mnl_socket_bind"); - exit(EXIT_FAILURE); - } - - portid = mnl_socket_get_portid(nl); - - if (mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch), - mnl_nlmsg_batch_size(batch)) < 0) { - perror("mnl_socket_send"); - exit(EXIT_FAILURE); - } - - mnl_nlmsg_batch_stop(batch); - - ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); - while (ret > 0) { - ret = mnl_cb_run(buf, ret, chain_seq, portid, NULL, NULL); - if (ret <= 0) - break; - ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); - } - if (ret == -1) { - perror("error"); - exit(EXIT_FAILURE); - } - - - mnl_socket_close(nl); - return EXIT_SUCCESS; -} diff --git a/examples/nft-ct-helper-get.c b/examples/nft-ct-helper-get.c index 94bd0cd..eb03133 100644 --- a/examples/nft-ct-helper-get.c +++ b/examples/nft-ct-helper-get.c @@ -58,7 +58,7 @@ int main(int argc, char *argv[]) uint32_t type = NFTNL_OUTPUT_DEFAULT; if (argc < 3 || argc > 5) { - fprintf(stderr, "%s
[] []\n", + fprintf(stderr, "%s
[]\n", argv[0]); return EXIT_FAILURE; } @@ -76,18 +76,6 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - if (strcmp(argv[argc-1], "xml") == 0) { - type = NFTNL_OUTPUT_XML; - argv[argc-1] = NULL; - argc--; - }else if (strcmp(argv[argc-1], "json") == 0) { - type = NFTNL_OUTPUT_JSON; - argv[argc-1] = NULL; - argc--; - } else if (strcmp(argv[argc - 1], "default") == 0) { - argc--; - } - if (argc == 3 || argc == 4) { t = nftnl_obj_alloc(); if (t == NULL) { diff --git a/examples/nft-ct-timeout-get.c b/examples/nft-ct-timeout-get.c index 503c488..badcd23 100644 --- a/examples/nft-ct-timeout-get.c +++ b/examples/nft-ct-timeout-get.c @@ -58,8 +58,7 @@ int main(int argc, char *argv[]) uint32_t type = NFTNL_OUTPUT_DEFAULT; if (argc < 3 || argc > 5) { - fprintf(stderr, "%s
[] []\n", - argv[0]); + fprintf(stderr, "%s
[]\n", argv[0]); return EXIT_FAILURE; } @@ -76,18 +75,6 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - if (strcmp(argv[argc-1], "xml") == 0) { - type = NFTNL_OUTPUT_XML; - argv[argc-1] = NULL; - argc--; - } else if (strcmp(argv[argc-1], "json") == 0) { - type = NFTNL_OUTPUT_JSON; - argv[argc-1] = NULL; - argc--; - } else if (strcmp(argv[argc - 1], "default") == 0) { - argc--; - } - if (argc == 3 || argc == 4) { t = nftnl_obj_alloc(); if (t == NULL) { diff --git a/examples/nft-events.c b/examples/nft-events.c index bd8c752..8aab90a 100644 --- a/examples/nft-events.c +++ b/examples/nft-events.c @@ -235,18 +235,8 @@ int main(int argc, char *argv[]) case 1: type = NFTNL_OUTPUT_DEFAULT; break; - case 2: - if (strcmp(argv[1], "json") == 0) { - type = NFTNL_OUTPUT_JSON; - } else if (strcmp(argv[1], "default") == 0) { - type = NFTNL_OUTPUT_DEFAULT; - } else { - fprintf(stderr, "unknown format type `%s'\n", argv[1]); - return EXIT_FAILURE; - } - break; default: - fprintf(stderr, "%s []\n", argv[0]); + fprintf(stderr, "%s\n", argv[0]); return EXIT_FAILURE; } diff --git a/examples/nft-flowtable-get.c b/examples/nft-flowtable-get.c index 37cfadf..1a034ce 100644 --- a/examples/nft-flowtable-get.c +++ b/examples/nft-flowtable-get.c @@ -47,7 +47,7 @@ int main(int argc, char *argv[]) seq = time(NULL); if (argc < 2 || argc > 5) { - fprintf(stderr, "Usage: %s [
] [json]\n", + fprintf(stderr, "Usage: %s [
]\n", argv[0]); exit(EXIT_FAILURE); } @@ -84,9 +84,6 @@ int main(int argc, char *argv[]) NLM_F_DUMP, seq); } - if (strcmp(argv[argc-1], "json") == 0) - type = NFTNL_OUTPUT_JSON; - nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { perror("mnl_socket_open"); diff --git a/examples/nft-obj-get.c b/examples/nft-obj-get.c index bec33b6..e6a19fe 100644 --- a/examples/nft-obj-get.c +++ b/examples/nft-obj-get.c @@ -57,8 +57,7 @@ int main(int argc, char *argv[]) uint32_t type = NFTNL_OUTPUT_DEFAULT; if (argc < 2 || argc > 5) { - fprintf(stderr, "%s
[] []\n", - argv[0]); + fprintf(stderr, "%s
[]\n", argv[0]); return EXIT_FAILURE; } @@ -77,18 +76,6 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - if (strcmp(argv[argc-1], "xml") == 0) { - type = NFTNL_OUTPUT_XML; - argv[argc-1] = NULL; - argc--; - }else if (strcmp(argv[argc-1], "json") == 0) { - type = NFTNL_OUTPUT_JSON; - argv[argc-1] = NULL; - argc--; - } else if (strcmp(argv[argc - 1], "default") == 0) { - argc--; - } - if (argc == 3 || argc == 4) { t = nftnl_obj_alloc(); if (t == NULL) { diff --git a/examples/nft-rule-get.c b/examples/nft-rule-get.c index aa49612..8a980ef 100644 --- a/examples/nft-rule-get.c +++ b/examples/nft-rule-get.c @@ -82,7 +82,7 @@ int main(int argc, char *argv[]) int ret, family; if (argc < 2 || argc > 5) { - fprintf(stderr, "Usage: %s [
] [json]\n", + fprintf(stderr, "Usage: %s [
]\n", argv[0]); exit(EXIT_FAILURE); } @@ -102,12 +102,6 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - /* json specified */ - if (argc == 3 || argc == 5) { - if (strcmp(argv[argc - 1], "json") == 0) - type = NFTNL_OUTPUT_JSON; - } - /* at least [
] specified */ if (argc >= 4) { table = argv[2]; diff --git a/examples/nft-rule-parse-add.c b/examples/nft-rule-parse-add.c deleted file mode 100644 index 3fcf269..0000000 --- a/examples/nft-rule-parse-add.c +++ /dev/null @@ -1,159 +0,0 @@ -/* - * (C) 2013 by Pablo Neira Ayuso - * (C) 2013 by Arturo Borrero Gonzalez - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This code has been sponsored by Sophos Astaro - */ - -#include -#include -#include -#include /* for offsetof */ -#include -#include -#include -#include -#include -#include - -#include -#include - -#include -#include - -static struct nftnl_rule *rule_parse_file(const char *file, uint16_t format) -{ - int fd; - struct nftnl_rule *r; - struct nftnl_parse_err *err; - char data[4096]; - - fd = open(file, O_RDONLY); - if (fd < 0) { - perror("open"); - return NULL; - } - - if (read(fd, data, sizeof(data)) < 0) { - perror("read"); - close(fd); - return NULL; - } - close(fd); - - r = nftnl_rule_alloc(); - if (r == NULL) { - perror("OOM"); - exit(EXIT_FAILURE); - } - - err = nftnl_parse_err_alloc(); - if (err == NULL) { - perror("error"); - exit(EXIT_FAILURE); - } - - if (nftnl_rule_parse(r, format, data, err) < 0) { - nftnl_parse_perror("Unable to parse file", err); - nftnl_parse_err_free(err); - nftnl_rule_free(r); - return NULL; - } - - nftnl_rule_unset(r, NFTNL_RULE_HANDLE); - - nftnl_parse_err_free(err); - return r; -} - -int main(int argc, char *argv[]) -{ - struct mnl_socket *nl; - struct mnl_nlmsg_batch *batch; - char buf[MNL_SOCKET_BUFFER_SIZE]; - struct nlmsghdr *nlh; - uint32_t portid, seq, rule_seq; - struct nftnl_rule *r; - int ret; - uint16_t family, format, outformat; - - if (argc < 3) { - printf("Usage: %s {json} \n", argv[0]); - exit(EXIT_FAILURE); - } - - if (strcmp(argv[1], "json") == 0) { - format = NFTNL_PARSE_JSON; - outformat = NFTNL_OUTPUT_JSON; - } else { - printf("Unknown format: json\n"); - exit(EXIT_FAILURE); - } - - r = rule_parse_file(argv[2], format); - if (r == NULL) - exit(EXIT_FAILURE); - - nftnl_rule_fprintf(stdout, r, outformat, 0); - fprintf(stdout, "\n"); - - seq = time(NULL); - batch = mnl_nlmsg_batch_start(buf, sizeof(buf)); - - nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - - rule_seq = seq; - family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY); - nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWRULE, family, - NLM_F_CREATE|NLM_F_APPEND|NLM_F_ACK, - seq++); - nftnl_rule_nlmsg_build_payload(nlh, r); - nftnl_rule_free(r); - mnl_nlmsg_batch_next(batch); - - nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - - nl = mnl_socket_open(NETLINK_NETFILTER); - if (nl == NULL) { - perror("mnl_socket_open"); - exit(EXIT_FAILURE); - } - - if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) { - perror("mnl_socket_bind"); - exit(EXIT_FAILURE); - } - portid = mnl_socket_get_portid(nl); - - if (mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch), - mnl_nlmsg_batch_size(batch)) < 0) { - perror("mnl_socket_send"); - exit(EXIT_FAILURE); - } - - mnl_nlmsg_batch_stop(batch); - - ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); - while (ret > 0) { - ret = mnl_cb_run(buf, ret, rule_seq, portid, NULL, NULL); - if (ret <= 0) - break; - ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); - } - if (ret == -1) { - perror("error"); - exit(EXIT_FAILURE); - } - mnl_socket_close(nl); - - return EXIT_SUCCESS; -} diff --git a/examples/nft-ruleset-get.c b/examples/nft-ruleset-get.c index 9e80bb6..7098437 100644 --- a/examples/nft-ruleset-get.c +++ b/examples/nft-ruleset-get.c @@ -344,20 +344,10 @@ int main(int argc, char *argv[]) int ret; if (argc > 2) { - fprintf(stderr, "%s {json}\n", - argv[0]); + fprintf(stderr, "%s\n", argv[0]); exit(EXIT_FAILURE); } - if (argc == 2) { - if (strcmp(argv[1], "json") == 0) - type = NFTNL_OUTPUT_JSON; - else { - fprintf(stderr, "Unknown type: only json is supported\n"); - exit(EXIT_FAILURE); - } - } - nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) { perror("mnl_socket_open"); diff --git a/examples/nft-ruleset-parse-file.c b/examples/nft-ruleset-parse-file.c deleted file mode 100644 index be0994f..0000000 --- a/examples/nft-ruleset-parse-file.c +++ /dev/null @@ -1,467 +0,0 @@ -/* - * (C) 2014 by Alvaro Neira Ayuso - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - */ - -#include -#include -#include -#include /* for offsetof */ -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -struct mnl_nlmsg_batch *batch; -uint32_t seq; - -static int nftnl_ruleset_set_elems(const struct nftnl_parse_ctx *ctx) -{ - struct nftnl_set_elems_iter *iter_elems; - uint16_t nl_type, nl_flags; - uint32_t cmd; - struct nlmsghdr *nlh; - struct nftnl_set *set; - - cmd = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_CMD); - - set = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_SET); - if (set == NULL) - return -1; - - switch (cmd) { - case NFTNL_CMD_ADD: - nl_type = NFT_MSG_NEWSETELEM; - nl_flags = NLM_F_CREATE|NLM_F_EXCL|NLM_F_ACK; - break; - case NFTNL_CMD_DELETE: - nl_type = NFT_MSG_DELSETELEM; - /* This will generate an ACK message for each request. When - * removing NLM_F_ACK, the kernel will only report when things - * go wrong - */ - nl_flags = NLM_F_ACK; - break; - default: - goto err; - } - - iter_elems = nftnl_set_elems_iter_create(set); - if (iter_elems == NULL) - goto err; - - nlh = nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), nl_type, - nftnl_set_get_u32(set, - NFTNL_SET_FAMILY), - nl_flags, seq++); - - nftnl_set_elems_nlmsg_build_payload_iter(nlh, iter_elems); - mnl_nlmsg_batch_next(batch); - - nftnl_set_elems_iter_destroy(iter_elems); - return 0; -err: - return -1; -} - -static int nftnl_ruleset_parse_set(const struct nftnl_parse_ctx *ctx) -{ - - struct nlmsghdr *nlh; - uint16_t nl_type, nl_flags; - struct nftnl_set *set; - uint32_t cmd; - int ret; - - cmd = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_CMD); - - set = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_SET); - if (set == NULL) - return -1; - - switch (cmd) { - case NFTNL_CMD_ADD: - nl_type = NFT_MSG_NEWSET; - nl_flags = NLM_F_CREATE|NLM_F_ACK; - break; - case NFTNL_CMD_DELETE: - nl_type = NFT_MSG_DELSET; - nl_flags = NLM_F_ACK; - break; - default: - goto err; - } - - nlh = nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - nl_type, - nftnl_set_get_u32(set, - NFTNL_SET_FAMILY), - nl_flags, - seq++); - - nftnl_set_nlmsg_build_payload(nlh, set); - mnl_nlmsg_batch_next(batch); - - ret = nftnl_ruleset_set_elems(ctx); - return ret; -err: - return -1; -} - -static int nftnl_ruleset_rule_build_msg(const struct nftnl_parse_ctx *ctx, - uint32_t cmd, struct nftnl_rule *rule) -{ - struct nlmsghdr *nlh; - uint16_t nl_type, nl_flags; - - switch (cmd) { - case NFTNL_CMD_ADD: - nl_type = NFT_MSG_NEWRULE; - nl_flags = NLM_F_APPEND|NLM_F_CREATE|NLM_F_ACK; - nftnl_rule_unset(rule, NFTNL_RULE_HANDLE); - break; - case NFTNL_CMD_DELETE: - nl_type = NFT_MSG_DELRULE; - nl_flags = NLM_F_ACK; - break; - case NFTNL_CMD_REPLACE: - nl_type = NFT_MSG_NEWRULE; - nl_flags = NLM_F_REPLACE|NLM_F_ACK; - break; - case NFTNL_CMD_INSERT: - nl_type = NFT_MSG_NEWRULE; - nl_flags = NLM_F_CREATE|NLM_F_ACK; - nftnl_rule_unset(rule, NFTNL_RULE_HANDLE); - break; - default: - return -1; - } - - nlh = nftnl_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - nl_type, - nftnl_rule_get_u32(rule, - NFTNL_RULE_FAMILY), - nl_flags, - seq++); - - nftnl_rule_nlmsg_build_payload(nlh, rule); - mnl_nlmsg_batch_next(batch); - - return 0; -} - -static int nftnl_ruleset_rule(const struct nftnl_parse_ctx *ctx) -{ - struct nftnl_rule *rule; - int ret; - uint32_t cmd; - - cmd = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_CMD); - - rule = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_RULE); - if (rule == NULL) - return -1; - - ret = nftnl_ruleset_rule_build_msg(ctx, cmd, rule); - - return ret; -} - -static int nftnl_ruleset_flush_rules(const struct nftnl_parse_ctx *ctx) -{ - struct nftnl_rule *nlr; - struct nftnl_table *nlt; - struct nftnl_chain *nlc; - uint32_t type; - int ret; - - nlr = nftnl_rule_alloc(); - if (nlr == NULL) - return -1; - - type = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_TYPE); - switch (type) { - case NFTNL_RULESET_TABLE: - nlt = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_TABLE); - nftnl_rule_set(nlr, NFTNL_RULE_TABLE, - nftnl_table_get(nlt, NFTNL_TABLE_NAME)); - nftnl_rule_set(nlr, NFTNL_RULE_FAMILY, - nftnl_table_get(nlt, NFTNL_TABLE_FAMILY)); - break; - case NFTNL_RULESET_CHAIN: - nlc = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_CHAIN); - nftnl_rule_set(nlr, NFTNL_RULE_TABLE, - nftnl_chain_get(nlc, - NFTNL_CHAIN_TABLE)); - nftnl_rule_set(nlr, NFTNL_RULE_CHAIN, - nftnl_chain_get(nlc, - NFTNL_CHAIN_NAME)); - nftnl_rule_set(nlr, NFTNL_RULE_FAMILY, - nftnl_chain_get(nlc, NFTNL_TABLE_FAMILY)); - break; - default: - goto err; - } - - ret = nftnl_ruleset_rule_build_msg(ctx, NFTNL_CMD_DELETE, nlr); - nftnl_rule_free(nlr); - - return ret; -err: - nftnl_rule_free(nlr); - return -1; -} - -static int nftnl_ruleset_chain(const struct nftnl_parse_ctx *ctx) -{ - struct nlmsghdr *nlh; - uint16_t nl_type, nl_flags; - uint32_t cmd; - struct nftnl_chain *chain; - - cmd = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_CMD); - - chain = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_CHAIN); - if (chain == NULL) - return -1; - - switch (cmd) { - case NFTNL_CMD_ADD: - nl_type = NFT_MSG_NEWCHAIN; - nl_flags = NLM_F_CREATE|NLM_F_ACK; - break; - case NFTNL_CMD_DELETE: - nl_type = NFT_MSG_DELCHAIN; - nl_flags = NLM_F_ACK; - break; - case NFTNL_CMD_FLUSH: - return nftnl_ruleset_flush_rules(ctx); - default: - goto err; - } - - nftnl_chain_unset(chain, NFTNL_CHAIN_HANDLE); - nlh = nftnl_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - nl_type, - nftnl_chain_get_u32(chain, - NFTNL_CHAIN_FAMILY), - nl_flags, - seq++); - - nftnl_chain_nlmsg_build_payload(nlh, chain); - mnl_nlmsg_batch_next(batch); - - return 0; -err: - return -1; -} - -static int nftnl_ruleset_table_build_msg(const struct nftnl_parse_ctx *ctx, - uint32_t cmd, struct nftnl_table *table) -{ - struct nlmsghdr *nlh; - uint16_t nl_type, nl_flags; - - switch (cmd) { - case NFTNL_CMD_ADD: - nl_type = NFT_MSG_NEWTABLE; - nl_flags = NLM_F_CREATE|NLM_F_ACK; - break; - case NFTNL_CMD_DELETE: - nl_type = NFT_MSG_DELTABLE; - nl_flags = NLM_F_ACK; - break; - case NFTNL_CMD_FLUSH: - return nftnl_ruleset_flush_rules(ctx); - default: - return -1; - } - - nlh = nftnl_table_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - nl_type, - nftnl_table_get_u32(table, - NFTNL_TABLE_FAMILY), - nl_flags, - seq++); - - nftnl_table_nlmsg_build_payload(nlh, table); - mnl_nlmsg_batch_next(batch); - - return 0; -} - -static int nftnl_ruleset_table(const struct nftnl_parse_ctx *ctx) -{ - struct nftnl_table *table; - uint32_t cmd; - int ret; - - cmd = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_CMD); - - table = nftnl_ruleset_ctx_get(ctx, NFTNL_RULESET_CTX_TABLE); - if (table == NULL) - return -1; - - ret = nftnl_ruleset_table_build_msg(ctx, cmd, table); - - return ret; -} - -static int nftnl_ruleset_flush_ruleset(const struct nftnl_parse_ctx *ctx) -{ - struct nftnl_table *table; - int ret; - - table = nftnl_table_alloc(); - if (table == NULL) - return -1; - - ret = nftnl_ruleset_table_build_msg(ctx, NFTNL_CMD_DELETE, table); - nftnl_table_free(table); - - return ret; -} - -static int ruleset_elems_cb(const struct nftnl_parse_ctx *ctx) -{ - uint32_t type; - int ret; - - type = nftnl_ruleset_ctx_get_u32(ctx, NFTNL_RULESET_CTX_TYPE); - - switch (type) { - case NFTNL_RULESET_TABLE: - ret = nftnl_ruleset_table(ctx); - break; - case NFTNL_RULESET_CHAIN: - ret = nftnl_ruleset_chain(ctx); - break; - case NFTNL_RULESET_RULE: - ret = nftnl_ruleset_rule(ctx); - break; - case NFTNL_RULESET_SET: - ret = nftnl_ruleset_parse_set(ctx); - break; - case NFTNL_RULESET_SET_ELEMS: - ret = nftnl_ruleset_set_elems(ctx); - break; - case NFTNL_RULESET_RULESET: - ret = nftnl_ruleset_flush_ruleset(ctx); - break; - default: - return -1; - } - - nftnl_ruleset_ctx_free(ctx); - return ret; -} - -int main(int argc, char *argv[]) -{ - struct nftnl_parse_err *err; - const char *filename; - FILE *fp; - int ret = -1, len, portid; - uint32_t ruleset_seq; - char buf[MNL_SOCKET_BUFFER_SIZE]; - struct mnl_socket *nl; - - if (argc < 2) { - printf("Usage: %s \n", argv[0]); - exit(EXIT_FAILURE); - } - - fp = fopen(argv[1], "r"); - if (fp == NULL) { - printf("unable to open file %s: %s\n", argv[1], - strerror(errno)); - exit(EXIT_FAILURE); - } - - err = nftnl_parse_err_alloc(); - if (err == NULL) { - perror("error"); - exit(EXIT_FAILURE); - } - - seq = time(NULL); - batch = mnl_nlmsg_batch_start(buf, sizeof(buf)); - - nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - ruleset_seq = seq; - - filename = argv[1]; - len = strlen(filename); - if (len >= 5 && strcmp(&filename[len - 5], ".json") == 0) - ret = nftnl_ruleset_parse_file_cb(NFTNL_PARSE_JSON, fp, err, NULL, - &ruleset_elems_cb); - else { - printf("the filename %s does not have a trailing .json\n", - filename); - exit(EXIT_FAILURE); - } - - if (ret < 0) { - nftnl_parse_perror("fail", err); - exit(EXIT_FAILURE); - } - - fclose(fp); - - nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - - nl = mnl_socket_open(NETLINK_NETFILTER); - if (nl == NULL) { - perror("mnl_socket_open"); - exit(EXIT_FAILURE); - } - - if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) { - perror("mnl_socket_bind"); - exit(EXIT_FAILURE); - } - portid = mnl_socket_get_portid(nl); - - if (mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch), - mnl_nlmsg_batch_size(batch)) < 0) { - perror("mnl_socket_send"); - exit(EXIT_FAILURE); - } - - mnl_nlmsg_batch_stop(batch); - - ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); - while (ret > 0) { - ret = mnl_cb_run(buf, ret, ruleset_seq, portid, NULL, NULL); - if (ret <= 0) - break; - ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); - } - if (ret == -1) { - perror("error"); - exit(EXIT_FAILURE); - } - - mnl_socket_close(nl); - return EXIT_SUCCESS; -} diff --git a/examples/nft-set-elem-get.c b/examples/nft-set-elem-get.c index 9a3ccd7..1bc9abc 100644 --- a/examples/nft-set-elem-get.c +++ b/examples/nft-set-elem-get.c @@ -57,8 +57,7 @@ int main(int argc, char *argv[]) int ret; if (argc < 4 || argc > 5) { - fprintf(stderr, "%s
[]\n", - argv[0]); + fprintf(stderr, "%s
\n", argv[0]); return EXIT_FAILURE; } t = nftnl_set_alloc(); @@ -80,9 +79,6 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - if (argc == 5 && strcmp(argv[4], "json") == 0 ) - type = NFTNL_OUTPUT_JSON; - nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSETELEM, family, NLM_F_DUMP|NLM_F_ACK, seq); nftnl_set_set(t, NFTNL_SET_NAME, argv[3]); diff --git a/examples/nft-set-get.c b/examples/nft-set-get.c index c4ad8ee..bb33674 100644 --- a/examples/nft-set-get.c +++ b/examples/nft-set-get.c @@ -57,7 +57,7 @@ int main(int argc, char *argv[]) int ret; if (argc < 2 || argc > 3) { - fprintf(stderr, "%s []\n", argv[0]); + fprintf(stderr, "%s \n", argv[0]); return EXIT_FAILURE; } t = nftnl_set_alloc(); @@ -81,9 +81,6 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - if (argc == 3 && strcmp(argv[2], "json") == 0) - type = NFTNL_OUTPUT_JSON; - nlh = nftnl_set_nlmsg_build_hdr(buf, NFT_MSG_GETSET, family, NLM_F_DUMP|NLM_F_ACK, seq); /* Use this below if you want to obtain sets per table */ diff --git a/examples/nft-set-parse-add.c b/examples/nft-set-parse-add.c deleted file mode 100644 index 5197dc3..0000000 --- a/examples/nft-set-parse-add.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * (C) 2013 by Álvaro Neira Ayuso - * - * Based on nft-set-xml-add from: - * - * (C) 2013 by Pablo Neira Ayuso - * (C) 2013 by Arturo Borrero Gonzalez - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include - -static struct nftnl_set *set_parse_file(const char *file, uint16_t format) -{ - int fd; - struct nftnl_set *s; - struct nftnl_parse_err *err; - char data[4096]; - - s = nftnl_set_alloc(); - if (s == NULL) { - perror("OOM"); - return NULL; - } - - fd = open(file, O_RDONLY); - if (fd < 0) { - perror("open"); - return NULL; - } - - if (read(fd, data, sizeof(data)) < 0) { - perror("read"); - close(fd); - return NULL; - } - close(fd); - - err = nftnl_parse_err_alloc(); - if (err == NULL) { - perror("error"); - return NULL; - } - - if (nftnl_set_parse(s, format, data, err) < 0) { - nftnl_parse_perror("Unable to parse file", err); - nftnl_parse_err_free(err); - return NULL; - } - - nftnl_parse_err_free(err); - - nftnl_set_set_u32(s, NFTNL_SET_ID, 1); - return s; - -} - -int main(int argc, char *argv[]) -{ - struct mnl_socket *nl; - char buf[MNL_SOCKET_BUFFER_SIZE]; - struct nlmsghdr *nlh; - uint32_t portid, seq, set_seq; - struct nftnl_set *s; - uint16_t family, format, outformat; - struct mnl_nlmsg_batch *batch; - int ret; - - if (argc < 2) { - printf("Usage: %s {json} \n", argv[0]); - exit(EXIT_FAILURE); - } - - if (strcmp(argv[1], "json") == 0) { - format = NFTNL_PARSE_JSON; - outformat = NFTNL_OUTPUT_JSON; - } else { - printf("Unknown format: only json is supported\n"); - exit(EXIT_FAILURE); - } - - s = set_parse_file(argv[2], format); - if (s == NULL) - exit(EXIT_FAILURE); - - nftnl_set_fprintf(stdout, s, outformat, 0); - fprintf(stdout, "\n"); - - seq = time(NULL); - - batch = mnl_nlmsg_batch_start(buf, sizeof(buf)); - - nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - - family = nftnl_set_get_u32(s, NFTNL_SET_FAMILY); - - set_seq = seq; - nlh = nftnl_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWSET, family, - NLM_F_CREATE|NLM_F_ACK, seq++); - nftnl_set_nlmsg_build_payload(nlh, s); - nftnl_set_free(s); - mnl_nlmsg_batch_next(batch); - - nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - - nl = mnl_socket_open(NETLINK_NETFILTER); - if (nl == NULL) { - perror("mnl_socket_open"); - exit(EXIT_FAILURE); - } - - if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) { - perror("mnl_socket_bind"); - exit(EXIT_FAILURE); - } - portid = mnl_socket_get_portid(nl); - - if (mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch), - mnl_nlmsg_batch_size(batch)) < 0) { - perror("mnl_socket_send"); - exit(EXIT_FAILURE); - } - - mnl_nlmsg_batch_stop(batch); - - ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); - while (ret > 0) { - ret = mnl_cb_run(buf, ret, set_seq, portid, NULL, NULL); - if (ret <= 0) - break; - ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); - } - if (ret == -1) { - perror("error"); - exit(EXIT_FAILURE); - } - - mnl_socket_close(nl); - - return EXIT_SUCCESS; -} diff --git a/examples/nft-table-get.c b/examples/nft-table-get.c index 193db77..eac2f2f 100644 --- a/examples/nft-table-get.c +++ b/examples/nft-table-get.c @@ -57,8 +57,7 @@ int main(int argc, char *argv[]) uint32_t type = NFTNL_OUTPUT_DEFAULT; if (argc < 2 || argc > 4) { - fprintf(stderr, "%s [
] []\n", - argv[0]); + fprintf(stderr, "%s [
]\n", argv[0]); return EXIT_FAILURE; } @@ -77,14 +76,6 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - if (strcmp(argv[argc-1], "json") == 0) { - type = NFTNL_OUTPUT_JSON; - argv[argc-1] = NULL; - argc--; - } else if (strcmp(argv[argc - 1], "default") == 0) { - argc--; - } - if (argc == 3) { t = nftnl_table_alloc(); if (t == NULL) { diff --git a/examples/nft-table-parse-add.c b/examples/nft-table-parse-add.c deleted file mode 100644 index 55dbc13..0000000 --- a/examples/nft-table-parse-add.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - * (C) 2013 by Pablo Neira Ayuso - * (C) 2013 by Arturo Borrero Gonzalez - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This code has been sponsored by Sophos Astaro - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include -#include - -static struct nftnl_table *table_parse_file(const char *file, uint16_t format) -{ - int fd; - struct nftnl_table *t; - struct nftnl_parse_err *err; - char data[4096]; - - t = nftnl_table_alloc(); - if (t == NULL) { - perror("OOM"); - return NULL; - } - - fd = open(file, O_RDONLY); - if (fd < 0) { - perror("open"); - return NULL; - } - - if (read(fd, data, sizeof(data)) < 0) { - perror("read"); - close(fd); - return NULL; - } - close(fd); - - err = nftnl_parse_err_alloc(); - if (err == NULL) { - perror("error"); - return NULL; - } - - if (nftnl_table_parse(t, format, data, err) < 0) { - nftnl_parse_perror("Unable to parse file", err); - nftnl_parse_err_free(err); - return NULL; - } - - nftnl_parse_err_free(err); - return t; - -} - -int main(int argc, char *argv[]) -{ - struct mnl_socket *nl; - char buf[MNL_SOCKET_BUFFER_SIZE]; - struct nlmsghdr *nlh; - uint32_t portid, seq, table_seq; - struct nftnl_table *t = NULL; - uint16_t family, format, outformat; - struct mnl_nlmsg_batch *batch; - int ret; - - if (argc < 3) { - printf("Usage: %s {json} \n", argv[0]); - exit(EXIT_FAILURE); - } - - if (strcmp(argv[1], "json") == 0) { - format = NFTNL_PARSE_JSON; - outformat = NFTNL_OUTPUT_JSON; - } else { - printf("Unknown format: only json is supported\n"); - exit(EXIT_FAILURE); - } - - t = table_parse_file(argv[2], format); - if (t == NULL) - exit(EXIT_FAILURE); - - nftnl_table_fprintf(stdout, t, outformat, 0); - fprintf(stdout, "\n"); - - seq = time(NULL); - - batch = mnl_nlmsg_batch_start(buf, sizeof(buf)); - - nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - - family = nftnl_table_get_u32(t, NFTNL_TABLE_FAMILY); - - table_seq = seq; - nlh = nftnl_table_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), - NFT_MSG_NEWTABLE, family, - NLM_F_CREATE|NLM_F_ACK, seq++); - nftnl_table_nlmsg_build_payload(nlh, t); - nftnl_table_free(t); - mnl_nlmsg_batch_next(batch); - - nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++); - mnl_nlmsg_batch_next(batch); - - nl = mnl_socket_open(NETLINK_NETFILTER); - if (nl == NULL) { - perror("mnl_socket_open"); - exit(EXIT_FAILURE); - } - - if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) { - perror("mnl_socket_bind"); - exit(EXIT_FAILURE); - } - portid = mnl_socket_get_portid(nl); - - if (mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch), - mnl_nlmsg_batch_size(batch)) < 0) { - perror("mnl_socket_send"); - exit(EXIT_FAILURE); - } - - mnl_nlmsg_batch_stop(batch); - - ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); - while (ret > 0) { - ret = mnl_cb_run(buf, ret, table_seq, portid, NULL, NULL); - if (ret <= 0) - break; - ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); - } - if (ret == -1) { - perror("error"); - exit(EXIT_FAILURE); - } - - mnl_socket_close(nl); - - return EXIT_SUCCESS; -} -- cgit v1.2.3