path: root/
diff options
authorPablo Neira Ayuso <>2013-06-13 16:38:33 +0200
committerPablo Neira Ayuso <>2013-06-24 11:50:00 +0200
commitaae836a7aa628af4d4d5dd97d0eefa898e8f5245 (patch)
tree0a5999838de7e19bba5c2bfb7172fec8d70c2da5 /
parentf171d1cf8a6530fe0ac204d4a6520fe0e2a70da4 (diff)
src: use libnftables
This patch migrates nft to use the libnftables library, that is used by the iptables over nftables compat utility as well. Most of the conversion was pretty straight forward. Some small significant changes happened in the handling of set element and immediate data abstraction that libnl provides. libnftables is a bit more granular since it splits the struct nfnl_nft_data into three attributes: verdict, chain and plain data (used in maps). I have added a new file src/mnl.c that contains the low level netlink communication that now resides in nftables source tree instead of the library. This should help to implement the batching support using libmnl in follow up patches. I also spent some significant amount of time running my tests to make sure that we don't increase the number of bugs that we already have (I plan to provide a list of those that I have detected and diagnosed, so anyone else can help us to fix them). As a side effect, this change should also prepare the ground for JSON and XML support anytime soon. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to '')
1 files changed, 4 insertions, 4 deletions
diff --git a/ b/
index 316d043e..811d7e22 100644
--- a/
+++ b/
@@ -49,11 +49,11 @@ then
# Checks for libraries.
-AC_CHECK_LIB([nl], [nl_socket_alloc], ,
- AC_MSG_ERROR([No suitable version of libnl found]))
+AC_CHECK_LIB([mnl], [mnl_socket_open], ,
+ AC_MSG_ERROR([No suitable version of libmnl found]))
-AC_CHECK_LIB([nl-nf], [nfnl_nft_rule_alloc], ,
- AC_MSG_ERROR([No suitable version of libnl-nf found]))
+AC_CHECK_LIB([nftables], [nft_rule_alloc], ,
+ AC_MSG_ERROR([No suitable version of libnftables found]))
AC_CHECK_LIB([gmp], [__gmpz_init], ,
AC_MSG_ERROR([No suitable version of libgmp found]))