libnftnl 1.2.9
nft-set-elem-add.c
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
4 *
5 * This software has been sponsored by Sophos Astaro <http://www.sophos.com>
6 */
7
8#include <stdlib.h>
9#include <time.h>
10#include <string.h>
11#include <netinet/in.h>
12
13#include <linux/netfilter.h>
14#include <linux/netfilter/nf_tables.h>
15
16#include <libmnl/libmnl.h>
17#include <libnftnl/set.h>
18
19int main(int argc, char *argv[])
20{
21 struct mnl_socket *nl;
22 char buf[MNL_SOCKET_BUFFER_SIZE];
23 struct mnl_nlmsg_batch *batch;
24 struct nlmsghdr *nlh;
25 uint32_t portid, seq, family;
26 struct nftnl_set *s;
27 struct nftnl_set_elem *e;
28 uint16_t data;
29 int ret;
30
31 if (argc != 4) {
32 fprintf(stderr, "%s <family> <table> <set>\n", argv[0]);
33 exit(EXIT_FAILURE);
34 }
35
36 s = nftnl_set_alloc();
37 if (s == NULL) {
38 perror("OOM");
39 exit(EXIT_FAILURE);
40 }
41
42 seq = time(NULL);
43 if (strcmp(argv[1], "ip") == 0)
44 family = NFPROTO_IPV4;
45 else if (strcmp(argv[1], "ip6") == 0)
46 family = NFPROTO_IPV6;
47 else if (strcmp(argv[1], "inet") == 0)
48 family = NFPROTO_INET;
49 else if (strcmp(argv[1], "bridge") == 0)
50 family = NFPROTO_BRIDGE;
51 else if (strcmp(argv[1], "arp") == 0)
52 family = NFPROTO_ARP;
53 else {
54 fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
55 exit(EXIT_FAILURE);
56 }
57
58 nftnl_set_set_str(s, NFTNL_SET_TABLE, argv[2]);
59 nftnl_set_set_str(s, NFTNL_SET_NAME, argv[3]);
60
61 /* Add to dummy elements to set */
62 e = nftnl_set_elem_alloc();
63 if (e == NULL) {
64 perror("OOM");
65 exit(EXIT_FAILURE);
66 }
67
68 data = 0x1;
69 nftnl_set_elem_set(e, NFTNL_SET_ELEM_KEY, &data, sizeof(data));
70 nftnl_set_elem_add(s, e);
71
72 e = nftnl_set_elem_alloc();
73 if (e == NULL) {
74 perror("OOM");
75 exit(EXIT_FAILURE);
76 }
77 data = 0x2;
78 nftnl_set_elem_set(e, NFTNL_SET_ELEM_KEY, &data, sizeof(data));
79 nftnl_set_elem_add(s, e);
80
81 batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
82
83 nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
84 mnl_nlmsg_batch_next(batch);
85
86 nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
87 NFT_MSG_NEWSETELEM, family,
88 NLM_F_CREATE | NLM_F_EXCL | NLM_F_ACK,
89 seq++);
90 nftnl_set_elems_nlmsg_build_payload(nlh, s);
91 nftnl_set_free(s);
92 mnl_nlmsg_batch_next(batch);
93
94 nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++);
95 mnl_nlmsg_batch_next(batch);
96
97 nl = mnl_socket_open(NETLINK_NETFILTER);
98 if (nl == NULL) {
99 perror("mnl_socket_open");
100 exit(EXIT_FAILURE);
101 }
102
103 if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
104 perror("mnl_socket_bind");
105 exit(EXIT_FAILURE);
106 }
107 portid = mnl_socket_get_portid(nl);
108
109 if (mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch),
110 mnl_nlmsg_batch_size(batch)) < 0) {
111 perror("mnl_socket_send");
112 exit(EXIT_FAILURE);
113 }
114
115 mnl_nlmsg_batch_stop(batch);
116
117 ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
118 while (ret > 0) {
119 ret = mnl_cb_run(buf, ret, 0, portid, NULL, NULL);
120 if (ret <= 0)
121 break;
122 ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
123 }
124 if (ret == -1) {
125 perror("error");
126 exit(EXIT_FAILURE);
127 }
128 mnl_socket_close(nl);
129
130 return EXIT_SUCCESS;
131}