From: Florian Westphal <fw@strlen.de>
To: Kiernan George <kbg98@vt.edu>
Cc: Florian Westphal <fw@strlen.de>, netfilter@vger.kernel.org
Subject: Re: Creating a map programmatically using the C library libnftnl
Date: Thu, 30 Mar 2023 18:09:54 +0200 [thread overview]
Message-ID: <20230330160954.GA22225@breakpoint.cc> (raw)
In-Reply-To: <CAOg40qhR5vXo=tkNThLTbZ3nK0MZDf=VwONarYBg4KFokYCqcg@mail.gmail.com>
Kiernan George <kbg98@vt.edu> wrote:
> I'm not sure how to take that example and modify it to create the type of
> map I mentioned in my initial request, or how to work in IPV6 for example.
> I could also use an example on how to add an element to a map
> programmatically. I see there is the nft-set-add, but it does not work on a
> map.
diff --git a/examples/nft-map-add.c b/examples/nft-map-add.c
--- a/examples/nft-map-add.c
+++ b/examples/nft-map-add.c
@@ -26,6 +26,16 @@
#include <libmnl/libmnl.h>
#include <libnftnl/set.h>
+/* See nftables/include/datatype.h. We should place these datatypes in
+ * a public header so third party applications still work with nftables.
+ */
+#define TYPE_BITS 6
+
+enum nft_key_types {
+ TYPE_IPADDR = 7,
+ TYPE_INET_SERVICE = 13,
+};
+
static struct nftnl_set *setup_set(uint8_t family, const char *table,
const char *name)
{
@@ -40,14 +50,11 @@ static struct nftnl_set *setup_set(uint8_t family, const char *table,
nftnl_set_set_str(s, NFTNL_SET_TABLE, table);
nftnl_set_set_str(s, NFTNL_SET_NAME, name);
nftnl_set_set_u32(s, NFTNL_SET_FAMILY, family);
- nftnl_set_set_u32(s, NFTNL_SET_KEY_LEN, 2);
- /* See nftables/include/datatype.h, where TYPE_INET_SERVICE is 13. We
- * should place these datatypes in a public header so third party
- * applications still work with nftables.
- */
- nftnl_set_set_u32(s, NFTNL_SET_KEY_TYPE, 13);
- nftnl_set_set_u32(s, NFTNL_SET_DATA_LEN, 2);
- nftnl_set_set_u32(s, NFTNL_SET_DATA_TYPE, 13);
+ nftnl_set_set_u32(s, NFTNL_SET_KEY_LEN, 8); /* two 32bit regs, one for ip address, one for inet_service */
+ /* Next line is ONLY needed so 'nft list ruleset' can pretty-print this */
+ // nftnl_set_set_u32(s, NFTNL_SET_KEY_TYPE, TYPE_IPADDR << TYPE_BITS | TYPE_INET_SERVICE);
+ nftnl_set_set_u32(s, NFTNL_SET_DATA_LEN, 4); /* one 32bit reg */
+ nftnl_set_set_u32(s, NFTNL_SET_DATA_TYPE, TYPE_IPADDR);
nftnl_set_set_u32(s, NFTNL_SET_ID, 1);
nftnl_set_set_u32(s, NFTNL_SET_FLAGS, NFT_SET_CONSTANT | NFT_SET_MAP);
next prev parent reply other threads:[~2023-03-30 16:09 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-27 18:04 Creating a map programmatically using the C library libnftnl Kiernan George
2023-03-28 15:09 ` Florian Westphal
2023-03-30 15:31 ` Kiernan George
[not found] ` <CAOg40qhR5vXo=tkNThLTbZ3nK0MZDf=VwONarYBg4KFokYCqcg@mail.gmail.com>
2023-03-30 16:09 ` Florian Westphal [this message]
2023-03-30 17:17 ` Kiernan George
2023-03-30 19:55 ` Florian Westphal
2023-03-30 20:08 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230330160954.GA22225@breakpoint.cc \
--to=fw@strlen.de \
--cc=kbg98@vt.edu \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.