[libnftables PATCH 1/7] chain: change policy2str function to nft_verdict2str function

[libnftables PATCH 1/7] chain: change policy2str function to nft_verdict2str function

[Alvaro Neira]

From: Álvaro Neira Ayuso <alvaroneay@gmail.com>

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
 src/chain.c |   17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/src/chain.c b/src/chain.c
index 14db5f7..621794c 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -659,19 +659,6 @@ int nft_chain_parse(struct nft_chain *c, enum nft_chain_parse_type type,
 }
 EXPORT_SYMBOL(nft_chain_parse);
 
-static const char *policy2str(int policy)
-{
-	switch (policy) {
-	case NF_ACCEPT:
-		return "accept";
-	case NF_DROP:
-		return "drop";
-	default:
-		break;
-	}
-	return "unknown";
-}
-
 static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
 {
 	int ret, len = size, offset = 0;
@@ -698,7 +685,7 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
 				"\"prio\": %d,"
 				"\"policy\": \"%s\"",
 			c->type, hooknum2str_array[c->hooknum], c->prio,
-			policy2str(c->policy));
+			nft_verdict2str(c->policy));
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}
 
@@ -762,7 +749,7 @@ static int nft_chain_snprintf_default(char *buf, size_t size,
 			       " type %s hook %s prio %d policy %s use %d "
 			       "packets %"PRIu64" bytes %"PRIu64"",
 			       c->type, hooknum2str_array[c->hooknum], c->prio,
-			       policy2str(c->policy), c->use,
+			       nft_verdict2str(c->policy), c->use,
 			       c->packets, c->bytes);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 	}

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[libnftables PATCH 2/7] jansson: Add helper function for building the tree

[Alvaro Neira]

From: Álvaro Neira Ayuso <alvaroneay@gmail.com>

Add a helper function for parsing and return the jansson tree

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
 src/internal.h |    1 +
 src/jansson.c  |   19 +++++++++++++++++++
 src/table.c    |   14 +++-----------
 3 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/src/internal.h b/src/internal.h
index a8ae431..d1c7690 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -45,6 +45,7 @@ int nft_jansson_value_parse_val(json_t *root, const char *tag,
 				  int type, void *out);
 const char *nft_jansson_value_parse_str(json_t *root, const char *tag);
 bool nft_jansson_node_exist(json_t *root, const char *tag);
+json_t *nft_jansson_get_root(char *json, const char *tag, json_error_t *err);
 #endif
 
 const char *nft_family2str(uint32_t family);
diff --git a/src/jansson.c b/src/jansson.c
index cc68ae0..4c778d9 100644
--- a/src/jansson.c
+++ b/src/jansson.c
@@ -71,4 +71,23 @@ bool nft_jansson_node_exist(json_t *root, const char *tag)
 {
 	return json_object_get(root, tag) != NULL;
 }
+
+json_t *nft_jansson_get_root(char *json, const char *tag, json_error_t *err)
+{
+	json_t *root;
+
+	root = json_loadb(json, strlen(json), 0, err);
+	if (root == NULL) {
+		errno = EINVAL;
+		return NULL;
+	}
+
+	root = json_object_get(root, tag);
+	if (root == NULL) {
+		errno = EINVAL;
+		return NULL;
+	}
+
+	return root;
+}
 #endif
diff --git a/src/table.c b/src/table.c
index 1f4fe76..526f3e7 100644
--- a/src/table.c
+++ b/src/table.c
@@ -290,17 +290,9 @@ static int nft_table_json_parse(struct nft_table *t, char *json)
 	const char *str;
 	int family;
 
-	root = json_loadb(json, strlen(json), 0, &error);
-	if (!root) {
-		errno = EINVAL;
-		goto err;
-	}
-
-	root = json_object_get(root, "table");
-	if (root == NULL) {
-		errno = EINVAL;
-		goto err;
-	}
+	root = nft_jansson_get_root(json, "table", &error);
+	if (root == NULL)
+		return -1;
 
 	str = nft_jansson_value_parse_str(root, "name");
 	if (str == NULL)

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[libnftables PATCH 3/7] table: remove the properties node in Json output

[Alvaro Neira]

From: Álvaro Neira Ayuso <alvaroneay@gmail.com>

I have removed the properties node from table because it's a node without relevant information

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
 src/table.c                   |   12 ++----------
 tests/jsonfiles/01-table.json |    2 +-
 tests/jsonfiles/02-table.json |    2 +-
 3 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/src/table.c b/src/table.c
index 526f3e7..402e8c1 100644
--- a/src/table.c
+++ b/src/table.c
@@ -300,12 +300,6 @@ static int nft_table_json_parse(struct nft_table *t, char *json)
 
 	nft_table_attr_set_str(t, NFT_TABLE_ATTR_NAME, strdup(str));
 
-	root = json_object_get(root, "properties");
-	if (root == NULL) {
-		errno = EINVAL;
-		goto err;
-	}
-
 	str = nft_jansson_value_parse_str(root, "family");
 	if (str == NULL)
 		goto err;
@@ -360,10 +354,8 @@ static int nft_table_snprintf_json(char *buf, size_t size, struct nft_table *t)
 	return snprintf(buf, size,
 			"{\"table\" : {"
 			"\"name\" : \"%s\","
-			"\"properties\" : {"
-				"\"family\" : \"%s\","
-				"\"table_flags\" : %d"
-				"}"
+			"\"family\" : \"%s\","
+			"\"table_flags\" : %d"
 			"}"
 			"}" ,
 			t->name, nft_family2str(t->family), t->table_flags);
diff --git a/tests/jsonfiles/01-table.json b/tests/jsonfiles/01-table.json
index 9afc014..a5ba38b 100644
--- a/tests/jsonfiles/01-table.json
+++ b/tests/jsonfiles/01-table.json
@@ -1 +1 @@
-{"table" : {"name" : "filter","properties" : {"family" : "ip","table_flags" : 0}}}
+{"table" : {"name" : "filter","family" : "ip","table_flags" : 0}}
diff --git a/tests/jsonfiles/02-table.json b/tests/jsonfiles/02-table.json
index b66ec52..f1171a1 100644
--- a/tests/jsonfiles/02-table.json
+++ b/tests/jsonfiles/02-table.json
@@ -1 +1 @@
-{"table" : {"name" : "filter2","properties" : {"family" : "ip6","table_flags" : 0}}}
+{"table" : {"name" : "filter2","family" : "ip6","table_flags" : 0}}

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[libnftables PATCH 4/7] chain: remove the properties node in Json output

[Alvaro Neira]

From: Álvaro Neira Ayuso <alvaroneay@gmail.com>

I have removed the properties node from chain because it's a node without relevant information

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
 src/chain.c |    8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/chain.c b/src/chain.c
index 621794c..7e2567b 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -669,10 +669,9 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
 			"\"handle\": %"PRIu64","
 			"\"bytes\": %"PRIu64","
 			"\"packets\": %"PRIu64","
-			"\"properties\": {"
-				"\"family\": \"%s\","
-				"\"table\": \"%s\","
-				"\"use\": %d",
+			"\"family\": \"%s\","
+			"\"table\": \"%s\","
+			"\"use\": %d",
 			c->name, c->handle, c->bytes, c->packets,
 			nft_family2str(c->family),
 			c->table, c->use);
@@ -690,7 +689,6 @@ static int nft_chain_snprintf_json(char *buf, size_t size, struct nft_chain *c)
 	}
 
 	ret = snprintf(buf+offset, size,
-			"}"
 		"}"
 		"}");
 	SNPRINTF_BUFFER_SIZE(ret, size, len, offset);

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[libnftables PATCH 5/7] chain:Add json parser support

[Alvaro Neira]

From: Álvaro Neira Ayuso <alvaroneay@gmail.com>

Add function for parsing chains in format JSON

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
 include/libnftables/chain.h |    1 
 src/chain.c                 |  117 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 118 insertions(+)

diff --git a/include/libnftables/chain.h b/include/libnftables/chain.h
index 382947f..53fd407 100644
--- a/include/libnftables/chain.h
+++ b/include/libnftables/chain.h
@@ -52,6 +52,7 @@ enum {
 enum nft_chain_parse_type {
 	NFT_CHAIN_PARSE_NONE	= 0,
 	NFT_CHAIN_PARSE_XML,
+	NFT_CHAIN_PARSE_JSON,
 	NFT_CHAIN_PARSE_MAX
 };
 
diff --git a/src/chain.c b/src/chain.c
index 7e2567b..c9beb84 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -468,6 +468,120 @@ int nft_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_chain *c)
 }
 EXPORT_SYMBOL(nft_chain_nlmsg_parse);
 
+static int nft_str2hooknum(const char *hook)
+{
+	int hooknum;
+
+	for (hooknum = 0; hooknum < NF_INET_NUMHOOKS; hooknum++) {
+		if (strcmp(hook, hooknum2str_array[hooknum]) == 0)
+			break;
+	}
+	return hooknum;
+}
+
+static int nft_chain_json_parse(struct nft_chain *c, char *json)
+{
+#ifdef JSON_PARSING
+	json_t *root;
+	json_error_t error;
+	uint64_t uval64;
+	uint32_t policy;
+	int32_t val32;
+	const char *valstr;
+
+	root = nft_jansson_get_root(json, "chain", &error);
+	if (root == NULL)
+		return -1;
+
+	valstr = nft_jansson_value_parse_str(root, "name");
+	if (valstr == NULL)
+		goto err;
+
+	nft_chain_attr_set_str(c, NFT_CHAIN_ATTR_NAME, strdup(valstr));
+
+	if (nft_jansson_value_parse_val(root, "handle", NFT_TYPE_U64,
+					&uval64) == -1)
+		goto err;
+
+	nft_chain_attr_set_u64(c,NFT_CHAIN_ATTR_HANDLE, uval64);
+
+	if (nft_jansson_value_parse_val(root, "bytes", NFT_TYPE_U64,
+					&uval64) == -1)
+		goto err;
+
+	nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_BYTES, uval64);
+
+	if (nft_jansson_value_parse_val(root, "packets", NFT_TYPE_U64,
+					&uval64) == -1)
+		goto err;
+
+	nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_PACKETS, uval64);
+
+	valstr = nft_jansson_value_parse_str(root, "family");
+
+	if (valstr == NULL)
+		goto err;
+
+	val32 = nft_str2family(valstr);
+	if (val32 == -1)
+		goto err;
+
+	nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_FAMILY, val32);
+
+	valstr = nft_jansson_value_parse_str(root, "table");
+
+	if (valstr == NULL)
+		goto err;
+
+	nft_chain_attr_set_str(c, NFT_CHAIN_ATTR_TABLE, strdup(valstr));
+
+	if (nft_jansson_node_exist(root, "hooknum")) {
+		valstr = nft_jansson_value_parse_str(root, "type");
+
+		if (valstr == NULL)
+			goto err;
+
+		nft_chain_attr_set_str(c, NFT_CHAIN_ATTR_TYPE, strdup(valstr));
+
+		if (nft_jansson_value_parse_val(root, "prio", NFT_TYPE_S32,
+						&val32) == -1)
+			goto err;
+
+		nft_chain_attr_set_s32(c, NFT_CHAIN_ATTR_PRIO, val32);
+
+		valstr = nft_jansson_value_parse_str(root, "hooknum");
+		if (valstr == NULL)
+			goto err;
+
+		val32 = nft_str2hooknum(valstr);
+		if (val32 == -1)
+			goto err;
+
+		nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_HOOKNUM, val32);
+
+		valstr = nft_jansson_value_parse_str(root, "policy");
+		if (valstr == NULL)
+			goto err;
+
+		policy = nft_str2verdict(valstr);
+		if (policy == -1)
+			goto err;
+
+		nft_chain_attr_set_u32(c, NFT_CHAIN_ATTR_POLICY, policy);
+	}
+
+	free(root);
+	return 0;
+
+err:
+	free(root);
+	return -1;
+#else
+	errno = EOPNOTSUPP;
+	return -1;
+#endif
+}
+
 static int nft_chain_xml_parse(struct nft_chain *c, char *xml)
 {
 #ifdef XML_PARSING
@@ -649,6 +763,9 @@ int nft_chain_parse(struct nft_chain *c, enum nft_chain_parse_type type,
 	case NFT_CHAIN_PARSE_XML:
 		ret = nft_chain_xml_parse(c, data);
 		break;
+	case NFT_CHAIN_PARSE_JSON:
+		ret = nft_chain_json_parse(c, data);
+		break;
 	default:
 		ret = -1;
 		errno = EOPNOTSUPP;

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[libnftables PATCH 6/7] test:chain:test json parsing support

[Alvaro Neira]

From: Álvaro Neira Ayuso <alvaroneay@gmail.com>

Test the functions for parsing chains in JSON Support

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
 tests/jsonfiles/11-chain.json |    1 +
 tests/jsonfiles/12-chain.json |    1 +
 tests/jsonfiles/13-chain.json |    1 +
 tests/jsonfiles/14-chain.json |    1 +
 tests/nft-parsing-test.c      |    9 +++++++++
 5 files changed, 13 insertions(+)
 create mode 100644 tests/jsonfiles/11-chain.json
 create mode 100644 tests/jsonfiles/12-chain.json
 create mode 100644 tests/jsonfiles/13-chain.json
 create mode 100644 tests/jsonfiles/14-chain.json

diff --git a/tests/jsonfiles/11-chain.json b/tests/jsonfiles/11-chain.json
new file mode 100644
index 0000000..0e71e8f
--- /dev/null
+++ b/tests/jsonfiles/11-chain.json
@@ -0,0 +1 @@
+{ "chain": {"name": "input","handle": 1,"bytes": 1375696,"packets": 4136,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "NF_INET_LOCAL_IN","prio": 0,"policy": "accept"}}
diff --git a/tests/jsonfiles/12-chain.json b/tests/jsonfiles/12-chain.json
new file mode 100644
index 0000000..e841032
--- /dev/null
+++ b/tests/jsonfiles/12-chain.json
@@ -0,0 +1 @@
+{ "chain": {"name": "forward","handle": 2,"bytes": 0,"packets": 0,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "NF_INET_FORWARD","prio": 0,"policy": "accept"}}
diff --git a/tests/jsonfiles/13-chain.json b/tests/jsonfiles/13-chain.json
new file mode 100644
index 0000000..9967233
--- /dev/null
+++ b/tests/jsonfiles/13-chain.json
@@ -0,0 +1 @@
+{ "chain": {"name": "output","handle": 3,"bytes": 454786,"packets": 2681,"family": "ip","table": "filter","use": 0,"type": "filter","hooknum": "NF_INET_LOCAL_OUT","prio": 0,"policy": "accept"}}
diff --git a/tests/jsonfiles/14-chain.json b/tests/jsonfiles/14-chain.json
new file mode 100644
index 0000000..716d022
--- /dev/null
+++ b/tests/jsonfiles/14-chain.json
@@ -0,0 +1 @@
+{ "chain": {"name": "chain1","handle": 4,"bytes": 0,"packets": 0,"family": "ip","table": "filter","use": 0}}
diff --git a/tests/nft-parsing-test.c b/tests/nft-parsing-test.c
index 0734f07..e111fd0 100644
--- a/tests/nft-parsing-test.c
+++ b/tests/nft-parsing-test.c
@@ -24,6 +24,7 @@ static int test_json(const char *filename)
 #ifdef JSON_PARSING
 	int ret = -1;
 	struct nft_table *t = NULL;
+	struct nft_chain *c = NULL;
 	json_t *root;
 	json_error_t error;
 	char *json = NULL;
@@ -47,6 +48,14 @@ static int test_json(const char *filename)
 
 			nft_table_free(t);
 		}
+	} else if (json_object_get(root, "chain") != NULL) {
+		c = nft_chain_alloc();
+		if (c != NULL) {
+			if (nft_chain_parse(c, NFT_CHAIN_PARSE_JSON, json) == 0)
+				ret = 0;
+
+			nft_chain_free(c);
+		}
 	}
 
 	return ret;

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[libnftables PATCH 7/7] examples: Add nft-chain-json-add

[Alvaro Neira]

From: Álvaro Neira Ayuso <alvaroneay@gmail.com>

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
 examples/Makefile.am          |    4 +
 examples/nft-chain-json-add.c |  118 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 122 insertions(+)
 create mode 100644 examples/nft-chain-json-add.c

diff --git a/examples/Makefile.am b/examples/Makefile.am
index 722ce0b..8d76f00 100644
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -8,6 +8,7 @@ check_PROGRAMS = nft-table-add		\
 		 nft-table-get		\
 		 nft-chain-add		\
 		 nft-chain-xml-add	\
+		 nft-chain-json-add	\
 		 nft-chain-del		\
 		 nft-chain-get		\
 		 nft-rule-add		\
@@ -48,6 +49,9 @@ nft_chain_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
 nft_chain_xml_add_SOURCES = nft-chain-xml-add.c
 nft_chain_xml_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
 
+nft_chain_json_add_SOURCES = nft-chain-json-add.c
+nft_chain_json_add_LDADD = ../src/libnftables.la ${LIBMNL_LIBS} ${LIBXML_LIBS} ${LIBJSON_LIBS}
+
 nft_chain_del_SOURCES = nft-chain-del.c
 nft_chain_del_LDADD = ../src/libnftables.la ${LIBMNL_LIBS}
 
diff --git a/examples/nft-chain-json-add.c b/examples/nft-chain-json-add.c
new file mode 100644
index 0000000..42e2d82
--- /dev/null
+++ b/examples/nft-chain-json-add.c
@@ -0,0 +1,118 @@
+/*
+ * (C) 2013 by Álvaro Neira Ayuso <alvaroneay@gmail.com>
+ *
+ * Based on nft-chain-xml-add from:
+ *
+ * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
+ * (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <netinet/in.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include <linux/netfilter.h>
+#include <linux/netfilter/nf_tables.h>
+
+#include <libmnl/libmnl.h>
+#include <libnftables/chain.h>
+#include <libnftables/rule.h>
+
+int main(int argc, char *argv[])
+{
+	struct mnl_socket *nl;
+	char buf[MNL_SOCKET_BUFFER_SIZE];
+	struct nlmsghdr *nlh;
+	uint32_t portid, seq;
+	struct nft_chain *c = NULL;
+	int ret, fd;
+	uint16_t family;
+	char json[4096];
+	char reprint[4096];
+
+	if (argc < 2) {
+		printf("Usage: %s <json-file>\n", argv[0]);
+		exit(EXIT_FAILURE);
+	}
+
+	c = nft_chain_alloc();
+	if (c == NULL) {
+		perror("OOM");
+		exit(EXIT_FAILURE);
+	}
+
+	fd = open(argv[1], O_RDONLY);
+	if (fd < 0) {
+		perror("open");
+		exit(EXIT_FAILURE);
+	}
+
+	if (read(fd, json, sizeof(json)) < 0) {
+		perror("read");
+		close(fd);
+		exit(EXIT_FAILURE);
+	}
+
+	close(fd);
+
+	if (nft_chain_parse(c, NFT_CHAIN_PARSE_JSON, json) < 0) {
+		printf("E: Unable to parse JSON file: %s\n", strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	nft_chain_snprintf(reprint, sizeof(reprint), c, NFT_CHAIN_O_JSON, 0);
+	printf("Parsed:\n%s\n", reprint);
+
+	nft_chain_attr_unset(c, NFT_CHAIN_ATTR_HANDLE);
+	family = nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_FAMILY);
+
+	seq = time(NULL);
+	nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, family,
+					NLM_F_CREATE|NLM_F_ACK, seq);
+	nft_chain_nlmsg_build_payload(nlh, c);
+
+	nft_chain_free(c);
+
+	nl = mnl_socket_open(NETLINK_NETFILTER);
+	if (nl == NULL) {
+		perror("mnl_socket_open");
+		exit(EXIT_FAILURE);
+	}
+
+	if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
+		perror("mnl_socket_bind");
+		exit(EXIT_FAILURE);
+	}
+
+	portid = mnl_socket_get_portid(nl);
+
+	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
+		perror("mnl_socket_send");
+		exit(EXIT_FAILURE);
+	}
+
+	ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
+	while (ret > 0) {
+		ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
+		if (ret <= 0)
+			break;
+		ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
+	}
+	if (ret == -1) {
+		perror("error");
+		exit(EXIT_FAILURE);
+	}
+
+	mnl_socket_close(nl);
+	return EXIT_SUCCESS;
+}

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [libnftables PATCH 1/7] chain: change policy2str function to nft_verdict2str function

[Pablo Neira Ayuso]

Applied from 1/7 to 7/7, I like that you have put care on these
series.

thanks Alvaro.