[libnftnl PATCH 1/3] examples: fix nft-chain-add by adding batching support

[libnftnl PATCH 1/3] examples: fix nft-chain-add by adding batching support

[Arturo Borrero Gonzalez]

This code example doesn't work, as the kernel API is only listening to messages
in batches.

This patch updates the example to add the needed batching support.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 examples/nft-chain-add.c |   59 +++++++++++++++++++++++++++++++++++++---------
 1 file changed, 47 insertions(+), 12 deletions(-)

diff --git a/examples/nft-chain-add.c b/examples/nft-chain-add.c
index 3edff86..ac55b4f 100644
--- a/examples/nft-chain-add.c
+++ b/examples/nft-chain-add.c
@@ -15,14 +15,32 @@
 #include <netinet/in.h>
 
 #include <linux/netfilter.h>
+#include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
 #include <libnftnl/chain.h>
 
+static void nft_mnl_batch_put(char *buf, uint16_t type, uint32_t seq)
+{
+	struct nlmsghdr *nlh;
+	struct nfgenmsg *nfg;
+
+	nlh = mnl_nlmsg_put_header(buf);
+	nlh->nlmsg_type = type;
+	nlh->nlmsg_flags = NLM_F_REQUEST;
+	nlh->nlmsg_seq = seq;
+
+	nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
+	nfg->nfgen_family = AF_INET;
+	nfg->version = NFNETLINK_V0;
+	nfg->res_id = NFNL_SUBSYS_NFTABLES;
+}
+
 int main(int argc, char *argv[])
 {
 	struct mnl_socket *nl;
+	struct mnl_nlmsg_batch *batch;
 	char buf[MNL_SOCKET_BUFFER_SIZE];
 	struct nlmsghdr *nlh;
 	uint32_t portid, seq;
@@ -72,9 +90,17 @@ int main(int argc, char *argv[])
 		perror("OOM");
 		exit(EXIT_FAILURE);
 	}
+
 	seq = time(NULL);
-	nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, family,
-					NLM_F_EXCL|NLM_F_ACK, seq);
+	batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
+
+	nft_mnl_batch_put(mnl_nlmsg_batch_current(batch),
+			  NFNL_MSG_BATCH_BEGIN, seq++);
+	mnl_nlmsg_batch_next(batch);
+
+	nlh = nft_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+					NFT_MSG_NEWCHAIN, family,
+					NLM_F_ACK, seq++);
 	nft_chain_attr_set(t, NFT_CHAIN_ATTR_TABLE, argv[2]);
 	nft_chain_attr_set(t, NFT_CHAIN_ATTR_NAME, argv[3]);
 	if (argc == 6) {
@@ -83,6 +109,11 @@ int main(int argc, char *argv[])
 	}
 	nft_chain_nlmsg_build_payload(nlh, t);
 	nft_chain_free(t);
+	mnl_nlmsg_batch_next(batch);
+
+	nft_mnl_batch_put(mnl_nlmsg_batch_current(batch), NFNL_MSG_BATCH_END,
+			  seq++);
+	mnl_nlmsg_batch_next(batch);
 
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL) {
@@ -96,23 +127,27 @@ int main(int argc, char *argv[])
 	}
 	portid = mnl_socket_get_portid(nl);
 
-	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
-		perror("mnl_socket_send");
+	ret = mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch),
+				mnl_nlmsg_batch_size(batch));
+	if (ret == -1) {
+		perror("mnl_socket_sendto");
 		exit(EXIT_FAILURE);
 	}
 
+	mnl_nlmsg_batch_stop(batch);
+
 	ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
-	while (ret > 0) {
-		ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
-		if (ret <= 0)
-			break;
-		ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
-	}
 	if (ret == -1) {
-		perror("error");
+		perror("mnl_socket_recvfrom");
 		exit(EXIT_FAILURE);
 	}
-	mnl_socket_close(nl);
 
+	ret = mnl_cb_run(buf, ret, 0, portid, NULL, NULL);
+	if (ret < 0) {
+		perror("mnl_cb_run");
+		exit(EXIT_FAILURE);
+	}
+
+	mnl_socket_close(nl);
 	return EXIT_SUCCESS;
 }

[libnftnl PATCH 2/3] examples: fix nft-chain-del by adding batching support

[Arturo Borrero Gonzalez]

This code example doesn't work, as the kernel API is only listening to messages
in batches.

This patch updates the example to add the needed batching support.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 examples/nft-chain-del.c |   42 ++++++++++++++++++++++++++++++++++++++----
 1 file changed, 38 insertions(+), 4 deletions(-)

diff --git a/examples/nft-chain-del.c b/examples/nft-chain-del.c
index c87ab92..f72a916 100644
--- a/examples/nft-chain-del.c
+++ b/examples/nft-chain-del.c
@@ -15,14 +15,32 @@
 #include <netinet/in.h>
 
 #include <linux/netfilter.h>
+#include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nf_tables.h>
 
 #include <libmnl/libmnl.h>
 #include <libnftnl/chain.h>
 
+static void nft_mnl_batch_put(char *buf, uint16_t type, uint32_t seq)
+{
+	struct nlmsghdr *nlh;
+	struct nfgenmsg *nfg;
+
+	nlh = mnl_nlmsg_put_header(buf);
+	nlh->nlmsg_type = type;
+	nlh->nlmsg_flags = NLM_F_REQUEST;
+	nlh->nlmsg_seq = seq;
+
+	nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
+	nfg->nfgen_family = AF_INET;
+	nfg->version = NFNETLINK_V0;
+	nfg->res_id = NFNL_SUBSYS_NFTABLES;
+}
+
 int main(int argc, char *argv[])
 {
 	struct mnl_socket *nl;
+	struct mnl_nlmsg_batch *batch;
 	char buf[MNL_SOCKET_BUFFER_SIZE];
 	struct nlmsghdr *nlh;
 	uint32_t portid, seq;
@@ -53,13 +71,26 @@ int main(int argc, char *argv[])
 		perror("OOM");
 		exit(EXIT_FAILURE);
 	}
+	batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
+
 	seq = time(NULL);
-	nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_DELCHAIN, family,
-					NLM_F_ACK, seq);
+	nft_mnl_batch_put(mnl_nlmsg_batch_current(batch),
+			  NFNL_MSG_BATCH_BEGIN, seq++);
+	mnl_nlmsg_batch_next(batch);
+
+
+	nlh = nft_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+					NFT_MSG_DELCHAIN, family,
+					NLM_F_ACK, seq++);
 	nft_chain_attr_set(t, NFT_CHAIN_ATTR_TABLE, argv[2]);
 	nft_chain_attr_set(t, NFT_CHAIN_ATTR_NAME, argv[3]);
 	nft_chain_nlmsg_build_payload(nlh, t);
 	nft_chain_free(t);
+	mnl_nlmsg_batch_next(batch);
+
+	nft_mnl_batch_put(mnl_nlmsg_batch_current(batch), NFNL_MSG_BATCH_END,
+			  seq++);
+	mnl_nlmsg_batch_next(batch);
 
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL) {
@@ -73,14 +104,17 @@ int main(int argc, char *argv[])
 	}
 	portid = mnl_socket_get_portid(nl);
 
-	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
+	if (mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch),
+			      mnl_nlmsg_batch_size(batch)) < 0) {
 		perror("mnl_socket_send");
 		exit(EXIT_FAILURE);
 	}
 
+	mnl_nlmsg_batch_stop(batch);
+
 	ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
 	while (ret > 0) {
-		ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
+		ret = mnl_cb_run(buf, ret, 0, portid, NULL, NULL);
 		if (ret <= 0)
 			break;
 		ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));

[libnftnl PATCH 3/3] examples: fix and merge nft-chain-{xml|json}-add.c

[Arturo Borrero Gonzalez]

These code examples don't work because they don't support batching, what
the kernel subsystem understand to interact with the API.

This patch adds the nedded batching support.

While at it merge the two examples in only one, with an input argument to
know the format.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 examples/Makefile.am           |   10 +-
 examples/nft-chain-json-add.c  |  126 ------------------------------
 examples/nft-chain-parse-add.c |  167 ++++++++++++++++++++++++++++++++++++++++
 examples/nft-chain-xml-add.c   |  126 ------------------------------
 4 files changed, 170 insertions(+), 259 deletions(-)
 delete mode 100644 examples/nft-chain-json-add.c
 create mode 100644 examples/nft-chain-parse-add.c
 delete mode 100644 examples/nft-chain-xml-add.c

diff --git a/examples/Makefile.am b/examples/Makefile.am
index c45b9df..f35924d 100644
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -7,8 +7,7 @@ check_PROGRAMS = nft-table-add		\
 		 nft-table-del		\
 		 nft-table-get		\
 		 nft-chain-add		\
-		 nft-chain-xml-add	\
-		 nft-chain-json-add	\
+		 nft-chain-parse-add	\
 		 nft-chain-del		\
 		 nft-chain-get		\
 		 nft-rule-add		\
@@ -48,11 +47,8 @@ nft_table_get_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 nft_chain_add_SOURCES = nft-chain-add.c
 nft_chain_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
-nft_chain_xml_add_SOURCES = nft-chain-xml-add.c
-nft_chain_xml_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
-
-nft_chain_json_add_SOURCES = nft-chain-json-add.c
-nft_chain_json_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS} ${LIBXML_LIBS} ${LIBJSON_LIBS}
+nft_chain_parse_add_SOURCES = nft-chain-parse-add.c
+nft_chain_parse_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_chain_del_SOURCES = nft-chain-del.c
 nft_chain_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
diff --git a/examples/nft-chain-json-add.c b/examples/nft-chain-json-add.c
deleted file mode 100644
index 4fd0551..0000000
--- a/examples/nft-chain-json-add.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * (C) 2013 by Álvaro Neira Ayuso <alvaroneay@gmail.com>
- *
- * Based on nft-chain-xml-add from:
- *
- * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
- * (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- */
-
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <netinet/in.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <errno.h>
-
-#include <linux/netfilter.h>
-#include <linux/netfilter/nf_tables.h>
-
-#include <libmnl/libmnl.h>
-#include <libnftnl/chain.h>
-#include <libnftnl/rule.h>
-
-int main(int argc, char *argv[])
-{
-	struct mnl_socket *nl;
-	char buf[MNL_SOCKET_BUFFER_SIZE];
-	struct nlmsghdr *nlh;
-	uint32_t portid, seq;
-	struct nft_chain *c = NULL;
-	int ret, fd;
-	uint16_t family;
-	char json[4096];
-	char reprint[4096];
-	struct nft_parse_err *err;
-
-	if (argc < 2) {
-		printf("Usage: %s <json-file>\n", argv[0]);
-		exit(EXIT_FAILURE);
-	}
-
-	c = nft_chain_alloc();
-	if (c == NULL) {
-		perror("OOM");
-		exit(EXIT_FAILURE);
-	}
-
-	fd = open(argv[1], O_RDONLY);
-	if (fd < 0) {
-		perror("open");
-		exit(EXIT_FAILURE);
-	}
-
-	if (read(fd, json, sizeof(json)) < 0) {
-		perror("read");
-		close(fd);
-		exit(EXIT_FAILURE);
-	}
-
-	err = nft_parse_err_alloc();
-	if (err == NULL) {
-		perror("error");
-		exit(EXIT_FAILURE);
-	}
-
-	close(fd);
-
-	if (nft_chain_parse(c, NFT_PARSE_JSON, json, err) < 0) {
-		nft_parse_perror("Unable to parse JSON file", err);
-		exit(EXIT_FAILURE);
-	}
-
-	nft_chain_snprintf(reprint, sizeof(reprint), c, NFT_OUTPUT_JSON, 0);
-	printf("Parsed:\n%s\n", reprint);
-
-	nft_chain_attr_unset(c, NFT_CHAIN_ATTR_HANDLE);
-	family = nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_FAMILY);
-
-	seq = time(NULL);
-	nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, family,
-					NLM_F_CREATE|NLM_F_ACK, seq);
-	nft_chain_nlmsg_build_payload(nlh, c);
-
-	nft_chain_free(c);
-	nft_parse_err_free(err);
-
-	nl = mnl_socket_open(NETLINK_NETFILTER);
-	if (nl == NULL) {
-		perror("mnl_socket_open");
-		exit(EXIT_FAILURE);
-	}
-
-	if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
-		perror("mnl_socket_bind");
-		exit(EXIT_FAILURE);
-	}
-
-	portid = mnl_socket_get_portid(nl);
-
-	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
-		perror("mnl_socket_send");
-		exit(EXIT_FAILURE);
-	}
-
-	ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
-	while (ret > 0) {
-		ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
-		if (ret <= 0)
-			break;
-		ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
-	}
-	if (ret == -1) {
-		perror("error");
-		exit(EXIT_FAILURE);
-	}
-
-	mnl_socket_close(nl);
-	return EXIT_SUCCESS;
-}
diff --git a/examples/nft-chain-parse-add.c b/examples/nft-chain-parse-add.c
new file mode 100644
index 0000000..69e7114
--- /dev/null
+++ b/examples/nft-chain-parse-add.c
@@ -0,0 +1,167 @@
+/*
+ * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
+ * (C) 2013 by Álvaro Neira Ayuso <alvaroneay@gmail.com>
+ * (C) 2014 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
+ */
+
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <netinet/in.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include <linux/netfilter.h>
+#include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter/nfnetlink.h>
+
+#include <libmnl/libmnl.h>
+#include <libnftnl/chain.h>
+#include <libnftnl/rule.h>
+
+static void nft_mnl_batch_put(char *buf, uint16_t type, uint32_t seq)
+{
+	struct nlmsghdr *nlh;
+	struct nfgenmsg *nfg;
+
+	nlh = mnl_nlmsg_put_header(buf);
+	nlh->nlmsg_type = type;
+	nlh->nlmsg_flags = NLM_F_REQUEST;
+	nlh->nlmsg_seq = seq;
+
+	nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
+	nfg->nfgen_family = AF_INET;
+	nfg->version = NFNETLINK_V0;
+	nfg->res_id = NFNL_SUBSYS_NFTABLES;
+}
+
+int main(int argc, char *argv[])
+{
+	struct mnl_socket *nl;
+	struct mnl_nlmsg_batch *batch;
+	char buf[MNL_SOCKET_BUFFER_SIZE];
+	struct nlmsghdr *nlh;
+	uint32_t portid, seq;
+	struct nft_chain *c = NULL;
+	int ret, fd;
+	uint16_t family, format, outformat;
+	char data[4096];
+	struct nft_parse_err *err;
+
+	if (argc < 3) {
+		printf("Usage: %s {xml|json} <file>\n", argv[0]);
+		exit(EXIT_FAILURE);
+	}
+
+	if (strcmp(argv[1], "xml") == 0) {
+		format = NFT_PARSE_XML;
+		outformat = NFT_OUTPUT_XML;
+	} else if (strcmp(argv[1], "json") == 0) {
+		format = NFT_PARSE_JSON;
+		outformat = NFT_OUTPUT_JSON;
+	} else {
+		fprintf(stderr, "Unknow format: xml, json\n");
+		exit(EXIT_FAILURE);
+	}
+
+
+	c = nft_chain_alloc();
+	if (c == NULL) {
+		perror("OOM");
+		exit(EXIT_FAILURE);
+	}
+
+	err = nft_parse_err_alloc();
+	if (err == NULL) {
+		perror("error");
+		exit(EXIT_FAILURE);
+	}
+
+	fd = open(argv[2], O_RDONLY);
+	if (fd < 0) {
+		perror("open");
+		exit(EXIT_FAILURE);
+	}
+
+	if (read(fd, data, sizeof(data)) < 0) {
+		perror("read");
+		close(fd);
+		exit(EXIT_FAILURE);
+	}
+
+	close(fd);
+
+	if (nft_chain_parse(c, format, data, err) < 0) {
+		nft_parse_perror("Unable to parse file", err);
+		exit(EXIT_FAILURE);
+	}
+
+	nft_chain_fprintf(stdout, c, outformat, 0);
+	fprintf(stdout, "\n");
+
+	nft_chain_attr_unset(c, NFT_CHAIN_ATTR_HANDLE);
+	family = nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_FAMILY);
+
+	seq = time(NULL);
+	batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
+
+	nft_mnl_batch_put(mnl_nlmsg_batch_current(batch),
+			  NFNL_MSG_BATCH_BEGIN, seq++);
+	mnl_nlmsg_batch_next(batch);
+
+	nlh = nft_chain_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+					NFT_MSG_NEWCHAIN, family,
+					NLM_F_CREATE|NLM_F_ACK, seq++);
+	nft_chain_nlmsg_build_payload(nlh, c);
+	nft_chain_free(c);
+	nft_parse_err_free(err);
+	mnl_nlmsg_batch_next(batch);
+
+	nl = mnl_socket_open(NETLINK_NETFILTER);
+	if (nl == NULL) {
+		perror("mnl_socket_open");
+		exit(EXIT_FAILURE);
+	}
+
+	if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
+		perror("mnl_socket_bind");
+		exit(EXIT_FAILURE);
+	}
+
+	portid = mnl_socket_get_portid(nl);
+
+	nft_mnl_batch_put(mnl_nlmsg_batch_current(batch), NFNL_MSG_BATCH_END,
+			  seq++);
+	mnl_nlmsg_batch_next(batch);
+
+	ret = mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch),
+				mnl_nlmsg_batch_size(batch));
+	if (ret == -1) {
+		perror("mnl_socket_sendto");
+		exit(EXIT_FAILURE);
+	}
+
+	ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
+	if (ret == -1) {
+		perror("mnl_socket_recvfrom");
+		exit(EXIT_FAILURE);
+	}
+
+	ret = mnl_cb_run(buf, ret, 0, portid, NULL, NULL);
+	if (ret < 0) {
+		perror("mnl_cb_run");
+		exit(EXIT_FAILURE);
+	}
+
+	mnl_socket_close(nl);
+	return EXIT_SUCCESS;
+}
diff --git a/examples/nft-chain-xml-add.c b/examples/nft-chain-xml-add.c
deleted file mode 100644
index 5d26af6..0000000
--- a/examples/nft-chain-xml-add.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
- * (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
- */
-
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <netinet/in.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <errno.h>
-
-#include <linux/netfilter.h>
-#include <linux/netfilter/nf_tables.h>
-
-#include <libmnl/libmnl.h>
-#include <libnftnl/chain.h>
-#include <libnftnl/rule.h>
-
-int main(int argc, char *argv[])
-{
-	struct mnl_socket *nl;
-	char buf[MNL_SOCKET_BUFFER_SIZE];
-	struct nlmsghdr *nlh;
-	uint32_t portid, seq;
-	struct nft_chain *c = NULL;
-	int ret, fd;
-	uint16_t family;
-	char xml[4096];
-	char reprint[4096];
-	struct nft_parse_err *err;
-
-	if (argc < 2) {
-		printf("Usage: %s <xml-file>\n", argv[0]);
-		exit(EXIT_FAILURE);
-	}
-
-	c = nft_chain_alloc();
-	if (c == NULL) {
-		perror("OOM");
-		exit(EXIT_FAILURE);
-	}
-
-	err = nft_parse_err_alloc();
-	if (err == NULL) {
-		perror("error");
-		exit(EXIT_FAILURE);
-	}
-
-        fd = open(argv[1], O_RDONLY);
-        if (fd < 0) {
-                perror("open");
-                exit(EXIT_FAILURE);
-        }
-
-        if (read(fd, xml, sizeof(xml)) < 0) {
-                perror("read");
-                close(fd);
-                exit(EXIT_FAILURE);
-        }
-
-	close(fd);
-
-	if (nft_chain_parse(c, NFT_PARSE_XML, xml, err) < 0) {
-		nft_parse_perror("Unable to parse XML file", err);
-		exit(EXIT_FAILURE);
-	}
-
-	nft_chain_snprintf(reprint, sizeof(reprint), c, NFT_OUTPUT_XML, 0);
-	printf("Parsed:\n%s\n", reprint);
-
-	nft_chain_attr_unset(c, NFT_CHAIN_ATTR_HANDLE);
-	family = nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_FAMILY);
-
-	seq = time(NULL);
-	nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, family,
-					NLM_F_CREATE|NLM_F_ACK, seq);
-	nft_chain_nlmsg_build_payload(nlh, c);
-
-	nft_chain_free(c);
-	nft_parse_err_free(err);
-
-	nl = mnl_socket_open(NETLINK_NETFILTER);
-	if (nl == NULL) {
-		perror("mnl_socket_open");
-		exit(EXIT_FAILURE);
-	}
-
-	if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
-		perror("mnl_socket_bind");
-		exit(EXIT_FAILURE);
-	}
-
-	portid = mnl_socket_get_portid(nl);
-
-	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
-		perror("mnl_socket_send");
-		exit(EXIT_FAILURE);
-	}
-
-	ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
-	while (ret > 0) {
-		ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
-		if (ret <= 0)
-			break;
-		ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
-
-	}
-	if (ret == -1) {
-		perror("error");
-		exit(EXIT_FAILURE);
-	}
-
-
-	mnl_socket_close(nl);
-	return EXIT_SUCCESS;
-}

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [libnftnl PATCH 1/3] examples: fix nft-chain-add by adding batching support

[Pablo Neira Ayuso]

Hi Arturo,

On Mon, Aug 11, 2014 at 12:19:38PM +0200, Arturo Borrero Gonzalez wrote:
> This code example doesn't work, as the kernel API is only listening to messages
> in batches.
> 
> This patch updates the example to add the needed batching support.

I just sent three patches to the mailing list. Could you rework these
patches to use the batching interface? I have included the rework of
the chain-add as example.

Thanks.