From: khawar shehzad <shehzad.khawar@gmail.com>
To: netfilter@vger.kernel.org
Subject: How to use Netlink to create a concatination based verdict-map element in nftables?
Date: Thu, 14 Sep 2017 09:59:17 +0100 [thread overview]
Message-ID: <7a1e91ed-97ff-6668-271b-62da0756fdce@gmail.com> (raw)
Hi,
I have the following code but not working, can anybody have a look. I
don't know what I am missing here.
int nft_vmap_elem_do(int action, const char* cip, const char* eip, const
char* table, const char* vmap, const char *verdict)
{
struct mnl_socket *nl;
char buf[MNL_SOCKET_BUFFER_SIZE];
struct mnl_nlmsg_batch *batch;
struct nlmsghdr *nlh;
uint32_t portid, seq, family;
struct nftnl_set *s;
struct nftnl_set_elem *e;
uint16_t data;
int ret;
s = nftnl_set_alloc();
if (s == NULL) {
perror("OOM");
exit(EXIT_FAILURE);
}
seq = time(NULL);
family = NFPROTO_IPV6;
nftnl_set_set(s, NFTNL_SET_TABLE, table);
nftnl_set_set(s, NFTNL_SET_NAME, vmap);
nftnl_set_set_u32(s, NFTNL_SET_FLAGS, NFT_SET_MAP);
e = nftnl_set_elem_alloc();
if (e == NULL) {
perror("OOM");
exit(EXIT_FAILURE);
}
struct sockaddr_in6 sa1,sa2;
inet_pton(AF_INET6, cip, &(sa1.sin6_addr));
inet_pton(AF_INET6, eip, &(sa2.sin6_addr));
nftnl_set_elem_set(e, NFTNL_SET_ELEM_KEY, &(sa1.sin6_addr), 16);
nftnl_set_elem_set(e, NFTNL_SET_ELEM_KEY, &(sa2.sin6_addr), 16);
//uint32_t v = htonl(1);
uint32_t v = 1;
nftnl_set_elem_set_u32(e, NFTNL_SET_ELEM_VERDICT, v);
nftnl_set_elem_add(s, e);
batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
switch(action){
case NFT_VMAP_ADD_ELEM:
nft_vmap_elem_do(NFT_VMAP_DEL_ELEM, cip, eip, table, vmap, verdict);
nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
NFT_MSG_NEWSETELEM, family,
NLM_F_CREATE | NLM_F_REPLACE | NLM_F_ACK,
seq++);
break;
case NFT_VMAP_DEL_ELEM:
nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
NFT_MSG_DELSETELEM, family,
NLM_F_ACK,
seq++);
break;
}
nftnl_set_elems_nlmsg_build_payload(nlh, s);
nftnl_set_free(s);
mnl_nlmsg_batch_next(batch);
nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++);
mnl_nlmsg_batch_next(batch);
nl = mnl_socket_open(NETLINK_NETFILTER);
if (nl == NULL) {
perror("mnl_socket_open");
exit(EXIT_FAILURE);
}
if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
perror("mnl_socket_bind");
exit(EXIT_FAILURE);
}
portid = mnl_socket_get_portid(nl);
if (mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch),
mnl_nlmsg_batch_size(batch)) < 0) {
perror("mnl_socket_send");
exit(EXIT_FAILURE);
}
mnl_nlmsg_batch_stop(batch);
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
while (ret > 0) {
ret = mnl_cb_run(buf, ret, 0, portid, NULL, NULL);
if (ret <= 0)
break;
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
}
if (ret == -1) {
perror("error");
//exit(EXIT_FAILURE);
}
mnl_socket_close(nl);
return EXIT_SUCCESS;
}
///////////////////////////////////////////////////////////////
Cheers,
Khawar
next reply other threads:[~2017-09-14 8:59 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-14 8:59 khawar shehzad [this message]
2017-09-18 1:14 ` How to use Netlink to create a concatination based verdict-map element in nftables? Duncan Roe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7a1e91ed-97ff-6668-271b-62da0756fdce@gmail.com \
--to=shehzad.khawar@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox