Hi Pablo,
2013/7/26 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>:
> Hi Giuseppe,
>
> On Fri, Jul 26, 2013 at 01:05:17PM +0200, Giuseppe Longo wrote:
> [...]
>> diff --git a/iptables/xtables-config.c b/iptables/xtables-config.c
>> index b7cf609..d61b762 100644
>> --- a/iptables/xtables-config.c
>> +++ b/iptables/xtables-config.c
>> @@ -15,6 +15,7 @@
>> #include <stdbool.h>
>> #include <string.h>
>> #include <errno.h>
>> +#include <libmnl/libmnl.h>
>>
>> #include "xtables-multi.h"
>> #include "nft.h"
>> @@ -35,11 +36,17 @@ int xtables_config_main(int argc, char *argv[])
>> else
>> filename = argv[1];
>>
>> - if (nft_init(&h, xtables_ipv4) < 0) {
>> - fprintf(stderr, "Failed to initialize nft: %s\n",
>> - strerror(errno));
>> - return EXIT_FAILURE;
>> + h.nl = mnl_socket_open(NETLINK_NETFILTER);
>> + if (h.nl == NULL) {
>> + perror("mnl_socket_open");
>> + return -1;
>> }
>> + if (mnl_socket_bind(h.nl, 0, MNL_SOCKET_AUTOPID) < 0) {
>> + perror("mnl_socket_bind");
>> + return -1;
>> + }
>> + h.portid = mnl_socket_get_portid(h.nl);
>> + h.tables = xtables_ipv4;
>
> Hm, why do we need this here?
The idea is to initialize nft_handle h without nft_init and after load
the file, otherwise using nft_init the file is load 2 times. (First in
nft_init and after with nft_xtables_config_load).
This should make code more cleaner.
Regards
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
