From: Álvaro Neira Ayuso <anayuso@xxxxxxxxxxx>
Merged the example for inserting rules and fixed for using
the correct header.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@xxxxxxxxx>
Signed-off-by: Alvaro Neira Ayuso <anayuso@xxxxxxxxxxx>
---
examples/nft-rule-add.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/examples/nft-rule-add.c b/examples/nft-rule-add.c
index 21b3bf8..7407a78 100644
--- a/examples/nft-rule-add.c
+++ b/examples/nft-rule-add.c
@@ -80,11 +80,12 @@ static void add_counter(struct nft_rule *r)
}
static struct nft_rule *setup_rule(uint8_t family, const char *table,
- const char *chain)
+ const char *chain, const char *handle)
{
struct nft_rule *r = NULL;
uint8_t proto;
uint16_t dport;
+ uint64_t hand;
r = nft_rule_alloc();
if (r == NULL) {
@@ -96,6 +97,12 @@ static struct nft_rule *setup_rule(uint8_t family, const char *table,
nft_rule_attr_set(r, NFT_RULE_ATTR_CHAIN, chain);
nft_rule_attr_set_u32(r, NFT_RULE_ATTR_FAMILY, family);
+ if (handle != NULL) {
+ printf("entra\n");
+ hand = atoi(handle);
+ nft_rule_attr_set(r, NFT_RULE_ATTR_POSITION, &hand);
+ }
+
proto = IPPROTO_TCP;
add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,
offsetof(struct iphdr, protocol), sizeof(uint8_t));
@@ -138,7 +145,7 @@ int main(int argc, char *argv[])
uint32_t seq = time(NULL);
int ret;
- if (argc != 4) {
+ if (argc < 4 || argc > 5) {
fprintf(stderr, "Usage: %s <family> <table> <chain>\n", argv[0]);
exit(EXIT_FAILURE);
}
@@ -152,7 +159,10 @@ int main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
- r = setup_rule(family, argv[2], argv[3]);
+ if (argc != 5)
+ r = setup_rule(family, argv[2], argv[3], NULL);
+ else
+ r = setup_rule(family, argv[2], argv[3], argv[4]);
nl = mnl_socket_open(NETLINK_NETFILTER);
if (nl == NULL) {
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
