Re: [libnftnl PATCH 2/3] example/nft-rule-insert: fixed and merged this example with nft-rule-add

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Sat, 8 Mar 2014 15:16:53 +0100

On Sat, Mar 08, 2014 at 03:00:45PM +0100, Alvaro Neira Ayuso wrote:
> From: Álvaro Neira Ayuso <anayuso@xxxxxxxxxxx>
> 
> Merged the example for inserting rules and fixed for using
> the correct header.
> 
> Signed-off-by: Alvaro Neira Ayuso <alvaroneay@xxxxxxxxx>
> Signed-off-by: Alvaro Neira Ayuso <anayuso@xxxxxxxxxxx>
> ---
>  examples/nft-rule-add.c |   16 +++++++++++++---
>  1 file changed, 13 insertions(+), 3 deletions(-)
> 
> diff --git a/examples/nft-rule-add.c b/examples/nft-rule-add.c
> index 21b3bf8..7407a78 100644
> --- a/examples/nft-rule-add.c
> +++ b/examples/nft-rule-add.c
> @@ -80,11 +80,12 @@ static void add_counter(struct nft_rule *r)
>  }
>  
>  static struct nft_rule *setup_rule(uint8_t family, const char *table,
> -				   const char *chain)
> +				   const char *chain, const char *handle)
>  {
>  	struct nft_rule *r = NULL;
>  	uint8_t proto;
>  	uint16_t dport;
> +	uint64_t hand;

Oh, this variable name is horrible, better handle_num?

>  	r = nft_rule_alloc();
>  	if (r == NULL) {
> @@ -96,6 +97,12 @@ static struct nft_rule *setup_rule(uint8_t family, const char *table,
>  	nft_rule_attr_set(r, NFT_RULE_ATTR_CHAIN, chain);
>  	nft_rule_attr_set_u32(r, NFT_RULE_ATTR_FAMILY, family);
>  
> +	if (handle != NULL) {
> +		printf("entra\n");
                ^----------------^

I think you have to remove that.

> +		hand = atoi(handle);

This is u64, atoi is just 32 bits. You can use atoll or strtoull.

> +		nft_rule_attr_set(r, NFT_RULE_ATTR_POSITION, &hand);

Use nft_rule_attr_set_u64, please.

> +	}
> +
>  	proto = IPPROTO_TCP;
>  	add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,
>  		    offsetof(struct iphdr, protocol), sizeof(uint8_t));
> @@ -138,7 +145,7 @@ int main(int argc, char *argv[])
>  	uint32_t seq = time(NULL);
>  	int ret;
>  
> -	if (argc != 4) {
> +	if (argc < 4 || argc > 5) {
>  		fprintf(stderr, "Usage: %s <family> <table> <chain>\n", argv[0]);
>  		exit(EXIT_FAILURE);
>  	}
> @@ -152,7 +159,10 @@ int main(int argc, char *argv[])
>  		exit(EXIT_FAILURE);
>  	}
>  
> -	r = setup_rule(family, argv[2], argv[3]);
> +	if (argc != 5)
> +		r = setup_rule(family, argv[2], argv[3], NULL);
> +	else
> +		r = setup_rule(family, argv[2], argv[3], argv[4]);
>  
>  	nl = mnl_socket_open(NETLINK_NETFILTER);
>  	if (nl == NULL) {
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html