On Sat, Mar 08, 2014 at 03:00:39PM +0100, Alvaro Neira Ayuso wrote:
> From: Álvaro Neira Ayuso <alvaroneay@xxxxxxxxx>
>
> Fixed the example for deleting rules. Before this patch,
> the program tried to delete the rule without using
> the correct header
>
> Signed-off-by: Alvaro Neira Ayuso <alvaroneay@xxxxxxxxx>
> ---
> examples/nft-rule-del.c | 43 +++++++++++++++++++++++++++++++++++++++----
> 1 file changed, 39 insertions(+), 4 deletions(-)
>
> diff --git a/examples/nft-rule-del.c b/examples/nft-rule-del.c
> index 6f665b0..06a28c7 100644
> --- a/examples/nft-rule-del.c
> +++ b/examples/nft-rule-del.c
> @@ -17,15 +17,33 @@
>
> #include <linux/netfilter.h>
> #include <linux/netfilter/nf_tables.h>
> +#include <linux/netfilter/nfnetlink.h>
>
> #include <libmnl/libmnl.h>
> #include <libnftnl/rule.h>
>
> +static void nft_mnl_batch_put(char *buf, uint16_t type, uint32_t seq)
> +{
> + struct nlmsghdr *nlh;
> + struct nfgenmsg *nfg;
> +
> + nlh = mnl_nlmsg_put_header(buf);
> + nlh->nlmsg_type = type;
> + nlh->nlmsg_flags = NLM_F_REQUEST;
> + nlh->nlmsg_seq = seq;
> +
> + nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
> + nfg->nfgen_family = AF_INET;
> + nfg->version = NFNETLINK_V0;
> + nfg->res_id = NFNL_SUBSYS_NFTABLES;
> +}
> +
> int main(int argc, char *argv[])
> {
> struct mnl_socket *nl;
> char buf[MNL_SOCKET_BUFFER_SIZE];
> struct nlmsghdr *nlh;
> + struct mnl_nlmsg_batch *batch;
> uint32_t portid, seq;
> struct nft_rule *r = NULL;
> int ret, family;
> @@ -56,8 +74,6 @@ int main(int argc, char *argv[])
> }
>
> seq = time(NULL);
> - nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_DELRULE, family,
> - NLM_F_ACK, seq);
> nft_rule_attr_set(r, NFT_RULE_ATTR_TABLE, argv[2]);
> nft_rule_attr_set(r, NFT_RULE_ATTR_CHAIN, argv[3]);
>
> @@ -69,8 +85,24 @@ int main(int argc, char *argv[])
> nft_rule_snprintf(tmp, sizeof(tmp), r, 0, 0);
> printf("%s\n", tmp);
>
> + batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
> +
> + nft_mnl_batch_put(mnl_nlmsg_batch_current(batch),
> + NFNL_MSG_BATCH_BEGIN, seq++);
> + mnl_nlmsg_batch_next(batch);
> +
> + nlh = nft_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
> + NFT_MSG_DELRULE,
> + family,
> + NLM_F_ACK, seq++);
> +
> nft_rule_nlmsg_build_payload(nlh, r);
> nft_rule_free(r);
> + mnl_nlmsg_batch_next(batch);
> +
> + nft_mnl_batch_put(mnl_nlmsg_batch_current(batch), NFNL_MSG_BATCH_END,
> + seq++);
Wrong coding style, this has to be:
nft_mnl_batch_put(mnl_nlmsg_batch_current(batch), NFNL_MSG_BATCH_END,
seq++);
> + mnl_nlmsg_batch_next(batch);
>
> nl = mnl_socket_open(NETLINK_NETFILTER);
> if (nl == NULL) {
> @@ -84,14 +116,17 @@ int main(int argc, char *argv[])
> }
> portid = mnl_socket_get_portid(nl);
>
> - if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
> + if (mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch),
> + mnl_nlmsg_batch_size(batch)) < 0) {
> perror("mnl_socket_send");
> exit(EXIT_FAILURE);
> }
>
> + mnl_nlmsg_batch_stop(batch);
> +
> ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
> while (ret > 0) {
> - ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
> + ret = mnl_cb_run(buf, ret, 0, portid, NULL, NULL);
> if (ret <= 0)
> break;
> ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
