libnftnl 1.2.9
nft-set-elem-del.c
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
4 *
5 * This software has been sponsored by Sophos Astaro <http://www.sophos.com>
6 */
7
8#include <stdlib.h>
9#include <time.h>
10#include <string.h>
11#include <netinet/in.h>
12
13#include <linux/netfilter.h>
14#include <linux/netfilter/nf_tables.h>
15
16#include <libmnl/libmnl.h>
17#include <libnftnl/set.h>
18
19int main(int argc, char *argv[])
20{
21 char buf[MNL_SOCKET_BUFFER_SIZE];
22 struct mnl_nlmsg_batch *batch;
23 uint32_t portid, seq, family;
24 struct nftnl_set_elem *e;
25 struct mnl_socket *nl;
26 struct nlmsghdr *nlh;
27 struct nftnl_set *s;
28 uint16_t data;
29 int ret;
30
31 if (argc != 4) {
32 fprintf(stderr, "%s <family> <table> <set>\n", argv[0]);
33 exit(EXIT_FAILURE);
34 }
35
36 s = nftnl_set_alloc();
37 if (s == NULL) {
38 perror("OOM");
39 exit(EXIT_FAILURE);
40 }
41
42 seq = time(NULL);
43 if (strcmp(argv[1], "ip") == 0)
44 family = NFPROTO_IPV4;
45 else if (strcmp(argv[1], "ip6") == 0)
46 family = NFPROTO_IPV6;
47 else if (strcmp(argv[1], "inet") == 0)
48 family = NFPROTO_INET;
49 else if (strcmp(argv[1], "bridge") == 0)
50 family = NFPROTO_BRIDGE;
51 else if (strcmp(argv[1], "arp") == 0)
52 family = NFPROTO_ARP;
53 else {
54 fprintf(stderr, "Unknown family: ip, ip6, inet, bridge, arp\n");
55 exit(EXIT_FAILURE);
56 }
57
58 nftnl_set_set_str(s, NFTNL_SET_TABLE, argv[2]);
59 nftnl_set_set_str(s, NFTNL_SET_NAME, argv[3]);
60
61 /* Add to dummy elements to set */
62 e = nftnl_set_elem_alloc();
63 if (e == NULL) {
64 perror("OOM");
65 exit(EXIT_FAILURE);
66 }
67
68 data = 0x1;
69 nftnl_set_elem_set(e, NFTNL_SET_ELEM_KEY, &data, sizeof(data));
70 nftnl_set_elem_add(s, e);
71
72 e = nftnl_set_elem_alloc();
73 if (e == NULL) {
74 perror("OOM");
75 exit(EXIT_FAILURE);
76 }
77 data = 0x2;
78 nftnl_set_elem_set(e, NFTNL_SET_ELEM_KEY, &data, sizeof(data));
79 nftnl_set_elem_add(s, e);
80
81 batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
82
83 nftnl_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
84 mnl_nlmsg_batch_next(batch);
85
86 nlh = nftnl_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
87 NFT_MSG_DELSETELEM, family, NLM_F_ACK, seq);
88 nftnl_set_elems_nlmsg_build_payload(nlh, s);
89 nftnl_set_free(s);
90 mnl_nlmsg_batch_next(batch);
91
92 nftnl_batch_end(mnl_nlmsg_batch_current(batch), seq++);
93 mnl_nlmsg_batch_next(batch);
94
95 nl = mnl_socket_open(NETLINK_NETFILTER);
96 if (nl == NULL) {
97 perror("mnl_socket_open");
98 exit(EXIT_FAILURE);
99 }
100
101 if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
102 perror("mnl_socket_bind");
103 exit(EXIT_FAILURE);
104 }
105 portid = mnl_socket_get_portid(nl);
106
107 ret = mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch),
108 mnl_nlmsg_batch_size(batch));
109 if (ret == -1) {
110 perror("mnl_socket_sendto");
111 exit(EXIT_FAILURE);
112 }
113
114 mnl_nlmsg_batch_stop(batch);
115
116 ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
117 while (ret > 0) {
118 ret = mnl_cb_run(buf, ret, 0, portid, NULL, NULL);
119 if (ret <= 0)
120 break;
121 ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
122 }
123 if (ret == -1) {
124 perror("error");
125 exit(EXIT_FAILURE);
126 }
127 mnl_socket_close(nl);
128
129 return EXIT_SUCCESS;
130}