16 #include <netinet/in.h>
17 #include <sys/types.h>
22 #include <linux/netfilter.h>
23 #include <linux/netfilter/nf_tables.h>
25 #include <libmnl/libmnl.h>
26 #include <libnftnl/chain.h>
27 #include <libnftnl/rule.h>
29 int main(
int argc,
char *argv[])
31 struct mnl_socket *nl;
32 char buf[MNL_SOCKET_BUFFER_SIZE];
40 struct nft_parse_err *err;
43 printf(
"Usage: %s <xml-file>\n", argv[0]);
47 c = nft_chain_alloc();
53 err = nft_parse_err_alloc();
59 fd = open(argv[1], O_RDONLY);
65 if (read(fd, xml,
sizeof(xml)) < 0) {
73 if (nft_chain_parse(c, NFT_PARSE_XML, xml, err) < 0) {
74 nft_parse_perror(
"Unable to parse XML file", err);
78 nft_chain_snprintf(reprint,
sizeof(reprint), c, NFT_OUTPUT_XML, 0);
79 printf(
"Parsed:\n%s\n", reprint);
81 nft_chain_attr_unset(c, NFT_CHAIN_ATTR_HANDLE);
82 family = nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_FAMILY);
85 nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, family,
86 NLM_F_CREATE|NLM_F_ACK, seq);
87 nft_chain_nlmsg_build_payload(nlh, c);
90 nft_parse_err_free(err);
92 nl = mnl_socket_open(NETLINK_NETFILTER);
94 perror(
"mnl_socket_open");
98 if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
99 perror(
"mnl_socket_bind");
103 portid = mnl_socket_get_portid(nl);
105 if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
106 perror(
"mnl_socket_send");
110 ret = mnl_socket_recvfrom(nl, buf,
sizeof(buf));
112 ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
115 ret = mnl_socket_recvfrom(nl, buf,
sizeof(buf));
124 mnl_socket_close(nl);