16 #include <arpa/inet.h>
20 #include <linux/netfilter.h>
21 #include <linux/netfilter/nf_tables.h>
23 const char *nft_family2str(uint32_t family)
41 int nft_str2family(
const char *family)
43 if (strcmp(family,
"ip") == 0)
45 else if (strcmp(family,
"ip6") == 0)
47 else if (strcmp(family,
"inet") == 0)
49 else if (strcmp(family,
"bridge") == 0)
51 else if (strcmp(family,
"arp") == 0)
63 [NFT_TYPE_U8] = { .len =
sizeof(uint8_t), .max = UINT8_MAX },
64 [NFT_TYPE_U16] = { .len =
sizeof(uint16_t), .max = UINT16_MAX },
65 [NFT_TYPE_U32] = { .len =
sizeof(uint32_t), .max = UINT32_MAX },
66 [NFT_TYPE_U64] = { .len =
sizeof(uint64_t), .max = UINT64_MAX },
67 [NFT_TYPE_S8] = { .len =
sizeof(int8_t), .min = INT8_MIN, .max = INT8_MAX },
68 [NFT_TYPE_S16] = { .len =
sizeof(int16_t), .min = INT16_MIN, .max = INT16_MAX },
69 [NFT_TYPE_S32] = { .len =
sizeof(int32_t), .min = INT32_MIN, .max = INT32_MAX },
70 [NFT_TYPE_S64] = { .len =
sizeof(int64_t), .min = INT64_MIN, .max = INT64_MAX },
74 int nft_get_value(
enum nft_type type,
void *val,
void *out)
84 uval = *((uint64_t *)val);
85 if (uval > basetype[type].max) {
89 memcpy(out, &uval, basetype[type].len);
95 sval = *((int64_t *)val);
96 if (sval < basetype[type].min ||
97 sval > (int64_t)basetype[type].max) {
101 memcpy(out, &sval, basetype[type].len);
108 int nft_strtoi(
const char *
string,
int base,
void *out,
enum nft_type type)
120 uval = strtoll(
string, &endptr, base);
121 ret = nft_get_value(type, &uval, out);
127 sval = strtoull(
string, &endptr, base);
128 ret = nft_get_value(type, &sval, out);
143 const char *nft_verdict2str(uint32_t verdict)
161 int nft_str2verdict(
const char *verdict,
int *verdict_num)
163 if (strcmp(verdict,
"accept") == 0) {
164 *verdict_num = NF_ACCEPT;
166 }
else if (strcmp(verdict,
"drop") == 0) {
167 *verdict_num = NF_DROP;
169 }
else if (strcmp(verdict,
"return") == 0) {
170 *verdict_num = NFT_RETURN;
172 }
else if (strcmp(verdict,
"jump") == 0) {
173 *verdict_num = NFT_JUMP;
175 }
else if (strcmp(verdict,
"goto") == 0) {
176 *verdict_num = NFT_GOTO;
183 void xfree(
const void *ptr)
188 int nft_fprintf(FILE *fp,
void *obj, uint32_t type, uint32_t flags,
189 int (*snprintf_cb)(
char *buf,
size_t bufsiz,
void *obj,
190 uint32_t type, uint32_t flags))
192 char _buf[NFT_SNPRINTF_BUFSIZ];
194 size_t bufsiz =
sizeof(_buf);
197 ret = snprintf_cb(buf, bufsiz, obj, type, flags);
201 if (ret >= NFT_SNPRINTF_BUFSIZ) {
204 buf = malloc(bufsiz);
208 ret = snprintf_cb(buf, bufsiz, obj, type, flags);
213 ret = fprintf(fp,
"%s", buf);
222 void __nft_assert_fail(uint16_t attr,
const char *filename,
int line)
224 fprintf(stderr,
"libnftnl: attribute %d assertion failed in %s:%d\n",
225 attr, filename, line);