18 #include <netinet/in.h>
19 #include <sys/types.h>
24 #include <linux/netfilter.h>
25 #include <linux/netfilter/nf_tables.h>
27 #include <libmnl/libmnl.h>
28 #include <libnftnl/chain.h>
29 #include <libnftnl/rule.h>
31 int main(
int argc,
char *argv[])
33 struct mnl_socket *nl;
34 char buf[MNL_SOCKET_BUFFER_SIZE];
42 struct nft_parse_err *err;
45 printf(
"Usage: %s <json-file>\n", argv[0]);
49 c = nft_chain_alloc();
55 fd = open(argv[1], O_RDONLY);
61 if (read(fd, json,
sizeof(json)) < 0) {
67 err = nft_parse_err_alloc();
75 if (nft_chain_parse(c, NFT_PARSE_JSON, json, err) < 0) {
76 nft_parse_perror(
"Unable to parse JSON file", err);
80 nft_chain_snprintf(reprint,
sizeof(reprint), c, NFT_OUTPUT_JSON, 0);
81 printf(
"Parsed:\n%s\n", reprint);
83 nft_chain_attr_unset(c, NFT_CHAIN_ATTR_HANDLE);
84 family = nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_FAMILY);
87 nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, family,
88 NLM_F_CREATE|NLM_F_ACK, seq);
89 nft_chain_nlmsg_build_payload(nlh, c);
92 nft_parse_err_free(err);
94 nl = mnl_socket_open(NETLINK_NETFILTER);
96 perror(
"mnl_socket_open");
100 if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
101 perror(
"mnl_socket_bind");
105 portid = mnl_socket_get_portid(nl);
107 if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
108 perror(
"mnl_socket_send");
112 ret = mnl_socket_recvfrom(nl, buf,
sizeof(buf));
114 ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
117 ret = mnl_socket_recvfrom(nl, buf,
sizeof(buf));
124 mnl_socket_close(nl);