netfilter
firewalling, NAT, and packet mangling for linux
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
Data Structures | Macros | Enumerations | Functions | Variables
nft.c File Reference
#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <stdbool.h>
#include <errno.h>
#include <netdb.h>
#include <time.h>
#include <stdarg.h>
#include <inttypes.h>
#include <xtables.h>
#include <libiptc/libxtc.h>
#include <libiptc/xtcshared.h>
#include <stdlib.h>
#include <string.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <netinet/ip6.h>
#include <linux/netlink.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
#include <linux/netfilter/nf_tables_compat.h>
#include <libmnl/libmnl.h>
#include <libnftnl/table.h>
#include <libnftnl/chain.h>
#include <libnftnl/rule.h>
#include <libnftnl/expr.h>
#include <libnftnl/set.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include "nft.h"
#include "xshared.h"
#include "nft-shared.h"
#include "xtables-config-parser.h"
#include <linux/netfilter_arp.h>
Include dependency graph for nft.c:

Data Structures

struct  batch_page
 
struct  obj_update
 

Macros

#define BATCH_PAGE_SIZE   getpagesize() * 32
 

Enumerations

enum  obj_update_type {
  NFT_COMPAT_TABLE_ADD,
  NFT_COMPAT_CHAIN_ADD,
  NFT_COMPAT_CHAIN_USER_ADD,
  NFT_COMPAT_CHAIN_USER_DEL,
  NFT_COMPAT_CHAIN_UPDATE,
  NFT_COMPAT_CHAIN_RENAME,
  NFT_COMPAT_RULE_APPEND,
  NFT_COMPAT_RULE_INSERT,
  NFT_COMPAT_RULE_REPLACE,
  NFT_COMPAT_RULE_DELETE,
  NFT_COMPAT_RULE_FLUSH
}
 
enum  obj_action {
  NFT_COMPAT_COMMIT,
  NFT_COMPAT_ABORT
}
 

Functions

int mnl_talk (struct nft_handle *h, struct nlmsghdr *nlh, int(*cb)(const struct nlmsghdr *nlh, void *data), void *data)
 
int nft_table_add (struct nft_handle *h, struct nft_table *t, uint16_t flags)
 
int nft_chain_add (struct nft_handle *h, struct nft_chain *c, uint16_t flags)
 
int nft_init (struct nft_handle *h, struct builtin_table *t)
 
void nft_fini (struct nft_handle *h)
 
int nft_chain_set (struct nft_handle *h, const char *table, const char *chain, const char *policy, const struct xt_counters *counters)
 
int add_match (struct nft_rule *r, struct xt_entry_match *m)
 
int add_target (struct nft_rule *r, struct xt_entry_target *t)
 
int add_jumpto (struct nft_rule *r, const char *name, int verdict)
 
int add_verdict (struct nft_rule *r, int verdict)
 
int add_action (struct nft_rule *r, struct iptables_command_state *cs, bool goto_set)
 
int add_counters (struct nft_rule *r, uint64_t packets, uint64_t bytes)
 
void add_compat (struct nft_rule *r, uint32_t proto, bool inv)
 
int nft_rule_append (struct nft_handle *h, const char *chain, const char *table, void *data, uint64_t handle, bool verbose)
 
void nft_rule_print_save (const void *data, struct nft_rule *r, enum nft_rule_print type, unsigned int format)
 
struct nft_chain_listnft_chain_dump (struct nft_handle *h)
 
int nft_chain_save (struct nft_handle *h, struct nft_chain_list *list, const char *table)
 
int nft_rule_save (struct nft_handle *h, const char *table, bool counters)
 
int nft_rule_flush (struct nft_handle *h, const char *chain, const char *table)
 
int nft_chain_user_add (struct nft_handle *h, const char *chain, const char *table)
 
int nft_chain_user_del (struct nft_handle *h, const char *chain, const char *table)
 
struct nft_chainnft_chain_list_find (struct nft_chain_list *list, const char *table, const char *chain)
 
int nft_chain_user_rename (struct nft_handle *h, const char *chain, const char *table, const char *newname)
 
bool nft_table_find (struct nft_handle *h, const char *tablename)
 
int nft_for_each_table (struct nft_handle *h, int(*func)(struct nft_handle *h, const char *tablename, bool counters), bool counters)
 
int nft_table_purge_chains (struct nft_handle *h, const char *this_table, struct nft_chain_list *chain_list)
 
struct nft_rule_listnft_rule_list_create (struct nft_handle *h)
 
void nft_rule_list_destroy (struct nft_rule_list *list)
 
int nft_rule_check (struct nft_handle *h, const char *chain, const char *table, void *data, bool verbose)
 
int nft_rule_delete (struct nft_handle *h, const char *chain, const char *table, void *data, bool verbose)
 
int nft_rule_insert (struct nft_handle *h, const char *chain, const char *table, void *data, int rulenum, bool verbose)
 
int nft_rule_delete_num (struct nft_handle *h, const char *chain, const char *table, int rulenum, bool verbose)
 
int nft_rule_replace (struct nft_handle *h, const char *chain, const char *table, void *data, int rulenum, bool verbose)
 
int nft_rule_list (struct nft_handle *h, const char *chain, const char *table, int rulenum, unsigned int format)
 
int nft_rule_list_save (struct nft_handle *h, const char *chain, const char *table, int rulenum, int counters)
 
int nft_rule_zero_counters (struct nft_handle *h, const char *chain, const char *table, int rulenum)
 
int nft_commit (struct nft_handle *h)
 
int nft_abort (struct nft_handle *h)
 
int nft_compatible_revision (const char *name, uint8_t rev, int opt)
 
const char * nft_strerror (int err)
 
int nft_xtables_config_load (struct nft_handle *h, const char *filename, uint32_t flags)
 
int nft_chain_zero_counters (struct nft_handle *h, const char *chain, const char *table)
 
uint32_t nft_invflags2cmp (uint32_t invflags, uint32_t flag)
 

Variables

struct builtin_table xtables_ipv4 [TABLES_MAX]
 
struct builtin_table xtables_arp [TABLES_MAX]
 

Macro Definition Documentation

#define BATCH_PAGE_SIZE   getpagesize() * 32

Enumeration Type Documentation

enum obj_action
Enumerator
NFT_COMPAT_COMMIT 
NFT_COMPAT_ABORT 
enum obj_update_type
Enumerator
NFT_COMPAT_TABLE_ADD 
NFT_COMPAT_CHAIN_ADD 
NFT_COMPAT_CHAIN_USER_ADD 
NFT_COMPAT_CHAIN_USER_DEL 
NFT_COMPAT_CHAIN_UPDATE 
NFT_COMPAT_CHAIN_RENAME 
NFT_COMPAT_RULE_APPEND 
NFT_COMPAT_RULE_INSERT 
NFT_COMPAT_RULE_REPLACE 
NFT_COMPAT_RULE_DELETE 
NFT_COMPAT_RULE_FLUSH 

Function Documentation

int add_action ( struct nft_rule r,
struct iptables_command_state cs,
bool  goto_set 
)

References add_jumpto(), add_target(), add_verdict(), iptables_command_state::jumpto, NF_ACCEPT, NF_DROP, NFT_GOTO, NFT_JUMP, NFT_RETURN, NULL, xtables_target::t, iptables_command_state::target, XTC_LABEL_ACCEPT, XTC_LABEL_DROP, and XTC_LABEL_RETURN.

Here is the call graph for this function:

void add_compat ( struct nft_rule r,
uint32_t  proto,
bool  inv 
)

References NFT_RULE_ATTR_COMPAT_FLAGS, NFT_RULE_ATTR_COMPAT_PROTO, nft_rule_attr_set_u32(), and NFT_RULE_COMPAT_F_INV.

Here is the call graph for this function:

int add_counters ( struct nft_rule r,
uint64_t  packets,
uint64_t  bytes 
)

References NFT_EXPR_CTR_BYTES, NFT_EXPR_CTR_PACKETS, nft_rule_add_expr(), nft_rule_expr_alloc(), nft_rule_expr_set_u64(), and NULL.

Here is the call graph for this function:

int add_jumpto ( struct nft_rule r,
const char *  name,
int  verdict 
)

References NFT_EXPR_IMM_CHAIN, NFT_EXPR_IMM_DREG, NFT_EXPR_IMM_VERDICT, NFT_REG_VERDICT, nft_rule_add_expr(), nft_rule_expr_alloc(), nft_rule_expr_set_str(), nft_rule_expr_set_u32(), and NULL.

Referenced by add_action().

Here is the call graph for this function:

Here is the caller graph for this function:

int add_match ( struct nft_rule r,
struct xt_entry_match m 
)

References nft_rule_add_expr(), nft_rule_expr_alloc(), and NULL.

Here is the call graph for this function:

int add_target ( struct nft_rule r,
struct xt_entry_target t 
)

References nft_rule_add_expr(), nft_rule_expr_alloc(), and NULL.

Referenced by add_action().

Here is the call graph for this function:

Here is the caller graph for this function:

int add_verdict ( struct nft_rule r,
int  verdict 
)

References NFT_EXPR_IMM_DREG, NFT_EXPR_IMM_VERDICT, NFT_REG_VERDICT, nft_rule_add_expr(), nft_rule_expr_alloc(), nft_rule_expr_set_u32(), and NULL.

Referenced by add_action().

Here is the call graph for this function:

Here is the caller graph for this function:

int mnl_talk ( struct nft_handle h,
struct nlmsghdr nlh,
int(*)(const struct nlmsghdr *nlh, void *data cb,
void *  data 
)

References buf, mnl_cb_run(), MNL_SOCKET_BUFFER_SIZE, mnl_socket_recvfrom(), mnl_socket_sendto(), nft_handle::nl, nlmsghdr::nlmsg_len, nft_handle::portid, and nft_handle::seq.

Referenced by nft_chain_add(), nft_chain_user_add(), nft_chain_user_rename(), nft_chain_zero_counters(), and nft_table_add().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_abort ( struct nft_handle h)

References NFT_COMPAT_ABORT.

int nft_chain_add ( struct nft_handle h,
struct nft_chain c,
uint16_t  flags 
)

References buf, nft_handle::family, mnl_nlmsg_fprintf(), MNL_SOCKET_BUFFER_SIZE, mnl_talk(), nft_chain_free(), nft_chain_nlmsg_build_hdr, nft_chain_nlmsg_build_payload(), nft_chain_snprintf(), NFT_MSG_NEWCHAIN, nlh, NLM_F_ACK, NLM_F_CREATE, nlmsghdr::nlmsg_len, NULL, and nft_handle::seq.

Referenced by nft_chain_set().

Here is the call graph for this function:

Here is the caller graph for this function:

struct nft_chain_list* nft_chain_dump ( struct nft_handle h)

Referenced by nft_rule_list(), and nft_rule_list_save().

Here is the caller graph for this function:

struct nft_chain* nft_chain_list_find ( struct nft_chain_list list,
const char *  table,
const char *  chain 
)

References nft_chain_attr_get_str(), NFT_CHAIN_ATTR_NAME, NFT_CHAIN_ATTR_TABLE, nft_chain_list_iter_create(), nft_chain_list_iter_destroy(), nft_chain_list_iter_next(), and NULL.

Here is the call graph for this function:

int nft_chain_save ( struct nft_handle h,
struct nft_chain_list list,
const char *  table 
)

References nft_chain_attr_get_str(), NFT_CHAIN_ATTR_TABLE, nft_chain_list_free(), nft_chain_list_iter_create(), nft_chain_list_iter_destroy(), nft_chain_list_iter_next(), and NULL.

Here is the call graph for this function:

int nft_chain_set ( struct nft_handle h,
const char *  table,
const char *  chain,
const char *  policy,
const struct xt_counters counters 
)

References nft_handle::batch_support, NF_ACCEPT, NF_DROP, nft_chain_add(), nft_chain_set(), NFT_COMPAT_CHAIN_UPDATE, and NULL.

Referenced by do_commandarp(), do_commandx(), nft_chain_set(), and nft_strerror().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_chain_user_add ( struct nft_handle h,
const char *  chain,
const char *  table 
)

References nft_handle::batch_support, nft_handle::family, MNL_SOCKET_BUFFER_SIZE, mnl_talk(), nft_chain_alloc(), NFT_CHAIN_ATTR_NAME, nft_chain_attr_set(), NFT_CHAIN_ATTR_TABLE, nft_chain_free(), nft_chain_nlmsg_build_hdr, nft_chain_nlmsg_build_payload(), nft_chain_user_add(), NFT_COMPAT_CHAIN_USER_ADD, NFT_MSG_NEWCHAIN, nft_xtables_config_load(), nlh, NLM_F_ACK, NLM_F_EXCL, NULL, nft_handle::seq, and XTABLES_CONFIG_DEFAULT.

Referenced by do_commandarp(), do_commandx(), nft_chain_user_add(), nft_chain_user_rename(), and nft_strerror().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_chain_user_del ( struct nft_handle h,
const char *  chain,
const char *  table 
)

References nft_handle::batch_support, nft_chain_list::list, nft_chain_attr_get_str(), NFT_CHAIN_ATTR_NAME, NFT_CHAIN_ATTR_TABLE, nft_chain_list_free(), nft_chain_list_iter_create(), nft_chain_list_iter_destroy(), nft_chain_list_iter_next(), NFT_COMPAT_CHAIN_USER_DEL, and NULL.

Referenced by do_commandarp(), do_commandx(), and nft_strerror().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_chain_user_rename ( struct nft_handle h,
const char *  chain,
const char *  table,
const char *  newname 
)

References nft_handle::batch_support, nft_handle::family, nft_chain::handle, MNL_SOCKET_BUFFER_SIZE, mnl_talk(), nft_chain_alloc(), nft_chain_attr_get_u64(), NFT_CHAIN_ATTR_HANDLE, NFT_CHAIN_ATTR_NAME, nft_chain_attr_set(), nft_chain_attr_set_u64(), NFT_CHAIN_ATTR_TABLE, nft_chain_free(), nft_chain_nlmsg_build_hdr, nft_chain_nlmsg_build_payload(), nft_chain_user_add(), NFT_COMPAT_CHAIN_RENAME, NFT_MSG_NEWCHAIN, nft_xtables_config_load(), nlh, NLM_F_ACK, NULL, nft_handle::seq, and XTABLES_CONFIG_DEFAULT.

Referenced by do_commandarp(), and do_commandx().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_chain_zero_counters ( struct nft_handle h,
const char *  chain,
const char *  table 
)

References nft_handle::batch_support, nft_handle::family, nft_chain_list::list, MNL_SOCKET_BUFFER_SIZE, mnl_talk(), NFT_CHAIN_ATTR_BYTES, nft_chain_attr_get(), NFT_CHAIN_ATTR_HANDLE, NFT_CHAIN_ATTR_NAME, NFT_CHAIN_ATTR_PACKETS, nft_chain_attr_set_u64(), NFT_CHAIN_ATTR_TABLE, nft_chain_attr_unset(), nft_chain_list_free(), nft_chain_list_iter_create(), nft_chain_list_iter_destroy(), nft_chain_list_iter_next(), nft_chain_nlmsg_build_hdr, nft_chain_nlmsg_build_payload(), NFT_COMPAT_CHAIN_ADD, NFT_MSG_NEWCHAIN, nlh, NLM_F_ACK, NULL, and nft_handle::seq.

Referenced by do_commandarp(), and do_commandx().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_commit ( struct nft_handle h)

References NFT_COMPAT_COMMIT.

Referenced by nft_rule_list(), and xtables_arp_main().

Here is the caller graph for this function:

int nft_compatible_revision ( const char *  name,
uint8_t  rev,
int  opt 
)

References DEBUGP, IP6T_SO_GET_REVISION_MATCH, IPT_SO_GET_REVISION_MATCH, mnl_attr_put_strz(), mnl_attr_put_u32(), mnl_cb_run(), mnl_nlmsg_put_extra_header(), mnl_nlmsg_put_header(), MNL_SOCKET_AUTOPID, mnl_socket_bind(), MNL_SOCKET_BUFFER_SIZE, mnl_socket_close(), mnl_socket_get_portid(), mnl_socket_open(), mnl_socket_recvfrom(), mnl_socket_sendto(), NETLINK_NETFILTER, nfgenmsg::nfgen_family, NFNETLINK_V0, NFNL_MSG_COMPAT_GET, NFNL_SUBSYS_NFT_COMPAT, NFTA_COMPAT_NAME, NFTA_COMPAT_REV, NFTA_COMPAT_TYPE, nlh, NLM_F_ACK, NLM_F_REQUEST, nlmsghdr::nlmsg_flags, nlmsghdr::nlmsg_len, nlmsghdr::nlmsg_seq, nlmsghdr::nlmsg_type, NULL, nfgenmsg::res_id, type, and nfgenmsg::version.

Here is the call graph for this function:

void nft_fini ( struct nft_handle h)

References nft_handle::batch, mnl_nlmsg_batch_head(), mnl_nlmsg_batch_stop(), mnl_socket_close(), and nft_handle::nl.

Referenced by xtables_arp_main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_for_each_table ( struct nft_handle h,
int(*)(struct nft_handle *h, const char *tablename, bool counters)  func,
bool  counters 
)

References nft_table_list::list, nft_table_attr_get(), NFT_TABLE_ATTR_NAME, nft_table_list_free(), nft_table_list_iter_create(), nft_table_list_iter_next(), and NULL.

Here is the call graph for this function:

int nft_init ( struct nft_handle h,
struct builtin_table t 
)

References nft_handle::batch, nft_handle::batch_support, INIT_LIST_HEAD, MNL_SOCKET_AUTOPID, mnl_socket_bind(), mnl_socket_get_portid(), mnl_socket_open(), NETLINK_NETFILTER, nft_handle::nl, NULL, nft_handle::obj_list, nft_handle::portid, and nft_handle::tables.

Referenced by do_commandarp(), and xtables_config_main().

Here is the call graph for this function:

Here is the caller graph for this function:

uint32_t nft_invflags2cmp ( uint32_t  invflags,
uint32_t  flag 
)

References NFT_CMP_EQ, and NFT_CMP_NEQ.

int nft_rule_append ( struct nft_handle h,
const char *  chain,
const char *  table,
void *  data,
uint64_t  handle,
bool  verbose 
)

References NFT_COMPAT_RULE_APPEND, NFT_COMPAT_RULE_REPLACE, nft_rule_append(), NFT_RULE_ATTR_HANDLE, nft_rule_attr_set(), nft_rule_free(), nft_xtables_config_load(), NULL, type, and XTABLES_CONFIG_DEFAULT.

Referenced by nft_rule_append(), nft_rule_replace(), and nft_rule_zero_counters().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_rule_check ( struct nft_handle h,
const char *  chain,
const char *  table,
void *  data,
bool  verbose 
)

References nft_rule_list::list, nft_rule_check(), nft_rule_list_create(), nft_rule_list_destroy(), and NULL.

Referenced by nft_rule_check(), and nft_strerror().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_rule_delete ( struct nft_handle h,
const char *  chain,
const char *  table,
void *  data,
bool  verbose 
)

References nft_rule_list::list, nft_rule_delete(), nft_rule_list_create(), nft_rule_list_destroy(), and NULL.

Referenced by nft_rule_delete(), nft_rule_zero_counters(), and nft_strerror().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_rule_delete_num ( struct nft_handle h,
const char *  chain,
const char *  table,
int  rulenum,
bool  verbose 
)

References DEBUGP, nft_rule_list::list, nft_rule_delete_num(), nft_rule_list_create(), nft_rule_list_destroy(), and NULL.

Referenced by do_commandarp(), do_commandx(), nft_rule_delete_num(), and nft_strerror().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_rule_flush ( struct nft_handle h,
const char *  chain,
const char *  table 
)

References nft_chain_list::list, nft_chain_attr_get_str(), NFT_CHAIN_ATTR_NAME, NFT_CHAIN_ATTR_TABLE, nft_chain_list_free(), nft_chain_list_iter_create(), nft_chain_list_iter_destroy(), nft_chain_list_iter_next(), nft_rule_flush(), and NULL.

Referenced by do_commandarp(), do_commandx(), and nft_rule_flush().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_rule_insert ( struct nft_handle h,
const char *  chain,
const char *  table,
void *  data,
int  rulenum,
bool  verbose 
)

References DEBUGP, nft_rule_list::list, nft_rule_attr_get_u64(), NFT_RULE_ATTR_HANDLE, nft_rule_insert(), nft_rule_list_create(), nft_rule_list_destroy(), nft_xtables_config_load(), NULL, and XTABLES_CONFIG_DEFAULT.

Referenced by nft_rule_insert().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_rule_list ( struct nft_handle h,
const char *  chain,
const char *  table,
int  rulenum,
unsigned int  format 
)

References nft_handle::family, nft_chain_list::list, NFT_CHAIN_ATTR_BYTES, nft_chain_attr_get(), nft_chain_attr_get_str(), nft_chain_attr_get_u32(), nft_chain_attr_get_u64(), NFT_CHAIN_ATTR_HOOKNUM, NFT_CHAIN_ATTR_NAME, NFT_CHAIN_ATTR_PACKETS, NFT_CHAIN_ATTR_POLICY, NFT_CHAIN_ATTR_TABLE, NFT_CHAIN_ATTR_USE, nft_chain_dump(), nft_chain_list_free(), nft_chain_list_iter_create(), nft_chain_list_iter_destroy(), nft_chain_list_iter_next(), nft_commit(), nft_family_ops_lookup(), nft_xtables_config_load(), NULL, nft_handle::obj_list, xt_counters::pcnt, nft_family_ops::print_firewall, nft_family_ops::print_header, and XTABLES_CONFIG_DEFAULT.

Here is the call graph for this function:

struct nft_rule_list* nft_rule_list_create ( struct nft_handle h)

Referenced by nft_rule_check(), nft_rule_delete(), nft_rule_delete_num(), nft_rule_insert(), nft_rule_replace(), and nft_rule_zero_counters().

Here is the caller graph for this function:

void nft_rule_list_destroy ( struct nft_rule_list list)

References nft_rule_list_free().

Referenced by nft_rule_check(), nft_rule_delete(), nft_rule_delete_num(), nft_rule_insert(), nft_rule_replace(), and nft_rule_zero_counters().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_rule_list_save ( struct nft_handle h,
const char *  chain,
const char *  table,
int  rulenum,
int  counters 
)

References FMT_NOCOUNTS, nft_chain_list::list, nft_chain_attr_get_str(), NFT_CHAIN_ATTR_NAME, NFT_CHAIN_ATTR_TABLE, nft_chain_dump(), nft_chain_list_free(), nft_chain_list_iter_create(), nft_chain_list_iter_destroy(), nft_chain_list_iter_next(), and NULL.

Here is the call graph for this function:

void nft_rule_print_save ( const void *  data,
struct nft_rule r,
enum nft_rule_print  type,
unsigned int  format 
)

References nft_rule::family, FMT_NOCOUNTS, nft_family_ops_lookup(), NFT_RULE_APPEND, NFT_RULE_ATTR_CHAIN, NFT_RULE_ATTR_FAMILY, nft_rule_attr_get_str(), nft_rule_attr_get_u32(), NFT_RULE_DEL, nft_family_ops::save_counters, and nft_family_ops::save_firewall.

Referenced by nft_ipv46_rule_find(), and nft_rule_save().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_rule_replace ( struct nft_handle h,
const char *  chain,
const char *  table,
void *  data,
int  rulenum,
bool  verbose 
)

References DEBUGP, nft_rule_list::list, nft_rule_append(), nft_rule_attr_get_u64(), NFT_RULE_ATTR_HANDLE, nft_rule_list_create(), nft_rule_list_destroy(), nft_rule_replace(), and NULL.

Referenced by nft_rule_replace(), and nft_strerror().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_rule_save ( struct nft_handle h,
const char *  table,
bool  counters 
)

References FMT_NOCOUNTS, nft_rule_list::list, NFT_RULE_APPEND, nft_rule_attr_get_str(), NFT_RULE_ATTR_TABLE, nft_rule_list_free(), nft_rule_list_iter_create(), nft_rule_list_iter_destroy(), nft_rule_list_iter_next(), nft_rule_print_save(), nft_rule_to_iptables_command_state(), and NULL.

Here is the call graph for this function:

int nft_rule_zero_counters ( struct nft_handle h,
const char *  chain,
const char *  table,
int  rulenum 
)

References xt_counters::bcnt, iptables_command_state::counters, error, nft_rule_list::list, nft_rule_append(), nft_rule_attr_get_u64(), NFT_RULE_ATTR_HANDLE, nft_rule_delete(), nft_rule_list_create(), nft_rule_list_destroy(), nft_rule_to_iptables_command_state(), NULL, and xt_counters::pcnt.

Referenced by do_commandx().

Here is the call graph for this function:

Here is the caller graph for this function:

const char* nft_strerror ( int  err)

References nft_chain_set(), nft_chain_user_add(), nft_chain_user_del(), nft_rule_check(), nft_rule_delete(), nft_rule_delete_num(), nft_rule_replace(), and NULL.

Referenced by xtables_arp_main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nft_table_add ( struct nft_handle h,
struct nft_table t,
uint16_t  flags 
)

References buf, nft_handle::family, mnl_nlmsg_fprintf(), MNL_SOCKET_BUFFER_SIZE, mnl_talk(), NFT_MSG_NEWTABLE, nft_table_free(), nft_table_nlmsg_build_hdr, nft_table_nlmsg_build_payload(), nft_table_snprintf(), nlh, NLM_F_ACK, nlmsghdr::nlmsg_len, NULL, and nft_handle::seq.

Here is the call graph for this function:

bool nft_table_find ( struct nft_handle h,
const char *  tablename 
)

References nft_table_list::list, nft_table_attr_get(), NFT_TABLE_ATTR_NAME, nft_table_list_free(), nft_table_list_iter_create(), nft_table_list_iter_next(), and NULL.

Here is the call graph for this function:

int nft_table_purge_chains ( struct nft_handle h,
const char *  this_table,
struct nft_chain_list chain_list 
)

References nft_chain_attr_get_str(), NFT_CHAIN_ATTR_TABLE, nft_chain_list_iter_create(), nft_chain_list_iter_destroy(), nft_chain_list_iter_next(), and NULL.

Here is the call graph for this function:

int nft_xtables_config_load ( struct nft_handle h,
const char *  filename,
uint32_t  flags 
)

References nft_handle::family, nft_chain_attr_get(), nft_chain_attr_get_u32(), NFT_CHAIN_ATTR_NAME, NFT_CHAIN_ATTR_TABLE, nft_chain_list_alloc(), nft_chain_list_free(), nft_chain_list_iter_create(), nft_chain_list_iter_destroy(), nft_chain_list_iter_next(), NFT_COMPAT_CHAIN_ADD, NFT_COMPAT_TABLE_ADD, NFT_TABLE_ATTR_FAMILY, nft_table_attr_get(), nft_table_attr_get_u32(), NFT_TABLE_ATTR_NAME, nft_table_list_alloc(), nft_table_list_free(), nft_table_list_iter_create(), nft_table_list_iter_destroy(), nft_table_list_iter_next(), NULL, nft_handle::restore, and xtables_config_parse().

Referenced by nft_chain_user_add(), nft_chain_user_rename(), nft_rule_append(), nft_rule_insert(), nft_rule_list(), and xtables_config_main().

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

struct builtin_table xtables_arp[TABLES_MAX]
Initial value:
= {
[FILTER] = {
.name = "filter",
.chains = {
{
.name = "INPUT",
.type = "filter",
.prio = NF_IP_PRI_FILTER,
.hook = NF_ARP_IN,
},
{
.name = "FORWARD",
.type = "filter",
.prio = NF_IP_PRI_FILTER,
.hook = NF_ARP_FORWARD,
},
{
.name = "OUTPUT",
.type = "filter",
.prio = NF_IP_PRI_FILTER,
.hook = NF_ARP_OUT,
},
},
},
}
NF_ARP_IN
#define NF_ARP_IN
Definition: netfilter_arp.h:14
FILTER
#define FILTER
Definition: nft.h:8
NF_IP_PRI_FILTER
Definition: netfilter_ipv4.h:60
NF_ARP_FORWARD
#define NF_ARP_FORWARD
Definition: netfilter_arp.h:16
NF_ARP_OUT
#define NF_ARP_OUT
Definition: netfilter_arp.h:15

Referenced by do_commandarp().

struct builtin_table xtables_ipv4[TABLES_MAX]

Referenced by xtables_config_main().