From: Florian Westphal <fw@strlen.de>
To: Kiernan George <kbg98@vt.edu>
Cc: netfilter@vger.kernel.org
Subject: Re: Programmatically adding an element into a map using libnftnl
Date: Thu, 30 Mar 2023 22:17:46 +0200 [thread overview]
Message-ID: <20230330201746.GD22079@breakpoint.cc> (raw)
In-Reply-To: <CAOg40qhcAoSdiTV5ievXf5wrQfoh_ZfF+GDVHqZ-Bhpf_JgCPQ@mail.gmail.com>
Kiernan George <kbg98@vt.edu> wrote:
> I have a map of the following format:
>
> { type ipv4_addr . inet_service : ipv4_addr }
>
> How do I add an element into the map using the libnftnl API? I see the
> example nft-set-elem-add.c, but it is not clear on how to modify this
> for different types of elements like concatenated IP/port above or
> IPV6.
There are no different types of elements, the kernel only sees a
bitstring, you only need to increment the size of the key/data as
needed. Note that for concatenations, the sizes are rounded to one
register, i.e. the above needs 8 bytes for key and 4 bytes for data.
Only exception is concatenation with ranges, where a bit more
information is required (regarding boundaries).
The type information provided is needed for 'nft' to display the correct
content, without it it won't know what 0x123456790abc is supposed to
look like.
The type info bits are in nftables source code, in datatypes.h.
Patch to make set-elem-add example work with the modified example for map-add:
diff --git a/examples/nft-set-elem-add.c b/examples/nft-set-elem-add.c
--- a/examples/nft-set-elem-add.c
+++ b/examples/nft-set-elem-add.c
@@ -29,7 +29,8 @@ int main(int argc, char *argv[])
uint32_t portid, seq, family;
struct nftnl_set *s;
struct nftnl_set_elem *e;
- uint16_t data;
+ uint32_t data, i;
+ uint32_t key[2];
int ret;
if (argc != 4) {
@@ -70,7 +71,11 @@ int main(int argc, char *argv[])
}
data = 0x1;
- nftnl_set_elem_set(e, NFTNL_SET_ELEM_KEY, &data, sizeof(data));
+ for (i = 0; i < sizeof(key)/sizeof(*key); i++)
+ key[i] = htonl(i);
+
+ nftnl_set_elem_set(e, NFTNL_SET_ELEM_KEY, key, sizeof(key));
+ nftnl_set_elem_set(e, NFTNL_SET_ELEM_DATA, &data, sizeof(data));
nftnl_set_elem_add(s, e);
e = nftnl_set_elem_alloc();
@@ -78,8 +83,14 @@ int main(int argc, char *argv[])
perror("OOM");
exit(EXIT_FAILURE);
}
+
+
+ for (i = 0; i < sizeof(key)/sizeof(*key); i++)
+ key[i] = htonl(i + 1);
+
data = 0x2;
- nftnl_set_elem_set(e, NFTNL_SET_ELEM_KEY, &data, sizeof(data));
+ nftnl_set_elem_set(e, NFTNL_SET_ELEM_KEY, key, sizeof(key));
+ nftnl_set_elem_set(e, NFTNL_SET_ELEM_DATA, &data, sizeof(data));
nftnl_set_elem_add(s, e);
batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
> I hate to ask again, but is there documentation for the library somewhere?
Not that I know, patches welcome.
prev parent reply other threads:[~2023-03-30 20:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-30 19:41 Programmatically adding an element into a map using libnftnl Kiernan George
2023-03-30 20:17 ` Florian Westphal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230330201746.GD22079@breakpoint.cc \
--to=fw@strlen.de \
--cc=kbg98@vt.edu \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).