Collaboration diagram for Batch support:
|
Functions | |
| struct nft_batch * | nft_batch_start (struct nft_ctx *nft) |
| int | nft_batch_add (struct nft_ctx *nft, struct nft_batch *batch, const char *buf, size_t buflen) |
| int | nft_batch_commit (struct nft_ctx *nft, struct nft_batch *batch) |
| void | nft_batch_free (struct nft_batch *batch) |
Detailed Description
Nftables supports batch or transsaction. It is possible to prepare multiple commands and then run it at once. If one of the commands fails then the complete set of commands is not added to the firewall ruleset.
libnftables support transaction and the synopsis of the usage it the following:
- create a transaction with nft_batch_start()
- add command to the batch with nft_batch_add()
- commit the batch to kernel with nft_batch_commit()
The following example code shows how to use it:
char ADD1[] = "add rule nat postrouting ip saddr 1.2.3.4 masquerade";
char ADD2[] = "add rule filter forward ip saddr 1.2.3.4 accept";
// start a batch using an existing nftables context
batch = nft_batch_start(nft);
// add first command to the batch
if (nft_batch_add(nft, batch, ADD1, strlen(ADD1)) != NFT_EXIT_SUCCESS) {
// standard error handling
nft_get_error(nft, err_buf, sizeof(err_buf));
printf("%s\n", err_buf);
// free the batch
nft_batch_free(batch);
return -1;
}
// add second command
if (nft_batch_add(nft, batch, ADD2, strlen(ADD2)) != NFT_EXIT_SUCCESS) {
// error handling
nft_batch_free(batch);
return -1;
}
// send this batch of two commands to kernel and get result
ret = nft_batch_commit(nft, batch);
if (ret != 0) {
// error handling
nft_batch_free(batch);
return -1;
}
Function Documentation
◆ nft_batch_add()
| int nft_batch_add | ( | struct nft_ctx * | nft, |
| struct nft_batch * | batch, | ||
| const char * | buf, | ||
| size_t | buflen | ||
| ) |
Add a command to an already created batch
- Parameters
-
nft nftables context initialized with nft_context_new() batch nftables batch initialized with nft_batch_start() buf buffer with command to execute buflen length of buffer string
- Returns
- NFT_EXIT_SUCCESS in case of success or NFT_EXIT_FAILURE
Definition at line 390 of file libnftables.c.
◆ nft_batch_commit()
| int nft_batch_commit | ( | struct nft_ctx * | nft, |
| struct nft_batch * | batch | ||
| ) |
Commit a batch to the kernel
- Parameters
-
nft nftables context initialized with nft_context_new() batch nftables batch with commands added via nft_batch_add()
- Returns
- NFT_EXIT_SUCCESS in case of success or NFT_EXIT_FAILURE
Definition at line 435 of file libnftables.c.
◆ nft_batch_free()
| void nft_batch_free | ( | struct nft_batch * | batch | ) |
Free ressources allocated to a batch
- Parameters
-
batch nftables batch initialized with nft_batch_start()
Definition at line 468 of file libnftables.c.
◆ nft_batch_start()
| struct nft_batch* nft_batch_start | ( | struct nft_ctx * | nft | ) |
Start a batch
- Parameters
-
nft a pointer to an initalized struct nft_ctx
- Returns
- a pointer to an allocated and initialized struct nft_batch or NULL if error
Definition at line 355 of file libnftables.c.
