Nftables  0.9
Nftables like the firewall for Linux but next generation
Modules | Functions | Variables
libnftables
Collaboration diagram for libnftables:

Modules

 Run nftables commands
 
 Batch support
 

Functions

void nft_global_init (void)
 
void nft_global_deinit (void)
 
int nft_global_set_max_errors (unsigned int errors)
 
 __attribute__ ((format(printf, 2, 0)))
 
struct nft_ctx * nft_context_new (void)
 
void nft_context_set_print_func (struct nft_ctx *nft, int(*print)(void *ctx, const char *fmt,...), void *ctx)
 
void nft_context_free (struct nft_ctx *nft)
 
int nft_get_error (struct nft_ctx *nft, char *err_buf, size_t err_buf_len)
 

Variables

unsigned int max_errors = 1
 
const char * include_paths [INCLUDE_PATHS_MAX] = { DEFAULT_INCLUDE_PATH }
 

Detailed Description

libnftables is a high level nftables library that is meant to be useful for frontend to nftables.

The synopsis of the library for a basic usage is the following

// init once the library cache
// create the nftables context
// now you can run nftables commands
rc = nft_run_command_from_buffer(nft, CMD, sizeof(CMD));
if (rc != NFT_EXIT_SUCCESS) {
// use the following function to get errors
nft_get_error(nft, err_buf, sizeof(err_buf));
printf("%s\n", err_buf);
return -1;
}
// once you're done with the context, free allocated ressources
// call deinit when you will not need anymore the library

The library can be used to run commands and has support for batched commands.

Function Documentation

◆ nft_context_free()

void nft_context_free ( struct nft_ctx *  nft)

Free a nftables context

Parameters
nfta struct nft_ctx to be freed

Definition at line 175 of file libnftables.c.

◆ nft_context_new()

struct nft_ctx* nft_context_new ( void  )

Allocate a nftables context

Returns
a struct nft_ctx or NULL in case of error

Definition at line 132 of file libnftables.c.

◆ nft_context_set_print_func()

void nft_context_set_print_func ( struct nft_ctx *  nft,
int(*)(void *ctx, const char *fmt,...)  print,
void *  ctx 
)

Set print function for your application

Command such as list ruleset can trigger an output. This function allows you to define which function should be used.

Parameters
nfta initialized struct nft_ctx
printa print function
ctxa pointer that will be passed as first argument of print function call

Definition at line 160 of file libnftables.c.

◆ nft_get_error()

int nft_get_error ( struct nft_ctx *  nft,
char *  err_buf,
size_t  err_buf_len 
)

Get current errors and write them in provided buffer

Returns
NFT_EXIT_SUCCESS if there is error, NFT_EXIT_FAILURE if no error available

Definition at line 195 of file libnftables.c.

◆ nft_global_deinit()

void nft_global_deinit ( void  )

Deinit global structures

To be called once before exiting the nftables tasks

Definition at line 91 of file libnftables.c.

◆ nft_global_init()

void nft_global_init ( void  )

Init cache structure.

This needs to be called once by process to do the initialization phase of some structures.

Definition at line 73 of file libnftables.c.

◆ nft_global_set_max_errors()

int nft_global_set_max_errors ( unsigned int  errors)

Set number of consecutive errors to handle

This can be useful if you send complex command to nftables and want to debug it but it causes memory leak.

Parameters
errorsnumber of errors message to queue
Returns
NFT_EXIT_SUCCESS if success NFT_EXIT_FAILURE if not

Definition at line 110 of file libnftables.c.