Collaboration diagram for libnftables:

Modules
	Run nftables commands

	Batch support

Functions
void	nft_global_init (void)

void	nft_global_deinit (void)

int	nft_global_set_max_errors (unsigned int errors)

	__attribute__ ((format(printf, 2, 0)))

struct nft_ctx *	nft_context_new (void)

void	nft_context_set_print_func (struct nft_ctx nft, int(print)(void ctx, const char fmt,...), void *ctx)

void	nft_context_free (struct nft_ctx *nft)

int	nft_get_error (struct nft_ctx nft, char err_buf, size_t err_buf_len)

Variables
unsigned int	max_errors = 1

const char *	include_paths [INCLUDE_PATHS_MAX] = { DEFAULT_INCLUDE_PATH }

Detailed Description

libnftables is a high level nftables library that is meant to be useful for frontend to nftables.

The synopsis of the library for a basic usage is the following

// init once the library cache
nft_global_init();
// create the nftables context
nft = nft_context_new();
// now you can run nftables commands
rc = nft_run_command_from_buffer(nft, CMD, sizeof(CMD));
if (rc != NFT_EXIT_SUCCESS) {
    // use the following function to get errors
    nft_get_error(nft, err_buf, sizeof(err_buf));
    printf("%s\n", err_buf);
    return -1;
}
// once you're done with the context, free allocated ressources
nft_context_free(nft);
// call deinit when you will not need anymore the library
nft_global_deinit();

The library can be used to run commands and has support for batched commands.

Function Documentation

◆ nft_context_free()

void nft_context_free ( struct nft_ctx * nft )

Free a nftables context

Parameters

nft	a struct nft_ctx to be freed

Definition at line 175 of file libnftables.c.

◆ nft_context_new()

struct nft_ctx* nft_context_new ( void )

Allocate a nftables context

Returns: a struct nft_ctx or NULL in case of error

Definition at line 132 of file libnftables.c.

◆ nft_context_set_print_func()

void nft_context_set_print_func	(	struct nft_ctx *	nft,
		int()(void ctx, const char *fmt,...)	print,
		void *	ctx
	)

Set print function for your application

Command such as list ruleset can trigger an output. This function allows you to define which function should be used.

Parameters

nft	a initialized struct nft_ctx
print	a print function
ctx	a pointer that will be passed as first argument of print function call

Definition at line 160 of file libnftables.c.

◆ nft_get_error()

int nft_get_error	(	struct nft_ctx *	nft,
		char *	err_buf,
		size_t	err_buf_len
	)

Get current errors and write them in provided buffer

Returns: NFT_EXIT_SUCCESS if there is error, NFT_EXIT_FAILURE if no error available

Definition at line 195 of file libnftables.c.

◆ nft_global_deinit()

void nft_global_deinit ( void )

Deinit global structures

To be called once before exiting the nftables tasks

Definition at line 91 of file libnftables.c.

◆ nft_global_init()

void nft_global_init ( void )

Init cache structure.

This needs to be called once by process to do the initialization phase of some structures.

Definition at line 73 of file libnftables.c.

◆ nft_global_set_max_errors()

int nft_global_set_max_errors ( unsigned int errors )

Set number of consecutive errors to handle

This can be useful if you send complex command to nftables and want to debug it but it causes memory leak.

Parameters

errors number of errors message to queue

Returns: NFT_EXIT_SUCCESS if success NFT_EXIT_FAILURE if not

Definition at line 110 of file libnftables.c.

Modules

Functions

Variables

Detailed Description

Function Documentation

◆ nft_context_free()

◆ nft_context_new()

◆ nft_context_set_print_func()

◆ nft_get_error()

◆ nft_global_deinit()

◆ nft_global_init()

◆ nft_global_set_max_errors()