examples: nft-rule-del: fix missing batching headers

Fix the example for deleting rules. Before this patch,
the program tried to delete the rule without using
the correct header.

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/examples/nft-rule-del.c b/examples/nft-rule-del.c
index 6f665b0e0469fb6fc5af3bdabd6fda56d0ca4552..b29c75742d6da0251623d48ad5502bba15033fa1 100644 (file)
--- a/examples/nft-rule-del.c
+++ b/examples/nft-rule-del.c
@@ -17,15 +17,33 @@
 
 #include <linux/netfilter.h>
 #include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter/nfnetlink.h>
 
 #include <libmnl/libmnl.h>
 #include <libnftnl/rule.h>
 
+static void nft_mnl_batch_put(char *buf, uint16_t type, uint32_t seq)
+{
+       struct nlmsghdr *nlh;
+       struct nfgenmsg *nfg;
+
+       nlh = mnl_nlmsg_put_header(buf);
+       nlh->nlmsg_type = type;
+       nlh->nlmsg_flags = NLM_F_REQUEST;
+       nlh->nlmsg_seq = seq;
+
+       nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
+       nfg->nfgen_family = AF_INET;
+       nfg->version = NFNETLINK_V0;
+       nfg->res_id = NFNL_SUBSYS_NFTABLES;
+}
+
 int main(int argc, char *argv[])
 {
        struct mnl_socket *nl;
        char buf[MNL_SOCKET_BUFFER_SIZE];
        struct nlmsghdr *nlh;
+       struct mnl_nlmsg_batch *batch;
        uint32_t portid, seq;
        struct nft_rule *r = NULL;
        int ret, family;
@@ -56,8 +74,6 @@ int main(int argc, char *argv[])
        }
 
        seq = time(NULL);
-       nlh = nft_rule_nlmsg_build_hdr(buf, NFT_MSG_DELRULE, family,
-                                       NLM_F_ACK, seq);
        nft_rule_attr_set(r, NFT_RULE_ATTR_TABLE, argv[2]);
        nft_rule_attr_set(r, NFT_RULE_ATTR_CHAIN, argv[3]);
 
@@ -69,8 +85,24 @@ int main(int argc, char *argv[])
        nft_rule_snprintf(tmp, sizeof(tmp), r, 0, 0);
        printf("%s\n", tmp);
 
+       batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
+
+       nft_mnl_batch_put(mnl_nlmsg_batch_current(batch),
+                         NFNL_MSG_BATCH_BEGIN, seq++);
+       mnl_nlmsg_batch_next(batch);
+
+       nlh = nft_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+                               NFT_MSG_DELRULE,
+                               family,
+                               NLM_F_ACK, seq++);
+
        nft_rule_nlmsg_build_payload(nlh, r);
        nft_rule_free(r);
+       mnl_nlmsg_batch_next(batch);
+
+       nft_mnl_batch_put(mnl_nlmsg_batch_current(batch), NFNL_MSG_BATCH_END,
+                         seq++);
+       mnl_nlmsg_batch_next(batch);
 
        nl = mnl_socket_open(NETLINK_NETFILTER);
        if (nl == NULL) {
@@ -84,14 +116,17 @@ int main(int argc, char *argv[])
        }
        portid = mnl_socket_get_portid(nl);
 
-       if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
+       if (mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch),
+                             mnl_nlmsg_batch_size(batch)) < 0) {
                perror("mnl_socket_send");
                exit(EXIT_FAILURE);
        }
 
+       mnl_nlmsg_batch_stop(batch);
+
        ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
        while (ret > 0) {
-               ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
+               ret = mnl_cb_run(buf, ret, 0, portid, NULL, NULL);
                if (ret <= 0)
                        break;
                ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));