nftables

Messages groups

Netlink allows data to be sent in multipart messages, which is a stream of multiple Netlink messages (each with its own header), flagged with NLM_F_MULTI and ending with a final message of type NLMSG_DONE

bf_nfgroup is an abstraction to represent multipart messages. It contains a list of bf_nfmsg, each of which is a Netlink message.

The messages group can be converted into a single bf_response, which is a contiguous buffer containing all the messages in the group.

Defines

_cleanup_bf_nfgroup_

Cleanup function for bf_nfgroup.

Functions

int bf_nfgroup_new(struct bf_nfgroup **group)

Create a new Netlink messages group.

Parameters:
  • group – Pointer to the new messages group. Must not be NULL. Will be allocated and initialised by this function. Can’t be NULL.

Returns:

0 on success, or negative errno value on error.

int bf_nfgroup_new_from_stream(struct bf_nfgroup **group, struct nlmsghdr *nlh, size_t length)

Create a new Netlink messages group from a stream of nlmsghdr.

Parameters:
  • group – Pointer to the new message group. Must not be NULL. Will be allocated and initialised by this function.

  • nlh – Pointer to the first nlmsghdr in the stream. Must not be NULL.

  • length – Total length of the stream.

Returns:

0 on success, or negative errno value on error.

void bf_nfgroup_free(struct bf_nfgroup **group)

Free a Netlink messages group.

Parameters:
  • group – Pointer to the messages group to free. If msg is NULL, nothing is done.

const bf_list *bf_nfgroup_messages(const struct bf_nfgroup *group)

Get the list of messages in the Netlink messages group.

Parameters:
  • group – Netlink messages group to get the list from. Can’t be NULL.

Returns:

bf_list containing the bf_nfmsg

size_t bf_nfgroup_size(const struct bf_nfgroup *group)

Get the total Netlink message size.

The total size of the Netlink message is the sum of the size of all the messages, including padding.

Parameters:
  • group – Netlink messages group to get the size of. Can’t be NULL.

Returns:

Total size of the Netlink messages group.

bool bf_nfgroup_is_empty(const struct bf_nfgroup *group)

Test if a Netlink message group is empty.

Parameters:
  • group – Netlink message to check. Can’t be NULL.

Returns:

True if the Netlink message is empty (no messages), false otherwise.

int bf_nfgroup_add_message(struct bf_nfgroup *group, struct bf_nfmsg *msg)

Add a Netlink message to the Netlink messages group.

Parameters:
  • group – Netlink messages group to add the message to. Can’t be NULL.

  • msg – Message to add to the messages group. Can’t be NULL. The Netlink messages group takes onwership of the message.

Returns:

0 on success, or negative errno value on error.

int bf_nfgroup_add_new_message(struct bf_nfgroup *group, struct bf_nfmsg **msg, uint16_t command, uint16_t seqnr)

Create a new Netfilter Netlink message and add it to a Netlink messages group.

The new Netfilter Netlink message is owned by the messages group and should not be freed by the caller.

Parameters:
  • group – Netlink messages group to add the message to. Can’t be NULL.

  • msg – Pointer to the new message. Once the function succeeds, this pointer will be set to the new message. Can be NULL, in which case the caller won’t have access to the new message.

  • command – Netlink message command.

  • seqnr – Netlink message sequence number.

Returns:

0 on success, or negative errno value on error.

int bf_nfgroup_to_response(const struct bf_nfgroup *group, struct bf_response **resp)

Convert a Netlink messages group into a bf_response.

All the Netfilter Netlink messages contained in the group will written contiguously in the payload of a single bf_response .

If only one message is present in the group, the response will contain only the message payload. If more than one message is present, the response will contain a multipart message, with the NLM_F_MULTI flag set on all the messages and a final NLMSG_DONE message.

If the group is empty, the reponse will contain a single NLMSG_DONE message.

Parameters:
  • group – Netlink messages group to convert. Can’t be NULL.

  • resp – Pointer to the new response. Can’t be NULL. A new response will be allocated by this function and the caller will be responsible for freeing it.

Returns:

0 on success, or negative errno value on error.