diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2018-09-19 12:30:51 +0200 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2018-09-19 12:30:51 +0200 |
| commit | c6e718ea3b9d2120127ac25e1a1d544f7ad9e4d3 (patch) | |
| tree | 339d87b506abf1fffc6ca2b8a1e079c89e5933ee | |
| parent | e4e9bc685d5841e570d5c2dfa37d227477361c24 (diff) | |
Fix forgotten parts of documentation readme generation
| -rw-r--r-- | README.md | 9 | ||||
| -rw-r--r-- | nftnl-sys/README.md | 4 | ||||
| -rw-r--r-- | nftnl/examples/add-rules.rs | 4 | ||||
| -rw-r--r-- | nftnl/src/lib.rs | 7 |
4 files changed, 19 insertions, 5 deletions
@@ -6,19 +6,26 @@ nf_tables subsystem. See [`nftnl-sys`] for the low level FFI bindings to the C l Can be used to create and remove tables, chains, sets and rules from the nftables firewall, the successor to iptables. -This library currently has quite rough edges and does not make adding and removing nftables +This library currently has quite rough edges and does not make adding and removing netfilter entries super easy and elegant. That is partly because the library needs more work, but also partly because nftables is super low level and extremely customizable, making it hard, and probably wrong, to try and create a too simple/limited wrapper. See examples for inspiration. One can also look at how the original project this crate was developed to support uses it: [Mullvad VPN app](https://github.com/mullvad/mullvadvpn-app) +Understanding how to use [`libnftnl`] and implementing this crate has mostly been done by +reading the source code for the [`nftables`] program and attaching debuggers to the `nft` +binary. Since the implementation is mostly based on trial and error, there might of course be +a number of places where the underlying library is used in an invalid or not intended way. +Large portions of [`libnftnl`] are also not covered yet. Contributions are welcome! + ## Selecting version of `libnftnl` See the documentation for the corresponding sys crate for details: [`nftnl-sys`] This crate has the same features as the sys crate, and selecting version works the same. [`libnftnl`]: https://netfilter.org/projects/libnftnl/ +[`nftables`]: https://netfilter.org/projects/nftables/ [`nftnl-sys`]: https://crates.io/crates/nftnl-sys License: MIT/Apache-2.0 diff --git a/nftnl-sys/README.md b/nftnl-sys/README.md index b775d26..c9f726a 100644 --- a/nftnl-sys/README.md +++ b/nftnl-sys/README.md @@ -10,7 +10,7 @@ See [`nftnl`] for a higher level safe abstraction. By default this crate uses pkg-config to find and link to its C dependencies, [`libmnl`] and [`libnftnl`]. To manually configure where to look for these libraries, set the environment variables `LIBMNL_LIB_DIR` and `LIBNFTNL_LIB_DIR` to point to the directories where `libmnl.so` -(or `libmnl.a`) and `libnftnl.so` (or `libnftnl.a`) resides. +(or `libmnl.a`) and `libnftnl.so` (or `libnftnl.a`) reside. ## Selecting version of `libnftnl` @@ -24,7 +24,7 @@ corresponding features. See `Cargo.toml` for available features/versions. So for example, to get bindings to `libnftnl-1.0.9` depend on this crate like this: ```toml [dependencies] -nftnl = { version = "0.1", features = ["nftnl-1-0-9"] } +nftnl-sys = { version = "0.1", features = ["nftnl-1-0-9"] } ``` [`libnftnl`]: https://netfilter.org/projects/libnftnl/ diff --git a/nftnl/examples/add-rules.rs b/nftnl/examples/add-rules.rs index 2d6eba5..496d321 100644 --- a/nftnl/examples/add-rules.rs +++ b/nftnl/examples/add-rules.rs @@ -17,14 +17,14 @@ //! type filter hook output priority 0; policy accept; //! ip daddr 10.1.0.0/24 counter packets 0 bytes 0 accept //! } -//! +//! //! chain chain-for-incoming-packets { //! type filter hook input priority 0; policy accept; //! iif "lo" accept //! } //! } //! ``` -//! +//! //! Try pinging any IP in the network range denoted by the outgoing rule and see the counter //! increment: //! ```bash diff --git a/nftnl/src/lib.rs b/nftnl/src/lib.rs index f1450af..6364289 100644 --- a/nftnl/src/lib.rs +++ b/nftnl/src/lib.rs @@ -19,12 +19,19 @@ //! One can also look at how the original project this crate was developed to support uses it: //! [Mullvad VPN app](https://github.com/mullvad/mullvadvpn-app) //! +//! Understanding how to use [`libnftnl`] and implementing this crate has mostly been done by +//! reading the source code for the [`nftables`] program and attaching debuggers to the `nft` +//! binary. Since the implementation is mostly based on trial and error, there might of course be +//! a number of places where the underlying library is used in an invalid or not intended way. +//! Large portions of [`libnftnl`] are also not covered yet. Contributions are welcome! +//! //! # Selecting version of `libnftnl` //! //! See the documentation for the corresponding sys crate for details: [`nftnl-sys`] //! This crate has the same features as the sys crate, and selecting version works the same. //! //! [`libnftnl`]: https://netfilter.org/projects/libnftnl/ +//! [`nftables`]: https://netfilter.org/projects/nftables/ //! [`nftnl-sys`]: https://crates.io/crates/nftnl-sys pub extern crate nftnl_sys; |