diff options
| author | lafleur <lafleur@boum.org> | 2021-11-08 14:57:19 +0100 |
|---|---|---|
| committer | lafleur <lafleur@boum.org> | 2021-11-09 12:43:23 +0100 |
| commit | faf7693637393caa3d274d406677a42eaa824073 (patch) | |
| tree | 319616887f6106619b982ffa82eeb739fa2f5c59 /examples/firewall.rs | |
| parent | 1f8797d6891303be93530ad6538cd2e8bd8782e7 (diff) | |
use feature query in tests
Diffstat (limited to 'examples/firewall.rs')
| -rw-r--r-- | examples/firewall.rs | 34 |
1 files changed, 6 insertions, 28 deletions
diff --git a/examples/firewall.rs b/examples/firewall.rs index edff0b0..f852618 100644 --- a/examples/firewall.rs +++ b/examples/firewall.rs @@ -1,4 +1,5 @@ -use rustables::{Batch, FinalizedBatch, Chain, Hook, Match, MatchError, Policy, Rule, Protocol, ProtoFamily, Table, MsgType, expr::LogGroup}; +use rustables::{Batch, Chain, Hook, Match, MatchError, Policy, Rule, Protocol, ProtoFamily, Table, MsgType, expr::LogGroup}; +use rustables::query::{send_batch, Error as QueryError}; use ipnetwork::IpNetwork; use std::ffi::{CString, NulError}; use std::str::Utf8Error; @@ -18,6 +19,8 @@ pub enum Error { Utf8Error(#[from] Utf8Error), #[error("Error applying batch")] BatchError(#[from] std::io::Error), + #[error("Error applying batch")] + QueryError(#[from] QueryError), } const TABLE_NAME: &str = "main-table"; @@ -96,8 +99,8 @@ impl Firewall { // .expect("Could not convert log prefix string to CString"))) .add_to_batch(&mut batch); - let finalized_batch = batch.finalize().unwrap(); - apply_nftnl_batch(finalized_batch)?; + let mut finalized_batch = batch.finalize().unwrap(); + send_batch(&mut finalized_batch)?; println!("ruleset applied"); Ok(()) } @@ -111,28 +114,3 @@ impl Firewall { } } -fn apply_nftnl_batch(mut nftnl_finalized_batch: FinalizedBatch) - -> Result<(), std::io::Error> { - let socket = mnl::Socket::new(mnl::Bus::Netfilter)?; - socket.send_all(&mut nftnl_finalized_batch)?; - // Parse results from the socket : - let portid = socket.portid(); - let mut buffer = vec![0; rustables::nft_nlmsg_maxsize() as usize]; - // Unclear variable : - let seq = 0; - loop { - let length = socket.recv(&mut buffer[..])?; - if length == 0 { - eprintln!("batch socket returned 0"); - break; - } - match mnl::cb_run(&buffer[..length], seq, portid)? { - mnl::CbResult::Stop => { - break; - } - mnl::CbResult::Ok => (), - } - } - Ok(()) -} - |