diff options
| author | Simon THOBY <git@nightmared.fr> | 2022-11-13 18:32:22 +0100 |
|---|---|---|
| committer | Simon THOBY <git@nightmared.fr> | 2022-11-13 18:32:22 +0100 |
| commit | 22edb0197854bf4f504e833e69b0e545d382f065 (patch) | |
| tree | f7af8b1f7375de41c2e528ba8ae0a97bd3186d5c /examples | |
| parent | f8effdd348e38f51f6ec7b24c4c27e6602538445 (diff) | |
wip: exprs
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/add-rules.rs | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/examples/add-rules.rs b/examples/add-rules.rs index a9c3539..cb4e41c 100644 --- a/examples/add-rules.rs +++ b/examples/add-rules.rs @@ -38,8 +38,9 @@ use ipnetwork::{IpNetwork, Ipv4Network}; use rustables::{ - list_chains_for_table, list_tables, Batch, Chain, ChainPolicy, Hook, HookClass, MsgType, - ProtocolFamily, Table, + expr::{ExpressionList, Immediate, VerdictKind}, + list_chains_for_table, list_rules_for_chain, list_tables, Batch, Chain, ChainPolicy, Hook, + HookClass, MsgType, ProtocolFamily, Rule, Table, }; //use rustables::{nft_expr, query::send_batch, sys::libc, Batch, Chain, Rule, Table}; use std::{ffi::CString, io, net::Ipv4Addr, rc::Rc}; @@ -49,6 +50,8 @@ const OUT_CHAIN_NAME: &str = "chain-for-outgoing-packets"; const IN_CHAIN_NAME: &str = "chain-for-incoming-packets"; fn main() -> Result<(), Error> { + env_logger::init(); + // Create a batch. This is used to store all the netlink messages we will later send. // Creating a new batch also automatically writes the initial batch begin message needed // to tell netlink this is a single transaction that might arrive over multiple netlink packets. @@ -78,6 +81,23 @@ fn main() -> Result<(), Error> { batch.add(&out_chain, MsgType::Add); batch.add(&in_chain, MsgType::Add); + let rule = Rule::new(&in_chain)?.with_expressions( + ExpressionList::builder().with_expression(Immediate::new_verdict(VerdictKind::Accept)), + ); + + batch.add(&rule, MsgType::Add); + + let rule = Rule::new(&in_chain)?.with_expressions( + ExpressionList::builder() + .with_expression(Immediate::new_data( + vec![1, 2, 3, 4], + rustables::expr::Register::Reg2, + )) + .with_expression(Immediate::new_verdict(VerdictKind::Continue)), + ); + + batch.add(&rule, MsgType::Add); + // // === ADD RULE ALLOWING ALL TRAFFIC TO THE LOOPBACK DEVICE === // // // Create a new rule object under the input chain. @@ -170,7 +190,17 @@ fn main() -> Result<(), Error> { // netfilter the we reached the end of the transaction message. It's also converted to a // Vec<u8>, containing the raw netlink data so it can be sent over a netlink socket to netfilter. // Finally, the batch is sent over to the kernel. - Ok(batch.send()?) + batch.send()?; + + let tables = list_tables()?; + let chains = list_chains_for_table(&tables[0])?; + let rules = list_rules_for_chain(&chains[1])?; + for rule in rules { + for expr in rule.get_expressions().unwrap().iter() { + println!("{:?}", expr); + } + } + Ok(()) } // Look up the interface index for a given interface name. |