clinuxfirewallnftables

linux libnftables export rules


how to use :

# man 3 libnftables
const char *nft_ctx_get_output_buffer(struct nft_ctx *ctx);

I want save nftables rules (without print on console). but nft_run_cmd_from_buffer immediately print rules on console .

this is my example code :

#include <stdlib.h>
#include <nftables/libnftables.h>

int main(void)
{
    struct nft_ctx *ctx;
    int err;

    ctx = nft_ctx_new(0);
    if (!ctx) {
        perror("cannot allocate nft context");
        return EXIT_FAILURE;
    }

    nft_ctx_output_set_flags(ctx, NFT_CTX_OUTPUT_HANDLE | NFT_CTX_OUTPUT_JSON);

    const char* output = nft_ctx_get_output_buffer(ctx);
    err = nft_run_cmd_from_buffer(ctx, "list ruleset");
    if (err < 0)
        fprintf(stderr, "failed to run nftables command\n");

    nft_ctx_free(ctx);

    printf ("-----------------------------------------------------\n");
    printf(">> %s\n",output);
 
    return EXIT_SUCCESS;
}

Solution

  • Thank you , finally fixed the problem :
    According to manual page :

    At the very basic level, one has to allocate a new object of type struct nft_ctx using nft_ctx_new() function, then pass commands via nft_run_cmd_from_buffer() or nft_run_cmd_from_filename() functions. By default, any output is written to stdout (or stderr for error messages). These file pointers may be changed using nft_ctx_set_output() and nft_ctx_set_error() functions. On top of that, it is possible to have any output buffered by the library for later retrieval as a static buffer. See nft_ctx_buffer_output() and nft_ctx_buffer_error() functions for details.

    so code is :

    #include <stdio.h>
    #include <stdlib.h>
    #include <nftables/libnftables.h>
    
    int main() {
      struct nft_ctx *ctx;
      int err;
      const char *output;
    
      ctx = nft_ctx_new(0);
      if (!ctx) {
          perror("cannot allocate nft context");
          return EXIT_FAILURE;
      }
     
      nft_ctx_output_set_flags(ctx, NFT_CTX_OUTPUT_HANDLE | NFT_CTX_OUTPUT_JSON);
      nft_ctx_buffer_output(ctx);
    
      err = nft_run_cmd_from_buffer(ctx, "list ruleset");
      if (err < 0)
         fprintf(stderr, "failed to run nftables command\n");
    
      output = nft_ctx_get_output_buffer(ctx); 
      if (output != NULL) {
         printf("Output: %s\n", output);
      }
    
      nft_ctx_free(ctx);
      return EXIT_SUCCESS;
    }