Creating nftables

[AZ]

Hello,

I was looking at extending pyroute2 so it can create and manage nftables. Looking at the kernel source, I can see that the nla attributes required to create a new table are:

(https://github.com/torvalds/linux/blob/c4f4d2f917729e9b7b8bb452bf4971be93e7a15f/net/netfilter/nf_tables_api.c#L661)

   - NFTA_TABLE_NAME

I craft the nla payload: With the following:

    def new_table(self):

        msg = nfgen_msg()

        msg['attrs'] = [('NFTA_TABLE_NAME', 'test')]

        return self.request(msg, NFT_MSG_NEWTABLE,

                            msg_flags=NLM_F_REQUEST | NLM_F_ACK | NLM_F_EXCL)

NLA payload displayed:

{'attrs': [('NFTA_TABLE_NAME', 'test')],

 'flags': 2,

 'header': {},

 'nfgen_family': 2,

 'res_id': 0,

 'value': <class 'pyroute2.netlink.NotInitialized'>,

 'version': 0}

And I get the following exception

  22, 'Invalid argument'

I was wondering if anyone could point me in the right direction so i can move forward with this. 

Thanks!

[Peter Saveliev]

I didn't work with nftables too close, so I have no idea yet. There is some proof-of-concept in the library, but not too functional.

But tonight I'll play a bit with nftables, we'll see what we can do.

--
You received this message because you are subscribed to the Google Groups "pyroute2-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pyroute2-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Peter Saveliev]

I played a bit, and there is some prototype: https://github.com/svinota/pyroute2/commit/9efb9be7997cbebd52f1f1c05abdf9df637b154d

It looks like the nft management requires generic netlink transactions.

I will think how to form a reasonable API from that, but you can already try to investigate on the lowest level using the prototype as an example.