diff mbox

[nft,PATH,03/16] libnftables: add nft_run_command_from_buffer

Message ID 20170816204310.3371-4-eric@regit.org
State Changes Requested
Delegated to: Pablo Neira
Headers show

Commit Message

Eric Leblond Aug. 16, 2017, 8:42 p.m. UTC 
Signed-off-by: Eric Leblond <eric@regit.org>
---
 include/nftables/nftables.h |  3 +++
 src/libnftables.c           | 26 +++++++++++++++++++++++++-
 src/main.c                  | 21 +++++++++------------
 3 files changed, 37 insertions(+), 13 deletions(-)

Comments

Phil Sutter Aug. 17, 2017, 9:21 a.m. UTC | #1 
On Wed, Aug 16, 2017 at 10:42:57PM +0200, Eric Leblond wrote:
[...]
> diff --git a/src/libnftables.c b/src/libnftables.c
> index da1b231..9248741 100644
> --- a/src/libnftables.c
> +++ b/src/libnftables.c
> @@ -7,7 +7,6 @@
>   *
>   */
>  
> -#include <nftables/nftables.h>
>  #include <string.h>
>  #include <errno.h>
>  #include <nftables.h>
> @@ -18,6 +17,8 @@
>  #include <libmnl/libmnl.h>
>  #include <mnl.h>
>  
> +#include <nftables/nftables.h>
> +
>  #include <unistd.h>
>  #include <fcntl.h>

Wat? :)

BTW, someone once told me "headers shouldn't include other headers",
though I sometimes doubt that was the whole truth. What do you think, is
"oh, you included our lib's header too early" a bug in the library or
the application?

[...]
> diff --git a/src/main.c b/src/main.c
> index 23af38e..f863dec 100644
[...]
> @@ -367,7 +362,7 @@ int main(int argc, char * const *argv)
>  			nft->output.handle++;
>  			break;
>  		case OPT_ECHO:
> -			nft.output.echo++;
> +			nft->output.echo++;

Rebase scars. :)

Cheers, Phil
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/include/nftables/nftables.h b/include/nftables/nftables.h
index cfa60fe..63150ba 100644
--- a/include/nftables/nftables.h
+++ b/include/nftables/nftables.h
@@ -20,4 +20,7 @@  void nft_global_deinit(void);
 struct nft_ctx *nft_context_new(void);
 void nft_context_free(struct nft_ctx *nft);
 
+int nft_run_command_from_buffer(struct nft_ctx *nft, struct nft_cache *cache,
+				char *buf, size_t buflen);
+
 #endif
diff --git a/src/libnftables.c b/src/libnftables.c
index da1b231..9248741 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -7,7 +7,6 @@ 
  *
  */
 
-#include <nftables/nftables.h>
 #include <string.h>
 #include <errno.h>
 #include <nftables.h>
@@ -18,6 +17,8 @@ 
 #include <libmnl/libmnl.h>
 #include <mnl.h>
 
+#include <nftables/nftables.h>
+
 #include <unistd.h>
 #include <fcntl.h>
 
@@ -71,3 +72,26 @@  void nft_context_free(struct nft_ctx *nft)
 	netlink_close_sock(nft->nf_sock);
 	xfree(nft);
 }
+
+static const struct input_descriptor indesc_cmdline = {
+	.type	= INDESC_BUFFER,
+	.name	= "<cmdline>",
+};
+
+int nft_run_command_from_buffer(struct nft_ctx *nft, struct nft_cache *cache,
+				char *buf, size_t buflen)
+{
+	int rc = NFT_EXIT_SUCCESS;
+	struct parser_state state;
+	LIST_HEAD(msgs);
+	void *scanner;
+
+	parser_init(nft->nf_sock, cache, &state, &msgs);
+	scanner = scanner_init(&state);
+	scanner_push_buffer(scanner, &indesc_cmdline, buf);
+		
+	if (nft_run(nft, nft->nf_sock, cache, scanner, &state, &msgs) != 0)
+		rc = NFT_EXIT_FAILURE;
+
+	return rc;
+}
diff --git a/src/main.c b/src/main.c
index 23af38e..f863dec 100644
--- a/src/main.c
+++ b/src/main.c
@@ -18,8 +18,8 @@ 
 #include <fcntl.h>
 #include <sys/types.h>
 
-#include <nftables/nftables.h>
 #include <nftables.h>
+#include <nftables/nftables.h>
 #include <utils.h>
 #include <parser.h>
 #include <rule.h>
@@ -182,11 +182,6 @@  static const struct {
 };
 #endif
 
-static const struct input_descriptor indesc_cmdline = {
-	.type	= INDESC_BUFFER,
-	.name	= "<cmdline>",
-};
-
 static int nft_netlink(struct nft_ctx *nft, struct nft_cache *cache,
 		       struct parser_state *state, struct list_head *msgs,
 		       struct mnl_socket *nf_sock)
@@ -367,7 +362,7 @@  int main(int argc, char * const *argv)
 			nft->output.handle++;
 			break;
 		case OPT_ECHO:
-			nft.output.echo++;
+			nft->output.echo++;
 			break;
 		case OPT_INVALID:
 			exit(NFT_EXIT_FAILURE);
@@ -385,9 +380,10 @@  int main(int argc, char * const *argv)
 				strcat(buf, " ");
 		}
 		strcat(buf, "\n");
-		parser_init(nft->nf_sock, &cache, &state, &msgs);
-		scanner = scanner_init(&state);
-		scanner_push_buffer(scanner, &indesc_cmdline, buf);
+		rc = nft_run_command_from_buffer(nft, &cache, buf, len + 2);
+		if (rc < 0)
+			return rc;
+		goto libout;
 	} else if (filename != NULL) {
 		rc = cache_update(nft->nf_sock, &cache, CMD_INVALID, &msgs);
 		if (rc < 0)
@@ -397,6 +393,8 @@  int main(int argc, char * const *argv)
 		scanner = scanner_init(&state);
 		if (scanner_read_file(scanner, filename, &internal_location) < 0)
 			goto out;
+		if (nft_run(nft, nft->nf_sock, &cache, scanner, &state, &msgs) != 0)
+			rc = NFT_EXIT_FAILURE;
 	} else if (interactive) {
 		if (cli_init(nft, nft->nf_sock, &cache, &state) < 0) {
 			fprintf(stderr, "%s: interactive CLI not supported in this build\n",
@@ -409,11 +407,10 @@  int main(int argc, char * const *argv)
 		exit(NFT_EXIT_FAILURE);
 	}
 
-	if (nft_run(nft, nft->nf_sock, &cache, scanner, &state, &msgs) != 0)
-		rc = NFT_EXIT_FAILURE;
 out:
 	scanner_destroy(scanner);
 	erec_print_list(stderr, &msgs);
+libout:
 	xfree(buf);
 	cache_release(&cache);
 	iface_cache_release();