[libnftnl PATCH 1/2] examples: nft-set-json-add: generalize parsing format support

[libnftnl PATCH 1/2] examples: nft-set-json-add: generalize parsing format support

[Arturo Borrero Gonzalez]

Let's create a single code example with XML/JSON support.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 examples/Makefile.am         |    6 +-
 examples/nft-set-json-add.c  |  124 -----------------------------------
 examples/nft-set-parse-add.c |  147 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 150 insertions(+), 127 deletions(-)
 delete mode 100644 examples/nft-set-json-add.c
 create mode 100644 examples/nft-set-parse-add.c

diff --git a/examples/Makefile.am b/examples/Makefile.am
index 2559f5c..fafcb76 100644
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -15,7 +15,7 @@ check_PROGRAMS = nft-table-add		\
 		 nft-rule-get		\
 		 nft-events		\
 		 nft-set-add		\
-		 nft-set-json-add	\
+		 nft-set-parse-add	\
 		 nft-set-get		\
 		 nft-set-del		\
 		 nft-set-elem-add	\
@@ -69,8 +69,8 @@ nft_events_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 nft_set_add_SOURCES = nft-set-add.c
 nft_set_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
-nft_set_json_add_SOURCES = nft-set-json-add.c
-nft_set_json_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
+nft_set_parse_add_SOURCES = nft-set-parse-add.c
+nft_set_parse_add_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
 
 nft_set_del_SOURCES = nft-set-del.c
 nft_set_del_LDADD = ../src/libnftnl.la ${LIBMNL_LIBS}
diff --git a/examples/nft-set-json-add.c b/examples/nft-set-json-add.c
deleted file mode 100644
index a4535da..0000000
--- a/examples/nft-set-json-add.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * (C) 2013 by Álvaro Neira Ayuso <alvaroneay@gmail.com>
- *
- * Based on nft-set-xml-add from:
- *
- * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
- * (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- */
-
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <netinet/in.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <errno.h>
-
-#include <linux/netfilter.h>
-#include <linux/netfilter/nf_tables.h>
-
-#include <libmnl/libmnl.h>
-#include <libnftnl/set.h>
-
-int main(int argc, char *argv[])
-{
-	struct mnl_socket *nl;
-	char buf[MNL_SOCKET_BUFFER_SIZE];
-	struct nlmsghdr *nlh;
-	uint32_t portid, seq;
-	struct nft_set *s;
-	int ret, fd;
-	uint16_t family;
-	char json[4096];
-	char reprint[4096];
-	struct nft_parse_err *err;
-
-	if (argc < 2) {
-		printf("Usage: %s <json-file>\n", argv[0]);
-		exit(EXIT_FAILURE);
-	}
-
-	s = nft_set_alloc();
-	if (s == NULL) {
-		perror("OOM");
-		exit(EXIT_FAILURE);
-	}
-
-	fd = open(argv[1], O_RDONLY);
-	if (fd < 0) {
-		perror("open");
-		exit(EXIT_FAILURE);
-	}
-
-	if (read(fd, json, sizeof(json)) < 0) {
-		perror("read");
-		close(fd);
-		exit(EXIT_FAILURE);
-	}
-
-	err = nft_parse_err_alloc();
-	if (err == NULL) {
-		perror("error");
-		exit(EXIT_FAILURE);
-	}
-
-	close(fd);
-
-	if (nft_set_parse(s, NFT_PARSE_JSON, json, err) < 0) {
-		nft_parse_perror("Unable to parse JSON file", err);
-		exit(EXIT_FAILURE);
-	}
-
-	nft_set_snprintf(reprint, sizeof(reprint), s, NFT_OUTPUT_JSON, 0);
-	printf("Parsed:\n%s\n", reprint);
-
-	family = nft_set_attr_get_u32(s, NFT_SET_ATTR_FAMILY);
-
-	seq = time(NULL);
-
-	nlh = nft_set_nlmsg_build_hdr(buf, NFT_MSG_NEWSET, family,
-					NLM_F_CREATE|NLM_F_ACK, seq);
-	nft_set_nlmsg_build_payload(nlh, s);
-	nft_set_free(s);
-	nft_parse_err_free(err);
-
-	nl = mnl_socket_open(NETLINK_NETFILTER);
-	if (nl == NULL) {
-		perror("mnl_socket_open");
-		exit(EXIT_FAILURE);
-	}
-
-	if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
-		perror("mnl_socket_bind");
-		exit(EXIT_FAILURE);
-	}
-	portid = mnl_socket_get_portid(nl);
-
-	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
-		perror("mnl_socket_send");
-		exit(EXIT_FAILURE);
-	}
-
-	ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
-	while (ret > 0) {
-		ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
-		if (ret <= 0)
-			break;
-		ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
-	}
-	if (ret == -1) {
-		perror("error");
-		exit(EXIT_FAILURE);
-	}
-
-	mnl_socket_close(nl);
-
-	return EXIT_SUCCESS;
-}
diff --git a/examples/nft-set-parse-add.c b/examples/nft-set-parse-add.c
new file mode 100644
index 0000000..b74ad7f
--- /dev/null
+++ b/examples/nft-set-parse-add.c
@@ -0,0 +1,147 @@
+/*
+ * (C) 2013 by Álvaro Neira Ayuso <alvaroneay@gmail.com>
+ *
+ * Based on nft-set-xml-add from:
+ *
+ * (C) 2013 by Pablo Neira Ayuso <pablo@netfilter.org>
+ * (C) 2013 by Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <netinet/in.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include <linux/netfilter.h>
+#include <linux/netfilter/nf_tables.h>
+
+#include <libmnl/libmnl.h>
+#include <libnftnl/set.h>
+
+static struct nft_set *set_parse_file(const char *file, uint16_t format)
+{
+	int fd;
+	struct nft_set *s;
+	struct nft_parse_err *err;
+	char data[4096];
+
+	s = nft_set_alloc();
+	if (s == NULL) {
+		perror("OOM");
+		return NULL;
+	}
+
+	fd = open(file, O_RDONLY);
+	if (fd < 0) {
+		perror("open");
+		return NULL;
+	}
+
+	if (read(fd, data, sizeof(data)) < 0) {
+		perror("read");
+		close(fd);
+		return NULL;
+	}
+	close(fd);
+
+	err = nft_parse_err_alloc();
+	if (err == NULL) {
+		perror("error");
+		return NULL;
+	}
+
+	if (nft_set_parse(s, format, data, err) < 0) {
+		nft_parse_perror("Unable to parse file", err);
+		nft_parse_err_free(err);
+		return NULL;
+	}
+
+	nft_parse_err_free(err);
+	return s;
+
+}
+
+int main(int argc, char *argv[])
+{
+	struct mnl_socket *nl;
+	char buf[MNL_SOCKET_BUFFER_SIZE];
+	struct nlmsghdr *nlh;
+	uint32_t portid, seq;
+	struct nft_set *s;
+	int ret;
+	uint16_t family, format, outformat;
+
+	if (argc < 2) {
+		printf("Usage: %s {xml|json} <file>\n", argv[0]);
+		exit(EXIT_FAILURE);
+	}
+
+	if (strcmp(argv[1], "xml") == 0) {
+		format = NFT_PARSE_XML;
+		outformat = NFT_OUTPUT_XML;
+	} else if (strcmp(argv[1], "json") == 0) {
+		format = NFT_PARSE_JSON;
+		outformat = NFT_OUTPUT_JSON;
+	} else {
+		printf("Unknown format: xml, json\n");
+		exit(EXIT_FAILURE);
+	}
+
+	s = set_parse_file(argv[2], format);
+	if (s == NULL)
+		exit(EXIT_FAILURE);
+
+	nft_set_fprintf(stdout, s, outformat, 0);
+	fprintf(stdout, "\n");
+
+	family = nft_set_attr_get_u32(s, NFT_SET_ATTR_FAMILY);
+
+	seq = time(NULL);
+
+	nlh = nft_set_nlmsg_build_hdr(buf, NFT_MSG_NEWSET, family,
+					NLM_F_CREATE|NLM_F_ACK, seq);
+	nft_set_nlmsg_build_payload(nlh, s);
+	nft_set_free(s);
+
+	nl = mnl_socket_open(NETLINK_NETFILTER);
+	if (nl == NULL) {
+		perror("mnl_socket_open");
+		exit(EXIT_FAILURE);
+	}
+
+	if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
+		perror("mnl_socket_bind");
+		exit(EXIT_FAILURE);
+	}
+	portid = mnl_socket_get_portid(nl);
+
+	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
+		perror("mnl_socket_send");
+		exit(EXIT_FAILURE);
+	}
+
+	ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
+	while (ret > 0) {
+		ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
+		if (ret <= 0)
+			break;
+		ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
+	}
+	if (ret == -1) {
+		perror("error");
+		exit(EXIT_FAILURE);
+	}
+
+	mnl_socket_close(nl);
+
+	return EXIT_SUCCESS;
+}

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[libnftnl PATCH 2/2] examples: nft-set-parse-add: give batching support

[Arturo Borrero Gonzalez]

Batching is needed in current kernels.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 examples/nft-set-parse-add.c |   43 ++++++++++++++++++++++++++++++++++--------
 1 file changed, 35 insertions(+), 8 deletions(-)

diff --git a/examples/nft-set-parse-add.c b/examples/nft-set-parse-add.c
index b74ad7f..f21385f 100644
--- a/examples/nft-set-parse-add.c
+++ b/examples/nft-set-parse-add.c
@@ -23,6 +23,7 @@
 
 #include <linux/netfilter.h>
 #include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter/nfnetlink.h>
 
 #include <libmnl/libmnl.h>
 #include <libnftnl/set.h>
@@ -66,6 +67,8 @@ static struct nft_set *set_parse_file(const char *file, uint16_t format)
 	}
 
 	nft_parse_err_free(err);
+
+	nft_set_attr_set_u32(s, NFT_SET_ATTR_ID, 1);
 	return s;
 
 }
@@ -75,10 +78,11 @@ int main(int argc, char *argv[])
 	struct mnl_socket *nl;
 	char buf[MNL_SOCKET_BUFFER_SIZE];
 	struct nlmsghdr *nlh;
-	uint32_t portid, seq;
+	uint32_t portid, seq, set_seq;
 	struct nft_set *s;
-	int ret;
+	int ret, batching;
 	uint16_t family, format, outformat;
+	struct mnl_nlmsg_batch *batch;
 
 	if (argc < 2) {
 		printf("Usage: %s {xml|json} <file>\n", argv[0]);
@@ -103,14 +107,34 @@ int main(int argc, char *argv[])
 	nft_set_fprintf(stdout, s, outformat, 0);
 	fprintf(stdout, "\n");
 
-	family = nft_set_attr_get_u32(s, NFT_SET_ATTR_FAMILY);
-
 	seq = time(NULL);
+	batching = nft_batch_is_supported();
+	if (batching < 0) {
+		perror("cannot talk to nfnetlink");
+		exit(EXIT_FAILURE);
+	}
+
+	batch = mnl_nlmsg_batch_start(buf, sizeof(buf));
 
-	nlh = nft_set_nlmsg_build_hdr(buf, NFT_MSG_NEWSET, family,
-					NLM_F_CREATE|NLM_F_ACK, seq);
+	if (batching) {
+		nft_batch_begin(mnl_nlmsg_batch_current(batch), seq++);
+		mnl_nlmsg_batch_next(batch);
+	}
+
+	family = nft_set_attr_get_u32(s, NFT_SET_ATTR_FAMILY);
+
+	set_seq = seq;
+	nlh = nft_set_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch),
+				      NFT_MSG_NEWSET, family,
+				      NLM_F_CREATE|NLM_F_ACK, seq++);
 	nft_set_nlmsg_build_payload(nlh, s);
 	nft_set_free(s);
+	mnl_nlmsg_batch_next(batch);
+
+	if (batching) {
+		nft_batch_end(mnl_nlmsg_batch_current(batch), seq++);
+		mnl_nlmsg_batch_next(batch);
+	}
 
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL) {
@@ -124,14 +148,17 @@ int main(int argc, char *argv[])
 	}
 	portid = mnl_socket_get_portid(nl);
 
-	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
+	if (mnl_socket_sendto(nl, mnl_nlmsg_batch_head(batch),
+			      mnl_nlmsg_batch_size(batch)) < 0) {
 		perror("mnl_socket_send");
 		exit(EXIT_FAILURE);
 	}
 
+	mnl_nlmsg_batch_stop(batch);
+
 	ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
 	while (ret > 0) {
-		ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL);
+		ret = mnl_cb_run(buf, ret, set_seq, portid, NULL, NULL);
 		if (ret <= 0)
 			break;
 		ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));

Re: [libnftnl PATCH 1/2] examples: nft-set-json-add: generalize parsing format support

[Pablo Neira Ayuso]

On Fri, Sep 26, 2014 at 08:34:42PM +0200, Arturo Borrero Gonzalez wrote:
> Let's create a single code example with XML/JSON support.

Applied, thanks.

Re: [libnftnl PATCH 2/2] examples: nft-set-parse-add: give batching support

[Pablo Neira Ayuso]

On Fri, Sep 26, 2014 at 08:34:48PM +0200, Arturo Borrero Gonzalez wrote:
> @@ -66,6 +67,8 @@ static struct nft_set *set_parse_file(const char *file, uint16_t format)
>  	}
>  
>  	nft_parse_err_free(err);
> +
> +	nft_set_attr_set_u32(s, NFT_SET_ATTR_ID, 1);
>  	return s;
>  
>  }

I guess this works if you parse one single set definition in a file.
With more than one set, this will break.

IIRC, Alvaro started a patch time ago to add a new interface to
libnftnl to handle the set internal id which was incomplete.

Cc'ing him to know its status.

Re: [libnftnl PATCH 2/2] examples: nft-set-parse-add: give batching support

[Pablo Neira Ayuso]

On Mon, Sep 29, 2014 at 05:35:44PM +0200, Arturo Borrero Gonzalez wrote:
> El 29/09/2014 17:02, "Pablo Neira Ayuso" <pablo@netfilter.org> escribió:
> >
> > On Fri, Sep 26, 2014 at 08:34:48PM +0200, Arturo Borrero Gonzalez wrote:
> > > @@ -66,6 +67,8 @@ static struct nft_set *set_parse_file(const char
> *file, uint16_t format)
> > >       }
> > >
> > >       nft_parse_err_free(err);
> > > +
> > > +     nft_set_attr_set_u32(s, NFT_SET_ATTR_ID, 1);
> > >       return s;
> > >
> > >  }
> >
> > I guess this works if you parse one single set definition in a file.
> > With more than one set, this will break.
> >
> > IIRC, Alvaro started a patch time ago to add a new interface to
> > libnftnl to handle the set internal id which was incomplete.
> >
> > Cc'ing him to know its status.
> 
> Yes, there is a issue here. But this code example just parse one set.

Right. Then applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html