[PATCH nft 3/5] libnftables: consolidate evaluation and netlink run

public inbox for netfilter-devel@vger.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: phil@nwl.cc, fw@strlen.de
Subject: [PATCH nft 3/5] libnftables: consolidate evaluation and netlink run
Date: Wed,  8 Apr 2026 13:59:20 +0200	[thread overview]
Message-ID: <20260408115922.48676-4-pablo@netfilter.org> (raw)
In-Reply-To: <20260408115922.48676-1-pablo@netfilter.org>

Add a helper function to wrap the code that evaluates the list of
commands and serialize them into the netlink batch.

Add a first user: nft_run_cmd_from_buffer(), there is a follow up patch
which will do the same for nft_run_cmd_from_filename().

No functional changes are intended, this comes in preparation to
support several list/reset commands in a batch.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/libnftables.c | 61 ++++++++++++++++++++++++++++-------------------
 1 file changed, 37 insertions(+), 24 deletions(-)

diff --git a/src/libnftables.c b/src/libnftables.c
index 46d9c0df590b..5471ccf6f789 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -618,22 +618,13 @@ static void nft_run_cmd_release(struct nft_ctx *nft,
 	}
 }
 
-EXPORT_SYMBOL(nft_run_cmd_from_buffer);
-int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
+static int nft_eval_run_cmds(struct nft_ctx *nft, struct list_head *msgs,
+			     struct list_head *cmds, int rc)
 {
-	int rc = -EINVAL, parser_rc;
-	LIST_HEAD(msgs);
-	LIST_HEAD(cmds);
-	char *nlbuf;
+	int parser_rc;
 
-	nlbuf = xzalloc(strlen(buf) + 2);
-	sprintf(nlbuf, "%s\n", buf);
-
-	if (nft_output_json(&nft->output) || nft_input_json(&nft->input))
-		rc = nft_parse_json_buffer(nft, nlbuf, &msgs, &cmds);
-	if (rc == -EINVAL)
-		rc = nft_parse_bison_buffer(nft, nlbuf, &msgs, &cmds,
-					    &indesc_cmdline);
+	if (rc < 0)
+		goto err;
 
 #if HAVE_FUZZER_BUILD
 	if (nft->afl_ctx_stage == NFT_AFL_FUZZER_PARSER)
@@ -641,7 +632,7 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
 #endif
 	parser_rc = rc;
 
-	rc = nft_evaluate(nft, &msgs, &cmds);
+	rc = nft_evaluate(nft, msgs, cmds);
 	if (rc < 0) {
 		if (errno == EPERM) {
 			fprintf(stderr, "%s (you must be root)\n",
@@ -655,17 +646,10 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
 		goto err;
 	}
 
-	if (nft_netlink(nft, &cmds, &msgs) != 0)
+	if (nft_netlink(nft, cmds, msgs) != 0)
 		rc = -1;
 err:
-	nft_run_cmd_release(nft, &msgs, &cmds);
-
-	iface_cache_release();
-	if (nft->scanner) {
-		scanner_destroy(nft);
-		nft->scanner = NULL;
-	}
-	free(nlbuf);
+	nft_run_cmd_release(nft, msgs, cmds);
 
 	if (!rc &&
 	    nft_output_json(&nft->output) &&
@@ -678,6 +662,35 @@ err:
 	return rc;
 }
 
+EXPORT_SYMBOL(nft_run_cmd_from_buffer);
+int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
+{
+	int rc = -EINVAL;
+	LIST_HEAD(msgs);
+	LIST_HEAD(cmds);
+	char *nlbuf;
+
+	nlbuf = xzalloc(strlen(buf) + 2);
+	sprintf(nlbuf, "%s\n", buf);
+
+	if (nft_output_json(&nft->output) || nft_input_json(&nft->input))
+		rc = nft_parse_json_buffer(nft, nlbuf, &msgs, &cmds);
+	if (rc == -EINVAL)
+		rc = nft_parse_bison_buffer(nft, nlbuf, &msgs, &cmds,
+					    &indesc_cmdline);
+
+	rc = nft_eval_run_cmds(nft, &msgs, &cmds, rc);
+
+	free(nlbuf);
+	iface_cache_release();
+	if (nft->scanner) {
+		scanner_destroy(nft);
+		nft->scanner = NULL;
+	}
+
+	return rc;
+}
+
 static int load_cmdline_vars(struct nft_ctx *ctx, struct list_head *msgs)
 {
 	unsigned int bufsize, ret, i, offset = 0;
-- 
2.47.3

next prev parent reply	other threads:[~2026-04-08 11:59 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-08 11:59 [PATCH nft 0/5] support for several list and reset commands Pablo Neira Ayuso
2026-04-08 11:59 ` [PATCH nft 1/5] libnftables: report EPERM to non-root users with -f/--filename Pablo Neira Ayuso
2026-04-08 12:03   ` Florian Westphal
2026-04-08 14:12     ` Pablo Neira Ayuso
2026-04-08 11:59 ` [PATCH nft 2/5] libnftables: add nft_run_cmd_release() helper and use it Pablo Neira Ayuso
2026-04-08 11:59 ` Pablo Neira Ayuso [this message]
2026-04-08 11:59 ` [PATCH nft 4/5] libnftables: use nft_eval_run_cmds() in nft_run_cmd_from_filename() Pablo Neira Ayuso
2026-04-08 11:59 ` [PATCH nft 5/5] libnftables: support for several list and reset commands Pablo Neira Ayuso

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:46d9c0df590 dfblob:5471ccf6f78 )
 OR (
bs:"[PATCH nft 3/5] libnftables: consolidate evaluation and netlink run" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260408115922.48676-4-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=fw@strlen.de \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=phil@nwl.cc \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox