[PATCH] src: Export nftnl_set_clone symbol

[PATCH] src: Export nftnl_set_clone symbol

[chlorodose]

Seems that nftnl_set_clone is forgot to be exported, we add it back.

Signed-off-by: chlorodose <chlorodose@gmail.com>
---
 src/set.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/set.c b/src/set.c
index 54674bc..e5e51b6 100644
--- a/src/set.c
+++ b/src/set.c
@@ -360,6 +360,7 @@ uint64_t nftnl_set_get_u64(const struct nftnl_set *s, uint16_t attr)
 	return val ? *val : 0;
 }
 
+EXPORT_SYMBOL(nftnl_set_clone);
 struct nftnl_set *nftnl_set_clone(const struct nftnl_set *set)
 {
 	struct nftnl_set *newset;
-- 
2.52.0

Re: [PATCH] src: Export nftnl_set_clone symbol

[Phil Sutter]

Hi chlorodose,

On Wed, Mar 18, 2026 at 10:56:51AM +0800, chlorodose wrote:
> Seems that nftnl_set_clone is forgot to be exported, we add it back.
> 
> Signed-off-by: chlorodose <chlorodose@gmail.com>
> ---
>  src/set.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/src/set.c b/src/set.c
> index 54674bc..e5e51b6 100644
> --- a/src/set.c
> +++ b/src/set.c
> @@ -360,6 +360,7 @@ uint64_t nftnl_set_get_u64(const struct nftnl_set *s, uint16_t attr)
>  	return val ? *val : 0;
>  }
>  
> +EXPORT_SYMBOL(nftnl_set_clone);
>  struct nftnl_set *nftnl_set_clone(const struct nftnl_set *set)
>  {
>  	struct nftnl_set *newset;

Don't you also have to add it to src/libnftnl.map? How did you test this
patch?

Looking at the function itself, I fear the code is not correct anymore.
E.g., it does not clone expr_list or user.data. If I was to decide, I'd
rather drop it entirely instead of polishing it up. What's your
use-case?

Cheers, Phil

Re: [PATCH] src: Export nftnl_set_clone symbol

[Pablo Neira Ayuso]

On Wed, Mar 18, 2026 at 11:46:14AM +0100, Phil Sutter wrote:
> Hi chlorodose,
> 
> On Wed, Mar 18, 2026 at 10:56:51AM +0800, chlorodose wrote:
> > Seems that nftnl_set_clone is forgot to be exported, we add it back.
> > 
> > Signed-off-by: chlorodose <chlorodose@gmail.com>
> > ---
> >  src/set.c | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/src/set.c b/src/set.c
> > index 54674bc..e5e51b6 100644
> > --- a/src/set.c
> > +++ b/src/set.c
> > @@ -360,6 +360,7 @@ uint64_t nftnl_set_get_u64(const struct nftnl_set *s, uint16_t attr)
> >  	return val ? *val : 0;
> >  }
> >  
> > +EXPORT_SYMBOL(nftnl_set_clone);
> >  struct nftnl_set *nftnl_set_clone(const struct nftnl_set *set)
> >  {
> >  	struct nftnl_set *newset;
> 
> Don't you also have to add it to src/libnftnl.map? How did you test this
> patch?
> 
> Looking at the function itself, I fear the code is not correct anymore.
> E.g., it does not clone expr_list or user.data. If I was to decide, I'd
> rather drop it entirely instead of polishing it up. What's your
> use-case?

Indeed, this function is internal and it is incomplete. it does not
provide a full clone.

Re: [PATCH] src: Export nftnl_set_clone symbol

[Phil Sutter]

On Wed, Mar 18, 2026 at 06:03:58PM +0100, Pablo Neira Ayuso wrote:
> On Wed, Mar 18, 2026 at 11:46:14AM +0100, Phil Sutter wrote:
> > Hi chlorodose,
> > 
> > On Wed, Mar 18, 2026 at 10:56:51AM +0800, chlorodose wrote:
> > > Seems that nftnl_set_clone is forgot to be exported, we add it back.
> > > 
> > > Signed-off-by: chlorodose <chlorodose@gmail.com>
> > > ---
> > >  src/set.c | 1 +
> > >  1 file changed, 1 insertion(+)
> > > 
> > > diff --git a/src/set.c b/src/set.c
> > > index 54674bc..e5e51b6 100644
> > > --- a/src/set.c
> > > +++ b/src/set.c
> > > @@ -360,6 +360,7 @@ uint64_t nftnl_set_get_u64(const struct nftnl_set *s, uint16_t attr)
> > >  	return val ? *val : 0;
> > >  }
> > >  
> > > +EXPORT_SYMBOL(nftnl_set_clone);
> > >  struct nftnl_set *nftnl_set_clone(const struct nftnl_set *set)
> > >  {
> > >  	struct nftnl_set *newset;
> > 
> > Don't you also have to add it to src/libnftnl.map? How did you test this
> > patch?
> > 
> > Looking at the function itself, I fear the code is not correct anymore.
> > E.g., it does not clone expr_list or user.data. If I was to decide, I'd
> > rather drop it entirely instead of polishing it up. What's your
> > use-case?
> 
> Indeed, this function is internal and it is incomplete. it does not
> provide a full clone.

I don't see it called inside libnftnl, though. Ah, it seems to have been
used by the JSON API dropped in commit 80077787f8f21 ("src: remove json
support"). And since we did not export it yet, we're safe to drop it
unless chlorodose has a proper use-case for it.

Cheers, Phil

Re: [PATCH] src: Export nftnl_set_clone symbol

[Chloro Dose]

I have a use case where I want to construct a daemon that keeps a
reference to an nft_set and repeatedly uses it to handle requests to
add elems. I assume I must clone the nft_set from a clean copy each
time, otherwise I'll resend all previous elements to the kernel. But
I'm just starting to learn nftables, so I'm not sure my understanding
is correct. Am I misunderstanding something here?

Re: [PATCH] src: Export nftnl_set_clone symbol

[Phil Sutter]

Hi Chloro,

On Thu, Mar 19, 2026 at 08:15:35AM +0800, Chloro Dose wrote:
> I have a use case where I want to construct a daemon that keeps a
> reference to an nft_set and repeatedly uses it to handle requests to
> add elems. I assume I must clone the nft_set from a clean copy each
> time, otherwise I'll resend all previous elements to the kernel. But
> I'm just starting to learn nftables, so I'm not sure my understanding
> is correct. Am I misunderstanding something here?

All you need to keep record of is the set's name and that of the table
it belongs to as well as the latter's family. With this data you may
generate a NFT_MSG_NEWSETELEM-type message for the kernel to add one or
many elements to an existing set. For reference, mnl_nft_setelem_batch()
in nftables.git/src/mnl.c should be a good example of how to do this
using libnftnl and libmnl.

Cheers, Phil