Signed-off-by: Eric Leblond <e...@regit.org>
---
include/nftables/nftables.h | 3 +++
src/libnftables.c | 26 +++++++++++++++++++++++++-
src/main.c | 21 +++++++++------------
3 files changed, 37 insertions(+), 13 deletions(-)
diff --git a/include/nftables/nftables.h b/include/nftables/nftables.h
index cfa60fe..63150ba 100644
--- a/include/nftables/nftables.h
+++ b/include/nftables/nftables.h
@@ -20,4 +20,7 @@ void nft_global_deinit(void);
struct nft_ctx *nft_context_new(void);
void nft_context_free(struct nft_ctx *nft);
+int nft_run_command_from_buffer(struct nft_ctx *nft, struct nft_cache *cache,
+ char *buf, size_t buflen);
+
#endif
diff --git a/src/libnftables.c b/src/libnftables.c
index da1b231..9248741 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -7,7 +7,6 @@
*
*/
-#include <nftables/nftables.h>
#include <string.h>
#include <errno.h>
#include <nftables.h>
@@ -18,6 +17,8 @@
#include <libmnl/libmnl.h>
#include <mnl.h>
+#include <nftables/nftables.h>
+
#include <unistd.h>
#include <fcntl.h>
@@ -71,3 +72,26 @@ void nft_context_free(struct nft_ctx *nft)
netlink_close_sock(nft->nf_sock);
xfree(nft);
}
+
+static const struct input_descriptor indesc_cmdline = {
+ .type = INDESC_BUFFER,
+ .name = "<cmdline>",
+};
+
+int nft_run_command_from_buffer(struct nft_ctx *nft, struct nft_cache *cache,
+ char *buf, size_t buflen)
+{
+ int rc = NFT_EXIT_SUCCESS;
+ struct parser_state state;
+ LIST_HEAD(msgs);
+ void *scanner;
+
+ parser_init(nft->nf_sock, cache, &state, &msgs);
+ scanner = scanner_init(&state);
+ scanner_push_buffer(scanner, &indesc_cmdline, buf);
+
+ if (nft_run(nft, nft->nf_sock, cache, scanner, &state, &msgs) != 0)
+ rc = NFT_EXIT_FAILURE;
+
+ return rc;
+}
diff --git a/src/main.c b/src/main.c
index 23af38e..f863dec 100644
--- a/src/main.c
+++ b/src/main.c
@@ -18,8 +18,8 @@
#include <fcntl.h>
#include <sys/types.h>
-#include <nftables/nftables.h>
#include <nftables.h>
+#include <nftables/nftables.h>
#include <utils.h>
#include <parser.h>
#include <rule.h>
@@ -182,11 +182,6 @@ static const struct {
};
#endif
-static const struct input_descriptor indesc_cmdline = {
- .type = INDESC_BUFFER,
- .name = "<cmdline>",
-};
-
static int nft_netlink(struct nft_ctx *nft, struct nft_cache *cache,
struct parser_state *state, struct list_head *msgs,
struct mnl_socket *nf_sock)
@@ -367,7 +362,7 @@ int main(int argc, char * const *argv)
nft->output.handle++;
break;
case OPT_ECHO:
- nft.output.echo++;
+ nft->output.echo++;
break;
case OPT_INVALID:
exit(NFT_EXIT_FAILURE);
@@ -385,9 +380,10 @@ int main(int argc, char * const *argv)
strcat(buf, " ");
}
strcat(buf, "\n");
- parser_init(nft->nf_sock, &cache, &state, &msgs);
- scanner = scanner_init(&state);
- scanner_push_buffer(scanner, &indesc_cmdline, buf);
+ rc = nft_run_command_from_buffer(nft, &cache, buf, len + 2);
+ if (rc < 0)
+ return rc;
+ goto libout;
} else if (filename != NULL) {
rc = cache_update(nft->nf_sock, &cache, CMD_INVALID, &msgs);
if (rc < 0)
@@ -397,6 +393,8 @@ int main(int argc, char * const *argv)
scanner = scanner_init(&state);
if (scanner_read_file(scanner, filename, &internal_location) <
0)
goto out;
+ if (nft_run(nft, nft->nf_sock, &cache, scanner, &state, &msgs)
!= 0)
+ rc = NFT_EXIT_FAILURE;
} else if (interactive) {
if (cli_init(nft, nft->nf_sock, &cache, &state) < 0) {
fprintf(stderr, "%s: interactive CLI not supported in
this build\n",
@@ -409,11 +407,10 @@ int main(int argc, char * const *argv)
exit(NFT_EXIT_FAILURE);
}
- if (nft_run(nft, nft->nf_sock, &cache, scanner, &state, &msgs) != 0)
- rc = NFT_EXIT_FAILURE;
out:
scanner_destroy(scanner);
erec_print_list(stderr, &msgs);
+libout:
xfree(buf);
cache_release(&cache);
iface_cache_release();
--
2.14.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
