On Tue, Oct 21, 2014 at 01:25:47PM +0200, Arturo Borrero Gonzalez wrote:
> The import operation reads a XML or JSON file, with syntax:
> % nft import {xml|json}
>
> A basic way to test this new functionality is:
> % nft export xml | nft import xml
>
> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
> ---
>
> NOTE: This patchs requires:
> * [nft] mnl: delete useless parameter nf_sock in batch functions
> * [libnftnl] ruleset: deconstify _get interface
>
> Please comment :-)
The existing approach doesn't support incremental updates. I think
it's important to provide a way to say: 'add this and delete that'
when importing something too, so this interface becomes equivalent to
nft -f.
I think we need a new _parse_file() function to takes a callback as
argument. This callback is invoked per object parsed from the file, so
we can reuse the existing "struct cmd" in nft. I think it's important
to consolidate code, the existing approach where we have different
code to do basically the same is not desirable.
> +int mnl_nft_ruleset_batch_add(const struct nft_ruleset *rs,
> + uint32_t table_flags, uint32_t chain_flags,
> + uint32_t set_flags, uint32_t rule_flags)
[...]
> + ret = mnl_nft_ruleset_batch_add(rs, 0, 0, 0, 0);
So we don't make any global assumption on the flags and so on.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
