On Tue, Oct 21, 2014 at 01:25:47PM +0200, Arturo Borrero Gonzalez wrote: > The import operation reads a XML or JSON file, with syntax: > % nft import {xml|json} > > A basic way to test this new functionality is: > % nft export xml | nft import xml > > Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx> > --- > > NOTE: This patchs requires: > * [nft] mnl: delete useless parameter nf_sock in batch functions > * [libnftnl] ruleset: deconstify _get interface > > Please comment :-) The existing approach doesn't support incremental updates. I think it's important to provide a way to say: 'add this and delete that' when importing something too, so this interface becomes equivalent to nft -f. I think we need a new _parse_file() function to takes a callback as argument. This callback is invoked per object parsed from the file, so we can reuse the existing "struct cmd" in nft. I think it's important to consolidate code, the existing approach where we have different code to do basically the same is not desirable. > +int mnl_nft_ruleset_batch_add(const struct nft_ruleset *rs, > + uint32_t table_flags, uint32_t chain_flags, > + uint32_t set_flags, uint32_t rule_flags) [...] > + ret = mnl_nft_ruleset_batch_add(rs, 0, 0, 0, 0); So we don't make any global assumption on the flags and so on. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html