When integrating libnftables into Python code using ctypes module, having to use a FILE pointer for output becomes a show-stopper. Therefore make Python hackers' lives (a little) less painful by providing convenience functions to setup buffering output and error streams using fopencookie() and retrieving the buffers. Signed-off-by: Phil Sutter <phil@xxxxxx> --- include/nftables.h | 9 +++ include/nftables/nftables.h | 7 +++ src/libnftables.c | 137 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 153 insertions(+) diff --git a/include/nftables.h b/include/nftables.h index 1b368971bee9a..5c181be5a4ec3 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -7,6 +7,13 @@ #include <utils.h> #include <nftables/nftables.h> +struct cookie { + char *buf; + size_t buflen; + size_t pos; + FILE *orig_fp; +}; + struct output_ctx { unsigned int numeric; unsigned int stateless; @@ -15,6 +22,8 @@ struct output_ctx { unsigned int echo; FILE *output_fp; FILE *error_fp; + struct cookie *output_cookie; + struct cookie *error_cookie; }; struct nft_cache { diff --git a/include/nftables/nftables.h b/include/nftables/nftables.h index 1e9306822eb7e..652e0ca99182a 100644 --- a/include/nftables/nftables.h +++ b/include/nftables/nftables.h @@ -57,7 +57,14 @@ bool nft_ctx_output_get_echo(struct nft_ctx *ctx); void nft_ctx_output_set_echo(struct nft_ctx *ctx, bool val); FILE *nft_ctx_set_output(struct nft_ctx *ctx, FILE *fp); +int nft_ctx_buffer_output(struct nft_ctx *ctx); +int nft_ctx_unbuffer_output(struct nft_ctx *ctx); +const char *nft_ctx_get_output_buffer(struct nft_ctx *ctx); + FILE *nft_ctx_set_error(struct nft_ctx *ctx, FILE *fp); +int nft_ctx_buffer_error(struct nft_ctx *ctx); +int nft_ctx_unbuffer_error(struct nft_ctx *ctx); +const char *nft_ctx_get_error_buffer(struct nft_ctx *ctx); int nft_ctx_add_include_path(struct nft_ctx *ctx, const char *path); void nft_ctx_clear_include_paths(struct nft_ctx *ctx); diff --git a/src/libnftables.c b/src/libnftables.c index d6622d51aba33..73363e3a32f87 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -177,11 +177,148 @@ struct nft_ctx *nft_ctx_new(uint32_t flags) return ctx; } +static void free_cookie(struct cookie *cookie) +{ + if (cookie) { + free(cookie->buf); + free(cookie); + } +} + +static ssize_t cookie_write(void *cptr, const char *buf, size_t buflen) +{ + struct cookie *cookie = cptr; + + if (!cookie->buflen) { + cookie->buflen = buflen + 1; + cookie->buf = xmalloc(cookie->buflen); + } else if (cookie->pos + buflen >= cookie->buflen) { + size_t newlen = cookie->buflen * 2; + + while (newlen <= cookie->pos + buflen) + newlen *= 2; + + cookie->buf = xrealloc(cookie->buf, newlen); + cookie->buflen = newlen; + } + memcpy(cookie->buf + cookie->pos, buf, buflen); + cookie->pos += buflen; + cookie->buf[cookie->pos] = '\0'; + + return buflen; +} + +static int init_cookie(struct cookie **cpptr, FILE **fp) +{ + struct cookie *cookie; + cookie_io_functions_t cookie_fops = { + .write = cookie_write, + }; + FILE *cookie_fp; + + if (!cpptr || !fp) + return 1; + + cookie = *cpptr; + + if (cookie) { /* just rewind buffer */ + if (cookie->buflen) { + cookie->pos = 0; + cookie->buf[0] = '\0'; + } + return 0; + } + + cookie = xzalloc(sizeof(*cookie)); + cookie->orig_fp = *fp; + + cookie_fp = fopencookie(cookie, "w", cookie_fops); + if (!cookie_fp) { + free(cookie); + return 1; + } + + *cpptr = cookie; + *fp = cookie_fp; + return 0; +} + +int nft_ctx_buffer_output(struct nft_ctx *ctx) +{ + struct output_ctx *octx = &ctx->output; + + return init_cookie(&octx->output_cookie, &octx->output_fp); +} + +int nft_ctx_unbuffer_output(struct nft_ctx *ctx) +{ + if (!ctx->output.output_cookie) + return 1; + + ctx->output.output_fp = ctx->output.output_cookie->orig_fp; + free_cookie(ctx->output.output_cookie); + ctx->output.output_cookie = NULL; + return 0; +} + +int nft_ctx_buffer_error(struct nft_ctx *ctx) +{ + struct output_ctx *octx = &ctx->output; + + return init_cookie(&octx->error_cookie, &octx->error_fp); +} + +int nft_ctx_unbuffer_error(struct nft_ctx *ctx) +{ + if (!ctx->output.error_cookie) + return 1; + + ctx->output.error_fp = ctx->output.error_cookie->orig_fp; + free_cookie(ctx->output.error_cookie); + ctx->output.error_cookie = NULL; + return 0; +} + +static const char *get_cookie_buffer(struct cookie *cookie, FILE *cookie_fp) +{ + if (!cookie) + return NULL; + + fflush(cookie_fp); + + /* This is a bit tricky: Rewind the buffer for future use and return + * the old content at the same time. + * Therefore just reset buffer position, don't change it's content. And + * return an empty string if buffer position is zero. */ + + if (!cookie->buflen || !cookie->pos) + return ""; + + cookie->pos = 0; + return cookie->buf; +} + +const char *nft_ctx_get_output_buffer(struct nft_ctx *ctx) +{ + struct output_ctx *octx = &ctx->output; + + return get_cookie_buffer(octx->output_cookie, octx->output_fp); +} + +const char *nft_ctx_get_error_buffer(struct nft_ctx *ctx) +{ + struct output_ctx *octx = &ctx->output; + + return get_cookie_buffer(octx->error_cookie, octx->error_fp); +} + void nft_ctx_free(struct nft_ctx *ctx) { if (ctx->nf_sock) netlink_close_sock(ctx->nf_sock); + free_cookie(ctx->output.output_cookie); + free_cookie(ctx->output.error_cookie); iface_cache_release(); cache_release(&ctx->cache); nft_ctx_clear_include_paths(ctx); -- 2.16.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html