diff options
author | Phil Sutter <phil@nwl.cc> | 2018-08-06 17:21:54 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-08-06 18:17:39 +0200 |
commit | 295d5a809c67987db4d0961778d9800ba00926be (patch) | |
tree | 18dec7f56cc2b6fb550ac7f1a047365c171089ca | |
parent | 1679b2cb2cae2bb3ce8eff5444ba858a51310d4c (diff) |
xtables-restore: Make COMMIT support configurable
Legacy ebtables-restore does not support COMMIT directive, so allow for
callers of xtables_restore_parse() to toggle whether it is required or
not.
In iptables, omitting COMMIT may be used for syntax checking, so we must
not add an implicit commit at EOF. Although ebtables/arptables legacy
does not support COMMIT lines at all, this patch allows them in nft
variants. If omitted, an implicit commit happens for them at EOF.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | iptables/nft-shared.h | 1 | ||||
-rw-r--r-- | iptables/xtables-restore.c | 11 |
2 files changed, 9 insertions, 3 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 5ef17a08..1f5c8a81 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -245,6 +245,7 @@ struct nft_xt_restore_parse { FILE *in; int testing; const char *tablename; + bool commit; }; struct nftnl_chain_list; diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 9a014ccd..49fc16ce 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -144,7 +144,7 @@ void xtables_restore_parse(struct nft_handle *h, } in_table = 0; - } else if ((buffer[0] == '*') && (!in_table)) { + } else if ((buffer[0] == '*') && (!in_table || !p->commit)) { /* New table */ char *table; @@ -342,10 +342,13 @@ void xtables_restore_parse(struct nft_handle *h, exit(1); } } - if (in_table) { + if (in_table && p->commit) { fprintf(stderr, "%s: COMMIT expected at line %u\n", xt_params->program_name, line + 1); exit(1); + } else if (in_table && cb->commit && !cb->commit(h)) { + xtables_error(OTHER_PROBLEM, "%s: final implicit COMMIT failed", + xt_params->program_name); } } @@ -358,7 +361,9 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) .restore = true, }; int c; - struct nft_xt_restore_parse p = {}; + struct nft_xt_restore_parse p = { + .commit = true, + }; line = 0; |