diff options
| author | Phil Sutter <phil@nwl.cc> | 2019-08-30 11:47:42 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2019-09-23 13:05:05 +0200 |
| commit | 3897b008281888f7905cc1857ccb316cdf686061 (patch) | |
| tree | 77822e93ce2e27510ee379efd1e5f43778206981 | |
| parent | 1d05b989b3ec774c52cdb1fee41d8ee5f382b756 (diff) | |
nft: Introduce nft_bridge_commit()
No need to check family value from nft_commit() if we can have a
dedicated callback for bridge family.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | iptables/nft.c | 8 | ||||
| -rw-r--r-- | iptables/nft.h | 1 | ||||
| -rw-r--r-- | iptables/xtables-eb-standalone.c | 2 | ||||
| -rw-r--r-- | iptables/xtables-restore.c | 2 |
4 files changed, 9 insertions, 4 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 81d01310..77ebc4f6 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -3069,11 +3069,15 @@ static void nft_bridge_commit_prepare(struct nft_handle *h) int nft_commit(struct nft_handle *h) { - if (h->family == NFPROTO_BRIDGE) - nft_bridge_commit_prepare(h); return nft_action(h, NFT_COMPAT_COMMIT); } +int nft_bridge_commit(struct nft_handle *h) +{ + nft_bridge_commit_prepare(h); + return nft_commit(h); +} + int nft_abort(struct nft_handle *h) { return nft_action(h, NFT_COMPAT_ABORT); diff --git a/iptables/nft.h b/iptables/nft.h index 5e5e765b..43463d7f 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -147,6 +147,7 @@ uint32_t nft_invflags2cmp(uint32_t invflags, uint32_t flag); * global commit and abort */ int nft_commit(struct nft_handle *h); +int nft_bridge_commit(struct nft_handle *h); int nft_abort(struct nft_handle *h); int nft_abort_policy_rule(struct nft_handle *h, const char *table); diff --git a/iptables/xtables-eb-standalone.c b/iptables/xtables-eb-standalone.c index fb3daba0..a9081c78 100644 --- a/iptables/xtables-eb-standalone.c +++ b/iptables/xtables-eb-standalone.c @@ -51,7 +51,7 @@ int xtables_eb_main(int argc, char *argv[]) ret = do_commandeb(&h, argc, argv, &table, false); if (ret) - ret = nft_commit(&h); + ret = nft_bridge_commit(&h); if (!ret) fprintf(stderr, "ebtables: %s\n", nft_strerror(errno)); diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 601c842f..f930f5ba 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -463,7 +463,7 @@ static int ebt_table_flush(struct nft_handle *h, const char *table) struct nft_xt_restore_cb ebt_restore_cb = { .chain_list = get_chain_list, - .commit = nft_commit, + .commit = nft_bridge_commit, .table_new = nft_table_new, .table_flush = ebt_table_flush, .do_command = do_commandeb, |