diff options
author | Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> | 2013-08-07 11:31:36 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:43 +0100 |
commit | e23e66f9d1a25c75df684850b7cd99053708c4d0 (patch) | |
tree | e7a785ebcf7bfcbdee2d906236b35fd2c91bc6e6 /iptables/nft-ipv4.c | |
parent | 7a1026f59c101a67233c65dd5ef9b0ae15945ca5 (diff) |
nft: Generalize nft_rule_list() against current family
Now, firewall rule printing is done through nft_family_ops
.print_firewall function. This moves generic part for ipv4 and ipv6 into
nft-shared.c, and enables reusing nft_rule_list() for other family such
as ARP which will be useful for arptables compatibility tool.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-ipv4.c')
-rw-r--r-- | iptables/nft-ipv4.c | 39 |
1 files changed, 31 insertions, 8 deletions
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index 51ee422c..81be9f4c 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -284,18 +284,41 @@ static void print_ipv4_addr(const struct iptables_command_state *cs, } -static uint8_t nft_ipv4_print_firewall(const struct iptables_command_state *cs, - const char *targname, unsigned int num, - unsigned int format) +static void nft_ipv4_print_firewall(struct nft_rule *r, unsigned int num, + unsigned int format) { - print_firewall_details(cs, targname, cs->fw.ip.flags, - cs->fw.ip.invflags, cs->fw.ip.proto, - cs->fw.ip.iniface, cs->fw.ip.outiface, + struct iptables_command_state cs = {}; + const char *targname = NULL; + const void *targinfo = NULL; + size_t target_len = 0; + + nft_rule_to_iptables_command_state(r, &cs); + + targname = nft_parse_target(r, &targinfo, &target_len); + + print_firewall_details(&cs, targname, cs.fw.ip.flags, + cs.fw.ip.invflags, cs.fw.ip.proto, + cs.fw.ip.iniface, cs.fw.ip.outiface, num, format); - print_ipv4_addr(cs, format); + print_ipv4_addr(&cs, format); - return cs->fw.ip.flags; + if (format & FMT_NOTABLE) + fputs(" ", stdout); + +#ifdef IPT_F_GOTO + if (cs.fw.ip.flags & IPT_F_GOTO) + printf("[goto] "); +#endif + + if (print_matches(r, format) != 0) + return; + + if (print_target(targname, targinfo, target_len, format) != 0) + return; + + if (!(format & FMT_NONEWLINE)) + fputc('\n', stdout); } static void nft_ipv4_post_parse(int command, |