diff options
author | Phil Sutter <phil@nwl.cc> | 2019-10-22 20:06:11 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2021-11-23 15:01:23 +0100 |
commit | a323c28331a4807252b11a7a078dc68af82399ef (patch) | |
tree | 2ff3f5d9f69c5897adb4bb515c452497b0f75f54 /iptables/nft-ipv4.c | |
parent | 1d73cec02c8d9a0f5bfbd2983c36cc1228b78f45 (diff) |
xshared: Share print_fragment() with legacy
Also add a fake mode to make it suitable for ip6tables. This is required
because IPT_F_FRAG value clashes with IP6T_F_PROTO, so ip6tables rules
might seem to have IPT_F_FRAG bit set.
While being at it, drop the local variable 'flags' from
print_firewall().
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft-ipv4.c')
-rw-r--r-- | iptables/nft-ipv4.c | 15 |
1 files changed, 1 insertions, 14 deletions
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index 6b044642..f3626098 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -226,19 +226,6 @@ static void nft_ipv4_parse_immediate(const char *jumpto, bool nft_goto, cs->fw.ip.flags |= IPT_F_GOTO; } -static void print_fragment(unsigned int flags, unsigned int invflags, - unsigned int format) -{ - if (!(format & FMT_OPTIONS)) - return; - - if (format & FMT_NOTABLE) - fputs("opt ", stdout); - fputc(invflags & IPT_INV_FRAG ? '!' : '-', stdout); - fputc(flags & IPT_F_FRAG ? 'f' : '-', stdout); - fputc(' ', stdout); -} - static void nft_ipv4_print_rule(struct nft_handle *h, struct nftnl_rule *r, unsigned int num, unsigned int format) { @@ -248,7 +235,7 @@ static void nft_ipv4_print_rule(struct nft_handle *h, struct nftnl_rule *r, print_rule_details(num, &cs.counters, cs.jumpto, cs.fw.ip.proto, cs.fw.ip.flags, cs.fw.ip.invflags, format); - print_fragment(cs.fw.ip.flags, cs.fw.ip.invflags, format); + print_fragment(cs.fw.ip.flags, cs.fw.ip.invflags, format, false); print_ifaces(cs.fw.ip.iniface, cs.fw.ip.outiface, cs.fw.ip.invflags, format); print_ipv4_addresses(&cs.fw, format); |