diff options
author | Giuseppe Longo <giuseppelng@gmail.com> | 2014-02-10 16:49:33 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-02-11 13:57:23 +0100 |
commit | 8877968858a8dd6b7ae096988d57a7511c81733d (patch) | |
tree | 4bbab073014c98f080ed93f819502a84c79a4c83 /iptables/nft-shared.c | |
parent | 7851975e5055381d30f0788d90671485695928e1 (diff) |
nft: adds save_matches_and_target
This patch permits to save matches and target for ip/ip6/arp/eb
family, required for xtables-events.
Also, generalizes nft_rule_print_save to be reused for all protocol
families.
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-shared.c')
-rw-r--r-- | iptables/nft-shared.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index d0e28ba9..dce8a34a 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -620,6 +620,40 @@ void save_firewall_details(const struct iptables_command_state *cs, } } +void save_matches_and_target(struct xtables_rule_match *m, + struct xtables_target *target, + const char *jumpto, uint8_t flags, const void *fw) +{ + struct xtables_rule_match *matchp; + + for (matchp = m; matchp; matchp = matchp->next) { + if (matchp->match->alias) { + printf("-m %s", + matchp->match->alias(matchp->match->m)); + } else + printf("-m %s", matchp->match->name); + + if (matchp->match->save != NULL) { + /* cs->fw union makes the trick */ + matchp->match->save(fw, matchp->match->m); + } + printf(" "); + } + + if (target != NULL) { + if (target->alias) { + printf("-j %s", target->alias(target->t)); + } else + printf("-j %s", jumpto); + + if (target->save != NULL) + target->save(fw, target->t); + } else if (strlen(jumpto) > 0) + printf("-%c %s", flags & IPT_F_GOTO ? 'g' : 'j', jumpto); + + printf("\n"); +} + void print_matches_and_target(struct iptables_command_state *cs, unsigned int format) { |