path: root/iptables/nft-shared.c
diff options
authorPhil Sutter <>2019-08-20 21:41:12 +0200
committerPhil Sutter <>2019-11-25 23:30:56 +0100
commit1e8ef6a5847549af6fa2edc4fd642cf259ef2ba1 (patch)
tree0595a523a02a2c06dbb3d4a2a17735e385080607 /iptables/nft-shared.c
parent7dc64022bb8dfecb737fbf4aa02e6464b80e2eae (diff)
nft: family_ops: Pass nft_handle to 'rule_to_cs' callback
This is the actual callback used to parse nftables rules. Pass nft_handle to it so it can access the cache (and possible sets therein). Having to pass nft_handle to nft_rule_print_save() allows to simplify it a bit since no family ops lookup has to be done anymore. Signed-off-by: Phil Sutter <> Acked-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft-shared.c')
1 files changed, 3 insertions, 2 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index b6d85f1a..bdbd3238 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -591,7 +591,8 @@ static void nft_parse_limit(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
ops->parse_match(match, ctx->cs);
-void nft_rule_to_iptables_command_state(const struct nftnl_rule *r,
+void nft_rule_to_iptables_command_state(struct nft_handle *h,
+ const struct nftnl_rule *r,
struct iptables_command_state *cs)
struct nftnl_expr_iter *iter;
@@ -987,7 +988,7 @@ bool nft_ipv46_rule_find(struct nft_handle *h, struct nftnl_rule *r, void *data)
struct iptables_command_state *cs = data, this = {};
bool ret = false;
- nft_rule_to_iptables_command_state(r, &this);
+ nft_rule_to_iptables_command_state(h, r, &this);
DEBUGP("comparing with... ");
#ifdef DEBUG_DEL