diff options
| author | Phil Sutter <phil@nwl.cc> | 2018-08-07 12:29:35 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2018-08-09 22:56:36 +0200 |
| commit | 528cbf99ff6062420270e637df4d40a77514fe56 (patch) | |
| tree | 7055aa1c7a02a8c314b7559781118786ee574c8b /iptables/nft-shared.c | |
| parent | 9ca32c40ed4f0648893989c1e5d03e9fecc501ae (diff) | |
xtables: Fix for wrong counter format in -S output
Legacy iptables uses '-c PCNT BCNT' format in listed rules, nft-variant
used '[PCNT BCNT]' prefix like with iptables-save.
In order to pass the counter format preference along, FMT_C_COUNTS is
introduced and related 'format' checks adjusted.
Since legacy iptables prints the counters between matches and target,
this change affects save_matches_and_target() function. In order to get
access to the rule counters, it's declaration is adjusted to receive
iptables_command_state pointer instead of match, target and jumpto
pointers from the same object.
While being at it, integrate jump to user-defined chain into it as well
since the related code in both callers was almost identical. Though
since different rule flags are used between iptables and ip6tables, pass
a 'goto_flag' boolean instead of the actual 'flags' bitfield.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft-shared.c')
| -rw-r--r-- | iptables/nft-shared.c | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 66db7ed1..5b55c7c0 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -813,13 +813,13 @@ void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy) chain, policy ?: "-", pkts, bytes); } -void save_matches_and_target(struct xtables_rule_match *m, - struct xtables_target *target, - const char *jumpto, uint8_t flags, const void *fw) +void save_matches_and_target(const struct iptables_command_state *cs, + bool goto_flag, const void *fw, + unsigned int format) { struct xtables_rule_match *matchp; - for (matchp = m; matchp; matchp = matchp->next) { + for (matchp = cs->matches; matchp; matchp = matchp->next) { if (matchp->match->alias) { printf("-m %s", matchp->match->alias(matchp->match->m)); @@ -833,15 +833,24 @@ void save_matches_and_target(struct xtables_rule_match *m, printf(" "); } - if (target != NULL) { - if (target->alias) { - printf("-j %s", target->alias(target->t)); + if ((format & (FMT_NOCOUNTS | FMT_C_COUNTS)) == FMT_C_COUNTS) + printf("-c %llu %llu ", + (unsigned long long)cs->counters.pcnt, + (unsigned long long)cs->counters.bcnt); + + if (cs->target != NULL) { + if (cs->target->alias) { + printf("-j %s", cs->target->alias(cs->target->t)); } else - printf("-j %s", jumpto); + printf("-j %s", cs->jumpto); - if (target->save != NULL) - target->save(fw, target->t); + if (cs->target->save != NULL) + cs->target->save(fw, cs->target->t); + } else if (strlen(cs->jumpto) > 0) { + printf("-%c %s", goto_flag ? 'g' : 'j', cs->jumpto); } + + printf("\n"); } void print_matches_and_target(struct iptables_command_state *cs, |