nft: adds save_matches_and_target

This patch permits to save matches and target for ip/ip6/arp/eb
family, required for xtables-events.

Also, generalizes nft_rule_print_save to be reused for all protocol
families.

Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 34 insertions, 0 deletions

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index d0e28ba9..dce8a34a 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -620,6 +620,40 @@ void save_firewall_details(const struct iptables_command_state *cs,
 	}
 }
 
+void save_matches_and_target(struct xtables_rule_match *m,
+			     struct xtables_target *target,
+			     const char *jumpto, uint8_t flags, const void *fw)
+{
+	struct xtables_rule_match *matchp;
+
+	for (matchp = m; matchp; matchp = matchp->next) {
+		if (matchp->match->alias) {
+			printf("-m %s",
+			       matchp->match->alias(matchp->match->m));
+		} else
+			printf("-m %s", matchp->match->name);
+
+		if (matchp->match->save != NULL) {
+			/* cs->fw union makes the trick */
+			matchp->match->save(fw, matchp->match->m);
+		}
+		printf(" ");
+	}
+
+	if (target != NULL) {
+		if (target->alias) {
+			printf("-j %s", target->alias(target->t));
+		} else
+			printf("-j %s", jumpto);
+
+		if (target->save != NULL)
+			target->save(fw, target->t);
+	} else if (strlen(jumpto) > 0)
+		printf("-%c %s", flags & IPT_F_GOTO ? 'g' : 'j', jumpto);
+
+	printf("\n");
+}
+
 void print_matches_and_target(struct iptables_command_state *cs,
 			      unsigned int format)
 {