path: root/iptables/nft-shared.h
diff options
authorTomasz Bursztyka <>2013-08-19 15:04:02 +0300
committerPablo Neira Ayuso <>2013-12-30 23:50:43 +0100
commitcdc78b1d6bd7b48ec05d78fc6e6cd98473f40357 (patch)
tree11f3fdeec8a23cad03c2a44df5ed2a0a246e2cda /iptables/nft-shared.h
parentc11ad7cce0d7195e12347bd4a3092ac24e19f8b4 (diff)
nft: convert rule into a command state structure
This helps to reduce the code complexity to have one single common path for printing, saving and looking up for the rule. Signed-off-by: Tomasz Bursztyka <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft-shared.h')
1 files changed, 11 insertions, 5 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 488ed632..e77b303d 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -50,6 +50,8 @@ struct nft_family_ops {
void (*parse_immediate)(struct iptables_command_state *cs);
void (*print_firewall)(struct nft_rule *r, unsigned int num,
unsigned int format);
+ uint8_t (*save_firewall)(const struct iptables_command_state *cs,
+ unsigned int format);
void (*post_parse)(int command, struct iptables_command_state *cs,
struct xtables_args *args);
@@ -79,22 +81,26 @@ bool is_same_interfaces(const char *a_iniface, const char *a_outiface,
void parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface,
unsigned char *iniface_mask, char *outiface,
unsigned char *outiface_mask, uint8_t *invflags);
-const char *nft_parse_target(struct nft_rule *r, const void **targinfo,
- size_t *target_len);
void print_proto(uint16_t proto, int invert);
void get_cmp_data(struct nft_rule_expr_iter *iter,
void *data, size_t dlen, bool *inv);
void nft_rule_to_iptables_command_state(struct nft_rule *r,
struct iptables_command_state *cs);
-int print_matches(struct nft_rule *r, int format);
-int print_target(const char *targname, const void *targinfo,
- size_t target_len, int format);
void print_num(uint64_t number, unsigned int format);
void print_firewall_details(const struct iptables_command_state *cs,
const char *targname, uint8_t flags,
uint8_t invflags, uint8_t proto,
const char *iniface, const char *outiface,
unsigned int num, unsigned int format);
+void print_matches_and_target(struct iptables_command_state *cs,
+ unsigned int format);
+void save_firewall_details(const struct iptables_command_state *cs,
+ uint8_t invflags, uint16_t proto,
+ const char *iniface,
+ unsigned const char *iniface_mask,
+ const char *outiface,
+ unsigned const char *outiface_mask,
+ unsigned int format);
struct nft_family_ops *nft_family_ops_lookup(int family);