diff options
author | Phil Sutter <phil@nwl.cc> | 2018-07-19 18:32:05 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-07-19 23:11:03 +0200 |
commit | f3b772c10b782196060fe39ca6da142ba75e43d9 (patch) | |
tree | af2af6d6dd327d65f4301d6402a33e6fc36090b1 /iptables/nft.c | |
parent | fa1681f170e2b8d80d9ef9d4564797f0f5969fd0 (diff) |
xtables: introduce save_chain callback
In preparation for ebtables-save implementation, introduce a callback
for convenient per-family formatting of chains in save output.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 37 |
1 files changed, 14 insertions, 23 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 7ce7fd2f..9f650f5a 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1276,32 +1276,15 @@ static const char *policy_name[NF_ACCEPT+1] = { [NF_ACCEPT] = "ACCEPT", }; -static void nft_chain_print_save(struct nftnl_chain *c, bool basechain) -{ - const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME); - uint64_t pkts = nftnl_chain_get_u64(c, NFTNL_CHAIN_PACKETS); - uint64_t bytes = nftnl_chain_get_u64(c, NFTNL_CHAIN_BYTES); - - /* print chain name */ - if (basechain) { - uint32_t pol = NF_ACCEPT; - - /* no default chain policy? don't crash, display accept */ - if (nftnl_chain_get(c, NFTNL_CHAIN_POLICY)) - pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY); - - printf(":%s %s [%"PRIu64":%"PRIu64"]\n", chain, policy_name[pol], - pkts, bytes); - } else - printf(":%s - [%"PRIu64":%"PRIu64"]\n", chain, pkts, bytes); -} - int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list, const char *table) { struct nftnl_chain_list_iter *iter; + struct nft_family_ops *ops; struct nftnl_chain *c; + ops = nft_family_ops_lookup(h->family); + iter = nftnl_chain_list_iter_create(list); if (iter == NULL) return 0; @@ -1310,13 +1293,21 @@ int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list, while (c != NULL) { const char *chain_table = nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE); - bool basechain = false; + const char *policy = NULL; if (strcmp(table, chain_table) != 0) goto next; - basechain = nft_chain_builtin(c); - nft_chain_print_save(c, basechain); + if (nft_chain_builtin(c)) { + uint32_t pol = NF_ACCEPT; + + if (nftnl_chain_get(c, NFTNL_CHAIN_POLICY)) + pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY); + policy = policy_name[pol]; + } + + if (ops->save_chain) + ops->save_chain(c, policy); next: c = nftnl_chain_list_iter_next(iter); } |