diff options
author | Phil Sutter <phil@nwl.cc> | 2023-08-15 13:47:28 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-09-01 13:15:03 +0200 |
commit | 35ff97e9aca8cd301ff9b9a95b0a72de1aeb700b (patch) | |
tree | 5f4b36dfccf29e4290e48b3a7dfe6bc7dab5dbf2 /iptables/nft.h | |
parent | 63e4a64e943be64a7e0486838071b981074e696d (diff) |
Revert --compat option related commits
This reverts the following commits:
b14c971db6db0 ("tests: Test compat mode")
11c464ed015b5 ("Add --compat option to *tables-nft and *-nft-restore commands")
ca709b5784c98 ("nft: Introduce and use bool nft_handle::compat")
402b9b3c07c81 ("nft: Pass nft_handle to add_{target,action}()")
This implementation of a compatibility mode implements rules using
xtables extensions if possible and thus relies upon existence of those
in kernel space. Assuming no viable replacement for the internal
mechanics of this mode will be found in foreseeable future, it will
effectively block attempts at deprecating and removing of these xtables
extensions in favor of nftables expressions and thus hinder upstream's
future plans for iptables.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft.h')
-rw-r--r-- | iptables/nft.h | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/iptables/nft.h b/iptables/nft.h index fb9fc81e..5acbbf82 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -111,7 +111,6 @@ struct nft_handle { struct list_head cmd_list; bool cache_init; int verbose; - bool compat; /* meta data, for error reporting */ struct { @@ -193,11 +192,9 @@ int add_counters(struct nftnl_rule *r, uint64_t packets, uint64_t bytes); int add_verdict(struct nftnl_rule *r, int verdict); int add_match(struct nft_handle *h, struct nft_rule_ctx *ctx, struct nftnl_rule *r, struct xt_entry_match *m); -int add_target(struct nft_handle *h, struct nftnl_rule *r, - struct xt_entry_target *t); +int add_target(struct nftnl_rule *r, struct xt_entry_target *t); int add_jumpto(struct nftnl_rule *r, const char *name, int verdict); -int add_action(struct nft_handle *h, struct nftnl_rule *r, - struct iptables_command_state *cs, bool goto_set); +int add_action(struct nftnl_rule *r, struct iptables_command_state *cs, bool goto_set); int add_log(struct nftnl_rule *r, struct iptables_command_state *cs); char *get_comment(const void *data, uint32_t data_len); |