diff options
author | Phil Sutter <phil@nwl.cc> | 2019-08-20 21:41:12 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2019-11-25 23:30:56 +0100 |
commit | 1e8ef6a5847549af6fa2edc4fd642cf259ef2ba1 (patch) | |
tree | 0595a523a02a2c06dbb3d4a2a17735e385080607 /iptables/xtables-monitor.c | |
parent | 7dc64022bb8dfecb737fbf4aa02e6464b80e2eae (diff) |
nft: family_ops: Pass nft_handle to 'rule_to_cs' callback
This is the actual callback used to parse nftables rules. Pass
nft_handle to it so it can access the cache (and possible sets therein).
Having to pass nft_handle to nft_rule_print_save() allows to simplify it
a bit since no family ops lookup has to be done anymore.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/xtables-monitor.c')
-rw-r--r-- | iptables/xtables-monitor.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c index eb80bac8..a5245d14 100644 --- a/iptables/xtables-monitor.c +++ b/iptables/xtables-monitor.c @@ -11,6 +11,7 @@ #define _GNU_SOURCE #include "config.h" +#include <errno.h> #include <stdlib.h> #include <time.h> #include <string.h> @@ -41,6 +42,7 @@ struct cb_arg { uint32_t nfproto; bool is_event; + struct nft_handle *h; }; static int table_cb(const struct nlmsghdr *nlh, void *data) @@ -106,7 +108,7 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data) } printf("-t %s ", nftnl_rule_get_str(r, NFTNL_RULE_TABLE)); - nft_rule_print_save(r, type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND : + nft_rule_print_save(arg->h, r, type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND : NFT_RULE_DEL, counters ? 0 : FMT_NOCOUNTS); err_free: @@ -593,7 +595,10 @@ int xtables_monitor_main(int argc, char *argv[]) struct mnl_socket *nl; char buf[MNL_SOCKET_BUFFER_SIZE]; uint32_t nfgroup = 0; - struct cb_arg cb_arg = {}; + struct nft_handle h = {}; + struct cb_arg cb_arg = { + .h = &h, + }; int ret, c; xtables_globals.program_name = "xtables-monitor"; @@ -610,6 +615,14 @@ int xtables_monitor_main(int argc, char *argv[]) init_extensions4(); #endif + if (nft_init(&h, xtables_ipv4)) { + fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", + xtables_globals.program_name, + xtables_globals.program_version, + strerror(errno)); + exit(EXIT_FAILURE); + } + opterr = 0; while ((c = getopt_long(argc, argv, "ceht46V", options, NULL)) != -1) { switch (c) { |