diff options
author | Phil Sutter <phil@nwl.cc> | 2022-03-04 12:50:01 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-03-17 09:56:18 +0100 |
commit | ac4c84cc63d3cc021ca532692885a644fcde4518 (patch) | |
tree | 9d1eaa5a94948ca1d40041f42290d1f6aec2f7b4 /libxtables | |
parent | f58b0d7406451afbb4b9b6c7888990c964fa7c79 (diff) |
libxtables: Boost rule target checks by announcing chain names
When restoring a ruleset, feed libxtables with chain names from
respective lines to avoid an extension search.
While the user's intention is clear, this effectively disables the
sanity check for clashes with target extensions. But:
* The check yielded only a warning and the clashing chain was finally
accepted.
* Users crafting iptables dumps for feeding into iptables-restore likely
know what they're doing.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'libxtables')
-rw-r--r-- | libxtables/xtables.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/libxtables/xtables.c b/libxtables/xtables.c index 06090727..96fd783a 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -321,6 +321,12 @@ static void notargets_hlist_insert(const char *name) hlist_add_head(&cur->node, ¬argets[djb_hash(name) % NOTARGET_HSIZE]); } +void xtables_announce_chain(const char *name) +{ + if (!notargets_hlist_lookup(name)) + notargets_hlist_insert(name); +} + void xtables_init(void) { /* xtables cannot be used with setuid in a safe way. */ |