diff options
| -rw-r--r-- | iptables/nft-shared.c | 2 | ||||
| -rw-r--r-- | iptables/nft.c | 26 | ||||
| -rw-r--r-- | iptables/nft.h | 3 | ||||
| -rw-r--r-- | iptables/xtables-monitor.c | 6 |
4 files changed, 13 insertions, 24 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 87d48bf6..24287e97 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -933,7 +933,7 @@ bool nft_ipv46_rule_find(struct nft_family_ops *ops, DEBUGP("comparing with... "); #ifdef DEBUG_DEL - nft_rule_print_save(&this, r, NFT_RULE_APPEND, 0); + nft_rule_print_save(r, NFT_RULE_APPEND, 0); #endif if (!ops->is_same(cs, &this)) return false; diff --git a/iptables/nft.c b/iptables/nft.c index e1788dba..0cf325db 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -327,9 +327,7 @@ static int mnl_append_error(const struct nft_handle *h, nftnl_rule_get_str(o->rule, NFTNL_RULE_CHAIN)); #if 0 { - struct iptables_command_state cs = {}; - nft_rule_to_iptables_command_state(o->rule, &cs); - nft_rule_print_save(&cs, o->rule, NFT_RULE_APPEND, FMT_NOCOUNTS); + nft_rule_print_save(o->rule, NFT_RULE_APPEND, FMT_NOCOUNTS); } #endif break; @@ -1185,18 +1183,19 @@ nft_rule_append(struct nft_handle *h, const char *chain, const char *table, } void -nft_rule_print_save(const void *data, - struct nftnl_rule *r, enum nft_rule_print type, +nft_rule_print_save(const struct nftnl_rule *r, enum nft_rule_print type, unsigned int format) { const char *chain = nftnl_rule_get_str(r, NFTNL_RULE_CHAIN); int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY); + struct iptables_command_state cs = {}; struct nft_family_ops *ops; ops = nft_family_ops_lookup(family); + ops->rule_to_cs(r, &cs); if (!(format & FMT_NOCOUNTS) && ops->save_counters) - ops->save_counters(data); + ops->save_counters(&cs); /* print chain name */ switch(type) { @@ -1209,8 +1208,10 @@ nft_rule_print_save(const void *data, } if (ops->save_firewall) - ops->save_firewall(data, format); + ops->save_firewall(&cs, format); + if (ops->clear_cs) + ops->clear_cs(&cs); } static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data) @@ -1399,14 +1400,11 @@ int nft_rule_save(struct nft_handle *h, const char *table, bool counters) while (r != NULL) { const char *rule_table = nftnl_rule_get_str(r, NFTNL_RULE_TABLE); - struct iptables_command_state cs = {}; if (strcmp(table, rule_table) != 0) goto next; - nft_rule_to_iptables_command_state(r, &cs); - - nft_rule_print_save(&cs, r, NFT_RULE_APPEND, + nft_rule_print_save(r, NFT_RULE_APPEND, counters ? 0 : FMT_NOCOUNTS); next: @@ -2282,11 +2280,7 @@ err: static void list_save(struct nftnl_rule *r, unsigned int num, unsigned int format) { - struct iptables_command_state cs = {}; - - nft_rule_to_iptables_command_state(r, &cs); - - nft_rule_print_save(&cs, r, NFT_RULE_APPEND, !(format & FMT_NOCOUNTS)); + nft_rule_print_save(r, NFT_RULE_APPEND, !(format & FMT_NOCOUNTS)); } static int diff --git a/iptables/nft.h b/iptables/nft.h index ffae84f2..a3f5c202 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -119,8 +119,7 @@ enum nft_rule_print { NFT_RULE_DEL, }; -void nft_rule_print_save(const void *data, - struct nftnl_rule *r, enum nft_rule_print type, +void nft_rule_print_save(const struct nftnl_rule *r, enum nft_rule_print type, unsigned int format); uint32_t nft_invflags2cmp(uint32_t invflags, uint32_t flag); diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c index e491b4db..a43a69af 100644 --- a/iptables/xtables-monitor.c +++ b/iptables/xtables-monitor.c @@ -73,7 +73,6 @@ static bool events; static int rule_cb(const struct nlmsghdr *nlh, void *data) { - struct iptables_command_state cs = {}; uint32_t type = nlh->nlmsg_type & 0xFF; const struct cb_arg *arg = data; struct nftnl_rule *r; @@ -96,19 +95,16 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data) case AF_INET: case AF_INET6: printf("-%c ", family == AF_INET ? '4' : '6'); - nft_rule_to_iptables_command_state(r, &cs); break; case NFPROTO_ARP: printf("-0 "); - nft_rule_to_arptables_command_state(r, &cs); break; default: goto err_free; } printf("-t %s ", nftnl_rule_get_str(r, NFTNL_RULE_TABLE)); - nft_rule_print_save(&cs, r, - type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND : + nft_rule_print_save(r, type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND : NFT_RULE_DEL, counters ? 0 : FMT_NOCOUNTS); err_free: |