From a7f1e208cdf9c6392c99d3c52764701d004bdde7 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 6 Jan 2020 13:20:13 +0100 Subject: nft: split parsing from netlink commands This patch updates the parser to generate a list of command objects. This list of commands is then transformed to a list of netlink jobs. This new command object stores the rule using the nftnl representation via nft_rule_new(). To reduce the number of updates in this patch, the nft_*_rule_find() functions have been updated to restore the native representation to skip the update of the rule comparison code. Signed-off-by: Pablo Neira Ayuso Signed-off-by: Phil Sutter --- iptables/nft-shared.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'iptables/nft-shared.c') diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 5192e363..bfc7bc22 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -989,12 +989,14 @@ void nft_ipv46_parse_target(struct xtables_target *t, void *data) cs->target = t; } -bool nft_ipv46_rule_find(struct nft_handle *h, struct nftnl_rule *r, void *data) +bool nft_ipv46_rule_find(struct nft_handle *h, struct nftnl_rule *r, + struct nftnl_rule *rule) { - struct iptables_command_state *cs = data, this = {}; + struct iptables_command_state _cs = {}, this = {}, *cs = &_cs; bool ret = false; nft_rule_to_iptables_command_state(h, r, &this); + nft_rule_to_iptables_command_state(h, rule, cs); DEBUGP("comparing with... "); #ifdef DEBUG_DEL @@ -1022,6 +1024,7 @@ bool nft_ipv46_rule_find(struct nft_handle *h, struct nftnl_rule *r, void *data) ret = true; out: h->ops->clear_cs(&this); + h->ops->clear_cs(cs); return ret; } -- cgit v1.2.3