From 1679b2cb2cae2bb3ce8eff5444ba858a51310d4c Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 6 Aug 2018 17:21:53 +0200 Subject: xtables-restore: Improve user-defined chain detection Legacy ebtables-save does not use a policy string of '-' to denote user-defined chains but instead lists them with a policy of ACCEPT. In order to use ebtables_restore_parse() for ebtables-save implementation, make use of builtin table definitions to decide whether a given chain is a builtin one or not. Signed-off-by: Phil Sutter Signed-off-by: Florian Westphal --- iptables/nft.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'iptables/nft.h') diff --git a/iptables/nft.h b/iptables/nft.h index 5febb9f9..942cb6a0 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -68,6 +68,7 @@ bool nft_table_find(struct nft_handle *h, const char *tablename); int nft_table_purge_chains(struct nft_handle *h, const char *table, struct nftnl_chain_list *list); int nft_table_flush(struct nft_handle *h, const char *table); void nft_table_new(struct nft_handle *h, const char *table); +struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char *table); /* * Operations with chains. @@ -84,6 +85,7 @@ int nft_chain_user_flush(struct nft_handle *h, struct nftnl_chain_list *list, const char *chain, const char *table); int nft_chain_user_rename(struct nft_handle *h, const char *chain, const char *table, const char *newname); int nft_chain_zero_counters(struct nft_handle *h, const char *chain, const char *table, bool verbose); +struct builtin_chain *nft_chain_builtin_find(struct builtin_table *t, const char *chain); /* * Operations with rule-set. -- cgit v1.2.3