diff options
| author | Phil Sutter <phil@nwl.cc> | 2021-09-27 16:59:49 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2021-10-20 11:32:54 +0200 |
| commit | 2e6014c739852daf8c0c42caeef01d3966622c4b (patch) | |
| tree | 72f6ba93582c41d49b3f76f90dae6aeefd37055b | |
| parent | db90ff64fb89144d1e2ba18bc0569486cd5af9a3 (diff) | |
nft: Introduce builtin_tables_lookup()
The set of builtin tables to use is fully determined by the given family
so just look it up instead of having callers pass it explicitly.
Signed-off-by: Phil Sutter <phil@nwl.cc>
| -rw-r--r-- | iptables/nft.c | 19 | ||||
| -rw-r--r-- | iptables/nft.h | 2 | ||||
| -rw-r--r-- | iptables/xtables-arp.c | 2 | ||||
| -rw-r--r-- | iptables/xtables-eb.c | 2 | ||||
| -rw-r--r-- | iptables/xtables-monitor.c | 2 | ||||
| -rw-r--r-- | iptables/xtables-restore.c | 7 | ||||
| -rw-r--r-- | iptables/xtables-save.c | 6 | ||||
| -rw-r--r-- | iptables/xtables-standalone.c | 2 | ||||
| -rw-r--r-- | iptables/xtables-translate.c | 7 |
9 files changed, 25 insertions, 24 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index dc1f5160..1d3f3a3d 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -863,7 +863,22 @@ int nft_restart(struct nft_handle *h) return 0; } -int nft_init(struct nft_handle *h, int family, const struct builtin_table *t) +static const struct builtin_table *builtin_tables_lookup(int family) +{ + switch (family) { + case AF_INET: + case AF_INET6: + return xtables_ipv4; + case NFPROTO_ARP: + return xtables_arp; + case NFPROTO_BRIDGE: + return xtables_bridge; + default: + return NULL; + } +} + +int nft_init(struct nft_handle *h, int family) { memset(h, 0, sizeof(*h)); @@ -881,7 +896,7 @@ int nft_init(struct nft_handle *h, int family, const struct builtin_table *t) xtables_error(PARAMETER_PROBLEM, "Unknown family"); h->portid = mnl_socket_get_portid(h->nl); - h->tables = t; + h->tables = builtin_tables_lookup(family); h->cache = &h->__cache[0]; h->family = family; diff --git a/iptables/nft.h b/iptables/nft.h index ef79b018..f189b03f 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -123,7 +123,7 @@ extern const struct builtin_table xtables_bridge[NFT_TABLE_MAX]; int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh, int (*cb)(const struct nlmsghdr *nlh, void *data), void *data); -int nft_init(struct nft_handle *h, int family, const struct builtin_table *t); +int nft_init(struct nft_handle *h, int family); void nft_fini(struct nft_handle *h); int nft_restart(struct nft_handle *h); diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c index 9a079f06..1d132bdf 100644 --- a/iptables/xtables-arp.c +++ b/iptables/xtables-arp.c @@ -397,7 +397,7 @@ int nft_init_arp(struct nft_handle *h, const char *pname) init_extensionsa(); #endif - if (nft_init(h, NFPROTO_ARP, xtables_arp) < 0) + if (nft_init(h, NFPROTO_ARP) < 0) xtables_error(OTHER_PROBLEM, "Could not initialize nftables layer."); diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c index 23023ce1..1ed6bcd8 100644 --- a/iptables/xtables-eb.c +++ b/iptables/xtables-eb.c @@ -672,7 +672,7 @@ int nft_init_eb(struct nft_handle *h, const char *pname) init_extensionsb(); #endif - if (nft_init(h, NFPROTO_BRIDGE, xtables_bridge) < 0) + if (nft_init(h, NFPROTO_BRIDGE) < 0) xtables_error(OTHER_PROBLEM, "Could not initialize nftables layer."); diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c index 21d4bec0..73dc80c2 100644 --- a/iptables/xtables-monitor.c +++ b/iptables/xtables-monitor.c @@ -631,7 +631,7 @@ int xtables_monitor_main(int argc, char *argv[]) init_extensions6(); #endif - if (nft_init(&h, AF_INET, xtables_ipv4)) { + if (nft_init(&h, AF_INET)) { fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", xtables_globals.program_name, xtables_globals.program_version, diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 72832103..86dcede3 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -281,7 +281,6 @@ void xtables_restore_parse(struct nft_handle *h, static int xtables_restore_main(int family, const char *progname, int argc, char *argv[]) { - const struct builtin_table *tables; struct nft_xt_restore_parse p = { .commit = true, .cb = &restore_cb, @@ -360,7 +359,6 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) switch (family) { case NFPROTO_IPV4: case NFPROTO_IPV6: /* fallthough, same table */ - tables = xtables_ipv4; #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) init_extensions(); init_extensions4(); @@ -368,17 +366,14 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) #endif break; case NFPROTO_ARP: - tables = xtables_arp; - break; case NFPROTO_BRIDGE: - tables = xtables_bridge; break; default: fprintf(stderr, "Unknown family %d\n", family); return 1; } - if (nft_init(&h, family, tables) < 0) { + if (nft_init(&h, family) < 0) { fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", xtables_globals.program_name, xtables_globals.program_version, diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index f794e3ff..c6ebb0ec 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -131,7 +131,6 @@ static int xtables_save_main(int family, int argc, char *argv[], const char *optstring, const struct option *longopts) { - const struct builtin_table *tables; const char *tablename = NULL; struct do_output_data d = { .format = FMT_NOCOUNTS, @@ -208,11 +207,9 @@ xtables_save_main(int family, int argc, char *argv[], init_extensions4(); init_extensions6(); #endif - tables = xtables_ipv4; d.commit = true; break; case NFPROTO_ARP: - tables = xtables_arp; break; case NFPROTO_BRIDGE: { const char *ctr = getenv("EBTABLES_SAVE_COUNTER"); @@ -223,7 +220,6 @@ xtables_save_main(int family, int argc, char *argv[], d.format &= ~FMT_NOCOUNTS; d.format |= FMT_C_COUNTS | FMT_EBT_SAVE; } - tables = xtables_bridge; break; } default: @@ -231,7 +227,7 @@ xtables_save_main(int family, int argc, char *argv[], return 1; } - if (nft_init(&h, family, tables) < 0) { + if (nft_init(&h, family) < 0) { fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", xtables_globals.program_name, xtables_globals.program_version, diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c index 1a6b7cf7..f4d40cda 100644 --- a/iptables/xtables-standalone.c +++ b/iptables/xtables-standalone.c @@ -60,7 +60,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[]) init_extensions6(); #endif - if (nft_init(&h, family, xtables_ipv4) < 0) { + if (nft_init(&h, family) < 0) { fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", xtables_globals.program_name, xtables_globals.program_version, diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index 2a00a850..086b85d2 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -465,7 +465,6 @@ static int xtables_xlate_main_common(struct nft_handle *h, int family, const char *progname) { - const struct builtin_table *tables; int ret; xtables_globals.program_name = progname; @@ -485,20 +484,16 @@ static int xtables_xlate_main_common(struct nft_handle *h, init_extensions4(); init_extensions6(); #endif - tables = xtables_ipv4; break; case NFPROTO_ARP: - tables = xtables_arp; - break; case NFPROTO_BRIDGE: - tables = xtables_bridge; break; default: fprintf(stderr, "Unknown family %d\n", family); return 1; } - if (nft_init(h, family, tables) < 0) { + if (nft_init(h, family) < 0) { fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", xtables_globals.program_name, xtables_globals.program_version, |