diff options
| author | Phil Sutter <phil@nwl.cc> | 2023-08-15 13:47:28 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2023-09-01 13:15:03 +0200 |
| commit | 35ff97e9aca8cd301ff9b9a95b0a72de1aeb700b (patch) | |
| tree | 5f4b36dfccf29e4290e48b3a7dfe6bc7dab5dbf2 /iptables/nft-bridge.c | |
| parent | 63e4a64e943be64a7e0486838071b981074e696d (diff) | |
Revert --compat option related commits
This reverts the following commits:
b14c971db6db0 ("tests: Test compat mode")
11c464ed015b5 ("Add --compat option to *tables-nft and *-nft-restore commands")
ca709b5784c98 ("nft: Introduce and use bool nft_handle::compat")
402b9b3c07c81 ("nft: Pass nft_handle to add_{target,action}()")
This implementation of a compatibility mode implements rules using
xtables extensions if possible and thus relies upon existence of those
in kernel space. Assuming no viable replacement for the internal
mechanics of this mode will be found in foreseeable future, it will
effectively block attempts at deprecating and removing of these xtables
extensions in favor of nftables expressions and thus hinder upstream's
future plans for iptables.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft-bridge.c')
| -rw-r--r-- | iptables/nft-bridge.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index 616ae5a3..391a8ab7 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -117,8 +117,7 @@ static int add_meta_broute(struct nftnl_rule *r) return 0; } -static int _add_action(struct nft_handle *h, struct nftnl_rule *r, - struct iptables_command_state *cs) +static int _add_action(struct nftnl_rule *r, struct iptables_command_state *cs) { const char *table = nftnl_rule_get_str(r, NFTNL_RULE_TABLE); @@ -134,7 +133,7 @@ static int _add_action(struct nft_handle *h, struct nftnl_rule *r, } } - return add_action(h, r, cs, false); + return add_action(r, cs, false); } static int @@ -222,7 +221,7 @@ static int nft_bridge_add(struct nft_handle *h, struct nft_rule_ctx *ctx, if (nft_bridge_add_match(h, fw, ctx, r, iter->u.match->m)) break; } else { - if (add_target(h, r, iter->u.watcher->t)) + if (add_target(r, iter->u.watcher->t)) break; } } @@ -230,7 +229,7 @@ static int nft_bridge_add(struct nft_handle *h, struct nft_rule_ctx *ctx, if (add_counters(r, cs->counters.pcnt, cs->counters.bcnt) < 0) return -1; - return _add_action(h, r, cs); + return _add_action(r, cs); } static bool nft_rule_to_ebtables_command_state(struct nft_handle *h, |