summaryrefslogtreecommitdiffstats
path: root/iptables/nft-ipv4.c
diff options
context:
space:
mode:
authorTomasz Bursztyka <tomasz.bursztyka@linux.intel.com>2013-08-07 11:31:36 +0300
committerPablo Neira Ayuso <pablo@netfilter.org>2013-12-30 23:50:43 +0100
commite23e66f9d1a25c75df684850b7cd99053708c4d0 (patch)
treee7a785ebcf7bfcbdee2d906236b35fd2c91bc6e6 /iptables/nft-ipv4.c
parent7a1026f59c101a67233c65dd5ef9b0ae15945ca5 (diff)
nft: Generalize nft_rule_list() against current family
Now, firewall rule printing is done through nft_family_ops .print_firewall function. This moves generic part for ipv4 and ipv6 into nft-shared.c, and enables reusing nft_rule_list() for other family such as ARP which will be useful for arptables compatibility tool. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-ipv4.c')
-rw-r--r--iptables/nft-ipv4.c39
1 files changed, 31 insertions, 8 deletions
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index 51ee422c..81be9f4c 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -284,18 +284,41 @@ static void print_ipv4_addr(const struct iptables_command_state *cs,
}
-static uint8_t nft_ipv4_print_firewall(const struct iptables_command_state *cs,
- const char *targname, unsigned int num,
- unsigned int format)
+static void nft_ipv4_print_firewall(struct nft_rule *r, unsigned int num,
+ unsigned int format)
{
- print_firewall_details(cs, targname, cs->fw.ip.flags,
- cs->fw.ip.invflags, cs->fw.ip.proto,
- cs->fw.ip.iniface, cs->fw.ip.outiface,
+ struct iptables_command_state cs = {};
+ const char *targname = NULL;
+ const void *targinfo = NULL;
+ size_t target_len = 0;
+
+ nft_rule_to_iptables_command_state(r, &cs);
+
+ targname = nft_parse_target(r, &targinfo, &target_len);
+
+ print_firewall_details(&cs, targname, cs.fw.ip.flags,
+ cs.fw.ip.invflags, cs.fw.ip.proto,
+ cs.fw.ip.iniface, cs.fw.ip.outiface,
num, format);
- print_ipv4_addr(cs, format);
+ print_ipv4_addr(&cs, format);
- return cs->fw.ip.flags;
+ if (format & FMT_NOTABLE)
+ fputs(" ", stdout);
+
+#ifdef IPT_F_GOTO
+ if (cs.fw.ip.flags & IPT_F_GOTO)
+ printf("[goto] ");
+#endif
+
+ if (print_matches(r, format) != 0)
+ return;
+
+ if (print_target(targname, targinfo, target_len, format) != 0)
+ return;
+
+ if (!(format & FMT_NONEWLINE))
+ fputc('\n', stdout);
}
static void nft_ipv4_post_parse(int command,