diff options
author | Phil Sutter <phil@nwl.cc> | 2019-08-20 21:41:12 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2019-11-25 23:30:56 +0100 |
commit | 1e8ef6a5847549af6fa2edc4fd642cf259ef2ba1 (patch) | |
tree | 0595a523a02a2c06dbb3d4a2a17735e385080607 /iptables/nft-shared.c | |
parent | 7dc64022bb8dfecb737fbf4aa02e6464b80e2eae (diff) |
nft: family_ops: Pass nft_handle to 'rule_to_cs' callback
This is the actual callback used to parse nftables rules. Pass
nft_handle to it so it can access the cache (and possible sets therein).
Having to pass nft_handle to nft_rule_print_save() allows to simplify it
a bit since no family ops lookup has to be done anymore.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-shared.c')
-rw-r--r-- | iptables/nft-shared.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index b6d85f1a..bdbd3238 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -591,7 +591,8 @@ static void nft_parse_limit(struct nft_xt_ctx *ctx, struct nftnl_expr *e) ops->parse_match(match, ctx->cs); } -void nft_rule_to_iptables_command_state(const struct nftnl_rule *r, +void nft_rule_to_iptables_command_state(struct nft_handle *h, + const struct nftnl_rule *r, struct iptables_command_state *cs) { struct nftnl_expr_iter *iter; @@ -987,7 +988,7 @@ bool nft_ipv46_rule_find(struct nft_handle *h, struct nftnl_rule *r, void *data) struct iptables_command_state *cs = data, this = {}; bool ret = false; - nft_rule_to_iptables_command_state(r, &this); + nft_rule_to_iptables_command_state(h, r, &this); DEBUGP("comparing with... "); #ifdef DEBUG_DEL |