path: root/iptables/nft-shared.h
authorPhil Sutter <>2018-07-19 18:31:57 +0200
committerFlorian Westphal <>2018-07-19 23:04:01 +0200
commit1866625f0befbc04673017692813f48d084004ff (patch)
treeafef4450d4ae51c3d1856eb9b82164c6ee15595c /iptables/nft-shared.h
parent05894576bf78e8f3ec4e816ffc908a2dbced0350 (diff)
xtables: introduce rule_to_cs/clear_cs callbacks
This introduces callbacks in nft_family_ops for parsing an nftnl rule into iptables_command_state and clearing it afterwards. Signed-off-by: Phil Sutter <> Signed-off-by: Florian Westphal <>
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 2ad1ae6b..8172c873 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -101,6 +101,9 @@ struct nft_family_ops {
struct xtables_args *args);
void (*parse_match)(struct xtables_match *m, void *data);
void (*parse_target)(struct xtables_target *t, void *data);
+ void (*rule_to_cs)(const struct nftnl_rule *r,
+ struct iptables_command_state *cs);
+ void (*clear_cs)(struct iptables_command_state *cs);
bool (*rule_find)(struct nft_family_ops *ops, struct nftnl_rule *r,
void *data);
int (*xlate)(const void *data, struct xt_xlate *xl);
@@ -144,6 +147,7 @@ void nft_parse_counter(struct nftnl_expr *e, struct xt_counters *counters);
void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
void nft_rule_to_iptables_command_state(const struct nftnl_rule *r,
struct iptables_command_state *cs);
+void nft_clear_iptables_command_state(struct iptables_command_state *cs);
void print_header(unsigned int format, const char *chain, const char *pol,
const struct xt_counters *counters, bool basechain,
uint32_t refs);