diff options
author | Phil Sutter <phil@nwl.cc> | 2023-02-16 21:55:54 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-02-17 18:18:48 +0100 |
commit | f5993955ab1d1ef34a0729af2eb58e1eb4f084da (patch) | |
tree | eda1d3e7c130bfa1703a00baaf1abd1796a3fe18 /iptables/nft-shared.h | |
parent | aa72fad69a7709f3610f1adc4794885c79788d08 (diff) |
nft-shared: Lookup matches in iptables_command_state
Some matches may turn into multiple nft statements (naturally or via
translation). Such statements must parse into a single extension again
in order to rebuild the rule as it was.
Introduce nft_find_match_in_cs() to iterate through the lists and drop
tcp/udp port match caching in struct nft_xt_ctx which is not needed
anymore.
Note: Match reuse is not enabled unconditionally for all matches,
because iptables supports having multiple instances of the same
extension.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft-shared.h')
-rw-r--r-- | iptables/nft-shared.h | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 07d39131..b8bc1a6c 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -76,10 +76,6 @@ struct nft_xt_ctx { struct nft_handle *h; uint32_t flags; const char *table; - union { - struct xt_tcp *tcp; - struct xt_udp *udp; - } tcpudp; struct nft_xt_ctx_reg regs[1 + 16]; |