path: root/iptables/nft.c
diff options
authorPhil Sutter <>2019-08-20 15:15:19 +0200
committerPhil Sutter <>2019-11-25 23:30:40 +0100
commitd4d319cb0afdce06fb5e3fad5fe1cff4232bdbd6 (patch)
treede2b9f6d91675fd18b2b5c0d8d821a1e7f5a62ca /iptables/nft.c
parent7a373f6683afb799c8387bdec1da6a07e9e55b33 (diff)
nft: family_ops: Pass nft_handle to 'add' callback
In order for add_match() to create anonymous sets when converting xtables matches it needs access to nft handle. So pass it along from callers of family ops' add callback. Signed-off-by: Phil Sutter <> Acked-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft.c')
1 files changed, 3 insertions, 2 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index 599c2f7e..e31f2834 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -930,7 +930,8 @@ static int add_nft_limit(struct nftnl_rule *r, struct xt_entry_match *m)
return 0;
-int add_match(struct nftnl_rule *r, struct xt_entry_match *m)
+int add_match(struct nft_handle *h,
+ struct nftnl_rule *r, struct xt_entry_match *m)
struct nftnl_expr *expr;
int ret;
@@ -1152,7 +1153,7 @@ nft_rule_new(struct nft_handle *h, const char *chain, const char *table,
nftnl_rule_set_str(r, NFTNL_RULE_TABLE, table);
nftnl_rule_set_str(r, NFTNL_RULE_CHAIN, chain);
- if (h->ops->add(r, data) < 0)
+ if (h->ops->add(h, r, data) < 0)
goto err;
return r;