diff options
author | Phil Sutter <phil@nwl.cc> | 2019-09-25 18:48:07 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2019-10-17 19:02:56 +0200 |
commit | 48a21d5c7af074bd502a4f6fa7d8a46cfa719732 (patch) | |
tree | ca0850393305d43edc86474edfc5bf6e055a3415 /iptables/nft.h | |
parent | 7b64c50904ae1ab6366a78e01a272532fac8af8f (diff) |
nft: Support nft_is_table_compatible() per chain
When operating on a single chain only, compatibility checking causes
unwanted overhead by checking all chains of the current table. Avoid
this by accepting the current chain name as parameter and pass it along
to nft_chain_list_get().
While being at it, introduce nft_assert_table_compatible() which
calls xtables_error() in case compatibility check fails. If a chain name
was given, include that in error message.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft.h')
-rw-r--r-- | iptables/nft.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/iptables/nft.h b/iptables/nft.h index 9ae3122a..4b8b3033 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -206,7 +206,10 @@ int nft_arp_rule_insert(struct nft_handle *h, const char *chain, void nft_rule_to_arpt_entry(struct nftnl_rule *r, struct arpt_entry *fw); -bool nft_is_table_compatible(struct nft_handle *h, const char *name); +bool nft_is_table_compatible(struct nft_handle *h, + const char *table, const char *chain); +void nft_assert_table_compatible(struct nft_handle *h, + const char *table, const char *chain); int ebt_set_user_chain_policy(struct nft_handle *h, const char *table, const char *chain, const char *policy); |