diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-01-06 13:20:13 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2020-05-11 14:28:28 +0200 |
commit | a7f1e208cdf9c6392c99d3c52764701d004bdde7 (patch) | |
tree | a479e3469ac3b1ec03b867acfdcd3912891162fd /iptables/xtables-arp.c | |
parent | 70a3c1a07585de64b5780a415dc157079c34911b (diff) |
nft: split parsing from netlink commands
This patch updates the parser to generate a list of command objects.
This list of commands is then transformed to a list of netlink jobs.
This new command object stores the rule using the nftnl representation
via nft_rule_new().
To reduce the number of updates in this patch, the nft_*_rule_find()
functions have been updated to restore the native representation to
skip the update of the rule comparison code.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/xtables-arp.c')
-rw-r--r-- | iptables/xtables-arp.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c index c8196f08..a0136059 100644 --- a/iptables/xtables-arp.c +++ b/iptables/xtables-arp.c @@ -400,7 +400,7 @@ list_entries(struct nft_handle *h, const char *chain, const char *table, if (linenumbers) format |= FMT_LINENUMBERS; - return nft_rule_list(h, chain, table, rulenum, format); + return nft_cmd_rule_list(h, chain, table, rulenum, format); } static int @@ -427,10 +427,10 @@ append_entry(struct nft_handle *h, cs->arp.arp.tgt.s_addr = daddrs[j].s_addr; cs->arp.arp.tmsk.s_addr = dmasks[j].s_addr; if (append) { - ret = nft_rule_append(h, chain, table, cs, NULL, + ret = nft_cmd_rule_append(h, chain, table, cs, NULL, verbose); } else { - ret = nft_rule_insert(h, chain, table, cs, + ret = nft_cmd_rule_insert(h, chain, table, cs, rulenum, verbose); } } @@ -455,7 +455,7 @@ replace_entry(const char *chain, cs->arp.arp.smsk.s_addr = smask->s_addr; cs->arp.arp.tmsk.s_addr = dmask->s_addr; - return nft_rule_replace(h, chain, table, cs, rulenum, verbose); + return nft_cmd_rule_replace(h, chain, table, cs, rulenum, verbose); } static int @@ -479,7 +479,7 @@ delete_entry(const char *chain, for (j = 0; j < ndaddrs; j++) { cs->arp.arp.tgt.s_addr = daddrs[j].s_addr; cs->arp.arp.tmsk.s_addr = dmasks[j].s_addr; - ret = nft_rule_delete(h, chain, table, cs, verbose); + ret = nft_cmd_rule_delete(h, chain, table, cs, verbose); } } @@ -955,7 +955,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, options&OPT_VERBOSE, h); break; case CMD_DELETE_NUM: - ret = nft_rule_delete_num(h, chain, *table, rulenum - 1, verbose); + ret = nft_cmd_rule_delete_num(h, chain, *table, rulenum - 1, verbose); break; case CMD_REPLACE: ret = replace_entry(chain, *table, &cs, rulenum - 1, @@ -977,10 +977,10 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, options&OPT_LINENUMBERS); break; case CMD_FLUSH: - ret = nft_rule_flush(h, chain, *table, options & OPT_VERBOSE); + ret = nft_cmd_rule_flush(h, chain, *table, options & OPT_VERBOSE); break; case CMD_ZERO: - ret = nft_chain_zero_counters(h, chain, *table, + ret = nft_cmd_chain_zero_counters(h, chain, *table, options & OPT_VERBOSE); break; case CMD_LIST|CMD_ZERO: @@ -990,21 +990,21 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, /*options&OPT_EXPANDED*/0, options&OPT_LINENUMBERS); if (ret) - ret = nft_chain_zero_counters(h, chain, *table, + ret = nft_cmd_chain_zero_counters(h, chain, *table, options & OPT_VERBOSE); break; case CMD_NEW_CHAIN: - ret = nft_chain_user_add(h, chain, *table); + ret = nft_cmd_chain_user_add(h, chain, *table); break; case CMD_DELETE_CHAIN: - ret = nft_chain_user_del(h, chain, *table, + ret = nft_cmd_chain_user_del(h, chain, *table, options & OPT_VERBOSE); break; case CMD_RENAME_CHAIN: - ret = nft_chain_user_rename(h, chain, *table, newname); + ret = nft_cmd_chain_user_rename(h, chain, *table, newname); break; case CMD_SET_POLICY: - ret = nft_chain_set(h, *table, chain, policy, NULL); + ret = nft_cmd_chain_set(h, *table, chain, policy, NULL); if (ret < 0) xtables_error(PARAMETER_PROBLEM, "Wrong policy `%s'\n", policy); |