nft: convert rule into a command state structure

This helps to reduce the code complexity to have one single common path
for printing, saving and looking up for the rule.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 8 insertions, 3 deletions

diff --git a/iptables/xtables-events.c b/iptables/xtables-events.c
index 64ae9726..20392a5b 100644
--- a/iptables/xtables-events.c
+++ b/iptables/xtables-events.c
@@ -58,6 +58,7 @@ static bool counters;
 
 static int rule_cb(const struct nlmsghdr *nlh, int type)
 {
+	struct iptables_command_state cs = {};
 	struct nft_rule *r;
 
 	r = nft_rule_alloc();
@@ -71,6 +72,8 @@ static int rule_cb(const struct nlmsghdr *nlh, int type)
 		goto err_free;
 	}
 
+	nft_rule_to_iptables_command_state(r, &cs);
+
 	switch(nft_rule_attr_get_u8(r, NFT_RULE_ATTR_FAMILY)) {
 	case AF_INET:
 		printf("-4 ");
@@ -82,9 +85,11 @@ static int rule_cb(const struct nlmsghdr *nlh, int type)
 		break;
 	}
 
-	nft_rule_print_save(r, type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND :
-							 NFT_RULE_DEL,
-			    counters);
+
+	nft_rule_print_save(&cs, r,
+			    type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND :
+						      NFT_RULE_DEL,
+			    counters ? 0 : FMT_NOCOUNTS);
 err_free:
 	nft_rule_free(r);
 err: