diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-01-06 13:20:15 +0100 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2020-05-11 14:28:28 +0200 |
| commit | 59e80a8e50148c31be71a984a03456800f179123 (patch) | |
| tree | ec2c792f5bb0b4fd3a9115bcc6d4f7597c48899e /iptables | |
| parent | 9d07514ac5c7a27ec72df5a81bf067073d63bd99 (diff) | |
nft: restore among support
Update among support to work again with the new parser and cache logic.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
| -rw-r--r-- | iptables/nft-bridge.c | 13 | ||||
| -rw-r--r-- | iptables/nft.c | 15 | ||||
| -rw-r--r-- | iptables/nft.h | 6 |
3 files changed, 32 insertions, 2 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index 0d60c724..39a2f704 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -421,11 +421,20 @@ static struct nftnl_set *set_from_lookup_expr(struct nft_xt_ctx *ctx, const struct nftnl_expr *e) { const char *set_name = nftnl_expr_get_str(e, NFTNL_EXPR_LOOKUP_SET); + uint32_t set_id = nftnl_expr_get_u32(e, NFTNL_EXPR_LOOKUP_SET_ID); struct nftnl_set_list *slist; + struct nftnl_set *set; slist = nft_set_list_get(ctx->h, ctx->table, set_name); - if (slist) - return nftnl_set_list_lookup_byname(slist, set_name); + if (slist) { + set = nftnl_set_list_lookup_byname(slist, set_name); + if (set) + return set; + + set = nft_set_batch_lookup_byid(ctx->h, set_id); + if (set) + return set; + } return NULL; } diff --git a/iptables/nft.c b/iptables/nft.c index f069396a..9771bcc9 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1613,6 +1613,20 @@ int nft_rule_save(struct nft_handle *h, const char *table, unsigned int format) return ret == 0 ? 1 : 0; } +struct nftnl_set *nft_set_batch_lookup_byid(struct nft_handle *h, + uint32_t set_id) +{ + struct obj_update *n; + + list_for_each_entry(n, &h->obj_list, head) { + if (n->type == NFT_COMPAT_SET_ADD && + nftnl_set_get_u32(n->set, NFTNL_SET_ID) == set_id) + return n->set; + } + + return NULL; +} + static void __nft_rule_flush(struct nft_handle *h, const char *table, const char *chain, bool verbose, bool implicit) @@ -3092,6 +3106,7 @@ static int nft_prepare(struct nft_handle *h) ret = 1; break; case NFT_COMPAT_SET_ADD: + nft_xt_builtin_init(h, cmd->table); batch_set_add(h, NFT_COMPAT_SET_ADD, cmd->obj.set); ret = 1; break; diff --git a/iptables/nft.h b/iptables/nft.h index d61a4097..89c3620e 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -145,6 +145,12 @@ void nft_bridge_chain_postprocess(struct nft_handle *h, /* + * Operations with sets. + */ +struct nftnl_set *nft_set_batch_lookup_byid(struct nft_handle *h, + uint32_t set_id); + +/* * Operations with rule-set. */ struct nftnl_rule; |