summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--iptables/nft-arp.c12
-rw-r--r--iptables/nft-bridge.c8
-rw-r--r--iptables/nft-ipv4.c21
-rw-r--r--iptables/nft-ipv6.c23
-rw-r--r--iptables/nft-shared.c20
-rw-r--r--iptables/nft-shared.h26
-rw-r--r--iptables/nft.c8
7 files changed, 58 insertions, 60 deletions
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index a6241498..328c791d 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -436,7 +436,8 @@ static void nft_arp_print_header(unsigned int format, const char *chain,
}
}
-static void print_fw_details(struct arpt_entry *fw, unsigned int format)
+static void nft_arp_print_rule_details(struct arpt_entry *fw,
+ unsigned int format)
{
char buf[BUFSIZ];
char iface[IFNAMSIZ+2];
@@ -578,8 +579,7 @@ after_devdst:
}
static void
-nft_arp_print_firewall(struct nftnl_rule *r, unsigned int num,
- unsigned int format)
+nft_arp_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format)
{
struct iptables_command_state cs = {};
@@ -588,7 +588,7 @@ nft_arp_print_firewall(struct nftnl_rule *r, unsigned int num,
if (format & FMT_LINENUMBERS)
printf("%u ", num);
- print_fw_details(&cs.arp, format);
+ nft_arp_print_rule_details(&cs.arp, format);
if (cs.jumpto != NULL && strcmp(cs.jumpto, "") != 0) {
printf("-j %s", cs.jumpto);
@@ -663,8 +663,8 @@ struct nft_family_ops nft_family_ops_arp = {
.parse_payload = nft_arp_parse_payload,
.parse_immediate = nft_arp_parse_immediate,
.print_header = nft_arp_print_header,
- .print_firewall = nft_arp_print_firewall,
- .save_firewall = NULL,
+ .print_rule = nft_arp_print_rule,
+ .save_rule = NULL,
.save_counters = NULL,
.post_parse = NULL,
.rule_to_cs = nft_arp_rule_to_cs,
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 3834d6dd..b3bb3666 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -435,8 +435,8 @@ static void print_protocol(uint16_t ethproto, bool invert, unsigned int bitmask)
printf("%s ", ent->e_name);
}
-static void nft_bridge_print_firewall(struct nftnl_rule *r, unsigned int num,
- unsigned int format)
+static void nft_bridge_print_rule(struct nftnl_rule *r, unsigned int num,
+ unsigned int format)
{
struct iptables_command_state cs = {};
@@ -729,8 +729,8 @@ struct nft_family_ops nft_family_ops_bridge = {
.parse_target = nft_bridge_parse_target,
.print_table_header = nft_bridge_print_table_header,
.print_header = nft_bridge_print_header,
- .print_firewall = nft_bridge_print_firewall,
- .save_firewall = NULL,
+ .print_rule = nft_bridge_print_rule,
+ .save_rule = NULL,
.save_counters = NULL,
.post_parse = NULL,
.rule_to_cs = nft_rule_to_ebtables_command_state,
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index f118dcb8..cbc4be73 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -289,16 +289,15 @@ static void print_fragment(unsigned int flags, unsigned int invflags,
fputc(' ', stdout);
}
-static void nft_ipv4_print_firewall(struct nftnl_rule *r, unsigned int num,
- unsigned int format)
+static void nft_ipv4_print_rule(struct nftnl_rule *r, unsigned int num,
+ unsigned int format)
{
struct iptables_command_state cs = {};
nft_rule_to_iptables_command_state(r, &cs);
- print_firewall_details(&cs, cs.jumpto, cs.fw.ip.flags,
- cs.fw.ip.invflags, cs.fw.ip.proto,
- num, format);
+ print_rule_details(&cs, cs.jumpto, cs.fw.ip.flags,
+ cs.fw.ip.invflags, cs.fw.ip.proto, num, format);
print_fragment(cs.fw.ip.flags, cs.fw.ip.invflags, format);
print_ifaces(cs.fw.ip.iniface, cs.fw.ip.outiface, cs.fw.ip.invflags,
format);
@@ -330,7 +329,7 @@ static void save_ipv4_addr(char letter, const struct in_addr *addr,
mask_to_str(mask));
}
-static void nft_ipv4_save_firewall(const void *data, unsigned int format)
+static void nft_ipv4_save_rule(const void *data, unsigned int format)
{
const struct iptables_command_state *cs = data;
@@ -339,9 +338,9 @@ static void nft_ipv4_save_firewall(const void *data, unsigned int format)
save_ipv4_addr('d', &cs->fw.ip.dst, cs->fw.ip.dmsk.s_addr,
cs->fw.ip.invflags & IPT_INV_DSTIP);
- save_firewall_details(cs, cs->fw.ip.invflags, cs->fw.ip.proto,
- cs->fw.ip.iniface, cs->fw.ip.iniface_mask,
- cs->fw.ip.outiface, cs->fw.ip.outiface_mask);
+ save_rule_details(cs, cs->fw.ip.invflags, cs->fw.ip.proto,
+ cs->fw.ip.iniface, cs->fw.ip.iniface_mask,
+ cs->fw.ip.outiface, cs->fw.ip.outiface_mask);
if (cs->fw.ip.flags & IPT_F_FRAG) {
if (cs->fw.ip.invflags & IPT_INV_FRAG)
@@ -483,8 +482,8 @@ struct nft_family_ops nft_family_ops_ipv4 = {
.parse_payload = nft_ipv4_parse_payload,
.parse_immediate = nft_ipv4_parse_immediate,
.print_header = print_header,
- .print_firewall = nft_ipv4_print_firewall,
- .save_firewall = nft_ipv4_save_firewall,
+ .print_rule = nft_ipv4_print_rule,
+ .save_rule = nft_ipv4_save_rule,
.save_counters = save_counters,
.proto_parse = nft_ipv4_proto_parse,
.post_parse = nft_ipv4_post_parse,
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 9e9049f3..6aa913ed 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -220,16 +220,16 @@ static void print_ipv6_addr(const struct iptables_command_state *cs,
}
}
-static void nft_ipv6_print_firewall(struct nftnl_rule *r, unsigned int num,
- unsigned int format)
+static void nft_ipv6_print_rule(struct nftnl_rule *r, unsigned int num,
+ unsigned int format)
{
struct iptables_command_state cs = {};
nft_rule_to_iptables_command_state(r, &cs);
- print_firewall_details(&cs, cs.jumpto, cs.fw6.ipv6.flags,
- cs.fw6.ipv6.invflags, cs.fw6.ipv6.proto,
- num, format);
+ print_rule_details(&cs, cs.jumpto, cs.fw6.ipv6.flags,
+ cs.fw6.ipv6.invflags, cs.fw6.ipv6.proto,
+ num, format);
print_ifaces(cs.fw6.ipv6.iniface, cs.fw6.ipv6.outiface,
cs.fw6.ipv6.invflags, format);
print_ipv6_addr(&cs, format);
@@ -268,7 +268,7 @@ static void save_ipv6_addr(char letter, const struct in6_addr *addr,
printf("/%d ", l);
}
-static void nft_ipv6_save_firewall(const void *data, unsigned int format)
+static void nft_ipv6_save_rule(const void *data, unsigned int format)
{
const struct iptables_command_state *cs = data;
@@ -277,10 +277,9 @@ static void nft_ipv6_save_firewall(const void *data, unsigned int format)
save_ipv6_addr('d', &cs->fw6.ipv6.dst, &cs->fw6.ipv6.dmsk,
cs->fw6.ipv6.invflags & IP6T_INV_DSTIP);
- save_firewall_details(cs, cs->fw6.ipv6.invflags, cs->fw6.ipv6.proto,
- cs->fw6.ipv6.iniface, cs->fw6.ipv6.iniface_mask,
- cs->fw6.ipv6.outiface,
- cs->fw6.ipv6.outiface_mask);
+ save_rule_details(cs, cs->fw6.ipv6.invflags, cs->fw6.ipv6.proto,
+ cs->fw6.ipv6.iniface, cs->fw6.ipv6.iniface_mask,
+ cs->fw6.ipv6.outiface, cs->fw6.ipv6.outiface_mask);
save_matches_and_target(cs->matches, cs->target,
cs->jumpto, cs->fw6.ipv6.flags, &cs->fw6);
@@ -438,8 +437,8 @@ struct nft_family_ops nft_family_ops_ipv6 = {
.parse_payload = nft_ipv6_parse_payload,
.parse_immediate = nft_ipv6_parse_immediate,
.print_header = print_header,
- .print_firewall = nft_ipv6_print_firewall,
- .save_firewall = nft_ipv6_save_firewall,
+ .print_rule = nft_ipv6_print_rule,
+ .save_rule = nft_ipv6_save_rule,
.save_counters = save_counters,
.proto_parse = nft_ipv6_proto_parse,
.post_parse = nft_ipv6_post_parse,
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 1018b631..60b539c8 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -675,10 +675,10 @@ void print_header(unsigned int format, const char *chain, const char *pol,
printf("\n");
}
-void print_firewall_details(const struct iptables_command_state *cs,
- const char *targname, uint8_t flags,
- uint8_t invflags, uint8_t proto,
- unsigned int num, unsigned int format)
+void print_rule_details(const struct iptables_command_state *cs,
+ const char *targname, uint8_t flags,
+ uint8_t invflags, uint8_t proto,
+ unsigned int num, unsigned int format)
{
if (format & FMT_LINENUMBERS)
printf(FMT("%-4u ", "%u "), num);
@@ -765,12 +765,12 @@ print_iface(char letter, const char *iface, const unsigned char *mask, int inv)
printf(" ");
}
-void save_firewall_details(const struct iptables_command_state *cs,
- uint8_t invflags, uint16_t proto,
- const char *iniface,
- unsigned const char *iniface_mask,
- const char *outiface,
- unsigned const char *outiface_mask)
+void save_rule_details(const struct iptables_command_state *cs,
+ uint8_t invflags, uint16_t proto,
+ const char *iniface,
+ unsigned const char *iniface_mask,
+ const char *outiface,
+ unsigned const char *outiface_mask)
{
if (iniface != NULL) {
print_iface('i', iniface, iniface_mask,
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 578726d0..20c19863 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -91,9 +91,9 @@ struct nft_family_ops {
const char *pol,
const struct xt_counters *counters, bool basechain,
uint32_t refs);
- void (*print_firewall)(struct nftnl_rule *r, unsigned int num,
- unsigned int format);
- void (*save_firewall)(const void *data, unsigned int format);
+ void (*print_rule)(struct nftnl_rule *r, unsigned int num,
+ unsigned int format);
+ void (*save_rule)(const void *data, unsigned int format);
void (*save_counters)(const void *data);
void (*proto_parse)(struct iptables_command_state *cs,
struct xtables_args *args);
@@ -151,20 +151,20 @@ void nft_clear_iptables_command_state(struct iptables_command_state *cs);
void print_header(unsigned int format, const char *chain, const char *pol,
const struct xt_counters *counters, bool basechain,
uint32_t refs);
-void print_firewall_details(const struct iptables_command_state *cs,
- const char *targname, uint8_t flags,
- uint8_t invflags, uint8_t proto,
- unsigned int num, unsigned int format);
+void print_rule_details(const struct iptables_command_state *cs,
+ const char *targname, uint8_t flags,
+ uint8_t invflags, uint8_t proto,
+ unsigned int num, unsigned int format);
void print_ifaces(const char *iniface, const char *outiface, uint8_t invflags,
unsigned int format);
void print_matches_and_target(struct iptables_command_state *cs,
unsigned int format);
-void save_firewall_details(const struct iptables_command_state *cs,
- uint8_t invflags, uint16_t proto,
- const char *iniface,
- unsigned const char *iniface_mask,
- const char *outiface,
- unsigned const char *outiface_mask);
+void save_rule_details(const struct iptables_command_state *cs,
+ uint8_t invflags, uint16_t proto,
+ const char *iniface,
+ unsigned const char *iniface_mask,
+ const char *outiface,
+ unsigned const char *outiface_mask);
void save_counters(const void *data);
void save_matches_and_target(struct xtables_rule_match *m,
struct xtables_target *target,
diff --git a/iptables/nft.c b/iptables/nft.c
index 0cf325db..7ce7fd2f 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1207,8 +1207,8 @@ nft_rule_print_save(const struct nftnl_rule *r, enum nft_rule_print type,
break;
}
- if (ops->save_firewall)
- ops->save_firewall(&cs, format);
+ if (ops->save_rule)
+ ops->save_rule(&cs, format);
if (ops->clear_cs)
ops->clear_cs(&cs);
@@ -2216,7 +2216,7 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
if (chain && rulenum) {
__nft_rule_list(h, chain, table,
- rulenum, format, ops->print_firewall);
+ rulenum, format, ops->print_rule);
return 1;
}
@@ -2260,7 +2260,7 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
&ctrs, basechain, refs);
__nft_rule_list(h, chain_name, table,
- rulenum, format, ops->print_firewall);
+ rulenum, format, ops->print_rule);
/* we printed the chain we wanted, stop processing. */
if (chain)