diff options
Diffstat (limited to 'iptables/nft-cmd.c')
-rw-r--r-- | iptables/nft-cmd.c | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c index f16ea0e6..b38da9bd 100644 --- a/iptables/nft-cmd.c +++ b/iptables/nft-cmd.c @@ -14,12 +14,16 @@ #include <xtables.h> #include "nft.h" #include "nft-cmd.h" +#include <libnftnl/set.h> struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command, const char *table, const char *chain, struct iptables_command_state *state, int rulenum, bool verbose) { + struct nft_rule_ctx ctx = { + .command = command, + }; struct nftnl_rule *rule; struct nft_cmd *cmd; @@ -33,7 +37,7 @@ struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command, cmd->verbose = verbose; if (state) { - rule = nft_rule_new(h, chain, table, state); + rule = nft_rule_new(h, &ctx, chain, table, state); if (!rule) { nft_cmd_free(cmd); return NULL; @@ -61,6 +65,7 @@ void nft_cmd_free(struct nft_cmd *cmd) switch (cmd->command) { case NFT_COMPAT_RULE_CHECK: case NFT_COMPAT_RULE_DELETE: + case NFT_COMPAT_RULE_CHANGE_COUNTERS: if (cmd->obj.rule) nftnl_rule_free(cmd->obj.rule); break; @@ -92,7 +97,7 @@ static void nft_cmd_rule_bridge(struct nft_handle *h, const struct nft_cmd *cmd) int nft_cmd_rule_append(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *state, - void *ref, bool verbose) + bool verbose) { struct nft_cmd *cmd; @@ -396,3 +401,23 @@ int ebt_cmd_user_chain_policy(struct nft_handle *h, const char *table, return 1; } + +int nft_cmd_rule_change_counters(struct nft_handle *h, + const char *chain, const char *table, + struct iptables_command_state *cs, + int rule_nr, uint8_t counter_op, bool verbose) +{ + struct nft_cmd *cmd; + + cmd = nft_cmd_new(h, NFT_COMPAT_RULE_CHANGE_COUNTERS, table, chain, + rule_nr == -1 ? cs : NULL, rule_nr, verbose); + if (!cmd) + return 0; + + cmd->counter_op = counter_op; + cmd->counters = cs->counters; + + nft_cache_level_set(h, NFT_CL_RULES, cmd); + + return 1; +} |