diff options
Diffstat (limited to 'iptables/xtables-restore.c')
-rw-r--r-- | iptables/xtables-restore.c | 90 |
1 files changed, 46 insertions, 44 deletions
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index eb25ec3d..23cd3498 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -61,7 +61,6 @@ static void print_usage(const char *name, const char *version) static const struct nft_xt_restore_cb restore_cb = { .commit = nft_commit, .abort = nft_abort, - .table_new = nft_cmd_table_new, .table_flush = nft_cmd_table_flush, .do_command = do_commandx, .chain_set = nft_cmd_chain_set, @@ -116,14 +115,14 @@ static void xtables_restore_parse_line(struct nft_handle *h, DEBUGP("line %u, table '%s'\n", line, table); if (!table) xtables_error(PARAMETER_PROBLEM, - "%s: line %u table name invalid\n", - xt_params->program_name, line); + "%s: line %u table name invalid", + xt_params->program_name, line); state->curtable = nft_table_builtin_find(h, table); if (!state->curtable) xtables_error(PARAMETER_PROBLEM, - "%s: line %u table name '%s' invalid\n", - xt_params->program_name, line, table); + "%s: line %u table name '%s' invalid", + xt_params->program_name, line, table); if (p->tablename && (strcmp(p->tablename, table) != 0)) return; @@ -153,37 +152,33 @@ static void xtables_restore_parse_line(struct nft_handle *h, DEBUGP("line %u, chain '%s'\n", line, chain); if (!chain) xtables_error(PARAMETER_PROBLEM, - "%s: line %u chain name invalid\n", - xt_params->program_name, line); + "%s: line %u chain name invalid", + xt_params->program_name, line); - if (strlen(chain) >= XT_EXTENSION_MAXNAMELEN) - xtables_error(PARAMETER_PROBLEM, - "Invalid chain name `%s' (%u chars max)", - chain, XT_EXTENSION_MAXNAMELEN - 1); + xtables_announce_chain(chain); + assert_valid_chain_name(chain); policy = strtok(NULL, " \t\n"); DEBUGP("line %u, policy '%s'\n", line, policy); if (!policy) xtables_error(PARAMETER_PROBLEM, - "%s: line %u policy invalid\n", - xt_params->program_name, line); + "%s: line %u policy invalid", + xt_params->program_name, line); if (nft_chain_builtin_find(state->curtable, chain)) { - if (counters) { - char *ctrs; - ctrs = strtok(NULL, " \t\n"); - - if (!ctrs || !parse_counters(ctrs, &count)) - xtables_error(PARAMETER_PROBLEM, - "invalid policy counters for chain '%s'\n", - chain); + char *ctrs = strtok(NULL, " \t\n"); - } + if ((!ctrs && counters) || + (ctrs && !parse_counters(ctrs, &count))) + xtables_error(PARAMETER_PROBLEM, + "invalid policy counters for chain '%s'", + chain); if (cb->chain_set && cb->chain_set(h, state->curtable->name, - chain, policy, &count) < 0) { + chain, policy, + counters ? &count : NULL) < 0) { xtables_error(OTHER_PROBLEM, - "Can't set policy `%s' on `%s' line %u: %s\n", + "Can't set policy `%s' on `%s' line %u: %s", policy, chain, line, strerror(errno)); } @@ -192,13 +187,13 @@ static void xtables_restore_parse_line(struct nft_handle *h, } else if (cb->chain_restore(h, chain, state->curtable->name) < 0 && errno != EEXIST) { xtables_error(PARAMETER_PROBLEM, - "cannot create chain '%s' (%s)\n", + "cannot create chain '%s' (%s)", chain, strerror(errno)); } else if (h->family == NFPROTO_BRIDGE && !ebt_cmd_user_chain_policy(h, state->curtable->name, chain, policy)) { xtables_error(OTHER_PROBLEM, - "Can't set policy `%s' on `%s' line %u: %s\n", + "Can't set policy `%s' on `%s' line %u: %s", policy, chain, line, strerror(errno)); } @@ -207,11 +202,15 @@ static void xtables_restore_parse_line(struct nft_handle *h, char *pcnt = NULL; char *bcnt = NULL; char *parsestart = buffer; + int i; add_argv(&state->av_store, xt_params->program_name, 0); add_argv(&state->av_store, "-t", 0); add_argv(&state->av_store, state->curtable->name, 0); + for (i = 0; !h->noflush && i < verbose; i++) + add_argv(&state->av_store, "-v", 0); + tokenize_rule_counters(&parsestart, &pcnt, &bcnt, line); if (counters && pcnt && bcnt) { add_argv(&state->av_store, "--set-counters", 0); @@ -248,8 +247,11 @@ static void xtables_restore_parse_line(struct nft_handle *h, (strcmp(p->tablename, state->curtable->name) != 0)) return; if (!ret) { - fprintf(stderr, "%s: line %u failed\n", - xt_params->program_name, line); + fprintf(stderr, "%s: line %u failed", + xt_params->program_name, h->error.lineno); + if (errno) + fprintf(stderr, ": %s.", nft_strerror(errno)); + fprintf(stderr, "\n"); exit(1); } } @@ -282,7 +284,6 @@ void xtables_restore_parse(struct nft_handle *h, static int xtables_restore_main(int family, const char *progname, int argc, char *argv[]) { - const struct builtin_table *tables; struct nft_xt_restore_parse p = { .commit = true, .cb = &restore_cb, @@ -311,10 +312,10 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) counters = 1; break; case 'v': - verbose = 1; + verbose++; break; case 'V': - printf("%s v%s (nf_tables)\n", prog_name, prog_vers); + printf("%s v%s\n", prog_name, prog_vers); exit(0); case 't': p.testing = 1; @@ -358,27 +359,26 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) p.in = stdin; } + init_extensions(); switch (family) { case NFPROTO_IPV4: - case NFPROTO_IPV6: /* fallthough, same table */ - tables = xtables_ipv4; -#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) - init_extensions(); init_extensions4(); -#endif + break; + case NFPROTO_IPV6: + init_extensions6(); break; case NFPROTO_ARP: - tables = xtables_arp; + init_extensionsa(); break; case NFPROTO_BRIDGE: - tables = xtables_bridge; + init_extensionsb(); break; default: fprintf(stderr, "Unknown family %d\n", family); return 1; } - if (nft_init(&h, family, tables) < 0) { + if (nft_init(&h, family) < 0) { fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", xtables_globals.program_name, xtables_globals.program_version, @@ -410,7 +410,6 @@ int xtables_ip6_restore_main(int argc, char *argv[]) static const struct nft_xt_restore_cb ebt_restore_cb = { .commit = nft_bridge_commit, - .table_new = nft_cmd_table_new, .table_flush = nft_cmd_table_flush, .do_command = do_commandeb, .chain_set = nft_cmd_chain_set, @@ -419,6 +418,7 @@ static const struct nft_xt_restore_cb ebt_restore_cb = { static const struct option ebt_restore_options[] = { {.name = "noflush", .has_arg = 0, .val = 'n'}, + {.name = "verbose", .has_arg = 0, .val = 'v'}, { 0 } }; @@ -432,15 +432,18 @@ int xtables_eb_restore_main(int argc, char *argv[]) struct nft_handle h; int c; - while ((c = getopt_long(argc, argv, "n", + while ((c = getopt_long(argc, argv, "nv", ebt_restore_options, NULL)) != -1) { switch(c) { case 'n': noflush = 1; break; + case 'v': + verbose++; + break; default: fprintf(stderr, - "Usage: ebtables-restore [ --noflush ]\n"); + "Usage: ebtables-restore [ --verbose ] [ --noflush ]\n"); exit(1); break; } @@ -456,9 +459,8 @@ int xtables_eb_restore_main(int argc, char *argv[]) static const struct nft_xt_restore_cb arp_restore_cb = { .commit = nft_commit, - .table_new = nft_cmd_table_new, .table_flush = nft_cmd_table_flush, - .do_command = do_commandarp, + .do_command = do_commandx, .chain_set = nft_cmd_chain_set, .chain_restore = nft_cmd_chain_restore, }; |