From 1298a1014bc14c45de50cc242779dfa382c456c9 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sat, 3 Nov 2012 12:20:07 +0100 Subject: iptables: nft: use 64-bits handle Now that we use that in kernel space and in libnftables. Signed-off-by: Pablo Neira Ayuso --- iptables/nft.c | 9 +++++---- iptables/nft.h | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index 123a479c..8e2b5acd 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -649,7 +649,7 @@ static void add_counters(struct nft_rule *r, uint64_t packets, uint64_t bytes) int nft_rule_add(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cs, - bool append, uint16_t handle, bool verbose) + bool append, uint64_t handle, bool verbose) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; @@ -2409,11 +2409,12 @@ int nft_rule_replace(struct nft_handle *h, const char *chain, r = nft_rule_find(list, chain, table, cs, rulenum); if (r != NULL) { - DEBUGP("replacing rule with handle=%u\n", - nft_rule_attr_get_u16(r, NFT_RULE_ATTR_HANDLE)); + DEBUGP("replacing rule with handle=%llu\n", + (unsigned long long) + nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE)); ret = nft_rule_add(h, chain, table, cs, true, - nft_rule_attr_get_u16(r, NFT_RULE_ATTR_HANDLE), + nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE), verbose); } else errno = ENOENT; diff --git a/iptables/nft.h b/iptables/nft.h index 474e652e..aa458f8c 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -39,7 +39,7 @@ int nft_chain_user_rename(struct nft_handle *h, const char *chain, const char *t */ struct nft_rule; -int nft_rule_add(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool append, uint16_t handle, bool verbose); +int nft_rule_add(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool append, uint64_t handle, bool verbose); int nft_rule_check(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool verbose); int nft_rule_delete(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool verbose); int nft_rule_delete_num(struct nft_handle *h, const char *chain, const char *table, int rulenum, bool verbose); -- cgit v1.2.3