From a7f1e208cdf9c6392c99d3c52764701d004bdde7 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 6 Jan 2020 13:20:13 +0100 Subject: nft: split parsing from netlink commands This patch updates the parser to generate a list of command objects. This list of commands is then transformed to a list of netlink jobs. This new command object stores the rule using the nftnl representation via nft_rule_new(). To reduce the number of updates in this patch, the nft_*_rule_find() functions have been updated to restore the native representation to skip the update of the rule comparison code. Signed-off-by: Pablo Neira Ayuso Signed-off-by: Phil Sutter --- iptables/nft-bridge.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'iptables/nft-bridge.c') diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index 3f85cbbf..0d60c724 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -748,13 +748,14 @@ static bool nft_bridge_is_same(const void *data_a, const void *data_b) } static bool nft_bridge_rule_find(struct nft_handle *h, struct nftnl_rule *r, - void *data) + struct nftnl_rule *rule) { - struct iptables_command_state *cs = data; + struct iptables_command_state _cs = {}, *cs = &_cs; struct iptables_command_state this = {}; bool ret = false; nft_rule_to_ebtables_command_state(h, r, &this); + nft_rule_to_ebtables_command_state(h, rule, cs); DEBUGP("comparing with... "); @@ -779,6 +780,7 @@ static bool nft_bridge_rule_find(struct nft_handle *h, struct nftnl_rule *r, ret = true; out: h->ops->clear_cs(&this); + h->ops->clear_cs(cs); return ret; } -- cgit v1.2.3