From e7b6180fcf9061852a06f6d98e7618f44fd0eeec Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 7 May 2020 18:53:47 +0200 Subject: nft: Merge nft_*_rule_find() functions Both ebtables and arptables are fine with using nft_ipv46_rule_find() instead of their own implementations. Take the chance and move the former into nft.c as a static helper since it is used in a single place, only. Then get rid of the callback from family_ops. Signed-off-by: Phil Sutter --- iptables/nft-bridge.c | 38 -------------------------------------- 1 file changed, 38 deletions(-) (limited to 'iptables/nft-bridge.c') diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index 39a2f704..18f5e78f 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -756,43 +756,6 @@ static bool nft_bridge_is_same(const void *data_a, const void *data_b) return strcmp(a->in, b->in) == 0 && strcmp(a->out, b->out) == 0; } -static bool nft_bridge_rule_find(struct nft_handle *h, struct nftnl_rule *r, - struct nftnl_rule *rule) -{ - struct iptables_command_state _cs = {}, *cs = &_cs; - struct iptables_command_state this = {}; - bool ret = false; - - nft_rule_to_ebtables_command_state(h, r, &this); - nft_rule_to_ebtables_command_state(h, rule, cs); - - DEBUGP("comparing with... "); - - if (!nft_bridge_is_same(cs, &this)) - goto out; - - if (!compare_matches(cs->matches, this.matches)) { - DEBUGP("Different matches\n"); - goto out; - } - - if (!compare_targets(cs->target, this.target)) { - DEBUGP("Different target\n"); - goto out; - } - - if (cs->jumpto != NULL && strcmp(cs->jumpto, this.jumpto) != 0) { - DEBUGP("Different verdict\n"); - goto out; - } - - ret = true; -out: - h->ops->clear_cs(&this); - h->ops->clear_cs(cs); - return ret; -} - static int xlate_ebmatches(const struct iptables_command_state *cs, struct xt_xlate *xl) { int ret = 1, numeric = cs->options & OPT_NUMERIC; @@ -974,6 +937,5 @@ struct nft_family_ops nft_family_ops_bridge = { .post_parse = NULL, .rule_to_cs = nft_rule_to_ebtables_command_state, .clear_cs = ebt_cs_clean, - .rule_find = nft_bridge_rule_find, .xlate = nft_bridge_xlate, }; -- cgit v1.2.3