From 35ff97e9aca8cd301ff9b9a95b0a72de1aeb700b Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 15 Aug 2023 13:47:28 +0200 Subject: Revert --compat option related commits This reverts the following commits: b14c971db6db0 ("tests: Test compat mode") 11c464ed015b5 ("Add --compat option to *tables-nft and *-nft-restore commands") ca709b5784c98 ("nft: Introduce and use bool nft_handle::compat") 402b9b3c07c81 ("nft: Pass nft_handle to add_{target,action}()") This implementation of a compatibility mode implements rules using xtables extensions if possible and thus relies upon existence of those in kernel space. Assuming no viable replacement for the internal mechanics of this mode will be found in foreseeable future, it will effectively block attempts at deprecating and removing of these xtables extensions in favor of nftables expressions and thus hinder upstream's future plans for iptables. Signed-off-by: Phil Sutter --- iptables/nft-ipv6.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'iptables/nft-ipv6.c') diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 8bc633df..d53f87c1 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -81,7 +81,7 @@ static int nft_ipv6_add(struct nft_handle *h, struct nft_rule_ctx *ctx, if (add_counters(r, cs->counters.pcnt, cs->counters.bcnt) < 0) return -1; - return add_action(h, r, cs, !!(cs->fw6.ipv6.flags & IP6T_F_GOTO)); + return add_action(r, cs, !!(cs->fw6.ipv6.flags & IP6T_F_GOTO)); } static bool nft_ipv6_is_same(const struct iptables_command_state *a, -- cgit v1.2.3