From e23e66f9d1a25c75df684850b7cd99053708c4d0 Mon Sep 17 00:00:00 2001 From: Tomasz Bursztyka Date: Wed, 7 Aug 2013 11:31:36 +0300 Subject: nft: Generalize nft_rule_list() against current family Now, firewall rule printing is done through nft_family_ops .print_firewall function. This moves generic part for ipv4 and ipv6 into nft-shared.c, and enables reusing nft_rule_list() for other family such as ARP which will be useful for arptables compatibility tool. Signed-off-by: Tomasz Bursztyka Signed-off-by: Pablo Neira Ayuso --- iptables/nft-ipv6.c | 39 +++++++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 8 deletions(-) (limited to 'iptables/nft-ipv6.c') diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 61c660a5..0214dcf2 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -194,18 +194,41 @@ static void print_ipv6_addr(const struct iptables_command_state *cs, } } -static uint8_t nft_ipv6_print_firewall(const struct iptables_command_state *cs, - const char *targname, unsigned int num, - unsigned int format) +static void nft_ipv6_print_firewall(struct nft_rule *r, unsigned int num, + unsigned int format) { - print_firewall_details(cs, targname, cs->fw6.ipv6.flags, - cs->fw6.ipv6.invflags, cs->fw6.ipv6.proto, - cs->fw6.ipv6.iniface, cs->fw6.ipv6.outiface, + struct iptables_command_state cs = {}; + const char *targname = NULL; + const void *targinfo = NULL; + size_t target_len = 0; + + nft_rule_to_iptables_command_state(r, &cs); + + targname = nft_parse_target(r, &targinfo, &target_len); + + print_firewall_details(&cs, targname, cs.fw6.ipv6.flags, + cs.fw6.ipv6.invflags, cs.fw6.ipv6.proto, + cs.fw6.ipv6.iniface, cs.fw6.ipv6.outiface, num, format); - print_ipv6_addr(cs, format); + print_ipv6_addr(&cs, format); - return cs->fw6.ipv6.flags; + if (format & FMT_NOTABLE) + fputs(" ", stdout); + +#ifdef IPT_F_GOTO + if (cs.fw6.ipv6.flags & IPT_F_GOTO) + printf("[goto] "); +#endif + + if (print_matches(r, format) != 0) + return; + + if (print_target(targname, targinfo, target_len, format) != 0) + return; + + if (!(format & FMT_NONEWLINE)) + fputc('\n', stdout); } /* These are invalid numbers as upper layer protocol */ -- cgit v1.2.3