From 1e8ef6a5847549af6fa2edc4fd642cf259ef2ba1 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 20 Aug 2019 21:41:12 +0200 Subject: nft: family_ops: Pass nft_handle to 'rule_to_cs' callback This is the actual callback used to parse nftables rules. Pass nft_handle to it so it can access the cache (and possible sets therein). Having to pass nft_handle to nft_rule_print_save() allows to simplify it a bit since no family ops lookup has to be done anymore. Signed-off-by: Phil Sutter Acked-by: Pablo Neira Ayuso --- iptables/nft-shared.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'iptables/nft-shared.c') diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index b6d85f1a..bdbd3238 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -591,7 +591,8 @@ static void nft_parse_limit(struct nft_xt_ctx *ctx, struct nftnl_expr *e) ops->parse_match(match, ctx->cs); } -void nft_rule_to_iptables_command_state(const struct nftnl_rule *r, +void nft_rule_to_iptables_command_state(struct nft_handle *h, + const struct nftnl_rule *r, struct iptables_command_state *cs) { struct nftnl_expr_iter *iter; @@ -987,7 +988,7 @@ bool nft_ipv46_rule_find(struct nft_handle *h, struct nftnl_rule *r, void *data) struct iptables_command_state *cs = data, this = {}; bool ret = false; - nft_rule_to_iptables_command_state(r, &this); + nft_rule_to_iptables_command_state(h, r, &this); DEBUGP("comparing with... "); #ifdef DEBUG_DEL -- cgit v1.2.3