From 1bf73c4227459393029ab7b124ba74fe853d9413 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 19 Jul 2018 18:31:58 +0200
Subject: xtables: Use new callbacks in nft_rule_print_save()

This relieves callers from having to prepare iptables_command_state,
which often happens just for the sake of passing it to this function.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 iptables/nft-shared.c      |  2 +-
 iptables/nft.c             | 26 ++++++++++----------------
 iptables/nft.h             |  3 +--
 iptables/xtables-monitor.c |  6 +-----
 4 files changed, 13 insertions(+), 24 deletions(-)

(limited to 'iptables')

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 87d48bf6..24287e97 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -933,7 +933,7 @@ bool nft_ipv46_rule_find(struct nft_family_ops *ops,
 
 	DEBUGP("comparing with... ");
 #ifdef DEBUG_DEL
-	nft_rule_print_save(&this, r, NFT_RULE_APPEND, 0);
+	nft_rule_print_save(r, NFT_RULE_APPEND, 0);
 #endif
 	if (!ops->is_same(cs, &this))
 		return false;
diff --git a/iptables/nft.c b/iptables/nft.c
index e1788dba..0cf325db 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -327,9 +327,7 @@ static int mnl_append_error(const struct nft_handle *h,
 			 nftnl_rule_get_str(o->rule, NFTNL_RULE_CHAIN));
 #if 0
 		{
-			struct iptables_command_state cs = {};
-			nft_rule_to_iptables_command_state(o->rule, &cs);
-			nft_rule_print_save(&cs, o->rule, NFT_RULE_APPEND, FMT_NOCOUNTS);
+			nft_rule_print_save(o->rule, NFT_RULE_APPEND, FMT_NOCOUNTS);
 		}
 #endif
 		break;
@@ -1185,18 +1183,19 @@ nft_rule_append(struct nft_handle *h, const char *chain, const char *table,
 }
 
 void
-nft_rule_print_save(const void *data,
-		    struct nftnl_rule *r, enum nft_rule_print type,
+nft_rule_print_save(const struct nftnl_rule *r, enum nft_rule_print type,
 		    unsigned int format)
 {
 	const char *chain = nftnl_rule_get_str(r, NFTNL_RULE_CHAIN);
 	int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
+	struct iptables_command_state cs = {};
 	struct nft_family_ops *ops;
 
 	ops = nft_family_ops_lookup(family);
+	ops->rule_to_cs(r, &cs);
 
 	if (!(format & FMT_NOCOUNTS) && ops->save_counters)
-		ops->save_counters(data);
+		ops->save_counters(&cs);
 
 	/* print chain name */
 	switch(type) {
@@ -1209,8 +1208,10 @@ nft_rule_print_save(const void *data,
 	}
 
 	if (ops->save_firewall)
-		ops->save_firewall(data, format);
+		ops->save_firewall(&cs, format);
 
+	if (ops->clear_cs)
+		ops->clear_cs(&cs);
 }
 
 static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
@@ -1399,14 +1400,11 @@ int nft_rule_save(struct nft_handle *h, const char *table, bool counters)
 	while (r != NULL) {
 		const char *rule_table =
 			nftnl_rule_get_str(r, NFTNL_RULE_TABLE);
-		struct iptables_command_state cs = {};
 
 		if (strcmp(table, rule_table) != 0)
 			goto next;
 
-		nft_rule_to_iptables_command_state(r, &cs);
-
-		nft_rule_print_save(&cs, r, NFT_RULE_APPEND,
+		nft_rule_print_save(r, NFT_RULE_APPEND,
 				    counters ? 0 : FMT_NOCOUNTS);
 
 next:
@@ -2282,11 +2280,7 @@ err:
 static void
 list_save(struct nftnl_rule *r, unsigned int num, unsigned int format)
 {
-	struct iptables_command_state cs = {};
-
-	nft_rule_to_iptables_command_state(r, &cs);
-
-	nft_rule_print_save(&cs, r, NFT_RULE_APPEND, !(format & FMT_NOCOUNTS));
+	nft_rule_print_save(r, NFT_RULE_APPEND, !(format & FMT_NOCOUNTS));
 }
 
 static int
diff --git a/iptables/nft.h b/iptables/nft.h
index ffae84f2..a3f5c202 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -119,8 +119,7 @@ enum nft_rule_print {
 	NFT_RULE_DEL,
 };
 
-void nft_rule_print_save(const void *data,
-			 struct nftnl_rule *r, enum nft_rule_print type,
+void nft_rule_print_save(const struct nftnl_rule *r, enum nft_rule_print type,
 			 unsigned int format);
 
 uint32_t nft_invflags2cmp(uint32_t invflags, uint32_t flag);
diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
index e491b4db..a43a69af 100644
--- a/iptables/xtables-monitor.c
+++ b/iptables/xtables-monitor.c
@@ -73,7 +73,6 @@ static bool events;
 
 static int rule_cb(const struct nlmsghdr *nlh, void *data)
 {
-	struct iptables_command_state cs = {};
 	uint32_t type = nlh->nlmsg_type & 0xFF;
 	const struct cb_arg *arg = data;
 	struct nftnl_rule *r;
@@ -96,19 +95,16 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data)
 	case AF_INET:
 	case AF_INET6:
 		printf("-%c ", family == AF_INET ? '4' : '6');
-		nft_rule_to_iptables_command_state(r, &cs);
 		break;
 	case NFPROTO_ARP:
 		printf("-0 ");
-		nft_rule_to_arptables_command_state(r, &cs);
 		break;
 	default:
 		goto err_free;
 	}
 
 	printf("-t %s ", nftnl_rule_get_str(r, NFTNL_RULE_TABLE));
-	nft_rule_print_save(&cs, r,
-			    type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND :
+	nft_rule_print_save(r, type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND :
 							   NFT_RULE_DEL,
 			    counters ? 0 : FMT_NOCOUNTS);
 err_free:
-- 
cgit v1.2.3