From 295d5a809c67987db4d0961778d9800ba00926be Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 6 Aug 2018 17:21:54 +0200 Subject: xtables-restore: Make COMMIT support configurable Legacy ebtables-restore does not support COMMIT directive, so allow for callers of xtables_restore_parse() to toggle whether it is required or not. In iptables, omitting COMMIT may be used for syntax checking, so we must not add an implicit commit at EOF. Although ebtables/arptables legacy does not support COMMIT lines at all, this patch allows them in nft variants. If omitted, an implicit commit happens for them at EOF. Signed-off-by: Phil Sutter Signed-off-by: Florian Westphal --- iptables/nft-shared.h | 1 + iptables/xtables-restore.c | 11 ++++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'iptables') diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 5ef17a08..1f5c8a81 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -245,6 +245,7 @@ struct nft_xt_restore_parse { FILE *in; int testing; const char *tablename; + bool commit; }; struct nftnl_chain_list; diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 9a014ccd..49fc16ce 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -144,7 +144,7 @@ void xtables_restore_parse(struct nft_handle *h, } in_table = 0; - } else if ((buffer[0] == '*') && (!in_table)) { + } else if ((buffer[0] == '*') && (!in_table || !p->commit)) { /* New table */ char *table; @@ -342,10 +342,13 @@ void xtables_restore_parse(struct nft_handle *h, exit(1); } } - if (in_table) { + if (in_table && p->commit) { fprintf(stderr, "%s: COMMIT expected at line %u\n", xt_params->program_name, line + 1); exit(1); + } else if (in_table && cb->commit && !cb->commit(h)) { + xtables_error(OTHER_PROBLEM, "%s: final implicit COMMIT failed", + xt_params->program_name); } } @@ -358,7 +361,9 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) .restore = true, }; int c; - struct nft_xt_restore_parse p = {}; + struct nft_xt_restore_parse p = { + .commit = true, + }; line = 0; -- cgit v1.2.3