From 7dc64022bb8dfecb737fbf4aa02e6464b80e2eae Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 20 Aug 2019 19:53:13 +0200 Subject: nft: family_ops: Pass nft_handle to 'print_rule' callback Prepare for 'rule_to_cs' callback to receive nft_handle pointer so it is able to access cache for set lookups. Signed-off-by: Phil Sutter Acked-by: Pablo Neira Ayuso --- iptables/nft-arp.c | 3 ++- iptables/nft-bridge.c | 4 ++-- iptables/nft-ipv4.c | 4 ++-- iptables/nft-ipv6.c | 4 ++-- iptables/nft-shared.h | 4 ++-- iptables/nft.c | 19 ++++++++++--------- 6 files changed, 20 insertions(+), 18 deletions(-) (limited to 'iptables') diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index 5ad7556c..da22c12d 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -582,7 +582,8 @@ nft_arp_save_rule(const void *data, unsigned int format) } static void -nft_arp_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format) +nft_arp_print_rule(struct nft_handle *h, struct nftnl_rule *r, + unsigned int num, unsigned int format) { struct iptables_command_state cs = {}; diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index 73bca2f3..b0c6c5a4 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -472,8 +472,8 @@ static void nft_bridge_save_rule(const void *data, unsigned int format) fputc('\n', stdout); } -static void nft_bridge_print_rule(struct nftnl_rule *r, unsigned int num, - unsigned int format) +static void nft_bridge_print_rule(struct nft_handle *h, struct nftnl_rule *r, + unsigned int num, unsigned int format) { struct iptables_command_state cs = {}; diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index 57d1b3c6..98d7f966 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -261,8 +261,8 @@ static void print_fragment(unsigned int flags, unsigned int invflags, fputc(' ', stdout); } -static void nft_ipv4_print_rule(struct nftnl_rule *r, unsigned int num, - unsigned int format) +static void nft_ipv4_print_rule(struct nft_handle *h, struct nftnl_rule *r, + unsigned int num, unsigned int format) { struct iptables_command_state cs = {}; diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 0e2c4a29..56236bff 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -187,8 +187,8 @@ static void nft_ipv6_parse_immediate(const char *jumpto, bool nft_goto, cs->fw6.ipv6.flags |= IP6T_F_GOTO; } -static void nft_ipv6_print_rule(struct nftnl_rule *r, unsigned int num, - unsigned int format) +static void nft_ipv6_print_rule(struct nft_handle *h, struct nftnl_rule *r, + unsigned int num, unsigned int format) { struct iptables_command_state cs = {}; diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 8c64d6e7..4523dda9 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -90,8 +90,8 @@ struct nft_family_ops { const char *pol, const struct xt_counters *counters, bool basechain, uint32_t refs, uint32_t entries); - void (*print_rule)(struct nftnl_rule *r, unsigned int num, - unsigned int format); + void (*print_rule)(struct nft_handle *h, struct nftnl_rule *r, + unsigned int num, unsigned int format); void (*save_rule)(const void *data, unsigned int format); void (*save_counters)(const void *data); void (*save_chain)(const struct nftnl_chain *c, const char *policy); diff --git a/iptables/nft.c b/iptables/nft.c index 387aada9..049c3cfa 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1202,7 +1202,7 @@ nft_rule_append(struct nft_handle *h, const char *chain, const char *table, } if (verbose) - h->ops->print_rule(r, 0, FMT_PRINT_RULE); + h->ops->print_rule(h, r, 0, FMT_PRINT_RULE); if (ref) { nftnl_chain_rule_insert_at(r, ref); @@ -1935,7 +1935,7 @@ int nft_rule_check(struct nft_handle *h, const char *chain, goto fail_enoent; if (verbose) - h->ops->print_rule(r, 0, FMT_PRINT_RULE); + h->ops->print_rule(h, r, 0, FMT_PRINT_RULE); return 1; fail_enoent: @@ -1964,7 +1964,7 @@ int nft_rule_delete(struct nft_handle *h, const char *chain, if (ret < 0) errno = ENOMEM; if (verbose) - h->ops->print_rule(r, 0, FMT_PRINT_RULE); + h->ops->print_rule(h, r, 0, FMT_PRINT_RULE); } else errno = ENOENT; @@ -2005,7 +2005,7 @@ nft_rule_add(struct nft_handle *h, const char *chain, } if (verbose) - h->ops->print_rule(r, 0, FMT_PRINT_RULE); + h->ops->print_rule(h, r, 0, FMT_PRINT_RULE); return r; } @@ -2114,8 +2114,8 @@ int nft_rule_replace(struct nft_handle *h, const char *chain, static int __nft_rule_list(struct nft_handle *h, struct nftnl_chain *c, int rulenum, unsigned int format, - void (*cb)(struct nftnl_rule *r, unsigned int num, - unsigned int format)) + void (*cb)(struct nft_handle *h, struct nftnl_rule *r, + unsigned int num, unsigned int format)) { struct nftnl_rule_iter *iter; struct nftnl_rule *r; @@ -2128,7 +2128,7 @@ __nft_rule_list(struct nft_handle *h, struct nftnl_chain *c, * valid chain but invalid rule number */ return 1; - cb(r, rulenum, format); + cb(h, r, rulenum, format); return 1; } @@ -2138,7 +2138,7 @@ __nft_rule_list(struct nft_handle *h, struct nftnl_chain *c, r = nftnl_rule_iter_next(iter); while (r != NULL) { - cb(r, ++rule_ctr, format); + cb(h, r, ++rule_ctr, format); r = nftnl_rule_iter_next(iter); } @@ -2242,7 +2242,8 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table, } static void -list_save(struct nftnl_rule *r, unsigned int num, unsigned int format) +list_save(struct nft_handle *h, struct nftnl_rule *r, + unsigned int num, unsigned int format) { nft_rule_print_save(r, NFT_RULE_APPEND, format); } -- cgit v1.2.3