Remove code to set table in dormant state, this is not required from the iptables over nft compatibility layer. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- iptables/nft.c | 56 ++++---------------------------------------------------- iptables/nft.h | 3 --- 2 files changed, 4 insertions(+), 55 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index 919b64d..884462c 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -427,9 +427,8 @@ struct builtin_table xtables_arp[TABLES_MAX] = { }, }; -int -nft_table_builtin_add(struct nft_handle *h, struct builtin_table *_t, - bool dormant) +static int nft_table_builtin_add(struct nft_handle *h, + struct builtin_table *_t) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; @@ -444,10 +443,6 @@ nft_table_builtin_add(struct nft_handle *h, struct builtin_table *_t, return -1; nft_table_attr_set(t, NFT_TABLE_ATTR_NAME, (char *)_t->name); - if (dormant) { - nft_table_attr_set_u32(t, NFT_TABLE_ATTR_FLAGS, - NFT_TABLE_F_DORMANT); - } nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_NEWTABLE, h->family, NLM_F_ACK|NLM_F_EXCL, h->seq); @@ -582,7 +577,7 @@ nft_chain_builtin_init(struct nft_handle *h, const char *table, ret = -1; goto out; } - if (nft_table_builtin_add(h, t, false) < 0) { + if (nft_table_builtin_add(h, t) < 0) { /* Built-in table already initialized, skip. */ if (errno == EEXIST) goto out; @@ -653,49 +648,6 @@ int nft_chain_add(struct nft_handle *h, const struct nft_chain *c) return mnl_talk(h, nlh, NULL, NULL); } -int nft_table_set_dormant(struct nft_handle *h, const char *table) -{ - int ret = 0, i; - struct builtin_table *t; - - t = nft_table_builtin_find(h, table); - if (t == NULL) { - ret = -1; - goto out; - } - /* Add this table as dormant */ - if (nft_table_builtin_add(h, t, true) < 0) { - /* Built-in table already initialized, skip. */ - if (errno == EEXIST) - goto out; - } - for (i=0; t->chains[i].name != NULL && i<NF_INET_NUMHOOKS; i++) - __nft_chain_builtin_init(h, t, t->chains[i].name, NF_ACCEPT); -out: - return ret; -} - -int nft_table_wake_dormant(struct nft_handle *h, const char *table) -{ - char buf[MNL_SOCKET_BUFFER_SIZE]; - struct nlmsghdr *nlh; - struct nft_table *t; - - t = nft_table_alloc(); - if (t == NULL) - return -1; - - nft_table_attr_set(t, NFT_TABLE_ATTR_NAME, (char *)table); - nft_table_attr_set_u32(t, NFT_TABLE_ATTR_FLAGS, 0); - - nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_NEWTABLE, h->family, - NLM_F_ACK, h->seq); - nft_table_nlmsg_build_payload(nlh, t); - nft_table_free(t); - - return mnl_talk(h, nlh, NULL, NULL); -} - static void nft_chain_print_debug(struct nft_chain *c, struct nlmsghdr *nlh) { #ifdef NLDEBUG @@ -721,7 +673,7 @@ __nft_chain_set(struct nft_handle *h, const char *table, _t = nft_table_builtin_find(h, table); /* if this built-in table does not exists, create it */ if (_t != NULL) - nft_table_builtin_add(h, _t, false); + nft_table_builtin_add(h, _t); _c = nft_chain_builtin_find(_t, chain); if (_c != NULL) { diff --git a/iptables/nft.h b/iptables/nft.h index ddc5201..1e78edd 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -53,13 +53,10 @@ void nft_fini(struct nft_handle *h); struct nft_table; struct nft_chain_list; -int nft_table_builtin_add(struct nft_handle *h, struct builtin_table *_t, bool dormant); struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char *table); int nft_table_add(struct nft_handle *h, const struct nft_table *t); int nft_for_each_table(struct nft_handle *h, int (*func)(struct nft_handle *h, const char *tablename, bool counters), bool counters); bool nft_table_find(struct nft_handle *h, const char *tablename); -int nft_table_set_dormant(struct nft_handle *h, const char *table); -int nft_table_wake_dormant(struct nft_handle *h, const char *table); int nft_table_purge_chains(struct nft_handle *h, const char *table, struct nft_chain_list *list); /* -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html