The name is quite misleading, since these functions/callbacks are not about the whole ruleset but just a single rule. So rename them to reflect this. Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/nft-arp.c | 12 ++++++------ iptables/nft-bridge.c | 8 ++++---- iptables/nft-ipv4.c | 21 ++++++++++----------- iptables/nft-ipv6.c | 23 +++++++++++------------ iptables/nft-shared.c | 20 ++++++++++---------- iptables/nft-shared.h | 26 +++++++++++++------------- iptables/nft.c | 8 ++++---- 7 files changed, 58 insertions(+), 60 deletions(-) diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index a6241498c08e6..328c791db42a8 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -436,7 +436,8 @@ static void nft_arp_print_header(unsigned int format, const char *chain, } } -static void print_fw_details(struct arpt_entry *fw, unsigned int format) +static void nft_arp_print_rule_details(struct arpt_entry *fw, + unsigned int format) { char buf[BUFSIZ]; char iface[IFNAMSIZ+2]; @@ -578,8 +579,7 @@ after_devdst: } static void -nft_arp_print_firewall(struct nftnl_rule *r, unsigned int num, - unsigned int format) +nft_arp_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format) { struct iptables_command_state cs = {}; @@ -588,7 +588,7 @@ nft_arp_print_firewall(struct nftnl_rule *r, unsigned int num, if (format & FMT_LINENUMBERS) printf("%u ", num); - print_fw_details(&cs.arp, format); + nft_arp_print_rule_details(&cs.arp, format); if (cs.jumpto != NULL && strcmp(cs.jumpto, "") != 0) { printf("-j %s", cs.jumpto); @@ -663,8 +663,8 @@ struct nft_family_ops nft_family_ops_arp = { .parse_payload = nft_arp_parse_payload, .parse_immediate = nft_arp_parse_immediate, .print_header = nft_arp_print_header, - .print_firewall = nft_arp_print_firewall, - .save_firewall = NULL, + .print_rule = nft_arp_print_rule, + .save_rule = NULL, .save_counters = NULL, .post_parse = NULL, .rule_to_cs = nft_arp_rule_to_cs, diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index 3834d6dd805bd..b3bb366651155 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -435,8 +435,8 @@ static void print_protocol(uint16_t ethproto, bool invert, unsigned int bitmask) printf("%s ", ent->e_name); } -static void nft_bridge_print_firewall(struct nftnl_rule *r, unsigned int num, - unsigned int format) +static void nft_bridge_print_rule(struct nftnl_rule *r, unsigned int num, + unsigned int format) { struct iptables_command_state cs = {}; @@ -729,8 +729,8 @@ struct nft_family_ops nft_family_ops_bridge = { .parse_target = nft_bridge_parse_target, .print_table_header = nft_bridge_print_table_header, .print_header = nft_bridge_print_header, - .print_firewall = nft_bridge_print_firewall, - .save_firewall = NULL, + .print_rule = nft_bridge_print_rule, + .save_rule = NULL, .save_counters = NULL, .post_parse = NULL, .rule_to_cs = nft_rule_to_ebtables_command_state, diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index f118dcb8a695d..cbc4be737cd18 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -289,16 +289,15 @@ static void print_fragment(unsigned int flags, unsigned int invflags, fputc(' ', stdout); } -static void nft_ipv4_print_firewall(struct nftnl_rule *r, unsigned int num, - unsigned int format) +static void nft_ipv4_print_rule(struct nftnl_rule *r, unsigned int num, + unsigned int format) { struct iptables_command_state cs = {}; nft_rule_to_iptables_command_state(r, &cs); - print_firewall_details(&cs, cs.jumpto, cs.fw.ip.flags, - cs.fw.ip.invflags, cs.fw.ip.proto, - num, format); + print_rule_details(&cs, cs.jumpto, cs.fw.ip.flags, + cs.fw.ip.invflags, cs.fw.ip.proto, num, format); print_fragment(cs.fw.ip.flags, cs.fw.ip.invflags, format); print_ifaces(cs.fw.ip.iniface, cs.fw.ip.outiface, cs.fw.ip.invflags, format); @@ -330,7 +329,7 @@ static void save_ipv4_addr(char letter, const struct in_addr *addr, mask_to_str(mask)); } -static void nft_ipv4_save_firewall(const void *data, unsigned int format) +static void nft_ipv4_save_rule(const void *data, unsigned int format) { const struct iptables_command_state *cs = data; @@ -339,9 +338,9 @@ static void nft_ipv4_save_firewall(const void *data, unsigned int format) save_ipv4_addr('d', &cs->fw.ip.dst, cs->fw.ip.dmsk.s_addr, cs->fw.ip.invflags & IPT_INV_DSTIP); - save_firewall_details(cs, cs->fw.ip.invflags, cs->fw.ip.proto, - cs->fw.ip.iniface, cs->fw.ip.iniface_mask, - cs->fw.ip.outiface, cs->fw.ip.outiface_mask); + save_rule_details(cs, cs->fw.ip.invflags, cs->fw.ip.proto, + cs->fw.ip.iniface, cs->fw.ip.iniface_mask, + cs->fw.ip.outiface, cs->fw.ip.outiface_mask); if (cs->fw.ip.flags & IPT_F_FRAG) { if (cs->fw.ip.invflags & IPT_INV_FRAG) @@ -483,8 +482,8 @@ struct nft_family_ops nft_family_ops_ipv4 = { .parse_payload = nft_ipv4_parse_payload, .parse_immediate = nft_ipv4_parse_immediate, .print_header = print_header, - .print_firewall = nft_ipv4_print_firewall, - .save_firewall = nft_ipv4_save_firewall, + .print_rule = nft_ipv4_print_rule, + .save_rule = nft_ipv4_save_rule, .save_counters = save_counters, .proto_parse = nft_ipv4_proto_parse, .post_parse = nft_ipv4_post_parse, diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 9e9049f393959..6aa913edc21c3 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -220,16 +220,16 @@ static void print_ipv6_addr(const struct iptables_command_state *cs, } } -static void nft_ipv6_print_firewall(struct nftnl_rule *r, unsigned int num, - unsigned int format) +static void nft_ipv6_print_rule(struct nftnl_rule *r, unsigned int num, + unsigned int format) { struct iptables_command_state cs = {}; nft_rule_to_iptables_command_state(r, &cs); - print_firewall_details(&cs, cs.jumpto, cs.fw6.ipv6.flags, - cs.fw6.ipv6.invflags, cs.fw6.ipv6.proto, - num, format); + print_rule_details(&cs, cs.jumpto, cs.fw6.ipv6.flags, + cs.fw6.ipv6.invflags, cs.fw6.ipv6.proto, + num, format); print_ifaces(cs.fw6.ipv6.iniface, cs.fw6.ipv6.outiface, cs.fw6.ipv6.invflags, format); print_ipv6_addr(&cs, format); @@ -268,7 +268,7 @@ static void save_ipv6_addr(char letter, const struct in6_addr *addr, printf("/%d ", l); } -static void nft_ipv6_save_firewall(const void *data, unsigned int format) +static void nft_ipv6_save_rule(const void *data, unsigned int format) { const struct iptables_command_state *cs = data; @@ -277,10 +277,9 @@ static void nft_ipv6_save_firewall(const void *data, unsigned int format) save_ipv6_addr('d', &cs->fw6.ipv6.dst, &cs->fw6.ipv6.dmsk, cs->fw6.ipv6.invflags & IP6T_INV_DSTIP); - save_firewall_details(cs, cs->fw6.ipv6.invflags, cs->fw6.ipv6.proto, - cs->fw6.ipv6.iniface, cs->fw6.ipv6.iniface_mask, - cs->fw6.ipv6.outiface, - cs->fw6.ipv6.outiface_mask); + save_rule_details(cs, cs->fw6.ipv6.invflags, cs->fw6.ipv6.proto, + cs->fw6.ipv6.iniface, cs->fw6.ipv6.iniface_mask, + cs->fw6.ipv6.outiface, cs->fw6.ipv6.outiface_mask); save_matches_and_target(cs->matches, cs->target, cs->jumpto, cs->fw6.ipv6.flags, &cs->fw6); @@ -438,8 +437,8 @@ struct nft_family_ops nft_family_ops_ipv6 = { .parse_payload = nft_ipv6_parse_payload, .parse_immediate = nft_ipv6_parse_immediate, .print_header = print_header, - .print_firewall = nft_ipv6_print_firewall, - .save_firewall = nft_ipv6_save_firewall, + .print_rule = nft_ipv6_print_rule, + .save_rule = nft_ipv6_save_rule, .save_counters = save_counters, .proto_parse = nft_ipv6_proto_parse, .post_parse = nft_ipv6_post_parse, diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 1018b6319cb39..60b539c89b194 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -675,10 +675,10 @@ void print_header(unsigned int format, const char *chain, const char *pol, printf("\n"); } -void print_firewall_details(const struct iptables_command_state *cs, - const char *targname, uint8_t flags, - uint8_t invflags, uint8_t proto, - unsigned int num, unsigned int format) +void print_rule_details(const struct iptables_command_state *cs, + const char *targname, uint8_t flags, + uint8_t invflags, uint8_t proto, + unsigned int num, unsigned int format) { if (format & FMT_LINENUMBERS) printf(FMT("%-4u ", "%u "), num); @@ -765,12 +765,12 @@ print_iface(char letter, const char *iface, const unsigned char *mask, int inv) printf(" "); } -void save_firewall_details(const struct iptables_command_state *cs, - uint8_t invflags, uint16_t proto, - const char *iniface, - unsigned const char *iniface_mask, - const char *outiface, - unsigned const char *outiface_mask) +void save_rule_details(const struct iptables_command_state *cs, + uint8_t invflags, uint16_t proto, + const char *iniface, + unsigned const char *iniface_mask, + const char *outiface, + unsigned const char *outiface_mask) { if (iniface != NULL) { print_iface('i', iniface, iniface_mask, diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 578726d040e2d..20c198631a23e 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -91,9 +91,9 @@ struct nft_family_ops { const char *pol, const struct xt_counters *counters, bool basechain, uint32_t refs); - void (*print_firewall)(struct nftnl_rule *r, unsigned int num, - unsigned int format); - void (*save_firewall)(const void *data, unsigned int format); + void (*print_rule)(struct nftnl_rule *r, unsigned int num, + unsigned int format); + void (*save_rule)(const void *data, unsigned int format); void (*save_counters)(const void *data); void (*proto_parse)(struct iptables_command_state *cs, struct xtables_args *args); @@ -151,20 +151,20 @@ void nft_clear_iptables_command_state(struct iptables_command_state *cs); void print_header(unsigned int format, const char *chain, const char *pol, const struct xt_counters *counters, bool basechain, uint32_t refs); -void print_firewall_details(const struct iptables_command_state *cs, - const char *targname, uint8_t flags, - uint8_t invflags, uint8_t proto, - unsigned int num, unsigned int format); +void print_rule_details(const struct iptables_command_state *cs, + const char *targname, uint8_t flags, + uint8_t invflags, uint8_t proto, + unsigned int num, unsigned int format); void print_ifaces(const char *iniface, const char *outiface, uint8_t invflags, unsigned int format); void print_matches_and_target(struct iptables_command_state *cs, unsigned int format); -void save_firewall_details(const struct iptables_command_state *cs, - uint8_t invflags, uint16_t proto, - const char *iniface, - unsigned const char *iniface_mask, - const char *outiface, - unsigned const char *outiface_mask); +void save_rule_details(const struct iptables_command_state *cs, + uint8_t invflags, uint16_t proto, + const char *iniface, + unsigned const char *iniface_mask, + const char *outiface, + unsigned const char *outiface_mask); void save_counters(const void *data); void save_matches_and_target(struct xtables_rule_match *m, struct xtables_target *target, diff --git a/iptables/nft.c b/iptables/nft.c index d94c5e9e0d247..fc3a7bf058629 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1209,8 +1209,8 @@ nft_rule_print_save(const struct nftnl_rule *r, enum nft_rule_print type, break; } - if (ops->save_firewall) - ops->save_firewall(&cs, format); + if (ops->save_rule) + ops->save_rule(&cs, format); if (ops->clear_cs) ops->clear_cs(&cs); @@ -2218,7 +2218,7 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table, if (chain && rulenum) { __nft_rule_list(h, chain, table, - rulenum, format, ops->print_firewall); + rulenum, format, ops->print_rule); return 1; } @@ -2262,7 +2262,7 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table, &ctrs, basechain, refs); __nft_rule_list(h, chain_name, table, - rulenum, format, ops->print_firewall); + rulenum, format, ops->print_rule); /* we printed the chain we wanted, stop processing. */ if (chain) -- 2.18.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html