[iptables PATCH 06/17] xtables: Use new callbacks in nft_rule_print_save()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This relieves callers from having to prepare iptables_command_state,
which often happens just for the sake of passing it to this function.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft-shared.c      |  2 +-
 iptables/nft.c             | 26 ++++++++++----------------
 iptables/nft.h             |  3 +--
 iptables/xtables-monitor.c |  6 +-----
 4 files changed, 13 insertions(+), 24 deletions(-)

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 87d48bf620bb5..24287e9762a9a 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -933,7 +933,7 @@ bool nft_ipv46_rule_find(struct nft_family_ops *ops,
 
 	DEBUGP("comparing with... ");
 #ifdef DEBUG_DEL
-	nft_rule_print_save(&this, r, NFT_RULE_APPEND, 0);
+	nft_rule_print_save(r, NFT_RULE_APPEND, 0);
 #endif
 	if (!ops->is_same(cs, &this))
 		return false;
diff --git a/iptables/nft.c b/iptables/nft.c
index 3e7c555778b1f..d94c5e9e0d247 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -327,9 +327,7 @@ static int mnl_append_error(const struct nft_handle *h,
 			 nftnl_rule_get_str(o->rule, NFTNL_RULE_CHAIN));
 #if 0
 		{
-			struct iptables_command_state cs = {};
-			nft_rule_to_iptables_command_state(o->rule, &cs);
-			nft_rule_print_save(&cs, o->rule, NFT_RULE_APPEND, FMT_NOCOUNTS);
+			nft_rule_print_save(o->rule, NFT_RULE_APPEND, FMT_NOCOUNTS);
 		}
 #endif
 		break;
@@ -1187,18 +1185,19 @@ nft_rule_append(struct nft_handle *h, const char *chain, const char *table,
 }
 
 void
-nft_rule_print_save(const void *data,
-		    struct nftnl_rule *r, enum nft_rule_print type,
+nft_rule_print_save(const struct nftnl_rule *r, enum nft_rule_print type,
 		    unsigned int format)
 {
 	const char *chain = nftnl_rule_get_str(r, NFTNL_RULE_CHAIN);
 	int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
+	struct iptables_command_state cs = {};
 	struct nft_family_ops *ops;
 
 	ops = nft_family_ops_lookup(family);
+	ops->rule_to_cs(r, &cs);
 
 	if (!(format & FMT_NOCOUNTS) && ops->save_counters)
-		ops->save_counters(data);
+		ops->save_counters(&cs);
 
 	/* print chain name */
 	switch(type) {
@@ -1211,8 +1210,10 @@ nft_rule_print_save(const void *data,
 	}
 
 	if (ops->save_firewall)
-		ops->save_firewall(data, format);
+		ops->save_firewall(&cs, format);
 
+	if (ops->clear_cs)
+		ops->clear_cs(&cs);
 }
 
 static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
@@ -1401,14 +1402,11 @@ int nft_rule_save(struct nft_handle *h, const char *table, bool counters)
 	while (r != NULL) {
 		const char *rule_table =
 			nftnl_rule_get_str(r, NFTNL_RULE_TABLE);
-		struct iptables_command_state cs = {};
 
 		if (strcmp(table, rule_table) != 0)
 			goto next;
 
-		nft_rule_to_iptables_command_state(r, &cs);
-
-		nft_rule_print_save(&cs, r, NFT_RULE_APPEND,
+		nft_rule_print_save(r, NFT_RULE_APPEND,
 				    counters ? 0 : FMT_NOCOUNTS);
 
 next:
@@ -2284,11 +2282,7 @@ err:
 static void
 list_save(struct nftnl_rule *r, unsigned int num, unsigned int format)
 {
-	struct iptables_command_state cs = {};
-
-	nft_rule_to_iptables_command_state(r, &cs);
-
-	nft_rule_print_save(&cs, r, NFT_RULE_APPEND, !(format & FMT_NOCOUNTS));
+	nft_rule_print_save(r, NFT_RULE_APPEND, !(format & FMT_NOCOUNTS));
 }
 
 static int
diff --git a/iptables/nft.h b/iptables/nft.h
index ffae84f22008f..a3f5c202d8f57 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -119,8 +119,7 @@ enum nft_rule_print {
 	NFT_RULE_DEL,
 };
 
-void nft_rule_print_save(const void *data,
-			 struct nftnl_rule *r, enum nft_rule_print type,
+void nft_rule_print_save(const struct nftnl_rule *r, enum nft_rule_print type,
 			 unsigned int format);
 
 uint32_t nft_invflags2cmp(uint32_t invflags, uint32_t flag);
diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
index e491b4db82bd7..a43a69af327e0 100644
--- a/iptables/xtables-monitor.c
+++ b/iptables/xtables-monitor.c
@@ -73,7 +73,6 @@ static bool events;
 
 static int rule_cb(const struct nlmsghdr *nlh, void *data)
 {
-	struct iptables_command_state cs = {};
 	uint32_t type = nlh->nlmsg_type & 0xFF;
 	const struct cb_arg *arg = data;
 	struct nftnl_rule *r;
@@ -96,19 +95,16 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data)
 	case AF_INET:
 	case AF_INET6:
 		printf("-%c ", family == AF_INET ? '4' : '6');
-		nft_rule_to_iptables_command_state(r, &cs);
 		break;
 	case NFPROTO_ARP:
 		printf("-0 ");
-		nft_rule_to_arptables_command_state(r, &cs);
 		break;
 	default:
 		goto err_free;
 	}
 
 	printf("-t %s ", nftnl_rule_get_str(r, NFTNL_RULE_TABLE));
-	nft_rule_print_save(&cs, r,
-			    type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND :
+	nft_rule_print_save(r, type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND :
 							   NFT_RULE_DEL,
 			    counters ? 0 : FMT_NOCOUNTS);
 err_free:
-- 
2.18.0

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux