Sadly, '-C' is in use already for --change-counters (even though
ebtables-nft does not implement this), so add a long-option only. It is
needed for xlate testsuite in replay mode, which will use '--check'
instead of '-C'.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/xtables-eb.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index c5fc338575f67..7214a767ffe96 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -198,6 +198,7 @@ struct option ebt_original_options[] =
{ "delete-chain" , optional_argument, 0, 'X' },
{ "init-table" , no_argument , 0, 11 },
{ "concurrent" , no_argument , 0, 13 },
+ { "check" , required_argument, 0, 14 },
{ 0 }
};
@@ -730,6 +731,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
case 'N': /* Make a user defined chain */
case 'E': /* Rename chain */
case 'X': /* Delete chain */
+ case 14: /* check a rule */
/* We allow -N chainname -P policy */
if (command == 'N' && c == 'P') {
command = c;
@@ -907,7 +909,8 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
if (!OPT_COMMANDS)
xtables_error(PARAMETER_PROBLEM,
"No command specified");
- if (command != 'A' && command != 'D' && command != 'I' && command != 'C')
+ if (command != 'A' && command != 'D' &&
+ command != 'I' && command != 'C' && command != 14)
xtables_error(PARAMETER_PROBLEM,
"Command and option do not match");
if (c == 'i') {
@@ -1088,7 +1091,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
argv[optind]);
if (command != 'A' && command != 'I' &&
- command != 'D' && command != 'C')
+ command != 'D' && command != 'C' && command != 14)
xtables_error(PARAMETER_PROBLEM,
"Extensions only for -A, -I, -D and -C");
}
@@ -1109,7 +1112,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
/* Do the final checks */
if (command == 'A' || command == 'I' ||
- command == 'D' || command == 'C') {
+ command == 'D' || command == 'C' || command == 14) {
for (xtrm_i = cs.matches; xtrm_i; xtrm_i = xtrm_i->next)
xtables_option_mfcall(xtrm_i->match);
@@ -1161,6 +1164,9 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
} else if (command == 'D') {
ret = delete_entry(h, chain, *table, &cs, rule_nr - 1,
rule_nr_end, flags & OPT_VERBOSE);
+ } else if (command == 14) {
+ ret = nft_cmd_rule_check(h, chain, *table,
+ &cs, flags & OPT_VERBOSE);
} /*else if (replace->command == 'C') {
ebt_change_counters(replace, new_entry, rule_nr, rule_nr_end, &(new_entry->cnt_surplus), chcounter);
if (ebt_errormsg[0] != '\0')
--
2.38.0
