By dropping the per-family 'cs->matches' selection (which is the default
anyway), code becomes identical to the function's body.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft-shared.c | 12 +-----------
1 file changed, 1 insertion(+), 11 deletions(-)
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index df3cc6ac994cf..52e745fea85c2 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -1202,16 +1202,13 @@ static void nft_parse_limit(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
__u32 burst = nftnl_expr_get_u32(e, NFTNL_EXPR_LIMIT_BURST);
__u64 unit = nftnl_expr_get_u64(e, NFTNL_EXPR_LIMIT_UNIT);
__u64 rate = nftnl_expr_get_u64(e, NFTNL_EXPR_LIMIT_RATE);
- struct xtables_rule_match **matches;
struct xtables_match *match;
struct xt_rateinfo *rinfo;
- size_t size;
switch (ctx->h->family) {
case NFPROTO_IPV4:
case NFPROTO_IPV6:
case NFPROTO_BRIDGE:
- matches = &ctx->cs->matches;
break;
default:
fprintf(stderr, "BUG: nft_parse_limit() unknown family %d\n",
@@ -1219,19 +1216,12 @@ static void nft_parse_limit(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
exit(EXIT_FAILURE);
}
- match = xtables_find_match("limit", XTF_TRY_LOAD, matches);
+ match = nft_create_match(ctx, ctx->cs, "limit", false);
if (match == NULL) {
ctx->errmsg = "limit match extension not found";
return;
}
- size = XT_ALIGN(sizeof(struct xt_entry_match)) + match->size;
- match->m = xtables_calloc(1, size);
- match->m->u.match_size = size;
- strcpy(match->m->u.user.name, match->name);
- match->m->u.user.revision = match->revision;
- xs_init_match(match);
-
rinfo = (void *)match->m->data;
rinfo->avg = XT_LIMIT_SCALE * unit / rate;
rinfo->burst = burst;
--
2.38.0
