From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH v3 03/12] nft: family_ops: Pass nft_handle to 'print_rule' callback
Date: Wed, 30 Oct 2019 18:26:52 +0100 [thread overview]
Message-ID: <20191030172701.5892-4-phil@nwl.cc> (raw)
In-Reply-To: <20191030172701.5892-1-phil@nwl.cc>
Prepare for 'rule_to_cs' callback to receive nft_handle pointer so it is
able to access cache for set lookups.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/nft-arp.c | 3 ++-
iptables/nft-bridge.c | 4 ++--
iptables/nft-ipv4.c | 4 ++--
iptables/nft-ipv6.c | 4 ++--
iptables/nft-shared.h | 4 ++--
iptables/nft.c | 19 ++++++++++---------
6 files changed, 20 insertions(+), 18 deletions(-)
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 5ad7556c637b8..da22c12d34a7b 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -582,7 +582,8 @@ nft_arp_save_rule(const void *data, unsigned int format)
}
static void
-nft_arp_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format)
+nft_arp_print_rule(struct nft_handle *h, struct nftnl_rule *r,
+ unsigned int num, unsigned int format)
{
struct iptables_command_state cs = {};
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 73bca2f38101e..b0c6c5a4db3cd 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -472,8 +472,8 @@ static void nft_bridge_save_rule(const void *data, unsigned int format)
fputc('\n', stdout);
}
-static void nft_bridge_print_rule(struct nftnl_rule *r, unsigned int num,
- unsigned int format)
+static void nft_bridge_print_rule(struct nft_handle *h, struct nftnl_rule *r,
+ unsigned int num, unsigned int format)
{
struct iptables_command_state cs = {};
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index 57d1b3c6d2d0c..98d7f966e3694 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -261,8 +261,8 @@ static void print_fragment(unsigned int flags, unsigned int invflags,
fputc(' ', stdout);
}
-static void nft_ipv4_print_rule(struct nftnl_rule *r, unsigned int num,
- unsigned int format)
+static void nft_ipv4_print_rule(struct nft_handle *h, struct nftnl_rule *r,
+ unsigned int num, unsigned int format)
{
struct iptables_command_state cs = {};
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 0e2c4a2946e25..56236bff03c2b 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -187,8 +187,8 @@ static void nft_ipv6_parse_immediate(const char *jumpto, bool nft_goto,
cs->fw6.ipv6.flags |= IP6T_F_GOTO;
}
-static void nft_ipv6_print_rule(struct nftnl_rule *r, unsigned int num,
- unsigned int format)
+static void nft_ipv6_print_rule(struct nft_handle *h, struct nftnl_rule *r,
+ unsigned int num, unsigned int format)
{
struct iptables_command_state cs = {};
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index e98ce11a4b1a2..65d4997b2539d 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -90,8 +90,8 @@ struct nft_family_ops {
const char *pol,
const struct xt_counters *counters, bool basechain,
uint32_t refs, uint32_t entries);
- void (*print_rule)(struct nftnl_rule *r, unsigned int num,
- unsigned int format);
+ void (*print_rule)(struct nft_handle *h, struct nftnl_rule *r,
+ unsigned int num, unsigned int format);
void (*save_rule)(const void *data, unsigned int format);
void (*save_counters)(const void *data);
void (*save_chain)(const struct nftnl_chain *c, const char *policy);
diff --git a/iptables/nft.c b/iptables/nft.c
index e03ed59c71953..0c6ce12f54582 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1202,7 +1202,7 @@ nft_rule_append(struct nft_handle *h, const char *chain, const char *table,
}
if (verbose)
- h->ops->print_rule(r, 0, FMT_PRINT_RULE);
+ h->ops->print_rule(h, r, 0, FMT_PRINT_RULE);
if (ref) {
nftnl_chain_rule_insert_at(r, ref);
@@ -1935,7 +1935,7 @@ int nft_rule_check(struct nft_handle *h, const char *chain,
goto fail_enoent;
if (verbose)
- h->ops->print_rule(r, 0, FMT_PRINT_RULE);
+ h->ops->print_rule(h, r, 0, FMT_PRINT_RULE);
return 1;
fail_enoent:
@@ -1964,7 +1964,7 @@ int nft_rule_delete(struct nft_handle *h, const char *chain,
if (ret < 0)
errno = ENOMEM;
if (verbose)
- h->ops->print_rule(r, 0, FMT_PRINT_RULE);
+ h->ops->print_rule(h, r, 0, FMT_PRINT_RULE);
} else
errno = ENOENT;
@@ -2005,7 +2005,7 @@ nft_rule_add(struct nft_handle *h, const char *chain,
}
if (verbose)
- h->ops->print_rule(r, 0, FMT_PRINT_RULE);
+ h->ops->print_rule(h, r, 0, FMT_PRINT_RULE);
return r;
}
@@ -2114,8 +2114,8 @@ int nft_rule_replace(struct nft_handle *h, const char *chain,
static int
__nft_rule_list(struct nft_handle *h, struct nftnl_chain *c,
int rulenum, unsigned int format,
- void (*cb)(struct nftnl_rule *r, unsigned int num,
- unsigned int format))
+ void (*cb)(struct nft_handle *h, struct nftnl_rule *r,
+ unsigned int num, unsigned int format))
{
struct nftnl_rule_iter *iter;
struct nftnl_rule *r;
@@ -2128,7 +2128,7 @@ __nft_rule_list(struct nft_handle *h, struct nftnl_chain *c,
* valid chain but invalid rule number
*/
return 1;
- cb(r, rulenum, format);
+ cb(h, r, rulenum, format);
return 1;
}
@@ -2138,7 +2138,7 @@ __nft_rule_list(struct nft_handle *h, struct nftnl_chain *c,
r = nftnl_rule_iter_next(iter);
while (r != NULL) {
- cb(r, ++rule_ctr, format);
+ cb(h, r, ++rule_ctr, format);
r = nftnl_rule_iter_next(iter);
}
@@ -2242,7 +2242,8 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
}
static void
-list_save(struct nftnl_rule *r, unsigned int num, unsigned int format)
+list_save(struct nft_handle *h, struct nftnl_rule *r,
+ unsigned int num, unsigned int format)
{
nft_rule_print_save(r, NFT_RULE_APPEND, format);
}
--
2.23.0
next prev parent reply other threads:[~2019-10-30 17:27 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-30 17:26 [iptables PATCH v3 00/12] Implement among match support Phil Sutter
2019-10-30 17:26 ` [iptables PATCH v3 01/12] nft: family_ops: Pass nft_handle to 'add' callback Phil Sutter
2019-10-31 14:05 ` Pablo Neira Ayuso
2019-10-30 17:26 ` [iptables PATCH v3 02/12] nft: family_ops: Pass nft_handle to 'rule_find' callback Phil Sutter
2019-10-31 14:05 ` Pablo Neira Ayuso
2019-10-30 17:26 ` Phil Sutter [this message]
2019-10-31 14:05 ` [iptables PATCH v3 03/12] nft: family_ops: Pass nft_handle to 'print_rule' callback Pablo Neira Ayuso
2019-10-30 17:26 ` [iptables PATCH v3 04/12] nft: family_ops: Pass nft_handle to 'rule_to_cs' callback Phil Sutter
2019-10-30 17:26 ` [iptables PATCH v3 05/12] nft: Keep nft_handle pointer in nft_xt_ctx Phil Sutter
2019-10-30 17:26 ` [iptables PATCH v3 06/12] nft: Eliminate pointless calls to nft_family_ops_lookup() Phil Sutter
2019-10-30 17:26 ` [iptables PATCH v3 07/12] nft: Introduce NFT_CL_SETS cache level Phil Sutter
2019-10-31 14:04 ` Pablo Neira Ayuso
2019-10-31 14:08 ` Phil Sutter
2019-10-30 17:26 ` [iptables PATCH v3 08/12] nft: Support NFT_COMPAT_SET_ADD Phil Sutter
2019-10-30 17:26 ` [iptables PATCH v3 09/12] nft: Bore up nft_parse_payload() Phil Sutter
2019-10-30 17:26 ` [iptables PATCH v3 10/12] nft: Embed rule's table name in nft_xt_ctx Phil Sutter
2019-10-30 17:27 ` [iptables PATCH v3 11/12] nft: Support parsing lookup expression Phil Sutter
2019-10-30 17:27 ` [iptables PATCH v3 12/12] nft: bridge: Rudimental among extension support Phil Sutter
2019-10-31 14:13 ` [iptables PATCH v3 00/12] Implement among match support Pablo Neira Ayuso
2019-10-31 14:14 ` Pablo Neira Ayuso
2019-10-31 15:01 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191030172701.5892-4-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).