Legacy ebtables-restore does not support COMMIT directive, so allow for
callers of xtables_restore_parse() to toggle whether it is required or
not.
In iptables, omitting COMMIT may be used for syntax checking, so we must
not add an implicit commit at EOF. Although ebtables/arptables legacy
does not support COMMIT lines at all, this patch allows them in nft
variants. If omitted, an implicit commit happens for them at EOF.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
FILE *in;
int testing;
const char *tablename;
+ bool commit;
};
struct nftnl_chain_list;
}
in_table = 0;
- } else if ((buffer[0] == '*') && (!in_table)) {
+ } else if ((buffer[0] == '*') && (!in_table || !p->commit)) {
/* New table */
char *table;
exit(1);
}
}
- if (in_table) {
+ if (in_table && p->commit) {
fprintf(stderr, "%s: COMMIT expected at line %u\n",
xt_params->program_name, line + 1);
exit(1);
+ } else if (in_table && cb->commit && !cb->commit(h)) {
+ xtables_error(OTHER_PROBLEM, "%s: final implicit COMMIT failed",
+ xt_params->program_name);
}
}
.restore = true,
};
int c;
- struct nft_xt_restore_parse p = {};
+ struct nft_xt_restore_parse p = {
+ .commit = true,
+ };
line = 0;
projects / thirdparty / iptables.git / commitdiff
