This always uses xtables_ipv4 (which is same as _ipv6).
Pass the correct skeleton instead, this is needed to handle ebtables
correctly from xt-translate, as it doesn't use ip/ip6 tables.
Signed-off-by: Florian Westphal <fw@strlen.de>
static int
xtables_restore_main(int family, const char *progname, int argc, char *argv[])
{
+ struct builtin_table *tables;
struct nft_handle h = {
.family = family,
.restore = true,
xtables_globals.program_version);
exit(1);
}
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
- init_extensions();
- init_extensions4();
-#endif
-
- if (nft_init(&h, xtables_ipv4) < 0) {
- fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
- xtables_globals.program_name,
- xtables_globals.program_version,
- strerror(errno));
- exit(EXIT_FAILURE);
- }
while ((c = getopt_long(argc, argv, "bcvVthnM:T:46wW", options, NULL)) != -1) {
switch (c) {
p.in = stdin;
}
+ switch (family) {
+ case NFPROTO_IPV4:
+ case NFPROTO_IPV6: /* fallthough, same table */
+ tables = xtables_ipv4;
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+ init_extensions();
+ init_extensions4();
+#endif
+ break;
+ case NFPROTO_ARP:
+ tables = xtables_arp;
+ break;
+ case NFPROTO_BRIDGE:
+ tables = xtables_bridge;
+ break;
+ default:
+ fprintf(stderr, "Unknown family %d\n", family);
+ return 1;
+ }
+
+ if (nft_init(&h, tables) < 0) {
+ fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
+ xtables_globals.program_name,
+ xtables_globals.program_version,
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+
xtables_restore_parse(&h, &p, &restore_cb, argc, argv);
nft_fini(&h);
static int
xtables_save_main(int family, const char *progname, int argc, char *argv[])
{
+ struct builtin_table *tables;
const char *tablename = NULL;
bool dump = false;
struct nft_handle h = {
xtables_globals.program_version);
exit(1);
}
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
- init_extensions();
- init_extensions4();
-#endif
- if (nft_init(&h, xtables_ipv4) < 0) {
- fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
- xtables_globals.program_name,
- xtables_globals.program_version,
- strerror(errno));
- exit(EXIT_FAILURE);
- }
while ((c = getopt_long(argc, argv, "bcdt:M:f:46", options, NULL)) != -1) {
switch (c) {
exit(1);
}
+ switch (family) {
+ case NFPROTO_IPV4:
+ case NFPROTO_IPV6: /* fallthough, same table */
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+ init_extensions();
+ init_extensions4();
+#endif
+ tables = xtables_ipv4;
+ break;
+ case NFPROTO_ARP:
+ tables = xtables_arp;
+ break;
+ case NFPROTO_BRIDGE:
+ tables = xtables_bridge;
+ break;
+ default:
+ fprintf(stderr, "Unknown family %d\n", family);
+ return 1;
+ }
+
+ if (nft_init(&h, tables) < 0) {
+ fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
+ xtables_globals.program_name,
+ xtables_globals.program_version,
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+
+
ret = nft_is_ruleset_compatible(&h);
if (ret) {
printf("ERROR: You're using nft features that cannot be mapped to iptables, please keep using nft.\n");
int family,
const char *progname)
{
+ struct builtin_table *tables;
int ret;
xtables_globals.program_name = progname;
xtables_globals.program_version);
return 1;
}
+ switch (family) {
+ case NFPROTO_IPV4:
+ case NFPROTO_IPV6: /* fallthrough: same table */
#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
#endif
+ tables = xtables_ipv4;
+ break;
+ case NFPROTO_ARP:
+ tables = xtables_arp;
+ break;
+ case NFPROTO_BRIDGE:
+ tables = xtables_bridge;
+ break;
+ default:
+ fprintf(stderr, "Unknown family %d\n", family);
+ return 1;
+ }
- if (nft_init(h, xtables_ipv4) < 0) {
+ if (nft_init(h, tables) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
projects / thirdparty / iptables.git / commitdiff
