nft: Embed rule's table name in nft_xt_ctx

Down to the point where expression parsing happens, the rule's table is
not known anymore but relevant if set lookups are required.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index a67302ee621aea374675ea2ddc3f24d85f4eb7e8..19630c1e2990c755879fbcb429b2efc45c77d6d3 100644 (file)
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -597,6 +597,7 @@ void nft_rule_to_iptables_command_state(struct nft_handle *h,
        struct nft_xt_ctx ctx = {
                .cs = cs,
                .h = h,
+               .table = nftnl_rule_get_str(r, NFTNL_RULE_TABLE),
        };
 
        iter = nftnl_expr_iter_create(r);

diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 4dc44b8460f0dd17ae2ae774ad91d0ab28e0438a..91762d2ed8a3e73bd6a0d50a509617da60c1542d 100644 (file)
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -51,6 +51,7 @@ struct nft_xt_ctx {
        struct nftnl_expr_iter *iter;
        struct nft_handle *h;
        uint32_t flags;
+       const char *table;
 
        uint32_t reg;
        struct {