.print_rule = nft_ipv4_print_rule,
.save_rule = nft_ipv4_save_rule,
.save_counters = save_counters,
+ .save_chain = nft_ipv46_save_chain,
.proto_parse = nft_ipv4_proto_parse,
.post_parse = nft_ipv4_post_parse,
.parse_target = nft_ipv46_parse_target,
.print_rule = nft_ipv6_print_rule,
.save_rule = nft_ipv6_save_rule,
.save_counters = save_counters,
+ .save_chain = nft_ipv46_save_chain,
.proto_parse = nft_ipv6_proto_parse,
.post_parse = nft_ipv6_post_parse,
.parse_target = nft_ipv46_parse_target,
#include <stdbool.h>
#include <netdb.h>
#include <errno.h>
+#include <inttypes.h>
#include <xtables.h>
(unsigned long long)cs->counters.bcnt);
}
+void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy)
+{
+ const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
+ uint64_t pkts = nftnl_chain_get_u64(c, NFTNL_CHAIN_PACKETS);
+ uint64_t bytes = nftnl_chain_get_u64(c, NFTNL_CHAIN_BYTES);
+
+ printf(":%s %s [%"PRIu64":%"PRIu64"]\n",
+ chain, policy ?: "-", pkts, bytes);
+}
+
void save_matches_and_target(struct xtables_rule_match *m,
struct xtables_target *target,
const char *jumpto, uint8_t flags, const void *fw)
#include <libnftnl/rule.h>
#include <libnftnl/expr.h>
+#include <libnftnl/chain.h>
#include <linux/netfilter_arp/arp_tables.h>
unsigned int format);
void (*save_rule)(const void *data, unsigned int format);
void (*save_counters)(const void *data);
+ void (*save_chain)(const struct nftnl_chain *c, const char *policy);
void (*proto_parse)(struct iptables_command_state *cs,
struct xtables_args *args);
void (*post_parse)(int command, struct iptables_command_state *cs,
const char *outiface,
unsigned const char *outiface_mask);
void save_counters(const void *data);
+void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy);
void save_matches_and_target(struct xtables_rule_match *m,
struct xtables_target *target,
const char *jumpto,
[NF_ACCEPT] = "ACCEPT",
};
-static void nft_chain_print_save(struct nftnl_chain *c, bool basechain)
-{
- const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
- uint64_t pkts = nftnl_chain_get_u64(c, NFTNL_CHAIN_PACKETS);
- uint64_t bytes = nftnl_chain_get_u64(c, NFTNL_CHAIN_BYTES);
-
- /* print chain name */
- if (basechain) {
- uint32_t pol = NF_ACCEPT;
-
- /* no default chain policy? don't crash, display accept */
- if (nftnl_chain_get(c, NFTNL_CHAIN_POLICY))
- pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY);
-
- printf(":%s %s [%"PRIu64":%"PRIu64"]\n", chain, policy_name[pol],
- pkts, bytes);
- } else
- printf(":%s - [%"PRIu64":%"PRIu64"]\n", chain, pkts, bytes);
-}
-
int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list,
const char *table)
{
struct nftnl_chain_list_iter *iter;
+ struct nft_family_ops *ops;
struct nftnl_chain *c;
+ ops = nft_family_ops_lookup(h->family);
+
iter = nftnl_chain_list_iter_create(list);
if (iter == NULL)
return 0;
while (c != NULL) {
const char *chain_table =
nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
- bool basechain = false;
+ const char *policy = NULL;
if (strcmp(table, chain_table) != 0)
goto next;
- basechain = nft_chain_builtin(c);
- nft_chain_print_save(c, basechain);
+ if (nft_chain_builtin(c)) {
+ uint32_t pol = NF_ACCEPT;
+
+ if (nftnl_chain_get(c, NFTNL_CHAIN_POLICY))
+ pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY);
+ policy = policy_name[pol];
+ }
+
+ if (ops->save_chain)
+ ops->save_chain(c, policy);
next:
c = nftnl_chain_list_iter_next(iter);
}
projects / thirdparty / iptables.git / commitdiff
