git.ipfire.org Git - thirdparty/iptables.git/commit

author	Phil Sutter <phil@nwl.cc>
	Fri, 10 Jul 2020 18:08:35 +0000 (20:08 +0200)
committer	Phil Sutter <phil@nwl.cc>
	Fri, 24 Jul 2020 17:15:49 +0000 (19:15 +0200)
commit	0b7c22e00622db468846f11809ca0cecc6c7cd97
tree	ed361a57baa34093872d4bf90c588b4187a11fdd	tree
parent	26ec09bf6b9b674a7e3a65fc9c12599bd81dfe0f	commit \| diff

nft: Make table creation purely implicit

While asserting a required builtin chain exists, its table is created
implicitly if missing. Exploit this from xtables-restore, too: The only
actions which need adjustment are chain_new and chain_restore, i.e. when
restoring (either builtin or custom) chains.

Note: The call to nft_table_builtin_add() wasn't sufficient as it
doesn't set the table as initialized and therefore a following call to
nft_xt_builtin_init() would override non-default base chain policies.

Note2: The 'table_new' callback in 'nft_xt_restore_cb' is left in place
as xtables-translate uses it to print an explicit 'add table' command.

Note3: nft_table_new() function was already unused since a7f1e208cdf9c
("nft: split parsing from netlink commands").

Signed-off-by: Phil Sutter <phil@nwl.cc>

iptables/nft-cmd.c		diff \| blob \| blame \| history
iptables/nft.c		diff \| blob \| blame \| history
iptables/nft.h		diff \| blob \| blame \| history
iptables/xtables-restore.c		diff \| blob \| blame \| history