iptables: nft: use 64-bits handle

Now that we use that in kernel space and in libnftables.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index 123a479cd2f3785763c8f4f70d856da9282bf86b..8e2b5acdced61b8365f9d514434412473d2500e5 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -649,7 +649,7 @@ static void add_counters(struct nft_rule *r, uint64_t packets, uint64_t bytes)
 int
 nft_rule_add(struct nft_handle *h, const char *chain, const char *table,
             struct iptables_command_state *cs,
-            bool append, uint16_t handle, bool verbose)
+            bool append, uint64_t handle, bool verbose)
 {
        char buf[MNL_SOCKET_BUFFER_SIZE];
        struct nlmsghdr *nlh;
@@ -2409,11 +2409,12 @@ int nft_rule_replace(struct nft_handle *h, const char *chain,
 
        r = nft_rule_find(list, chain, table, cs, rulenum);
        if (r != NULL) {
-               DEBUGP("replacing rule with handle=%u\n",
-                       nft_rule_attr_get_u16(r, NFT_RULE_ATTR_HANDLE));
+               DEBUGP("replacing rule with handle=%llu\n",
+                       (unsigned long long)
+                       nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE));
 
                ret = nft_rule_add(h, chain, table, cs, true,
-                                  nft_rule_attr_get_u16(r, NFT_RULE_ATTR_HANDLE),
+                                  nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE),
                                   verbose);
        } else
                errno = ENOENT;

diff --git a/iptables/nft.h b/iptables/nft.h
index 474e652e7fb18679af8f97d5a83bccc34947600e..aa458f8cc55905dc52a9558001d0facaf6bf4915 100644 (file)
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -39,7 +39,7 @@ int nft_chain_user_rename(struct nft_handle *h, const char *chain, const char *t
  */
 struct nft_rule;
 
-int nft_rule_add(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool append, uint16_t handle, bool verbose);
+int nft_rule_add(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool append, uint64_t handle, bool verbose);
 int nft_rule_check(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool verbose);
 int nft_rule_delete(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool verbose);
 int nft_rule_delete_num(struct nft_handle *h, const char *chain, const char *table, int rulenum, bool verbose);