@ -44,6 +44,7 @@ struct iterate_callbacks {
/ / scratch area for rule iterating
union {
GQueue handles ;
bool rule_matched ;
} iterate_scratch ;
} ;
@ -118,6 +119,12 @@ static void check_matched_queue(struct nftnl_rule *r, struct iterate_callbacks *
}
static void check_matched_flag ( struct nftnl_rule * r , struct iterate_callbacks * callbacks ) {
if ( callbacks - > rule_scratch . rule_matched )
callbacks - > iterate_scratch . rule_matched = true ;
}
static int nftables_do_rule ( const struct nlmsghdr * nlh , void * data ) {
struct iterate_callbacks * callbacks = data ;
@ -683,11 +690,12 @@ static const char *nftables_check_family(struct mnl_socket *nl, int family, uint
struct iterate_callbacks callbacks = {
. parse_expr = match_rtpe ,
. rule_final = check_matched_flag ,
} ;
iterate_rules ( nl , family , chain , seq , & callbacks ) ;
if ( ! callbacks . rul e_scratch. rule_matched )
if ( ! callbacks . iterat e_scratch. rule_matched )
return " RTPENGINE rule not found " ;
/ / look for a rule to jump from a base chain to our custom chain
@ -695,6 +703,7 @@ static const char *nftables_check_family(struct mnl_socket *nl, int family, uint
callbacks = ( __typeof__ ( callbacks ) ) {
. parse_expr = match_immediate ,
. chain = chain ,
. rule_final = check_matched_flag ,
} ;
iterate_rules ( nl , family , " INPUT " , seq , & callbacks ) ;
@ -703,7 +712,7 @@ static const char *nftables_check_family(struct mnl_socket *nl, int family, uint
if ( base_chain & & strcmp ( base_chain , " none " ) )
iterate_rules ( nl , family , base_chain , seq , & callbacks ) ;
if ( ! callbacks . rul e_scratch. rule_matched )
if ( ! callbacks . iterat e_scratch. rule_matched )
return " immediate-goto rule not found " ;
return NULL ;
Richard Fuchs
2 years ago