|
|
|
@ -466,7 +466,7 @@ static const char *delete_chain(struct mnl_socket *nl, int family, uint32_t *seq |
|
|
|
|
|
|
|
|
|
|
|
static const char *nftables_shutdown_family(struct mnl_socket *nl, int family, uint32_t *seq, |
|
|
|
const char *chain, const char *base_chain, void *data) |
|
|
|
const char *chain, const char *base_chain, nftables_args *dummy) |
|
|
|
{ |
|
|
|
// clean up rules in legacy `INPUT` chain |
|
|
|
const char *err = iterate_rules(nl, family, "INPUT", seq, |
|
|
|
@ -534,7 +534,7 @@ static const char *add_table(struct mnl_socket *nl, int family, uint32_t *seq) { |
|
|
|
|
|
|
|
|
|
|
|
static const char *nftables_setup_family(struct mnl_socket *nl, int family, uint32_t *seq, |
|
|
|
const char *chain, const char *base_chain, void *data) |
|
|
|
const char *chain, const char *base_chain, nftables_args *args) |
|
|
|
{ |
|
|
|
const char *err = nftables_shutdown_family(nl, family, seq, chain, base_chain, NULL); |
|
|
|
if (err) |
|
|
|
@ -545,8 +545,6 @@ static const char *nftables_setup_family(struct mnl_socket *nl, int family, uint |
|
|
|
if (err) |
|
|
|
return err; |
|
|
|
|
|
|
|
int *table = data; |
|
|
|
|
|
|
|
if (base_chain) { |
|
|
|
// make sure we have a local input base chain |
|
|
|
err = add_chain(nl, family, base_chain, seq, local_input_chain); |
|
|
|
@ -571,7 +569,7 @@ static const char *nftables_setup_family(struct mnl_socket *nl, int family, uint |
|
|
|
return add_rule(nl, family, seq, (struct add_rule_callbacks) { |
|
|
|
.callback = rtpe_target, |
|
|
|
.chain = chain, |
|
|
|
.table = *table, |
|
|
|
.table = args->table, |
|
|
|
}); |
|
|
|
} |
|
|
|
else { |
|
|
|
@ -584,7 +582,7 @@ static const char *nftables_setup_family(struct mnl_socket *nl, int family, uint |
|
|
|
return add_rule(nl, family, seq, (struct add_rule_callbacks) { |
|
|
|
.callback = rtpe_target_filter, |
|
|
|
.chain = chain, |
|
|
|
.table = *table, |
|
|
|
.table = args->table, |
|
|
|
}); |
|
|
|
} |
|
|
|
} |
|
|
|
@ -592,8 +590,8 @@ static const char *nftables_setup_family(struct mnl_socket *nl, int family, uint |
|
|
|
|
|
|
|
static const char *nftables_do(const char *chain, const char *base_chain, |
|
|
|
const char *(*do_func)(struct mnl_socket *nl, int family, uint32_t *seq, |
|
|
|
const char *chain, const char *base_chain, void *data), |
|
|
|
void *data) |
|
|
|
const char *chain, const char *base_chain, nftables_args *args), |
|
|
|
nftables_args *args) |
|
|
|
{ |
|
|
|
if (!chain || !chain[0]) |
|
|
|
return NULL; |
|
|
|
@ -609,10 +607,10 @@ static const char *nftables_do(const char *chain, const char *base_chain, |
|
|
|
|
|
|
|
uint32_t seq = time(NULL); |
|
|
|
|
|
|
|
const char *err = do_func(nl, NFPROTO_IPV4, &seq, chain, base_chain, data); |
|
|
|
const char *err = do_func(nl, NFPROTO_IPV4, &seq, chain, base_chain, args); |
|
|
|
if (err) |
|
|
|
return err; |
|
|
|
err = do_func(nl, NFPROTO_IPV6, &seq, chain, base_chain, data); |
|
|
|
err = do_func(nl, NFPROTO_IPV6, &seq, chain, base_chain, args); |
|
|
|
if (err) |
|
|
|
return err; |
|
|
|
|
|
|
|
@ -621,7 +619,7 @@ static const char *nftables_do(const char *chain, const char *base_chain, |
|
|
|
|
|
|
|
|
|
|
|
const char *nftables_setup(const char *chain, const char *base_chain, nftables_args args) { |
|
|
|
return nftables_do(chain, base_chain, nftables_setup_family, &args.table); |
|
|
|
return nftables_do(chain, base_chain, nftables_setup_family, &args); |
|
|
|
} |
|
|
|
|
|
|
|
const char *nftables_shutdown(const char *chain, const char *base_chain) { |
|
|
|
|
Richard Fuchs
2 years ago