[iptables-nftables PATCH] nft: load only the tables of the current family.

All of lore.kernel.org
 help / color / mirror / Atom feed

* [iptables-nftables PATCH] nft: load only the tables of the current family.
@ 2013-07-26 11:37 Giuseppe Longo
  2013-07-26 12:04 ` Tomasz Bursztyka
  0 siblings, 1 reply; 2+ messages in thread
From: Giuseppe Longo @ 2013-07-26 11:37 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Giuseppe Longo

This changes nft_xtables_config_load() permit to load only
the tables of the current family

Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
---
 iptables/nft.c |   13 +++++++++++++
 1 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index f124419..744b7c9 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2841,6 +2841,7 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
 	struct nft_chain_list_iter *citer;
 	struct nft_table *table;
 	struct nft_chain *chain;
+	uint8_t table_family, chain_family;
 
 	if (xtables_config_parse(filename, table_list, chain_list) < 0) {
 		if (errno == ENOENT) {
@@ -2858,6 +2859,12 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
 	/* Stage 1) create tables */
 	titer = nft_table_list_iter_create(table_list);
 	while ((table = nft_table_list_iter_next(titer)) != NULL) {
+		table_family = nft_table_attr_get_u32(table,
+						      NFT_TABLE_ATTR_FAMILY);
+
+		if (h->family != table_family)
+			continue;
+
 		if (nft_table_add(h, table) < 0) {
 			if (errno == EEXIST) {
 				xtables_config_perror(flags,
@@ -2883,6 +2890,12 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
 	/* Stage 2) create chains */
 	citer = nft_chain_list_iter_create(chain_list);
 	while ((chain = nft_chain_list_iter_next(citer)) != NULL) {
+		chain_family = nft_chain_attr_get_u32(chain,
+						      NFT_CHAIN_ATTR_TABLE);
+
+		if (h->family != chain_family)
+			continue;
+
 		if (nft_chain_add(h, chain) < 0) {
 			if (errno == EEXIST) {
 				xtables_config_perror(flags,
-- 
1.7.8.6


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [iptables-nftables PATCH] nft: load only the tables of the current family.
  2013-07-26 11:37 [iptables-nftables PATCH] nft: load only the tables of the current family Giuseppe Longo
@ 2013-07-26 12:04 ` Tomasz Bursztyka
  0 siblings, 0 replies; 2+ messages in thread
From: Tomasz Bursztyka @ 2013-07-26 12:04 UTC (permalink / raw)
  To: Giuseppe Longo; +Cc: netfilter-devel

Hi Giuseppe,

> +	uint8_t table_family, chain_family;

just uint32_t no need to downsize, anyway nft_table_attr_get_u32 gives 
you uint32_t.

Rest is fine.

Tomasz

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2013-07-26 12:04 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-07-26 11:37 [iptables-nftables PATCH] nft: load only the tables of the current family Giuseppe Longo
2013-07-26 12:04 ` Tomasz Bursztyka

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.