[iptables PATCH 05/14] nft: Introduce nft_bridge_commit()

Phil Sutter Mon, 16 Sep 2019 09:51:07 -0700

No need to check family value from nft_commit() if we can have a
dedicated callback for bridge family.


Signed-off-by: Phil Sutter <p...@nwl.cc>
---
 iptables/nft.c                   | 8 ++++++--
 iptables/nft.h                   | 1 +
 iptables/xtables-eb-standalone.c | 2 +-
 iptables/xtables-restore.c       | 2 +-
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index 81d01310c7f8c..77ebc4f651e15 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -3069,11 +3069,15 @@ static void nft_bridge_commit_prepare(struct nft_handle 
*h)
 
 int nft_commit(struct nft_handle *h)
 {
-       if (h->family == NFPROTO_BRIDGE)
-               nft_bridge_commit_prepare(h);
        return nft_action(h, NFT_COMPAT_COMMIT);
 }
 
+int nft_bridge_commit(struct nft_handle *h)
+{
+       nft_bridge_commit_prepare(h);
+       return nft_commit(h);
+}
+
 int nft_abort(struct nft_handle *h)
 {
        return nft_action(h, NFT_COMPAT_ABORT);
diff --git a/iptables/nft.h b/iptables/nft.h
index 5e5e765b0d043..43463d7f262e8 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -147,6 +147,7 @@ uint32_t nft_invflags2cmp(uint32_t invflags, uint32_t flag);
  * global commit and abort
  */
 int nft_commit(struct nft_handle *h);
+int nft_bridge_commit(struct nft_handle *h);
 int nft_abort(struct nft_handle *h);
 int nft_abort_policy_rule(struct nft_handle *h, const char *table);
 
diff --git a/iptables/xtables-eb-standalone.c b/iptables/xtables-eb-standalone.c
index fb3daba0bd604..a9081c78c3bc3 100644
--- a/iptables/xtables-eb-standalone.c
+++ b/iptables/xtables-eb-standalone.c
@@ -51,7 +51,7 @@ int xtables_eb_main(int argc, char *argv[])
 
        ret = do_commandeb(&h, argc, argv, &table, false);
        if (ret)
-               ret = nft_commit(&h);
+               ret = nft_bridge_commit(&h);
 
        if (!ret)
                fprintf(stderr, "ebtables: %s\n", nft_strerror(errno));
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 601c842feab38..f930f5ba2d167 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -463,7 +463,7 @@ static int ebt_table_flush(struct nft_handle *h, const char 
*table)
 
 struct nft_xt_restore_cb ebt_restore_cb = {
        .chain_list     = get_chain_list,
-       .commit         = nft_commit,
+       .commit         = nft_bridge_commit,
        .table_new      = nft_table_new,
        .table_flush    = ebt_table_flush,
        .do_command     = do_commandeb,
-- 
2.23.0

[iptables PATCH 05/14] nft: Introduce nft_bridge_commit()

Reply via email to