1*a71a9546SAutomerger Merge Worker /*
2*a71a9546SAutomerger Merge Worker * (C) 2012 by Pablo Neira Ayuso <[email protected]>
3*a71a9546SAutomerger Merge Worker *
4*a71a9546SAutomerger Merge Worker * This program is free software; you can redistribute it and/or modify
5*a71a9546SAutomerger Merge Worker * it under the terms of the GNU General Public License as published
6*a71a9546SAutomerger Merge Worker * by the Free Software Foundation; either version 2 of the License, or
7*a71a9546SAutomerger Merge Worker * (at your option) any later version.
8*a71a9546SAutomerger Merge Worker *
9*a71a9546SAutomerger Merge Worker * This code has been sponsored by Sophos Astaro <http://www.sophos.com>
10*a71a9546SAutomerger Merge Worker */
11*a71a9546SAutomerger Merge Worker
12*a71a9546SAutomerger Merge Worker #include <stdlib.h>
13*a71a9546SAutomerger Merge Worker #include <string.h>
14*a71a9546SAutomerger Merge Worker #include <xtables.h>
15*a71a9546SAutomerger Merge Worker #include "nft.h"
16*a71a9546SAutomerger Merge Worker #include "nft-cmd.h"
17*a71a9546SAutomerger Merge Worker #include <libnftnl/set.h>
18*a71a9546SAutomerger Merge Worker
nft_cmd_new(struct nft_handle * h,int command,const char * table,const char * chain,struct iptables_command_state * state,int rulenum,bool verbose)19*a71a9546SAutomerger Merge Worker struct nft_cmd *nft_cmd_new(struct nft_handle *h, int command,
20*a71a9546SAutomerger Merge Worker const char *table, const char *chain,
21*a71a9546SAutomerger Merge Worker struct iptables_command_state *state,
22*a71a9546SAutomerger Merge Worker int rulenum, bool verbose)
23*a71a9546SAutomerger Merge Worker {
24*a71a9546SAutomerger Merge Worker struct nft_rule_ctx ctx = {
25*a71a9546SAutomerger Merge Worker .command = command,
26*a71a9546SAutomerger Merge Worker };
27*a71a9546SAutomerger Merge Worker struct nftnl_rule *rule;
28*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
29*a71a9546SAutomerger Merge Worker
30*a71a9546SAutomerger Merge Worker cmd = xtables_calloc(1, sizeof(struct nft_cmd));
31*a71a9546SAutomerger Merge Worker cmd->error.lineno = h->error.lineno;
32*a71a9546SAutomerger Merge Worker cmd->command = command;
33*a71a9546SAutomerger Merge Worker cmd->table = xtables_strdup(table);
34*a71a9546SAutomerger Merge Worker if (chain)
35*a71a9546SAutomerger Merge Worker cmd->chain = xtables_strdup(chain);
36*a71a9546SAutomerger Merge Worker cmd->rulenum = rulenum;
37*a71a9546SAutomerger Merge Worker cmd->verbose = verbose;
38*a71a9546SAutomerger Merge Worker
39*a71a9546SAutomerger Merge Worker if (state) {
40*a71a9546SAutomerger Merge Worker rule = nft_rule_new(h, &ctx, chain, table, state);
41*a71a9546SAutomerger Merge Worker if (!rule) {
42*a71a9546SAutomerger Merge Worker nft_cmd_free(cmd);
43*a71a9546SAutomerger Merge Worker return NULL;
44*a71a9546SAutomerger Merge Worker }
45*a71a9546SAutomerger Merge Worker
46*a71a9546SAutomerger Merge Worker cmd->obj.rule = rule;
47*a71a9546SAutomerger Merge Worker
48*a71a9546SAutomerger Merge Worker if (!state->target && strlen(state->jumpto) > 0)
49*a71a9546SAutomerger Merge Worker cmd->jumpto = xtables_strdup(state->jumpto);
50*a71a9546SAutomerger Merge Worker }
51*a71a9546SAutomerger Merge Worker
52*a71a9546SAutomerger Merge Worker list_add_tail(&cmd->head, &h->cmd_list);
53*a71a9546SAutomerger Merge Worker
54*a71a9546SAutomerger Merge Worker return cmd;
55*a71a9546SAutomerger Merge Worker }
56*a71a9546SAutomerger Merge Worker
nft_cmd_free(struct nft_cmd * cmd)57*a71a9546SAutomerger Merge Worker void nft_cmd_free(struct nft_cmd *cmd)
58*a71a9546SAutomerger Merge Worker {
59*a71a9546SAutomerger Merge Worker free((void *)cmd->table);
60*a71a9546SAutomerger Merge Worker free((void *)cmd->chain);
61*a71a9546SAutomerger Merge Worker free((void *)cmd->policy);
62*a71a9546SAutomerger Merge Worker free((void *)cmd->rename);
63*a71a9546SAutomerger Merge Worker free((void *)cmd->jumpto);
64*a71a9546SAutomerger Merge Worker
65*a71a9546SAutomerger Merge Worker switch (cmd->command) {
66*a71a9546SAutomerger Merge Worker case NFT_COMPAT_RULE_CHECK:
67*a71a9546SAutomerger Merge Worker case NFT_COMPAT_RULE_DELETE:
68*a71a9546SAutomerger Merge Worker if (cmd->obj.rule)
69*a71a9546SAutomerger Merge Worker nftnl_rule_free(cmd->obj.rule);
70*a71a9546SAutomerger Merge Worker break;
71*a71a9546SAutomerger Merge Worker default:
72*a71a9546SAutomerger Merge Worker break;
73*a71a9546SAutomerger Merge Worker }
74*a71a9546SAutomerger Merge Worker
75*a71a9546SAutomerger Merge Worker list_del(&cmd->head);
76*a71a9546SAutomerger Merge Worker free(cmd);
77*a71a9546SAutomerger Merge Worker }
78*a71a9546SAutomerger Merge Worker
nft_cmd_rule_bridge(struct nft_handle * h,const struct nft_cmd * cmd)79*a71a9546SAutomerger Merge Worker static void nft_cmd_rule_bridge(struct nft_handle *h, const struct nft_cmd *cmd)
80*a71a9546SAutomerger Merge Worker {
81*a71a9546SAutomerger Merge Worker const struct builtin_table *t;
82*a71a9546SAutomerger Merge Worker
83*a71a9546SAutomerger Merge Worker t = nft_table_builtin_find(h, cmd->table);
84*a71a9546SAutomerger Merge Worker if (!t)
85*a71a9546SAutomerger Merge Worker return;
86*a71a9546SAutomerger Merge Worker
87*a71a9546SAutomerger Merge Worker /* Since ebtables user-defined chain policies are implemented as last
88*a71a9546SAutomerger Merge Worker * rule in nftables, rule cache is required here to treat them right.
89*a71a9546SAutomerger Merge Worker */
90*a71a9546SAutomerger Merge Worker if (h->family == NFPROTO_BRIDGE &&
91*a71a9546SAutomerger Merge Worker !nft_chain_builtin_find(t, cmd->chain))
92*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_RULES, cmd);
93*a71a9546SAutomerger Merge Worker else
94*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_CHAINS, cmd);
95*a71a9546SAutomerger Merge Worker }
96*a71a9546SAutomerger Merge Worker
nft_cmd_rule_append(struct nft_handle * h,const char * chain,const char * table,struct iptables_command_state * state,bool verbose)97*a71a9546SAutomerger Merge Worker int nft_cmd_rule_append(struct nft_handle *h, const char *chain,
98*a71a9546SAutomerger Merge Worker const char *table, struct iptables_command_state *state,
99*a71a9546SAutomerger Merge Worker bool verbose)
100*a71a9546SAutomerger Merge Worker {
101*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
102*a71a9546SAutomerger Merge Worker
103*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_RULE_APPEND, table, chain, state, -1,
104*a71a9546SAutomerger Merge Worker verbose);
105*a71a9546SAutomerger Merge Worker if (!cmd)
106*a71a9546SAutomerger Merge Worker return 0;
107*a71a9546SAutomerger Merge Worker
108*a71a9546SAutomerger Merge Worker nft_cmd_rule_bridge(h, cmd);
109*a71a9546SAutomerger Merge Worker
110*a71a9546SAutomerger Merge Worker return 1;
111*a71a9546SAutomerger Merge Worker }
112*a71a9546SAutomerger Merge Worker
nft_cmd_rule_insert(struct nft_handle * h,const char * chain,const char * table,struct iptables_command_state * state,int rulenum,bool verbose)113*a71a9546SAutomerger Merge Worker int nft_cmd_rule_insert(struct nft_handle *h, const char *chain,
114*a71a9546SAutomerger Merge Worker const char *table, struct iptables_command_state *state,
115*a71a9546SAutomerger Merge Worker int rulenum, bool verbose)
116*a71a9546SAutomerger Merge Worker {
117*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
118*a71a9546SAutomerger Merge Worker
119*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_RULE_INSERT, table, chain, state,
120*a71a9546SAutomerger Merge Worker rulenum, verbose);
121*a71a9546SAutomerger Merge Worker if (!cmd)
122*a71a9546SAutomerger Merge Worker return 0;
123*a71a9546SAutomerger Merge Worker
124*a71a9546SAutomerger Merge Worker nft_cmd_rule_bridge(h, cmd);
125*a71a9546SAutomerger Merge Worker
126*a71a9546SAutomerger Merge Worker if (cmd->rulenum > 0)
127*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_RULES, cmd);
128*a71a9546SAutomerger Merge Worker else
129*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_CHAINS, cmd);
130*a71a9546SAutomerger Merge Worker
131*a71a9546SAutomerger Merge Worker return 1;
132*a71a9546SAutomerger Merge Worker }
133*a71a9546SAutomerger Merge Worker
nft_cmd_rule_delete(struct nft_handle * h,const char * chain,const char * table,struct iptables_command_state * state,bool verbose)134*a71a9546SAutomerger Merge Worker int nft_cmd_rule_delete(struct nft_handle *h, const char *chain,
135*a71a9546SAutomerger Merge Worker const char *table, struct iptables_command_state *state,
136*a71a9546SAutomerger Merge Worker bool verbose)
137*a71a9546SAutomerger Merge Worker {
138*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
139*a71a9546SAutomerger Merge Worker
140*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_RULE_DELETE, table, chain, state,
141*a71a9546SAutomerger Merge Worker -1, verbose);
142*a71a9546SAutomerger Merge Worker if (!cmd)
143*a71a9546SAutomerger Merge Worker return 0;
144*a71a9546SAutomerger Merge Worker
145*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_RULES, cmd);
146*a71a9546SAutomerger Merge Worker
147*a71a9546SAutomerger Merge Worker return 1;
148*a71a9546SAutomerger Merge Worker }
149*a71a9546SAutomerger Merge Worker
nft_cmd_rule_delete_num(struct nft_handle * h,const char * chain,const char * table,int rulenum,bool verbose)150*a71a9546SAutomerger Merge Worker int nft_cmd_rule_delete_num(struct nft_handle *h, const char *chain,
151*a71a9546SAutomerger Merge Worker const char *table, int rulenum, bool verbose)
152*a71a9546SAutomerger Merge Worker {
153*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
154*a71a9546SAutomerger Merge Worker
155*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_RULE_DELETE, table, chain, NULL,
156*a71a9546SAutomerger Merge Worker rulenum, verbose);
157*a71a9546SAutomerger Merge Worker if (!cmd)
158*a71a9546SAutomerger Merge Worker return 0;
159*a71a9546SAutomerger Merge Worker
160*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_RULES, cmd);
161*a71a9546SAutomerger Merge Worker
162*a71a9546SAutomerger Merge Worker return 1;
163*a71a9546SAutomerger Merge Worker }
164*a71a9546SAutomerger Merge Worker
nft_cmd_rule_flush(struct nft_handle * h,const char * chain,const char * table,bool verbose)165*a71a9546SAutomerger Merge Worker int nft_cmd_rule_flush(struct nft_handle *h, const char *chain,
166*a71a9546SAutomerger Merge Worker const char *table, bool verbose)
167*a71a9546SAutomerger Merge Worker {
168*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
169*a71a9546SAutomerger Merge Worker
170*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_RULE_FLUSH, table, chain, NULL, -1,
171*a71a9546SAutomerger Merge Worker verbose);
172*a71a9546SAutomerger Merge Worker if (!cmd)
173*a71a9546SAutomerger Merge Worker return 0;
174*a71a9546SAutomerger Merge Worker
175*a71a9546SAutomerger Merge Worker if (h->family == NFPROTO_BRIDGE)
176*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_RULES, cmd);
177*a71a9546SAutomerger Merge Worker else if (chain || verbose)
178*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_CHAINS, cmd);
179*a71a9546SAutomerger Merge Worker else
180*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_TABLES, cmd);
181*a71a9546SAutomerger Merge Worker
182*a71a9546SAutomerger Merge Worker return 1;
183*a71a9546SAutomerger Merge Worker }
184*a71a9546SAutomerger Merge Worker
nft_cmd_chain_zero_counters(struct nft_handle * h,const char * chain,const char * table,bool verbose)185*a71a9546SAutomerger Merge Worker int nft_cmd_chain_zero_counters(struct nft_handle *h, const char *chain,
186*a71a9546SAutomerger Merge Worker const char *table, bool verbose)
187*a71a9546SAutomerger Merge Worker {
188*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
189*a71a9546SAutomerger Merge Worker
190*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_CHAIN_ZERO, table, chain, NULL, -1,
191*a71a9546SAutomerger Merge Worker verbose);
192*a71a9546SAutomerger Merge Worker if (!cmd)
193*a71a9546SAutomerger Merge Worker return 0;
194*a71a9546SAutomerger Merge Worker
195*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_RULES, cmd);
196*a71a9546SAutomerger Merge Worker
197*a71a9546SAutomerger Merge Worker return 1;
198*a71a9546SAutomerger Merge Worker }
199*a71a9546SAutomerger Merge Worker
nft_cmd_chain_user_add(struct nft_handle * h,const char * chain,const char * table)200*a71a9546SAutomerger Merge Worker int nft_cmd_chain_user_add(struct nft_handle *h, const char *chain,
201*a71a9546SAutomerger Merge Worker const char *table)
202*a71a9546SAutomerger Merge Worker {
203*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
204*a71a9546SAutomerger Merge Worker
205*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_CHAIN_USER_ADD, table, chain, NULL, -1,
206*a71a9546SAutomerger Merge Worker false);
207*a71a9546SAutomerger Merge Worker if (!cmd)
208*a71a9546SAutomerger Merge Worker return 0;
209*a71a9546SAutomerger Merge Worker
210*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_CHAINS, cmd);
211*a71a9546SAutomerger Merge Worker
212*a71a9546SAutomerger Merge Worker return 1;
213*a71a9546SAutomerger Merge Worker }
214*a71a9546SAutomerger Merge Worker
nft_cmd_chain_del(struct nft_handle * h,const char * chain,const char * table,bool verbose)215*a71a9546SAutomerger Merge Worker int nft_cmd_chain_del(struct nft_handle *h, const char *chain,
216*a71a9546SAutomerger Merge Worker const char *table, bool verbose)
217*a71a9546SAutomerger Merge Worker {
218*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
219*a71a9546SAutomerger Merge Worker
220*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_CHAIN_DEL, table, chain, NULL, -1,
221*a71a9546SAutomerger Merge Worker verbose);
222*a71a9546SAutomerger Merge Worker if (!cmd)
223*a71a9546SAutomerger Merge Worker return 0;
224*a71a9546SAutomerger Merge Worker
225*a71a9546SAutomerger Merge Worker /* This triggers nft_bridge_chain_postprocess() when fetching the
226*a71a9546SAutomerger Merge Worker * rule cache.
227*a71a9546SAutomerger Merge Worker */
228*a71a9546SAutomerger Merge Worker if (h->family == NFPROTO_BRIDGE || !chain)
229*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_RULES, cmd);
230*a71a9546SAutomerger Merge Worker else
231*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_CHAINS, cmd);
232*a71a9546SAutomerger Merge Worker
233*a71a9546SAutomerger Merge Worker return 1;
234*a71a9546SAutomerger Merge Worker }
235*a71a9546SAutomerger Merge Worker
nft_cmd_chain_user_rename(struct nft_handle * h,const char * chain,const char * table,const char * newname)236*a71a9546SAutomerger Merge Worker int nft_cmd_chain_user_rename(struct nft_handle *h,const char *chain,
237*a71a9546SAutomerger Merge Worker const char *table, const char *newname)
238*a71a9546SAutomerger Merge Worker {
239*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
240*a71a9546SAutomerger Merge Worker
241*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_CHAIN_RENAME, table, chain, NULL, -1,
242*a71a9546SAutomerger Merge Worker false);
243*a71a9546SAutomerger Merge Worker if (!cmd)
244*a71a9546SAutomerger Merge Worker return 0;
245*a71a9546SAutomerger Merge Worker
246*a71a9546SAutomerger Merge Worker cmd->rename = xtables_strdup(newname);
247*a71a9546SAutomerger Merge Worker
248*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_CHAINS, cmd);
249*a71a9546SAutomerger Merge Worker
250*a71a9546SAutomerger Merge Worker return 1;
251*a71a9546SAutomerger Merge Worker }
252*a71a9546SAutomerger Merge Worker
nft_cmd_rule_list(struct nft_handle * h,const char * chain,const char * table,int rulenum,unsigned int format)253*a71a9546SAutomerger Merge Worker int nft_cmd_rule_list(struct nft_handle *h, const char *chain,
254*a71a9546SAutomerger Merge Worker const char *table, int rulenum, unsigned int format)
255*a71a9546SAutomerger Merge Worker {
256*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
257*a71a9546SAutomerger Merge Worker
258*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_RULE_LIST, table, chain, NULL, rulenum,
259*a71a9546SAutomerger Merge Worker false);
260*a71a9546SAutomerger Merge Worker if (!cmd)
261*a71a9546SAutomerger Merge Worker return 0;
262*a71a9546SAutomerger Merge Worker
263*a71a9546SAutomerger Merge Worker cmd->format = format;
264*a71a9546SAutomerger Merge Worker
265*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_RULES, cmd);
266*a71a9546SAutomerger Merge Worker
267*a71a9546SAutomerger Merge Worker return 1;
268*a71a9546SAutomerger Merge Worker }
269*a71a9546SAutomerger Merge Worker
nft_cmd_rule_replace(struct nft_handle * h,const char * chain,const char * table,void * data,int rulenum,bool verbose)270*a71a9546SAutomerger Merge Worker int nft_cmd_rule_replace(struct nft_handle *h, const char *chain,
271*a71a9546SAutomerger Merge Worker const char *table, void *data, int rulenum,
272*a71a9546SAutomerger Merge Worker bool verbose)
273*a71a9546SAutomerger Merge Worker {
274*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
275*a71a9546SAutomerger Merge Worker
276*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_RULE_REPLACE, table, chain, data,
277*a71a9546SAutomerger Merge Worker rulenum, verbose);
278*a71a9546SAutomerger Merge Worker if (!cmd)
279*a71a9546SAutomerger Merge Worker return 0;
280*a71a9546SAutomerger Merge Worker
281*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_RULES, cmd);
282*a71a9546SAutomerger Merge Worker
283*a71a9546SAutomerger Merge Worker return 1;
284*a71a9546SAutomerger Merge Worker }
285*a71a9546SAutomerger Merge Worker
nft_cmd_rule_check(struct nft_handle * h,const char * chain,const char * table,void * data,bool verbose)286*a71a9546SAutomerger Merge Worker int nft_cmd_rule_check(struct nft_handle *h, const char *chain,
287*a71a9546SAutomerger Merge Worker const char *table, void *data, bool verbose)
288*a71a9546SAutomerger Merge Worker {
289*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
290*a71a9546SAutomerger Merge Worker
291*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_RULE_CHECK, table, chain, data, -1,
292*a71a9546SAutomerger Merge Worker verbose);
293*a71a9546SAutomerger Merge Worker if (!cmd)
294*a71a9546SAutomerger Merge Worker return 0;
295*a71a9546SAutomerger Merge Worker
296*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_RULES, cmd);
297*a71a9546SAutomerger Merge Worker
298*a71a9546SAutomerger Merge Worker return 1;
299*a71a9546SAutomerger Merge Worker }
300*a71a9546SAutomerger Merge Worker
nft_cmd_chain_set(struct nft_handle * h,const char * table,const char * chain,const char * policy,const struct xt_counters * counters)301*a71a9546SAutomerger Merge Worker int nft_cmd_chain_set(struct nft_handle *h, const char *table,
302*a71a9546SAutomerger Merge Worker const char *chain, const char *policy,
303*a71a9546SAutomerger Merge Worker const struct xt_counters *counters)
304*a71a9546SAutomerger Merge Worker {
305*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
306*a71a9546SAutomerger Merge Worker
307*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_CHAIN_UPDATE, table, chain, NULL, -1,
308*a71a9546SAutomerger Merge Worker false);
309*a71a9546SAutomerger Merge Worker if (!cmd)
310*a71a9546SAutomerger Merge Worker return 0;
311*a71a9546SAutomerger Merge Worker
312*a71a9546SAutomerger Merge Worker cmd->policy = xtables_strdup(policy);
313*a71a9546SAutomerger Merge Worker if (counters)
314*a71a9546SAutomerger Merge Worker cmd->counters = *counters;
315*a71a9546SAutomerger Merge Worker
316*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_CHAINS, cmd);
317*a71a9546SAutomerger Merge Worker
318*a71a9546SAutomerger Merge Worker return 1;
319*a71a9546SAutomerger Merge Worker }
320*a71a9546SAutomerger Merge Worker
nft_cmd_table_flush(struct nft_handle * h,const char * table,bool verbose)321*a71a9546SAutomerger Merge Worker int nft_cmd_table_flush(struct nft_handle *h, const char *table, bool verbose)
322*a71a9546SAutomerger Merge Worker {
323*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
324*a71a9546SAutomerger Merge Worker
325*a71a9546SAutomerger Merge Worker if (verbose) {
326*a71a9546SAutomerger Merge Worker return nft_cmd_rule_flush(h, NULL, table, verbose) &&
327*a71a9546SAutomerger Merge Worker nft_cmd_chain_del(h, NULL, table, verbose);
328*a71a9546SAutomerger Merge Worker }
329*a71a9546SAutomerger Merge Worker
330*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_TABLE_FLUSH, table, NULL, NULL, -1,
331*a71a9546SAutomerger Merge Worker false);
332*a71a9546SAutomerger Merge Worker if (!cmd)
333*a71a9546SAutomerger Merge Worker return 0;
334*a71a9546SAutomerger Merge Worker
335*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_TABLES, cmd);
336*a71a9546SAutomerger Merge Worker
337*a71a9546SAutomerger Merge Worker return 1;
338*a71a9546SAutomerger Merge Worker }
339*a71a9546SAutomerger Merge Worker
nft_cmd_chain_restore(struct nft_handle * h,const char * chain,const char * table)340*a71a9546SAutomerger Merge Worker int nft_cmd_chain_restore(struct nft_handle *h, const char *chain,
341*a71a9546SAutomerger Merge Worker const char *table)
342*a71a9546SAutomerger Merge Worker {
343*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
344*a71a9546SAutomerger Merge Worker
345*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_CHAIN_RESTORE, table, chain, NULL, -1,
346*a71a9546SAutomerger Merge Worker false);
347*a71a9546SAutomerger Merge Worker if (!cmd)
348*a71a9546SAutomerger Merge Worker return 0;
349*a71a9546SAutomerger Merge Worker
350*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_CHAINS, cmd);
351*a71a9546SAutomerger Merge Worker
352*a71a9546SAutomerger Merge Worker return 1;
353*a71a9546SAutomerger Merge Worker }
354*a71a9546SAutomerger Merge Worker
nft_cmd_rule_zero_counters(struct nft_handle * h,const char * chain,const char * table,int rulenum)355*a71a9546SAutomerger Merge Worker int nft_cmd_rule_zero_counters(struct nft_handle *h, const char *chain,
356*a71a9546SAutomerger Merge Worker const char *table, int rulenum)
357*a71a9546SAutomerger Merge Worker {
358*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
359*a71a9546SAutomerger Merge Worker
360*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_RULE_ZERO, table, chain, NULL, rulenum,
361*a71a9546SAutomerger Merge Worker false);
362*a71a9546SAutomerger Merge Worker if (!cmd)
363*a71a9546SAutomerger Merge Worker return 0;
364*a71a9546SAutomerger Merge Worker
365*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_RULES, cmd);
366*a71a9546SAutomerger Merge Worker
367*a71a9546SAutomerger Merge Worker return 1;
368*a71a9546SAutomerger Merge Worker }
369*a71a9546SAutomerger Merge Worker
nft_cmd_rule_list_save(struct nft_handle * h,const char * chain,const char * table,int rulenum,int counters)370*a71a9546SAutomerger Merge Worker int nft_cmd_rule_list_save(struct nft_handle *h, const char *chain,
371*a71a9546SAutomerger Merge Worker const char *table, int rulenum, int counters)
372*a71a9546SAutomerger Merge Worker {
373*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
374*a71a9546SAutomerger Merge Worker
375*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_RULE_SAVE, table, chain, NULL, rulenum,
376*a71a9546SAutomerger Merge Worker false);
377*a71a9546SAutomerger Merge Worker if (!cmd)
378*a71a9546SAutomerger Merge Worker return 0;
379*a71a9546SAutomerger Merge Worker
380*a71a9546SAutomerger Merge Worker cmd->counters_save = counters;
381*a71a9546SAutomerger Merge Worker
382*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_RULES, cmd);
383*a71a9546SAutomerger Merge Worker
384*a71a9546SAutomerger Merge Worker return 1;
385*a71a9546SAutomerger Merge Worker }
386*a71a9546SAutomerger Merge Worker
ebt_cmd_user_chain_policy(struct nft_handle * h,const char * table,const char * chain,const char * policy)387*a71a9546SAutomerger Merge Worker int ebt_cmd_user_chain_policy(struct nft_handle *h, const char *table,
388*a71a9546SAutomerger Merge Worker const char *chain, const char *policy)
389*a71a9546SAutomerger Merge Worker {
390*a71a9546SAutomerger Merge Worker struct nft_cmd *cmd;
391*a71a9546SAutomerger Merge Worker
392*a71a9546SAutomerger Merge Worker cmd = nft_cmd_new(h, NFT_COMPAT_BRIDGE_USER_CHAIN_UPDATE, table, chain,
393*a71a9546SAutomerger Merge Worker NULL, -1, false);
394*a71a9546SAutomerger Merge Worker if (!cmd)
395*a71a9546SAutomerger Merge Worker return 0;
396*a71a9546SAutomerger Merge Worker
397*a71a9546SAutomerger Merge Worker cmd->policy = xtables_strdup(policy);
398*a71a9546SAutomerger Merge Worker
399*a71a9546SAutomerger Merge Worker nft_cache_level_set(h, NFT_CL_RULES, cmd);
400*a71a9546SAutomerger Merge Worker
401*a71a9546SAutomerger Merge Worker return 1;
402*a71a9546SAutomerger Merge Worker }
403