Signed-off-by: Pablo Neira Ayuso <[email protected]>
---
iptables/nft.c | 26 +++++++++++++-------------
iptables/nft.h | 20 +++++++++++---------
2 files changed, 24 insertions(+), 22 deletions(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index d098068e01ca..dab7fbe235d2 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -375,8 +375,8 @@ static int batch_rule_add(struct nft_handle *h, enum
obj_update_type type,
return batch_add(h, type, r);
}
-struct builtin_table xtables_ipv4[TABLES_MAX] = {
- [RAW] = {
+struct builtin_table xtables_ipv4[NFT_TABLE_MAX] = {
+ [NFT_TABLE_RAW] = {
.name = "raw",
.chains = {
{
@@ -393,7 +393,7 @@ struct builtin_table xtables_ipv4[TABLES_MAX] = {
},
},
},
- [MANGLE] = {
+ [NFT_TABLE_MANGLE] = {
.name = "mangle",
.chains = {
{
@@ -428,7 +428,7 @@ struct builtin_table xtables_ipv4[TABLES_MAX] = {
},
},
},
- [FILTER] = {
+ [NFT_TABLE_FILTER] = {
.name = "filter",
.chains = {
{
@@ -451,7 +451,7 @@ struct builtin_table xtables_ipv4[TABLES_MAX] = {
},
},
},
- [SECURITY] = {
+ [NFT_TABLE_SECURITY] = {
.name = "security",
.chains = {
{
@@ -474,7 +474,7 @@ struct builtin_table xtables_ipv4[TABLES_MAX] = {
},
},
},
- [NAT] = {
+ [NFT_TABLE_NAT] = {
.name = "nat",
.chains = {
{
@@ -507,8 +507,8 @@ struct builtin_table xtables_ipv4[TABLES_MAX] = {
#include <linux/netfilter_arp.h>
-struct builtin_table xtables_arp[TABLES_MAX] = {
- [FILTER] = {
+struct builtin_table xtables_arp[NFT_TABLE_MAX] = {
+ [NFT_TABLE_FILTER] = {
.name = "filter",
.chains = {
{
@@ -529,8 +529,8 @@ struct builtin_table xtables_arp[TABLES_MAX] = {
#include <linux/netfilter_bridge.h>
-struct builtin_table xtables_bridge[TABLES_MAX] = {
- [FILTER] = {
+struct builtin_table xtables_bridge[NFT_TABLE_MAX] = {
+ [NFT_TABLE_FILTER] = {
.name = "filter",
.chains = {
{
@@ -553,7 +553,7 @@ struct builtin_table xtables_bridge[TABLES_MAX] = {
},
},
},
- [NAT] = {
+ [NFT_TABLE_NAT] = {
.name = "nat",
.chains = {
{
@@ -638,7 +638,7 @@ nft_table_builtin_find(struct nft_handle *h, const char
*table)
int i;
bool found = false;
- for (i=0; i<TABLES_MAX; i++) {
+ for (i = 0; i < NFT_TABLE_MAX; i++) {
if (h->tables[i].name == NULL)
continue;
@@ -3122,7 +3122,7 @@ static int nft_is_chain_compatible(const struct
nft_handle *h,
prio = nftnl_chain_get_u32(chain, NFTNL_CHAIN_PRIO);
hook = nftnl_chain_get_u32(chain, NFTNL_CHAIN_HOOKNUM);
- for (i = 0; i < TABLES_MAX; i++) {
+ for (i = 0; i < NFT_TABLE_MAX; i++) {
cur_table = h->tables[i].name;
chains = h->tables[i].chains;
diff --git a/iptables/nft.h b/iptables/nft.h
index bb5f03b4218f..9b4ba5f9a63e 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -5,12 +5,14 @@
#include "nft-shared.h"
#include <libiptc/linux_list.h>
-#define FILTER 0
-#define MANGLE 1
-#define RAW 2
-#define SECURITY 3
-#define NAT 4
-#define TABLES_MAX 5
+enum nft_table_type {
+ NFT_TABLE_FILTER = 0,
+ NFT_TABLE_MANGLE,
+ NFT_TABLE_RAW,
+ NFT_TABLE_SECURITY,
+ NFT_TABLE_NAT,
+};
+#define NFT_TABLE_MAX (NFT_TABLE_NAT + 1)
struct builtin_chain {
const char *name;
@@ -47,9 +49,9 @@ struct nft_handle {
} error;
};
-extern struct builtin_table xtables_ipv4[TABLES_MAX];
-extern struct builtin_table xtables_arp[TABLES_MAX];
-extern struct builtin_table xtables_bridge[TABLES_MAX];
+extern struct builtin_table xtables_ipv4[NFT_TABLE_MAX];
+extern struct builtin_table xtables_arp[NFT_TABLE_MAX];
+extern struct builtin_table xtables_bridge[NFT_TABLE_MAX];
int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh,
int (*cb)(const struct nlmsghdr *nlh, void *data),
--
2.11.0
