iptables: nft: use 64-bits handle
Now that we use that in kernel space and in libnftables.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/iptables/nft.c b/iptables/nft.c
index 123a479..8e2b5ac 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -649,7 +649,7 @@
int
nft_rule_add(struct nft_handle *h, const char *chain, const char *table,
struct iptables_command_state *cs,
- bool append, uint16_t handle, bool verbose)
+ bool append, uint64_t handle, bool verbose)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
@@ -2409,11 +2409,12 @@
r = nft_rule_find(list, chain, table, cs, rulenum);
if (r != NULL) {
- DEBUGP("replacing rule with handle=%u\n",
- nft_rule_attr_get_u16(r, NFT_RULE_ATTR_HANDLE));
+ DEBUGP("replacing rule with handle=%llu\n",
+ (unsigned long long)
+ nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE));
ret = nft_rule_add(h, chain, table, cs, true,
- nft_rule_attr_get_u16(r, NFT_RULE_ATTR_HANDLE),
+ nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE),
verbose);
} else
errno = ENOENT;
diff --git a/iptables/nft.h b/iptables/nft.h
index 474e652..aa458f8 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -39,7 +39,7 @@
*/
struct nft_rule;
-int nft_rule_add(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool append, uint16_t handle, bool verbose);
+int nft_rule_add(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool append, uint64_t handle, bool verbose);
int nft_rule_check(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool verbose);
int nft_rule_delete(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cmd, bool verbose);
int nft_rule_delete_num(struct nft_handle *h, const char *chain, const char *table, int rulenum, bool verbose);