From 6a53e6e7659e7ecef6636cb42840320dbbc36bda Mon Sep 17 00:00:00 2001
From: Paul Chambers <paul@chambers.name>
Date: Mon, 30 Sep 2019 11:20:16 -0700
Subject: [PATCH] use the same name for all three tables, like sshguard does

---
 miniupnpd/netfilter_nft/nftnlrdr.c      | 30 ++++++++++---------------
 miniupnpd/netfilter_nft/nftnlrdr_misc.c | 18 +++++++--------
 miniupnpd/netfilter_nft/nftnlrdr_misc.h |  2 --
 3 files changed, 20 insertions(+), 30 deletions(-)

diff --git a/miniupnpd/netfilter_nft/nftnlrdr.c b/miniupnpd/netfilter_nft/nftnlrdr.c
index 02a9da9..3042d3f 100644
--- a/miniupnpd/netfilter_nft/nftnlrdr.c
+++ b/miniupnpd/netfilter_nft/nftnlrdr.c
@@ -77,27 +77,27 @@ init_redirect(void) {
 
 	/* 'ip' family */
 	if (result == 0) {
-		result = table_op(NFT_MSG_NEWTABLE, NFPROTO_IPV4, nft_table4);
+		result = table_op(NFT_MSG_NEWTABLE, NFPROTO_IPV4, nft_table);
 	}
 	if (result == 0) {
-		result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV4, nft_table4,
+		result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV4, nft_table,
 						  nft_prerouting_chain, NAT_CHAIN_TYPE, NF_INET_PRE_ROUTING, NF_IP_PRI_NAT_DST);
 	}
 	if (result == 0) {
-		result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV4, nft_table4,
+		result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV4, nft_table,
 						  nft_postrouting_chain, NAT_CHAIN_TYPE, NF_INET_POST_ROUTING, NF_IP_PRI_NAT_SRC);
 	}
 
 	/* 'ip6' family */
 	if (result == 0) {
-		result = table_op(NFT_MSG_NEWTABLE, NFPROTO_IPV6, nft_table6);
+		result = table_op(NFT_MSG_NEWTABLE, NFPROTO_IPV6, nft_table);
 	}
 	if (result == 0) {
-		result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV6, nft_table6,
+		result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV6, nft_table,
 						  nft_prerouting_chain, NAT_CHAIN_TYPE, NF_INET_PRE_ROUTING, NF_IP_PRI_NAT_DST);
 	}
 	if (result == 0) {
-		result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV6, nft_table6,
+		result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV6, nft_table,
 						  nft_postrouting_chain, NAT_CHAIN_TYPE, NF_INET_POST_ROUTING, NF_IP_PRI_NAT_SRC);
 	}
 
@@ -116,27 +116,27 @@ shutdown_redirect(void) {
 	}
 
 	/* 'ip' family */
-	result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV4, nft_table4,
+	result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV4, nft_table,
 					  nft_prerouting_chain, NAT_CHAIN_TYPE, NF_INET_PRE_ROUTING, NF_IP_PRI_NAT_DST);
 	if (result == 0) {
-		result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV4, nft_table4,
+		result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV4, nft_table,
 						  nft_postrouting_chain, NAT_CHAIN_TYPE, NF_INET_POST_ROUTING, NF_IP_PRI_NAT_SRC);
 	}
 	if (result == 0) {
-		result = table_op(NFT_MSG_DELTABLE, NFPROTO_IPV4, nft_table4);
+		result = table_op(NFT_MSG_DELTABLE, NFPROTO_IPV4, nft_table);
 	}
 
 	/* 'ip6' family */
 	if (result == 0) {
-		result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV6, nft_table6,
+		result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV6, nft_table,
 						  nft_prerouting_chain, NAT_CHAIN_TYPE, NF_INET_PRE_ROUTING, NF_IP_PRI_NAT_DST);
 	}
 	if (result == 0) {
-		result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV6, nft_table6,
+		result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV6, nft_table,
 						  nft_postrouting_chain, NAT_CHAIN_TYPE, NF_INET_POST_ROUTING, NF_IP_PRI_NAT_SRC);
 	}
 	if (result == 0) {
-		result = table_op(NFT_MSG_DELTABLE, NFPROTO_IPV6, nft_table6);
+		result = table_op(NFT_MSG_DELTABLE, NFPROTO_IPV6, nft_table);
 	}
 
 	finish_batch();
@@ -157,12 +157,6 @@ set_rdr_name(rdr_name_type param, const char *string) {
 	case TABLE_NAME:
 		nft_table = string;
 		break;
-	case TABLE4_NAME:
-		nft_table4 = string;
-		break;
-	case TABLE6_NAME:
-		nft_table6 = string;
-		break;
 	case NAT_CHAIN_NAME:
 		nft_prerouting_chain = string;
 		break;
diff --git a/miniupnpd/netfilter_nft/nftnlrdr_misc.c b/miniupnpd/netfilter_nft/nftnlrdr_misc.c
index a66df8b..63cd469 100644
--- a/miniupnpd/netfilter_nft/nftnlrdr_misc.c
+++ b/miniupnpd/netfilter_nft/nftnlrdr_misc.c
@@ -64,8 +64,6 @@
 #define RULE_CACHE_VALID    1
 
 const char * nft_table = "miniupnpd";
-const char * nft_table4 = "miniupnpd4";
-const char * nft_table6 = "miniupnpd6";
 const char * nft_prerouting_chain = "prerouting";
 const char * nft_postrouting_chain = "postrouting";
 const char * nft_forward_chain = "forward";
@@ -656,7 +654,7 @@ table_cb(const struct nlmsghdr *nlh, void *data)
 void
 refresh_nft_cache_filter(void) {
 	if (rule_list_filter_validate != RULE_CACHE_VALID) {
-		refresh_nft_cache(&head_filter, nft_table4, nft_forward_chain, NFPROTO_INET);
+		refresh_nft_cache(&head_filter, nft_table, nft_forward_chain, NFPROTO_INET);
 		rule_list_filter_validate = RULE_CACHE_VALID;
 	}
 }
@@ -664,7 +662,7 @@ refresh_nft_cache_filter(void) {
 void
 refresh_nft_cache_peer(void) {
 	if (rule_list_peer_validate != RULE_CACHE_VALID) {
-		refresh_nft_cache(&head_peer, nft_table4, nft_postrouting_chain, NFPROTO_IPV4);
+		refresh_nft_cache(&head_peer, nft_table, nft_postrouting_chain, NFPROTO_IPV4);
 		rule_list_peer_validate = RULE_CACHE_VALID;
 	}
 }
@@ -673,7 +671,7 @@ void
 refresh_nft_cache_redirect(void)
 {
 	if (rule_list_redirect_validate != RULE_CACHE_VALID) {
-		refresh_nft_cache(&head_redirect, nft_table4, nft_prerouting_chain, NFPROTO_IPV4);
+		refresh_nft_cache(&head_redirect, nft_table, nft_prerouting_chain, NFPROTO_IPV4);
 		rule_list_redirect_validate = RULE_CACHE_VALID;
 	}
 }
@@ -935,9 +933,9 @@ rule_set_snat(uint8_t family, uint8_t proto,
 		return NULL;
 	}
 
-	nftnl_rule_set(r, NFTNL_RULE_TABLE, family == NFPROTO_IPV6 ? nft_table6 : nft_table4);
-	nftnl_rule_set(r, NFTNL_RULE_CHAIN, nft_postrouting_chain);
 	nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, family);
+	nftnl_rule_set(r, NFTNL_RULE_TABLE, nft_table);
+	nftnl_rule_set(r, NFTNL_RULE_CHAIN, nft_postrouting_chain);
 
 	if (descr != NULL) {
 		descr_len = strlen(descr);
@@ -1021,9 +1019,9 @@ rule_set_dnat(uint8_t family, const char * ifname, uint8_t proto,
 		return NULL;
 	}
 
-	nftnl_rule_set(r, NFTNL_RULE_TABLE, family == NFPROTO_IPV6 ? nft_table6 : nft_table4);
-	nftnl_rule_set(r, NFTNL_RULE_CHAIN, nft_prerouting_chain);
 	nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, family);
+	nftnl_rule_set(r, NFTNL_RULE_TABLE, nft_table);
+	nftnl_rule_set(r, NFTNL_RULE_CHAIN, nft_prerouting_chain);
 
 	if (descr != NULL) {
 		descr_len = strlen(descr);
@@ -1183,9 +1181,9 @@ rule_set_filter_common(struct nftnl_rule *r, uint8_t family, const char * ifname
 	uint32_t descr_len;
 	UNUSED(eport);
 
+	nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, family);
 	nftnl_rule_set(r, NFTNL_RULE_TABLE, nft_table);
 	nftnl_rule_set(r, NFTNL_RULE_CHAIN, nft_forward_chain);
-	nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, family);
 
 	if (descr != NULL) {
 		descr_len = strlen(descr);
diff --git a/miniupnpd/netfilter_nft/nftnlrdr_misc.h b/miniupnpd/netfilter_nft/nftnlrdr_misc.h
index ecd2c2a..b3e9141 100644
--- a/miniupnpd/netfilter_nft/nftnlrdr_misc.h
+++ b/miniupnpd/netfilter_nft/nftnlrdr_misc.h
@@ -9,8 +9,6 @@
 #include <sys/queue.h>
 
 extern const char * nft_table;
-extern const char * nft_table4;
-extern const char * nft_table6;
 extern const char * nft_prerouting_chain;
 extern const char * nft_postrouting_chain;
 extern const char * nft_forward_chain;