path: root/iptables/
diff options
authorGiuseppe Longo <>2013-09-09 12:54:04 +0200
committerPablo Neira Ayuso <>2013-12-30 23:50:46 +0100
commit84909d171585d77fe769f03e2b1b96eab0aa0213 (patch)
tree1627c75d71025b18b6d7a94ee504617146b02419 /iptables/
parent67da6075a4e7ced0e8cc452d73ce8ab06cbf8cd9 (diff)
xtables: bootstrap ARP compatibility layer for nftables
This patch bootstraps ARP support for the compatibility layer: 1) copy original arptables code into xtables-arp.c 2) adapt it to fit into the existing nft infrastructure. 3) add the builtin table/chains for ARP. 4) add necessary parts so xtables-multi can provide xtables-arp. 5) add basic support for rule addition (-A), insertion (-I) and listing (-L). [ This was originally posted in a series of patches with interdependencies that I have collapsed to leave the repository in consistent state. This patch includes the following changes I made: * Rename from xtables-arptables to xtables-arp, previous name too long. * Remove nft-arptables.c, now we have one single nft-arp.c file. Moved specific ARP functions to nft.c. Those should go away at some point as some refactorization should allow to accomodate those functions to the existing infrastructure. * Fix --opcode Request/Reply, so we can do something useful with this like dropping ARP request/replies. --pablo ] Signed-off-by: Giuseppe Longo <> Signed-off-by: Tomasz Bursztyka <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/')
1 files changed, 4 insertions, 3 deletions
diff --git a/iptables/ b/iptables/
index 5cbd8ff9..b9a9743e 100644
--- a/iptables/
+++ b/iptables/
@@ -31,8 +31,9 @@ if HAVE_LIBNFTABLES
xtables_multi_SOURCES += xtables-config-parser.y xtables-config-syntax.l
xtables_multi_SOURCES += xtables-save.c xtables-restore.c \
xtables-standalone.c xtables.c nft.c \
- nft-shared.c nft-ipv4.c nft-ipv6.c \
- xtables-config.c xtables-events.c
+ nft-shared.c nft-ipv4.c nft-ipv6.c nft-arp.c \
+ xtables-config.c xtables-events.c \
+ xtables-arp-standalone.c xtables-arp.c
xtables_multi_LDADD += -lmnl -lnftables ${libmnl_LIBS} ${libnftables_LIBS}
# yacc and lex generate dirty code
@@ -57,7 +58,7 @@ v6_sbin_links = ip6tables ip6tables-restore ip6tables-save
x_sbin_links = xtables xtables-restore xtables-save xtables-config \
- xtables-events
+ xtables-events xtables-arp
iptables-extensions.8: iptables-extensions.8.tmpl ../extensions/ ../extensions/