diff options
author | Giuseppe Longo <giuseppelng@gmail.com> | 2013-09-04 14:36:41 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:45 +0100 |
commit | 04d9ad94a40e795dfa8d4cfd0bf3f092d60ecc47 (patch) | |
tree | fd5d63459439b90c602b09c76d008668dcc26cdb /iptables/nft-ipv6.c | |
parent | a69cc575295eedb44f0fa33cd5fcf1cc0114133a (diff) |
nft: refactoring parse operations for more genericity
This allows to reuse the nft_parse_* function for the bridge and
arp family (not yet supported).
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-ipv6.c')
-rw-r--r-- | iptables/nft-ipv6.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 9bb57981..27e63a45 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -70,17 +70,19 @@ static bool nft_ipv6_is_same(const struct iptables_command_state *a, } static void nft_ipv6_parse_meta(struct nft_rule_expr *e, uint8_t key, - struct iptables_command_state *cs) + void *data) { + struct iptables_command_state *cs = data; + parse_meta(e, key, cs->fw6.ipv6.iniface, cs->fw6.ipv6.iniface_mask, cs->fw6.ipv6.outiface, cs->fw6.ipv6.outiface_mask, &cs->fw6.ipv6.invflags); } static void nft_ipv6_parse_payload(struct nft_rule_expr_iter *iter, - struct iptables_command_state *cs, - uint32_t offset) + uint32_t offset, void *data) { + struct iptables_command_state *cs = data; switch (offset) { struct in6_addr addr; uint8_t proto; @@ -110,9 +112,15 @@ static void nft_ipv6_parse_payload(struct nft_rule_expr_iter *iter, } } -static void nft_ipv6_parse_immediate(struct iptables_command_state *cs) +static void nft_ipv6_parse_immediate(const char *jumpto, bool nft_goto, + void *data) { - cs->fw6.ipv6.flags |= IPT_F_GOTO; + struct iptables_command_state *cs = data; + + cs->jumpto = jumpto; + + if (nft_goto) + cs->fw6.ipv6.flags |= IPT_F_GOTO; } static void print_ipv6_addr(const struct iptables_command_state *cs, @@ -274,6 +282,13 @@ static void nft_ipv6_post_parse(int command, struct iptables_command_state *cs, " source or destination IP addresses"); } +static void nft_ipv6_parse_target(struct xtables_target *t, void *data) +{ + struct iptables_command_state *cs = data; + + cs->target = t; +} + struct nft_family_ops nft_family_ops_ipv6 = { .add = nft_ipv6_add, .is_same = nft_ipv6_is_same, @@ -283,4 +298,5 @@ struct nft_family_ops nft_family_ops_ipv6 = { .print_firewall = nft_ipv6_print_firewall, .save_firewall = nft_ipv6_save_firewall, .post_parse = nft_ipv6_post_parse, + .parse_target = nft_ipv6_parse_target, }; |