diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2014-11-12 13:00:12 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-11-12 13:16:57 +0100 |
commit | c82bf9f79bbc299de428fdc2e204d571b6cbc50d (patch) | |
tree | 984f4940c32af3d41e1598545a1e4e4b4b321659 /iptables/nft-shared.c | |
parent | df3741332d86629a8fdd267930e0a249803f6aa8 (diff) |
iptables-compat: kill add_*() invflags parameter
Let's kill the invflags parameter and use directly NFT_CMP_[N]EQ.
The caller must calculate which kind of cmp operation requires.
BTW, this patch solves absence of inversion in some arptables-compat
builtin matches. Thus, translating arptables inv flags is no longer needed.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-shared.c')
-rw-r--r-- | iptables/nft-shared.c | 35 |
1 files changed, 4 insertions, 31 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 00310a37..d4a54bee 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -130,18 +130,12 @@ void add_cmp_u32(struct nft_rule *r, uint32_t val, uint32_t op) add_cmp_ptr(r, op, &val, sizeof(val)); } -void add_iniface(struct nft_rule *r, char *iface, int invflags) +void add_iniface(struct nft_rule *r, char *iface, uint32_t op) { int iface_len; - uint32_t op; iface_len = strlen(iface); - if (invflags & IPT_INV_VIA_IN) - op = NFT_CMP_NEQ; - else - op = NFT_CMP_EQ; - add_meta(r, NFT_META_IIFNAME); if (iface[iface_len - 1] == '+') add_cmp_ptr(r, op, iface, iface_len - 1); @@ -149,18 +143,12 @@ void add_iniface(struct nft_rule *r, char *iface, int invflags) add_cmp_ptr(r, op, iface, iface_len + 1); } -void add_outiface(struct nft_rule *r, char *iface, int invflags) +void add_outiface(struct nft_rule *r, char *iface, uint32_t op) { int iface_len; - uint32_t op; iface_len = strlen(iface); - if (invflags & IPT_INV_VIA_OUT) - op = NFT_CMP_NEQ; - else - op = NFT_CMP_EQ; - add_meta(r, NFT_META_OIFNAME); if (iface[iface_len - 1] == '+') add_cmp_ptr(r, op, iface, iface_len - 1); @@ -169,33 +157,18 @@ void add_outiface(struct nft_rule *r, char *iface, int invflags) } void add_addr(struct nft_rule *r, int offset, - void *data, void *mask, size_t len, int invflags) + void *data, void *mask, size_t len, uint32_t op) { - uint32_t op; - add_payload(r, offset, len); add_bitwise(r, mask, len); - if (invflags & IPT_INV_SRCIP || invflags & IPT_INV_DSTIP) - op = NFT_CMP_NEQ; - else - op = NFT_CMP_EQ; - add_cmp_ptr(r, op, data, len); } void add_proto(struct nft_rule *r, int offset, size_t len, - uint8_t proto, int invflags) + uint8_t proto, uint32_t op) { - uint32_t op; - add_payload(r, offset, len); - - if (invflags & XT_INV_PROTO) - op = NFT_CMP_NEQ; - else - op = NFT_CMP_EQ; - add_cmp_u8(r, proto, op); } |