diff options
author | Giuseppe Longo <giuseppelng@gmail.com> | 2013-09-09 12:54:04 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:46 +0100 |
commit | 84909d171585d77fe769f03e2b1b96eab0aa0213 (patch) | |
tree | 1627c75d71025b18b6d7a94ee504617146b02419 /iptables/nft-shared.c | |
parent | 67da6075a4e7ced0e8cc452d73ce8ab06cbf8cd9 (diff) |
xtables: bootstrap ARP compatibility layer for nftables
This patch bootstraps ARP support for the compatibility layer:
1) copy original arptables code into xtables-arp.c
2) adapt it to fit into the existing nft infrastructure.
3) add the builtin table/chains for ARP.
4) add necessary parts so xtables-multi can provide xtables-arp.
5) add basic support for rule addition (-A), insertion (-I) and
listing (-L).
[ This was originally posted in a series of patches with interdependencies
that I have collapsed to leave the repository in consistent state. This
patch includes the following changes I made:
* Rename from xtables-arptables to xtables-arp, previous name too long.
* Remove nft-arptables.c, now we have one single nft-arp.c file. Moved
specific ARP functions to nft.c. Those should go away at some point as
some refactorization should allow to accomodate those functions to the
existing infrastructure.
* Fix --opcode Request/Reply, so we can do something useful with this
like dropping ARP request/replies.
--pablo ]
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-shared.c')
-rw-r--r-- | iptables/nft-shared.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 5681e264..c1cb5a7f 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -30,6 +30,7 @@ extern struct nft_family_ops nft_family_ops_ipv4; extern struct nft_family_ops nft_family_ops_ipv6; +extern struct nft_family_ops nft_family_ops_arp; void add_meta(struct nft_rule *r, uint32_t key) { @@ -281,8 +282,7 @@ void parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface, } } -static void -nft_parse_target(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter, +void nft_parse_target(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter, int family, void *data) { size_t tg_len; @@ -381,7 +381,7 @@ void get_cmp_data(struct nft_rule_expr_iter *iter, *inv = false; } -static void +void nft_parse_meta(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter, int family, void *data) { @@ -402,7 +402,7 @@ nft_parse_meta(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter, ops->parse_meta(e, key, data); } -static void +void nft_parse_payload(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter, int family, void *data) { @@ -414,7 +414,7 @@ nft_parse_payload(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter, ops->parse_payload(iter, offset, data); } -static void +void nft_parse_counter(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter, struct xt_counters *counters) { @@ -422,7 +422,7 @@ nft_parse_counter(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter, counters->bcnt = nft_rule_expr_get_u64(e, NFT_EXPR_CTR_BYTES); } -static void +void nft_parse_immediate(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter, int family, void *data) { @@ -649,6 +649,8 @@ struct nft_family_ops *nft_family_ops_lookup(int family) return &nft_family_ops_ipv4; case AF_INET6: return &nft_family_ops_ipv6; + case NFPROTO_ARP: + return &nft_family_ops_arp; default: break; } |