path: root/iptables/nft-shared.h
diff options
authorGiuseppe Longo <>2014-08-22 11:16:29 +0200
committerPablo Neira Ayuso <>2014-08-24 16:02:47 +0200
commit1cc84d47766ad74be8609477d3496544848b75b1 (patch)
treeebdc7348c4321e9e19ddca78d5dce658d8715a09 /iptables/nft-shared.h
parentd579c3cba69ec958ca93216a77f15acfa1487e09 (diff)
nft: add nft_xt_ctx struct
This patch provides the context used to transfer information between different nft_parse_* function calls. Signed-off-by: Giuseppe Longo <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft-shared.h')
1 files changed, 17 insertions, 15 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 1c06b5f4..c4936dde 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -6,6 +6,8 @@
#include <libnftnl/rule.h>
#include <libnftnl/expr.h>
+#include <linux/netfilter_arp/arp_tables.h>
#include "xshared.h"
#if 0
@@ -36,6 +38,16 @@
struct xtables_args;
+struct nft_xt_ctx {
+ union {
+ struct iptables_command_state *cs;
+ struct arpt_entry *fw;
+ } state;
+ struct nft_rule_expr_iter *iter;
+ int family;
+ uint32_t flags;
struct nft_family_ops {
int (*add)(struct nft_rule *r, void *data);
bool (*is_same)(const void *data_a,
@@ -88,19 +100,11 @@ void parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface,
void print_proto(uint16_t proto, int invert);
void get_cmp_data(struct nft_rule_expr_iter *iter,
void *data, size_t dlen, bool *inv);
-void nft_parse_target(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter,
- int family, void *data);
-void nft_parse_meta(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter,
- int family, void *data);
-void nft_parse_payload(struct nft_rule_expr *e,
- struct nft_rule_expr_iter *iter,
- int family, void *data);
-void nft_parse_counter(struct nft_rule_expr *e,
- struct nft_rule_expr_iter *iter,
- struct xt_counters *counters);
-void nft_parse_immediate(struct nft_rule_expr *e,
- struct nft_rule_expr_iter *iter,
- int family, void *data);
+void nft_parse_target(struct nft_xt_ctx *ctx, struct nft_rule_expr *e);
+void nft_parse_meta(struct nft_xt_ctx *ctx, struct nft_rule_expr *e);
+void nft_parse_payload(struct nft_xt_ctx *ctx, struct nft_rule_expr *e);
+void nft_parse_counter(struct nft_rule_expr *e, struct xt_counters *counters);
+void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nft_rule_expr *e);
void nft_rule_to_iptables_command_state(struct nft_rule *r,
struct iptables_command_state *cs);
void print_firewall_details(const struct iptables_command_state *cs,
@@ -182,8 +186,6 @@ struct xtables_args {
extern char *opcodes[];
#define NUMOPCODES 9
-#include <linux/netfilter_arp/arp_tables.h>
static inline struct xt_entry_target *nft_arp_get_target(struct arpt_entry *fw)
struct xt_entry_target **target;