path: root/iptables/nft-shared.h
diff options
authorPablo Neira Ayuso <>2013-05-12 16:47:11 +0200
committerPablo Neira Ayuso <>2013-12-30 23:50:29 +0100
commit6838a7f51e6d95f904093e05e8bdc75ada70b93f (patch)
treeff0bedfcab7dbbe0bf547c1a3879bc64f949720c /iptables/nft-shared.h
parent26d3a0d77c67289341361bbd3254f2257eec69a0 (diff)
xtables: add new nft_ops->post_parse hook
Move specific layer 3 protocol post argument parsing code to the respective nft-ipv[4|6].c files. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft-shared.h')
1 files changed, 21 insertions, 0 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 30e87bb3..59734d9d 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -34,6 +34,8 @@
#define FMT(tab,notab) ((format) & FMT_NOTABLE ? (notab) : (tab))
+struct xtables_args;
struct nft_family_ops {
int (*add)(struct nft_rule *r, struct iptables_command_state *cs);
bool (*is_same)(const struct iptables_command_state *a,
@@ -49,6 +51,8 @@ struct nft_family_ops {
uint8_t (*print_firewall)(const struct iptables_command_state *cs,
const char *targname, unsigned int num,
unsigned int format);
+ void (*post_parse)(int command, struct iptables_command_state *cs,
+ struct xtables_args *args);
void add_meta(struct nft_rule *r, uint32_t key);
@@ -116,4 +120,21 @@ struct xtables_args {
unsigned long long pcnt_cnt, bcnt_cnt;
+#define CMD_NONE 0x0000U
+#define CMD_INSERT 0x0001U
+#define CMD_DELETE 0x0002U
+#define CMD_DELETE_NUM 0x0004U
+#define CMD_REPLACE 0x0008U
+#define CMD_APPEND 0x0010U
+#define CMD_LIST 0x0020U
+#define CMD_FLUSH 0x0040U
+#define CMD_ZERO 0x0080U
+#define CMD_NEW_CHAIN 0x0100U
+#define CMD_DELETE_CHAIN 0x0200U
+#define CMD_SET_POLICY 0x0400U
+#define CMD_RENAME_CHAIN 0x0800U
+#define CMD_LIST_RULES 0x1000U
+#define CMD_ZERO_NUM 0x2000U
+#define CMD_CHECK 0x4000U