path: root/iptables/nft-shared.h
diff options
authorArturo Borrero <>2014-11-12 13:00:12 +0100
committerPablo Neira Ayuso <>2014-11-12 13:16:57 +0100
commitc82bf9f79bbc299de428fdc2e204d571b6cbc50d (patch)
tree984f4940c32af3d41e1598545a1e4e4b4b321659 /iptables/nft-shared.h
parentdf3741332d86629a8fdd267930e0a249803f6aa8 (diff)
iptables-compat: kill add_*() invflags parameter
Let's kill the invflags parameter and use directly NFT_CMP_[N]EQ. The caller must calculate which kind of cmp operation requires. BTW, this patch solves absence of inversion in some arptables-compat builtin matches. Thus, translating arptables inv flags is no longer needed. Signed-off-by: Arturo Borrero Gonzalez <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft-shared.h')
1 files changed, 4 insertions, 4 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 468da5c9..1b16d4e0 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -107,12 +107,12 @@ void add_cmp_ptr(struct nft_rule *r, uint32_t op, void *data, size_t len);
void add_cmp_u8(struct nft_rule *r, uint8_t val, uint32_t op);
void add_cmp_u16(struct nft_rule *r, uint16_t val, uint32_t op);
void add_cmp_u32(struct nft_rule *r, uint32_t val, uint32_t op);
-void add_iniface(struct nft_rule *r, char *iface, int invflags);
-void add_outiface(struct nft_rule *r, char *iface, int invflags);
+void add_iniface(struct nft_rule *r, char *iface, uint32_t op);
+void add_outiface(struct nft_rule *r, char *iface, uint32_t op);
void add_addr(struct nft_rule *r, int offset,
- void *data, void *mask, size_t len, int invflags);
+ void *data, void *mask, size_t len, uint32_t op);
void add_proto(struct nft_rule *r, int offset, size_t len,
- uint8_t proto, int invflags);
+ uint8_t proto, uint32_t op);
void add_compat(struct nft_rule *r, uint32_t proto, bool inv);
bool is_same_interfaces(const char *a_iniface, const char *a_outiface,