path: root/iptables/nft-shared.h
diff options
authorPablo Neira Ayuso <>2013-09-18 14:13:47 +0200
committerPablo Neira Ayuso <>2013-12-30 23:50:47 +0100
commite2a2c72277b49ac611809b3978365ab3010e1597 (patch)
tree299f55185b6a3a0af37060c521e1fc74f89be488 /iptables/nft-shared.h
parent217f021925872dcbce4187408762845ae3f6f182 (diff)
nft: consolidate nft_rule_find for ARP, IPv4 and IPv6
This patch kills nft_arp_rule_find, which is almost a copy and paste of the original nft_rule_find function. Refactor this function to move specific protocol parts to the corresponding nft-{ipv4,ipv6,arp}.c files. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft-shared.h')
1 files changed, 8 insertions, 0 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 80f2bc6f..3d1f433f 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -54,6 +54,8 @@ struct nft_family_ops {
void (*post_parse)(int command, struct iptables_command_state *cs,
struct xtables_args *args);
void (*parse_target)(struct xtables_target *t, void *data);
+ bool (*rule_find)(struct nft_family_ops *ops, struct nft_rule *r,
+ void *data);
void add_meta(struct nft_rule *r, uint32_t key);
@@ -117,6 +119,12 @@ void save_firewall_details(const struct iptables_command_state *cs,
struct nft_family_ops *nft_family_ops_lookup(int family);
+struct nft_handle;
+bool nft_ipv46_rule_find(struct nft_family_ops *ops, struct nft_rule *r,
+ struct iptables_command_state *cs);
+bool compare_targets(struct xtables_target *tg1, struct xtables_target *tg2);
struct addr_mask {
union {
struct in_addr *v4;