diff options
author | Giuseppe Longo <giuseppelng@gmail.com> | 2013-07-26 13:05:15 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:40 +0100 |
commit | afae1f841bc2c4b39a38fa97d271f3877d00bf3a (patch) | |
tree | 390d5811781dd8e7f15defb65d23e9be5876d587 /iptables/nft.c | |
parent | 66a5399b6a4383ea4081d99ae852eebc1d65f265 (diff) |
nft: associate table configuration to handle via nft_init
We need family dependent built-in table/chain configuration. This
patch is a step forward making nft family independent in
order to support arptables and ebtables compatibility layers.
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 35 |
1 files changed, 10 insertions, 25 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 9a857b9e..68fc1539 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -80,24 +80,7 @@ static int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh, return 0; } -#define FILTER 0 -#define MANGLE 1 -#define RAW 2 -#define SECURITY 3 -#define NAT 4 -#define TABLES_MAX 5 - -struct builtin_chain { - const char *name; - const char *type; - uint32_t prio; - uint32_t hook; -}; - -static struct builtin_table { - const char *name; - struct builtin_chain chains[NF_INET_NUMHOOKS]; -} tables[TABLES_MAX] = { +struct builtin_table xtables_ipv4[TABLES_MAX] = { [RAW] = { .name = "raw", .chains = { @@ -305,20 +288,21 @@ nft_chain_builtin_add(struct nft_handle *h, struct builtin_table *table, } /* find if built-in table already exists */ -static struct builtin_table *nft_table_builtin_find(const char *table) +static struct builtin_table +*nft_table_builtin_find(struct nft_handle *h, const char *table) { int i; bool found = false; for (i=0; i<TABLES_MAX; i++) { - if (strcmp(tables[i].name, table) != 0) + if (strcmp(h->tables[i].name, table) != 0) continue; found = true; break; } - return found ? &tables[i] : NULL; + return found ? &h->tables[i] : NULL; } /* find if built-in chain already exists */ @@ -366,7 +350,7 @@ nft_chain_builtin_init(struct nft_handle *h, const char *table, int ret = 0; struct builtin_table *t; - t = nft_table_builtin_find(table); + t = nft_table_builtin_find(h, table); if (t == NULL) { ret = -1; goto out; @@ -389,7 +373,7 @@ static bool nft_chain_builtin(struct nft_chain *c) return nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM) != NULL; } -int nft_init(struct nft_handle *h) +int nft_init(struct nft_handle *h, struct builtin_table *t) { h->nl = mnl_socket_open(NETLINK_NETFILTER); if (h->nl == NULL) { @@ -402,6 +386,7 @@ int nft_init(struct nft_handle *h) return -1; } h->portid = mnl_socket_get_portid(h->nl); + h->tables = t; return 0; } @@ -440,7 +425,7 @@ int nft_table_set_dormant(struct nft_handle *h, const char *table) int ret = 0, i; struct builtin_table *t; - t = nft_table_builtin_find(table); + t = nft_table_builtin_find(h, table); if (t == NULL) { ret = -1; goto out; @@ -501,7 +486,7 @@ __nft_chain_set(struct nft_handle *h, const char *table, struct builtin_chain *_c; int ret; - _t = nft_table_builtin_find(table); + _t = nft_table_builtin_find(h, table); /* if this built-in table does not exists, create it */ if (_t != NULL) nft_table_builtin_add(h, _t, false); |