authorArturo Borrero <>2014-11-12 13:00:12 +0100
committerPablo Neira Ayuso <>2014-11-12 13:16:57 +0100
commitc82bf9f79bbc299de428fdc2e204d571b6cbc50d (patch)
tree984f4940c32af3d41e1598545a1e4e4b4b321659 /iptables/nft.h
parentdf3741332d86629a8fdd267930e0a249803f6aa8 (diff)
iptables-compat: kill add_*() invflags parameter
Let's kill the invflags parameter and use directly NFT_CMP_[N]EQ. The caller must calculate which kind of cmp operation requires. BTW, this patch solves absence of inversion in some arptables-compat builtin matches. Thus, translating arptables inv flags is no longer needed. Signed-off-by: Arturo Borrero Gonzalez <> Signed-off-by: Pablo Neira Ayuso <>
1 files changed, 2 insertions, 0 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index 0db2ed6c..9f6561f5 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -113,6 +113,8 @@ void nft_rule_print_save(const void *data,
struct nft_rule *r, enum nft_rule_print type,
unsigned int format);
+uint32_t nft_invflags2cmp(uint32_t invflags, uint32_t flag);
* global commit and abort