summaryrefslogtreecommitdiffstats
path: root/iptables/xtables-arp.c
diff options
context:
space:
mode:
authorGiuseppe Longo <giuseppelng@gmail.com>2013-09-22 10:18:55 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-12-30 23:50:48 +0100
commit2a55b8114a23c36e003c0b5bc384497bc2285369 (patch)
tree2f8313b51350f09df572a5731f4d790fef6869e8 /iptables/xtables-arp.c
parent7c7dcb2f2b86f71578c4cfc810042c98a43ea70a (diff)
xtables: arp: add delete operation
The following patch permit to delete the rules specifying an entry or a rule number. Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/xtables-arp.c')
-rw-r--r--iptables/xtables-arp.c33
1 files changed, 28 insertions, 5 deletions
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 8dfdf63e..4537a58c 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -911,6 +911,30 @@ replace_entry(const char *chain,
return nft_rule_replace(h, chain, table, fw, rulenum, verbose);
}
+static int
+delete_entry(const char *chain,
+ const char *table,
+ struct arpt_entry *fw,
+ unsigned int nsaddrs,
+ const struct in_addr saddrs[],
+ unsigned int ndaddrs,
+ const struct in_addr daddrs[],
+ bool verbose, struct nft_handle *h)
+{
+ unsigned int i, j;
+ int ret = 1;
+
+ for (i = 0; i < nsaddrs; i++) {
+ fw->arp.src.s_addr = saddrs[i].s_addr;
+ for (j = 0; j < ndaddrs; j++) {
+ fw->arp.tgt.s_addr = daddrs[j].s_addr;
+ ret = nft_rule_delete(h, chain, table, fw, verbose);
+ }
+ }
+
+ return ret;
+}
+
int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
{
struct arpt_entry fw, *e = NULL;
@@ -1402,13 +1426,12 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
options&OPT_VERBOSE, true);
break;
case CMD_DELETE:
- /*ret = delete_entry(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
- options&OPT_VERBOSE,
- handle);*/
+ ret = delete_entry(chain, *table, e,
+ nsaddrs, saddrs, ndaddrs, daddrs,
+ options&OPT_VERBOSE, h);
break;
case CMD_DELETE_NUM:
- /*ret = arptc_delete_num_entry(chain, rulenum - 1, handle);*/
+ ret = nft_rule_delete_num(h, chain, *table, rulenum - 1, verbose);
break;
case CMD_REPLACE:
ret = replace_entry(chain, *table, e, rulenum - 1,