diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-09-08 23:53:05 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:45 +0100 |
commit | e83e35e236a33dfdf3e401adb7d7e18362cf1961 (patch) | |
tree | a09b5cc22651914241dffe9fb32ca3ce68909340 /iptables | |
parent | 7791905f7db3bce63d3316c5adaf2f735cff3c1d (diff) |
nft: generalize rule addition family hook
This should help Giuseppe with his ARP support works, this change
was missing in (618309c nft: refactoring parse operations for more
genericity).
Based on patch from Giuseppe.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/nft-ipv4.c | 3 | ||||
-rw-r--r-- | iptables/nft-ipv6.c | 4 | ||||
-rw-r--r-- | iptables/nft-shared.h | 2 |
3 files changed, 6 insertions, 3 deletions
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index b7a60952..40340984 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -24,8 +24,9 @@ #include "nft-shared.h" -static int nft_ipv4_add(struct nft_rule *r, struct iptables_command_state *cs) +static int nft_ipv4_add(struct nft_rule *r, void *data) { + struct iptables_command_state *cs = data; uint32_t op; if (cs->fw.ip.iniface[0] != '\0') diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 27e63a45..2efe95e3 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -22,8 +22,10 @@ #include "nft-shared.h" -static int nft_ipv6_add(struct nft_rule *r, struct iptables_command_state *cs) +static int nft_ipv6_add(struct nft_rule *r, void *data) { + struct iptables_command_state *cs = data; + if (cs->fw6.ipv6.iniface[0] != '\0') add_iniface(r, cs->fw6.ipv6.iniface, cs->fw6.ipv6.invflags); diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index ed2617cb..3f1a9a4a 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -37,7 +37,7 @@ struct xtables_args; struct nft_family_ops { - int (*add)(struct nft_rule *r, struct iptables_command_state *cs); + int (*add)(struct nft_rule *r, void *data); bool (*is_same)(const struct iptables_command_state *a, const struct iptables_command_state *b); void (*print_payload)(struct nft_rule_expr *e, |