diff options
Diffstat (limited to 'iptables/xtables-standalone.c')
-rw-r--r-- | iptables/xtables-standalone.c | 74 |
1 files changed, 48 insertions, 26 deletions
diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c index 1a28c548..117b0c69 100644 --- a/iptables/xtables-standalone.c +++ b/iptables/xtables-standalone.c @@ -39,33 +39,53 @@ #include "xtables-multi.h" #include "nft.h" +static struct xtables_globals *xtables_globals_lookup(int family) +{ + switch (family) { + case AF_INET: + case AF_INET6: + return &xtables_globals; + case NFPROTO_ARP: + return &arptables_globals; + case NFPROTO_BRIDGE: + return &ebtables_globals; + default: + xtables_error(OTHER_PROBLEM, "Unknown family value %d", family); + } +} + static int xtables_main(int family, const char *progname, int argc, char *argv[]) { - int ret; char *table = "filter"; - struct nft_handle h = { - .family = family, - }; + struct nft_handle h; + int ret; - xtables_globals.program_name = progname; - ret = xtables_init_all(&xtables_globals, family); + ret = xtables_init_all(xtables_globals_lookup(family), family); if (ret < 0) { - fprintf(stderr, "%s/%s Failed to initialize xtables\n", - xtables_globals.program_name, - xtables_globals.program_version); - exit(1); + fprintf(stderr, "%s: Failed to initialize xtables\n", progname); + exit(1); } -#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) + xt_params->program_name = progname; init_extensions(); - init_extensions4(); -#endif + switch (family) { + case NFPROTO_IPV4: + init_extensions4(); + break; + case NFPROTO_IPV6: + init_extensions6(); + break; + case NFPROTO_ARP: + init_extensionsa(); + break; + case NFPROTO_BRIDGE: + init_extensionsb(); + break; + } - if (nft_init(&h, xtables_ipv4) < 0) { - fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", - xtables_globals.program_name, - xtables_globals.program_version, - strerror(errno)); + if (nft_init(&h, family) < 0) { + fprintf(stderr, "%s: Failed to initialize nft: %s\n", + xt_params->program_name, strerror(errno)); exit(EXIT_FAILURE); } @@ -74,16 +94,13 @@ xtables_main(int family, const char *progname, int argc, char *argv[]) ret = nft_commit(&h); nft_fini(&h); + xtables_fini(); if (!ret) { - if (errno == EINVAL) { - fprintf(stderr, "iptables: %s. " - "Run `dmesg' for more information.\n", - nft_strerror(errno)); - } else { - fprintf(stderr, "iptables: %s.\n", - nft_strerror(errno)); - } + fprintf(stderr, "%s: %s.%s\n", progname, nft_strerror(errno), + (errno == EINVAL ? + " Run `dmesg' for more information." : "")); + if (errno == EAGAIN) exit(RESOURCE_PROBLEM); } @@ -100,3 +117,8 @@ int xtables_ip6_main(int argc, char *argv[]) { return xtables_main(NFPROTO_IPV6, "ip6tables", argc, argv); } + +int xtables_arp_main(int argc, char *argv[]) +{ + return xtables_main(NFPROTO_ARP, "arptables", argc, argv); +} |