From e83e35e236a33dfdf3e401adb7d7e18362cf1961 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 8 Sep 2013 23:53:05 +0200 Subject: nft: generalize rule addition family hook This should help Giuseppe with his ARP support works, this change was missing in (618309c nft: refactoring parse operations for more genericity). Based on patch from Giuseppe. Signed-off-by: Pablo Neira Ayuso --- iptables/nft-ipv4.c | 3 ++- iptables/nft-ipv6.c | 4 +++- iptables/nft-shared.h | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index b7a60952..40340984 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -24,8 +24,9 @@ #include "nft-shared.h" -static int nft_ipv4_add(struct nft_rule *r, struct iptables_command_state *cs) +static int nft_ipv4_add(struct nft_rule *r, void *data) { + struct iptables_command_state *cs = data; uint32_t op; if (cs->fw.ip.iniface[0] != '\0') diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 27e63a45..2efe95e3 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -22,8 +22,10 @@ #include "nft-shared.h" -static int nft_ipv6_add(struct nft_rule *r, struct iptables_command_state *cs) +static int nft_ipv6_add(struct nft_rule *r, void *data) { + struct iptables_command_state *cs = data; + if (cs->fw6.ipv6.iniface[0] != '\0') add_iniface(r, cs->fw6.ipv6.iniface, cs->fw6.ipv6.invflags); diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index ed2617cb..3f1a9a4a 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -37,7 +37,7 @@ struct xtables_args; struct nft_family_ops { - int (*add)(struct nft_rule *r, struct iptables_command_state *cs); + int (*add)(struct nft_rule *r, void *data); bool (*is_same)(const struct iptables_command_state *a, const struct iptables_command_state *b); void (*print_payload)(struct nft_rule_expr *e, -- cgit v1.2.3