From e2a2c72277b49ac611809b3978365ab3010e1597 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 18 Sep 2013 14:13:47 +0200
Subject: nft: consolidate nft_rule_find for ARP, IPv4 and IPv6

This patch kills nft_arp_rule_find, which is almost a copy and paste
of the original nft_rule_find function. Refactor this function to
move specific protocol parts to the corresponding nft-{ipv4,ipv6,arp}.c
files.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft-arp.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

(limited to 'iptables/nft-arp.c')

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 494d2c2f..0e6d9f98 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -564,6 +564,49 @@ static bool nft_arp_is_same(const void *data_a,
 				  (unsigned char*)b->arp.tgt_devaddr.mask);
 }
 
+static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nft_rule *r,
+			      void *data)
+{
+	struct arpt_entry *fw = data;
+	struct xt_entry_target *t_fw, *t_this;
+	char *targname_fw, *targname_this;
+	struct xtables_target *target_fw, *target_this;
+	struct arpt_entry this = {};
+
+	/* Delete by matching rule case */
+	nft_rule_to_arpt_entry(r, &this);
+
+	DEBUGP("comparing with... ");
+
+/*	nft_rule_print_save(&this, r, NFT_RULE_APPEND, 0); */
+
+	if (!ops->is_same(fw, &this))
+		return false;
+
+	t_fw = nft_arp_get_target(fw);
+	t_this = nft_arp_get_target(&this);
+
+	targname_fw = t_fw->u.user.name;
+	targname_this = t_this->u.user.name;
+
+	target_fw = xtables_find_target(targname_fw, XTF_TRY_LOAD);
+	target_this = xtables_find_target(targname_this, XTF_TRY_LOAD);
+
+	if (target_fw != NULL && target_this != NULL) {
+		if (!compare_targets(target_fw, target_this)) {
+			DEBUGP("Different target\n");
+			return false;
+		}
+	} else {
+		if (strcmp(targname_fw, targname_this) != 0) {
+			DEBUGP("Different verdict\n");
+			return false;
+		}
+	}
+
+	return true;
+}
+
 struct nft_family_ops nft_family_ops_arp = {
 	.add			= nft_arp_add,
 	.is_same		= nft_arp_is_same,
@@ -573,4 +616,5 @@ struct nft_family_ops nft_family_ops_arp = {
 	.parse_immediate	= nft_arp_parse_immediate,
 	.print_firewall		= nft_arp_print_firewall,
 	.post_parse		= NULL,
+	.rule_find		= nft_arp_rule_find,
 };
-- 
cgit v1.2.3