From 25ef90814a991e80384d4369565c6decadfcd409 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 19 Jul 2018 18:32:08 +0200 Subject: xtables: introduce nft_init_eb() This wraps nft_init(), adding required things needed for ebtables. Signed-off-by: Phil Sutter Signed-off-by: Florian Westphal --- iptables/nft.h | 1 + iptables/xtables-eb-standalone.c | 18 ++---------------- iptables/xtables-eb.c | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+), 16 deletions(-) (limited to 'iptables') diff --git a/iptables/nft.h b/iptables/nft.h index 17031871..f73a61c5 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -145,6 +145,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, bool /* For xtables-arptables.c */ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table); /* For xtables-eb.c */ +int nft_init_eb(struct nft_handle *h); int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table); /* diff --git a/iptables/xtables-eb-standalone.c b/iptables/xtables-eb-standalone.c index 914d137b..2248b08d 100644 --- a/iptables/xtables-eb-standalone.c +++ b/iptables/xtables-eb-standalone.c @@ -41,28 +41,14 @@ #include "xtables-multi.h" -extern struct xtables_globals ebtables_globals; - int xtables_eb_main(int argc, char *argv[]) { int ret; char *table = "filter"; - struct nft_handle h = { - .family = NFPROTO_BRIDGE, - }; + struct nft_handle h; - ebtables_globals.program_name = "ebtables"; - ret = xtables_init_all(&ebtables_globals, NFPROTO_BRIDGE); - if (ret < 0) { - fprintf(stderr, "%s/%s Failed to initialize ebtables-compat\n", - ebtables_globals.program_name, - ebtables_globals.program_version); - exit(1); - } + nft_init_eb(&h); -#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) - init_extensionsb(); -#endif ret = do_commandeb(&h, argc, argv, &table); if (ret) ret = nft_commit(&h); diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c index f4b39095..44235347 100644 --- a/iptables/xtables-eb.c +++ b/iptables/xtables-eb.c @@ -732,6 +732,40 @@ void ebt_add_watcher(struct xtables_target *watcher, cs->match_list->next = newnode; } +int nft_init_eb(struct nft_handle *h) +{ + ebtables_globals.program_name = "ebtables"; + if (xtables_init_all(&ebtables_globals, NFPROTO_BRIDGE) < 0) { + fprintf(stderr, "%s/%s Failed to initialize ebtables-compat\n", + ebtables_globals.program_name, + ebtables_globals.program_version); + exit(1); + } + +#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) + init_extensionsb(); +#endif + + memset(h, 0, sizeof(*h)); + + h->family = NFPROTO_BRIDGE; + + if (nft_init(h, xtables_bridge) < 0) + xtables_error(OTHER_PROBLEM, + "Could not initialize nftables layer."); + h->ops = nft_family_ops_lookup(h->family); + if (!h->ops) + xtables_error(PARAMETER_PROBLEM, "Unknown family"); + + /* manually registering ebt matches, given the original ebtables parser + * don't use '-m matchname' and the match can't be loaded dynamically when + * the user calls it. + */ + ebt_load_match_extensions(); + + return 0; +} + int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table) { char *buffer; -- cgit v1.2.3