diff options
author | Phil Sutter <phil@nwl.cc> | 2023-01-31 19:55:57 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-08-10 13:44:12 +0200 |
commit | 2a6eee89083c837ac429b0e5aba33bdcaeb51a57 (patch) | |
tree | 58d444fd7ec52e20f8da9f1506e573c323f78785 /iptables/nft-ruleparse.h | |
parent | bb7d5fde80ccb4672dcf9644b4ccf1bffc0919fd (diff) |
nft-ruleparse: Introduce nft_create_target()
Like nft_create_match(), this is a small wrapper around the typical
target extension lookup and (standard) init code.
To use it from nft_parse_target() and nft_parse_log(), introduce an
inner variant which accepts the target payload size as parameter.
The call to rule_parse_ops::target callback was problematic with
standard target, because the callbacks initialized
iptables_command_state::jumpto with the target name, "standard" in that
case. Perform its tasks in nft_create_target(), keep it only for bridge
family's special handling of watcher "targets".
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft-ruleparse.h')
-rw-r--r-- | iptables/nft-ruleparse.h | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/iptables/nft-ruleparse.h b/iptables/nft-ruleparse.h index fd083c08..25ce05d2 100644 --- a/iptables/nft-ruleparse.h +++ b/iptables/nft-ruleparse.h @@ -117,6 +117,8 @@ extern struct nft_ruleparse_ops nft_ruleparse_ops_ipv6; void *nft_create_match(struct nft_xt_ctx *ctx, struct iptables_command_state *cs, const char *name, bool reuse); +void *nft_create_target(struct nft_xt_ctx *ctx, const char *name); + bool nft_rule_to_iptables_command_state(struct nft_handle *h, const struct nftnl_rule *r, @@ -129,9 +131,6 @@ int parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e, uint8_t key, char *iniface, unsigned char *iniface_mask, char *outiface, unsigned char *outiface_mask, uint8_t *invflags); -void nft_ipv46_parse_target(struct xtables_target *t, - struct iptables_command_state *cs); - int nft_parse_hl(struct nft_xt_ctx *ctx, struct nftnl_expr *e, struct iptables_command_state *cs); |