diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-10-09 15:02:02 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-11-24 11:35:33 +0100 |
| commit | da871de2a6efb576b6378a66222c0871f4282e96 (patch) | |
| tree | a700e6ff93143a9a4a863e0e1cf2df8fc2cc5d41 /iptables/nft-shared.c | |
| parent | d87b76cfc3b1c003fec75b8a4ea639aa444014f3 (diff) | |
nft: bootstrap ebtables-compat
This patch bootstraps ebtables-compat, the ebtables compatibility
software upon nf_tables.
[ Original patches:
http://patchwork.ozlabs.org/patch/395544/
http://patchwork.ozlabs.org/patch/395545/
http://patchwork.ozlabs.org/patch/395546/
I have also forward port them on top of the current git HEAD, otherwise
compilation breaks.
This bootstrap is experimental, this still needs more work. --Pablo ]
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-shared.c')
| -rw-r--r-- | iptables/nft-shared.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index d4a54bee..9ca2e35c 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -32,6 +32,7 @@ extern struct nft_family_ops nft_family_ops_ipv4; extern struct nft_family_ops nft_family_ops_ipv6; extern struct nft_family_ops nft_family_ops_arp; +extern struct nft_family_ops nft_family_ops_bridge; void add_meta(struct nft_rule *r, uint32_t key) { @@ -206,7 +207,7 @@ bool is_same_interfaces(const char *a_iniface, const char *a_outiface, return true; } -void parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface, +int parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface, unsigned char *iniface_mask, char *outiface, unsigned char *outiface_mask, uint8_t *invflags) { @@ -264,9 +265,10 @@ void parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface, } break; default: - DEBUGP("unknown meta key %d\n", key); - break; + return -1; } + + return 0; } static void *nft_get_data(struct nft_xt_ctx *ctx) @@ -277,6 +279,8 @@ static void *nft_get_data(struct nft_xt_ctx *ctx) return ctx->state.cs; case NFPROTO_ARP: return ctx->state.cs_arp; + case NFPROTO_BRIDGE: + return ctx->state.ebfw; default: /* Should not happen */ return NULL; @@ -734,6 +738,8 @@ struct nft_family_ops *nft_family_ops_lookup(int family) return &nft_family_ops_ipv6; case NFPROTO_ARP: return &nft_family_ops_arp; + case NFPROTO_BRIDGE: + return &nft_family_ops_bridge; default: break; } @@ -741,8 +747,8 @@ struct nft_family_ops *nft_family_ops_lookup(int family) return NULL; } -static bool -compare_matches(struct xtables_rule_match *mt1, struct xtables_rule_match *mt2) +bool compare_matches(struct xtables_rule_match *mt1, + struct xtables_rule_match *mt2) { struct xtables_rule_match *mp1; struct xtables_rule_match *mp2; |