diff options
author | Giuseppe Longo <giuseppelng@gmail.com> | 2014-08-22 11:16:29 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-08-24 16:02:47 +0200 |
commit | 1cc84d47766ad74be8609477d3496544848b75b1 (patch) | |
tree | ebdc7348c4321e9e19ddca78d5dce658d8715a09 /iptables/nft-shared.h | |
parent | d579c3cba69ec958ca93216a77f15acfa1487e09 (diff) |
nft: add nft_xt_ctx struct
This patch provides the context used to transfer
information between different nft_parse_* function calls.
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-shared.h')
-rw-r--r-- | iptables/nft-shared.h | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 1c06b5f4..c4936dde 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -6,6 +6,8 @@ #include <libnftnl/rule.h> #include <libnftnl/expr.h> +#include <linux/netfilter_arp/arp_tables.h> + #include "xshared.h" #if 0 @@ -36,6 +38,16 @@ struct xtables_args; +struct nft_xt_ctx { + union { + struct iptables_command_state *cs; + struct arpt_entry *fw; + } state; + struct nft_rule_expr_iter *iter; + int family; + uint32_t flags; +}; + struct nft_family_ops { int (*add)(struct nft_rule *r, void *data); bool (*is_same)(const void *data_a, @@ -88,19 +100,11 @@ void parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface, void print_proto(uint16_t proto, int invert); void get_cmp_data(struct nft_rule_expr_iter *iter, void *data, size_t dlen, bool *inv); -void nft_parse_target(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter, - int family, void *data); -void nft_parse_meta(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter, - int family, void *data); -void nft_parse_payload(struct nft_rule_expr *e, - struct nft_rule_expr_iter *iter, - int family, void *data); -void nft_parse_counter(struct nft_rule_expr *e, - struct nft_rule_expr_iter *iter, - struct xt_counters *counters); -void nft_parse_immediate(struct nft_rule_expr *e, - struct nft_rule_expr_iter *iter, - int family, void *data); +void nft_parse_target(struct nft_xt_ctx *ctx, struct nft_rule_expr *e); +void nft_parse_meta(struct nft_xt_ctx *ctx, struct nft_rule_expr *e); +void nft_parse_payload(struct nft_xt_ctx *ctx, struct nft_rule_expr *e); +void nft_parse_counter(struct nft_rule_expr *e, struct xt_counters *counters); +void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nft_rule_expr *e); void nft_rule_to_iptables_command_state(struct nft_rule *r, struct iptables_command_state *cs); void print_firewall_details(const struct iptables_command_state *cs, @@ -182,8 +186,6 @@ struct xtables_args { extern char *opcodes[]; #define NUMOPCODES 9 -#include <linux/netfilter_arp/arp_tables.h> - static inline struct xt_entry_target *nft_arp_get_target(struct arpt_entry *fw) { struct xt_entry_target **target; |