summaryrefslogtreecommitdiffstats
path: root/libxtables
diff options
context:
space:
mode:
Diffstat (limited to 'libxtables')
-rw-r--r--libxtables/xtables.c42
1 files changed, 36 insertions, 6 deletions
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 68411248..5357d12c 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -168,6 +168,19 @@ static const struct xtables_afinfo afinfo_ipv6 = {
.so_rev_target = IP6T_SO_GET_REVISION_TARGET,
};
+/* Dummy families for arptables-compat and ebtables-compat. Leave structure
+ * fields that we don't use unset.
+ */
+static const struct xtables_afinfo afinfo_bridge = {
+ .libprefix = "libebt_",
+ .family = NFPROTO_BRIDGE,
+};
+
+static const struct xtables_afinfo afinfo_arp = {
+ .libprefix = "libarpt_",
+ .family = NFPROTO_ARP,
+};
+
const struct xtables_afinfo *afinfo;
/* Search path for Xtables .so files */
@@ -224,6 +237,12 @@ void xtables_set_nfproto(uint8_t nfproto)
case NFPROTO_IPV6:
afinfo = &afinfo_ipv6;
break;
+ case NFPROTO_BRIDGE:
+ afinfo = &afinfo_bridge;
+ break;
+ case NFPROTO_ARP:
+ afinfo = &afinfo_arp;
+ break;
default:
fprintf(stderr, "libxtables: unhandled NFPROTO in %s\n",
__func__);
@@ -536,7 +555,7 @@ void xtables_parse_interface(const char *arg, char *vianame,
static void *load_extension(const char *search_path, const char *af_prefix,
const char *name, bool is_target)
{
- const char *all_prefixes[] = {"libxt_", af_prefix, NULL};
+ const char *all_prefixes[] = {af_prefix, "libxt_", NULL};
const char **prefix;
const char *dir = search_path, *next;
void *ptr = NULL;
@@ -584,6 +603,16 @@ static void *load_extension(const char *search_path, const char *af_prefix,
}
#endif
+static bool extension_cmp(const char *name1, const char *name2, uint32_t family)
+{
+ if (strcmp(name1, name2) == 0 &&
+ (family == afinfo->family ||
+ family == NFPROTO_UNSPEC))
+ return true;
+
+ return false;
+}
+
struct xtables_match *
xtables_find_match(const char *name, enum xtables_tryload tryload,
struct xtables_rule_match **matches)
@@ -606,7 +635,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
/* Trigger delayed initialization */
for (dptr = &xtables_pending_matches; *dptr; ) {
- if (strcmp(name, (*dptr)->name) == 0) {
+ if (extension_cmp(name, (*dptr)->name, (*dptr)->family)) {
ptr = *dptr;
*dptr = (*dptr)->next;
ptr->next = NULL;
@@ -617,7 +646,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
}
for (ptr = xtables_matches; ptr; ptr = ptr->next) {
- if (strcmp(name, ptr->name) == 0) {
+ if (extension_cmp(name, ptr->name, ptr->family)) {
struct xtables_match *clone;
/* First match of this type: */
@@ -667,7 +696,8 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
newentry = xtables_malloc(sizeof(struct xtables_rule_match));
for (i = matches; *i; i = &(*i)->next) {
- if (strcmp(name, (*i)->match->name) == 0)
+ if (extension_cmp(name, (*i)->match->name,
+ (*i)->match->family))
(*i)->completed = true;
}
newentry->match = ptr;
@@ -695,7 +725,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
/* Trigger delayed initialization */
for (dptr = &xtables_pending_targets; *dptr; ) {
- if (strcmp(name, (*dptr)->name) == 0) {
+ if (extension_cmp(name, (*dptr)->name, (*dptr)->family)) {
ptr = *dptr;
*dptr = (*dptr)->next;
ptr->next = NULL;
@@ -706,7 +736,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
}
for (ptr = xtables_targets; ptr; ptr = ptr->next) {
- if (strcmp(name, ptr->name) == 0)
+ if (extension_cmp(name, ptr->name, ptr->family))
break;
}