From 2a6eee89083c837ac429b0e5aba33bdcaeb51a57 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 31 Jan 2023 19:55:57 +0100 Subject: nft-ruleparse: Introduce nft_create_target() Like nft_create_match(), this is a small wrapper around the typical target extension lookup and (standard) init code. To use it from nft_parse_target() and nft_parse_log(), introduce an inner variant which accepts the target payload size as parameter. The call to rule_parse_ops::target callback was problematic with standard target, because the callbacks initialized iptables_command_state::jumpto with the target name, "standard" in that case. Perform its tasks in nft_create_target(), keep it only for bridge family's special handling of watcher "targets". Signed-off-by: Phil Sutter --- iptables/nft-ruleparse.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'iptables/nft-ruleparse.h') diff --git a/iptables/nft-ruleparse.h b/iptables/nft-ruleparse.h index fd083c08..25ce05d2 100644 --- a/iptables/nft-ruleparse.h +++ b/iptables/nft-ruleparse.h @@ -117,6 +117,8 @@ extern struct nft_ruleparse_ops nft_ruleparse_ops_ipv6; void *nft_create_match(struct nft_xt_ctx *ctx, struct iptables_command_state *cs, const char *name, bool reuse); +void *nft_create_target(struct nft_xt_ctx *ctx, const char *name); + bool nft_rule_to_iptables_command_state(struct nft_handle *h, const struct nftnl_rule *r, @@ -129,9 +131,6 @@ int parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e, uint8_t key, char *iniface, unsigned char *iniface_mask, char *outiface, unsigned char *outiface_mask, uint8_t *invflags); -void nft_ipv46_parse_target(struct xtables_target *t, - struct iptables_command_state *cs); - int nft_parse_hl(struct nft_xt_ctx *ctx, struct nftnl_expr *e, struct iptables_command_state *cs); -- cgit v1.2.3