From c82bf9f79bbc299de428fdc2e204d571b6cbc50d Mon Sep 17 00:00:00 2001
From: Arturo Borrero <arturo.borrero.glez@gmail.com>
Date: Wed, 12 Nov 2014 13:00:12 +0100
Subject: iptables-compat: kill add_*() invflags parameter

Let's kill the invflags parameter and use directly NFT_CMP_[N]EQ.
The caller must calculate which kind of cmp operation requires.

BTW, this patch solves absence of inversion in some arptables-compat
builtin matches. Thus, translating arptables inv flags is no longer needed.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'iptables/nft.c')

diff --git a/iptables/nft.c b/iptables/nft.c
index 64222af8..baaef3e8 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2567,3 +2567,11 @@ err:
 	/* the core expects 1 for success and 0 for error */
 	return ret == 0 ? 1 : 0;
 }
+
+uint32_t nft_invflags2cmp(uint32_t invflags, uint32_t flag)
+{
+	if (invflags & flag)
+		return NFT_CMP_NEQ;
+
+	return NFT_CMP_EQ;
+}
-- 
cgit v1.2.3