From 0af80a91b0a98891d3cbc891a7377281b4080035 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 27 Sep 2021 16:59:49 +0200 Subject: nft: Merge xtables-arp-standalone.c into xtables-standalone.c By declaring the relevant family_ops callbacks for arptables, the code becomes ready to just use do_commandx() instead of a dedicated parser. As a side-effect, this enables a bunch of new features in arptables-nft: * Support '-C' command * Support '-S' command * Support rule indexes just like xtables, e.g. in '-I' or '-R' commands * Reject chain names starting with '!' * Support '-c N,M' counter syntax Since arptables still accepts intrapositioned negations, add code to cover that but print a warning like iptables did 12 years ago prior to removing the functionality. Signed-off-by: Phil Sutter --- iptables/xtables-standalone.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'iptables/xtables-standalone.c') diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c index 19d663b0..5482a856 100644 --- a/iptables/xtables-standalone.c +++ b/iptables/xtables-standalone.c @@ -68,9 +68,17 @@ xtables_main(int family, const char *progname, int argc, char *argv[]) } xt_params->program_name = progname; #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) - init_extensions(); - init_extensions4(); - init_extensions6(); + switch (family) { + case NFPROTO_IPV4: + case NFPROTO_IPV6: + init_extensions(); + init_extensions4(); + init_extensions6(); + break; + case NFPROTO_ARP: + init_extensionsa(); + break; + } #endif if (nft_init(&h, family) < 0) { @@ -107,3 +115,8 @@ int xtables_ip6_main(int argc, char *argv[]) { return xtables_main(NFPROTO_IPV6, "ip6tables", argc, argv); } + +int xtables_arp_main(int argc, char *argv[]) +{ + return xtables_main(NFPROTO_ARP, "arptables", argc, argv); +} -- cgit v1.2.3