From 34c36aeebd0b44629ef6c54a3087b3b531ccc1a5 Mon Sep 17 00:00:00 2001
From: Arturo Borrero <arturo.borrero.glez@gmail.com>
Date: Fri, 13 Feb 2015 11:38:02 +0100
Subject: arptables-compat: add mangle target extension

This patch adds support to use the mangle target extensions, along with
the required changes in the surrounding code.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft-arp.c                | 19 +++++++++----------
 iptables/xtables-arp-standalone.c | 30 +++++++-----------------------
 iptables/xtables-arp.c            | 15 +++++++++++----
 3 files changed, 27 insertions(+), 37 deletions(-)

(limited to 'iptables')

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 24b31c5a..05672014 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -402,10 +402,11 @@ void nft_rule_to_arptables_command_state(struct nft_rule *r,
 
 	nft_rule_expr_iter_destroy(iter);
 
-	if (cs->target != NULL)
-		cs->jumpto = cs->target->name;
-	else if (cs->jumpto != NULL)
-		cs->target = xtables_find_target(cs->jumpto, XTF_TRY_LOAD);
+	if (cs->jumpto != NULL)
+		return;
+
+	if (cs->target != NULL && cs->target->name != NULL)
+		cs->target = xtables_find_target(cs->target->name, XTF_TRY_LOAD);
 	else
 		cs->jumpto = "";
 }
@@ -585,13 +586,11 @@ nft_arp_print_firewall(struct nft_rule *r, unsigned int num,
 
 	print_fw_details(&cs.fw, format);
 
-	if (strlen(cs.jumpto) > 0) {
-		printf("-j %s\n", cs.jumpto);
+	if (cs.jumpto != NULL && strcmp(cs.jumpto, "") != 0) {
+		printf("-j %s", cs.jumpto);
 	} else if (cs.target) {
-		if (cs.target->print)
-			/* Print the target information. */
-			cs.target->print(&cs.fw, cs.target->t,
-					 format & FMT_NUMERIC);
+		printf("-j %s ", cs.target->name);
+		cs.target->print(&cs.fw, cs.target->t, format & FMT_NUMERIC);
 	}
 
 	if (!(format & FMT_NOCOUNTS)) {
diff --git a/iptables/xtables-arp-standalone.c b/iptables/xtables-arp-standalone.c
index 182dd9f3..6553d28f 100644
--- a/iptables/xtables-arp-standalone.c
+++ b/iptables/xtables-arp-standalone.c
@@ -41,18 +41,7 @@
 
 #include "xtables-multi.h"
 
-extern struct xtables_globals xtables_globals;
-extern const char *program_version, *program_name;
-
-static const struct xtables_afinfo afinfo_arp = {
-        .kmod          = "arp_tables",
-        .proc_exists   = "/proc/net/arp_tables_names",
-        .libprefix     = "libarp_",
-        .family        = NFPROTO_ARP,
-        .ipproto       = IPPROTO_IP,
-        .so_rev_match  = -1,
-        .so_rev_target = -1,
-};
+extern struct xtables_globals arptables_globals;
 
 int xtables_arp_main(int argc, char *argv[])
 {
@@ -62,22 +51,17 @@ int xtables_arp_main(int argc, char *argv[])
 		.family = NFPROTO_ARP,
 	};
 
-	xtables_globals.program_name = "arptables";
-	/* This code below could be replaced by xtables_init_all, which
-	 * doesn't support NFPROTO_ARP yet.
-	 */
-	xtables_init();
-	afinfo = &afinfo_arp;
-	ret = xtables_set_params(&xtables_globals);
+	arptables_globals.program_name = "arptables";
+	ret = xtables_init_all(&arptables_globals, NFPROTO_ARP);
 	if (ret < 0) {
-		fprintf(stderr, "%s/%s Failed to initialize xtables\n",
-				xtables_globals.program_name,
-				xtables_globals.program_version);
+		fprintf(stderr, "%s/%s Failed to initialize arptables-compat\n",
+			arptables_globals.program_name,
+			arptables_globals.program_version);
 		exit(1);
 	}
 
 #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
-	init_extensions();
+	init_extensionsa();
 #endif
 
 	ret = do_commandarp(&h, argc, argv, &table);
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index c92b9e75..26ece01d 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -44,6 +44,7 @@
 #include <sys/wait.h>
 #include <net/if.h>
 #include <netinet/ether.h>
+#include <iptables.h>
 #include <xtables.h>
 
 #include "xshared.h"
@@ -151,8 +152,14 @@ int RUNTIME_NF_ARP_NUMHOOKS = 3;
 static struct option *opts = original_opts;
 static unsigned int global_option_offset = 0;
 
-extern void xtables_exit_error(enum xtables_exittype status, const char *msg, ...);
-extern struct xtables_globals xtables_globals;
+extern void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
+struct xtables_globals arptables_globals = {
+	.option_offset		= 0,
+	.program_version	= IPTABLES_VERSION,
+	.orig_opts		= original_opts,
+	.exit_err		= xtables_exit_error,
+	.compat_rev		= nft_compatible_revision,
+};
 
 /* Table of legal combinations of commands and options.  If any of the
  * given commands make an option legal, that option is legal (applies to
@@ -833,11 +840,11 @@ static struct xtables_target *command_jump(struct arpt_entry *fw,
 	xs_init_target(target);
 
 	if (target->x6_options != NULL)
-		opts = xtables_options_xfrm(xtables_globals.orig_opts,
+		opts = xtables_options_xfrm(arptables_globals.orig_opts,
 					    opts, target->x6_options,
 					    &target->option_offset);
 	else
-		opts = xtables_merge_options(xtables_globals.orig_opts,
+		opts = xtables_merge_options(arptables_globals.orig_opts,
 					     opts, target->extra_opts,
 					     &target->option_offset);
 
-- 
cgit v1.2.3