From e224f0b10ef01e3e2081054e7fa4f64601726646 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 15 Nov 2023 16:58:15 +0100 Subject: xshared: Turn command_default() into a callback Ebtables' variant is pretty different since all extensions are loaded up front and some targets serve as "watcher" extensions, so let variants specify the function to call for extension parameters. Signed-off-by: Phil Sutter --- iptables/ip6tables.c | 1 + iptables/iptables.c | 1 + iptables/nft-arp.c | 1 + iptables/nft-ipv4.c | 1 + iptables/nft-ipv6.c | 1 + iptables/xshared.c | 6 +++--- iptables/xshared.h | 4 ++++ 7 files changed, 12 insertions(+), 3 deletions(-) (limited to 'iptables') diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c index 53eeb6e9..96603756 100644 --- a/iptables/ip6tables.c +++ b/iptables/ip6tables.c @@ -670,6 +670,7 @@ int do_command6(int argc, char *argv[], char **table, .post_parse = ipv6_post_parse, .option_name = ip46t_option_name, .option_invert = ip46t_option_invert, + .command_default = command_default, }; struct xt_cmd_parse p = { .table = *table, diff --git a/iptables/iptables.c b/iptables/iptables.c index 69dd2890..b57483ef 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -664,6 +664,7 @@ int do_command4(int argc, char *argv[], char **table, .post_parse = ipv4_post_parse, .option_name = ip46t_option_name, .option_invert = ip46t_option_invert, + .command_default = command_default, }; struct xt_cmd_parse p = { .table = *table, diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index c009dd83..f3e2920a 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -858,6 +858,7 @@ struct nft_family_ops nft_family_ops_arp = { .post_parse = nft_arp_post_parse, .option_name = nft_arp_option_name, .option_invert = nft_arp_option_invert, + .command_default = command_default, }, .rule_to_cs = nft_rule_to_iptables_command_state, .init_cs = nft_arp_init_cs, diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index c140ffde..754c7764 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -354,6 +354,7 @@ struct nft_family_ops nft_family_ops_ipv4 = { .post_parse = ipv4_post_parse, .option_name = ip46t_option_name, .option_invert = ip46t_option_invert, + .command_default = command_default, }, .rule_to_cs = nft_rule_to_iptables_command_state, .clear_cs = xtables_clear_iptables_command_state, diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 4bf4f54f..b1b58910 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -345,6 +345,7 @@ struct nft_family_ops nft_family_ops_ipv6 = { .post_parse = ipv6_post_parse, .option_name = ip46t_option_name, .option_invert = ip46t_option_invert, + .command_default = command_default, }, .rule_to_cs = nft_rule_to_iptables_command_state, .clear_cs = xtables_clear_iptables_command_state, diff --git a/iptables/xshared.c b/iptables/xshared.c index ff809f2b..29b39929 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -122,8 +122,8 @@ static struct xtables_match *load_proto(struct iptables_command_state *cs) cs->options & OPT_NUMERIC, &cs->matches); } -static int command_default(struct iptables_command_state *cs, - struct xtables_globals *gl, bool invert) +int command_default(struct iptables_command_state *cs, + struct xtables_globals *gl, bool invert) { struct xtables_rule_match *matchp; struct xtables_match *m; @@ -1784,7 +1784,7 @@ void do_parse(int argc, char *argv[], exit_tryhelp(2, p->line); default: - if (command_default(cs, xt_params, invert)) + if (p->ops->command_default(cs, xt_params, invert)) /* cf. ip6tables.c */ continue; break; diff --git a/iptables/xshared.h b/iptables/xshared.h index 3df2153f..bf24fd56 100644 --- a/iptables/xshared.h +++ b/iptables/xshared.h @@ -272,6 +272,8 @@ struct xt_cmd_parse_ops { struct xtables_args *args); const char *(*option_name)(int option); int (*option_invert)(int option); + int (*command_default)(struct iptables_command_state *cs, + struct xtables_globals *gl, bool invert); }; struct xt_cmd_parse { @@ -289,6 +291,8 @@ struct xt_cmd_parse { const char *ip46t_option_name(int option); int ip46t_option_invert(int option); +int command_default(struct iptables_command_state *cs, + struct xtables_globals *gl, bool invert); void do_parse(int argc, char *argv[], struct xt_cmd_parse *p, struct iptables_command_state *cs, -- cgit v1.2.3