xtables: introduce nft_init_eb()

This wraps nft_init(), adding required things needed for ebtables.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/iptables/nft.h b/iptables/nft.h
index 17031871c8e3d79417423446de86c868a91d1bcc..f73a61c521b12932445c997c40b9b6e497838bff 100644 (file)
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -145,6 +145,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, bool
 /* For xtables-arptables.c */
 int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table);
 /* For xtables-eb.c */
+int nft_init_eb(struct nft_handle *h);
 int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table);
 
 /*

diff --git a/iptables/xtables-eb-standalone.c b/iptables/xtables-eb-standalone.c
index 914d137b5d662a833311c2bcbbc777241ba4a95f..2248b08d604985c632e22d679d21b327b036a943 100644 (file)
--- a/iptables/xtables-eb-standalone.c
+++ b/iptables/xtables-eb-standalone.c
@@ -41,28 +41,14 @@
 
 #include "xtables-multi.h"
 
-extern struct xtables_globals ebtables_globals;
-
 int xtables_eb_main(int argc, char *argv[])
 {
        int ret;
        char *table = "filter";
-       struct nft_handle h = {
-               .family = NFPROTO_BRIDGE,
-       };
+       struct nft_handle h;
 
-       ebtables_globals.program_name = "ebtables";
-       ret = xtables_init_all(&ebtables_globals, NFPROTO_BRIDGE);
-       if (ret < 0) {
-               fprintf(stderr, "%s/%s Failed to initialize ebtables-compat\n",
-                       ebtables_globals.program_name,
-                       ebtables_globals.program_version);
-               exit(1);
-       }
+       nft_init_eb(&h);
 
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
-       init_extensionsb();
-#endif
        ret = do_commandeb(&h, argc, argv, &table);
        if (ret)
                ret = nft_commit(&h);

diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index f4b390957fa5791213e69d0605ed5b0dcff4f2a1..44235347f60fe76787cb48af7f118e1b35a6d181 100644 (file)
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -732,6 +732,40 @@ void ebt_add_watcher(struct xtables_target *watcher,
                cs->match_list->next = newnode;
 }
 
+int nft_init_eb(struct nft_handle *h)
+{
+       ebtables_globals.program_name = "ebtables";
+       if (xtables_init_all(&ebtables_globals, NFPROTO_BRIDGE) < 0) {
+               fprintf(stderr, "%s/%s Failed to initialize ebtables-compat\n",
+                       ebtables_globals.program_name,
+                       ebtables_globals.program_version);
+               exit(1);
+       }
+
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+       init_extensionsb();
+#endif
+
+       memset(h, 0, sizeof(*h));
+
+       h->family = NFPROTO_BRIDGE;
+
+       if (nft_init(h, xtables_bridge) < 0)
+               xtables_error(OTHER_PROBLEM,
+                             "Could not initialize nftables layer.");
+       h->ops = nft_family_ops_lookup(h->family);
+       if (!h->ops)
+               xtables_error(PARAMETER_PROBLEM, "Unknown family");
+
+       /* manually registering ebt matches, given the original ebtables parser
+        * don't use '-m matchname' and the match can't be loaded dynamically when
+        * the user calls it.
+        */
+       ebt_load_match_extensions();
+
+       return 0;
+}
+
 int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table)
 {
        char *buffer;