AC_INIT([iptables], [1.6.0])
# See libtool.info "Libtool's versioning system"
-libxtables_vcurrent=11
+libxtables_vcurrent=12
libxtables_vage=0
AC_CONFIG_AUX_DIR([build-aux])
}
}
-static int DNAT_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int DNAT_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct nf_nat_range *range = (const void *)target->data;
+ const struct nf_nat_range *range = (const void *)params->target->data;
bool sep_need = false;
const char *sep = " ";
{"warn", LOG_WARNING }
};
-static int LOG_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int LOG_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- unsigned int i = 0;
const struct ip6t_log_info *loginfo =
- (const struct ip6t_log_info *)target->data;
+ (const struct ip6t_log_info *)params->target->data;
+ unsigned int i = 0;
xt_xlate_add(xl, "log ");
if (strcmp(loginfo->prefix, "") != 0)
printf(" --random");
}
-static int
-MASQUERADE_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int MASQUERADE_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct nf_nat_range *r = (const void *)target->data;
+ const struct nf_nat_range *r = (const void *)params->target->data;
xt_xlate_add(xl, "masquerade");
}
}
-static int REDIRECT_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int REDIRECT_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct nf_nat_range *range = (const void *)target->data;
+ const struct nf_nat_range *range = (const void *)params->target->data;
if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
xt_xlate_add(xl, "redirect to %hu",
{"reject-route", IP6T_ICMP6_REJECT_ROUTE}
};
-static int REJECT_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int REJECT_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
const struct ip6t_reject_info *reject =
- (const struct ip6t_reject_info *)target->data;
+ (const struct ip6t_reject_info *)params->target->data;
unsigned int i;
for (i = 0; i < ARRAY_SIZE(reject_table_xlate); ++i)
}
}
-static int SNAT_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int SNAT_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct nf_nat_range *range = (const void *)target->data;
+ const struct nf_nat_range *range = (const void *)params->target->data;
bool sep_need = false;
const char *sep = " ";
printf(" --ahres");
}
-static int ah_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int ah_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct ip6t_ah *ahinfo = (struct ip6t_ah *)match->data;
+ const struct ip6t_ah *ahinfo = (struct ip6t_ah *)params->match->data;
char *space = "";
if (!(ahinfo->spis[0] == 0 && ahinfo->spis[1] == 0xFFFFFFFF)) {
printf(" --fraglast");
}
-static int frag_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int frag_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct ip6t_frag *fraginfo = (struct ip6t_frag *)match->data;
+ const struct ip6t_frag *fraginfo =
+ (struct ip6t_frag *)params->match->data;
char *space= "";
if (!(fraginfo->ids[0] == 0 && fraginfo->ids[1] == 0xFFFFFFFF)) {
print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
}
-static int hbh_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int hbh_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
+ const struct ip6t_opts *optinfo =
+ (struct ip6t_opts *)params->match->data;
if (!(optinfo->flags & IP6T_OPTS_LEN) ||
(optinfo->flags & IP6T_OPTS_OPTS))
printf(" %s %u", op[info->mode], info->hop_limit);
}
-static int hl_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
-{
- static const char *const op[] = {
- [IP6T_HL_EQ] = "",
- [IP6T_HL_NE] = "!= ",
- [IP6T_HL_LT] = "lt ",
- [IP6T_HL_GT] = "gt " };
+static const char *const op[] = {
+ [IP6T_HL_EQ] = "",
+ [IP6T_HL_NE] = "!= ",
+ [IP6T_HL_LT] = "lt ",
+ [IP6T_HL_GT] = "gt "
+};
+static int hl_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
+{
const struct ip6t_hl_info *info =
- (struct ip6t_hl_info *) match->data;
+ (struct ip6t_hl_info *) params->match->data;
xt_xlate_add(xl, "ip6 hoplimit %s%u", op[info->mode], info->hop_limit);
return 1;
}
-static int icmp6_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int icmp6_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct ip6t_icmp *info = (struct ip6t_icmp *)match->data;
+ const struct ip6t_icmp *info = (struct ip6t_icmp *)params->match->data;
xt_xlate_add(xl, "icmpv6 type%s ",
(info->invflags & IP6T_ICMP_INV) ? " !=" : "");
printf(" --mh-type %u", mhinfo->types[0]);
}
-static int mh_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int mh_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct ip6t_mh *mhinfo = (struct ip6t_mh *)match->data;
+ const struct ip6t_mh *mhinfo = (struct ip6t_mh *)params->match->data;
if (mhinfo->types[0] == 0 && mhinfo->types[1] == 0xff)
return 1;
}
-static int rt_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int rt_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct ip6t_rt *rtinfo = (struct ip6t_rt *)match->data;
+ const struct ip6t_rt *rtinfo = (struct ip6t_rt *)params->match->data;
char *space = "";
if (rtinfo->flags & IP6T_RT_TYP) {
}
}
-static int DNAT_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int DNAT_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct ipt_natinfo *info = (const void *)target;
+ const struct ipt_natinfo *info = (const void *)params->target->data;
unsigned int i = 0;
bool sep_need = false;
const char *sep = " ";
{"warn", LOG_WARNING }
};
-static int LOG_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int LOG_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- unsigned int i = 0;
const struct ipt_log_info *loginfo =
- (const struct ipt_log_info *)target->data;
+ (const struct ipt_log_info *)params->target->data;
+ unsigned int i = 0;
xt_xlate_add(xl, "log ");
if (strcmp(loginfo->prefix, "") != 0)
printf(" --random");
}
-static int
-MASQUERADE_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int MASQUERADE_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
const struct nf_nat_ipv4_multi_range_compat *mr =
- (const void *)target->data;
+ (const void *)params->target->data;
const struct nf_nat_ipv4_range *r = &mr->range[0];
xt_xlate_add(xl, "masquerade");
}
}
-static int REDIRECT_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int REDIRECT_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
const struct nf_nat_ipv4_multi_range_compat *mr =
- (const void *)target->data;
+ (const void *)params->target->data;
const struct nf_nat_ipv4_range *r = &mr->range[0];
if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
{"admin-prohibited", IPT_ICMP_ADMIN_PROHIBITED}
};
-static int REJECT_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int REJECT_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
const struct ipt_reject_info *reject =
- (const struct ipt_reject_info *)target->data;
+ (const struct ipt_reject_info *)params->target->data;
unsigned int i;
for (i = 0; i < ARRAY_SIZE(reject_table_xlate); ++i) {
}
}
-static int SNAT_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int SNAT_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct ipt_natinfo *info = (const void *)target;
+ const struct ipt_natinfo *info = (const void *)params->target->data;
unsigned int i = 0;
bool sep_need = false;
const char *sep = " ";
}
-static int ah_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int ah_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct ipt_ah *ahinfo = (struct ipt_ah *)match->data;
+ const struct ipt_ah *ahinfo = (struct ipt_ah *)params->match->data;
if (!(ahinfo->spis[0] == 0 && ahinfo->spis[1] == 0xFFFFFFFF)) {
xt_xlate_add(xl, "ah spi%s ",
return 0;
}
-static int icmp_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int icmp_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct ipt_icmp *info = (struct ipt_icmp *)match->data;
+ const struct ipt_icmp *info = (struct ipt_icmp *)params->match->data;
if (info->type != 0xFF) {
xt_xlate_add(xl, "icmp type%s ",
}
}
-static int realm_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int realm_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_realm_info *ri = (const void *)match->data;
+ const struct xt_realm_info *ri = (const void *)params->match->data;
enum xt_op op = XT_OP_EQ;
if (ri->invert)
printf(" %u", info->ttl);
}
-static int ttl_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int ttl_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
const struct ipt_ttl_info *info =
- (struct ipt_ttl_info *) match->data;
+ (struct ipt_ttl_info *) params->match->data;
switch (info->mode) {
case IPT_TTL_EQ:
}
}
-static int
-connmark_tg_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int connmark_tg_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct xt_connmark_tginfo1 *info = (const void *)target->data;
+ const struct xt_connmark_tginfo1 *info =
+ (const void *)params->target->data;
switch (info->mode) {
case XT_CONNMARK_SET:
printf(" --set-xmark 0x%x/0x%x", info->mark, info->mask);
}
-static int mark_tg_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int mark_tg_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct xt_mark_tginfo2 *info = (const void *)target->data;
+ const struct xt_mark_tginfo2 *info = (const void *)params->target->data;
xt_xlate_add(xl, "meta mark set ");
return 1;
}
-static int MARK_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int MARK_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
const struct xt_mark_target_info_v1 *markinfo =
- (const struct xt_mark_target_info_v1 *)target->data;
+ (const struct xt_mark_target_info_v1 *)params->target->data;
xt_xlate_add(xl, "meta mark set ");
xt_xlate_add(xl, "group %u ", info->group);
}
-static int NFLOG_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int NFLOG_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data;
+ const struct xt_nflog_info *info =
+ (struct xt_nflog_info *)params->target->data;
nflog_print_xlate(info, xl);
tinfo->queues_total = 1;
}
-static int NFQUEUE_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int NFQUEUE_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
const struct xt_NFQ_info *tinfo =
- (const struct xt_NFQ_info *)target->data;
+ (const struct xt_NFQ_info *)params->target->data;
xt_xlate_add(xl, "queue num %u ", tinfo->queuenum);
return 1;
}
-static int NFQUEUE_xlate_v1(const void *ip,
- const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int NFQUEUE_xlate_v1(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct xt_NFQ_info_v1 *tinfo = (const void *)target->data;
+ const struct xt_NFQ_info_v1 *tinfo = (const void *)params->target->data;
unsigned int last = tinfo->queues_total;
if (last > 1) {
return 1;
}
-static int NFQUEUE_xlate_v2(const void *ip,
- const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int NFQUEUE_xlate_v2(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct xt_NFQ_info_v2 *info = (void *) target->data;
+ const struct xt_NFQ_info_v2 *info = (void *)params->target->data;
unsigned int last = info->queues_total;
if (last > 1) {
return 1;
}
-static int NFQUEUE_xlate_v3(const void *ip,
- const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int NFQUEUE_xlate_v3(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct xt_NFQ_info_v3 *info = (void *)target->data;
+ const struct xt_NFQ_info_v3 *info = (void *)params->target->data;
unsigned int last = info->queues_total;
if (last > 1) {
printf(" --oif %s", info->oif);
}
-static int tee_tg_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int tee_tg_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct xt_tee_tginfo *info =
- (const void *)target->data;
+ const struct xt_tee_tginfo *info = (const void *)params->target->data;
- if (numeric)
+ if (params->numeric)
xt_xlate_add(xl, "dup to %s",
xtables_ipaddr_to_numeric(&info->gw.in));
else
return 1;
}
-static int tee_tg6_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int tee_tg6_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
- const struct xt_tee_tginfo *info = (const void *)target->data;
+ const struct xt_tee_tginfo *info = (const void *)params->target->data;
- if (numeric)
+ if (params->numeric)
xt_xlate_add(xl, "dup to %s",
xtables_ip6addr_to_numeric(&info->gw.in6));
else
#include <xtables.h>
#include <linux/netfilter/x_tables.h>
-static int trace_xlate(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric)
+static int trace_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
{
xt_xlate_add(xl, "nftrace set 1");
return 1;
info->classid);
}
-static int cgroup_xlate_v0(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int cgroup_xlate_v0(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_cgroup_info_v0 *info = (void *)match->data;
+ const struct xt_cgroup_info_v0 *info = (void *)params->match->data;
xt_xlate_add(xl, "meta cgroup %s%u", info->invert ? "!= " : "",
info->id);
return 1;
}
-static int cgroup_xlate_v1(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int cgroup_xlate_v1(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_cgroup_info_v1 *info = (void *)match->data;
+ const struct xt_cgroup_info_v1 *info = (void *)params->match->data;
if (info->has_path)
return 0;
xtables_save_string(commentinfo->comment);
}
-static int
-comment_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int comment_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- struct xt_comment_info *commentinfo = (void *)match->data;
+ struct xt_comment_info *commentinfo = (void *)params->match->data;
commentinfo->comment[XT_MAX_COMMENT_LEN - 1] = '\0';
xt_xlate_add_comment(xl, commentinfo->comment);
connlabel_mt_print_op(info, "--");
}
-static int
-connlabel_mt_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int connlabel_mt_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_connlabel_mtinfo *info = (const void *)match->data;
+ const struct xt_connlabel_mtinfo *info =
+ (const void *)params->match->data;
const char *name = connlabel_get_name(info->bit);
if (name == NULL)
op == XT_OP_EQ ? "" : "!= ", mark);
}
-static int connmark_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int connmark_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_connmark_info *info = (const void *)match->data;
+ const struct xt_connmark_info *info = (const void *)params->match->data;
enum xt_op op = XT_OP_EQ;
if (info->invert)
}
static int
-connmark_mt_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+connmark_mt_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_connmark_mtinfo1 *info = (const void *)match->data;
+ const struct xt_connmark_mtinfo1 *info =
+ (const void *)params->match->data;
enum xt_op op = XT_OP_EQ;
if (info->invert)
}
}
-static int state_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int state_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_conntrack_mtinfo3 *sinfo = (const void *)match->data;
+ const struct xt_conntrack_mtinfo3 *sinfo =
+ (const void *)params->match->data;
xt_xlate_add(xl, "ct state %s", sinfo->invert_flags & XT_CONNTRACK_STATE ?
"!= " : "");
}
}
-static int _conntrack3_mt_xlate(const void *ip,
- const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric,
+static int _conntrack3_mt_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params,
int family)
{
- const struct xt_conntrack_mtinfo3 *sinfo = (const void *)match->data;
+ const struct xt_conntrack_mtinfo3 *sinfo =
+ (const void *)params->match->data;
char *space = "";
if (sinfo->match_flags & XT_CONNTRACK_DIRECTION) {
return 1;
}
-static int conntrack3_mt4_xlate(const void *ip,
- const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int conntrack3_mt4_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- return _conntrack3_mt_xlate(ip, match, xl, numeric, NFPROTO_IPV4);
+ return _conntrack3_mt_xlate(xl, params, NFPROTO_IPV4);
}
-static int conntrack3_mt6_xlate(const void *ip,
- const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int conntrack3_mt6_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- return _conntrack3_mt_xlate(ip, match, xl, numeric, NFPROTO_IPV6);
+ return _conntrack3_mt_xlate(xl, params, NFPROTO_IPV6);
}
static struct xtables_match conntrack_mt_reg[] = {
printf("%s --cpu %u", info->invert ? " !" : "", info->cpu);
}
-static int cpu_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int cpu_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_cpu_info *info = (void *)match->data;
+ const struct xt_cpu_info *info = (void *)params->match->data;
xt_xlate_add(xl, "cpu%s %u", info->invert ? " !=" : "", info->cpu);
return 1;
}
-static int dccp_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int dccp_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
const struct xt_dccp_info *einfo =
- (const struct xt_dccp_info *)match->data;
- int ret = 1;
+ (const struct xt_dccp_info *)params->match->data;
char *space = "";
+ int ret = 1;
xt_xlate_add(xl, "dccp ");
}
}
-static int devgroup_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int devgroup_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_devgroup_info *info = (const void *)match->data;
+ const struct xt_devgroup_info *info = (const void *)params->match->data;
devgroup_show_xlate(info, xl, 0);
printf("%s --dscp 0x%02x", dinfo->invert ? " !" : "", dinfo->dscp);
}
-static int __dscp_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int __dscp_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
const struct xt_dscp_info *dinfo =
- (const struct xt_dscp_info *)match->data;
+ (const struct xt_dscp_info *)params->match->data;
xt_xlate_add(xl, "dscp %s0x%02x", dinfo->invert ? "!= " : "",
dinfo->dscp);
return 1;
}
-static int dscp_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int dscp_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
xt_xlate_add(xl, "ip ");
- return __dscp_xlate(ip, match, xl, numeric);
+ return __dscp_xlate(xl, params);
}
-static int dscp_xlate6(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int dscp_xlate6(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
xt_xlate_add(xl, "ip6 ");
- return __dscp_xlate(ip, match, xl, numeric);
+ return __dscp_xlate(xl, params);
}
static struct xtables_match dscp_mt_reg[] = {
}
}
-static int ecn_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int ecn_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
const struct xt_ecn_info *einfo =
- (const struct xt_ecn_info *)match->data;
+ (const struct xt_ecn_info *)params->match->data;
if (!(einfo->operation & XT_ECN_OP_MATCH_IP))
return 0;
}
-static int esp_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int esp_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_esp *espinfo = (struct xt_esp *)match->data;
+ const struct xt_esp *espinfo = (struct xt_esp *)params->match->data;
if (!(espinfo->spis[0] == 0 && espinfo->spis[1] == 0xFFFFFFFF)) {
xt_xlate_add(xl, "esp spi%s",
xtables_save_string(info->name);
}
-static int helper_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int helper_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_helper_info *info = (const void *)match->data;
+ const struct xt_helper_info *info = (const void *)params->match->data;
xt_xlate_add(xl, "ct helper%s \\\"%s\\\"",
info->invert ? " !=" : "", info->name);
printf(" --compres");
}
-static int comp_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int comp_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_ipcomp *compinfo = (struct xt_ipcomp *)match->data;
+ const struct xt_ipcomp *compinfo =
+ (struct xt_ipcomp *)params->match->data;
xt_xlate_add(xl, "comp cpi %s%u",
(compinfo->invflags & XT_IPCOMP_INV_SPI) ? "!= " : "",
byte_max[0], byte_max[1], byte_max[2], byte_max[3]);
}
-static int iprange_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int iprange_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct ipt_iprange_info *info = (const void *)match->data;
+ const struct ipt_iprange_info *info = (const void *)params->match->data;
char *space = "";
if (info->flags & IPRANGE_SRC) {
return 1;
}
-static int iprange_mt4_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int iprange_mt4_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_iprange_mtinfo *info = (const void *)match->data;
+ const struct xt_iprange_mtinfo *info =
+ (const void *)params->match->data;
char *space = "";
if (info->flags & IPRANGE_SRC) {
return 1;
}
-static int iprange_mt6_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int iprange_mt6_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_iprange_mtinfo *info = (const void *)match->data;
+ const struct xt_iprange_mtinfo *info =
+ (const void *)params->match->data;
char *space = "";
if (info->flags & IPRANGE_SRC) {
printf("%u:%u", info->min, info->max);
}
-static int length_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int length_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_length_info *info = (void *)match->data;
+ const struct xt_length_info *info = (void *)params->match->data;
xt_xlate_add(xl, "meta length %s", info->invert ? "!= " : "");
if (info->min == info->max)
rates_xlate[i - 1].name);
}
-static int limit_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int limit_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_rateinfo *r = (const void *)match->data;
+ const struct xt_rateinfo *r = (const void *)params->match->data;
xt_xlate_add(xl, "limit rate");
print_rate_xlate(r->avg, xl);
xt_xlate_add(xl, ":%02x", macaddress[i]);
}
-static int mac_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int mac_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_mac_info *info = (void *)match->data;
+ const struct xt_mac_info *info = (void *)params->match->data;
xt_xlate_add(xl, "ether saddr%s ", info->invert ? " !=" : "");
print_mac_xlate(info->srcaddr, xl);
op == XT_OP_EQ ? "" : "!= ", mark);
}
-static int
-mark_mt_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int mark_mt_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_mark_mtinfo1 *info = (const void *)match->data;
+ const struct xt_mark_mtinfo1 *info = (const void *)params->match->data;
enum xt_op op = XT_OP_EQ;
if (info->invert)
return 1;
}
-static int
-mark_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int mark_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_mark_info *info = (const void *)match->data;
+ const struct xt_mark_info *info = (const void *)params->match->data;
enum xt_op op = XT_OP_EQ;
if (info->invert)
__multiport_save_v1(match, ip->proto);
}
-static int __multiport_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int __multiport_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
const struct xt_multiport *multiinfo
- = (const struct xt_multiport *)match->data;
+ = (const struct xt_multiport *)params->match->data;
unsigned int i;
switch (multiinfo->flags) {
return 1;
}
-static int multiport_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int multiport_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- uint8_t proto = ((const struct ipt_ip *)ip)->proto;
+ uint8_t proto = ((const struct ipt_ip *)params->ip)->proto;
xt_xlate_add(xl, "%s", proto_to_name(proto));
- return __multiport_xlate(ip, match, xl, numeric);
+ return __multiport_xlate(xl, params);
}
-static int multiport_xlate6(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int multiport_xlate6(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- uint8_t proto = ((const struct ip6t_ip6 *)ip)->proto;
+ uint8_t proto = ((const struct ip6t_ip6 *)params->ip)->proto;
xt_xlate_add(xl, "%s", proto_to_name(proto));
- return __multiport_xlate(ip, match, xl, numeric);
+ return __multiport_xlate(xl, params);
}
-static int __multiport_xlate_v1(const void *ip,
- const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int __multiport_xlate_v1(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_multiport_v1 *multiinfo
- = (const struct xt_multiport_v1 *)match->data;
+ const struct xt_multiport_v1 *multiinfo =
+ (const struct xt_multiport_v1 *)params->match->data;
unsigned int i;
switch (multiinfo->flags) {
return 1;
}
-static int multiport_xlate_v1(const void *ip,
- const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int multiport_xlate_v1(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- uint8_t proto = ((const struct ipt_ip *)ip)->proto;
+ uint8_t proto = ((const struct ipt_ip *)params->ip)->proto;
xt_xlate_add(xl, "%s", proto_to_name(proto));
- return __multiport_xlate_v1(ip, match, xl, numeric);
+ return __multiport_xlate_v1(xl, params);
}
-static int multiport_xlate6_v1(const void *ip,
- const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int multiport_xlate6_v1(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- uint8_t proto = ((const struct ip6t_ip6 *)ip)->proto;
+ uint8_t proto = ((const struct ip6t_ip6 *)params->ip)->proto;
xt_xlate_add(xl, "%s", proto_to_name(proto));
- return __multiport_xlate_v1(ip, match, xl, numeric);
+ return __multiport_xlate_v1(xl, params);
}
static struct xtables_match multiport_mt_reg[] = {
return 1;
}
-static int owner_mt_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int owner_mt_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_owner_match_info *info = (void *)match->data;
+ const struct xt_owner_match_info *info = (void *)params->match->data;
int ret;
switch (info->match) {
xt_xlate_add(xl, "%d", info->pkttype);
}
-static int pkttype_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int pkttype_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_pkttype_info *info = (const void *)match->data;
+ const struct xt_pkttype_info *info = (const void *)params->match->data;
xt_xlate_add(xl, "pkttype%s ", info->invert ? " !=" : "");
print_pkttype_xlate(info, xl);
}
}
-static int sctp_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int sctp_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
const struct xt_sctp_info *einfo =
- (const struct xt_sctp_info *)match->data;
+ (const struct xt_sctp_info *)params->match->data;
char *space = "";
if (!einfo->flags)
xt_xlate_add(xl, "0x0");
}
-static int tcp_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int tcp_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_tcp *tcpinfo = (const struct xt_tcp *)match->data;
+ const struct xt_tcp *tcpinfo =
+ (const struct xt_tcp *)params->match->data;
char *space= "";
if (tcpinfo->spts[0] != 0 || tcpinfo->spts[1] != 0xffff) {
}
}
-static int udp_xlate(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric)
+static int udp_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
{
- const struct xt_udp *udpinfo = (struct xt_udp *)match->data;
+ const struct xt_udp *udpinfo = (struct xt_udp *)params->match->data;
char *space= "";
if (udpinfo->spts[0] != 0 || udpinfo->spts[1] != 0xFFFF) {
struct xt_xlate;
+struct xt_xlate_mt_params {
+ const void *ip;
+ const struct xt_entry_match *match;
+ int numeric;
+};
+
+struct xt_xlate_tg_params {
+ const void *ip;
+ const struct xt_entry_target *target;
+ int numeric;
+};
+
/* Include file for additions: new matches and targets. */
struct xtables_match
{
const struct xt_option_entry *x6_options;
/* Translate iptables to nft */
- int (*xlate)(const void *ip, const struct xt_entry_match *match,
- struct xt_xlate *xl, int numeric);
+ int (*xlate)(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params);
/* Size of per-extension instance extra "global" scratch space */
size_t udata_size;
const struct xt_option_entry *x6_options;
/* Translate iptables to nft */
- int (*xlate)(const void *ip, const struct xt_entry_target *target,
- struct xt_xlate *xl, int numeric);
+ int (*xlate)(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params);
size_t udata_size;
xt_xlate_add(xl, "drop");
else if (strcmp(cs->jumpto, XTC_LABEL_RETURN) == 0)
xt_xlate_add(xl, "return");
- else if (cs->target->xlate)
- ret = cs->target->xlate((const void *)&cs->fw,
- cs->target->t, xl, numeric);
+ else if (cs->target->xlate) {
+ struct xt_xlate_tg_params params = {
+ .ip = (const void *)&cs->fw,
+ .target = cs->target->t,
+ .numeric = numeric,
+ };
+ ret = cs->target->xlate(xl, ¶ms);
+ }
else
return 0;
} else if (strlen(cs->jumpto) > 0) {
int ret = 1, numeric = cs->options & OPT_NUMERIC;
for (matchp = cs->matches; matchp; matchp = matchp->next) {
+ struct xt_xlate_mt_params params = {
+ .ip = (const void *)&cs->fw,
+ .match = matchp->match->m,
+ .numeric = numeric,
+ };
+
if (!matchp->match->xlate)
return 0;
- ret = matchp->match->xlate((const void *)&cs->fw,
- matchp->match->m, xl, numeric);
+ ret = matchp->match->xlate(xl, ¶ms);
if (strcmp(matchp->match->name, "comment") != 0)
xt_xlate_add(xl, " ");
projects / thirdparty / iptables.git / commitdiff
