return 0;
}
-#define FILTER 0
-#define MANGLE 1
-#define RAW 2
-#define SECURITY 3
-#define NAT 4
-#define TABLES_MAX 5
-
-struct builtin_chain {
- const char *name;
- const char *type;
- uint32_t prio;
- uint32_t hook;
-};
-
-static struct builtin_table {
- const char *name;
- struct builtin_chain chains[NF_INET_NUMHOOKS];
-} tables[TABLES_MAX] = {
+struct builtin_table xtables_ipv4[TABLES_MAX] = {
[RAW] = {
.name = "raw",
.chains = {
}
/* find if built-in table already exists */
-static struct builtin_table *nft_table_builtin_find(const char *table)
+static struct builtin_table
+*nft_table_builtin_find(struct nft_handle *h, const char *table)
{
int i;
bool found = false;
for (i=0; i<TABLES_MAX; i++) {
- if (strcmp(tables[i].name, table) != 0)
+ if (strcmp(h->tables[i].name, table) != 0)
continue;
found = true;
break;
}
- return found ? &tables[i] : NULL;
+ return found ? &h->tables[i] : NULL;
}
/* find if built-in chain already exists */
int ret = 0;
struct builtin_table *t;
- t = nft_table_builtin_find(table);
+ t = nft_table_builtin_find(h, table);
if (t == NULL) {
ret = -1;
goto out;
return nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM) != NULL;
}
-int nft_init(struct nft_handle *h)
+int nft_init(struct nft_handle *h, struct builtin_table *t)
{
h->nl = mnl_socket_open(NETLINK_NETFILTER);
if (h->nl == NULL) {
return -1;
}
h->portid = mnl_socket_get_portid(h->nl);
+ h->tables = t;
return 0;
}
int ret = 0, i;
struct builtin_table *t;
- t = nft_table_builtin_find(table);
+ t = nft_table_builtin_find(h, table);
if (t == NULL) {
ret = -1;
goto out;
struct builtin_chain *_c;
int ret;
- _t = nft_table_builtin_find(table);
+ _t = nft_table_builtin_find(h, table);
/* if this built-in table does not exists, create it */
if (_t != NULL)
nft_table_builtin_add(h, _t, false);
#include "xshared.h"
#include "nft-shared.h"
+#define FILTER 0
+#define MANGLE 1
+#define RAW 2
+#define SECURITY 3
+#define NAT 4
+#define TABLES_MAX 5
+
+struct builtin_chain {
+ const char *name;
+ const char *type;
+ uint32_t prio;
+ uint32_t hook;
+};
+
+struct builtin_table {
+ const char *name;
+ struct builtin_chain chains[NF_INET_NUMHOOKS];
+};
+
struct nft_handle {
int family;
struct mnl_socket *nl;
uint32_t seq;
bool commit;
struct nft_family_ops *ops;
+ struct builtin_table *tables;
};
-int nft_init(struct nft_handle *h);
+extern struct builtin_table xtables_ipv4[TABLES_MAX];
+
+int nft_init(struct nft_handle *h, struct builtin_table *t);
void nft_fini(struct nft_handle *h);
/*
init_extensions4();
#endif
- if (nft_init(&h) < 0) {
+ if (nft_init(&h, xtables_ipv4) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
init_extensions();
init_extensions4();
#endif
- if (nft_init(&h) < 0) {
+ if (nft_init(&h, xtables_ipv4) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
init_extensions4();
#endif
- if (nft_init(&h) < 0) {
+ if (nft_init(&h, xtables_ipv4) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
projects / thirdparty / iptables.git / commitdiff
