struct rule;
#ifdef HAVE_LIBXTABLES
+void xt_stmt_xlate(const struct stmt *stmt);
+void xt_stmt_release(const struct stmt *stmt);
+
void netlink_parse_target(struct netlink_parse_ctx *ctx,
const struct location *loc,
const struct nftnl_expr *nle);
void stmt_xt_postprocess(struct rule_pp_ctx *rctx, struct stmt *stmt,
struct rule *rule);
#else
+static inline void xt_stmt_xlate(const struct stmt *stmt) {}
+static inline void xt_stmt_release(const struct stmt *stmt) {}
+
#include <erec.h>
static inline void netlink_parse_target(struct netlink_parse_ctx *ctx,
struct stmt *stmt, struct rule *rule) {}
#endif
+
#endif /* _NFT_XT_H_ */
return stmt_alloc(loc, &fwd_stmt_ops);
}
+static void xt_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
+{
+ xt_stmt_xlate(stmt);
+}
+
+static void xt_stmt_destroy(struct stmt *stmt)
+{
+ xfree(stmt->xt.name);
+ xfree(stmt->xt.opts);
+ xt_stmt_release(stmt);
+}
+
+static const struct stmt_ops xt_stmt_ops = {
+ .type = STMT_XT,
+ .name = "xt",
+ .print = xt_stmt_print,
+ .destroy = xt_stmt_destroy,
+};
+
+struct stmt *xt_stmt_alloc(const struct location *loc)
+{
+ return stmt_alloc(loc, &xt_stmt_ops);
+}
#include <linux/netfilter_arp/arp_tables.h>
#include <linux/netfilter_bridge/ebtables.h>
+void xt_stmt_xlate(const struct stmt *stmt)
+{
+ struct xt_xlate *xl = xt_xlate_alloc(10240);
+
+ switch (stmt->xt.type) {
+ case NFT_XT_MATCH:
+ if (stmt->xt.match == NULL && stmt->xt.opts) {
+ printf("%s", stmt->xt.opts);
+ } else if (stmt->xt.match->xlate) {
+ struct xt_xlate_mt_params params = {
+ .ip = stmt->xt.entry,
+ .match = stmt->xt.match->m,
+ .numeric = 0,
+ };
+
+ stmt->xt.match->xlate(xl, ¶ms);
+ printf("%s", xt_xlate_get(xl));
+ } else if (stmt->xt.match->print) {
+ printf("#");
+ stmt->xt.match->print(&stmt->xt.entry,
+ stmt->xt.match->m, 0);
+ }
+ break;
+ case NFT_XT_WATCHER:
+ case NFT_XT_TARGET:
+ if (stmt->xt.target == NULL && stmt->xt.opts) {
+ printf("%s", stmt->xt.opts);
+ } else if (stmt->xt.target->xlate) {
+ struct xt_xlate_tg_params params = {
+ .ip = stmt->xt.entry,
+ .target = stmt->xt.target->t,
+ .numeric = 0,
+ };
+
+ stmt->xt.target->xlate(xl, ¶ms);
+ printf("%s", xt_xlate_get(xl));
+ } else if (stmt->xt.target->print) {
+ printf("#");
+ stmt->xt.target->print(NULL, stmt->xt.target->t, 0);
+ }
+ break;
+ default:
+ break;
+ }
+
+ xt_xlate_free(xl);
+}
+
+void xt_stmt_release(const struct stmt *stmt)
+{
+ switch (stmt->xt.type) {
+ case NFT_XT_MATCH:
+ if (!stmt->xt.match)
+ break;
+ if (stmt->xt.match->m)
+ xfree(stmt->xt.match->m);
+ xfree(stmt->xt.match);
+ break;
+ case NFT_XT_WATCHER:
+ case NFT_XT_TARGET:
+ if (!stmt->xt.target)
+ break;
+ if (stmt->xt.target->t)
+ xfree(stmt->xt.target->t);
+ xfree(stmt->xt.target);
+ break;
+ default:
+ break;
+ }
+ xfree(stmt->xt.entry);
+}
+
static void *xt_entry_alloc(struct xt_stmt *xt, uint32_t af)
{
union nft_entry {
m->u.match_size = mt_len + XT_ALIGN(sizeof(struct xt_entry_match));
m->u.user.revision = nftnl_expr_get_u32(nle, NFTNL_EXPR_MT_REV);
- stmt = stmt_alloc(loc, NULL);
+ stmt = xt_stmt_alloc(loc);
stmt->xt.name = strdup(name);
stmt->xt.type = NFT_XT_MATCH;
stmt->xt.match = xt_match_clone(mt);
t->u.user.revision = nftnl_expr_get_u32(nle, NFTNL_EXPR_TG_REV);
strcpy(t->u.user.name, tg->name);
- stmt = stmt_alloc(loc, NULL);
+ stmt = xt_stmt_alloc(loc);
stmt->xt.name = strdup(name);
stmt->xt.type = NFT_XT_TARGET;
stmt->xt.target = xt_target_clone(tg);
projects / thirdparty / nftables.git / commitdiff
