#include <netinet/in.h>
//#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/nf_tables.h>
#include <net/ethernet.h>
+#include <libiptc/libxtc.h>
/* We use replace->flags, so we can't use the following values:
* 0x01 == OPT_COMMAND, 0x02 == OPT_TABLE, 0x100 == OPT_ZERO */
#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
| EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
+/* ebtables target modules store the verdict inside an int. We can
+ * reclaim a part of this int for backwards compatible extensions.
+ * The 4 lsb are more than enough to store the verdict.
+ */
+#define EBT_VERDICT_BITS 0x0000000F
+
/* Fake ebt_entry */
struct ebt_entry {
/* this needs to be the first field */
void nft_rule_to_ebtables_command_state(struct nft_rule *r,
struct ebtables_command_state *cs);
+static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = {
+ "ACCEPT",
+ "DROP",
+ "CONTINUE",
+ "RETURN",
+};
+
+static inline const char *nft_ebt_standard_target(unsigned int num)
+{
+ if (num > NUM_STANDARD_TARGETS)
+ return NULL;
+
+ return ebt_standard_targets[num];
+}
+
+static inline int ebt_fill_target(const char *str, unsigned int *verdict)
+{
+ int i, ret = 0;
+
+ for (i = 0; i < NUM_STANDARD_TARGETS; i++) {
+ if (!strcmp(str, nft_ebt_standard_target(i))) {
+ *verdict = -i - 1;
+ break;
+ }
+ }
+
+ if (i == NUM_STANDARD_TARGETS)
+ ret = 1;
+
+ return ret;
+}
+
+static inline const char *ebt_target_name(unsigned int verdict)
+{
+ return nft_ebt_standard_target(-verdict - 1);
+}
+
+#define EBT_CHECK_OPTION(flags, mask) ({ \
+ if (*flags & mask) \
+ xtables_error(PARAMETER_PROBLEM, \
+ "Multiple use of same " \
+ "option not allowed"); \
+ *flags |= mask; \
+}) \
+
#endif
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
+#include <ctype.h>
#include <errno.h>
#include <getopt.h>
#include <string.h>
#include <linux/netfilter_bridge.h>
#include <linux/netfilter/nf_tables.h>
#include <ebtables/ethernetdb.h>
+#include <libiptc/libxtc.h>
#include "xshared.h"
#include "nft.h"
#include "nft-bridge.h"
#define EXEC_STYLE_PRG 0
#define EXEC_STYLE_DAEMON 1
+#define ebt_check_option2(flags, mask) EBT_CHECK_OPTION(flags, mask)
+
/*
* From useful_functions.c
*/
return 0;
}
-/* This is a replacement for the ebt_check_option2() macro.
- *
- * Make sure the same option wasn't specified twice. This is used in the parse
- * functions of the extensions and ebtables.c.
- */
-static void ebt_check_option2(unsigned int *flags, unsigned int mask)
-{
- if (*flags & mask)
- xtables_error(PARAMETER_PROBLEM,
- "Multiple use of same option not allowed");
- *flags |= mask;
-}
-
static int ebt_check_inverse2(const char option[], int argc, char **argv)
{
if (!option)
void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
-static struct option *ebt_options = ebt_original_options;
-
struct xtables_globals ebtables_globals = {
.option_offset = 0,
.program_version = IPTABLES_VERSION,
* From libebtc.c
*/
-/* The four target names, from libebtc.c */
-const char* ebt_standard_targets[NUM_STANDARD_TARGETS] =
-{
- "ACCEPT",
- "DROP",
- "CONTINUE",
- "RETURN",
-};
-
/* Prints all registered extensions */
static void ebt_list_extensions(const struct xtables_target *t,
const struct xtables_rule_match *m)
struct option *merge;
if (!newopts || !oldopts || !options_offset)
- xtables_error(OTHER_PROBLEM, "merge wrong");
+ return oldopts;
for (num_old = 0; oldopts[num_old].name; num_old++);
for (num_new = 0; newopts[num_new].name; num_new++);
xs_init_target(target);
- if (target->x6_options != NULL)
- ebt_options = xtables_options_xfrm(ebtables_globals.orig_opts,
- ebt_options, target->x6_options,
- &target->option_offset);
- else
- ebt_options = xtables_merge_options(ebtables_globals.orig_opts,
- ebt_options, target->extra_opts,
- &target->option_offset);
+ opts = merge_options(opts, target->extra_opts, &target->option_offset);
+ if (opts == NULL)
+ xtables_error(OTHER_PROBLEM, "Can't alloc memory");
return target;
}
xtables_error(PARAMETER_PROBLEM,
"No policy specified");
for (i = 0; i < NUM_STANDARD_TARGETS; i++)
- if (!strcmp(argv[optind], ebt_standard_targets[i])) {
+ if (!strcmp(argv[optind], nft_ebt_standard_target(i))) {
policy = argv[optind];
if (-i-1 == EBT_CONTINUE)
xtables_error(PARAMETER_PROBLEM,
continue;
default:
/* Is it a target option? */
- /*t = (struct ebt_u_target *)new_entry->t;
- if ((t->parse(c - t->option_offset, argv, argc, new_entry, &t->flags, &t->t))) {
- if (ebt_errormsg[0] != '\0')
- return -1;
- goto check_extension;
- }*/
+ if (cs.target != NULL && cs.target->parse != NULL) {
+ int opt_offset = cs.target->option_offset;
+ if (cs.target->parse(c - opt_offset,
+ argv, ebt_invert,
+ &cs.target->tflags,
+ NULL, &cs.target->t))
+ goto check_extension;
+ }
/* Is it a match_option? */
for (m = xtables_matches; m; m = m->next) {
projects / thirdparty / iptables.git / commitdiff
