return false;
}
-static int nft_arp_add(struct nft_handle *h, struct nftnl_rule *r, void *data)
+static int nft_arp_add(struct nft_handle *h, struct nftnl_rule *r,
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
struct arpt_entry *fw = &cs->arp;
uint32_t op;
int ret = 0;
}
static void nft_arp_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
- void *data)
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
struct arpt_entry *fw = &cs->arp;
uint8_t flags = 0;
}
static void nft_arp_parse_payload(struct nft_xt_ctx *ctx,
- struct nftnl_expr *e, void *data)
+ struct nftnl_expr *e,
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
struct arpt_entry *fw = &cs->arp;
struct in_addr addr;
uint16_t ar_hrd, ar_pro, ar_op;
}
static void
-nft_arp_save_rule(const void *data, unsigned int format)
+nft_arp_save_rule(const struct iptables_command_state *cs, unsigned int format)
{
- const struct iptables_command_state *cs = data;
-
format |= FMT_NUMERIC;
printf(" ");
nft_clear_iptables_command_state(&cs);
}
-static bool nft_arp_is_same(const void *data_a,
- const void *data_b)
+static bool nft_arp_is_same(const struct iptables_command_state *cs_a,
+ const struct iptables_command_state *cs_b)
{
- const struct arpt_entry *a = data_a;
- const struct arpt_entry *b = data_b;
+ const struct arpt_entry *a = &cs_a->arp;
+ const struct arpt_entry *b = &cs_b->arp;
if (a->arp.src.s_addr != b->arp.src.s_addr
|| a->arp.tgt.s_addr != b->arp.tgt.s_addr
}
static int nft_bridge_add(struct nft_handle *h,
- struct nftnl_rule *r, void *data)
+ struct nftnl_rule *r,
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
struct ebt_match *iter;
struct ebt_entry *fw = &cs->eb;
uint32_t op;
}
static void nft_bridge_parse_meta(struct nft_xt_ctx *ctx,
- struct nftnl_expr *e, void *data)
+ struct nftnl_expr *e,
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
struct ebt_entry *fw = &cs->eb;
uint8_t invflags = 0;
char iifname[IFNAMSIZ] = {}, oifname[IFNAMSIZ] = {};
}
static void nft_bridge_parse_payload(struct nft_xt_ctx *ctx,
- struct nftnl_expr *e, void *data)
+ struct nftnl_expr *e,
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
struct ebt_entry *fw = &cs->eb;
unsigned char addr[ETH_ALEN];
unsigned short int ethproto;
}
static void nft_bridge_parse_lookup(struct nft_xt_ctx *ctx,
- struct nftnl_expr *e, void *data)
+ struct nftnl_expr *e)
{
struct xtables_match *match = NULL;
struct nft_among_data *among_data;
(*match_list)->next = m;
}
-static void nft_bridge_parse_match(struct xtables_match *m, void *data)
+static void nft_bridge_parse_match(struct xtables_match *m,
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
-
parse_watcher(m, &cs->match_list, true);
}
-static void nft_bridge_parse_target(struct xtables_target *t, void *data)
+static void nft_bridge_parse_target(struct xtables_target *t,
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
-
/* harcoded names :-( */
if (strcmp(t->name, "log") == 0 ||
strcmp(t->name, "nflog") == 0) {
printf("%s ", ent->e_name);
}
-static void __nft_bridge_save_rule(const void *data, unsigned int format)
+static void __nft_bridge_save_rule(const struct iptables_command_state *cs,
+ unsigned int format)
{
- const struct iptables_command_state *cs = data;
-
if (cs->eb.ethproto)
print_protocol(cs->eb.ethproto, cs->eb.invflags & EBT_IPROTO,
cs->eb.bitmask);
fputc('\n', stdout);
}
-static void nft_bridge_save_rule(const void *data, unsigned int format)
+static void nft_bridge_save_rule(const struct iptables_command_state *cs,
+ unsigned int format)
{
printf(" ");
- __nft_bridge_save_rule(data, format);
+ __nft_bridge_save_rule(cs, format);
}
static void nft_bridge_print_rule(struct nft_handle *h, struct nftnl_rule *r,
printf(":%s %s\n", chain, policy ?: "ACCEPT");
}
-static bool nft_bridge_is_same(const void *data_a, const void *data_b)
+static bool nft_bridge_is_same(const struct iptables_command_state *cs_a,
+ const struct iptables_command_state *cs_b)
{
- const struct ebt_entry *a = data_a;
- const struct ebt_entry *b = data_b;
+ const struct ebt_entry *a = &cs_a->eb;
+ const struct ebt_entry *b = &cs_b->eb;
int i;
if (a->ethproto != b->ethproto ||
xt_xlate_add(xl, " ");
}
-static int nft_bridge_xlate(const void *data, struct xt_xlate *xl)
+static int nft_bridge_xlate(const struct iptables_command_state *cs,
+ struct xt_xlate *xl)
{
- const struct iptables_command_state *cs = data;
int ret;
xlate_ifname(xl, "iifname", cs->eb.in,
#include "nft.h"
#include "nft-shared.h"
-static int nft_ipv4_add(struct nft_handle *h, struct nftnl_rule *r, void *data)
+static int nft_ipv4_add(struct nft_handle *h, struct nftnl_rule *r,
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
struct xtables_rule_match *matchp;
uint32_t op;
int ret;
return add_action(r, cs, !!(cs->fw.ip.flags & IPT_F_GOTO));
}
-static bool nft_ipv4_is_same(const void *data_a,
- const void *data_b)
+static bool nft_ipv4_is_same(const struct iptables_command_state *a,
+ const struct iptables_command_state *b)
{
- const struct iptables_command_state *a = data_a;
- const struct iptables_command_state *b = data_b;
-
if (a->fw.ip.src.s_addr != b->fw.ip.src.s_addr
|| a->fw.ip.dst.s_addr != b->fw.ip.dst.s_addr
|| a->fw.ip.smsk.s_addr != b->fw.ip.smsk.s_addr
}
static void nft_ipv4_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
- void *data)
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
-
switch (ctx->meta.key) {
case NFT_META_L4PROTO:
cs->fw.ip.proto = nftnl_expr_get_u8(e, NFTNL_EXPR_CMP_DATA);
}
static void nft_ipv4_parse_payload(struct nft_xt_ctx *ctx,
- struct nftnl_expr *e, void *data)
+ struct nftnl_expr *e,
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
struct in_addr addr;
uint8_t proto;
bool inv;
nft_clear_iptables_command_state(&cs);
}
-static void nft_ipv4_save_rule(const void *data, unsigned int format)
+static void nft_ipv4_save_rule(const struct iptables_command_state *cs,
+ unsigned int format)
{
- const struct iptables_command_state *cs = data;
-
save_ipv4_addr('s', &cs->fw.ip.src, &cs->fw.ip.smsk,
cs->fw.ip.invflags & IPT_INV_SRCIP);
save_ipv4_addr('d', &cs->fw.ip.dst, &cs->fw.ip.dmsk,
}
}
-static int nft_ipv4_xlate(const void *data, struct xt_xlate *xl)
+static int nft_ipv4_xlate(const struct iptables_command_state *cs,
+ struct xt_xlate *xl)
{
- const struct iptables_command_state *cs = data;
const char *comment;
int ret;
#include "nft.h"
#include "nft-shared.h"
-static int nft_ipv6_add(struct nft_handle *h, struct nftnl_rule *r, void *data)
+static int nft_ipv6_add(struct nft_handle *h, struct nftnl_rule *r,
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
struct xtables_rule_match *matchp;
uint32_t op;
int ret;
return add_action(r, cs, !!(cs->fw6.ipv6.flags & IP6T_F_GOTO));
}
-static bool nft_ipv6_is_same(const void *data_a,
- const void *data_b)
+static bool nft_ipv6_is_same(const struct iptables_command_state *a,
+ const struct iptables_command_state *b)
{
- const struct iptables_command_state *a = data_a;
- const struct iptables_command_state *b = data_b;
-
if (memcmp(a->fw6.ipv6.src.s6_addr, b->fw6.ipv6.src.s6_addr,
sizeof(struct in6_addr)) != 0
|| memcmp(a->fw6.ipv6.dst.s6_addr, b->fw6.ipv6.dst.s6_addr,
}
static void nft_ipv6_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
- void *data)
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
-
switch (ctx->meta.key) {
case NFT_META_L4PROTO:
cs->fw6.ipv6.proto = nftnl_expr_get_u8(e, NFTNL_EXPR_CMP_DATA);
}
static void nft_ipv6_parse_payload(struct nft_xt_ctx *ctx,
- struct nftnl_expr *e, void *data)
+ struct nftnl_expr *e,
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
struct in6_addr addr;
uint8_t proto;
bool inv;
nft_clear_iptables_command_state(&cs);
}
-static void nft_ipv6_save_rule(const void *data, unsigned int format)
+static void nft_ipv6_save_rule(const struct iptables_command_state *cs,
+ unsigned int format)
{
- const struct iptables_command_state *cs = data;
-
save_ipv6_addr('s', &cs->fw6.ipv6.src, &cs->fw6.ipv6.smsk,
cs->fw6.ipv6.invflags & IP6T_INV_SRCIP);
save_ipv6_addr('d', &cs->fw6.ipv6.dst, &cs->fw6.ipv6.dmsk,
}
}
-static int nft_ipv6_xlate(const void *data, struct xt_xlate *xl)
+static int nft_ipv6_xlate(const struct iptables_command_state *cs,
+ struct xt_xlate *xl)
{
- const struct iptables_command_state *cs = data;
const char *comment;
int ret;
struct xtables_target *target;
struct xt_entry_target *t;
size_t size;
- void *data = ctx->cs;
target = xtables_find_target(targname, XTF_TRY_LOAD);
if (target == NULL)
target->t = t;
- ctx->h->ops->parse_target(target, data);
+ ctx->h->ops->parse_target(target, ctx->cs);
}
static void nft_parse_match(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
}
static void nft_parse_transport(struct nft_xt_ctx *ctx,
- struct nftnl_expr *e, void *data)
+ struct nftnl_expr *e,
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
uint32_t sdport;
uint16_t port;
uint8_t proto, op;
static void nft_parse_cmp(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
- void *data = ctx->cs;
uint32_t reg;
reg = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_SREG);
return;
if (ctx->flags & NFT_XT_CTX_META) {
- ctx->h->ops->parse_meta(ctx, e, data);
+ ctx->h->ops->parse_meta(ctx, e, ctx->cs);
ctx->flags &= ~NFT_XT_CTX_META;
}
/* bitwise context is interpreted from payload */
switch (ctx->payload.base) {
case NFT_PAYLOAD_LL_HEADER:
if (ctx->h->family == NFPROTO_BRIDGE)
- ctx->h->ops->parse_payload(ctx, e, data);
+ ctx->h->ops->parse_payload(ctx, e, ctx->cs);
break;
case NFT_PAYLOAD_NETWORK_HEADER:
- ctx->h->ops->parse_payload(ctx, e, data);
+ ctx->h->ops->parse_payload(ctx, e, ctx->cs);
break;
case NFT_PAYLOAD_TRANSPORT_HEADER:
- nft_parse_transport(ctx, e, data);
+ nft_parse_transport(ctx, e, ctx->cs);
break;
}
}
struct nftnl_expr *e)
{
if (ctx->h->ops->parse_lookup)
- ctx->h->ops->parse_lookup(ctx, e, NULL);
+ ctx->h->ops->parse_lookup(ctx, e);
}
static void nft_parse_range(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
return true;
}
-void nft_ipv46_parse_target(struct xtables_target *t, void *data)
+void nft_ipv46_parse_target(struct xtables_target *t,
+ struct iptables_command_state *cs)
{
- struct iptables_command_state *cs = data;
-
cs->target = t;
cs->jumpto = t->name;
}
};
struct nft_family_ops {
- int (*add)(struct nft_handle *h, struct nftnl_rule *r, void *data);
- bool (*is_same)(const void *data_a,
- const void *data_b);
+ int (*add)(struct nft_handle *h, struct nftnl_rule *r,
+ struct iptables_command_state *cs);
+ bool (*is_same)(const struct iptables_command_state *cs_a,
+ const struct iptables_command_state *cs_b);
void (*print_payload)(struct nftnl_expr *e,
struct nftnl_expr_iter *iter);
void (*parse_meta)(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
- void *data);
+ struct iptables_command_state *cs);
void (*parse_payload)(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
- void *data);
- void (*parse_bitwise)(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
- void *data);
- void (*parse_cmp)(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
- void *data);
- void (*parse_lookup)(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
- void *data);
+ struct iptables_command_state *cs);
+ void (*parse_lookup)(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
void (*set_goto_flag)(struct iptables_command_state *cs);
void (*print_table_header)(const char *tablename);
int refs, uint32_t entries);
void (*print_rule)(struct nft_handle *h, struct nftnl_rule *r,
unsigned int num, unsigned int format);
- void (*save_rule)(const void *data, unsigned int format);
+ void (*save_rule)(const struct iptables_command_state *cs,
+ unsigned int format);
void (*save_chain)(const struct nftnl_chain *c, const char *policy);
struct xt_cmd_parse_ops cmd_parse;
- void (*parse_match)(struct xtables_match *m, void *data);
- void (*parse_target)(struct xtables_target *t, void *data);
+ void (*parse_match)(struct xtables_match *m,
+ struct iptables_command_state *cs);
+ void (*parse_target)(struct xtables_target *t,
+ struct iptables_command_state *cs);
void (*init_cs)(struct iptables_command_state *cs);
void (*rule_to_cs)(struct nft_handle *h, const struct nftnl_rule *r,
struct iptables_command_state *cs);
void (*clear_cs)(struct iptables_command_state *cs);
- int (*xlate)(const void *data, struct xt_xlate *xl);
+ int (*xlate)(const struct iptables_command_state *cs,
+ struct xt_xlate *xl);
int (*add_entry)(struct nft_handle *h,
const char *chain, const char *table,
struct iptables_command_state *cs,
struct nft_family_ops *nft_family_ops_lookup(int family);
-void nft_ipv46_parse_target(struct xtables_target *t, void *data);
+void nft_ipv46_parse_target(struct xtables_target *t,
+ struct iptables_command_state *cs);
bool compare_matches(struct xtables_rule_match *mt1, struct xtables_rule_match *mt2);
bool compare_targets(struct xtables_target *tg1, struct xtables_target *tg2);
struct nftnl_rule *
nft_rule_new(struct nft_handle *h, const char *chain, const char *table,
- void *data)
+ struct iptables_command_state *cs)
{
struct nftnl_rule *r;
nftnl_rule_set_str(r, NFTNL_RULE_TABLE, table);
nftnl_rule_set_str(r, NFTNL_RULE_CHAIN, chain);
- if (h->ops->add(h, r, data) < 0)
+ if (h->ops->add(h, r, cs) < 0)
goto err;
return r;
*/
struct nftnl_rule;
-struct nftnl_rule *nft_rule_new(struct nft_handle *h, const char *chain, const char *table, void *data);
+struct nftnl_rule *nft_rule_new(struct nft_handle *h, const char *chain, const char *table, struct iptables_command_state *cs);
int nft_rule_append(struct nft_handle *h, const char *chain, const char *table, struct nftnl_rule *r, struct nftnl_rule *ref, bool verbose);
int nft_rule_insert(struct nft_handle *h, const char *chain, const char *table, struct nftnl_rule *r, int rulenum, bool verbose);
int nft_rule_check(struct nft_handle *h, const char *chain, const char *table, struct nftnl_rule *r, bool verbose);
projects / thirdparty / iptables.git / commitdiff
