Legacy arptables has been silently ignoring this flag (plus mandatory
argument) since day 1. Retain compatibility to that behaviour but inform
users that a part of their rule does nothing.
Since arp is the only family which didn't provide a proto_parse
callback, implement one for the sole purpose of printing the warning. As
a side-effect, caller no longer has to check callback's existence.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
+static void nft_arp_proto_parse_warn(struct iptables_command_state *cs,
+ struct xtables_args *args)
+{
+ fprintf(stderr,
+ "Warning: Ignoring '-p' option not supported by arptables\n");
+}
+
static void nft_arp_post_parse(int command,
struct iptables_command_state *cs,
struct xtables_args *args)
static void nft_arp_post_parse(int command,
struct iptables_command_state *cs,
struct xtables_args *args)
.save_chain = nft_arp_save_chain,
.rule_parse = &nft_ruleparse_ops_arp,
.cmd_parse = {
.save_chain = nft_arp_save_chain,
.rule_parse = &nft_ruleparse_ops_arp,
.cmd_parse = {
+ .proto_parse = nft_arp_proto_parse_warn,
.post_parse = nft_arp_post_parse,
.option_name = nft_arp_option_name,
.option_invert = nft_arp_option_invert,
.post_parse = nft_arp_post_parse,
.option_name = nft_arp_option_name,
.option_invert = nft_arp_option_invert,
cs->protocol = optarg;
/* This needs to happen here to parse extensions */
cs->protocol = optarg;
/* This needs to happen here to parse extensions */
- if (p->ops->proto_parse)
- p->ops->proto_parse(cs, args);
+ p->ops->proto_parse(cs, args);
projects / thirdparty / iptables.git / commitdiff
