[iptables-nftables PATCH 1/5] nft: let nft_handle struct own the builtin table pointer

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Giuseppe Longo <giuseppelng@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: Giuseppe Longo <giuseppelng@gmail.com>
Subject: [iptables-nftables PATCH 1/5] nft: let nft_handle struct own the builtin table pointer
Date: Fri, 26 Jul 2013 13:05:15 +0200	[thread overview]
Message-ID: <1374836719-27596-1-git-send-email-giuseppelng@gmail.com> (raw)

The following patch adds own builtin_table pointer used by future tool (like arptables)
to have own tables and not tables declared in nft.c

Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
---
 iptables/nft.c                |   22 +++-------------------
 iptables/nft.h                |   24 +++++++++++++++++++++++-
 iptables/xtables-config.c     |    2 +-
 iptables/xtables-restore.c    |    2 +-
 iptables/xtables-save.c       |    2 +-
 iptables/xtables-standalone.c |    2 +-
 6 files changed, 30 insertions(+), 24 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index 9a857b9..5665148 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -80,24 +80,7 @@ static int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh,
 	return 0;
 }
 
-#define FILTER		0
-#define MANGLE		1
-#define RAW		2
-#define SECURITY	3
-#define NAT		4
-#define TABLES_MAX	5
-
-struct builtin_chain {
-	const char *name;
-	const char *type;
-	uint32_t prio;
-	uint32_t hook;
-};
-
-static struct builtin_table {
-	const char *name;
-	struct builtin_chain chains[NF_INET_NUMHOOKS];
-} tables[TABLES_MAX] = {
+struct builtin_table xtables_ipv4[TABLES_MAX] = {
 	[RAW] = {
 		.name	= "raw",
 		.chains = {
@@ -389,7 +372,7 @@ static bool nft_chain_builtin(struct nft_chain *c)
 	return nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM) != NULL;
 }
 
-int nft_init(struct nft_handle *h)
+int nft_init(struct nft_handle *h, struct builtin_table *t)
 {
 	h->nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (h->nl == NULL) {
@@ -402,6 +385,7 @@ int nft_init(struct nft_handle *h)
 		return -1;
 	}
 	h->portid = mnl_socket_get_portid(h->nl);
+	h->tables = t;
 
 	return 0;
 }
diff --git a/iptables/nft.h b/iptables/nft.h
index 7a6351b..f3317c9 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -4,6 +4,25 @@
 #include "xshared.h"
 #include "nft-shared.h"
 
+#define FILTER         0
+#define MANGLE         1
+#define RAW            2
+#define SECURITY       3
+#define NAT            4
+#define TABLES_MAX     5
+
+struct builtin_chain {
+	const char *name;
+	const char *type;
+	uint32_t prio;
+	uint32_t hook;
+};
+
+struct builtin_table {
+	const char *name;
+	struct builtin_chain chains[NF_INET_NUMHOOKS];
+};
+
 struct nft_handle {
 	int			family;
 	struct mnl_socket	*nl;
@@ -11,9 +30,12 @@ struct nft_handle {
 	uint32_t		seq;
 	bool			commit;
 	struct nft_family_ops	*ops;
+	struct builtin_table	*tables;
 };
 
-int nft_init(struct nft_handle *h);
+extern struct builtin_table xtables_ipv4[TABLES_MAX];
+
+int nft_init(struct nft_handle *h, struct builtin_table *t);
 void nft_fini(struct nft_handle *h);
 
 /*
diff --git a/iptables/xtables-config.c b/iptables/xtables-config.c
index 515b18b..b7cf609 100644
--- a/iptables/xtables-config.c
+++ b/iptables/xtables-config.c
@@ -35,7 +35,7 @@ int xtables_config_main(int argc, char *argv[])
 	else
 		filename = argv[1];
 
-	if (nft_init(&h) < 0) {
+	if (nft_init(&h, xtables_ipv4) < 0) {
                 fprintf(stderr, "Failed to initialize nft: %s\n",
 			strerror(errno));
 		return EXIT_FAILURE;
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 8469ba1..608e189 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -193,7 +193,7 @@ xtables_restore_main(int argc, char *argv[])
 	init_extensions4();
 #endif
 
-	if (nft_init(&h) < 0) {
+	if (nft_init(&h, xtables_ipv4) < 0) {
 		fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
 				xtables_globals.program_name,
 				xtables_globals.program_version,
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 41ceaf5..db03090 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -96,7 +96,7 @@ xtables_save_main(int argc, char *argv[])
 	init_extensions();
 	init_extensions4();
 #endif
-	if (nft_init(&h) < 0) {
+	if (nft_init(&h, xtables_ipv4) < 0) {
 		fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
 				xtables_globals.program_name,
 				xtables_globals.program_version,
diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
index 3f8b981..9d5a667 100644
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -61,7 +61,7 @@ xtables_main(int argc, char *argv[])
 	init_extensions4();
 #endif
 
-	if (nft_init(&h) < 0) {
+	if (nft_init(&h, xtables_ipv4) < 0) {
 		fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
 				xtables_globals.program_name,
 				xtables_globals.program_version,
-- 
1.7.8.6

next             reply	other threads:[~2013-07-26 11:05 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-26 11:05 Giuseppe Longo [this message]
2013-07-26 11:05 ` [iptables-nftables PATCH 2/5] nft: search builtin tables via nft_handle tables pointer Giuseppe Longo
2013-07-26 11:05 ` [iptables-nftables PATCH 3/5] nft: nft_xtables_config_load() called only in nft_init() Giuseppe Longo
2013-07-26 14:59   ` Pablo Neira Ayuso
2013-07-28  9:34     ` Giuseppe Longo
2013-07-29  6:14       ` Tomasz Bursztyka
2013-07-30  7:05   ` Tomasz Bursztyka
2013-07-26 11:05 ` [iptables-nftables PATCH 4/5] nft: export functions reusability Giuseppe Longo
2013-07-30  9:06   ` Pablo Neira Ayuso
2013-07-26 11:05 ` [iptables-nftables PATCH 5/5] nft: fix family operation lookup Giuseppe Longo
2013-07-30  9:46   ` Pablo Neira Ayuso
2013-07-26 12:31 ` [iptables-nftables PATCH 1/5] nft: let nft_handle struct own the builtin table pointer Pablo Neira Ayuso
2013-07-29  8:24 ` [iptables-nftables PATCH 4/5] nft: export functions reusability Tomasz Bursztyka

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9a857b9 dfblob:5665148 dfblob:7a6351b dfblob:f3317c9
dfblob:515b18b dfblob:b7cf609 dfblob:8469ba1 dfblob:608e189
dfblob:41ceaf5 dfblob:db03090 dfblob:3f8b981 dfblob:9d5a667 )
 OR (
bs:"[iptables-nftables PATCH 1/5] nft: let nft_handle struct own the builtin table pointer" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1374836719-27596-1-git-send-email-giuseppelng@gmail.com \
    --to=giuseppelng@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.