* [iptables-nftables PATCH 1/2] xtables: arp: add delete operation
@ 2013-09-22 8:18 Giuseppe Longo
2013-09-22 8:18 ` [iptables-nftables PATCH 2/2] xtables: arp: zeroing chain counters Giuseppe Longo
2013-09-24 11:18 ` [iptables-nftables PATCH 1/2] xtables: arp: add delete operation Pablo Neira Ayuso
0 siblings, 2 replies; 4+ messages in thread
From: Giuseppe Longo @ 2013-09-22 8:18 UTC (permalink / raw)
To: netfilter-devel; +Cc: Giuseppe Longo
The following patch permit to delete the rules specifying
an entry or a rule number.
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
---
iptables/xtables-arp.c | 33 ++++++++++++++++++++++++++++-----
1 files changed, 28 insertions(+), 5 deletions(-)
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 8dfdf63..4537a58 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -911,6 +911,30 @@ replace_entry(const char *chain,
return nft_rule_replace(h, chain, table, fw, rulenum, verbose);
}
+static int
+delete_entry(const char *chain,
+ const char *table,
+ struct arpt_entry *fw,
+ unsigned int nsaddrs,
+ const struct in_addr saddrs[],
+ unsigned int ndaddrs,
+ const struct in_addr daddrs[],
+ bool verbose, struct nft_handle *h)
+{
+ unsigned int i, j;
+ int ret = 1;
+
+ for (i = 0; i < nsaddrs; i++) {
+ fw->arp.src.s_addr = saddrs[i].s_addr;
+ for (j = 0; j < ndaddrs; j++) {
+ fw->arp.tgt.s_addr = daddrs[j].s_addr;
+ ret = nft_rule_delete(h, chain, table, fw, verbose);
+ }
+ }
+
+ return ret;
+}
+
int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
{
struct arpt_entry fw, *e = NULL;
@@ -1402,13 +1426,12 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
options&OPT_VERBOSE, true);
break;
case CMD_DELETE:
- /*ret = delete_entry(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
- options&OPT_VERBOSE,
- handle);*/
+ ret = delete_entry(chain, *table, e,
+ nsaddrs, saddrs, ndaddrs, daddrs,
+ options&OPT_VERBOSE, h);
break;
case CMD_DELETE_NUM:
- /*ret = arptc_delete_num_entry(chain, rulenum - 1, handle);*/
+ ret = nft_rule_delete_num(h, chain, *table, rulenum - 1, verbose);
break;
case CMD_REPLACE:
ret = replace_entry(chain, *table, e, rulenum - 1,
--
1.7.8.6
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [iptables-nftables PATCH 2/2] xtables: arp: zeroing chain counters
2013-09-22 8:18 [iptables-nftables PATCH 1/2] xtables: arp: add delete operation Giuseppe Longo
@ 2013-09-22 8:18 ` Giuseppe Longo
2013-09-24 11:19 ` Pablo Neira Ayuso
2013-09-24 11:18 ` [iptables-nftables PATCH 1/2] xtables: arp: add delete operation Pablo Neira Ayuso
1 sibling, 1 reply; 4+ messages in thread
From: Giuseppe Longo @ 2013-09-22 8:18 UTC (permalink / raw)
To: netfilter-devel; +Cc: Giuseppe Longo
This small patch permit to reset the chain counters.
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
---
iptables/xtables-arp.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 4537a58..2f43ce8 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -1462,9 +1462,8 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
options&OPT_NUMERIC,
/*options&OPT_EXPANDED*/0,
options&OPT_LINENUMBERS);
- /*if (ret)
- ret = zero_entries(chain,
- options&OPT_VERBOSE, handle);*/
+ if (ret && (command & CMD_ZERO))
+ ret = nft_chain_zero_counters(h, chain, *table);
break;
case CMD_NEW_CHAIN:
ret = nft_chain_user_add(h, chain, *table);
--
1.7.8.6
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [iptables-nftables PATCH 1/2] xtables: arp: add delete operation
2013-09-22 8:18 [iptables-nftables PATCH 1/2] xtables: arp: add delete operation Giuseppe Longo
2013-09-22 8:18 ` [iptables-nftables PATCH 2/2] xtables: arp: zeroing chain counters Giuseppe Longo
@ 2013-09-24 11:18 ` Pablo Neira Ayuso
1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-24 11:18 UTC (permalink / raw)
To: Giuseppe Longo; +Cc: netfilter-devel
On Sun, Sep 22, 2013 at 10:18:55AM +0200, Giuseppe Longo wrote:
> The following patch permit to delete the rules specifying
> an entry or a rule number.
Applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [iptables-nftables PATCH 2/2] xtables: arp: zeroing chain counters
2013-09-22 8:18 ` [iptables-nftables PATCH 2/2] xtables: arp: zeroing chain counters Giuseppe Longo
@ 2013-09-24 11:19 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-24 11:19 UTC (permalink / raw)
To: Giuseppe Longo; +Cc: netfilter-devel
On Sun, Sep 22, 2013 at 10:18:56AM +0200, Giuseppe Longo wrote:
> This small patch permit to reset the chain counters.
Applied with minor change.
> Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
> ---
> iptables/xtables-arp.c | 5 ++---
> 1 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
> index 4537a58..2f43ce8 100644
> --- a/iptables/xtables-arp.c
> +++ b/iptables/xtables-arp.c
> @@ -1462,9 +1462,8 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
> options&OPT_NUMERIC,
> /*options&OPT_EXPANDED*/0,
> options&OPT_LINENUMBERS);
> - /*if (ret)
> - ret = zero_entries(chain,
> - options&OPT_VERBOSE, handle);*/
> + if (ret && (command & CMD_ZERO))
^---------------------^
that seems redundant, we already checked for this above.
Mangled and applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-09-24 11:19 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-22 8:18 [iptables-nftables PATCH 1/2] xtables: arp: add delete operation Giuseppe Longo
2013-09-22 8:18 ` [iptables-nftables PATCH 2/2] xtables: arp: zeroing chain counters Giuseppe Longo
2013-09-24 11:19 ` Pablo Neira Ayuso
2013-09-24 11:18 ` [iptables-nftables PATCH 1/2] xtables: arp: add delete operation Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.