From: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
To: netfilter-devel@vger.kernel.org
Cc: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Subject: [iptables-nftables - RFC v2 PATCH 08/17] nft: Add support for xtables extensions callback to change cs
Date: Thu, 25 Jul 2013 20:16:28 +0300 [thread overview]
Message-ID: <1374772597-20548-9-git-send-email-tomasz.bursztyka@linux.intel.com> (raw)
In-Reply-To: <1374772597-20548-1-git-send-email-tomasz.bursztyka@linux.intel.com>
This add the support of xtables extension expressed in pure nft through
the nft translator. Thus feeding give command structure with the right
target or match. This has been implemented as a callback, in the core,
to let the extentions being able to feed the command structure. Which
command structure they cannot handle (its declaration is private to the core).
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
---
iptables/nft-xt-ext.c | 20 ++++++++++++++++++++
iptables/nft-xt-ext.h | 2 ++
iptables/nft.c | 3 ++-
3 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/iptables/nft-xt-ext.c b/iptables/nft-xt-ext.c
index f013493..660e417 100644
--- a/iptables/nft-xt-ext.c
+++ b/iptables/nft-xt-ext.c
@@ -143,3 +143,23 @@ int nft_xt_ext_into_translation_tree(struct nft_trans_instruction_tree *tree)
return 0;
}
+
+int nft_xt_ext_parse_callback(const char *ident, void *data, void *user_data)
+{
+ struct nft_to_cs_data *i2cs = user_data;
+ struct xtables_target *target;
+ struct xtables_match *match;
+
+ target = xtables_find_target(ident, XTF_TRY_LOAD);
+ match = xtables_find_match(ident, XTF_TRY_LOAD, &i2cs->cs->matches);
+
+ if (target != NULL) {
+ target->t = data;
+ i2cs->cs->target = target;
+ } else if (match != NULL)
+ match->m = data;
+ else
+ return -1;
+
+ return 0;
+}
diff --git a/iptables/nft-xt-ext.h b/iptables/nft-xt-ext.h
index a367277..f3e6491 100644
--- a/iptables/nft-xt-ext.h
+++ b/iptables/nft-xt-ext.h
@@ -10,3 +10,5 @@
#include <nft-translator.h>
int nft_xt_ext_into_translation_tree(struct nft_trans_instruction_tree *tree);
+
+int nft_xt_ext_parse_callback(const char *ident, void *data, void *user_data);
diff --git a/iptables/nft.c b/iptables/nft.c
index 7b16bd3..7b619b5 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1818,7 +1818,8 @@ nft_rule_to_iptables_command_state(struct nft_rule *r,
i2cs.family = nft_rule_attr_get_u8(r, NFT_RULE_ATTR_FAMILY);
i2cs.cs = cs;
- nft_trans_rule_translate_to_instructions(xt_nft_tree, r, NULL, &i2cs);
+ nft_trans_rule_translate_to_instructions(xt_nft_tree, r,
+ nft_xt_ext_parse_callback, &i2cs);
if (i2cs.cs->target != NULL)
i2cs.cs->jumpto = i2cs.cs->target->name;
--
1.8.3.2
next prev parent reply other threads:[~2013-07-25 17:16 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-25 17:16 [iptables-nftables - RFC v2 PATCH 00/17] Xtables extensions: full support (pure nft or compat layer) Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 01/17] nft: Remove useless function Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 02/17] xtables: Add support for injecting xtables target into nft rule Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 03/17] xtables: add support for injecting xtables matches " Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 04/17] nft: Add nft expressions translation engine as a library Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 05/17] nft: Integrate nft translator engine in current core Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 06/17] nft: Manage xtables target parsing through translation tree Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 07/17] nft: Manage xtables matches through nft " Tomasz Bursztyka
2013-07-25 17:16 ` Tomasz Bursztyka [this message]
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 09/17] xtables: Add support for registering nft translation function for target Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 10/17] xtables: Add support for registering nft translation function for match Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 11/17] nft: Register all relevant xtables extensions into translation tree Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 12/17] nft: Refactor firewall printing so it reuses already parsed cs struct Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 13/17] nft: Refactor rule deletion so it compares both cs structure Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 14/17] xtables: nft: Complete refactoring on how rules are saved Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 15/17] xtables: Support pure nft expressions for DNAT extension Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 16/17] nft: Add a function to reset the counters of an existing rule Tomasz Bursztyka
2013-07-25 17:16 ` [iptables-nftables - RFC v2 PATCH 17/17] xtables: Support -Z options for a given rule number Tomasz Bursztyka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1374772597-20548-9-git-send-email-tomasz.bursztyka@linux.intel.com \
--to=tomasz.bursztyka@linux.intel.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).