* [iptables-nftables PATCH 1/2] xtables: arp: add delete operation
@ 2013-09-22 8:18 Giuseppe Longo
2013-09-22 8:18 ` [iptables-nftables PATCH 2/2] xtables: arp: zeroing chain counters Giuseppe Longo
2013-09-24 11:18 ` [iptables-nftables PATCH 1/2] xtables: arp: add delete operation Pablo Neira Ayuso
0 siblings, 2 replies; 4+ messages in thread
From: Giuseppe Longo @ 2013-09-22 8:18 UTC (permalink / raw)
To: netfilter-devel; +Cc: Giuseppe Longo
The following patch permit to delete the rules specifying
an entry or a rule number.
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
---
iptables/xtables-arp.c | 33 ++++++++++++++++++++++++++++-----
1 files changed, 28 insertions(+), 5 deletions(-)
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 8dfdf63..4537a58 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -911,6 +911,30 @@ replace_entry(const char *chain,
return nft_rule_replace(h, chain, table, fw, rulenum, verbose);
}
+static int
+delete_entry(const char *chain,
+ const char *table,
+ struct arpt_entry *fw,
+ unsigned int nsaddrs,
+ const struct in_addr saddrs[],
+ unsigned int ndaddrs,
+ const struct in_addr daddrs[],
+ bool verbose, struct nft_handle *h)
+{
+ unsigned int i, j;
+ int ret = 1;
+
+ for (i = 0; i < nsaddrs; i++) {
+ fw->arp.src.s_addr = saddrs[i].s_addr;
+ for (j = 0; j < ndaddrs; j++) {
+ fw->arp.tgt.s_addr = daddrs[j].s_addr;
+ ret = nft_rule_delete(h, chain, table, fw, verbose);
+ }
+ }
+
+ return ret;
+}
+
int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
{
struct arpt_entry fw, *e = NULL;
@@ -1402,13 +1426,12 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
options&OPT_VERBOSE, true);
break;
case CMD_DELETE:
- /*ret = delete_entry(chain, e,
- nsaddrs, saddrs, ndaddrs, daddrs,
- options&OPT_VERBOSE,
- handle);*/
+ ret = delete_entry(chain, *table, e,
+ nsaddrs, saddrs, ndaddrs, daddrs,
+ options&OPT_VERBOSE, h);
break;
case CMD_DELETE_NUM:
- /*ret = arptc_delete_num_entry(chain, rulenum - 1, handle);*/
+ ret = nft_rule_delete_num(h, chain, *table, rulenum - 1, verbose);
break;
case CMD_REPLACE:
ret = replace_entry(chain, *table, e, rulenum - 1,
--
1.7.8.6
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [iptables-nftables PATCH 2/2] xtables: arp: zeroing chain counters
2013-09-22 8:18 [iptables-nftables PATCH 1/2] xtables: arp: add delete operation Giuseppe Longo
@ 2013-09-22 8:18 ` Giuseppe Longo
2013-09-24 11:19 ` Pablo Neira Ayuso
2013-09-24 11:18 ` [iptables-nftables PATCH 1/2] xtables: arp: add delete operation Pablo Neira Ayuso
1 sibling, 1 reply; 4+ messages in thread
From: Giuseppe Longo @ 2013-09-22 8:18 UTC (permalink / raw)
To: netfilter-devel; +Cc: Giuseppe Longo
This small patch permit to reset the chain counters.
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
---
iptables/xtables-arp.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 4537a58..2f43ce8 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -1462,9 +1462,8 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
options&OPT_NUMERIC,
/*options&OPT_EXPANDED*/0,
options&OPT_LINENUMBERS);
- /*if (ret)
- ret = zero_entries(chain,
- options&OPT_VERBOSE, handle);*/
+ if (ret && (command & CMD_ZERO))
+ ret = nft_chain_zero_counters(h, chain, *table);
break;
case CMD_NEW_CHAIN:
ret = nft_chain_user_add(h, chain, *table);
--
1.7.8.6
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [iptables-nftables PATCH 1/2] xtables: arp: add delete operation
2013-09-22 8:18 [iptables-nftables PATCH 1/2] xtables: arp: add delete operation Giuseppe Longo
2013-09-22 8:18 ` [iptables-nftables PATCH 2/2] xtables: arp: zeroing chain counters Giuseppe Longo
@ 2013-09-24 11:18 ` Pablo Neira Ayuso
1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-24 11:18 UTC (permalink / raw)
To: Giuseppe Longo; +Cc: netfilter-devel
On Sun, Sep 22, 2013 at 10:18:55AM +0200, Giuseppe Longo wrote:
> The following patch permit to delete the rules specifying
> an entry or a rule number.
Applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [iptables-nftables PATCH 2/2] xtables: arp: zeroing chain counters
2013-09-22 8:18 ` [iptables-nftables PATCH 2/2] xtables: arp: zeroing chain counters Giuseppe Longo
@ 2013-09-24 11:19 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-24 11:19 UTC (permalink / raw)
To: Giuseppe Longo; +Cc: netfilter-devel
On Sun, Sep 22, 2013 at 10:18:56AM +0200, Giuseppe Longo wrote:
> This small patch permit to reset the chain counters.
Applied with minor change.
> Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
> ---
> iptables/xtables-arp.c | 5 ++---
> 1 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
> index 4537a58..2f43ce8 100644
> --- a/iptables/xtables-arp.c
> +++ b/iptables/xtables-arp.c
> @@ -1462,9 +1462,8 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
> options&OPT_NUMERIC,
> /*options&OPT_EXPANDED*/0,
> options&OPT_LINENUMBERS);
> - /*if (ret)
> - ret = zero_entries(chain,
> - options&OPT_VERBOSE, handle);*/
> + if (ret && (command & CMD_ZERO))
^---------------------^
that seems redundant, we already checked for this above.
Mangled and applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-09-24 11:19 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-22 8:18 [iptables-nftables PATCH 1/2] xtables: arp: add delete operation Giuseppe Longo
2013-09-22 8:18 ` [iptables-nftables PATCH 2/2] xtables: arp: zeroing chain counters Giuseppe Longo
2013-09-24 11:19 ` Pablo Neira Ayuso
2013-09-24 11:18 ` [iptables-nftables PATCH 1/2] xtables: arp: add delete operation Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).