* [iptables PATCH] arpt-compat: mangle extension support
@ 2015-02-16 10:52 Arturo Borrero Gonzalez
2015-02-18 22:53 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Arturo Borrero Gonzalez @ 2015-02-16 10:52 UTC (permalink / raw)
To: netfilter-devel; +Cc: giuseppelng, pablo
This patch gives support in arpt-compat to use the mangle extension.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
Please ignore patch http://patchwork.ozlabs.org/patch/439479/
extensions/GNUmakefile.in | 46 +++++++++++++++++++++++++++++++------
extensions/libarp_mangle.c | 0
iptables/nft-arp.c | 23 ++++++++++---------
iptables/xtables-arp-standalone.c | 30 ++++++------------------
iptables/xtables-arp.c | 13 ++++++++--
libxtables/xtables.c | 13 ++++++++++
6 files changed, 80 insertions(+), 45 deletions(-)
rename extensions/{libxt_mangle.c => libarp_mangle.c} (100%)
diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
index 9eb4bf9..929a02b 100644
--- a/extensions/GNUmakefile.in
+++ b/extensions/GNUmakefile.in
@@ -40,19 +40,23 @@ endif
#
pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c)))
pfb_build_mod := $(patsubst ${srcdir}/libebt_%.c,%,$(sort $(wildcard ${srcdir}/libebt_*.c)))
+pfa_build_mod := $(patsubst ${srcdir}/libarp_%.c,%,$(sort $(wildcard ${srcdir}/libarp_*.c)))
pfx_symlinks := NOTRACK state
@ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c)))
@ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c)))
pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod})
pfb_build_mod := $(filter-out @blacklist_modules@,${pfb_build_mod})
+pfa_build_mod := $(filter-out @blacklist_modules@,${pfa_build_mod})
pf4_build_mod := $(filter-out @blacklist_modules@,${pf4_build_mod})
pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod})
pfb_objs := $(patsubst %,libebt_%.o,${pfb_build_mod})
+pfa_objs := $(patsubst %,libarp_%.o,${pfa_build_mod})
pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod})
pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod})
pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks})
pfb_solibs := $(patsubst %,libebt_%.so,${pfb_build_mod})
+pfa_solibs := $(patsubst %,libarp_%.so,${pfa_build_mod})
pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod})
pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod})
@@ -60,14 +64,15 @@ pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod})
#
# Building blocks
#
-targets := libext.a libext4.a libext6.a libext_ebt.a matches.man targets.man
+targets := libext.a libext4.a libext6.a libext_ebt.a libext_arp.a matches.man targets.man
targets_install :=
@ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs}
@ENABLE_STATIC_TRUE@ libext_ebt_objs := ${pfb_objs}
+@ENABLE_STATIC_TRUE@ libext_arp_objs := ${pfa_objs}
@ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs}
@ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs}
-@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs}
-@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs}
+@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs}
+@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs}
.SECONDARY:
@@ -80,7 +85,7 @@ install: ${targets_install}
if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi;
clean:
- rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c initextb.c;
+ rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c initextb.c initexta.c;
rm -f .*.d .*.dd;
distclean: clean
@@ -126,6 +131,9 @@ libext.a: initext.o ${libext_objs}
libext_ebt.a: initextb.o ${libext_ebt_objs}
${AM_VERBOSE_AR} ${AR} crs $@ $^;
+libext_arp.a: initexta.o ${libext_arp_objs}
+ ${AM_VERBOSE_AR} ${AR} crs $@ $^;
+
libext4.a: initext4.o ${libext4_objs}
${AM_VERBOSE_AR} ${AR} crs $@ $^;
@@ -134,6 +142,7 @@ libext6.a: initext6.o ${libext6_objs}
initext_func := $(addprefix xt_,${pfx_build_mod})
initextb_func := $(addprefix ebt_,${pfb_build_mod})
+initexta_func := $(addprefix arp_,${pfa_build_mod})
initext4_func := $(addprefix ipt_,${pf4_build_mod})
initext6_func := $(addprefix ip6t_,${pf6_build_mod})
@@ -147,6 +156,11 @@ initext6_func := $(addprefix ip6t_,${pf6_build_mod})
cmp -s $@ $@.tmp || mv $@.tmp $@; \
rm -f $@.tmp;
+.initexta.dd: FORCE
+ @echo "${initexta_func}" >$@.tmp; \
+ cmp -s $@ $@.tmp || mv $@.tmp $@; \
+ rm -f $@.tmp;
+
.initext4.dd: FORCE
@echo "${initext4_func}" >$@.tmp; \
cmp -s $@ $@.tmp || mv $@.tmp $@; \
@@ -189,6 +203,22 @@ initextb.c: .initextb.dd
echo "}" >>$@; \
);
+initexta.c: .initexta.dd
+ ${AM_VERBOSE_GEN}
+ @( \
+ echo "" >$@; \
+ for i in ${initexta_func}; do \
+ echo "extern void lib$${i}_init(void);" >>$@; \
+ done; \
+ echo "void init_extensionsa(void);" >>$@; \
+ echo "void init_extensionsa(void)" >>$@; \
+ echo "{" >>$@; \
+ for i in ${initexta_func}; do \
+ echo " ""lib$${i}_init();" >>$@; \
+ done; \
+ echo "}" >>$@; \
+ );
+
initext4.c: .initext4.dd
${AM_VERBOSE_GEN}
@( \
@@ -249,8 +279,8 @@ man_run = \
fi; \
done >$@;
-matches.man: .initext.dd .initextb.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
- $(call man_run,$(call ex_matches,${pfx_build_mod} ${pfb_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
+matches.man: .initext.dd .initextb.dd .initexta.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
+ $(call man_run,$(call ex_matches,${pfx_build_mod} ${pfb_build_mod} ${pfa_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
-targets.man: .initext.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
- $(call man_run,$(call ex_targets,${pfx_build_mod} ${pfb_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
+targets.man: .initext.dd .initextb.dd .initexta.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
+ $(call man_run,$(call ex_targets,${pfx_build_mod} ${pfb_build_mod} ${pfa_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
diff --git a/extensions/libxt_mangle.c b/extensions/libarp_mangle.c
similarity index 100%
rename from extensions/libxt_mangle.c
rename to extensions/libarp_mangle.c
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 24b31c5..d51aa8a 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -402,12 +402,13 @@ void nft_rule_to_arptables_command_state(struct nft_rule *r,
nft_rule_expr_iter_destroy(iter);
- if (cs->target != NULL)
- cs->jumpto = cs->target->name;
- else if (cs->jumpto != NULL)
- cs->target = xtables_find_target(cs->jumpto, XTF_TRY_LOAD);
+ if (cs->jumpto != NULL)
+ return;
+
+ if (cs->target != NULL && cs->target->name != NULL)
+ cs->target = xtables_find_target(cs->target->name, XTF_TRY_LOAD);
else
- cs->jumpto = "";
+ cs->jumpto = "CONTINUE";
}
static void nft_arp_print_header(unsigned int format, const char *chain,
@@ -585,13 +586,13 @@ nft_arp_print_firewall(struct nft_rule *r, unsigned int num,
print_fw_details(&cs.fw, format);
- if (strlen(cs.jumpto) > 0) {
- printf("-j %s\n", cs.jumpto);
+ printf("-j ");
+
+ if (cs.jumpto != NULL) {
+ printf("%s", cs.jumpto);
} else if (cs.target) {
- if (cs.target->print)
- /* Print the target information. */
- cs.target->print(&cs.fw, cs.target->t,
- format & FMT_NUMERIC);
+ printf("%s ", cs.target->name);
+ cs.target->print(&cs.fw, cs.target->t, format & FMT_NUMERIC);
}
if (!(format & FMT_NOCOUNTS)) {
diff --git a/iptables/xtables-arp-standalone.c b/iptables/xtables-arp-standalone.c
index 182dd9f..6553d28 100644
--- a/iptables/xtables-arp-standalone.c
+++ b/iptables/xtables-arp-standalone.c
@@ -41,18 +41,7 @@
#include "xtables-multi.h"
-extern struct xtables_globals xtables_globals;
-extern const char *program_version, *program_name;
-
-static const struct xtables_afinfo afinfo_arp = {
- .kmod = "arp_tables",
- .proc_exists = "/proc/net/arp_tables_names",
- .libprefix = "libarp_",
- .family = NFPROTO_ARP,
- .ipproto = IPPROTO_IP,
- .so_rev_match = -1,
- .so_rev_target = -1,
-};
+extern struct xtables_globals arptables_globals;
int xtables_arp_main(int argc, char *argv[])
{
@@ -62,22 +51,17 @@ int xtables_arp_main(int argc, char *argv[])
.family = NFPROTO_ARP,
};
- xtables_globals.program_name = "arptables";
- /* This code below could be replaced by xtables_init_all, which
- * doesn't support NFPROTO_ARP yet.
- */
- xtables_init();
- afinfo = &afinfo_arp;
- ret = xtables_set_params(&xtables_globals);
+ arptables_globals.program_name = "arptables";
+ ret = xtables_init_all(&arptables_globals, NFPROTO_ARP);
if (ret < 0) {
- fprintf(stderr, "%s/%s Failed to initialize xtables\n",
- xtables_globals.program_name,
- xtables_globals.program_version);
+ fprintf(stderr, "%s/%s Failed to initialize arptables-compat\n",
+ arptables_globals.program_name,
+ arptables_globals.program_version);
exit(1);
}
#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
- init_extensions();
+ init_extensionsa();
#endif
ret = do_commandarp(&h, argc, argv, &table);
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index c92b9e7..20b987f 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -44,6 +44,7 @@
#include <sys/wait.h>
#include <net/if.h>
#include <netinet/ether.h>
+#include <iptables.h>
#include <xtables.h>
#include "xshared.h"
@@ -152,7 +153,13 @@ static struct option *opts = original_opts;
static unsigned int global_option_offset = 0;
extern void xtables_exit_error(enum xtables_exittype status, const char *msg, ...);
-extern struct xtables_globals xtables_globals;
+struct xtables_globals arptables_globals = {
+ .option_offset = 0,
+ .program_version = IPTABLES_VERSION,
+ .orig_opts = original_opts,
+ .exit_err = xtables_exit_error,
+ .compat_rev = nft_compatible_revision,
+};
/* Table of legal combinations of commands and options. If any of the
* given commands make an option legal, that option is legal (applies to
@@ -833,11 +840,11 @@ static struct xtables_target *command_jump(struct arpt_entry *fw,
xs_init_target(target);
if (target->x6_options != NULL)
- opts = xtables_options_xfrm(xtables_globals.orig_opts,
+ opts = xtables_options_xfrm(arptables_globals.orig_opts,
opts, target->x6_options,
&target->option_offset);
else
- opts = xtables_merge_options(xtables_globals.orig_opts,
+ opts = xtables_merge_options(arptables_globals.orig_opts,
opts, target->extra_opts,
&target->option_offset);
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 16e4d96..0200c7a 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -178,6 +178,16 @@ static const struct xtables_afinfo afinfo_bridge = {
.so_rev_target = -1,
};
+static const struct xtables_afinfo afinfo_arp = {
+ .kmod = "arp_tables",
+ .proc_exists = "/proc/net/eb_tables_names",
+ .libprefix = "libarpt_",
+ .family = NFPROTO_ARP,
+ .ipproto = IPPROTO_IP,
+ .so_rev_match = -1,
+ .so_rev_target = -1,
+};
+
const struct xtables_afinfo *afinfo;
/* Search path for Xtables .so files */
@@ -237,6 +247,9 @@ void xtables_set_nfproto(uint8_t nfproto)
case NFPROTO_BRIDGE:
afinfo = &afinfo_bridge;
break;
+ case NFPROTO_ARP:
+ afinfo = &afinfo_arp;
+ break;
default:
fprintf(stderr, "libxtables: unhandled NFPROTO in %s\n",
__func__);
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [iptables PATCH] arpt-compat: mangle extension support
2015-02-16 10:52 [iptables PATCH] arpt-compat: mangle extension support Arturo Borrero Gonzalez
@ 2015-02-18 22:53 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2015-02-18 22:53 UTC (permalink / raw)
To: Arturo Borrero Gonzalez; +Cc: netfilter-devel, giuseppelng
On Mon, Feb 16, 2015 at 11:52:52AM +0100, Arturo Borrero Gonzalez wrote:
> This patch gives support in arpt-compat to use the mangle extension.
Applied with minor glitches (see below), thanks.
> ---
> Please ignore patch http://patchwork.ozlabs.org/patch/439479/
>
> extensions/GNUmakefile.in | 46 +++++++++++++++++++++++++++++++------
> extensions/libarp_mangle.c | 0
> iptables/nft-arp.c | 23 ++++++++++---------
> iptables/xtables-arp-standalone.c | 30 ++++++------------------
> iptables/xtables-arp.c | 13 ++++++++--
> libxtables/xtables.c | 13 ++++++++++
> 6 files changed, 80 insertions(+), 45 deletions(-)
> rename extensions/{libxt_mangle.c => libarp_mangle.c} (100%)
>
> diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
> index 9eb4bf9..929a02b 100644
> --- a/extensions/GNUmakefile.in
> +++ b/extensions/GNUmakefile.in
> @@ -40,19 +40,23 @@ endif
> #
> pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c)))
> pfb_build_mod := $(patsubst ${srcdir}/libebt_%.c,%,$(sort $(wildcard ${srcdir}/libebt_*.c)))
> +pfa_build_mod := $(patsubst ${srcdir}/libarp_%.c,%,$(sort $(wildcard ${srcdir}/libarp_*.c)))
> pfx_symlinks := NOTRACK state
> @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c)))
> @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c)))
> pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod})
> pfb_build_mod := $(filter-out @blacklist_modules@,${pfb_build_mod})
> +pfa_build_mod := $(filter-out @blacklist_modules@,${pfa_build_mod})
> pf4_build_mod := $(filter-out @blacklist_modules@,${pf4_build_mod})
> pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
> pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod})
> pfb_objs := $(patsubst %,libebt_%.o,${pfb_build_mod})
> +pfa_objs := $(patsubst %,libarp_%.o,${pfa_build_mod})
> pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod})
> pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod})
> pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks})
> pfb_solibs := $(patsubst %,libebt_%.so,${pfb_build_mod})
> +pfa_solibs := $(patsubst %,libarp_%.so,${pfa_build_mod})
> pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod})
> pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod})
>
> @@ -60,14 +64,15 @@ pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod})
> #
> # Building blocks
> #
> -targets := libext.a libext4.a libext6.a libext_ebt.a matches.man targets.man
> +targets := libext.a libext4.a libext6.a libext_ebt.a libext_arp.a matches.man targets.man
> targets_install :=
> @ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs}
> @ENABLE_STATIC_TRUE@ libext_ebt_objs := ${pfb_objs}
> +@ENABLE_STATIC_TRUE@ libext_arp_objs := ${pfa_objs}
> @ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs}
> @ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs}
> -@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs}
> -@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs}
> +@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs}
> +@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs}
>
> .SECONDARY:
>
> @@ -80,7 +85,7 @@ install: ${targets_install}
> if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi;
>
> clean:
> - rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c initextb.c;
> + rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c initextb.c initexta.c;
> rm -f .*.d .*.dd;
>
> distclean: clean
> @@ -126,6 +131,9 @@ libext.a: initext.o ${libext_objs}
> libext_ebt.a: initextb.o ${libext_ebt_objs}
> ${AM_VERBOSE_AR} ${AR} crs $@ $^;
>
> +libext_arp.a: initexta.o ${libext_arp_objs}
> + ${AM_VERBOSE_AR} ${AR} crs $@ $^;
> +
> libext4.a: initext4.o ${libext4_objs}
> ${AM_VERBOSE_AR} ${AR} crs $@ $^;
>
> @@ -134,6 +142,7 @@ libext6.a: initext6.o ${libext6_objs}
>
> initext_func := $(addprefix xt_,${pfx_build_mod})
> initextb_func := $(addprefix ebt_,${pfb_build_mod})
> +initexta_func := $(addprefix arp_,${pfa_build_mod})
> initext4_func := $(addprefix ipt_,${pf4_build_mod})
> initext6_func := $(addprefix ip6t_,${pf6_build_mod})
>
> @@ -147,6 +156,11 @@ initext6_func := $(addprefix ip6t_,${pf6_build_mod})
> cmp -s $@ $@.tmp || mv $@.tmp $@; \
> rm -f $@.tmp;
>
> +.initexta.dd: FORCE
> + @echo "${initexta_func}" >$@.tmp; \
> + cmp -s $@ $@.tmp || mv $@.tmp $@; \
> + rm -f $@.tmp;
> +
> .initext4.dd: FORCE
> @echo "${initext4_func}" >$@.tmp; \
> cmp -s $@ $@.tmp || mv $@.tmp $@; \
> @@ -189,6 +203,22 @@ initextb.c: .initextb.dd
> echo "}" >>$@; \
> );
>
> +initexta.c: .initexta.dd
> + ${AM_VERBOSE_GEN}
> + @( \
> + echo "" >$@; \
> + for i in ${initexta_func}; do \
> + echo "extern void lib$${i}_init(void);" >>$@; \
> + done; \
> + echo "void init_extensionsa(void);" >>$@; \
> + echo "void init_extensionsa(void)" >>$@; \
> + echo "{" >>$@; \
> + for i in ${initexta_func}; do \
> + echo " ""lib$${i}_init();" >>$@; \
> + done; \
> + echo "}" >>$@; \
> + );
> +
> initext4.c: .initext4.dd
> ${AM_VERBOSE_GEN}
> @( \
> @@ -249,8 +279,8 @@ man_run = \
> fi; \
> done >$@;
>
> -matches.man: .initext.dd .initextb.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
> - $(call man_run,$(call ex_matches,${pfx_build_mod} ${pfb_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
> +matches.man: .initext.dd .initextb.dd .initexta.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
> + $(call man_run,$(call ex_matches,${pfx_build_mod} ${pfb_build_mod} ${pfa_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
>
> -targets.man: .initext.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
> - $(call man_run,$(call ex_targets,${pfx_build_mod} ${pfb_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
> +targets.man: .initext.dd .initextb.dd .initexta.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
> + $(call man_run,$(call ex_targets,${pfx_build_mod} ${pfb_build_mod} ${pfa_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
> diff --git a/extensions/libxt_mangle.c b/extensions/libarp_mangle.c
> similarity index 100%
> rename from extensions/libxt_mangle.c
> rename to extensions/libarp_mangle.c
> diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
> index 24b31c5..d51aa8a 100644
> --- a/iptables/nft-arp.c
> +++ b/iptables/nft-arp.c
> @@ -402,12 +402,13 @@ void nft_rule_to_arptables_command_state(struct nft_rule *r,
>
> nft_rule_expr_iter_destroy(iter);
>
> - if (cs->target != NULL)
> - cs->jumpto = cs->target->name;
> - else if (cs->jumpto != NULL)
> - cs->target = xtables_find_target(cs->jumpto, XTF_TRY_LOAD);
> + if (cs->jumpto != NULL)
> + return;
> +
> + if (cs->target != NULL && cs->target->name != NULL)
> + cs->target = xtables_find_target(cs->target->name, XTF_TRY_LOAD);
> else
> - cs->jumpto = "";
> + cs->jumpto = "CONTINUE";
Unlike ebtables-compat, this still needs to be "" instead of
"CONTINUE".
> }
>
> static void nft_arp_print_header(unsigned int format, const char *chain,
> @@ -585,13 +586,13 @@ nft_arp_print_firewall(struct nft_rule *r, unsigned int num,
>
> print_fw_details(&cs.fw, format);
>
> - if (strlen(cs.jumpto) > 0) {
> - printf("-j %s\n", cs.jumpto);
> + printf("-j ");
I adapted the code here too, since arptables allow rules without
target as iptables/ip6tables.
> +
> + if (cs.jumpto != NULL) {
> + printf("%s", cs.jumpto);
> } else if (cs.target) {
> - if (cs.target->print)
> - /* Print the target information. */
> - cs.target->print(&cs.fw, cs.target->t,
> - format & FMT_NUMERIC);
> + printf("%s ", cs.target->name);
> + cs.target->print(&cs.fw, cs.target->t, format & FMT_NUMERIC);
> }
>
> if (!(format & FMT_NOCOUNTS)) {
> diff --git a/iptables/xtables-arp-standalone.c b/iptables/xtables-arp-standalone.c
> index 182dd9f..6553d28 100644
> --- a/iptables/xtables-arp-standalone.c
> +++ b/iptables/xtables-arp-standalone.c
> @@ -41,18 +41,7 @@
>
> #include "xtables-multi.h"
>
> -extern struct xtables_globals xtables_globals;
> -extern const char *program_version, *program_name;
> -
> -static const struct xtables_afinfo afinfo_arp = {
> - .kmod = "arp_tables",
> - .proc_exists = "/proc/net/arp_tables_names",
> - .libprefix = "libarp_",
> - .family = NFPROTO_ARP,
> - .ipproto = IPPROTO_IP,
> - .so_rev_match = -1,
> - .so_rev_target = -1,
> -};
> +extern struct xtables_globals arptables_globals;
>
> int xtables_arp_main(int argc, char *argv[])
> {
> @@ -62,22 +51,17 @@ int xtables_arp_main(int argc, char *argv[])
> .family = NFPROTO_ARP,
> };
>
> - xtables_globals.program_name = "arptables";
> - /* This code below could be replaced by xtables_init_all, which
> - * doesn't support NFPROTO_ARP yet.
> - */
> - xtables_init();
> - afinfo = &afinfo_arp;
> - ret = xtables_set_params(&xtables_globals);
> + arptables_globals.program_name = "arptables";
> + ret = xtables_init_all(&arptables_globals, NFPROTO_ARP);
> if (ret < 0) {
> - fprintf(stderr, "%s/%s Failed to initialize xtables\n",
> - xtables_globals.program_name,
> - xtables_globals.program_version);
> + fprintf(stderr, "%s/%s Failed to initialize arptables-compat\n",
> + arptables_globals.program_name,
> + arptables_globals.program_version);
> exit(1);
> }
>
> #if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
> - init_extensions();
> + init_extensionsa();
> #endif
>
> ret = do_commandarp(&h, argc, argv, &table);
> diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
> index c92b9e7..20b987f 100644
> --- a/iptables/xtables-arp.c
> +++ b/iptables/xtables-arp.c
> @@ -44,6 +44,7 @@
> #include <sys/wait.h>
> #include <net/if.h>
> #include <netinet/ether.h>
> +#include <iptables.h>
> #include <xtables.h>
>
> #include "xshared.h"
> @@ -152,7 +153,13 @@ static struct option *opts = original_opts;
> static unsigned int global_option_offset = 0;
>
> extern void xtables_exit_error(enum xtables_exittype status, const char *msg, ...);
I have changed this to calm down a compilation warning.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-02-18 22:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-16 10:52 [iptables PATCH] arpt-compat: mangle extension support Arturo Borrero Gonzalez
2015-02-18 22:53 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.