From patchwork Thu Jul 25 17:16:31 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomasz Bursztyka X-Patchwork-Id: 261810 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id BD67E2C0085 for ; Fri, 26 Jul 2013 03:16:59 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756610Ab3GYRQ6 (ORCPT ); Thu, 25 Jul 2013 13:16:58 -0400 Received: from mga11.intel.com ([192.55.52.93]:53512 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756583Ab3GYRQ6 (ORCPT ); Thu, 25 Jul 2013 13:16:58 -0400 Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga102.fm.intel.com with ESMTP; 25 Jul 2013 10:16:58 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.89,744,1367996400"; d="scan'208";a="376021687" Received: from unknown (HELO rd-180.ger.corp.intel.com) ([10.252.122.186]) by fmsmga002.fm.intel.com with ESMTP; 25 Jul 2013 10:16:56 -0700 From: Tomasz Bursztyka To: netfilter-devel@vger.kernel.org Cc: Tomasz Bursztyka Subject: [iptables-nftables - RFC v2 PATCH 11/17] nft: Register all relevant xtables extensions into translation tree Date: Thu, 25 Jul 2013 20:16:31 +0300 Message-Id: <1374772597-20548-12-git-send-email-tomasz.bursztyka@linux.intel.com> X-Mailer: git-send-email 1.8.3.2 In-Reply-To: <1374772597-20548-1-git-send-email-tomasz.bursztyka@linux.intel.com> References: <1374772597-20548-1-git-send-email-tomasz.bursztyka@linux.intel.com> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org On the contrary of legacy code or current compatible xtables layer in nftables, pure nft expression list, representing an extension, won't provide any extension name. What use to be one target expressions with a name and a data like for instance: target(foo,) will become: imm bitwise cmp payload imm cmp Thus, it's necessary to know the expression patterns, before hand to be able to match the right extension. Signed-off-by: Tomasz Bursztyka --- include/xtables.h | 2 ++ iptables/nft-xt-ext.c | 13 +++++++++++++ 2 files changed, 15 insertions(+) diff --git a/include/xtables.h b/include/xtables.h index 03139a0..0a07f22 100644 --- a/include/xtables.h +++ b/include/xtables.h @@ -422,6 +422,8 @@ extern "C" { #endif extern const char *xtables_modprobe_program; +extern struct xtables_match *xtables_pending_matches; +extern struct xtables_target *xtables_pending_targets; extern struct xtables_match *xtables_matches; extern struct xtables_target *xtables_targets; diff --git a/iptables/nft-xt-ext.c b/iptables/nft-xt-ext.c index 660e417..b2b29a7 100644 --- a/iptables/nft-xt-ext.c +++ b/iptables/nft-xt-ext.c @@ -135,12 +135,25 @@ static struct nft_trans_instruction nft_ipt_xt_match = { int nft_xt_ext_into_translation_tree(struct nft_trans_instruction_tree *tree) { + struct xtables_target *t; + struct xtables_match *m; + if (tree == NULL) return -1; nft_trans_add_instruction(tree, &nft_ipt_xt_target); nft_trans_add_instruction(tree, &nft_ipt_xt_match); + for (t = xtables_pending_targets; t; t = t->next) { + if (t->register_nft_instructions != NULL) + t->register_nft_instructions(tree); + } + + for (m = xtables_pending_matches; m; m = m->next) { + if (m->register_nft_instructions != NULL) + m->register_nft_instructions(tree); + } + return 0; }