@@ -80,24 +80,7 @@ static int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh,
return 0;
}
-#define FILTER 0
-#define MANGLE 1
-#define RAW 2
-#define SECURITY 3
-#define NAT 4
-#define TABLES_MAX 5
-
-struct builtin_chain {
- const char *name;
- const char *type;
- uint32_t prio;
- uint32_t hook;
-};
-
-static struct builtin_table {
- const char *name;
- struct builtin_chain chains[NF_INET_NUMHOOKS];
-} tables[TABLES_MAX] = {
+struct builtin_table xtables_ipv4[TABLES_MAX] = {
[RAW] = {
.name = "raw",
.chains = {
@@ -389,7 +372,7 @@ static bool nft_chain_builtin(struct nft_chain *c)
return nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM) != NULL;
}
-int nft_init(struct nft_handle *h)
+int nft_init(struct nft_handle *h, struct builtin_table *t)
{
h->nl = mnl_socket_open(NETLINK_NETFILTER);
if (h->nl == NULL) {
@@ -402,6 +385,7 @@ int nft_init(struct nft_handle *h)
return -1;
}
h->portid = mnl_socket_get_portid(h->nl);
+ h->tables = t;
return 0;
}
@@ -4,6 +4,25 @@
#include "xshared.h"
#include "nft-shared.h"
+#define FILTER 0
+#define MANGLE 1
+#define RAW 2
+#define SECURITY 3
+#define NAT 4
+#define TABLES_MAX 5
+
+struct builtin_chain {
+ const char *name;
+ const char *type;
+ uint32_t prio;
+ uint32_t hook;
+};
+
+struct builtin_table {
+ const char *name;
+ struct builtin_chain chains[NF_INET_NUMHOOKS];
+};
+
struct nft_handle {
int family;
struct mnl_socket *nl;
@@ -11,9 +30,12 @@ struct nft_handle {
uint32_t seq;
bool commit;
struct nft_family_ops *ops;
+ struct builtin_table *tables;
};
-int nft_init(struct nft_handle *h);
+extern struct builtin_table xtables_ipv4[TABLES_MAX];
+
+int nft_init(struct nft_handle *h, struct builtin_table *t);
void nft_fini(struct nft_handle *h);
/*
@@ -35,7 +35,7 @@ int xtables_config_main(int argc, char *argv[])
else
filename = argv[1];
- if (nft_init(&h) < 0) {
+ if (nft_init(&h, xtables_ipv4) < 0) {
fprintf(stderr, "Failed to initialize nft: %s\n",
strerror(errno));
return EXIT_FAILURE;
@@ -193,7 +193,7 @@ xtables_restore_main(int argc, char *argv[])
init_extensions4();
#endif
- if (nft_init(&h) < 0) {
+ if (nft_init(&h, xtables_ipv4) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
@@ -96,7 +96,7 @@ xtables_save_main(int argc, char *argv[])
init_extensions();
init_extensions4();
#endif
- if (nft_init(&h) < 0) {
+ if (nft_init(&h, xtables_ipv4) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
@@ -61,7 +61,7 @@ xtables_main(int argc, char *argv[])
init_extensions4();
#endif
- if (nft_init(&h) < 0) {
+ if (nft_init(&h, xtables_ipv4) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
The following patch adds own builtin_table pointer used by future tool (like arptables) to have own tables and not tables declared in nft.c Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> --- iptables/nft.c | 22 +++------------------- iptables/nft.h | 24 +++++++++++++++++++++++- iptables/xtables-config.c | 2 +- iptables/xtables-restore.c | 2 +- iptables/xtables-save.c | 2 +- iptables/xtables-standalone.c | 2 +- 6 files changed, 30 insertions(+), 24 deletions(-)