From patchwork Fri Aug 9 13:31:21 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomasz Bursztyka X-Patchwork-Id: 266031 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 0D4112C009F for ; Fri, 9 Aug 2013 23:31:51 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S967802Ab3HINbu (ORCPT ); Fri, 9 Aug 2013 09:31:50 -0400 Received: from mga14.intel.com ([143.182.124.37]:11450 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S967780Ab3HINbt (ORCPT ); Fri, 9 Aug 2013 09:31:49 -0400 Received: from azsmga001.ch.intel.com ([10.2.17.19]) by azsmga102.ch.intel.com with ESMTP; 09 Aug 2013 06:31:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.89,846,1367996400"; d="scan'208";a="344042410" Received: from unknown (HELO rd-180.ger.corp.intel.com) ([10.252.122.195]) by azsmga001.ch.intel.com with ESMTP; 09 Aug 2013 06:31:47 -0700 From: Tomasz Bursztyka To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org, Tomasz Bursztyka Subject: [iptables-nftables RFC v3 PATCH 07/16] nft: Add support for xtables extensions callback to change cs Date: Fri, 9 Aug 2013 16:31:21 +0300 Message-Id: <1376055090-26551-8-git-send-email-tomasz.bursztyka@linux.intel.com> X-Mailer: git-send-email 1.8.3.2 In-Reply-To: <1376055090-26551-1-git-send-email-tomasz.bursztyka@linux.intel.com> References: <1376055090-26551-1-git-send-email-tomasz.bursztyka@linux.intel.com> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This add the support of xtables extension expressed in pure nft through the nft translator. Thus feeding give command structure with the right target or match. This has been implemented as a callback, in the core, to let the extentions being able to feed the command structure. Which command structure they cannot handle (its declaration is private to the core). Signed-off-by: Tomasz Bursztyka --- iptables/nft-shared.c | 3 ++- iptables/nft-xt-ext.c | 20 ++++++++++++++++++++ iptables/nft-xt-ext.h | 2 ++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index b3682c4..8bef696 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -512,7 +512,8 @@ void nft_rule_to_iptables_command_state(struct nft_rule *r, i2cs.family = nft_rule_attr_get_u8(r, NFT_RULE_ATTR_FAMILY); i2cs.cs = cs; - nft_trans_rule_translate_to_instructions(xt_nft_tree, r, NULL, &i2cs); + nft_trans_rule_translate_to_instructions(xt_nft_tree, r, + nft_xt_ext_parse_callback, &i2cs); if (i2cs.cs->target != NULL) i2cs.cs->jumpto = i2cs.cs->target->name; diff --git a/iptables/nft-xt-ext.c b/iptables/nft-xt-ext.c index f013493..660e417 100644 --- a/iptables/nft-xt-ext.c +++ b/iptables/nft-xt-ext.c @@ -143,3 +143,23 @@ int nft_xt_ext_into_translation_tree(struct nft_trans_instruction_tree *tree) return 0; } + +int nft_xt_ext_parse_callback(const char *ident, void *data, void *user_data) +{ + struct nft_to_cs_data *i2cs = user_data; + struct xtables_target *target; + struct xtables_match *match; + + target = xtables_find_target(ident, XTF_TRY_LOAD); + match = xtables_find_match(ident, XTF_TRY_LOAD, &i2cs->cs->matches); + + if (target != NULL) { + target->t = data; + i2cs->cs->target = target; + } else if (match != NULL) + match->m = data; + else + return -1; + + return 0; +} diff --git a/iptables/nft-xt-ext.h b/iptables/nft-xt-ext.h index a367277..f3e6491 100644 --- a/iptables/nft-xt-ext.h +++ b/iptables/nft-xt-ext.h @@ -10,3 +10,5 @@ #include int nft_xt_ext_into_translation_tree(struct nft_trans_instruction_tree *tree); + +int nft_xt_ext_parse_callback(const char *ident, void *data, void *user_data);