Patchwork [iptables-nftables,RFC,v3,10/16] nft: Register all relevant xtables extensions into translation tree

login
register
mail settings
Submitter Tomasz Bursztyka
Date Aug. 9, 2013, 1:31 p.m.
Message ID <1376055090-26551-11-git-send-email-tomasz.bursztyka@linux.intel.com>
Download mbox | patch
Permalink /patch/266034/
State RFC
Headers show

Comments

Tomasz Bursztyka - Aug. 9, 2013, 1:31 p.m.
On the contrary of legacy code or current compatible xtables layer in nftables,
pure nft expression list, representing an extension, won't provide any extension
name.

What use to be one target expressions with a name and a data like for instance:
target(foo,<memory blob>)
will become:
imm bitwise cmp payload imm cmp

Thus, it's necessary to know the expression patterns, before hand to be able to
match the right extension.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
---
 include/xtables.h     |  2 ++
 iptables/nft-xt-ext.c | 13 +++++++++++++
 2 files changed, 15 insertions(+)

Patch

diff --git a/include/xtables.h b/include/xtables.h
index 03139a0..0a07f22 100644
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -422,6 +422,8 @@  extern "C" {
 #endif
 
 extern const char *xtables_modprobe_program;
+extern struct xtables_match *xtables_pending_matches;
+extern struct xtables_target *xtables_pending_targets;
 extern struct xtables_match *xtables_matches;
 extern struct xtables_target *xtables_targets;
 
diff --git a/iptables/nft-xt-ext.c b/iptables/nft-xt-ext.c
index 660e417..b2b29a7 100644
--- a/iptables/nft-xt-ext.c
+++ b/iptables/nft-xt-ext.c
@@ -135,12 +135,25 @@  static struct nft_trans_instruction nft_ipt_xt_match = {
 
 int nft_xt_ext_into_translation_tree(struct nft_trans_instruction_tree *tree)
 {
+	struct xtables_target *t;
+	struct xtables_match *m;
+
 	if (tree == NULL)
 		return -1;
 
 	nft_trans_add_instruction(tree, &nft_ipt_xt_target);
 	nft_trans_add_instruction(tree, &nft_ipt_xt_match);
 
+	for (t = xtables_pending_targets; t; t = t->next) {
+		if (t->register_nft_instructions != NULL)
+			t->register_nft_instructions(tree);
+	}
+
+	for (m = xtables_pending_matches; m; m = m->next) {
+		if (m->register_nft_instructions != NULL)
+			m->register_nft_instructions(tree);
+	}
+
 	return 0;
 }