diff mbox series

[nft] Revert ("src: Remove xt_stmt_() functions").

Message ID 20180120124039.6397-1-pablo@netfilter.org
State Accepted
Delegated to: Pablo Neira
Headers show
Series [nft] Revert ("src: Remove xt_stmt_() functions"). | expand

Commit Message

Pablo Neira Ayuso Jan. 20, 2018, 12:40 p.m. UTC 
Revert commit bce55916b51ec1a4c23322781e3b0c698ecc9561, we need this
code in place to properly make translation when iptables-compat loads
rules.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/statement.h |  2 ++
 include/xt.h        |  7 +++++
 src/statement.c     | 23 ++++++++++++++++
 src/xt.c            | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++--
 4 files changed, 106 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/include/statement.h b/include/statement.h
index 23a551b67f2b..379d99e4c4a0 100644
--- a/include/statement.h
+++ b/include/statement.h
@@ -203,6 +203,8 @@  struct xt_stmt {
 	void				*entry;
 };
 
+extern struct stmt *xt_stmt_alloc(const struct location *loc);
+
 /**
  * enum stmt_types - statement types
  *
diff --git a/include/xt.h b/include/xt.h
index dfdf9ee0d599..753511e63508 100644
--- a/include/xt.h
+++ b/include/xt.h
@@ -8,6 +8,9 @@  struct rule_pp_ctx;
 struct rule;
 
 #ifdef HAVE_LIBXTABLES
+void xt_stmt_xlate(const struct stmt *stmt);
+void xt_stmt_release(const struct stmt *stmt);
+
 void netlink_parse_target(struct netlink_parse_ctx *ctx,
 			  const struct location *loc,
 			  const struct nftnl_expr *nle);
@@ -17,6 +20,9 @@  void netlink_parse_match(struct netlink_parse_ctx *ctx,
 void stmt_xt_postprocess(struct rule_pp_ctx *rctx, struct stmt *stmt,
 			 struct rule *rule);
 #else
+static inline void xt_stmt_xlate(const struct stmt *stmt) {}
+static inline void xt_stmt_release(const struct stmt *stmt) {}
+
 #include <erec.h>
 
 static inline void netlink_parse_target(struct netlink_parse_ctx *ctx,
@@ -29,4 +35,5 @@  static inline void stmt_xt_postprocess(struct rule_pp_ctx *rctx,
 				       struct stmt *stmt, struct rule *rule) {}
 
 #endif
+
 #endif /* _NFT_XT_H_ */
diff --git a/src/statement.c b/src/statement.c
index 1f93260bd3d5..701337d7713b 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -694,3 +694,26 @@  struct stmt *fwd_stmt_alloc(const struct location *loc)
 	return stmt_alloc(loc, &fwd_stmt_ops);
 }
 
+static void xt_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
+{
+	xt_stmt_xlate(stmt);
+}
+
+static void xt_stmt_destroy(struct stmt *stmt)
+{
+	xfree(stmt->xt.name);
+	xfree(stmt->xt.opts);
+	xt_stmt_release(stmt);
+}
+
+static const struct stmt_ops xt_stmt_ops = {
+	.type		= STMT_XT,
+	.name		= "xt",
+	.print		= xt_stmt_print,
+	.destroy	= xt_stmt_destroy,
+};
+
+struct stmt *xt_stmt_alloc(const struct location *loc)
+{
+	return stmt_alloc(loc, &xt_stmt_ops);
+}
diff --git a/src/xt.c b/src/xt.c
index 9aff4143aa19..9680f8ec4b03 100644
--- a/src/xt.c
+++ b/src/xt.c
@@ -26,6 +26,78 @@ 
 #include <linux/netfilter_arp/arp_tables.h>
 #include <linux/netfilter_bridge/ebtables.h>
 
+void xt_stmt_xlate(const struct stmt *stmt)
+{
+	struct xt_xlate *xl = xt_xlate_alloc(10240);
+
+	switch (stmt->xt.type) {
+	case NFT_XT_MATCH:
+		if (stmt->xt.match == NULL && stmt->xt.opts) {
+			printf("%s", stmt->xt.opts);
+		} else if (stmt->xt.match->xlate) {
+			struct xt_xlate_mt_params params = {
+				.ip		= stmt->xt.entry,
+				.match		= stmt->xt.match->m,
+				.numeric        = 0,
+			};
+
+			stmt->xt.match->xlate(xl, &params);
+			printf("%s", xt_xlate_get(xl));
+		} else if (stmt->xt.match->print) {
+			printf("#");
+			stmt->xt.match->print(&stmt->xt.entry,
+					      stmt->xt.match->m, 0);
+		}
+		break;
+	case NFT_XT_WATCHER:
+	case NFT_XT_TARGET:
+		if (stmt->xt.target == NULL && stmt->xt.opts) {
+			printf("%s", stmt->xt.opts);
+		} else if (stmt->xt.target->xlate) {
+			struct xt_xlate_tg_params params = {
+				.ip		= stmt->xt.entry,
+				.target		= stmt->xt.target->t,
+				.numeric        = 0,
+			};
+
+			stmt->xt.target->xlate(xl, &params);
+			printf("%s", xt_xlate_get(xl));
+		} else if (stmt->xt.target->print) {
+			printf("#");
+			stmt->xt.target->print(NULL, stmt->xt.target->t, 0);
+		}
+		break;
+	default:
+		break;
+	}
+
+	xt_xlate_free(xl);
+}
+
+void xt_stmt_release(const struct stmt *stmt)
+{
+	switch (stmt->xt.type) {
+	case NFT_XT_MATCH:
+		if (!stmt->xt.match)
+			break;
+		if (stmt->xt.match->m)
+			xfree(stmt->xt.match->m);
+		xfree(stmt->xt.match);
+		break;
+	case NFT_XT_WATCHER:
+	case NFT_XT_TARGET:
+		if (!stmt->xt.target)
+			break;
+		if (stmt->xt.target->t)
+			xfree(stmt->xt.target->t);
+		xfree(stmt->xt.target);
+		break;
+	default:
+		break;
+	}
+	xfree(stmt->xt.entry);
+}
+
 static void *xt_entry_alloc(struct xt_stmt *xt, uint32_t af)
 {
 	union nft_entry {
@@ -143,7 +215,7 @@  void netlink_parse_match(struct netlink_parse_ctx *ctx,
 	m->u.match_size = mt_len + XT_ALIGN(sizeof(struct xt_entry_match));
 	m->u.user.revision = nftnl_expr_get_u32(nle, NFTNL_EXPR_MT_REV);
 
-	stmt = stmt_alloc(loc, NULL);
+	stmt = xt_stmt_alloc(loc);
 	stmt->xt.name = strdup(name);
 	stmt->xt.type = NFT_XT_MATCH;
 	stmt->xt.match = xt_match_clone(mt);
@@ -180,7 +252,7 @@  void netlink_parse_target(struct netlink_parse_ctx *ctx,
 	t->u.user.revision = nftnl_expr_get_u32(nle, NFTNL_EXPR_TG_REV);
 	strcpy(t->u.user.name, tg->name);
 
-	stmt = stmt_alloc(loc, NULL);
+	stmt = xt_stmt_alloc(loc);
 	stmt->xt.name = strdup(name);
 	stmt->xt.type = NFT_XT_TARGET;
 	stmt->xt.target = xt_target_clone(tg);