[iptables,16/17] xtables: Introduce nft_init_eb()

Message ID	20180719163209.7987-17-phil@nwl.cc
State	Accepted
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Phil Sutter <phil@nwl.cc> To: Pablo Neira Ayuso <pablo@netfilter.org> Cc: Florian Westphal <fw@strlen.de>, netfilter-devel@vger.kernel.org Subject: [iptables PATCH 16/17] xtables: Introduce nft_init_eb() Date: Thu, 19 Jul 2018 18:32:08 +0200 Message-Id: <20180719163209.7987-17-phil@nwl.cc> In-Reply-To: <20180719163209.7987-1-phil@nwl.cc> References: <20180719163209.7987-1-phil@nwl.cc> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	xtables: Implement ebtables-{save,restore} \| expand [iptables,00/17] xtables: Implement ebtables-{save,restore} [iptables,01/17] xtables: Fix crash if nft_rule_list_get() fails [iptables,02/17] iptables: Replace memset by c99-style initializers [iptables,03/17] xtables: Merge {ip,arp}tables_command_state structs [iptables,04/17] xtables: Simplify struct nft_xt_ctx [iptables,05/17] xtables: Introduce rule_to_cs/clear_cs callbacks [iptables,06/17] xtables: Use new callbacks in nft_rule_print_save() [iptables,07/17] xtables: arp: Make rule_to_cs callback private [iptables,08/17] xtables: Get rid of nft_ipv{4,6}_print_header() [iptables,09/17] xtables: Merge nft_ipv{4,6}_parse_target() [iptables,10/17] xtables: Eliminate nft_ipv{4,6}_rule_find() [iptables,12/17] xtables: Rename {print,save}_rule functions [iptables,13/17] xtables: Introduce save_chain callback [iptables,14/17] xtables: Pass format to nft_rule_save() [iptables,15/17] xtables: Parameter to add_argv() may be const [iptables,16/17] xtables: Introduce nft_init_eb() [iptables,17/17] xtables: Implement ebtables-{save,restore}

Message ID

20180719163209.7987-17-phil@nwl.cc

State

Accepted

Delegated to:

Pablo Neira

Headers

From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Florian Westphal <fw@strlen.de>, netfilter-devel@vger.kernel.org
Subject: [iptables PATCH 16/17] xtables: Introduce nft_init_eb()
Date: Thu, 19 Jul 2018 18:32:08 +0200
Message-Id: <20180719163209.7987-17-phil@nwl.cc>
In-Reply-To: <20180719163209.7987-1-phil@nwl.cc>
References: <20180719163209.7987-1-phil@nwl.cc>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Series

xtables: Implement ebtables-{save,restore} | expand

Commit Message

Phil Sutter July 19, 2018, 4:32 p.m. UTC

This wraps nft_init(), adding required things needed for ebtables.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft.h                   |  1 +
 iptables/xtables-eb-standalone.c | 18 ++---------------
 iptables/xtables-eb.c            | 34 ++++++++++++++++++++++++++++++++
 3 files changed, 37 insertions(+), 16 deletions(-)

diff --git a/iptables/nft.h b/iptables/nft.h
index 17031871c8e3d..f73a61c521b12 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -145,6 +145,7 @@  int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, bool
 /* For xtables-arptables.c */
 int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table);
 /* For xtables-eb.c */
+int nft_init_eb(struct nft_handle *h);
 int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table);
 
 /*
diff --git a/iptables/xtables-eb-standalone.c b/iptables/xtables-eb-standalone.c
index 914d137b5d662..2248b08d60498 100644
--- a/iptables/xtables-eb-standalone.c
+++ b/iptables/xtables-eb-standalone.c
@@ -41,28 +41,14 @@ 
 
 #include "xtables-multi.h"
 
-extern struct xtables_globals ebtables_globals;
-
 int xtables_eb_main(int argc, char *argv[])
 {
 	int ret;
 	char *table = "filter";
-	struct nft_handle h = {
-		.family = NFPROTO_BRIDGE,
-	};
+	struct nft_handle h;
 
-	ebtables_globals.program_name = "ebtables";
-	ret = xtables_init_all(&ebtables_globals, NFPROTO_BRIDGE);
-	if (ret < 0) {
-		fprintf(stderr, "%s/%s Failed to initialize ebtables-compat\n",
-			ebtables_globals.program_name,
-			ebtables_globals.program_version);
-		exit(1);
-	}
+	nft_init_eb(&h);
 
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
-	init_extensionsb();
-#endif
 	ret = do_commandeb(&h, argc, argv, &table);
 	if (ret)
 		ret = nft_commit(&h);
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index f4b390957fa57..44235347f60fe 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -732,6 +732,40 @@  void ebt_add_watcher(struct xtables_target *watcher,
 		cs->match_list->next = newnode;
 }
 
+int nft_init_eb(struct nft_handle *h)
+{
+	ebtables_globals.program_name = "ebtables";
+	if (xtables_init_all(&ebtables_globals, NFPROTO_BRIDGE) < 0) {
+		fprintf(stderr, "%s/%s Failed to initialize ebtables-compat\n",
+			ebtables_globals.program_name,
+			ebtables_globals.program_version);
+		exit(1);
+	}
+
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+	init_extensionsb();
+#endif
+
+	memset(h, 0, sizeof(*h));
+
+	h->family = NFPROTO_BRIDGE;
+
+	if (nft_init(h, xtables_bridge) < 0)
+		xtables_error(OTHER_PROBLEM,
+			      "Could not initialize nftables layer.");
+	h->ops = nft_family_ops_lookup(h->family);
+	if (!h->ops)
+		xtables_error(PARAMETER_PROBLEM, "Unknown family");
+
+	/* manually registering ebt matches, given the original ebtables parser
+	 * don't use '-m matchname' and the match can't be loaded dynamically when
+	 * the user calls it.
+	 */
+	ebt_load_match_extensions();
+
+	return 0;
+}
+
 int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table)
 {
 	char *buffer;

[iptables,16/17] xtables: Introduce nft_init_eb()

Commit Message

Patch