ebtables-nft: introduce '-m <match_ext>' option

Message ID	20200619142912.19390-2-crosser@average.org
State	Not Applicable
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Eugene Crosser <crosser@average.org> To: netfilter-devel@vger.kernel.org Cc: Eugene Crosser <evgenii.cherkashin@cloud.ionos.com>, Eugene Crosser <crosser@average.org> Subject: [PATCH] ebtables-nft: introduce '-m <match_ext>' option Date: Fri, 19 Jun 2020 16:29:12 +0200 Message-Id: <20200619142912.19390-2-crosser@average.org> In-Reply-To: <20200619142912.19390-1-crosser@average.org> References: <20200619142912.19390-1-crosser@average.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	ebtables-nft: introduce '-m <match_ext>' option \| expand ebtables-nft: introduce '-m <match_ext>' option

Message ID

20200619142912.19390-2-crosser@average.org

State

Not Applicable

Delegated to:

Pablo Neira

Headers

From: Eugene Crosser <crosser@average.org>
To: netfilter-devel@vger.kernel.org
Cc: Eugene Crosser <evgenii.cherkashin@cloud.ionos.com>,
        Eugene Crosser <crosser@average.org>
Subject: [PATCH] ebtables-nft: introduce '-m <match_ext>' option
Date: Fri, 19 Jun 2020 16:29:12 +0200
Message-Id: <20200619142912.19390-2-crosser@average.org>
In-Reply-To: <20200619142912.19390-1-crosser@average.org>
References: <20200619142912.19390-1-crosser@average.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Series

ebtables-nft: introduce '-m <match_ext>' option | expand

Commit Message

Eugene Crosser June 19, 2020, 2:29 p.m. UTC

From: Eugene Crosser <evgenii.cherkashin@cloud.ionos.com>

`iptables` command has an option '-m' to dynamically load match
extentions (shared objects in the <lib-path>/xtables directory).
`ebtables` command has no such option, making it impossible to add new
extentions without recompiling the program.

This patch adds functionality of dynamic loading of match extentions,
bringing `ebtables` command on par with `iptables` command. (Note that
dynamic loading of _target_ extentions works in `ebtables` the same way
as in `iptables` out of the box.)

Signed-off-by: Eugene Crosser <crosser@average.org>
---
 iptables/ebtables-nft.8 | 6 +++---
 iptables/xtables-eb.c   | 5 ++++-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/iptables/ebtables-nft.8 b/iptables/ebtables-nft.8
index 1fa5ad93..181f742d 100644
--- a/iptables/ebtables-nft.8
+++ b/iptables/ebtables-nft.8
@@ -504,9 +504,9 @@  If used with the
 .IR pcnt ", resp. " bcnt " will match."
 
 .SS MATCH EXTENSIONS
-Ebtables extensions are dynamically loaded into the userspace tool,
-there is therefore no need to explicitly load them with a
--m option like is done in iptables.
+Standard ebtables extensions are dynamically loaded into the userspace tool,
+while custom extentions need to explicitly loaded with a
+-m option like it is done in iptables.
 These extensions deal with functionality supported by kernel modules supplemental to
 the core ebtables code.
 .SS 802_3
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 6641a21a..d4bf336e 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -800,7 +800,7 @@  int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
 
 	/* Getopt saves the day */
 	while ((c = getopt_long(argc, argv,
-	   "-A:D:C:I:N:E:X::L::Z::F::P:Vhi:o:j:c:p:s:d:t:M:", opts, NULL)) != -1) {
+	   "-A:D:C:I:N:E:X::L::Z::F::P:Vhi:o:j:c:p:s:d:t:M:m:", opts, NULL)) != -1) {
 		cs.c = c;
 		cs.invert = ebt_invert;
 		switch (c) {
@@ -1100,6 +1100,9 @@  print_zero:
 				xtables_error(PARAMETER_PROBLEM,
 					      "Sorry, protocols have values above or equal to 0x0600");
 			break;
+		case 'm':
+			ebt_load_match(optarg);
+			break;
 		case 4  : /* Lc */
 			ebt_check_option2(&flags, LIST_C);
 			if (command != 'L')

ebtables-nft: introduce '-m <match_ext>' option

Commit Message

Patch