Giuseppe Longo schreef op 5/02/2014 19:17:
Hi,
this patchset implements ebtables for the nftables compatibility layer.
I would explain some points:
- I didn't figure out how to replace some parts of codes, for istance:
from xtables-eb.c, line 928:
t = (struct ebt_u_target *)new_entry->t;
if ((t->parse(c - t->option_offset, argv, argc, new_entry, &t->flags, &t->t))) {
if (ebt_errormsg[0] != '\0')
return -1;
goto check_extension;
}
/* Is it a match_option? */
for (m = ebt_matches; m; m = m->next)
if (m->parse(c - m->option_offset, argv, argc, new_entry, &m->flags, &m->m))
break;
if (m != NULL) {
if (ebt_errormsg[0] != '\0')
return -1;
if (m->used == 0) {
ebt_add_match(new_entry, m);
m->used = 1;
}
goto check_extension;
}
Looking at extensions, I noticed that any xtables_match/xtables_target have parse functions. Maybe I'm wrong.
The parse functions of the targets/matches/watchers will return 0 if the
command-line argument isn't one of their options. If the parse function
returns a non-zero value, the command line option belongs to that
target/match/watcher. So, unless you don't want support for
target/watcher/match command-line arguments, you will need that code.
Even the code from line 992 is not very clear, about final checks. I don't know if I can remove this part of code.
The code you commented out checks for loops in the call chain and runs
the final_check functions of the target/matches/watchers. As an example,
the ebt_ip module's final_check function makes sure the Ethernet
protocol is specified to be IPv4.
I see you comment out more stuff below that. All I can tell you is that
it sure is required for correct behavior in the oldschool ebtables
program. Please take the time to figure this out (read the code
comments, step through the code with a debugger) because I doubt this
will be a smooth and stable integration process otherwise.
cheers,
Bart
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
