NFPROTO_ARP = 3 in kernel space. We need the same value here in userspace in order to correctly communicate with the kernel. The failure solved by this patch made that {XML|JSON}-parsed tables of ARP family unable to be directly injected into kernel. To prevent future errors, this patch changes raw and AF_* values by the mathing NFPROTO_* couterpart as seen in linux/netfilter.h in both functions: * nft_family2str() * nft_str2family() Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx> --- v2: rework+fix using the array-matching approach suggested by Pablo. v3: constify both the pointer and the data, suggested by Jan. Keep setting errno to EAFNOSUPPORT in nft_str2family(). src/utils.c | 43 ++++++++++++++++++++----------------------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/src/utils.c b/src/utils.c index d70fbf1..9013b68 100644 --- a/src/utils.c +++ b/src/utils.c @@ -20,36 +20,33 @@ #include <linux/netfilter.h> #include <linux/netfilter/nf_tables.h> +static const char *const nft_family_str[NFPROTO_NUMPROTO] = { + [NFPROTO_INET] = "inet", + [NFPROTO_IPV4] = "ip", + [NFPROTO_ARP] = "arp", + [NFPROTO_BRIDGE] = "bridge", + [NFPROTO_IPV6] = "ip6", +}; + const char *nft_family2str(uint32_t family) { - switch (family) { - case AF_INET: - return "ip"; - case AF_INET6: - return "ip6"; - case 1: - return "inet"; - case AF_BRIDGE: - return "bridge"; - case 3: /* NFPROTO_ARP */ - return "arp"; - default: + if (nft_family_str[family] == NULL) return "unknown"; - } + + return nft_family_str[family]; } int nft_str2family(const char *family) { - if (strcmp(family, "ip") == 0) - return AF_INET; - else if (strcmp(family, "ip6") == 0) - return AF_INET6; - else if (strcmp(family, "inet") == 0) - return 1; - else if (strcmp(family, "bridge") == 0) - return AF_BRIDGE; - else if (strcmp(family, "arp") == 0) - return 0; + int i; + + for (i = 0; i < NFPROTO_NUMPROTO; i++) { + if (nft_family_str[i] == NULL) + continue; + + if (strcmp(nft_family_str[i], family) == 0) + return i; + } errno = EAFNOSUPPORT; return -1; -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html