Re: [nft PATCH 3/4] src: add xt compat support

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Thu, 9 Apr 2015 14:58:59 +0200



On Wed, Apr 08, 2015 at 07:48:29PM +0200, Arturo Borrero Gonzalez wrote:
> From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> 
> At compilation time, you have to pass this option.
> 
>   # ./configure --with-xtables
> 
> And libxtables needs to be installed in your system.
> 
> This patch allows you to use xt extensions from nft, eg.
> 
>   # nft add rule filter output \
> 	tcp flags syn xt target TCPMSS [ --clamp-mss-to-pmtu ]
> 
> This provides access to all existing xt modules from nft. Users can
> meanwhile use xt extension until we can provide native expressions.
> 
> You can build this optionally, if disabled it displays an error:
> 
>   # nft add rule filter output tcp flags syn xt target TCPMSS [ --clamp-mss-to-pmtu ]
>   <cmdline>:1:38-77: Error: this build does not support xtables
>   add rule filter output tcp flags syn xt target TCPMSS [ --clamp-mss-to-pmtu ]
>                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> so you know your build doesn't support this.
> 
> Limitations:
> 
> * Beware of clashes with keywords, eg. state, from bison parser.
> * Better xt parsing errors for unknown options.
> 
> This is joint work with Arturo Borrero Gonzalez.

$ make
make  all-recursive
make[1]: se ingresa al directorio
`/home/pablo/devel/scm/git-netfilter/nftables'
Making all in src
make[2]: se ingresa al directorio
`/home/pablo/devel/scm/git-netfilter/nftables/src'
make  all-am
make[3]: se ingresa al directorio
`/home/pablo/devel/scm/git-netfilter/nftables/src'
  CC     rule.o
In file included from ../include/statement.h:6:0,
                 from rule.c:19:
../include/xt.h: In function ‘stmt_evaluate_xt’:
../include/xt.h:60:2: warning: implicit declaration of function
‘stmt_error’ [-Wimplicit-function-declaration]
../include/xt.h: At top level:
../include/xt.h:100:34: error: field ‘entry’ has incomplete type
make[3]: *** [rule.o] Error 1
make[3]: se sale del directorio
`/home/pablo/devel/scm/git-netfilter/nftables/src'
make[2]: *** [all] Error 2
make[2]: se sale del directorio
`/home/pablo/devel/scm/git-netfilter/nftables/src'
make[1]: *** [all-recursive] Error 1
make[1]: se sale del directorio
`/home/pablo/devel/scm/git-netfilter/nftables'
make: *** [all] Error 2

This doesn't compile without libxtables support.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html