In some cases, xlate functions must print a different result if they are
invoked from nft and not from a xtables-translate command.
This commit adds a new boolean field to the xt_xlate struct. This
variable must be true when a xlate function is called from a nft
command. Additional code is required in nft in order to obtain this
behavior.
Signed-off-by: Pablo M. Bermudo Garay <pablombg@xxxxxxxxx>
---
include/xtables.h | 2 ++
libxtables/xtables.c | 12 ++++++++++++
2 files changed, 14 insertions(+)
diff --git a/include/xtables.h b/include/xtables.h
index 48be514..fd72623 100644
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -576,6 +576,8 @@ void xt_xlate_add(struct xt_xlate *xl, const char *fmt, ...);
void xt_xlate_add_comment(struct xt_xlate *xl, const char *comment);
const char *xt_xlate_get_comment(struct xt_xlate *xl);
const char *xt_xlate_get(struct xt_xlate *xl);
+void xt_xlate_set_nft_compat(struct xt_xlate *xl, bool nft_compat);
+bool xt_xlate_get_nft_compat(struct xt_xlate *xl);
#ifdef XTABLES_INTERNAL
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 921dfe9..1c3f63d 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -2011,6 +2011,7 @@ struct xt_xlate {
int off;
} buf;
char comment[NFT_USERDATA_MAXLEN];
+ bool nft_compat;
};
struct xt_xlate *xt_xlate_alloc(int size)
@@ -2029,6 +2030,7 @@ struct xt_xlate *xt_xlate_alloc(int size)
xl->buf.rem = size;
xl->buf.off = 0;
xl->comment[0] = '\0';
+ xl->nft_compat = false;
return xl;
}
@@ -2069,3 +2071,13 @@ const char *xt_xlate_get(struct xt_xlate *xl)
{
return xl->buf.data;
}
+
+void xt_xlate_set_nft_compat(struct xt_xlate *xl, bool nft_compat)
+{
+ xl->nft_compat = nft_compat;
+}
+
+bool xt_xlate_get_nft_compat(struct xt_xlate *xl)
+{
+ return xl->nft_compat;
+}
--
2.9.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
