This wraps nft_init(), adding required things needed for ebtables.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft.h | 1 +
iptables/xtables-eb-standalone.c | 18 ++---------------
iptables/xtables-eb.c | 34 ++++++++++++++++++++++++++++++++
3 files changed, 37 insertions(+), 16 deletions(-)
diff --git a/iptables/nft.h b/iptables/nft.h
index 17031871c8e3d..f73a61c521b12 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -145,6 +145,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, bool
/* For xtables-arptables.c */
int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table);
/* For xtables-eb.c */
+int nft_init_eb(struct nft_handle *h);
int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table);
/*
diff --git a/iptables/xtables-eb-standalone.c b/iptables/xtables-eb-standalone.c
index 914d137b5d662..2248b08d60498 100644
--- a/iptables/xtables-eb-standalone.c
+++ b/iptables/xtables-eb-standalone.c
@@ -41,28 +41,14 @@
#include "xtables-multi.h"
-extern struct xtables_globals ebtables_globals;
-
int xtables_eb_main(int argc, char *argv[])
{
int ret;
char *table = "filter";
- struct nft_handle h = {
- .family = NFPROTO_BRIDGE,
- };
+ struct nft_handle h;
- ebtables_globals.program_name = "ebtables";
- ret = xtables_init_all(&ebtables_globals, NFPROTO_BRIDGE);
- if (ret < 0) {
- fprintf(stderr, "%s/%s Failed to initialize ebtables-compat\n",
- ebtables_globals.program_name,
- ebtables_globals.program_version);
- exit(1);
- }
+ nft_init_eb(&h);
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
- init_extensionsb();
-#endif
ret = do_commandeb(&h, argc, argv, &table);
if (ret)
ret = nft_commit(&h);
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index f4b390957fa57..44235347f60fe 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -732,6 +732,40 @@ void ebt_add_watcher(struct xtables_target *watcher,
cs->match_list->next = newnode;
}
+int nft_init_eb(struct nft_handle *h)
+{
+ ebtables_globals.program_name = "ebtables";
+ if (xtables_init_all(&ebtables_globals, NFPROTO_BRIDGE) < 0) {
+ fprintf(stderr, "%s/%s Failed to initialize ebtables-compat\n",
+ ebtables_globals.program_name,
+ ebtables_globals.program_version);
+ exit(1);
+ }
+
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+ init_extensionsb();
+#endif
+
+ memset(h, 0, sizeof(*h));
+
+ h->family = NFPROTO_BRIDGE;
+
+ if (nft_init(h, xtables_bridge) < 0)
+ xtables_error(OTHER_PROBLEM,
+ "Could not initialize nftables layer.");
+ h->ops = nft_family_ops_lookup(h->family);
+ if (!h->ops)
+ xtables_error(PARAMETER_PROBLEM, "Unknown family");
+
+ /* manually registering ebt matches, given the original ebtables parser
+ * don't use '-m matchname' and the match can't be loaded dynamically when
+ * the user calls it.
+ */
+ ebt_load_match_extensions();
+
+ return 0;
+}
+
int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table)
{
char *buffer;
--
2.18.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
