File: 0004-sync-iptables-header.patch

package info (click to toggle)
iproute2 4.9.0-1+deb9u1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 4,848 kB
  • sloc: ansic: 69,819; sh: 2,168; cpp: 633; makefile: 629; yacc: 390; lex: 145; perl: 101
file content (102 lines) | stat: -rw-r--r-- 2,855 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
Description: Sync header from iptables
 The current versions in several suites have the same content:
  - 1.6.0+snapshot20161117-6 (stretch)
  - 1.6.1-2 (unstable)
Bug: https://bugs.debian.og/868059
Forwarded: not-needed
Author: Cyril Brulebois <cyril@debamax.com>
Last-Update: 2017-11-22
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -205,9 +205,24 @@ enum xtables_ext_flags {
 	XTABLES_EXT_ALIAS = 1 << 0,
 };
 
+struct xt_xlate;
+
+struct xt_xlate_mt_params {
+	const void			*ip;
+	const struct xt_entry_match	*match;
+	int				numeric;
+	bool				escape_quotes;
+};
+
+struct xt_xlate_tg_params {
+	const void			*ip;
+	const struct xt_entry_target	*target;
+	int				numeric;
+	bool				escape_quotes;
+};
+
 /* Include file for additions: new matches and targets. */
-struct xtables_match
-{
+struct xtables_match {
 	/*
 	 * ABI/API version this module requires. Must be first member,
 	 * as the rest of this struct may be subject to ABI changes.
@@ -269,6 +284,10 @@ struct xtables_match
 	void (*x6_fcheck)(struct xt_fcheck_call *);
 	const struct xt_option_entry *x6_options;
 
+	/* Translate iptables to nft */
+	int (*xlate)(struct xt_xlate *xl,
+		     const struct xt_xlate_mt_params *params);
+
 	/* Size of per-extension instance extra "global" scratch space */
 	size_t udata_size;
 
@@ -280,8 +299,7 @@ struct xtables_match
 	unsigned int loaded; /* simulate loading so options are merged properly */
 };
 
-struct xtables_target
-{
+struct xtables_target {
 	/*
 	 * ABI/API version this module requires. Must be first member,
 	 * as the rest of this struct may be subject to ABI changes.
@@ -346,6 +364,10 @@ struct xtables_target
 	void (*x6_fcheck)(struct xt_fcheck_call *);
 	const struct xt_option_entry *x6_options;
 
+	/* Translate iptables to nft */
+	int (*xlate)(struct xt_xlate *xl,
+		     const struct xt_xlate_tg_params *params);
+
 	size_t udata_size;
 
 	/* Ignore these men behind the curtain: */
@@ -406,6 +428,17 @@ struct xtables_globals
 
 #define XT_GETOPT_TABLEEND {.name = NULL, .has_arg = false}
 
+/*
+ * enum op-
+ *
+ * For writing clean nftables translations code
+ */
+enum xt_op {
+	XT_OP_EQ,
+	XT_OP_NEQ,
+	XT_OP_MAX,
+};
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -548,6 +581,14 @@ extern void xtables_lmap_free(struct xta
 extern int xtables_lmap_name2id(const struct xtables_lmap *, const char *);
 extern const char *xtables_lmap_id2name(const struct xtables_lmap *, int);
 
+/* xlate infrastructure */
+struct xt_xlate *xt_xlate_alloc(int size);
+void xt_xlate_free(struct xt_xlate *xl);
+void xt_xlate_add(struct xt_xlate *xl, const char *fmt, ...);
+void xt_xlate_add_comment(struct xt_xlate *xl, const char *comment);
+const char *xt_xlate_get_comment(struct xt_xlate *xl);
+const char *xt_xlate_get(struct xt_xlate *xl);
+
 #ifdef XTABLES_INTERNAL
 
 /* Shipped modules rely on this... */