debian/patches/0004-sync-iptables-header.patch

   1 Description: Sync header from iptables
   2  The current versions in several suites have the same content:
   3   - 1.6.0+snapshot20161117-6 (stretch)
   4   - 1.6.1-2 (unstable)
   5 Bug: https://bugs.debian.og/868059
   6 Forwarded: not-needed
   7 Author: Cyril Brulebois <cyril@debamax.com>
   8 Last-Update: 2017-11-22
   9 --- a/include/xtables.h
  10 +++ b/include/xtables.h
  11 @@ -205,9 +205,24 @@ enum xtables_ext_flags {
  12         XTABLES_EXT_ALIAS = 1 << 0,
  13  };
  14
  15 +struct xt_xlate;
  16 +
  17 +struct xt_xlate_mt_params {
  18 +       const void                      *ip;
  19 +       const struct xt_entry_match     *match;
  20 +       int                             numeric;
  21 +       bool                            escape_quotes;
  22 +};
  23 +
  24 +struct xt_xlate_tg_params {
  25 +       const void                      *ip;
  26 +       const struct xt_entry_target    *target;
  27 +       int                             numeric;
  28 +       bool                            escape_quotes;
  29 +};
  30 +
  31  /* Include file for additions: new matches and targets. */
  32 -struct xtables_match
  33 -{
  34 +struct xtables_match {
  35         /*
  36          * ABI/API version this module requires. Must be first member,
  37          * as the rest of this struct may be subject to ABI changes.
  38 @@ -269,6 +284,10 @@ struct xtables_match
  39         void (*x6_fcheck)(struct xt_fcheck_call *);
  40         const struct xt_option_entry *x6_options;
  41
  42 +       /* Translate iptables to nft */
  43 +       int (*xlate)(struct xt_xlate *xl,
  44 +                    const struct xt_xlate_mt_params *params);
  45 +
  46         /* Size of per-extension instance extra "global" scratch space */
  47         size_t udata_size;
  48
  49 @@ -280,8 +299,7 @@ struct xtables_match
  50         unsigned int loaded; /* simulate loading so options are merged properly */
  51  };
  52
  53 -struct xtables_target
  54 -{
  55 +struct xtables_target {
  56         /*
  57          * ABI/API version this module requires. Must be first member,
  58          * as the rest of this struct may be subject to ABI changes.
  59 @@ -346,6 +364,10 @@ struct xtables_target
  60         void (*x6_fcheck)(struct xt_fcheck_call *);
  61         const struct xt_option_entry *x6_options;
  62
  63 +       /* Translate iptables to nft */
  64 +       int (*xlate)(struct xt_xlate *xl,
  65 +                    const struct xt_xlate_tg_params *params);
  66 +
  67         size_t udata_size;
  68
  69         /* Ignore these men behind the curtain: */
  70 @@ -406,6 +428,17 @@ struct xtables_globals
  71
  72  #define XT_GETOPT_TABLEEND {.name = NULL, .has_arg = false}
  73
  74 +/*
  75 + * enum op-
  76 + *
  77 + * For writing clean nftables translations code
  78 + */
  79 +enum xt_op {
  80 +       XT_OP_EQ,
  81 +       XT_OP_NEQ,
  82 +       XT_OP_MAX,
  83 +};
  84 +
  85  #ifdef __cplusplus
  86  extern "C" {
  87  #endif
  88 @@ -548,6 +581,14 @@ extern void xtables_lmap_free(struct xta
  89  extern int xtables_lmap_name2id(const struct xtables_lmap *, const char *);
  90  extern const char *xtables_lmap_id2name(const struct xtables_lmap *, int);
  91
  92 +/* xlate infrastructure */
  93 +struct xt_xlate *xt_xlate_alloc(int size);
  94 +void xt_xlate_free(struct xt_xlate *xl);
  95 +void xt_xlate_add(struct xt_xlate *xl, const char *fmt, ...);
  96 +void xt_xlate_add_comment(struct xt_xlate *xl, const char *comment);
  97 +const char *xt_xlate_get_comment(struct xt_xlate *xl);
  98 +const char *xt_xlate_get(struct xt_xlate *xl);
  99 +
 100  #ifdef XTABLES_INTERNAL
 101
 102  /* Shipped modules rely on this... */