1 /* Code to take an arptables-style command line and do it. */
2
3 /*
4 * arptables:
5 * Author: Bart De Schuymer <[email protected]>, but
6 * almost all code is from the iptables userspace program, which has main
7 * authors: [email protected] and [email protected]
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 /*
25 Currently, only support for specifying hardware addresses for Ethernet
26 is available.
27 This tool is not luser-proof: you can specify an Ethernet source address
28 and set hardware length to something different than 6, f.e.
29 */
30 #include "config.h"
31 #include <getopt.h>
32 #include <string.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <xtables.h>
36
37 #include "xshared.h"
38
39 #include "nft.h"
40
41 static struct option original_opts[] = {
42 { "append", 1, 0, 'A' },
43 { "delete", 1, 0, 'D' },
44 { "check", 1, 0, 'C'},
45 { "insert", 1, 0, 'I' },
46 { "replace", 1, 0, 'R' },
47 { "list", 2, 0, 'L' },
48 { "list-rules", 2, 0, 'S'},
49 { "flush", 2, 0, 'F' },
50 { "zero", 2, 0, 'Z' },
51 { "new-chain", 1, 0, 'N' },
52 { "delete-chain", 2, 0, 'X' },
53 { "rename-chain", 1, 0, 'E' },
54 { "policy", 1, 0, 'P' },
55 { "source-ip", 1, 0, 's' },
56 { "destination-ip", 1, 0, 'd' },
57 { "src-ip", 1, 0, 's' },
58 { "dst-ip", 1, 0, 'd' },
59 { "source-mac", 1, 0, 2},
60 { "destination-mac", 1, 0, 3},
61 { "src-mac", 1, 0, 2},
62 { "dst-mac", 1, 0, 3},
63 { "h-length", 1, 0, 'l' },
64 { "p-length", 1, 0, 8 },
65 { "opcode", 1, 0, 4 },
66 { "h-type", 1, 0, 5 },
67 { "proto-type", 1, 0, 6 },
68 { "in-interface", 1, 0, 'i' },
69 { "jump", 1, 0, 'j' },
70 { "table", 1, 0, 't' },
71 { "match", 1, 0, 'm' },
72 { "numeric", 0, 0, 'n' },
73 { "out-interface", 1, 0, 'o' },
74 { "verbose", 0, 0, 'v' },
75 { "exact", 0, 0, 'x' },
76 { "version", 0, 0, 'V' },
77 { "help", 2, 0, 'h' },
78 { "line-numbers", 0, 0, '0' },
79 { "modprobe", 1, 0, 'M' },
80 { "set-counters", 1, 0, 'c' },
81 { 0 }
82 };
83
84 #define opts xt_params->opts
85
86 struct xtables_globals arptables_globals = {
87 .option_offset = 0,
88 .program_version = PACKAGE_VERSION " (nf_tables)",
89 .orig_opts = original_opts,
90 .compat_rev = nft_compatible_revision,
91 };
92
nft_init_arp(struct nft_handle * h,const char * pname)93 int nft_init_arp(struct nft_handle *h, const char *pname)
94 {
95 arptables_globals.program_name = pname;
96 if (xtables_init_all(&arptables_globals, NFPROTO_ARP) < 0) {
97 fprintf(stderr, "%s/%s Failed to initialize arptables-compat\n",
98 arptables_globals.program_name,
99 arptables_globals.program_version);
100 exit(1);
101 }
102 init_extensions();
103 init_extensionsa();
104
105 if (nft_init(h, NFPROTO_ARP) < 0)
106 xtables_error(OTHER_PROBLEM,
107 "Could not initialize nftables layer.");
108
109 return 0;
110 }
111