36 	if (cs->fw.ip.iniface[0] != '\0') {  in nft_ipv4_add()
37 		op = nft_invflags2cmp(cs->fw.ip.invflags, IPT_INV_VIA_IN);  in nft_ipv4_add()
38 		add_iniface(r, cs->fw.ip.iniface, op);  in nft_ipv4_add()
41 	if (cs->fw.ip.outiface[0] != '\0') {  in nft_ipv4_add()
42 		op = nft_invflags2cmp(cs->fw.ip.invflags, IPT_INV_VIA_OUT);  in nft_ipv4_add()
43 		add_outiface(r, cs->fw.ip.outiface, op);  in nft_ipv4_add()
46 	if (cs->fw.ip.proto != 0) {  in nft_ipv4_add()
47 		op = nft_invflags2cmp(cs->fw.ip.invflags, XT_INV_PROTO);  in nft_ipv4_add()
49 			  cs->fw.ip.proto, op);  in nft_ipv4_add()
52 	if (cs->fw.ip.src.s_addr != 0) {  in nft_ipv4_add()
53 		op = nft_invflags2cmp(cs->fw.ip.invflags, IPT_INV_SRCIP);  in nft_ipv4_add()
55 			 &cs->fw.ip.src.s_addr, &cs->fw.ip.smsk.s_addr,  in nft_ipv4_add()
58 	if (cs->fw.ip.dst.s_addr != 0) {  in nft_ipv4_add()
59 		op = nft_invflags2cmp(cs->fw.ip.invflags, IPT_INV_DSTIP);  in nft_ipv4_add()
61 			 &cs->fw.ip.dst.s_addr, &cs->fw.ip.dmsk.s_addr,  in nft_ipv4_add()
64 	if (cs->fw.ip.flags & IPT_F_FRAG) {  in nft_ipv4_add()
71 		op = nft_invflags2cmp(cs->fw.ip.invflags, IPT_INV_FRAG);  in nft_ipv4_add()
75 	add_compat(r, cs->fw.ip.proto, cs->fw.ip.invflags);  in nft_ipv4_add()
96 	return add_action(r, cs, !!(cs->fw.ip.flags & IPT_F_GOTO));  in nft_ipv4_add()
105 	if (a->fw.ip.src.s_addr != b->fw.ip.src.s_addr  in nft_ipv4_is_same()
106 	    || a->fw.ip.dst.s_addr != b->fw.ip.dst.s_addr  in nft_ipv4_is_same()
107 	    || a->fw.ip.smsk.s_addr != b->fw.ip.smsk.s_addr  in nft_ipv4_is_same()
108 	    || a->fw.ip.dmsk.s_addr != b->fw.ip.dmsk.s_addr  in nft_ipv4_is_same()
109 	    || a->fw.ip.proto != b->fw.ip.proto  in nft_ipv4_is_same()
110 	    || a->fw.ip.flags != b->fw.ip.flags  in nft_ipv4_is_same()
111 	    || a->fw.ip.invflags != b->fw.ip.invflags) {  in nft_ipv4_is_same()
116 	return is_same_interfaces(a->fw.ip.iniface, a->fw.ip.outiface,  in nft_ipv4_is_same()
117 				  a->fw.ip.iniface_mask, a->fw.ip.outiface_mask,  in nft_ipv4_is_same()
118 				  b->fw.ip.iniface, b->fw.ip.outiface,  in nft_ipv4_is_same()
119 				  b->fw.ip.iniface_mask, b->fw.ip.outiface_mask);  in nft_ipv4_is_same()
171 	parse_meta(e, ctx->meta.key, cs->fw.ip.iniface, cs->fw.ip.iniface_mask,  in nft_ipv4_parse_meta()
172 		   cs->fw.ip.outiface, cs->fw.ip.outiface_mask,  in nft_ipv4_parse_meta()
173 		   &cs->fw.ip.invflags);  in nft_ipv4_parse_meta()
192 		cs->fw.ip.src.s_addr = addr.s_addr;  in nft_ipv4_parse_payload()
194 			parse_mask_ipv4(ctx, &cs->fw.ip.smsk);  in nft_ipv4_parse_payload()
197 			cs->fw.ip.smsk.s_addr = 0xffffffff;  in nft_ipv4_parse_payload()
201 			cs->fw.ip.invflags |= IPT_INV_SRCIP;  in nft_ipv4_parse_payload()
205 		cs->fw.ip.dst.s_addr = addr.s_addr;  in nft_ipv4_parse_payload()
207 			parse_mask_ipv4(ctx, &cs->fw.ip.dmsk);  in nft_ipv4_parse_payload()
210 			cs->fw.ip.dmsk.s_addr = 0xffffffff;  in nft_ipv4_parse_payload()
214 			cs->fw.ip.invflags |= IPT_INV_DSTIP;  in nft_ipv4_parse_payload()
218 		cs->fw.ip.proto = proto;  in nft_ipv4_parse_payload()
220 			cs->fw.ip.invflags |= IPT_INV_PROTO;  in nft_ipv4_parse_payload()
223 		cs->fw.ip.flags |= IPT_F_FRAG;  in nft_ipv4_parse_payload()
226 			cs->fw.ip.invflags |= IPT_INV_FRAG;  in nft_ipv4_parse_payload()
242 		cs->fw.ip.flags |= IPT_F_GOTO;  in nft_ipv4_parse_immediate()
258 	fputc(cs->fw.ip.invflags & IPT_INV_SRCIP ? '!' : ' ', stdout);  in print_ipv4_addr()
259 	if (cs->fw.ip.smsk.s_addr == 0L && !(format & FMT_NUMERIC))  in print_ipv4_addr()
263 			strcpy(buf, xtables_ipaddr_to_numeric(&cs->fw.ip.src));  in print_ipv4_addr()
265 			strcpy(buf, xtables_ipaddr_to_anyname(&cs->fw.ip.src));  in print_ipv4_addr()
266 		strcat(buf, xtables_ipmask_to_numeric(&cs->fw.ip.smsk));  in print_ipv4_addr()
270 	fputc(cs->fw.ip.invflags & IPT_INV_DSTIP ? '!' : ' ', stdout);  in print_ipv4_addr()
271 	if (cs->fw.ip.dmsk.s_addr == 0L && !(format & FMT_NUMERIC))  in print_ipv4_addr()
275 			strcpy(buf, xtables_ipaddr_to_numeric(&cs->fw.ip.dst));  in print_ipv4_addr()
277 			strcpy(buf, xtables_ipaddr_to_anyname(&cs->fw.ip.dst));  in print_ipv4_addr()
278 		strcat(buf, xtables_ipmask_to_numeric(&cs->fw.ip.dmsk));  in print_ipv4_addr()
303 	print_firewall_details(&cs, cs.jumpto, cs.fw.ip.flags,  in nft_ipv4_print_firewall()
304 			       cs.fw.ip.invflags, cs.fw.ip.proto,  in nft_ipv4_print_firewall()
306 	print_fragment(cs.fw.ip.flags, cs.fw.ip.invflags, format);  in nft_ipv4_print_firewall()
307 	print_ifaces(cs.fw.ip.iniface, cs.fw.ip.outiface, cs.fw.ip.invflags,  in nft_ipv4_print_firewall()
315 	if (cs.fw.ip.flags & IPT_F_GOTO)  in nft_ipv4_print_firewall()
339 	save_firewall_details(cs, cs->fw.ip.invflags, cs->fw.ip.proto,  in nft_ipv4_save_firewall()
340 			      cs->fw.ip.iniface, cs->fw.ip.iniface_mask,  in nft_ipv4_save_firewall()
341 			      cs->fw.ip.outiface, cs->fw.ip.outiface_mask);  in nft_ipv4_save_firewall()
343 	if (cs->fw.ip.flags & IPT_F_FRAG) {  in nft_ipv4_save_firewall()
344 		if (cs->fw.ip.invflags & IPT_INV_FRAG)  in nft_ipv4_save_firewall()
349 	save_ipv4_addr('s', &cs->fw.ip.src, cs->fw.ip.smsk.s_addr,  in nft_ipv4_save_firewall()
350 		       cs->fw.ip.invflags & IPT_INV_SRCIP);  in nft_ipv4_save_firewall()
351 	save_ipv4_addr('d', &cs->fw.ip.dst, cs->fw.ip.dmsk.s_addr,  in nft_ipv4_save_firewall()
352 		       cs->fw.ip.invflags & IPT_INV_DSTIP);  in nft_ipv4_save_firewall()
355 				cs->jumpto, cs->fw.ip.flags, &cs->fw);  in nft_ipv4_save_firewall()
358 		printf("-%c %s", cs->fw.ip.flags & IPT_F_GOTO ? 'g' : 'j',  in nft_ipv4_save_firewall()
367 	cs->fw.ip.proto = args->proto;  in nft_ipv4_proto_parse()
368 	cs->fw.ip.invflags = args->invflags;  in nft_ipv4_proto_parse()
375 	cs->fw.ip.flags = args->flags;  in nft_ipv4_post_parse()
379 	cs->fw.ip.invflags = args->invflags;  in nft_ipv4_post_parse()
381 	strncpy(cs->fw.ip.iniface, args->iniface, IFNAMSIZ);  in nft_ipv4_post_parse()
382 	memcpy(cs->fw.ip.iniface_mask,  in nft_ipv4_post_parse()
385 	strncpy(cs->fw.ip.outiface, args->outiface, IFNAMSIZ);  in nft_ipv4_post_parse()
386 	memcpy(cs->fw.ip.outiface_mask,  in nft_ipv4_post_parse()
390 		cs->fw.ip.flags |= IPT_F_GOTO;  in nft_ipv4_post_parse()
413 	    (cs->fw.ip.invflags & (IPT_INV_SRCIP | IPT_INV_DSTIP)))  in nft_ipv4_post_parse()
447 	xlate_ifname(xl, "iifname", cs->fw.ip.iniface,  in nft_ipv4_xlate()
448 		     cs->fw.ip.invflags & IPT_INV_VIA_IN);  in nft_ipv4_xlate()
449 	xlate_ifname(xl, "oifname", cs->fw.ip.outiface,  in nft_ipv4_xlate()
450 		     cs->fw.ip.invflags & IPT_INV_VIA_OUT);  in nft_ipv4_xlate()
452 	if (cs->fw.ip.flags & IPT_F_FRAG) {  in nft_ipv4_xlate()
454 			   cs->fw.ip.invflags & IPT_INV_FRAG? "" : "!= ", 0);  in nft_ipv4_xlate()
457 	if (cs->fw.ip.proto != 0) {  in nft_ipv4_xlate()
459 			getprotobynumber(cs->fw.ip.proto);  in nft_ipv4_xlate()
464 				 cs->fw.ip.proto);  in nft_ipv4_xlate()
467 				   cs->fw.ip.invflags & IPT_INV_PROTO ?  in nft_ipv4_xlate()
473 	if (cs->fw.ip.src.s_addr != 0) {  in nft_ipv4_xlate()
475 			   cs->fw.ip.invflags & IPT_INV_SRCIP ? "!= " : "",  in nft_ipv4_xlate()
476 			   inet_ntoa(cs->fw.ip.src),  in nft_ipv4_xlate()
477 			   xtables_ipmask_to_numeric(&cs->fw.ip.smsk));  in nft_ipv4_xlate()
479 	if (cs->fw.ip.dst.s_addr != 0) {  in nft_ipv4_xlate()
481 			   cs->fw.ip.invflags & IPT_INV_DSTIP ? "!= " : "",  in nft_ipv4_xlate()
482 			   inet_ntoa(cs->fw.ip.dst),  in nft_ipv4_xlate()
483 			   xtables_ipmask_to_numeric(&cs->fw.ip.dmsk));  in nft_ipv4_xlate()
492 	ret = xlate_action(cs, !!(cs->fw.ip.flags & IPT_F_GOTO), xl);  in nft_ipv4_xlate()