|
 |
8cce6c |
From 8e065f27f51cb46171b3ab1f9d0f4ad8bd8cdf86 Mon Sep 17 00:00:00 2001
|
|
|
8cce6c |
From: Florian Westphal <fw@strlen.de>
|
|
|
8cce6c |
Date: Sun, 18 Nov 2018 12:31:33 +0100
|
|
|
8cce6c |
Subject: [PATCH] arptables-nft: use generic expression parsing function
|
|
|
8cce6c |
|
|
|
8cce6c |
since commit d9c6a5d0977a6d8bbe772dbc31a2c4f58eec1708
|
|
|
8cce6c |
("xtables: merge {ip,arp}tables_command_state structs") arptables
|
|
|
8cce6c |
uses the shared representation.
|
|
|
8cce6c |
|
|
|
8cce6c |
With only minor changes (e.g., use generic counters in command_state),
|
|
|
8cce6c |
in print/save functions we can use the shared nftnl expression parser
|
|
|
8cce6c |
too.
|
|
|
8cce6c |
|
|
|
8cce6c |
arptables-legacy prints (-L) the jump target first, i.e.:
|
|
|
8cce6c |
-j MARK -d 0.0.0.0/8 --h-length 6 ...
|
|
|
8cce6c |
|
|
|
8cce6c |
... so keep that here too.
|
|
|
8cce6c |
|
|
|
8cce6c |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
8cce6c |
(cherry picked from commit aa5d3c5b16e94036ac0dc6d44194db7b009ced53)
|
|
|
8cce6c |
|
|
|
8cce6c |
Conflicts:
|
|
|
8cce6c |
- Drop changes to extensions/libarpt_standard.t since these test
|
|
|
8cce6c |
snippets are not included in tarball.
|
|
|
8cce6c |
|
|
|
8cce6c |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
8cce6c |
---
|
|
|
8cce6c |
iptables/nft-arp.c | 92 +++++-----------------------------------------
|
|
|
8cce6c |
1 file changed, 10 insertions(+), 82 deletions(-)
|
|
|
8cce6c |
|
|
|
8cce6c |
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
|
|
|
8cce6c |
index 1a98996f94bda..37850bd328b71 100644
|
|
|
8cce6c |
--- a/iptables/nft-arp.c
|
|
|
8cce6c |
+++ b/iptables/nft-arp.c
|
|
|
8cce6c |
@@ -412,56 +412,6 @@ static void nft_arp_parse_payload(struct nft_xt_ctx *ctx,
|
|
|
8cce6c |
}
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
-static void nft_arp_rule_to_cs(const struct nftnl_rule *r,
|
|
|
8cce6c |
- struct iptables_command_state *cs)
|
|
|
8cce6c |
-{
|
|
|
8cce6c |
- struct nftnl_expr_iter *iter;
|
|
|
8cce6c |
- struct nftnl_expr *expr;
|
|
|
8cce6c |
- int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
|
|
|
8cce6c |
- struct nft_xt_ctx ctx = {
|
|
|
8cce6c |
- .cs = cs,
|
|
|
8cce6c |
- .family = family,
|
|
|
8cce6c |
- };
|
|
|
8cce6c |
-
|
|
|
8cce6c |
- iter = nftnl_expr_iter_create(r);
|
|
|
8cce6c |
- if (iter == NULL)
|
|
|
8cce6c |
- return;
|
|
|
8cce6c |
-
|
|
|
8cce6c |
- ctx.iter = iter;
|
|
|
8cce6c |
- expr = nftnl_expr_iter_next(iter);
|
|
|
8cce6c |
- while (expr != NULL) {
|
|
|
8cce6c |
- const char *name =
|
|
|
8cce6c |
- nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
|
|
|
8cce6c |
-
|
|
|
8cce6c |
- if (strcmp(name, "counter") == 0)
|
|
|
8cce6c |
- nft_parse_counter(expr, &ctx.cs->arp.counters);
|
|
|
8cce6c |
- else if (strcmp(name, "payload") == 0)
|
|
|
8cce6c |
- nft_parse_payload(&ctx, expr);
|
|
|
8cce6c |
- else if (strcmp(name, "meta") == 0)
|
|
|
8cce6c |
- nft_parse_meta(&ctx, expr);
|
|
|
8cce6c |
- else if (strcmp(name, "bitwise") == 0)
|
|
|
8cce6c |
- nft_parse_bitwise(&ctx, expr);
|
|
|
8cce6c |
- else if (strcmp(name, "cmp") == 0)
|
|
|
8cce6c |
- nft_parse_cmp(&ctx, expr);
|
|
|
8cce6c |
- else if (strcmp(name, "immediate") == 0)
|
|
|
8cce6c |
- nft_parse_immediate(&ctx, expr);
|
|
|
8cce6c |
- else if (strcmp(name, "target") == 0)
|
|
|
8cce6c |
- nft_parse_target(&ctx, expr);
|
|
|
8cce6c |
-
|
|
|
8cce6c |
- expr = nftnl_expr_iter_next(iter);
|
|
|
8cce6c |
- }
|
|
|
8cce6c |
-
|
|
|
8cce6c |
- nftnl_expr_iter_destroy(iter);
|
|
|
8cce6c |
-
|
|
|
8cce6c |
- if (cs->jumpto != NULL)
|
|
|
8cce6c |
- return;
|
|
|
8cce6c |
-
|
|
|
8cce6c |
- if (cs->target != NULL && cs->target->name != NULL)
|
|
|
8cce6c |
- cs->target = xtables_find_target(cs->target->name, XTF_TRY_LOAD);
|
|
|
8cce6c |
- else
|
|
|
8cce6c |
- cs->jumpto = "";
|
|
|
8cce6c |
-}
|
|
|
8cce6c |
-
|
|
|
8cce6c |
static void nft_arp_print_header(unsigned int format, const char *chain,
|
|
|
8cce6c |
const char *pol,
|
|
|
8cce6c |
const struct xt_counters *counters,
|
|
|
8cce6c |
@@ -627,14 +577,6 @@ after_devdst:
|
|
|
8cce6c |
}
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
-static void nft_arp_save_counters(const void *data)
|
|
|
8cce6c |
-{
|
|
|
8cce6c |
- const struct iptables_command_state *cs = data;
|
|
|
8cce6c |
-
|
|
|
8cce6c |
- printf("[%llu:%llu] ", (unsigned long long)cs->arp.counters.pcnt,
|
|
|
8cce6c |
- (unsigned long long)cs->arp.counters.bcnt);
|
|
|
8cce6c |
-}
|
|
|
8cce6c |
-
|
|
|
8cce6c |
static void
|
|
|
8cce6c |
nft_arp_save_rule(const void *data, unsigned int format)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
@@ -643,17 +585,7 @@ nft_arp_save_rule(const void *data, unsigned int format)
|
|
|
8cce6c |
format |= FMT_NUMERIC;
|
|
|
8cce6c |
|
|
|
8cce6c |
nft_arp_print_rule_details(&cs->arp, format);
|
|
|
8cce6c |
-
|
|
|
8cce6c |
- if (cs->jumpto != NULL && strcmp(cs->jumpto, "") != 0) {
|
|
|
8cce6c |
- printf("-j %s", cs->jumpto);
|
|
|
8cce6c |
- } else if (cs->target) {
|
|
|
8cce6c |
- printf("-j %s", cs->target->name);
|
|
|
8cce6c |
- if (cs->target->save != NULL)
|
|
|
8cce6c |
- cs->target->save(&cs->arp, cs->target->t);
|
|
|
8cce6c |
- }
|
|
|
8cce6c |
-
|
|
|
8cce6c |
- if (!(format & FMT_NONEWLINE))
|
|
|
8cce6c |
- fputc('\n', stdout);
|
|
|
8cce6c |
+ save_matches_and_target(cs, false, &cs->arp, format);
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
static void
|
|
|
8cce6c |
@@ -664,22 +596,18 @@ nft_arp_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format)
|
|
|
8cce6c |
if (format & FMT_LINENUMBERS)
|
|
|
8cce6c |
printf("%u ", num);
|
|
|
8cce6c |
|
|
|
8cce6c |
- nft_arp_rule_to_cs(r, &cs);
|
|
|
8cce6c |
+ nft_rule_to_iptables_command_state(r, &cs);
|
|
|
8cce6c |
|
|
|
8cce6c |
+ if (cs.jumpto)
|
|
|
8cce6c |
+ printf("-j %s ", cs.jumpto);
|
|
|
8cce6c |
nft_arp_print_rule_details(&cs.arp, format);
|
|
|
8cce6c |
-
|
|
|
8cce6c |
- if (cs.jumpto != NULL && strcmp(cs.jumpto, "") != 0) {
|
|
|
8cce6c |
- printf("-j %s", cs.jumpto);
|
|
|
8cce6c |
- } else if (cs.target) {
|
|
|
8cce6c |
- printf("-j %s", cs.target->name);
|
|
|
8cce6c |
- cs.target->print(&cs.arp, cs.target->t, format & FMT_NUMERIC);
|
|
|
8cce6c |
- }
|
|
|
8cce6c |
+ print_matches_and_target(&cs, format);
|
|
|
8cce6c |
|
|
|
8cce6c |
if (!(format & FMT_NOCOUNTS)) {
|
|
|
8cce6c |
printf(", pcnt=");
|
|
|
8cce6c |
- xtables_print_num(cs.arp.counters.pcnt, format);
|
|
|
8cce6c |
+ xtables_print_num(cs.counters.pcnt, format);
|
|
|
8cce6c |
printf("-- bcnt=");
|
|
|
8cce6c |
- xtables_print_num(cs.arp.counters.bcnt, format);
|
|
|
8cce6c |
+ xtables_print_num(cs.counters.bcnt, format);
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
if (!(format & FMT_NONEWLINE))
|
|
|
8cce6c |
@@ -720,7 +648,7 @@ static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r,
|
|
|
8cce6c |
struct iptables_command_state this = {};
|
|
|
8cce6c |
|
|
|
8cce6c |
/* Delete by matching rule case */
|
|
|
8cce6c |
- nft_arp_rule_to_cs(r, &this;;
|
|
|
8cce6c |
+ nft_rule_to_iptables_command_state(r, &this;;
|
|
|
8cce6c |
|
|
|
8cce6c |
if (!nft_arp_is_same(&cs->arp, &this.arp))
|
|
|
8cce6c |
return false;
|
|
|
8cce6c |
@@ -751,10 +679,10 @@ struct nft_family_ops nft_family_ops_arp = {
|
|
|
8cce6c |
.print_header = nft_arp_print_header,
|
|
|
8cce6c |
.print_rule = nft_arp_print_rule,
|
|
|
8cce6c |
.save_rule = nft_arp_save_rule,
|
|
|
8cce6c |
- .save_counters = nft_arp_save_counters,
|
|
|
8cce6c |
+ .save_counters = save_counters,
|
|
|
8cce6c |
.save_chain = nft_arp_save_chain,
|
|
|
8cce6c |
.post_parse = NULL,
|
|
|
8cce6c |
- .rule_to_cs = nft_arp_rule_to_cs,
|
|
|
8cce6c |
+ .rule_to_cs = nft_rule_to_iptables_command_state,
|
|
|
8cce6c |
.clear_cs = nft_clear_iptables_command_state,
|
|
|
8cce6c |
.rule_find = nft_arp_rule_find,
|
|
|
8cce6c |
.parse_target = nft_ipv46_parse_target,
|
|
|
8cce6c |
--
|
|
|
8cce6c |
2.20.1
|
|
|
8cce6c |
|