From 4a4acdac14e0ec770589534aa4a5ea469a76e2a5 Mon Sep 17 00:00:00 2001

From: Florian Westphal <fw@strlen.de>

Date: Tue, 6 Nov 2018 16:06:27 +0100

Subject: [PATCH] xt: always build with a minimal support for xt match/target

 decode

When building without libxtables, nft would just silently omit any presence

of nft_compat in the output.

This adds ifdef-ry to at least print name of target/match involved when

libxtables isn't available for decoding.

Signed-off-by: Florian Westphal <fw@strlen.de>

(cherry picked from commit b3c8de9c5aecde38eec964f31120df82b9704c8c)

Signed-off-by: Phil Sutter <psutter@redhat.com>

---

 include/xt.h    | 13 +------------

 src/Makefile.am |  2 +-

 src/xt.c        | 22 ++++++++++++++++++++++

 3 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/include/xt.h b/include/xt.h

index 549eb9fe41531..ab59bb3d45a41 100644

--- a/include/xt.h

+++ b/include/xt.h

@@ -8,7 +8,6 @@ struct rule_pp_ctx;

 struct rule;

 struct output_ctx;

-#ifdef HAVE_LIBXTABLES

 void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx);

 void xt_stmt_release(const struct stmt *stmt);

@@ -18,20 +17,10 @@ void netlink_parse_target(struct netlink_parse_ctx *ctx,

 void netlink_parse_match(struct netlink_parse_ctx *ctx,

 			 const struct location *loc,

 			 const struct nftnl_expr *nle);

+#ifdef HAVE_LIBXTABLES

 void stmt_xt_postprocess(struct rule_pp_ctx *rctx, struct stmt *stmt,

 			 struct rule *rule);

 #else

-static inline void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx) {}

-static inline void xt_stmt_release(const struct stmt *stmt) {}

-

-#include <erec.h>

-

-static inline void netlink_parse_target(struct netlink_parse_ctx *ctx,

-					const struct location *loc,

-					const struct nftnl_expr *nle) {}

-static inline void netlink_parse_match(struct netlink_parse_ctx *ctx,

-				       const struct location *loc,

-				       const struct nftnl_expr *nle) {}

 static inline void stmt_xt_postprocess(struct rule_pp_ctx *rctx,

 				       struct stmt *stmt, struct rule *rule) {}

diff --git a/src/Makefile.am b/src/Makefile.am

index a4ad8cb31236b..495511803b686 100644

--- a/src/Makefile.am

+++ b/src/Makefile.am

@@ -78,8 +78,8 @@ libminigmp_la_CFLAGS = ${AM_CFLAGS} -Wno-sign-compare

 libnftables_la_LIBADD += libminigmp.la

 endif

-if BUILD_XTABLES

 libnftables_la_SOURCES += xt.c

+if BUILD_XTABLES

 libnftables_la_LIBADD += ${XTABLES_LIBS}

 endif

diff --git a/src/xt.c b/src/xt.c

index 9b7d4c29194aa..c35c84edca0e6 100644

--- a/src/xt.c

+++ b/src/xt.c

@@ -28,6 +28,7 @@

 void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx)

 {

+#ifdef HAVE_LIBXTABLES

 	struct xt_xlate *xl = xt_xlate_alloc(10240);

 	switch (stmt->xt.type) {

@@ -68,6 +69,9 @@ void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx)

 	}

 	xt_xlate_free(xl);

+#else

+	nft_print(octx, "# xt_%s", stmt->xt.name);

+#endif

 }

 void xt_stmt_release(const struct stmt *stmt)

@@ -95,6 +99,7 @@ void xt_stmt_release(const struct stmt *stmt)

 	xfree(stmt->xt.name);

 }

+#ifdef HAVE_LIBXTABLES

 static void *xt_entry_alloc(struct xt_stmt *xt, uint32_t af)

 {

 	union nft_entry {

@@ -180,6 +185,7 @@ static struct xtables_match *xt_match_clone(struct xtables_match *m)

 	memcpy(clone, m, sizeof(struct xtables_match));

 	return clone;

 }

+#endif

 /*

  * Delinearization

@@ -191,6 +197,7 @@ void netlink_parse_match(struct netlink_parse_ctx *ctx,

 {

 	struct stmt *stmt;

 	const char *name;

+#ifdef HAVE_LIBXTABLES

 	struct xtables_match *mt;

 	const char *mtinfo;

 	struct xt_entry_match *m;

@@ -218,7 +225,13 @@ void netlink_parse_match(struct netlink_parse_ctx *ctx,

 	stmt->xt.type = NFT_XT_MATCH;

 	stmt->xt.match = xt_match_clone(mt);

 	stmt->xt.match->m = m;

+#else

+	name = nftnl_expr_get_str(nle, NFTNL_EXPR_MT_NAME);

+	stmt = xt_stmt_alloc(loc);

+	stmt->xt.name = strdup(name);

+	stmt->xt.type = NFT_XT_MATCH;

+#endif

 	list_add_tail(&stmt->list, &ctx->rule->stmts);

 }

@@ -228,6 +241,7 @@ void netlink_parse_target(struct netlink_parse_ctx *ctx,

 {

 	struct stmt *stmt;

 	const char *name;

+#ifdef HAVE_LIBXTABLES

 	struct xtables_target *tg;

 	const void *tginfo;

 	struct xt_entry_target *t;

@@ -256,10 +270,17 @@ void netlink_parse_target(struct netlink_parse_ctx *ctx,

 	stmt->xt.type = NFT_XT_TARGET;

 	stmt->xt.target = xt_target_clone(tg);

 	stmt->xt.target->t = t;

+#else

+	name = nftnl_expr_get_str(nle, NFTNL_EXPR_TG_NAME);

+	stmt = xt_stmt_alloc(loc);

+	stmt->xt.name = strdup(name);

+	stmt->xt.type = NFT_XT_TARGET;

+#endif

 	list_add_tail(&stmt->list, &ctx->rule->stmts);

 }

+#ifdef HAVE_LIBXTABLES

 static bool is_watcher(uint32_t family, struct stmt *stmt)

 {

 	if (family != NFPROTO_BRIDGE ||

@@ -371,3 +392,4 @@ void xt_init(void)

 	/* Default to IPv4, but this changes in runtime */

 	xtables_init_all(&xt_nft_globals, NFPROTO_IPV4);

 }

+#endif

-- 

2.21.0