Reduces repetition, follow patch adds back suppression of
src/dst mac when it was not given.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
iptables/nft-bridge.c | 77 ++++++++++++++++-----------------------------------
1 file changed, 24 insertions(+), 53 deletions(-)
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index fcc516464643..86601774498f 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -357,15 +357,10 @@ static void nft_rule_to_ebtables_command_state(struct nftnl_rule *r,
nft_rule_to_iptables_command_state(r, cs);
}
-static void print_iface(const char *iface)
+static void print_iface(const char *option, const char *name, bool invert)
{
- char *c;
-
- if ((c = strchr(iface, IF_WILDCARD)))
- *c = '+';
- printf("%s ", iface);
- if (c)
- *c = IF_WILDCARD;
+ if (*name)
+ printf("%s%s %s ", invert ? "! " : "", option, name);
}
static void nft_bridge_print_table_header(const char *tablename)
@@ -406,11 +401,23 @@ static void print_matches_and_watchers(const struct iptables_command_state *cs,
}
}
+static void print_mac(char option, const unsigned char *mac,
+ const unsigned char *mask,
+ bool invert)
+{
+ printf("-%c ", option);
+ if (invert)
+ printf("! ");
+ ebt_print_mac_and_mask(mac, mask);
+ printf(" ");
+}
+
+
+
static void nft_bridge_print_firewall(struct nftnl_rule *r, unsigned int num,
unsigned int format)
{
struct iptables_command_state cs = {};
- char *addr;
nft_rule_to_ebtables_command_state(r, &cs);
@@ -436,51 +443,15 @@ static void nft_bridge_print_firewall(struct nftnl_rule *r, unsigned int num,
}
}
- addr = ether_ntoa((struct ether_addr *) cs.eb.sourcemac);
- if (strcmp(addr, "0:0:0:0:0:0") != 0) {
- printf("-s ");
- if (cs.eb.invflags & EBT_ISOURCE)
- printf("! ");
- ebt_print_mac_and_mask(cs.eb.sourcemac, cs.eb.sourcemsk);
- printf(" ");
- }
+ print_mac('s', cs.eb.sourcemac, cs.eb.sourcemsk,
+ cs.eb.invflags & EBT_ISOURCE);
+ print_mac('d', cs.eb.destmac, cs.eb.destmsk,
+ cs.eb.invflags & EBT_IDEST);
- addr = ether_ntoa((struct ether_addr *) cs.eb.destmac);
- if (strcmp(addr, "0:0:0:0:0:0") != 0) {
- printf("-d ");
- if (cs.eb.invflags & EBT_IDEST)
- printf("! ");
- ebt_print_mac_and_mask(cs.eb.destmac, cs.eb.destmsk);
- printf(" ");
- }
-
- if (cs.eb.in[0] != '\0') {
- printf("-i ");
- if (cs.eb.invflags & EBT_IIN)
- printf("! ");
- print_iface(cs.eb.in);
- }
-
- if (cs.eb.logical_in[0] != '\0') {
- printf("--logical-in ");
- if (cs.eb.invflags & EBT_ILOGICALIN)
- printf("! ");
- print_iface(cs.eb.logical_in);
- }
-
- if (cs.eb.logical_out[0] != '\0') {
- printf("--logical-out ");
- if (cs.eb.invflags & EBT_ILOGICALOUT)
- printf("! ");
- print_iface(cs.eb.logical_out);
- }
-
- if (cs.eb.out[0] != '\0') {
- printf("-o ");
- if (cs.eb.invflags & EBT_IOUT)
- printf("! ");
- print_iface(cs.eb.out);
- }
+ print_iface("-i", cs.eb.in, cs.eb.invflags & EBT_IIN);
+ print_iface("--logical-in", cs.eb.logical_in, cs.eb.invflags & EBT_ILOGICALIN);
+ print_iface("-o", cs.eb.out, cs.eb.invflags & EBT_IOUT);
+ print_iface("--logical-out", cs.eb.logical_out, cs.eb.invflags & EBT_ILOGICALOUT);
print_matches_and_watchers(&cs, format);
--
2.16.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
