[iptables PATCH 03/17] xtables: Merge {ip,arp}tables_command_state structs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Differences between both structs are marginal (apart from
arptables_command_state being much smaller), so merge them into one.
Struct iptables_command_state is already shared between iptables,
ip6tables and ebtables.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft-arp.c         |  40 +++++++-------
 iptables/nft-arp.h         |  10 +---
 iptables/nft-shared.c      |  27 ++-------
 iptables/nft-shared.h      |   3 +-
 iptables/xshared.h         |   2 +
 iptables/xtables-arp.c     | 110 ++++++++++++++++++-------------------
 iptables/xtables-monitor.c |   8 +--
 7 files changed, 88 insertions(+), 112 deletions(-)

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 4eacc61bf4fc7..7b70ef22db8ae 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -139,8 +139,8 @@ static void print_mac_and_mask(const unsigned char *mac, const unsigned char *ma
 
 static int nft_arp_add(struct nftnl_rule *r, void *data)
 {
-	struct arptables_command_state *cs = data;
-	struct arpt_entry *fw = &cs->fw;
+	struct iptables_command_state *cs = data;
+	struct arpt_entry *fw = &cs->arp;
 	uint32_t op;
 	int ret = 0;
 
@@ -260,8 +260,8 @@ static uint16_t ipt_to_arpt_flags(uint8_t invflags)
 static void nft_arp_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
 			       void *data)
 {
-	struct arptables_command_state *cs = data;
-	struct arpt_entry *fw = &cs->fw;
+	struct iptables_command_state *cs = data;
+	struct arpt_entry *fw = &cs->arp;
 	uint8_t flags = 0;
 
 	parse_meta(e, ctx->meta.key, fw->arp.iniface, fw->arp.iniface_mask,
@@ -273,7 +273,7 @@ static void nft_arp_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
 
 static void nft_arp_parse_target(struct xtables_target *target, void *data)
 {
-	struct arptables_command_state *cs = data;
+	struct iptables_command_state *cs = data;
 
 	cs->target = target;
 }
@@ -281,7 +281,7 @@ static void nft_arp_parse_target(struct xtables_target *target, void *data)
 static void nft_arp_parse_immediate(const char *jumpto, bool nft_goto,
 				    void *data)
 {
-	struct arptables_command_state *cs = data;
+	struct iptables_command_state *cs = data;
 
 	cs->jumpto = jumpto;
 }
@@ -294,8 +294,8 @@ static void parse_mask_ipv4(struct nft_xt_ctx *ctx, struct in_addr *mask)
 static void nft_arp_parse_payload(struct nft_xt_ctx *ctx,
 				  struct nftnl_expr *e, void *data)
 {
-	struct arptables_command_state *cs = data;
-	struct arpt_entry *fw = &cs->fw;
+	struct iptables_command_state *cs = data;
+	struct arpt_entry *fw = &cs->arp;
 	struct in_addr addr;
 	unsigned short int ar_hrd, ar_pro, ar_op, ar_hln;
 	bool inv;
@@ -365,14 +365,14 @@ static void nft_arp_parse_payload(struct nft_xt_ctx *ctx,
 	}
 }
 
-void nft_rule_to_arptables_command_state(struct nftnl_rule *r,
-					 struct arptables_command_state *cs)
+void nft_rule_to_arptables_command_state(const struct nftnl_rule *r,
+					 struct iptables_command_state *cs)
 {
 	struct nftnl_expr_iter *iter;
 	struct nftnl_expr *expr;
 	int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
 	struct nft_xt_ctx ctx = {
-		.state.cs_arp = cs,
+		.state.cs = cs,
 		.family = family,
 	};
 
@@ -387,7 +387,7 @@ void nft_rule_to_arptables_command_state(struct nftnl_rule *r,
 			nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
 
 		if (strcmp(name, "counter") == 0)
-			nft_parse_counter(expr, &ctx.state.cs_arp->fw.counters);
+			nft_parse_counter(expr, &ctx.state.cs->arp.counters);
 		else if (strcmp(name, "payload") == 0)
 			nft_parse_payload(&ctx, expr);
 		else if (strcmp(name, "meta") == 0)
@@ -581,27 +581,27 @@ static void
 nft_arp_print_firewall(struct nftnl_rule *r, unsigned int num,
 		       unsigned int format)
 {
-	struct arptables_command_state cs = {};
+	struct iptables_command_state cs = {};
 
 	nft_rule_to_arptables_command_state(r, &cs);
 
 	if (format & FMT_LINENUMBERS)
 		printf("%u ", num);
 
-	print_fw_details(&cs.fw, format);
+	print_fw_details(&cs.arp, format);
 
 	if (cs.jumpto != NULL && strcmp(cs.jumpto, "") != 0) {
 		printf("-j %s", cs.jumpto);
 	} else if (cs.target) {
 		printf("-j %s", cs.target->name);
-		cs.target->print(&cs.fw, cs.target->t, format & FMT_NUMERIC);
+		cs.target->print(&cs.arp, cs.target->t, format & FMT_NUMERIC);
 	}
 
 	if (!(format & FMT_NOCOUNTS)) {
 		printf(", pcnt=");
-		xtables_print_num(cs.fw.counters.pcnt, format);
+		xtables_print_num(cs.arp.counters.pcnt, format);
 		printf("-- bcnt=");
-		xtables_print_num(cs.fw.counters.bcnt, format);
+		xtables_print_num(cs.arp.counters.bcnt, format);
 	}
 
 	if (!(format & FMT_NONEWLINE))
@@ -637,13 +637,13 @@ static bool nft_arp_is_same(const void *data_a,
 static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r,
 			      void *data)
 {
-	const struct arptables_command_state *cs = data;
-	struct arptables_command_state this = {};
+	const struct iptables_command_state *cs = data;
+	struct iptables_command_state this = {};
 
 	/* Delete by matching rule case */
 	nft_rule_to_arptables_command_state(r, &this);
 
-	if (!nft_arp_is_same(cs, &this))
+	if (!nft_arp_is_same(&cs->arp, &this.arp))
 		return false;
 
 	if (!compare_targets(cs->target, this.target))
diff --git a/iptables/nft-arp.h b/iptables/nft-arp.h
index 05889b4941a2c..e33bb74803562 100644
--- a/iptables/nft-arp.h
+++ b/iptables/nft-arp.h
@@ -4,13 +4,7 @@
 extern char *opcodes[];
 #define NUMOPCODES 9
 
-struct arptables_command_state {
-	struct arpt_entry fw;
-	struct xtables_target *target;
-	const char *jumpto;
-};
-
-void nft_rule_to_arptables_command_state(struct nftnl_rule *r,
-					 struct arptables_command_state *cs);
+void nft_rule_to_arptables_command_state(const struct nftnl_rule *r,
+					 struct iptables_command_state *cs);
 
 #endif
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index eb2af851dc118..0ff07bf3ef1e6 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -294,21 +294,6 @@ int parse_meta(struct nftnl_expr *e, uint8_t key, char *iniface,
 	return 0;
 }
 
-static void *nft_get_data(struct nft_xt_ctx *ctx)
-{
-	switch(ctx->family) {
-	case NFPROTO_IPV4:
-	case NFPROTO_IPV6:
-	case NFPROTO_BRIDGE:
-		return ctx->state.cs;
-	case NFPROTO_ARP:
-		return ctx->state.cs_arp;
-	default:
-		/* Should not happen */
-		return NULL;
-	}
-}
-
 void nft_parse_target(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 {
 	uint32_t tg_len;
@@ -318,7 +303,7 @@ void nft_parse_target(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 	struct xt_entry_target *t;
 	size_t size;
 	struct nft_family_ops *ops;
-	void *data = nft_get_data(ctx);
+	void *data = ctx->state.cs;
 
 	target = xtables_find_target(targname, XTF_TRY_LOAD);
 	if (target == NULL)
@@ -383,7 +368,7 @@ void nft_parse_match(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 
 	ops = nft_family_ops_lookup(ctx->family);
 	if (ops->parse_match != NULL)
-		ops->parse_match(match, nft_get_data(ctx));
+		ops->parse_match(match, ctx->state.cs);
 }
 
 void print_proto(uint16_t proto, int invert)
@@ -446,7 +431,7 @@ static void nft_meta_set_to_target(struct nft_xt_ctx *ctx)
 	target->t = t;
 
 	ops = nft_family_ops_lookup(ctx->family);
-	ops->parse_target(target, nft_get_data(ctx));
+	ops->parse_target(target, ctx->state.cs);
 }
 
 void nft_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
@@ -491,7 +476,7 @@ void nft_parse_bitwise(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 void nft_parse_cmp(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 {
 	struct nft_family_ops *ops = nft_family_ops_lookup(ctx->family);
-	void *data = nft_get_data(ctx);
+	void *data = ctx->state.cs;
 	uint32_t reg;
 
 	reg = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_SREG);
@@ -521,7 +506,7 @@ void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 	struct nft_family_ops *ops;
 	const char *jumpto = NULL;
 	bool nft_goto = false;
-	void *data = nft_get_data(ctx);
+	void *data = ctx->state.cs;
 	int verdict;
 
 	if (nftnl_expr_is_set(e, NFTNL_EXPR_IMM_DATA)) {
@@ -563,7 +548,7 @@ void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 	ops->parse_immediate(jumpto, nft_goto, data);
 }
 
-void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
+void nft_rule_to_iptables_command_state(const struct nftnl_rule *r,
 					struct iptables_command_state *cs)
 {
 	struct nftnl_expr_iter *iter;
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index d74eeb0063a74..18927a2981977 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -49,7 +49,6 @@ enum {
 struct nft_xt_ctx {
 	union {
 		struct iptables_command_state *cs;
-		struct arptables_command_state *cs_arp;
 	} state;
 	struct nftnl_expr_iter *iter;
 	int family;
@@ -145,7 +144,7 @@ void nft_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
 void nft_parse_payload(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
 void nft_parse_counter(struct nftnl_expr *e, struct xt_counters *counters);
 void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
-void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
+void nft_rule_to_iptables_command_state(const struct nftnl_rule *r,
 					struct iptables_command_state *cs);
 void print_header(unsigned int format, const char *chain, const char *pol,
 		  const struct xt_counters *counters, bool basechain,
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 01c0eb12abb56..533c52686bc29 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -6,6 +6,7 @@
 #include <stdint.h>
 #include <netinet/in.h>
 #include <net/if.h>
+#include <linux/netfilter_arp/arp_tables.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
 
@@ -83,6 +84,7 @@ struct iptables_command_state {
 		struct ebt_entry eb;
 		struct ipt_entry fw;
 		struct ip6t_entry fw6;
+		struct arpt_entry arp;
 	};
 	int invert;
 	int c;
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index ffe477868c889..ce9e618b7049b 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -862,7 +862,7 @@ static int
 append_entry(struct nft_handle *h,
 	     const char *chain,
 	     const char *table,
-	     struct arptables_command_state *cs,
+	     struct iptables_command_state *cs,
 	     int rulenum,
 	     unsigned int nsaddrs,
 	     const struct in_addr saddrs[],
@@ -874,9 +874,9 @@ append_entry(struct nft_handle *h,
 	int ret = 1;
 
 	for (i = 0; i < nsaddrs; i++) {
-		cs->fw.arp.src.s_addr = saddrs[i].s_addr;
+		cs->arp.arp.src.s_addr = saddrs[i].s_addr;
 		for (j = 0; j < ndaddrs; j++) {
-			cs->fw.arp.tgt.s_addr = daddrs[j].s_addr;
+			cs->arp.arp.tgt.s_addr = daddrs[j].s_addr;
 			if (append) {
 				ret = nft_rule_append(h, chain, table, cs, 0,
 						      verbose);
@@ -893,14 +893,14 @@ append_entry(struct nft_handle *h,
 static int
 replace_entry(const char *chain,
 	      const char *table,
-	      struct arptables_command_state *cs,
+	      struct iptables_command_state *cs,
 	      unsigned int rulenum,
 	      const struct in_addr *saddr,
 	      const struct in_addr *daddr,
 	      bool verbose, struct nft_handle *h)
 {
-	cs->fw.arp.src.s_addr = saddr->s_addr;
-	cs->fw.arp.tgt.s_addr = daddr->s_addr;
+	cs->arp.arp.src.s_addr = saddr->s_addr;
+	cs->arp.arp.tgt.s_addr = daddr->s_addr;
 
 	return nft_rule_replace(h, chain, table, cs, rulenum, verbose);
 }
@@ -908,7 +908,7 @@ replace_entry(const char *chain,
 static int
 delete_entry(const char *chain,
 	     const char *table,
-	     struct arptables_command_state *cs,
+	     struct iptables_command_state *cs,
 	     unsigned int nsaddrs,
 	     const struct in_addr saddrs[],
 	     unsigned int ndaddrs,
@@ -919,9 +919,9 @@ delete_entry(const char *chain,
 	int ret = 1;
 
 	for (i = 0; i < nsaddrs; i++) {
-		cs->fw.arp.src.s_addr = saddrs[i].s_addr;
+		cs->arp.arp.src.s_addr = saddrs[i].s_addr;
 		for (j = 0; j < ndaddrs; j++) {
-			cs->fw.arp.tgt.s_addr = daddrs[j].s_addr;
+			cs->arp.arp.tgt.s_addr = daddrs[j].s_addr;
 			ret = nft_rule_delete(h, chain, table, cs, verbose);
 		}
 	}
@@ -931,7 +931,7 @@ delete_entry(const char *chain,
 
 int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 {
-	struct arptables_command_state cs = {
+	struct iptables_command_state cs = {
 		.jumpto = "",
 	};
 	int invert = 0;
@@ -1088,47 +1088,47 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 			break;
 		case 's':
 			check_inverse(optarg, &invert, &optind, argc);
-			set_option(&options, OPT_S_IP, &cs.fw.arp.invflags,
+			set_option(&options, OPT_S_IP, &cs.arp.arp.invflags,
 				   invert);
 			shostnetworkmask = argv[optind-1];
 			break;
 
 		case 'd':
 			check_inverse(optarg, &invert, &optind, argc);
-			set_option(&options, OPT_D_IP, &cs.fw.arp.invflags,
+			set_option(&options, OPT_D_IP, &cs.arp.arp.invflags,
 				   invert);
 			dhostnetworkmask = argv[optind-1];
 			break;
 
 		case 2:/* src-mac */
 			check_inverse(optarg, &invert, &optind, argc);
-			set_option(&options, OPT_S_MAC, &cs.fw.arp.invflags,
+			set_option(&options, OPT_S_MAC, &cs.arp.arp.invflags,
 				   invert);
 			if (getmac_and_mask(argv[optind - 1],
-			    cs.fw.arp.src_devaddr.addr, cs.fw.arp.src_devaddr.mask))
+			    cs.arp.arp.src_devaddr.addr, cs.arp.arp.src_devaddr.mask))
 				xtables_error(PARAMETER_PROBLEM, "Problem with specified "
 						"source mac");
 			break;
 
 		case 3:/* dst-mac */
 			check_inverse(optarg, &invert, &optind, argc);
-			set_option(&options, OPT_D_MAC, &cs.fw.arp.invflags,
+			set_option(&options, OPT_D_MAC, &cs.arp.arp.invflags,
 				   invert);
 
 			if (getmac_and_mask(argv[optind - 1],
-			    cs.fw.arp.tgt_devaddr.addr, cs.fw.arp.tgt_devaddr.mask))
+			    cs.arp.arp.tgt_devaddr.addr, cs.arp.arp.tgt_devaddr.mask))
 				xtables_error(PARAMETER_PROBLEM, "Problem with specified "
 						"destination mac");
 			break;
 
 		case 'l':/* hardware length */
 			check_inverse(optarg, &invert, &optind, argc);
-			set_option(&options, OPT_H_LENGTH, &cs.fw.arp.invflags,
+			set_option(&options, OPT_H_LENGTH, &cs.arp.arp.invflags,
 				   invert);
-			getlength_and_mask(argv[optind - 1], &cs.fw.arp.arhln,
-					   &cs.fw.arp.arhln_mask);
+			getlength_and_mask(argv[optind - 1], &cs.arp.arp.arhln,
+					   &cs.arp.arp.arhln_mask);
 
-			if (cs.fw.arp.arhln != 6) {
+			if (cs.arp.arp.arhln != 6) {
 				xtables_error(PARAMETER_PROBLEM,
 					      "Only harware address length of"
 					      " 6 is supported currently.");
@@ -1140,20 +1140,20 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 			xtables_error(PARAMETER_PROBLEM, "not supported");
 /*
 			check_inverse(optarg, &invert, &optind, argc);
-			set_option(&options, OPT_P_LENGTH, &cs.fw.arp.invflags,
+			set_option(&options, OPT_P_LENGTH, &cs.arp.arp.invflags,
 				   invert);
 
-			getlength_and_mask(argv[optind - 1], &cs.fw.arp.arpln,
-					   &cs.fw.arp.arpln_mask);
+			getlength_and_mask(argv[optind - 1], &cs.arp.arp.arpln,
+					   &cs.arp.arp.arpln_mask);
 			break;
 */
 
 		case 4:/* opcode */
 			check_inverse(optarg, &invert, &optind, argc);
-			set_option(&options, OPT_OPCODE, &cs.fw.arp.invflags,
+			set_option(&options, OPT_OPCODE, &cs.arp.arp.invflags,
 				   invert);
-			if (get16_and_mask(argv[optind - 1], &cs.fw.arp.arpop,
-					   &cs.fw.arp.arpop_mask, 10)) {
+			if (get16_and_mask(argv[optind - 1], &cs.arp.arp.arpop,
+					   &cs.arp.arp.arpop_mask, 10)) {
 				int i;
 
 				for (i = 0; i < NUMOPCODES; i++)
@@ -1161,65 +1161,65 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 						break;
 				if (i == NUMOPCODES)
 					xtables_error(PARAMETER_PROBLEM, "Problem with specified opcode");
-				cs.fw.arp.arpop = htons(i+1);
+				cs.arp.arp.arpop = htons(i+1);
 			}
 			break;
 
 		case 5:/* h-type */
 			check_inverse(optarg, &invert, &optind, argc);
-			set_option(&options, OPT_H_TYPE, &cs.fw.arp.invflags,
+			set_option(&options, OPT_H_TYPE, &cs.arp.arp.invflags,
 				   invert);
-			if (get16_and_mask(argv[optind - 1], &cs.fw.arp.arhrd,
-					   &cs.fw.arp.arhrd_mask, 16)) {
+			if (get16_and_mask(argv[optind - 1], &cs.arp.arp.arhrd,
+					   &cs.arp.arp.arhrd_mask, 16)) {
 				if (strcasecmp(argv[optind-1], "Ethernet"))
 					xtables_error(PARAMETER_PROBLEM, "Problem with specified hardware type");
-				cs.fw.arp.arhrd = htons(1);
+				cs.arp.arp.arhrd = htons(1);
 			}
 			break;
 
 		case 6:/* proto-type */
 			check_inverse(optarg, &invert, &optind, argc);
-			set_option(&options, OPT_P_TYPE, &cs.fw.arp.invflags,
+			set_option(&options, OPT_P_TYPE, &cs.arp.arp.invflags,
 				   invert);
-			if (get16_and_mask(argv[optind - 1], &cs.fw.arp.arpro,
-					   &cs.fw.arp.arpro_mask, 0)) {
+			if (get16_and_mask(argv[optind - 1], &cs.arp.arp.arpro,
+					   &cs.arp.arp.arpro_mask, 0)) {
 				if (strcasecmp(argv[optind-1], "ipv4"))
 					xtables_error(PARAMETER_PROBLEM, "Problem with specified protocol type");
-				cs.fw.arp.arpro = htons(0x800);
+				cs.arp.arp.arpro = htons(0x800);
 			}
 			break;
 
 		case 'j':
-			set_option(&options, OPT_JUMP, &cs.fw.arp.invflags,
+			set_option(&options, OPT_JUMP, &cs.arp.arp.invflags,
 				   invert);
 			cs.jumpto = parse_target(optarg);
-			cs.target = command_jump(&cs.fw, cs.jumpto);
+			cs.target = command_jump(&cs.arp, cs.jumpto);
 			break;
 
 		case 'i':
 			check_inverse(optarg, &invert, &optind, argc);
-			set_option(&options, OPT_VIANAMEIN, &cs.fw.arp.invflags,
+			set_option(&options, OPT_VIANAMEIN, &cs.arp.arp.invflags,
 				   invert);
 			parse_interface(argv[optind-1],
-					cs.fw.arp.iniface,
-					cs.fw.arp.iniface_mask);
-/*			cs.fw.nfcache |= NFC_IP_IF_IN; */
+					cs.arp.arp.iniface,
+					cs.arp.arp.iniface_mask);
+/*			cs.arp.nfcache |= NFC_IP_IF_IN; */
 			break;
 
 		case 'o':
 			check_inverse(optarg, &invert, &optind, argc);
-			set_option(&options, OPT_VIANAMEOUT, &cs.fw.arp.invflags,
+			set_option(&options, OPT_VIANAMEOUT, &cs.arp.arp.invflags,
 				   invert);
 			parse_interface(argv[optind-1],
-					cs.fw.arp.outiface,
-					cs.fw.arp.outiface_mask);
-			/* cs.fw.nfcache |= NFC_IP_IF_OUT; */
+					cs.arp.arp.outiface,
+					cs.arp.arp.outiface_mask);
+			/* cs.arp.nfcache |= NFC_IP_IF_OUT; */
 			break;
 
 		case 'v':
 			if (!verbose)
 				set_option(&options, OPT_VERBOSE,
-					   &cs.fw.arp.invflags, invert);
+					   &cs.arp.arp.invflags, invert);
 			verbose++;
 			break;
 
@@ -1242,7 +1242,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 		break;
 
 		case 'n':
-			set_option(&options, OPT_NUMERIC, &cs.fw.arp.invflags,
+			set_option(&options, OPT_NUMERIC, &cs.arp.arp.invflags,
 				   invert);
 			break;
 
@@ -1262,7 +1262,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 			exit(0);
 
 		case '0':
-			set_option(&options, OPT_LINENUMBERS, &cs.fw.arp.invflags,
+			set_option(&options, OPT_LINENUMBERS, &cs.arp.arp.invflags,
 				   invert);
 			break;
 
@@ -1272,7 +1272,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 
 		case 'c':
 
-			set_option(&options, OPT_COUNTERS, &cs.fw.arp.invflags,
+			set_option(&options, OPT_COUNTERS, &cs.arp.arp.invflags,
 				   invert);
 			pcnt = optarg;
 			if (xs_has_arg(argc, argv))
@@ -1282,12 +1282,12 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 					      "-%c requires packet and byte counter",
 					      opt2char(OPT_COUNTERS));
 
-			if (sscanf(pcnt, "%llu", &cs.fw.counters.pcnt) != 1)
+			if (sscanf(pcnt, "%llu", &cs.arp.counters.pcnt) != 1)
 			xtables_error(PARAMETER_PROBLEM,
 				"-%c packet counter not numeric",
 				opt2char(OPT_COUNTERS));
 
-			if (sscanf(bcnt, "%llu", &cs.fw.counters.bcnt) != 1)
+			if (sscanf(bcnt, "%llu", &cs.arp.counters.bcnt) != 1)
 				xtables_error(PARAMETER_PROBLEM,
 					      "-%c byte counter not numeric",
 					      opt2char(OPT_COUNTERS));
@@ -1311,7 +1311,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 		default:
 			if (cs.target) {
 				xtables_option_tpcall(c, argv,
-						      invert, cs.target, &cs.fw);
+						      invert, cs.target, &cs.arp);
 			}
 			break;
 		}
@@ -1339,14 +1339,14 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 
 	if (shostnetworkmask)
 		parse_hostnetworkmask(shostnetworkmask, &saddrs,
-				      &(cs.fw.arp.smsk), &nsaddrs);
+				      &(cs.arp.arp.smsk), &nsaddrs);
 
 	if (dhostnetworkmask)
 		parse_hostnetworkmask(dhostnetworkmask, &daddrs,
-				      &(cs.fw.arp.tmsk), &ndaddrs);
+				      &(cs.arp.arp.tmsk), &ndaddrs);
 
 	if ((nsaddrs > 1 || ndaddrs > 1) &&
-	    (cs.fw.arp.invflags & (ARPT_INV_SRCIP | ARPT_INV_TGTIP)))
+	    (cs.arp.arp.invflags & (ARPT_INV_SRCIP | ARPT_INV_TGTIP)))
 		xtables_error(PARAMETER_PROBLEM, "! not allowed with multiple"
 				" source or destination IP addresses");
 
diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
index dd38030000533..e491b4db82bd7 100644
--- a/iptables/xtables-monitor.c
+++ b/iptables/xtables-monitor.c
@@ -73,12 +73,10 @@ static bool events;
 
 static int rule_cb(const struct nlmsghdr *nlh, void *data)
 {
-	struct arptables_command_state cs_arp = {};
 	struct iptables_command_state cs = {};
 	uint32_t type = nlh->nlmsg_type & 0xFF;
 	const struct cb_arg *arg = data;
 	struct nftnl_rule *r;
-	void *fw = NULL;
 	uint8_t family;
 
 	r = nftnl_rule_alloc();
@@ -99,19 +97,17 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data)
 	case AF_INET6:
 		printf("-%c ", family == AF_INET ? '4' : '6');
 		nft_rule_to_iptables_command_state(r, &cs);
-		fw = &cs;
 		break;
 	case NFPROTO_ARP:
 		printf("-0 ");
-		nft_rule_to_arptables_command_state(r, &cs_arp);
-		fw = &cs_arp;
+		nft_rule_to_arptables_command_state(r, &cs);
 		break;
 	default:
 		goto err_free;
 	}
 
 	printf("-t %s ", nftnl_rule_get_str(r, NFTNL_RULE_TABLE));
-	nft_rule_print_save(fw, r,
+	nft_rule_print_save(&cs, r,
 			    type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND :
 							   NFT_RULE_DEL,
 			    counters ? 0 : FMT_NOCOUNTS);
-- 
2.18.0

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux