Differences between both structs are marginal (apart from
arptables_command_state being much smaller), so merge them into one.
Struct iptables_command_state is already shared between iptables,
ip6tables and ebtables.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft-arp.c | 40 +++++++-------
iptables/nft-arp.h | 10 +---
iptables/nft-shared.c | 27 ++-------
iptables/nft-shared.h | 3 +-
iptables/xshared.h | 2 +
iptables/xtables-arp.c | 110 ++++++++++++++++++-------------------
iptables/xtables-monitor.c | 8 +--
7 files changed, 88 insertions(+), 112 deletions(-)
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 4eacc61bf4fc7..7b70ef22db8ae 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -139,8 +139,8 @@ static void print_mac_and_mask(const unsigned char *mac, const unsigned char *ma
static int nft_arp_add(struct nftnl_rule *r, void *data)
{
- struct arptables_command_state *cs = data;
- struct arpt_entry *fw = &cs->fw;
+ struct iptables_command_state *cs = data;
+ struct arpt_entry *fw = &cs->arp;
uint32_t op;
int ret = 0;
@@ -260,8 +260,8 @@ static uint16_t ipt_to_arpt_flags(uint8_t invflags)
static void nft_arp_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
void *data)
{
- struct arptables_command_state *cs = data;
- struct arpt_entry *fw = &cs->fw;
+ struct iptables_command_state *cs = data;
+ struct arpt_entry *fw = &cs->arp;
uint8_t flags = 0;
parse_meta(e, ctx->meta.key, fw->arp.iniface, fw->arp.iniface_mask,
@@ -273,7 +273,7 @@ static void nft_arp_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
static void nft_arp_parse_target(struct xtables_target *target, void *data)
{
- struct arptables_command_state *cs = data;
+ struct iptables_command_state *cs = data;
cs->target = target;
}
@@ -281,7 +281,7 @@ static void nft_arp_parse_target(struct xtables_target *target, void *data)
static void nft_arp_parse_immediate(const char *jumpto, bool nft_goto,
void *data)
{
- struct arptables_command_state *cs = data;
+ struct iptables_command_state *cs = data;
cs->jumpto = jumpto;
}
@@ -294,8 +294,8 @@ static void parse_mask_ipv4(struct nft_xt_ctx *ctx, struct in_addr *mask)
static void nft_arp_parse_payload(struct nft_xt_ctx *ctx,
struct nftnl_expr *e, void *data)
{
- struct arptables_command_state *cs = data;
- struct arpt_entry *fw = &cs->fw;
+ struct iptables_command_state *cs = data;
+ struct arpt_entry *fw = &cs->arp;
struct in_addr addr;
unsigned short int ar_hrd, ar_pro, ar_op, ar_hln;
bool inv;
@@ -365,14 +365,14 @@ static void nft_arp_parse_payload(struct nft_xt_ctx *ctx,
}
}
-void nft_rule_to_arptables_command_state(struct nftnl_rule *r,
- struct arptables_command_state *cs)
+void nft_rule_to_arptables_command_state(const struct nftnl_rule *r,
+ struct iptables_command_state *cs)
{
struct nftnl_expr_iter *iter;
struct nftnl_expr *expr;
int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
struct nft_xt_ctx ctx = {
- .state.cs_arp = cs,
+ .state.cs = cs,
.family = family,
};
@@ -387,7 +387,7 @@ void nft_rule_to_arptables_command_state(struct nftnl_rule *r,
nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
if (strcmp(name, "counter") == 0)
- nft_parse_counter(expr, &ctx.state.cs_arp->fw.counters);
+ nft_parse_counter(expr, &ctx.state.cs->arp.counters);
else if (strcmp(name, "payload") == 0)
nft_parse_payload(&ctx, expr);
else if (strcmp(name, "meta") == 0)
@@ -581,27 +581,27 @@ static void
nft_arp_print_firewall(struct nftnl_rule *r, unsigned int num,
unsigned int format)
{
- struct arptables_command_state cs = {};
+ struct iptables_command_state cs = {};
nft_rule_to_arptables_command_state(r, &cs);
if (format & FMT_LINENUMBERS)
printf("%u ", num);
- print_fw_details(&cs.fw, format);
+ print_fw_details(&cs.arp, format);
if (cs.jumpto != NULL && strcmp(cs.jumpto, "") != 0) {
printf("-j %s", cs.jumpto);
} else if (cs.target) {
printf("-j %s", cs.target->name);
- cs.target->print(&cs.fw, cs.target->t, format & FMT_NUMERIC);
+ cs.target->print(&cs.arp, cs.target->t, format & FMT_NUMERIC);
}
if (!(format & FMT_NOCOUNTS)) {
printf(", pcnt=");
- xtables_print_num(cs.fw.counters.pcnt, format);
+ xtables_print_num(cs.arp.counters.pcnt, format);
printf("-- bcnt=");
- xtables_print_num(cs.fw.counters.bcnt, format);
+ xtables_print_num(cs.arp.counters.bcnt, format);
}
if (!(format & FMT_NONEWLINE))
@@ -637,13 +637,13 @@ static bool nft_arp_is_same(const void *data_a,
static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r,
void *data)
{
- const struct arptables_command_state *cs = data;
- struct arptables_command_state this = {};
+ const struct iptables_command_state *cs = data;
+ struct iptables_command_state this = {};
/* Delete by matching rule case */
nft_rule_to_arptables_command_state(r, &this);
- if (!nft_arp_is_same(cs, &this))
+ if (!nft_arp_is_same(&cs->arp, &this.arp))
return false;
if (!compare_targets(cs->target, this.target))
diff --git a/iptables/nft-arp.h b/iptables/nft-arp.h
index 05889b4941a2c..e33bb74803562 100644
--- a/iptables/nft-arp.h
+++ b/iptables/nft-arp.h
@@ -4,13 +4,7 @@
extern char *opcodes[];
#define NUMOPCODES 9
-struct arptables_command_state {
- struct arpt_entry fw;
- struct xtables_target *target;
- const char *jumpto;
-};
-
-void nft_rule_to_arptables_command_state(struct nftnl_rule *r,
- struct arptables_command_state *cs);
+void nft_rule_to_arptables_command_state(const struct nftnl_rule *r,
+ struct iptables_command_state *cs);
#endif
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index eb2af851dc118..0ff07bf3ef1e6 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -294,21 +294,6 @@ int parse_meta(struct nftnl_expr *e, uint8_t key, char *iniface,
return 0;
}
-static void *nft_get_data(struct nft_xt_ctx *ctx)
-{
- switch(ctx->family) {
- case NFPROTO_IPV4:
- case NFPROTO_IPV6:
- case NFPROTO_BRIDGE:
- return ctx->state.cs;
- case NFPROTO_ARP:
- return ctx->state.cs_arp;
- default:
- /* Should not happen */
- return NULL;
- }
-}
-
void nft_parse_target(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
uint32_t tg_len;
@@ -318,7 +303,7 @@ void nft_parse_target(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
struct xt_entry_target *t;
size_t size;
struct nft_family_ops *ops;
- void *data = nft_get_data(ctx);
+ void *data = ctx->state.cs;
target = xtables_find_target(targname, XTF_TRY_LOAD);
if (target == NULL)
@@ -383,7 +368,7 @@ void nft_parse_match(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
ops = nft_family_ops_lookup(ctx->family);
if (ops->parse_match != NULL)
- ops->parse_match(match, nft_get_data(ctx));
+ ops->parse_match(match, ctx->state.cs);
}
void print_proto(uint16_t proto, int invert)
@@ -446,7 +431,7 @@ static void nft_meta_set_to_target(struct nft_xt_ctx *ctx)
target->t = t;
ops = nft_family_ops_lookup(ctx->family);
- ops->parse_target(target, nft_get_data(ctx));
+ ops->parse_target(target, ctx->state.cs);
}
void nft_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
@@ -491,7 +476,7 @@ void nft_parse_bitwise(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
void nft_parse_cmp(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
struct nft_family_ops *ops = nft_family_ops_lookup(ctx->family);
- void *data = nft_get_data(ctx);
+ void *data = ctx->state.cs;
uint32_t reg;
reg = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_SREG);
@@ -521,7 +506,7 @@ void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
struct nft_family_ops *ops;
const char *jumpto = NULL;
bool nft_goto = false;
- void *data = nft_get_data(ctx);
+ void *data = ctx->state.cs;
int verdict;
if (nftnl_expr_is_set(e, NFTNL_EXPR_IMM_DATA)) {
@@ -563,7 +548,7 @@ void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
ops->parse_immediate(jumpto, nft_goto, data);
}
-void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
+void nft_rule_to_iptables_command_state(const struct nftnl_rule *r,
struct iptables_command_state *cs)
{
struct nftnl_expr_iter *iter;
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index d74eeb0063a74..18927a2981977 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -49,7 +49,6 @@ enum {
struct nft_xt_ctx {
union {
struct iptables_command_state *cs;
- struct arptables_command_state *cs_arp;
} state;
struct nftnl_expr_iter *iter;
int family;
@@ -145,7 +144,7 @@ void nft_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
void nft_parse_payload(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
void nft_parse_counter(struct nftnl_expr *e, struct xt_counters *counters);
void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
-void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
+void nft_rule_to_iptables_command_state(const struct nftnl_rule *r,
struct iptables_command_state *cs);
void print_header(unsigned int format, const char *chain, const char *pol,
const struct xt_counters *counters, bool basechain,
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 01c0eb12abb56..533c52686bc29 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -6,6 +6,7 @@
#include <stdint.h>
#include <netinet/in.h>
#include <net/if.h>
+#include <linux/netfilter_arp/arp_tables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
@@ -83,6 +84,7 @@ struct iptables_command_state {
struct ebt_entry eb;
struct ipt_entry fw;
struct ip6t_entry fw6;
+ struct arpt_entry arp;
};
int invert;
int c;
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index ffe477868c889..ce9e618b7049b 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -862,7 +862,7 @@ static int
append_entry(struct nft_handle *h,
const char *chain,
const char *table,
- struct arptables_command_state *cs,
+ struct iptables_command_state *cs,
int rulenum,
unsigned int nsaddrs,
const struct in_addr saddrs[],
@@ -874,9 +874,9 @@ append_entry(struct nft_handle *h,
int ret = 1;
for (i = 0; i < nsaddrs; i++) {
- cs->fw.arp.src.s_addr = saddrs[i].s_addr;
+ cs->arp.arp.src.s_addr = saddrs[i].s_addr;
for (j = 0; j < ndaddrs; j++) {
- cs->fw.arp.tgt.s_addr = daddrs[j].s_addr;
+ cs->arp.arp.tgt.s_addr = daddrs[j].s_addr;
if (append) {
ret = nft_rule_append(h, chain, table, cs, 0,
verbose);
@@ -893,14 +893,14 @@ append_entry(struct nft_handle *h,
static int
replace_entry(const char *chain,
const char *table,
- struct arptables_command_state *cs,
+ struct iptables_command_state *cs,
unsigned int rulenum,
const struct in_addr *saddr,
const struct in_addr *daddr,
bool verbose, struct nft_handle *h)
{
- cs->fw.arp.src.s_addr = saddr->s_addr;
- cs->fw.arp.tgt.s_addr = daddr->s_addr;
+ cs->arp.arp.src.s_addr = saddr->s_addr;
+ cs->arp.arp.tgt.s_addr = daddr->s_addr;
return nft_rule_replace(h, chain, table, cs, rulenum, verbose);
}
@@ -908,7 +908,7 @@ replace_entry(const char *chain,
static int
delete_entry(const char *chain,
const char *table,
- struct arptables_command_state *cs,
+ struct iptables_command_state *cs,
unsigned int nsaddrs,
const struct in_addr saddrs[],
unsigned int ndaddrs,
@@ -919,9 +919,9 @@ delete_entry(const char *chain,
int ret = 1;
for (i = 0; i < nsaddrs; i++) {
- cs->fw.arp.src.s_addr = saddrs[i].s_addr;
+ cs->arp.arp.src.s_addr = saddrs[i].s_addr;
for (j = 0; j < ndaddrs; j++) {
- cs->fw.arp.tgt.s_addr = daddrs[j].s_addr;
+ cs->arp.arp.tgt.s_addr = daddrs[j].s_addr;
ret = nft_rule_delete(h, chain, table, cs, verbose);
}
}
@@ -931,7 +931,7 @@ delete_entry(const char *chain,
int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
{
- struct arptables_command_state cs = {
+ struct iptables_command_state cs = {
.jumpto = "",
};
int invert = 0;
@@ -1088,47 +1088,47 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
break;
case 's':
check_inverse(optarg, &invert, &optind, argc);
- set_option(&options, OPT_S_IP, &cs.fw.arp.invflags,
+ set_option(&options, OPT_S_IP, &cs.arp.arp.invflags,
invert);
shostnetworkmask = argv[optind-1];
break;
case 'd':
check_inverse(optarg, &invert, &optind, argc);
- set_option(&options, OPT_D_IP, &cs.fw.arp.invflags,
+ set_option(&options, OPT_D_IP, &cs.arp.arp.invflags,
invert);
dhostnetworkmask = argv[optind-1];
break;
case 2:/* src-mac */
check_inverse(optarg, &invert, &optind, argc);
- set_option(&options, OPT_S_MAC, &cs.fw.arp.invflags,
+ set_option(&options, OPT_S_MAC, &cs.arp.arp.invflags,
invert);
if (getmac_and_mask(argv[optind - 1],
- cs.fw.arp.src_devaddr.addr, cs.fw.arp.src_devaddr.mask))
+ cs.arp.arp.src_devaddr.addr, cs.arp.arp.src_devaddr.mask))
xtables_error(PARAMETER_PROBLEM, "Problem with specified "
"source mac");
break;
case 3:/* dst-mac */
check_inverse(optarg, &invert, &optind, argc);
- set_option(&options, OPT_D_MAC, &cs.fw.arp.invflags,
+ set_option(&options, OPT_D_MAC, &cs.arp.arp.invflags,
invert);
if (getmac_and_mask(argv[optind - 1],
- cs.fw.arp.tgt_devaddr.addr, cs.fw.arp.tgt_devaddr.mask))
+ cs.arp.arp.tgt_devaddr.addr, cs.arp.arp.tgt_devaddr.mask))
xtables_error(PARAMETER_PROBLEM, "Problem with specified "
"destination mac");
break;
case 'l':/* hardware length */
check_inverse(optarg, &invert, &optind, argc);
- set_option(&options, OPT_H_LENGTH, &cs.fw.arp.invflags,
+ set_option(&options, OPT_H_LENGTH, &cs.arp.arp.invflags,
invert);
- getlength_and_mask(argv[optind - 1], &cs.fw.arp.arhln,
- &cs.fw.arp.arhln_mask);
+ getlength_and_mask(argv[optind - 1], &cs.arp.arp.arhln,
+ &cs.arp.arp.arhln_mask);
- if (cs.fw.arp.arhln != 6) {
+ if (cs.arp.arp.arhln != 6) {
xtables_error(PARAMETER_PROBLEM,
"Only harware address length of"
" 6 is supported currently.");
@@ -1140,20 +1140,20 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
xtables_error(PARAMETER_PROBLEM, "not supported");
/*
check_inverse(optarg, &invert, &optind, argc);
- set_option(&options, OPT_P_LENGTH, &cs.fw.arp.invflags,
+ set_option(&options, OPT_P_LENGTH, &cs.arp.arp.invflags,
invert);
- getlength_and_mask(argv[optind - 1], &cs.fw.arp.arpln,
- &cs.fw.arp.arpln_mask);
+ getlength_and_mask(argv[optind - 1], &cs.arp.arp.arpln,
+ &cs.arp.arp.arpln_mask);
break;
*/
case 4:/* opcode */
check_inverse(optarg, &invert, &optind, argc);
- set_option(&options, OPT_OPCODE, &cs.fw.arp.invflags,
+ set_option(&options, OPT_OPCODE, &cs.arp.arp.invflags,
invert);
- if (get16_and_mask(argv[optind - 1], &cs.fw.arp.arpop,
- &cs.fw.arp.arpop_mask, 10)) {
+ if (get16_and_mask(argv[optind - 1], &cs.arp.arp.arpop,
+ &cs.arp.arp.arpop_mask, 10)) {
int i;
for (i = 0; i < NUMOPCODES; i++)
@@ -1161,65 +1161,65 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
break;
if (i == NUMOPCODES)
xtables_error(PARAMETER_PROBLEM, "Problem with specified opcode");
- cs.fw.arp.arpop = htons(i+1);
+ cs.arp.arp.arpop = htons(i+1);
}
break;
case 5:/* h-type */
check_inverse(optarg, &invert, &optind, argc);
- set_option(&options, OPT_H_TYPE, &cs.fw.arp.invflags,
+ set_option(&options, OPT_H_TYPE, &cs.arp.arp.invflags,
invert);
- if (get16_and_mask(argv[optind - 1], &cs.fw.arp.arhrd,
- &cs.fw.arp.arhrd_mask, 16)) {
+ if (get16_and_mask(argv[optind - 1], &cs.arp.arp.arhrd,
+ &cs.arp.arp.arhrd_mask, 16)) {
if (strcasecmp(argv[optind-1], "Ethernet"))
xtables_error(PARAMETER_PROBLEM, "Problem with specified hardware type");
- cs.fw.arp.arhrd = htons(1);
+ cs.arp.arp.arhrd = htons(1);
}
break;
case 6:/* proto-type */
check_inverse(optarg, &invert, &optind, argc);
- set_option(&options, OPT_P_TYPE, &cs.fw.arp.invflags,
+ set_option(&options, OPT_P_TYPE, &cs.arp.arp.invflags,
invert);
- if (get16_and_mask(argv[optind - 1], &cs.fw.arp.arpro,
- &cs.fw.arp.arpro_mask, 0)) {
+ if (get16_and_mask(argv[optind - 1], &cs.arp.arp.arpro,
+ &cs.arp.arp.arpro_mask, 0)) {
if (strcasecmp(argv[optind-1], "ipv4"))
xtables_error(PARAMETER_PROBLEM, "Problem with specified protocol type");
- cs.fw.arp.arpro = htons(0x800);
+ cs.arp.arp.arpro = htons(0x800);
}
break;
case 'j':
- set_option(&options, OPT_JUMP, &cs.fw.arp.invflags,
+ set_option(&options, OPT_JUMP, &cs.arp.arp.invflags,
invert);
cs.jumpto = parse_target(optarg);
- cs.target = command_jump(&cs.fw, cs.jumpto);
+ cs.target = command_jump(&cs.arp, cs.jumpto);
break;
case 'i':
check_inverse(optarg, &invert, &optind, argc);
- set_option(&options, OPT_VIANAMEIN, &cs.fw.arp.invflags,
+ set_option(&options, OPT_VIANAMEIN, &cs.arp.arp.invflags,
invert);
parse_interface(argv[optind-1],
- cs.fw.arp.iniface,
- cs.fw.arp.iniface_mask);
-/* cs.fw.nfcache |= NFC_IP_IF_IN; */
+ cs.arp.arp.iniface,
+ cs.arp.arp.iniface_mask);
+/* cs.arp.nfcache |= NFC_IP_IF_IN; */
break;
case 'o':
check_inverse(optarg, &invert, &optind, argc);
- set_option(&options, OPT_VIANAMEOUT, &cs.fw.arp.invflags,
+ set_option(&options, OPT_VIANAMEOUT, &cs.arp.arp.invflags,
invert);
parse_interface(argv[optind-1],
- cs.fw.arp.outiface,
- cs.fw.arp.outiface_mask);
- /* cs.fw.nfcache |= NFC_IP_IF_OUT; */
+ cs.arp.arp.outiface,
+ cs.arp.arp.outiface_mask);
+ /* cs.arp.nfcache |= NFC_IP_IF_OUT; */
break;
case 'v':
if (!verbose)
set_option(&options, OPT_VERBOSE,
- &cs.fw.arp.invflags, invert);
+ &cs.arp.arp.invflags, invert);
verbose++;
break;
@@ -1242,7 +1242,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
break;
case 'n':
- set_option(&options, OPT_NUMERIC, &cs.fw.arp.invflags,
+ set_option(&options, OPT_NUMERIC, &cs.arp.arp.invflags,
invert);
break;
@@ -1262,7 +1262,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
exit(0);
case '0':
- set_option(&options, OPT_LINENUMBERS, &cs.fw.arp.invflags,
+ set_option(&options, OPT_LINENUMBERS, &cs.arp.arp.invflags,
invert);
break;
@@ -1272,7 +1272,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
case 'c':
- set_option(&options, OPT_COUNTERS, &cs.fw.arp.invflags,
+ set_option(&options, OPT_COUNTERS, &cs.arp.arp.invflags,
invert);
pcnt = optarg;
if (xs_has_arg(argc, argv))
@@ -1282,12 +1282,12 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
"-%c requires packet and byte counter",
opt2char(OPT_COUNTERS));
- if (sscanf(pcnt, "%llu", &cs.fw.counters.pcnt) != 1)
+ if (sscanf(pcnt, "%llu", &cs.arp.counters.pcnt) != 1)
xtables_error(PARAMETER_PROBLEM,
"-%c packet counter not numeric",
opt2char(OPT_COUNTERS));
- if (sscanf(bcnt, "%llu", &cs.fw.counters.bcnt) != 1)
+ if (sscanf(bcnt, "%llu", &cs.arp.counters.bcnt) != 1)
xtables_error(PARAMETER_PROBLEM,
"-%c byte counter not numeric",
opt2char(OPT_COUNTERS));
@@ -1311,7 +1311,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
default:
if (cs.target) {
xtables_option_tpcall(c, argv,
- invert, cs.target, &cs.fw);
+ invert, cs.target, &cs.arp);
}
break;
}
@@ -1339,14 +1339,14 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
if (shostnetworkmask)
parse_hostnetworkmask(shostnetworkmask, &saddrs,
- &(cs.fw.arp.smsk), &nsaddrs);
+ &(cs.arp.arp.smsk), &nsaddrs);
if (dhostnetworkmask)
parse_hostnetworkmask(dhostnetworkmask, &daddrs,
- &(cs.fw.arp.tmsk), &ndaddrs);
+ &(cs.arp.arp.tmsk), &ndaddrs);
if ((nsaddrs > 1 || ndaddrs > 1) &&
- (cs.fw.arp.invflags & (ARPT_INV_SRCIP | ARPT_INV_TGTIP)))
+ (cs.arp.arp.invflags & (ARPT_INV_SRCIP | ARPT_INV_TGTIP)))
xtables_error(PARAMETER_PROBLEM, "! not allowed with multiple"
" source or destination IP addresses");
diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
index dd38030000533..e491b4db82bd7 100644
--- a/iptables/xtables-monitor.c
+++ b/iptables/xtables-monitor.c
@@ -73,12 +73,10 @@ static bool events;
static int rule_cb(const struct nlmsghdr *nlh, void *data)
{
- struct arptables_command_state cs_arp = {};
struct iptables_command_state cs = {};
uint32_t type = nlh->nlmsg_type & 0xFF;
const struct cb_arg *arg = data;
struct nftnl_rule *r;
- void *fw = NULL;
uint8_t family;
r = nftnl_rule_alloc();
@@ -99,19 +97,17 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data)
case AF_INET6:
printf("-%c ", family == AF_INET ? '4' : '6');
nft_rule_to_iptables_command_state(r, &cs);
- fw = &cs;
break;
case NFPROTO_ARP:
printf("-0 ");
- nft_rule_to_arptables_command_state(r, &cs_arp);
- fw = &cs_arp;
+ nft_rule_to_arptables_command_state(r, &cs);
break;
default:
goto err_free;
}
printf("-t %s ", nftnl_rule_get_str(r, NFTNL_RULE_TABLE));
- nft_rule_print_save(fw, r,
+ nft_rule_print_save(&cs, r,
type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND :
NFT_RULE_DEL,
counters ? 0 : FMT_NOCOUNTS);
--
2.18.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
