This drops the dedicated input parser (which was broken in many ways
anyway) and replaces it by the common one now that all required knobs
are in place.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft.h | 2 +-
iptables/xtables-eb-standalone.c | 2 +-
iptables/xtables-eb.c | 4 +-
iptables/xtables-restore.c | 105 ++++++-------------------------
4 files changed, 24 insertions(+), 89 deletions(-)
diff --git a/iptables/nft.h b/iptables/nft.h
index 942cb6a06e5e5..d16ded09ca181 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -149,7 +149,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table);
/* For xtables-eb.c */
int nft_init_eb(struct nft_handle *h, const char *pname);
int ebt_get_current_chain(const char *chain);
-int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table);
+int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table, bool restore);
/*
* Parse config for tables and chain helper functions
diff --git a/iptables/xtables-eb-standalone.c b/iptables/xtables-eb-standalone.c
index 069c9aa1d4c94..84ce0b60a7076 100644
--- a/iptables/xtables-eb-standalone.c
+++ b/iptables/xtables-eb-standalone.c
@@ -49,7 +49,7 @@ int xtables_eb_main(int argc, char *argv[])
nft_init_eb(&h, "ebtables");
- ret = do_commandeb(&h, argc, argv, &table);
+ ret = do_commandeb(&h, argc, argv, &table, false);
if (ret)
ret = nft_commit(&h);
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 763d1ad97fc06..c5c98c3332102 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -764,7 +764,8 @@ int nft_init_eb(struct nft_handle *h, const char *pname)
return 0;
}
-int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table)
+int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
+ bool restore)
{
char *buffer;
int c, i;
@@ -811,6 +812,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table)
}
/* prevent getopt to spoil our error reporting */
+ optind = 0;
opterr = false;
cs.eb.bitmask = EBT_NOPROTO;
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 49fc16ce481dd..a76acfd4b6cbd 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -484,35 +484,17 @@ int xtables_ip6_restore_main(int argc, char *argv[])
argc, argv);
}
-static const char *ebt_parse_table_name(const char *input)
-{
- if (!strcmp(input, "broute"))
- xtables_error(PARAMETER_PROBLEM, "broute table not supported");
- else if (!strcmp(input, "filter"))
- return "filter";
- else if (!strcmp(input, "nat"))
- return "nat";
-
- xtables_error(PARAMETER_PROBLEM, "table '%s' not recognized", input);
-}
-
-static const char *ebt_parse_policy_name(const char *input)
-{
- int i;
-
- for (i = 0; i < NUM_STANDARD_TARGETS; i++) {
- if (!strcmp(input, ebt_standard_targets[i])) {
- int policy = -i - 1;
-
- if (policy == EBT_CONTINUE)
- i = NUM_STANDARD_TARGETS;
- break;
- }
- }
- if (i == NUM_STANDARD_TARGETS)
- xtables_error(PARAMETER_PROBLEM, "invalid policy specified");
- return ebt_standard_targets[i];
-}
+struct nft_xt_restore_cb ebt_restore_cb = {
+ .chain_list = get_chain_list,
+ .commit = nft_commit,
+ .table_new = nft_table_new,
+ .table_flush = nft_table_flush,
+ .chain_user_flush = nft_chain_user_flush,
+ .chain_del = chain_delete,
+ .do_command = do_commandeb,
+ .chain_set = nft_chain_set,
+ .chain_user_add = nft_chain_user_add,
+};
static const struct option ebt_restore_options[] = {
{.name = "noflush", .has_arg = 0, .val = 'n'},
@@ -521,18 +503,17 @@ static const struct option ebt_restore_options[] = {
int xtables_eb_restore_main(int argc, char *argv[])
{
- char buffer[10240];
- int i, ret, c, flush = 1;
- const char *table = NULL;
+ struct nft_xt_restore_parse p = {
+ .in = stdin,
+ };
struct nft_handle h;
-
- nft_init_eb(&h, "ebtables-restore");
+ int c;
while ((c = getopt_long(argc, argv, "n",
ebt_restore_options, NULL)) != -1) {
switch(c) {
case 'n':
- flush = 0;
+ noflush = 1;
break;
default:
fprintf(stderr,
@@ -542,57 +523,9 @@ int xtables_eb_restore_main(int argc, char *argv[])
}
}
- while (fgets(buffer, sizeof(buffer), stdin)) {
- if (buffer[0] == '#' || buffer[0] == '\n')
- continue;
- if (buffer[0] == '*') {
- table = ebt_parse_table_name(buffer + 1);
- if (flush)
- nft_table_flush(&h, table);
- continue;
- } else if (!table) {
- xtables_error(PARAMETER_PROBLEM, "no table specified");
- }
- if (buffer[0] == ':') {
- char *ch, *chain = buffer;
- const char *policy;
-
- if (!(ch = strchr(buffer, ' ')))
- xtables_error(PARAMETER_PROBLEM, "no policy specified");
- *ch = '\0';
- policy = ebt_parse_policy_name(ch + 1);
-
- /* No need to check chain name for consistency, since
- * we're supposed to be reading an automatically generated
- * file. */
- if (ebt_get_current_chain(chain) < 0)
- nft_chain_user_add(&h, chain, table);
- ret = nft_chain_set(&h, table, chain, policy, NULL);
- if (ret < 0)
- xtables_error(PARAMETER_PROBLEM, "Wrong policy");
- continue;
- }
-
- newargc = 0;
- add_argv("ebtables", 0);
- add_argv("-t", 0);
- add_argv(table, 0);
- add_param_to_argv(buffer, line);
-
- DEBUGP("calling do_commandeb(%u, argv, &%s, handle):\n",
- newargc, table);
-
- for (i = 0; i < newargc; i++)
- DEBUGP("argv[%u]: %s\n", i, newargv[i]);
-
- optind = 0; /* Setting optind = 1 causes serious annoyances */
- if (!do_commandeb(&h, newargc, newargv, &newargv[2]))
- return 1;
- }
+ nft_init_eb(&h, "ebtables-restore");
+ xtables_restore_parse(&h, &p, &ebt_restore_cb, argc, argv);
+ nft_fini(&h);
- if (!nft_commit(&h)) {
- fprintf(stderr, "%s\n", nft_strerror(errno));
- return 1;
- }
return 0;
}
--
2.18.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
