This changes ebtables-nft to consistently print mac
address with two characters, i.e.
00:01:02:03:04:0a, not 0:1:2:3:4:a.
Will require another bump of vcurrent/vage.
Suggested-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
extensions/libebt_arp.c | 13 ++-----------
extensions/libebt_arp.t | 4 ++--
extensions/libebt_arpreply.c | 7 +------
extensions/libebt_arpreply.t | 4 ++--
extensions/libebt_dnat.c | 7 +------
extensions/libebt_dnat.t | 6 +++---
extensions/libebt_pkttype.t | 4 ----
extensions/libebt_snat.c | 7 +------
extensions/libebt_snat.t | 4 ++--
extensions/libebt_standard.t | 10 +++++-----
extensions/libebt_stp.c | 29 ++---------------------------
include/xtables.h | 3 +++
iptables/nft-bridge.c | 17 ++++-------------
libxtables/xtables.c | 22 ++++++++++++++++++++++
14 files changed, 50 insertions(+), 87 deletions(-)
diff --git a/extensions/libebt_arp.c b/extensions/libebt_arp.c
index 522c57c0156d..a062b7e7e586 100644
--- a/extensions/libebt_arp.c
+++ b/extensions/libebt_arp.c
@@ -332,15 +332,6 @@ brarp_parse(int c, char **argv, int invert, unsigned int *flags,
return 1;
}
-static void brarp_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask)
-{
- char hlpmsk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-
- printf("%s", ether_ntoa((struct ether_addr *) mac));
- if (memcmp(mask, hlpmsk, 6))
- printf("/%s", ether_ntoa((struct ether_addr *) mask));
-}
-
static void brarp_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data;
@@ -385,14 +376,14 @@ static void brarp_print(const void *ip, const struct xt_entry_match *match, int
printf("--arp-mac-src ");
if (arpinfo->invflags & EBT_ARP_SRC_MAC)
printf("! ");
- brarp_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
+ xtables_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
printf(" ");
}
if (arpinfo->bitmask & EBT_ARP_DST_MAC) {
printf("--arp-mac-dst ");
if (arpinfo->invflags & EBT_ARP_DST_MAC)
printf("! ");
- brarp_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
+ xtables_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
printf(" ");
}
if (arpinfo->bitmask & EBT_ARP_GRAT) {
diff --git a/extensions/libebt_arp.t b/extensions/libebt_arp.t
index 64b4362f9cdb..2b064c4bd206 100644
--- a/extensions/libebt_arp.t
+++ b/extensions/libebt_arp.t
@@ -6,6 +6,6 @@
-p ARP ! --arp-ip-dst 1.2.3.4;-p ARP --arp-ip-dst ! 1.2.3.4 -j CONTINUE;OK
-p ARP --arp-ip-src ! 0.0.0.0;=;OK
-p ARP --arp-ip-dst ! 0.0.0.0/8;=;OK
--p ARP --arp-mac-src 0:de:ad:be:ef:0;=;OK
--p ARP --arp-mac-dst de:ad:be:ef:0:0/ff:ff:ff:ff:0:0;=;OK
+-p ARP --arp-mac-src 00:de:ad:be:ef:00;=;OK
+-p ARP --arp-mac-dst de:ad:be:ef:00:00/ff:ff:ff:ff:00:00;=;OK
-p ARP --arp-gratuitous;=;OK
diff --git a/extensions/libebt_arpreply.c b/extensions/libebt_arpreply.c
index 998dece33921..80ba2159ff94 100644
--- a/extensions/libebt_arpreply.c
+++ b/extensions/libebt_arpreply.c
@@ -71,17 +71,12 @@ brarpreply_parse(int c, char **argv, int invert, unsigned int *flags,
return 1;
}
-static void ebt_print_mac(const unsigned char *mac)
-{
- printf("%s", ether_ntoa((struct ether_addr *) mac));
-}
-
static void brarpreply_print(const void *ip, const struct xt_entry_target *t, int numeric)
{
struct ebt_arpreply_info *replyinfo = (void *)t->data;
printf("--arpreply-mac ");
- ebt_print_mac(replyinfo->mac);
+ xtables_print_mac(replyinfo->mac);
if (replyinfo->target == EBT_DROP)
return;
printf(" --arpreply-target %s", ebt_target_name(replyinfo->target));
diff --git a/extensions/libebt_arpreply.t b/extensions/libebt_arpreply.t
index f7bc85f9cd34..6734501a106b 100644
--- a/extensions/libebt_arpreply.t
+++ b/extensions/libebt_arpreply.t
@@ -1,4 +1,4 @@
:PREROUTING
*nat
--p ARP -i foo -j arpreply --arpreply-mac de:ad:0:be:ee:ff --arpreply-target ACCEPT;=;OK
--p ARP -i foo -j arpreply --arpreply-mac de:ad:0:be:ee:ff;=;OK
+-p ARP -i foo -j arpreply --arpreply-mac de:ad:00:be:ee:ff --arpreply-target ACCEPT;=;OK
+-p ARP -i foo -j arpreply --arpreply-mac de:ad:00:be:ee:ff;=;OK
diff --git a/extensions/libebt_dnat.c b/extensions/libebt_dnat.c
index c179d8c19bc1..9f5f721ea79d 100644
--- a/extensions/libebt_dnat.c
+++ b/extensions/libebt_dnat.c
@@ -74,17 +74,12 @@ static void brdnat_final_check(unsigned int flags)
"You must specify proper arguments");
}
-static void ebt_print_mac(const unsigned char *mac)
-{
- printf("%s", ether_ntoa((struct ether_addr *) mac));
-}
-
static void brdnat_print(const void *ip, const struct xt_entry_target *target, int numeric)
{
struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
printf("--to-dst ");
- ebt_print_mac(natinfo->mac);
+ xtables_print_mac(natinfo->mac);
printf(" --dnat-target %s", ebt_target_name(natinfo->target));
}
diff --git a/extensions/libebt_dnat.t b/extensions/libebt_dnat.t
index 42f9bff27b8d..9428d237850f 100644
--- a/extensions/libebt_dnat.t
+++ b/extensions/libebt_dnat.t
@@ -1,5 +1,5 @@
:PREROUTING
*nat
--i someport -j dnat --to-dst de:ad:0:be:ee:ff;-i someport -j dnat --to-dst de:ad:0:be:ee:ff --dnat-target ACCEPT;OK
--j dnat --to-dst de:ad:0:be:ee:ff --dnat-target ACCEPT;=;OK
--j dnat --to-dst de:ad:0:be:ee:ff --dnat-target CONTINUE;=;OK
+-i someport -j dnat --to-dst de:ad:0:be:ee:ff;-i someport -j dnat --to-dst de:ad:00:be:ee:ff --dnat-target ACCEPT;OK
+-j dnat --to-dst de:ad:00:be:ee:ff --dnat-target ACCEPT;=;OK
+-j dnat --to-dst de:ad:00:be:ee:ff --dnat-target CONTINUE;=;OK
diff --git a/extensions/libebt_pkttype.t b/extensions/libebt_pkttype.t
index 921cf3acbbda..f5f76aaaebfd 100644
--- a/extensions/libebt_pkttype.t
+++ b/extensions/libebt_pkttype.t
@@ -1,8 +1,4 @@
:INPUT,FORWARD,OUTPUT
--s 0:0:0:0:0:0;=;OK
--d 00:00:0:00:00:00;-d 0:0:0:0:0:0;OK
--s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:0:0 -j RETURN;OK
--d de:ad:be:ef:0:0;=;OK
! --pkttype-type host;--pkttype-type ! host -j CONTINUE;OK
--pkttype-type host;=;OK
--pkttype-type broadcast;=;OK
diff --git a/extensions/libebt_snat.c b/extensions/libebt_snat.c
index 95b32f9cd204..c1124bf32d1e 100644
--- a/extensions/libebt_snat.c
+++ b/extensions/libebt_snat.c
@@ -85,17 +85,12 @@ static void brsnat_final_check(unsigned int flags)
"You must specify proper arguments");
}
-static void ebt_print_mac(const unsigned char *mac)
-{
- printf("%s", ether_ntoa((struct ether_addr *) mac));
-}
-
static void brsnat_print(const void *ip, const struct xt_entry_target *target, int numeric)
{
struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
printf("--to-src ");
- ebt_print_mac(natinfo->mac);
+ xtables_print_mac(natinfo->mac);
if (!(natinfo->target&NAT_ARP_BIT))
printf(" --snat-arp");
printf(" --snat-target %s", ebt_target_name((natinfo->target|~EBT_VERDICT_BITS)));
diff --git a/extensions/libebt_snat.t b/extensions/libebt_snat.t
index bb42e758631f..639b13f300c9 100644
--- a/extensions/libebt_snat.t
+++ b/extensions/libebt_snat.t
@@ -1,4 +1,4 @@
:POSTROUTING
*nat
--o someport -j snat --to-source a:b:c:d:e:f;-o someport -j snat --to-src a:b:c:d:e:f --snat-target ACCEPT;OK
--o someport+ -j snat --to-src de:ad:0:be:ee:ff --snat-target CONTINUE;=;OK
+-o someport -j snat --to-source a:b:c:d:e:f;-o someport -j snat --to-src 0a:0b:0c:0d:0e:0f --snat-target ACCEPT;OK
+-o someport+ -j snat --to-src de:ad:00:be:ee:ff --snat-target CONTINUE;=;OK
diff --git a/extensions/libebt_standard.t b/extensions/libebt_standard.t
index 04991e1f3290..c0b87e128d51 100644
--- a/extensions/libebt_standard.t
+++ b/extensions/libebt_standard.t
@@ -1,7 +1,7 @@
:INPUT,FORWARD,OUTPUT
--s 0:0:0:0:0:0;=;OK
--d 00:00:0:00:00:00;-d 0:0:0:0:0:0;OK
--s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:0:0 -j RETURN;OK
+-d de:ad:be:ef:00:00;=;OK
+-s 0:0:0:0:0:0;-s 00:00:00:00:00:00;OK
+-d 00:00:00:00:00:00;=;OK
+-s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:00:00 -j RETURN;OK
-d de:ad:be:ef:00:00 -j CONTINUE;=;OK
--d de:ad:be:ef:0:0;=;OK
--d de:ad:be:ef:00:00/ff:ff:ff:ff:00:00 -j DROP;-d de:ad:be:ef:0:0/ff:ff:ff:ff:0:0 -j DROP;OK
+-d de:ad:be:ef:0:00/ff:ff:ff:ff:0:0 -j DROP;-d de:ad:be:ef:00:00/ff:ff:ff:ff:00:00 -j DROP;OK
diff --git a/extensions/libebt_stp.c b/extensions/libebt_stp.c
index 25f2735f4680..06cf93b8d844 100644
--- a/extensions/libebt_stp.c
+++ b/extensions/libebt_stp.c
@@ -297,31 +297,6 @@ brstp_parse(int c, char **argv, int invert, unsigned int *flags,
return 1;
}
-static void ebt_print_mac(const unsigned char *mac)
-{
- int j;
- for (j = 0; j < ETH_ALEN; j++)
- printf("%02x%s", mac[j],
- (j==ETH_ALEN-1) ? "" : ":");
-}
-
-static bool mac_all_ones(const unsigned char *mac)
-{
- static const char hlpmsk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-
- return memcmp(mac, hlpmsk, sizeof(hlpmsk)) == 0;
-}
-
-static void ebt_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask)
-{
-
- ebt_print_mac(mac);
- if (!mac_all_ones(mask)) {
- printf("/");
- ebt_print_mac(mask);
- }
-}
-
static void brstp_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
@@ -351,14 +326,14 @@ static void brstp_print(const void *ip, const struct xt_entry_match *match,
} else if (EBT_STP_ROOTPRIO == (1 << i))
print_range(c->root_priol, c->root_priou);
else if (EBT_STP_ROOTADDR == (1 << i))
- ebt_print_mac_and_mask((unsigned char *)c->root_addr,
+ xtables_print_mac_and_mask((unsigned char *)c->root_addr,
(unsigned char*)c->root_addrmsk);
else if (EBT_STP_ROOTCOST == (1 << i))
print_range(c->root_costl, c->root_costu);
else if (EBT_STP_SENDERPRIO == (1 << i))
print_range(c->sender_priol, c->sender_priou);
else if (EBT_STP_SENDERADDR == (1 << i))
- ebt_print_mac_and_mask((unsigned char *)c->sender_addr,
+ xtables_print_mac_and_mask((unsigned char *)c->sender_addr,
(unsigned char *)c->sender_addrmsk);
else if (EBT_STP_PORT == (1 << i))
print_range(c->portl, c->portu);
diff --git a/include/xtables.h b/include/xtables.h
index 8fb8843ac4f4..2bc190cd5d40 100644
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -556,6 +556,9 @@ extern void xtables_save_string(const char *value);
#define FMT(tab,notab) ((format) & FMT_NOTABLE ? (notab) : (tab))
extern void xtables_print_num(uint64_t number, unsigned int format);
+extern void xtables_print_mac(const unsigned char *macaddress);
+extern void xtables_print_mac_and_mask(const unsigned char *mac,
+ const unsigned char *mask);
extern void xtables_parse_val_mask(struct xt_option_call *cb,
unsigned int *val, unsigned int *mask,
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index a616f8458a74..92e3f3b6f97f 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -45,21 +45,12 @@ void ebt_cs_clean(struct iptables_command_state *cs)
}
}
-/* 0: default, print only 2 digits if necessary
- * 2: always print 2 digits, a printed mac address
- * then always has the same length
- */
-int ebt_printstyle_mac;
-
static void ebt_print_mac(const unsigned char *mac)
{
- if (ebt_printstyle_mac == 2) {
- int j;
- for (j = 0; j < ETH_ALEN; j++)
- printf("%02x%s", mac[j],
- (j==ETH_ALEN-1) ? "" : ":");
- } else
- printf("%s", ether_ntoa((struct ether_addr *) mac));
+ int j;
+
+ for (j = 0; j < ETH_ALEN; j++)
+ printf("%02x%s", mac[j], (j==ETH_ALEN-1) ? "" : ":");
}
static bool mac_all_ones(const unsigned char *mac)
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 34a084f47c29..11231fc473d5 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -2077,6 +2077,28 @@ void xtables_print_num(uint64_t number, unsigned int format)
printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
}
+void xtables_print_mac(const unsigned char *macaddress)
+{
+ unsigned int i;
+
+ printf("%02x", macaddress[0]);
+ for (i = 1; i < 6; ++i)
+ printf(":%02x", macaddress[i]);
+}
+
+void xtables_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask)
+{
+ static const char hlpmsk[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+
+ xtables_print_mac(mac);
+
+ if (memcmp(mask, hlpmsk, 6) == 0)
+ return;
+
+ printf("/");
+ xtables_print_mac(mask);
+}
+
void xtables_parse_val_mask(struct xt_option_call *cb,
unsigned int *val, unsigned int *mask,
const struct xtables_lmap *lmap)
--
2.18.1
