since commit d9c6a5d0977a6d8bbe772dbc31a2c4f58eec1708 ("xtables: merge {ip,arp}tables_command_state structs") arptables uses the shared representation. With only minor changes (e.g., use generic counters in command_state), in print/save functions we can use the shared nftnl expression parser too. arptables-legacy prints (-L) the jump target first, i.e.: -j MARK -d 0.0.0.0/8 --h-length 6 ... ... so keep that here too. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- extensions/libarpt_standard.t | 4 +- iptables/nft-arp.c | 92 ++++------------------------------- 2 files changed, 12 insertions(+), 84 deletions(-) diff --git a/extensions/libarpt_standard.t b/extensions/libarpt_standard.t index bef682afec37..195865929c8d 100644 --- a/extensions/libarpt_standard.t +++ b/extensions/libarpt_standard.t @@ -5,8 +5,8 @@ -d 192.168.0.1;=;OK ! -d 0.0.0.0;=;OK -d 0.0.0.0/24;=;OK --i lo;=;OK -! -i lo;=;OK +-i lo -j DROP;-i lo --h-length 6 --h-type 1 -j DROP;OK +! -i lo -j ACCEPT;! -i lo --h-length 6 --h-type 1 -j ACCEPT;OK -i ppp+;=;OK ! -i ppp+;=;OK -i lo --destination-mac 11:22:33:44:55:66;-i lo --dst-mac 11:22:33:44:55:66;OK diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index 1a98996f94bd..37850bd328b7 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -412,56 +412,6 @@ static void nft_arp_parse_payload(struct nft_xt_ctx *ctx, } } -static void nft_arp_rule_to_cs(const struct nftnl_rule *r, - struct iptables_command_state *cs) -{ - struct nftnl_expr_iter *iter; - struct nftnl_expr *expr; - int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY); - struct nft_xt_ctx ctx = { - .cs = cs, - .family = family, - }; - - iter = nftnl_expr_iter_create(r); - if (iter == NULL) - return; - - ctx.iter = iter; - expr = nftnl_expr_iter_next(iter); - while (expr != NULL) { - const char *name = - nftnl_expr_get_str(expr, NFTNL_EXPR_NAME); - - if (strcmp(name, "counter") == 0) - nft_parse_counter(expr, &ctx.cs->arp.counters); - else if (strcmp(name, "payload") == 0) - nft_parse_payload(&ctx, expr); - else if (strcmp(name, "meta") == 0) - nft_parse_meta(&ctx, expr); - else if (strcmp(name, "bitwise") == 0) - nft_parse_bitwise(&ctx, expr); - else if (strcmp(name, "cmp") == 0) - nft_parse_cmp(&ctx, expr); - else if (strcmp(name, "immediate") == 0) - nft_parse_immediate(&ctx, expr); - else if (strcmp(name, "target") == 0) - nft_parse_target(&ctx, expr); - - expr = nftnl_expr_iter_next(iter); - } - - nftnl_expr_iter_destroy(iter); - - if (cs->jumpto != NULL) - return; - - if (cs->target != NULL && cs->target->name != NULL) - cs->target = xtables_find_target(cs->target->name, XTF_TRY_LOAD); - else - cs->jumpto = ""; -} - static void nft_arp_print_header(unsigned int format, const char *chain, const char *pol, const struct xt_counters *counters, @@ -627,14 +577,6 @@ after_devdst: } } -static void nft_arp_save_counters(const void *data) -{ - const struct iptables_command_state *cs = data; - - printf("[%llu:%llu] ", (unsigned long long)cs->arp.counters.pcnt, - (unsigned long long)cs->arp.counters.bcnt); -} - static void nft_arp_save_rule(const void *data, unsigned int format) { @@ -643,17 +585,7 @@ nft_arp_save_rule(const void *data, unsigned int format) format |= FMT_NUMERIC; nft_arp_print_rule_details(&cs->arp, format); - - if (cs->jumpto != NULL && strcmp(cs->jumpto, "") != 0) { - printf("-j %s", cs->jumpto); - } else if (cs->target) { - printf("-j %s", cs->target->name); - if (cs->target->save != NULL) - cs->target->save(&cs->arp, cs->target->t); - } - - if (!(format & FMT_NONEWLINE)) - fputc('\n', stdout); + save_matches_and_target(cs, false, &cs->arp, format); } static void @@ -664,22 +596,18 @@ nft_arp_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format) if (format & FMT_LINENUMBERS) printf("%u ", num); - nft_arp_rule_to_cs(r, &cs); + nft_rule_to_iptables_command_state(r, &cs); + if (cs.jumpto) + printf("-j %s ", cs.jumpto); nft_arp_print_rule_details(&cs.arp, format); - - if (cs.jumpto != NULL && strcmp(cs.jumpto, "") != 0) { - printf("-j %s", cs.jumpto); - } else if (cs.target) { - printf("-j %s", cs.target->name); - cs.target->print(&cs.arp, cs.target->t, format & FMT_NUMERIC); - } + print_matches_and_target(&cs, format); if (!(format & FMT_NOCOUNTS)) { printf(", pcnt="); - xtables_print_num(cs.arp.counters.pcnt, format); + xtables_print_num(cs.counters.pcnt, format); printf("-- bcnt="); - xtables_print_num(cs.arp.counters.bcnt, format); + xtables_print_num(cs.counters.bcnt, format); } if (!(format & FMT_NONEWLINE)) @@ -720,7 +648,7 @@ static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r, struct iptables_command_state this = {}; /* Delete by matching rule case */ - nft_arp_rule_to_cs(r, &this); + nft_rule_to_iptables_command_state(r, &this); if (!nft_arp_is_same(&cs->arp, &this.arp)) return false; @@ -751,10 +679,10 @@ struct nft_family_ops nft_family_ops_arp = { .print_header = nft_arp_print_header, .print_rule = nft_arp_print_rule, .save_rule = nft_arp_save_rule, - .save_counters = nft_arp_save_counters, + .save_counters = save_counters, .save_chain = nft_arp_save_chain, .post_parse = NULL, - .rule_to_cs = nft_arp_rule_to_cs, + .rule_to_cs = nft_rule_to_iptables_command_state, .clear_cs = nft_clear_iptables_command_state, .rule_find = nft_arp_rule_find, .parse_target = nft_ipv46_parse_target, -- 2.18.1