This series is the result of a comparison between legacy and nft arptables outputs in verbose mode, ruleset listing and dumps (through arptables-save). Foremost, this fixes a few real bugs: * Stale printing of '-j' for rules without target (patch 1). * Mark value was parsed in decimal but legacy arptables assumed hex input at all times (patch 2). Aligning arptables-nft output with legacy one is rather important IMO since there is no way to check existence of a rule (like with 'iptables -C'), so one should expect existence of scripts parsing list/save output. Therefore I think it is acceptable to carry quite a bit of extra code in MARK and CLASSIFY targets. Patch 6 might seem like a convenience change, but there is a hidden problem it fixes: --h-len and --h-type options were not printed if they were zero, but a dump not containing them would cause them to reset to their default value (6 and 1) in affected rules. Phil Sutter (7): arptables-nft: Fix listing rules without target arptables-nft: Fix MARK target parsing and printing arptables-nft: Fix CLASSIFY target printing arptables-nft: Remove space between *cnt= and value arptables-nft-save: Fix position of -j option arptables-nft: Don't print default h-len/h-type values tests: shell: Add arptables-nft verbose output test extensions/libxt_CLASSIFY.c | 59 +++++++++--- extensions/libxt_MARK.c | 95 +++++++++++++++++++ iptables/nft-arp.c | 73 ++++++++------ .../arptables/0001-arptables-save-restore_0 | 32 +++---- .../0002-arptables-restore-defaults_0 | 6 +- .../arptables/0003-arptables-verbose-output_0 | 64 +++++++++++++ 6 files changed, 267 insertions(+), 62 deletions(-) create mode 100755 iptables/tests/shell/testcases/arptables/0003-arptables-verbose-output_0 -- 2.20.1
