[iptables PATCH 04/10] xshared: Share save_rule_details() with legacy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The function combines printing of input and output interfaces and
protocol parameter, all being IP family independent. Extend the function
to print fragment option ('-f'), too if requested. While being at it,
drop unused iptables_command_state parameter and reorder the remaining
ones a bit.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/ip6tables.c  | 23 +++--------------------
 iptables/iptables.c   | 28 ++++------------------------
 iptables/nft-ipv4.c   | 13 ++++---------
 iptables/nft-ipv6.c   |  6 +++---
 iptables/nft-shared.c | 29 -----------------------------
 iptables/nft-shared.h |  6 ------
 iptables/xshared.c    | 32 ++++++++++++++++++++++++++++++++
 iptables/xshared.h    |  4 ++++
 8 files changed, 50 insertions(+), 91 deletions(-)

diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 1c9b076196e8f..eacbf704f9769 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -707,19 +707,6 @@ list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
 	return found;
 }
 
-static void print_proto(uint16_t proto, int invert)
-{
-	if (proto) {
-		const char *pname = proto_to_name(proto, 0);
-		const char *invertstr = invert ? " !" : "";
-
-		if (pname)
-			printf("%s -p %s", invertstr, pname);
-		else
-			printf("%s -p %u", invertstr, proto);
-	}
-}
-
 static int print_match_save(const struct xt_entry_match *e,
 			const struct ip6t_ip6 *ip)
 {
@@ -795,13 +782,9 @@ void print_rule6(const struct ip6t_entry *e,
 	print_ip("-d", &(e->ipv6.dst), &(e->ipv6.dmsk),
 			e->ipv6.invflags & IP6T_INV_DSTIP);
 
-	save_iface('i', e->ipv6.iniface, e->ipv6.iniface_mask,
-		    e->ipv6.invflags & IP6T_INV_VIA_IN);
-
-	save_iface('o', e->ipv6.outiface, e->ipv6.outiface_mask,
-		    e->ipv6.invflags & IP6T_INV_VIA_OUT);
-
-	print_proto(e->ipv6.proto, e->ipv6.invflags & XT_INV_PROTO);
+	save_rule_details(e->ipv6.iniface, e->ipv6.iniface_mask,
+			  e->ipv6.outiface, e->ipv6.outiface_mask,
+			  e->ipv6.proto, 0, e->ipv6.invflags);
 
 #if 0
 	/* not definied in ipv6
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 7802bd6d95bd0..85fb7bdcd0ca1 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -699,19 +699,6 @@ list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
 	return found;
 }
 
-static void print_proto(uint16_t proto, int invert)
-{
-	if (proto) {
-		const char *pname = proto_to_name(proto, 0);
-		const char *invertstr = invert ? " !" : "";
-
-		if (pname)
-			printf("%s -p %s", invertstr, pname);
-		else
-			printf("%s -p %u", invertstr, proto);
-	}
-}
-
 #define IP_PARTS_NATIVE(n)			\
 (unsigned int)((n)>>24)&0xFF,			\
 (unsigned int)((n)>>16)&0xFF,			\
@@ -804,17 +791,10 @@ void print_rule4(const struct ipt_entry *e,
 	print_ip("-d", e->ip.dst.s_addr, e->ip.dmsk.s_addr,
 			e->ip.invflags & IPT_INV_DSTIP);
 
-	save_iface('i', e->ip.iniface, e->ip.iniface_mask,
-		    e->ip.invflags & IPT_INV_VIA_IN);
-
-	save_iface('o', e->ip.outiface, e->ip.outiface_mask,
-		    e->ip.invflags & IPT_INV_VIA_OUT);
-
-	print_proto(e->ip.proto, e->ip.invflags & XT_INV_PROTO);
-
-	if (e->ip.flags & IPT_F_FRAG)
-		printf("%s -f",
-		       e->ip.invflags & IPT_INV_FRAG ? " !" : "");
+	save_rule_details(e->ip.iniface, e->ip.iniface_mask,
+			  e->ip.outiface, e->ip.outiface_mask,
+			  e->ip.proto, e->ip.flags & IPT_F_FRAG,
+			  e->ip.invflags);
 
 	/* Print matchinfo part */
 	if (e->target_offset)
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index 287112d0e6b99..39d6e61232cdb 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -317,15 +317,10 @@ static void nft_ipv4_save_rule(const void *data, unsigned int format)
 	save_ipv4_addr('d', &cs->fw.ip.dst, cs->fw.ip.dmsk.s_addr,
 		       cs->fw.ip.invflags & IPT_INV_DSTIP);
 
-	save_rule_details(cs, cs->fw.ip.invflags, cs->fw.ip.proto,
-			  cs->fw.ip.iniface, cs->fw.ip.iniface_mask,
-			  cs->fw.ip.outiface, cs->fw.ip.outiface_mask);
-
-	if (cs->fw.ip.flags & IPT_F_FRAG) {
-		if (cs->fw.ip.invflags & IPT_INV_FRAG)
-			printf(" !");
-		printf(" -f");
-	}
+	save_rule_details(cs->fw.ip.iniface, cs->fw.ip.iniface_mask,
+			  cs->fw.ip.outiface, cs->fw.ip.outiface_mask,
+			  cs->fw.ip.proto, cs->fw.ip.flags & IPT_F_FRAG,
+			  cs->fw.ip.invflags);
 
 	save_matches_and_target(cs, cs->fw.ip.flags & IPT_F_GOTO,
 				&cs->fw, format);
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 845937b180b06..0c73cedd71c96 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -253,9 +253,9 @@ static void nft_ipv6_save_rule(const void *data, unsigned int format)
 	save_ipv6_addr('d', &cs->fw6.ipv6.dst, &cs->fw6.ipv6.dmsk,
 		       cs->fw6.ipv6.invflags & IP6T_INV_DSTIP);
 
-	save_rule_details(cs, cs->fw6.ipv6.invflags, cs->fw6.ipv6.proto,
-			  cs->fw6.ipv6.iniface, cs->fw6.ipv6.iniface_mask,
-			  cs->fw6.ipv6.outiface, cs->fw6.ipv6.outiface_mask);
+	save_rule_details(cs->fw6.ipv6.iniface, cs->fw6.ipv6.iniface_mask,
+			  cs->fw6.ipv6.outiface, cs->fw6.ipv6.outiface_mask,
+			  cs->fw6.ipv6.proto, 0, cs->fw6.ipv6.invflags);
 
 	save_matches_and_target(cs, cs->fw6.ipv6.flags & IP6T_F_GOTO,
 				&cs->fw6, format);
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index b86cc086bed1c..168c224627fd0 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -785,35 +785,6 @@ void print_rule_details(const struct iptables_command_state *cs,
 	}
 }
 
-void save_rule_details(const struct iptables_command_state *cs,
-		       uint8_t invflags, uint16_t proto,
-		       const char *iniface,
-		       unsigned const char *iniface_mask,
-		       const char *outiface,
-		       unsigned const char *outiface_mask)
-{
-	if (iniface != NULL) {
-		save_iface('i', iniface, iniface_mask,
-			    invflags & IPT_INV_VIA_IN);
-	}
-	if (outiface != NULL) {
-		save_iface('o', outiface, outiface_mask,
-			    invflags & IPT_INV_VIA_OUT);
-	}
-
-	if (proto > 0) {
-		const char *pname = proto_to_name(proto, 0);
-
-		if (invflags & XT_INV_PROTO)
-			printf(" !");
-
-		if (pname)
-			printf(" -p %s", pname);
-		else
-			printf(" -p %u", proto);
-	}
-}
-
 void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy)
 {
 	const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 339c46e7f5b06..cac5757ff0708 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -173,12 +173,6 @@ void print_rule_details(const struct iptables_command_state *cs,
 			unsigned int num, unsigned int format);
 void print_matches_and_target(struct iptables_command_state *cs,
 			      unsigned int format);
-void save_rule_details(const struct iptables_command_state *cs,
-		       uint8_t invflags, uint16_t proto,
-		       const char *iniface,
-		       unsigned const char *iniface_mask,
-		       const char *outiface,
-		       unsigned const char *outiface_mask);
 void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy);
 void save_matches_and_target(const struct iptables_command_state *cs,
 			     bool goto_flag, const void *fw,
diff --git a/iptables/xshared.c b/iptables/xshared.c
index db03aaaa324b0..db701ead4811f 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -941,3 +941,35 @@ void parse_chain(const char *chainname)
 			xtables_error(PARAMETER_PROBLEM,
 				      "Invalid chain name `%s'", chainname);
 }
+
+void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
+		       const char *outiface, unsigned const char *outiface_mask,
+		       uint16_t proto, int frag, uint8_t invflags)
+{
+	if (iniface != NULL) {
+		save_iface('i', iniface, iniface_mask,
+			    invflags & IPT_INV_VIA_IN);
+	}
+	if (outiface != NULL) {
+		save_iface('o', outiface, outiface_mask,
+			    invflags & IPT_INV_VIA_OUT);
+	}
+
+	if (proto > 0) {
+		const char *pname = proto_to_name(proto, 0);
+
+		if (invflags & XT_INV_PROTO)
+			printf(" !");
+
+		if (pname)
+			printf(" -p %s", pname);
+		else
+			printf(" -p %u", proto);
+	}
+
+	if (frag) {
+		if (invflags & IPT_INV_FRAG)
+			printf(" !");
+		printf(" -f");
+	}
+}
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 3281ce584476c..484ade126404c 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -242,4 +242,8 @@ void parse_chain(const char *chainname);
 void generic_opt_check(int command, int options);
 char opt2char(int option);
 
+void save_rule_details(const char *iniface, unsigned const char *iniface_mask,
+		       const char *outiface, unsigned const char *outiface_mask,
+		       uint16_t proto, int frag, uint8_t invflags);
+
 #endif /* IPTABLES_XSHARED_H */
-- 
2.33.0




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux