[iptables PATCH 5/8] nft: ruleparse: Introduce nft_parse_rule_expr()

Phil Sutter <phil@xxxxxx> · Thu, 1 Aug 2024 00:27:00 +0200

Extract the parsing of one expression into a separate function and
export it, preparing for following code changes.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft-ruleparse.c | 73 ++++++++++++++++++++++------------------
 iptables/nft-ruleparse.h |  4 +++
 2 files changed, 44 insertions(+), 33 deletions(-)

diff --git a/iptables/nft-ruleparse.c b/iptables/nft-ruleparse.c
index 1ee7a94db59de..757d3c29fc816 100644
--- a/iptables/nft-ruleparse.c
+++ b/iptables/nft-ruleparse.c
@@ -887,6 +887,45 @@ static void nft_parse_range(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 	}
 }
 
+bool nft_parse_rule_expr(struct nft_handle *h,
+			 struct nftnl_expr *expr,
+			 struct nft_xt_ctx *ctx)
+{
+	const char *name = nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
+
+	if (strcmp(name, "counter") == 0)
+		nft_parse_counter(expr, &ctx->cs->counters);
+	else if (strcmp(name, "payload") == 0)
+		nft_parse_payload(ctx, expr);
+	else if (strcmp(name, "meta") == 0)
+		nft_parse_meta(ctx, expr);
+	else if (strcmp(name, "bitwise") == 0)
+		nft_parse_bitwise(ctx, expr);
+	else if (strcmp(name, "cmp") == 0)
+		nft_parse_cmp(ctx, expr);
+	else if (strcmp(name, "immediate") == 0)
+		nft_parse_immediate(ctx, expr);
+	else if (strcmp(name, "match") == 0)
+		nft_parse_match(ctx, expr);
+	else if (strcmp(name, "target") == 0)
+		nft_parse_target(ctx, expr);
+	else if (strcmp(name, "limit") == 0)
+		nft_parse_limit(ctx, expr);
+	else if (strcmp(name, "lookup") == 0)
+		nft_parse_lookup(ctx, h, expr);
+	else if (strcmp(name, "log") == 0)
+		nft_parse_log(ctx, expr);
+	else if (strcmp(name, "range") == 0)
+		nft_parse_range(ctx, expr);
+
+	if (ctx->errmsg) {
+		fprintf(stderr, "Error: %s\n", ctx->errmsg);
+		ctx->errmsg = NULL;
+		return false;
+	}
+	return true;
+}
+
 bool nft_rule_to_iptables_command_state(struct nft_handle *h,
 					const struct nftnl_rule *r,
 					struct iptables_command_state *cs)
@@ -905,40 +944,8 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h,
 
 	expr = nftnl_expr_iter_next(ctx.iter);
 	while (expr != NULL) {
-		const char *name =
-			nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
-
-		if (strcmp(name, "counter") == 0)
-			nft_parse_counter(expr, &ctx.cs->counters);
-		else if (strcmp(name, "payload") == 0)
-			nft_parse_payload(&ctx, expr);
-		else if (strcmp(name, "meta") == 0)
-			nft_parse_meta(&ctx, expr);
-		else if (strcmp(name, "bitwise") == 0)
-			nft_parse_bitwise(&ctx, expr);
-		else if (strcmp(name, "cmp") == 0)
-			nft_parse_cmp(&ctx, expr);
-		else if (strcmp(name, "immediate") == 0)
-			nft_parse_immediate(&ctx, expr);
-		else if (strcmp(name, "match") == 0)
-			nft_parse_match(&ctx, expr);
-		else if (strcmp(name, "target") == 0)
-			nft_parse_target(&ctx, expr);
-		else if (strcmp(name, "limit") == 0)
-			nft_parse_limit(&ctx, expr);
-		else if (strcmp(name, "lookup") == 0)
-			nft_parse_lookup(&ctx, h, expr);
-		else if (strcmp(name, "log") == 0)
-			nft_parse_log(&ctx, expr);
-		else if (strcmp(name, "range") == 0)
-			nft_parse_range(&ctx, expr);
-
-		if (ctx.errmsg) {
-			fprintf(stderr, "Error: %s\n", ctx.errmsg);
-			ctx.errmsg = NULL;
+		if (!nft_parse_rule_expr(h, expr, &ctx))
 			ret = false;
-		}
-
 		expr = nftnl_expr_iter_next(ctx.iter);
 	}
 
diff --git a/iptables/nft-ruleparse.h b/iptables/nft-ruleparse.h
index 62c9160d77711..0377e4ae17a6e 100644
--- a/iptables/nft-ruleparse.h
+++ b/iptables/nft-ruleparse.h
@@ -133,4 +133,8 @@ int parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e, uint8_t key,
 int nft_parse_hl(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
 		 struct iptables_command_state *cs);
 
+bool nft_parse_rule_expr(struct nft_handle *h,
+			 struct nftnl_expr *expr,
+			 struct nft_xt_ctx *ctx);
+
 #endif /* _NFT_RULEPARSE_H_ */
-- 
2.43.0








