From d1fb4f93d35860624c8a07844942febb113f2b65 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 1 Dec 2022 13:06:25 +0100 Subject: ebtables: Implement --check command Sadly, '-C' is in use already for --change-counters (even though ebtables-nft does not implement this), so add a long-option only. It is needed for xlate testsuite in replay mode, which will use '--check' instead of '-C'. Signed-off-by: Phil Sutter --- iptables/xtables-eb.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c index c5fc3385..7214a767 100644 --- a/iptables/xtables-eb.c +++ b/iptables/xtables-eb.c @@ -198,6 +198,7 @@ struct option ebt_original_options[] = { "delete-chain" , optional_argument, 0, 'X' }, { "init-table" , no_argument , 0, 11 }, { "concurrent" , no_argument , 0, 13 }, + { "check" , required_argument, 0, 14 }, { 0 } }; @@ -730,6 +731,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table, case 'N': /* Make a user defined chain */ case 'E': /* Rename chain */ case 'X': /* Delete chain */ + case 14: /* check a rule */ /* We allow -N chainname -P policy */ if (command == 'N' && c == 'P') { command = c; @@ -907,7 +909,8 @@ print_zero: if (!OPT_COMMANDS) xtables_error(PARAMETER_PROBLEM, "No command specified"); - if (command != 'A' && command != 'D' && command != 'I' && command != 'C') + if (command != 'A' && command != 'D' && + command != 'I' && command != 'C' && command != 14) xtables_error(PARAMETER_PROBLEM, "Command and option do not match"); if (c == 'i') { @@ -1088,7 +1091,7 @@ print_zero: argv[optind]); if (command != 'A' && command != 'I' && - command != 'D' && command != 'C') + command != 'D' && command != 'C' && command != 14) xtables_error(PARAMETER_PROBLEM, "Extensions only for -A, -I, -D and -C"); } @@ -1109,7 +1112,7 @@ print_zero: /* Do the final checks */ if (command == 'A' || command == 'I' || - command == 'D' || command == 'C') { + command == 'D' || command == 'C' || command == 14) { for (xtrm_i = cs.matches; xtrm_i; xtrm_i = xtrm_i->next) xtables_option_mfcall(xtrm_i->match); @@ -1161,6 +1164,9 @@ print_zero: } else if (command == 'D') { ret = delete_entry(h, chain, *table, &cs, rule_nr - 1, rule_nr_end, flags & OPT_VERBOSE); + } else if (command == 14) { + ret = nft_cmd_rule_check(h, chain, *table, + &cs, flags & OPT_VERBOSE); } /*else if (replace->command == 'C') { ebt_change_counters(replace, new_entry, rule_nr, rule_nr_end, &(new_entry->cnt_surplus), chcounter); if (ebt_errormsg[0] != '\0') -- cgit v1.2.3