From 63c3dae305cf27cabe5577da5599ddc26f4af36c Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Mon, 6 Aug 2018 17:21:57 +0200
Subject: xtables: Implement arptables-{save,restore}

This adds C implementations for arptables-save and -restore in compat
layer based on the two perl scripts in legacy arptables repository.

To share common code, introduce nft_init_arp() analogous to
nft_init_eb() introduced earlier.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 iptables/nft-arp.c | 55 +++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 38 insertions(+), 17 deletions(-)

(limited to 'iptables/nft-arp.c')

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 570a2589..f58109e5 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -436,7 +436,7 @@ static void nft_arp_print_header(unsigned int format, const char *chain,
 	}
 }
 
-static void nft_arp_print_rule_details(struct arpt_entry *fw,
+static void nft_arp_print_rule_details(const struct arpt_entry *fw,
 				       unsigned int format)
 {
 	char buf[BUFSIZ];
@@ -580,35 +580,48 @@ after_devdst:
 }
 
 static void
-nft_arp_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format)
+__nft_arp_save_rule(const void *data, unsigned int format)
 {
-	struct iptables_command_state cs = {};
-
-	nft_arp_rule_to_cs(r, &cs);
-
-	if (format & FMT_LINENUMBERS)
-		printf("%u ", num);
+	const struct iptables_command_state *cs = data;
 
-	nft_arp_print_rule_details(&cs.arp, format);
+	nft_arp_print_rule_details(&cs->arp, format);
 
-	if (cs.jumpto != NULL && strcmp(cs.jumpto, "") != 0) {
-		printf("-j %s", cs.jumpto);
-	} else if (cs.target) {
-		printf("-j %s", cs.target->name);
-		cs.target->print(&cs.arp, cs.target->t, format & FMT_NUMERIC);
+	if (cs->jumpto != NULL && strcmp(cs->jumpto, "") != 0) {
+		printf("-j %s", cs->jumpto);
+	} else if (cs->target) {
+		printf("-j %s", cs->target->name);
+		cs->target->print(&cs->arp, cs->target->t, format & FMT_NUMERIC);
 	}
 
 	if (!(format & FMT_NOCOUNTS)) {
 		printf(", pcnt=");
-		xtables_print_num(cs.arp.counters.pcnt, format);
+		xtables_print_num(cs->arp.counters.pcnt, format);
 		printf("-- bcnt=");
-		xtables_print_num(cs.arp.counters.bcnt, format);
+		xtables_print_num(cs->arp.counters.bcnt, format);
 	}
 
 	if (!(format & FMT_NONEWLINE))
 		fputc('\n', stdout);
 }
 
+static void
+nft_arp_save_rule(const void *data, unsigned int format)
+{
+	__nft_arp_save_rule(data, format | FMT_NUMERIC);
+}
+
+static void
+nft_arp_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format)
+{
+	struct iptables_command_state cs = {};
+
+	if (format & FMT_LINENUMBERS)
+		printf("%u ", num);
+
+	nft_arp_rule_to_cs(r, &cs);
+	__nft_arp_save_rule(&cs, format);
+}
+
 static bool nft_arp_is_same(const void *data_a,
 			    const void *data_b)
 {
@@ -656,6 +669,13 @@ static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r,
 	return true;
 }
 
+static void nft_arp_save_chain(const struct nftnl_chain *c, const char *policy)
+{
+	const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
+
+	printf(":%s %s\n", chain, policy ?: "-");
+}
+
 struct nft_family_ops nft_family_ops_arp = {
 	.add			= nft_arp_add,
 	.is_same		= nft_arp_is_same,
@@ -665,8 +685,9 @@ struct nft_family_ops nft_family_ops_arp = {
 	.parse_immediate	= nft_arp_parse_immediate,
 	.print_header		= nft_arp_print_header,
 	.print_rule		= nft_arp_print_rule,
-	.save_rule		= NULL,
+	.save_rule		= nft_arp_save_rule,
 	.save_counters		= NULL,
+	.save_chain		= nft_arp_save_chain,
 	.post_parse		= NULL,
 	.rule_to_cs		= nft_arp_rule_to_cs,
 	.clear_cs		= NULL,
-- 
cgit v1.2.3