From 2c3f7a2cd6fd8325b3a84e280cce945c6c20b87f Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 31 Jan 2019 16:12:54 +0100
Subject: arptables-nft-save: Fix position of -j option

Legacy arptables-save (just like arptables itself) prints verdict as
first option, then matches and finally any target options.

To achieve this without introducing double/trailing spaces everywhere,
integrate target ('-j') option printing into
nft_arp_print_rule_details() and make it print separating whitespace
before each option.

In nft_arp_save_rule(), replace the call to save_matches_and_target() by
by a direct call to cs->target->save() since the former prints '-j'
option itself. Since there are no match extensions in arptables, any
other code from that function is not needed.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 .../arptables/0001-arptables-save-restore_0        | 32 +++++++++++-----------
 .../arptables/0002-arptables-restore-defaults_0    |  6 ++--
 2 files changed, 19 insertions(+), 19 deletions(-)

(limited to 'iptables/tests/shell')

diff --git a/iptables/tests/shell/testcases/arptables/0001-arptables-save-restore_0 b/iptables/tests/shell/testcases/arptables/0001-arptables-save-restore_0
index f8629551..0664e3b3 100755
--- a/iptables/tests/shell/testcases/arptables/0001-arptables-save-restore_0
+++ b/iptables/tests/shell/testcases/arptables/0001-arptables-save-restore_0
@@ -35,22 +35,22 @@ DUMP='*filter
 :INPUT ACCEPT
 :OUTPUT DROP
 :foo -
--A INPUT -s 10.0.0.0/8 --h-length 6 --h-type 1 -j ACCEPT
--A INPUT -d 192.168.123.1 --h-length 6 --h-type 1 -j ACCEPT
--A INPUT --src-mac fe:ed:ba:be:00:01 --h-length 6 --h-type 1 -j ACCEPT
--A INPUT --dst-mac fe:ed:ba:be:00:01 --h-length 6 --h-type 1 -j ACCEPT
--A INPUT --h-length 6 --h-type 1 -j foo
--A INPUT --h-length 6 --h-type 1 
--A OUTPUT -o lo --h-length 6 --h-type 1 -j ACCEPT
--A OUTPUT -o eth134 --h-length 6 --h-type 1 -j mangle --mangle-ip-s 10.0.0.1
--A OUTPUT -o eth432 --h-length 6 --h-type 1 -j CLASSIFY --set-class feed:babe
--A OUTPUT -o eth432 --h-length 6 --opcode 1 --h-type 1 -j CLASSIFY --set-class feed:babe
--A foo -i lo --h-length 6 --h-type 1 -j ACCEPT
--A foo --h-length 6 --h-type 1 -j ACCEPT
--A foo --h-length 6 --h-type 1 -j MARK --set-mark 12345
--A foo --h-length 6 --opcode 1 --h-type 1 -j ACCEPT
--A foo --h-length 6 --h-type 1 --proto-type 0x800 -j ACCEPT
--A foo -i lo --h-length 6 --opcode 1 --h-type 1 --proto-type 0x800 -j ACCEPT
+-A INPUT -j ACCEPT -s 10.0.0.0/8 --h-length 6 --h-type 1
+-A INPUT -j ACCEPT -d 192.168.123.1 --h-length 6 --h-type 1
+-A INPUT -j ACCEPT --src-mac fe:ed:ba:be:00:01 --h-length 6 --h-type 1
+-A INPUT -j ACCEPT --dst-mac fe:ed:ba:be:00:01 --h-length 6 --h-type 1
+-A INPUT -j foo --h-length 6 --h-type 1
+-A INPUT  --h-length 6 --h-type 1
+-A OUTPUT -j ACCEPT -o lo --h-length 6 --h-type 1
+-A OUTPUT -j mangle -o eth134 --h-length 6 --h-type 1 --mangle-ip-s 10.0.0.1
+-A OUTPUT -j CLASSIFY -o eth432 --h-length 6 --h-type 1 --set-class feed:babe
+-A OUTPUT -j CLASSIFY -o eth432 --h-length 6 --opcode 1 --h-type 1 --set-class feed:babe
+-A foo -j ACCEPT -i lo --h-length 6 --h-type 1
+-A foo -j ACCEPT --h-length 6 --h-type 1
+-A foo -j MARK --h-length 6 --h-type 1 --set-mark 12345
+-A foo -j ACCEPT --h-length 6 --opcode 1 --h-type 1
+-A foo -j ACCEPT --h-length 6 --h-type 1 --proto-type 0x800
+-A foo -j ACCEPT -i lo --h-length 6 --opcode 1 --h-type 1 --proto-type 0x800
 '
 
 diff -u <(echo -e "$DUMP") <($XT_MULTI arptables-save)
diff --git a/iptables/tests/shell/testcases/arptables/0002-arptables-restore-defaults_0 b/iptables/tests/shell/testcases/arptables/0002-arptables-restore-defaults_0
index ee17da00..d742c3d5 100755
--- a/iptables/tests/shell/testcases/arptables/0002-arptables-restore-defaults_0
+++ b/iptables/tests/shell/testcases/arptables/0002-arptables-restore-defaults_0
@@ -11,7 +11,7 @@ set -e
 DUMP='*filter
 :OUTPUT ACCEPT
 -A OUTPUT -j mangle --mangle-ip-s 10.0.0.1
--A OUTPUT --h-length 6 --h-type 1 -j mangle --mangle-ip-d 10.0.0.2
+-A OUTPUT -j mangle --h-length 6 --h-type 1 --mangle-ip-d 10.0.0.2
 '
 
 # note how mangle-ip-s is unset in second rule
@@ -19,8 +19,8 @@ DUMP='*filter
 EXPECT='*filter
 :INPUT ACCEPT
 :OUTPUT ACCEPT
--A OUTPUT --h-length 6 --h-type 1 -j mangle --mangle-ip-s 10.0.0.1
--A OUTPUT --h-length 6 --h-type 1 -j mangle --mangle-ip-d 10.0.0.2
+-A OUTPUT -j mangle --h-length 6 --h-type 1 --mangle-ip-s 10.0.0.1
+-A OUTPUT -j mangle --h-length 6 --h-type 1 --mangle-ip-d 10.0.0.2
 '
 
 $XT_MULTI arptables -F
-- 
cgit v1.2.3