summaryrefslogtreecommitdiffstats
path: root/iptables/nft-arp.c
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-08-06 17:21:57 +0200
committerFlorian Westphal <fw@strlen.de>2018-08-06 18:17:39 +0200
commit63c3dae305cf27cabe5577da5599ddc26f4af36c (patch)
tree726900fb286b0a55f8356ab6e1ed2653dcf1c1eb /iptables/nft-arp.c
parentaa7fb04fcf72cf50ba6c490ae1cae30181672004 (diff)
xtables: Implement arptables-{save,restore}
This adds C implementations for arptables-save and -restore in compat layer based on the two perl scripts in legacy arptables repository. To share common code, introduce nft_init_arp() analogous to nft_init_eb() introduced earlier. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft-arp.c')
-rw-r--r--iptables/nft-arp.c55
1 files changed, 38 insertions, 17 deletions
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 570a2589..f58109e5 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -436,7 +436,7 @@ static void nft_arp_print_header(unsigned int format, const char *chain,
}
}
-static void nft_arp_print_rule_details(struct arpt_entry *fw,
+static void nft_arp_print_rule_details(const struct arpt_entry *fw,
unsigned int format)
{
char buf[BUFSIZ];
@@ -580,35 +580,48 @@ after_devdst:
}
static void
-nft_arp_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format)
+__nft_arp_save_rule(const void *data, unsigned int format)
{
- struct iptables_command_state cs = {};
-
- nft_arp_rule_to_cs(r, &cs);
-
- if (format & FMT_LINENUMBERS)
- printf("%u ", num);
+ const struct iptables_command_state *cs = data;
- nft_arp_print_rule_details(&cs.arp, format);
+ nft_arp_print_rule_details(&cs->arp, format);
- if (cs.jumpto != NULL && strcmp(cs.jumpto, "") != 0) {
- printf("-j %s", cs.jumpto);
- } else if (cs.target) {
- printf("-j %s", cs.target->name);
- cs.target->print(&cs.arp, cs.target->t, format & FMT_NUMERIC);
+ if (cs->jumpto != NULL && strcmp(cs->jumpto, "") != 0) {
+ printf("-j %s", cs->jumpto);
+ } else if (cs->target) {
+ printf("-j %s", cs->target->name);
+ cs->target->print(&cs->arp, cs->target->t, format & FMT_NUMERIC);
}
if (!(format & FMT_NOCOUNTS)) {
printf(", pcnt=");
- xtables_print_num(cs.arp.counters.pcnt, format);
+ xtables_print_num(cs->arp.counters.pcnt, format);
printf("-- bcnt=");
- xtables_print_num(cs.arp.counters.bcnt, format);
+ xtables_print_num(cs->arp.counters.bcnt, format);
}
if (!(format & FMT_NONEWLINE))
fputc('\n', stdout);
}
+static void
+nft_arp_save_rule(const void *data, unsigned int format)
+{
+ __nft_arp_save_rule(data, format | FMT_NUMERIC);
+}
+
+static void
+nft_arp_print_rule(struct nftnl_rule *r, unsigned int num, unsigned int format)
+{
+ struct iptables_command_state cs = {};
+
+ if (format & FMT_LINENUMBERS)
+ printf("%u ", num);
+
+ nft_arp_rule_to_cs(r, &cs);
+ __nft_arp_save_rule(&cs, format);
+}
+
static bool nft_arp_is_same(const void *data_a,
const void *data_b)
{
@@ -656,6 +669,13 @@ static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r,
return true;
}
+static void nft_arp_save_chain(const struct nftnl_chain *c, const char *policy)
+{
+ const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
+
+ printf(":%s %s\n", chain, policy ?: "-");
+}
+
struct nft_family_ops nft_family_ops_arp = {
.add = nft_arp_add,
.is_same = nft_arp_is_same,
@@ -665,8 +685,9 @@ struct nft_family_ops nft_family_ops_arp = {
.parse_immediate = nft_arp_parse_immediate,
.print_header = nft_arp_print_header,
.print_rule = nft_arp_print_rule,
- .save_rule = NULL,
+ .save_rule = nft_arp_save_rule,
.save_counters = NULL,
+ .save_chain = nft_arp_save_chain,
.post_parse = NULL,
.rule_to_cs = nft_arp_rule_to_cs,
.clear_cs = NULL,