nft: Introduce nft-ruleparse.{c,h}

Extract all code dealing with parsing from struct nftnl_rule into struct
iptables_command_state from nft-shared.c into a separate source file.

Basically this is nft_rule_to_iptables_command_state() and the functions
it calls, plus family-independent parsers called from family-specific
callbacks.

Signed-off-by: Phil Sutter <phil@nwl.cc>

1 files changed, 1 insertions, 100 deletions

diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 2c4c0d90..2edee649 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -11,6 +11,7 @@
 #include <linux/netfilter/nf_tables.h>
 
 #include "xshared.h"
+#include "nft-ruleparse.h"
 
 #ifdef DEBUG
 #define DEBUG_DEL
@@ -38,92 +39,6 @@ struct xtables_args;
 struct nft_handle;
 struct xt_xlate;
 
-enum nft_ctx_reg_type {
-	NFT_XT_REG_UNDEF,
-	NFT_XT_REG_PAYLOAD,
-	NFT_XT_REG_IMMEDIATE,
-	NFT_XT_REG_META_DREG,
-};
-
-struct nft_xt_ctx_reg {
-	enum nft_ctx_reg_type type:8;
-
-	union {
-		struct {
-			uint32_t base;
-			uint32_t offset;
-			uint32_t len;
-		} payload;
-		struct {
-			uint32_t data[4];
-			uint8_t len;
-		} immediate;
-		struct {
-			uint32_t key;
-		} meta_dreg;
-		struct {
-			uint32_t key;
-		} meta_sreg;
-	};
-
-	struct {
-		uint32_t mask[4];
-		uint32_t xor[4];
-		bool set;
-	} bitwise;
-};
-
-struct nft_xt_ctx {
-	struct iptables_command_state *cs;
-	struct nftnl_expr_iter *iter;
-	struct nft_handle *h;
-	uint32_t flags;
-	const char *table;
-
-	struct nft_xt_ctx_reg regs[1 + 16];
-
-	const char *errmsg;
-};
-
-static inline struct nft_xt_ctx_reg *nft_xt_ctx_get_sreg(struct nft_xt_ctx *ctx, enum nft_registers reg)
-{
-	switch (reg) {
-	case NFT_REG_VERDICT:
-		return &ctx->regs[0];
-	case NFT_REG_1:
-		return &ctx->regs[1];
-	case NFT_REG_2:
-		return &ctx->regs[5];
-	case NFT_REG_3:
-		return &ctx->regs[9];
-	case NFT_REG_4:
-		return &ctx->regs[13];
-	case NFT_REG32_00...NFT_REG32_15:
-		return &ctx->regs[reg - NFT_REG32_00];
-	default:
-		ctx->errmsg = "Unknown register requested";
-		break;
-	}
-
-	return NULL;
-}
-
-static inline void nft_xt_reg_clear(struct nft_xt_ctx_reg *r)
-{
-	r->type = 0;
-	r->bitwise.set = false;
-}
-
-static inline struct nft_xt_ctx_reg *nft_xt_ctx_get_dreg(struct nft_xt_ctx *ctx, enum nft_registers reg)
-{
-	struct nft_xt_ctx_reg *r = nft_xt_ctx_get_sreg(ctx, reg);
-
-	if (r)
-		nft_xt_reg_clear(r);
-
-	return r;
-}
-
 struct nft_family_ops {
 	int (*add)(struct nft_handle *h, struct nftnl_rule *r,
 		   struct iptables_command_state *cs);
@@ -207,14 +122,8 @@ bool is_same_interfaces(const char *a_iniface, const char *a_outiface,
 			unsigned const char *b_iniface_mask,
 			unsigned const char *b_outiface_mask);
 
-int parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e, uint8_t key,
-	       char *iniface, unsigned char *iniface_mask, char *outiface,
-	       unsigned char *outiface_mask, uint8_t *invflags);
 void __get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, uint8_t *op);
 void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv);
-bool nft_rule_to_iptables_command_state(struct nft_handle *h,
-					const struct nftnl_rule *r,
-					struct iptables_command_state *cs);
 void print_matches_and_target(struct iptables_command_state *cs,
 			      unsigned int format);
 void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy);
@@ -224,9 +133,6 @@ void save_matches_and_target(const struct iptables_command_state *cs,
 
 struct nft_family_ops *nft_family_ops_lookup(int family);
 
-void nft_ipv46_parse_target(struct xtables_target *t,
-			    struct iptables_command_state *cs);
-
 bool compare_matches(struct xtables_rule_match *mt1, struct xtables_rule_match *mt2);
 bool compare_targets(struct xtables_target *tg1, struct xtables_target *tg2);
 
@@ -263,11 +169,6 @@ void xtables_restore_parse(struct nft_handle *h,
 
 void nft_check_xt_legacy(int family, bool is_ipt_save);
 
-int nft_parse_hl(struct nft_xt_ctx *ctx, struct nftnl_expr *e, struct iptables_command_state *cs);
-
-#define min(x, y) ((x) < (y) ? (x) : (y))
-#define max(x, y) ((x) > (y) ? (x) : (y))
-
 /* simplified nftables:include/netlink.h, netlink_padded_len() */
 #define NETLINK_ALIGN		4