xtables: Implement arptables-{save,restore}

This adds C implementations for arptables-save and -restore in compat
layer based on the two perl scripts in legacy arptables repository.

To share common code, introduce nft_init_arp() analogous to
nft_init_eb() introduced earlier.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>

1 files changed, 39 insertions, 0 deletions

diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index c9df51d5..fc51fcfe 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -287,3 +287,42 @@ int xtables_eb_save_main(int argc_, char *argv_[])
 	nft_for_each_table(&h, __ebt_save, !!ctr);
 	return 0;
 }
+
+int xtables_arp_save_main(int argc, char **argv)
+{
+	struct nft_handle h = {
+		.family	= NFPROTO_ARP,
+	};
+	int c;
+
+	xtables_globals.program_name = "arptables-save";
+	c = xtables_init_all(&xtables_globals, h.family);
+	if (c < 0) {
+		fprintf(stderr, "%s/%s Failed to initialize xtables\n",
+				xtables_globals.program_name,
+				xtables_globals.program_version);
+		exit(1);
+	}
+
+	if (nft_init(&h, xtables_arp) < 0) {
+		fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
+				xtables_globals.program_name,
+				xtables_globals.program_version,
+				strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	if (!nft_table_find(&h, "filter"))
+		return 0;
+
+	if (!nft_is_table_compatible(&h, "filter")) {
+		printf("# Table `filter' is incompatible, use 'nft' tool.\n");
+		return 0;
+	}
+
+	printf("*filter\n");
+	nft_chain_save(&h, nft_chain_dump(&h), "filter");
+	nft_rule_save(&h, "filter", FMT_NOCOUNTS);
+	printf("\n");
+	return 0;
+}