nft: Simplify immediate parsing

Implementations of parse_immediate callback are mostly trivial, the only
relevant part is access to family-specific parts of struct
iptables_command_state when setting goto flag for iptables and
ip6tables. Refactor them into simple set_goto_flag callbacks.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Florian Westphal <fw@strlen.de>

6 files changed, 14 insertions, 47 deletions

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 1472b115..78509ce9 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -182,14 +182,6 @@ static void nft_arp_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
 	fw->arp.invflags |= flags;
 }
 
-static void nft_arp_parse_immediate(const char *jumpto, bool nft_goto,
-				    void *data)
-{
-	struct iptables_command_state *cs = data;
-
-	cs->jumpto = jumpto;
-}
-
 static void parse_mask_ipv4(struct nft_xt_ctx *ctx, struct in_addr *mask)
 {
 	mask->s_addr = ctx->bitwise.mask[0];
@@ -797,7 +789,6 @@ struct nft_family_ops nft_family_ops_arp = {
 	.print_payload		= NULL,
 	.parse_meta		= nft_arp_parse_meta,
 	.parse_payload		= nft_arp_parse_payload,
-	.parse_immediate	= nft_arp_parse_immediate,
 	.print_header		= nft_arp_print_header,
 	.print_rule		= nft_arp_print_rule,
 	.save_rule		= nft_arp_save_rule,
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 90d55e44..d6a0d6e5 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -251,14 +251,6 @@ static void nft_bridge_parse_payload(struct nft_xt_ctx *ctx,
 	}
 }
 
-static void nft_bridge_parse_immediate(const char *jumpto, bool nft_goto,
-				       void *data)
-{
-	struct iptables_command_state *cs = data;
-
-	cs->jumpto = jumpto;
-}
-
 /* return 0 if saddr, 1 if daddr, -1 on error */
 static int
 lookup_check_ether_payload(uint32_t base, uint32_t offset, uint32_t len)
@@ -891,7 +883,6 @@ struct nft_family_ops nft_family_ops_bridge = {
 	.print_payload		= NULL,
 	.parse_meta		= nft_bridge_parse_meta,
 	.parse_payload		= nft_bridge_parse_payload,
-	.parse_immediate	= nft_bridge_parse_immediate,
 	.parse_lookup		= nft_bridge_parse_lookup,
 	.parse_match		= nft_bridge_parse_match,
 	.parse_target		= nft_bridge_parse_target,
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index f374d468..bdb105f8 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -215,15 +215,9 @@ static void nft_ipv4_parse_payload(struct nft_xt_ctx *ctx,
 	}
 }
 
-static void nft_ipv4_parse_immediate(const char *jumpto, bool nft_goto,
-				     void *data)
+static void nft_ipv4_set_goto_flag(struct iptables_command_state *cs)
 {
-	struct iptables_command_state *cs = data;
-
-	cs->jumpto = jumpto;
-
-	if (nft_goto)
-		cs->fw.ip.flags |= IPT_F_GOTO;
+	cs->fw.ip.flags |= IPT_F_GOTO;
 }
 
 static void nft_ipv4_print_rule(struct nft_handle *h, struct nftnl_rule *r,
@@ -450,7 +444,7 @@ struct nft_family_ops nft_family_ops_ipv4 = {
 	.is_same		= nft_ipv4_is_same,
 	.parse_meta		= nft_ipv4_parse_meta,
 	.parse_payload		= nft_ipv4_parse_payload,
-	.parse_immediate	= nft_ipv4_parse_immediate,
+	.set_goto_flag		= nft_ipv4_set_goto_flag,
 	.print_header		= print_header,
 	.print_rule		= nft_ipv4_print_rule,
 	.save_rule		= nft_ipv4_save_rule,
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 9ecc754f..a5323171 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -180,15 +180,9 @@ static void nft_ipv6_parse_payload(struct nft_xt_ctx *ctx,
 	}
 }
 
-static void nft_ipv6_parse_immediate(const char *jumpto, bool nft_goto,
-				     void *data)
+static void nft_ipv6_set_goto_flag(struct iptables_command_state *cs)
 {
-	struct iptables_command_state *cs = data;
-
-	cs->jumpto = jumpto;
-
-	if (nft_goto)
-		cs->fw6.ipv6.flags |= IP6T_F_GOTO;
+	cs->fw6.ipv6.flags |= IP6T_F_GOTO;
 }
 
 static void nft_ipv6_print_rule(struct nft_handle *h, struct nftnl_rule *r,
@@ -418,7 +412,7 @@ struct nft_family_ops nft_family_ops_ipv6 = {
 	.is_same		= nft_ipv6_is_same,
 	.parse_meta		= nft_ipv6_parse_meta,
 	.parse_payload		= nft_ipv6_parse_payload,
-	.parse_immediate	= nft_ipv6_parse_immediate,
+	.set_goto_flag		= nft_ipv6_set_goto_flag,
 	.print_header		= print_header,
 	.print_rule		= nft_ipv6_print_rule,
 	.save_rule		= nft_ipv6_save_rule,
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 746a948c..daa251ae 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -906,9 +906,7 @@ static void nft_parse_counter(struct nftnl_expr *e, struct xt_counters *counters
 static void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 {
 	const char *chain = nftnl_expr_get_str(e, NFTNL_EXPR_IMM_CHAIN);
-	const char *jumpto = NULL;
-	bool nft_goto = false;
-	void *data = ctx->cs;
+	struct iptables_command_state *cs = ctx->cs;
 	int verdict;
 
 	if (nftnl_expr_is_set(e, NFTNL_EXPR_IMM_DATA)) {
@@ -931,23 +929,22 @@ static void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 	/* Standard target? */
 	switch(verdict) {
 	case NF_ACCEPT:
-		jumpto = "ACCEPT";
+		cs->jumpto = "ACCEPT";
 		break;
 	case NF_DROP:
-		jumpto = "DROP";
+		cs->jumpto = "DROP";
 		break;
 	case NFT_RETURN:
-		jumpto = "RETURN";
+		cs->jumpto = "RETURN";
 		break;;
 	case NFT_GOTO:
-		nft_goto = true;
+		if (ctx->h->ops->set_goto_flag)
+			ctx->h->ops->set_goto_flag(cs);
 		/* fall through */
 	case NFT_JUMP:
-		jumpto = chain;
+		cs->jumpto = chain;
 		break;
 	}
-
-	ctx->h->ops->parse_immediate(jumpto, nft_goto, data);
 }
 
 static void nft_parse_limit(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 0788e98a..04b1d97f 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -93,7 +93,7 @@ struct nft_family_ops {
 			  void *data);
 	void (*parse_lookup)(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
 			     void *data);
-	void (*parse_immediate)(const char *jumpto, bool nft_goto, void *data);
+	void (*set_goto_flag)(struct iptables_command_state *cs);
 
 	void (*print_table_header)(const char *tablename);
 	void (*print_header)(unsigned int format, const char *chain,