summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--extensions/libebt_arp.c13
-rw-r--r--extensions/libebt_arp.t4
-rw-r--r--extensions/libebt_arpreply.c7
-rw-r--r--extensions/libebt_arpreply.t4
-rw-r--r--extensions/libebt_dnat.c7
-rw-r--r--extensions/libebt_dnat.t6
-rw-r--r--extensions/libebt_pkttype.t4
-rw-r--r--extensions/libebt_snat.c7
-rw-r--r--extensions/libebt_snat.t4
-rw-r--r--extensions/libebt_standard.t10
-rw-r--r--extensions/libebt_stp.c29
-rw-r--r--include/xtables.h3
-rw-r--r--iptables/nft-bridge.c17
-rwxr-xr-xiptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_04
-rw-r--r--libxtables/xtables.c22
15 files changed, 52 insertions, 89 deletions
diff --git a/extensions/libebt_arp.c b/extensions/libebt_arp.c
index 522c57c0..a062b7e7 100644
--- a/extensions/libebt_arp.c
+++ b/extensions/libebt_arp.c
@@ -332,15 +332,6 @@ brarp_parse(int c, char **argv, int invert, unsigned int *flags,
return 1;
}
-static void brarp_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask)
-{
- char hlpmsk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-
- printf("%s", ether_ntoa((struct ether_addr *) mac));
- if (memcmp(mask, hlpmsk, 6))
- printf("/%s", ether_ntoa((struct ether_addr *) mask));
-}
-
static void brarp_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
const struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data;
@@ -385,14 +376,14 @@ static void brarp_print(const void *ip, const struct xt_entry_match *match, int
printf("--arp-mac-src ");
if (arpinfo->invflags & EBT_ARP_SRC_MAC)
printf("! ");
- brarp_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
+ xtables_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
printf(" ");
}
if (arpinfo->bitmask & EBT_ARP_DST_MAC) {
printf("--arp-mac-dst ");
if (arpinfo->invflags & EBT_ARP_DST_MAC)
printf("! ");
- brarp_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
+ xtables_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
printf(" ");
}
if (arpinfo->bitmask & EBT_ARP_GRAT) {
diff --git a/extensions/libebt_arp.t b/extensions/libebt_arp.t
index 64b4362f..2b064c4b 100644
--- a/extensions/libebt_arp.t
+++ b/extensions/libebt_arp.t
@@ -6,6 +6,6 @@
-p ARP ! --arp-ip-dst 1.2.3.4;-p ARP --arp-ip-dst ! 1.2.3.4 -j CONTINUE;OK
-p ARP --arp-ip-src ! 0.0.0.0;=;OK
-p ARP --arp-ip-dst ! 0.0.0.0/8;=;OK
--p ARP --arp-mac-src 0:de:ad:be:ef:0;=;OK
--p ARP --arp-mac-dst de:ad:be:ef:0:0/ff:ff:ff:ff:0:0;=;OK
+-p ARP --arp-mac-src 00:de:ad:be:ef:00;=;OK
+-p ARP --arp-mac-dst de:ad:be:ef:00:00/ff:ff:ff:ff:00:00;=;OK
-p ARP --arp-gratuitous;=;OK
diff --git a/extensions/libebt_arpreply.c b/extensions/libebt_arpreply.c
index 998dece3..80ba2159 100644
--- a/extensions/libebt_arpreply.c
+++ b/extensions/libebt_arpreply.c
@@ -71,17 +71,12 @@ brarpreply_parse(int c, char **argv, int invert, unsigned int *flags,
return 1;
}
-static void ebt_print_mac(const unsigned char *mac)
-{
- printf("%s", ether_ntoa((struct ether_addr *) mac));
-}
-
static void brarpreply_print(const void *ip, const struct xt_entry_target *t, int numeric)
{
struct ebt_arpreply_info *replyinfo = (void *)t->data;
printf("--arpreply-mac ");
- ebt_print_mac(replyinfo->mac);
+ xtables_print_mac(replyinfo->mac);
if (replyinfo->target == EBT_DROP)
return;
printf(" --arpreply-target %s", ebt_target_name(replyinfo->target));
diff --git a/extensions/libebt_arpreply.t b/extensions/libebt_arpreply.t
index f7bc85f9..6734501a 100644
--- a/extensions/libebt_arpreply.t
+++ b/extensions/libebt_arpreply.t
@@ -1,4 +1,4 @@
:PREROUTING
*nat
--p ARP -i foo -j arpreply --arpreply-mac de:ad:0:be:ee:ff --arpreply-target ACCEPT;=;OK
--p ARP -i foo -j arpreply --arpreply-mac de:ad:0:be:ee:ff;=;OK
+-p ARP -i foo -j arpreply --arpreply-mac de:ad:00:be:ee:ff --arpreply-target ACCEPT;=;OK
+-p ARP -i foo -j arpreply --arpreply-mac de:ad:00:be:ee:ff;=;OK
diff --git a/extensions/libebt_dnat.c b/extensions/libebt_dnat.c
index c179d8c1..9f5f721e 100644
--- a/extensions/libebt_dnat.c
+++ b/extensions/libebt_dnat.c
@@ -74,17 +74,12 @@ static void brdnat_final_check(unsigned int flags)
"You must specify proper arguments");
}
-static void ebt_print_mac(const unsigned char *mac)
-{
- printf("%s", ether_ntoa((struct ether_addr *) mac));
-}
-
static void brdnat_print(const void *ip, const struct xt_entry_target *target, int numeric)
{
struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
printf("--to-dst ");
- ebt_print_mac(natinfo->mac);
+ xtables_print_mac(natinfo->mac);
printf(" --dnat-target %s", ebt_target_name(natinfo->target));
}
diff --git a/extensions/libebt_dnat.t b/extensions/libebt_dnat.t
index 42f9bff2..9428d237 100644
--- a/extensions/libebt_dnat.t
+++ b/extensions/libebt_dnat.t
@@ -1,5 +1,5 @@
:PREROUTING
*nat
--i someport -j dnat --to-dst de:ad:0:be:ee:ff;-i someport -j dnat --to-dst de:ad:0:be:ee:ff --dnat-target ACCEPT;OK
--j dnat --to-dst de:ad:0:be:ee:ff --dnat-target ACCEPT;=;OK
--j dnat --to-dst de:ad:0:be:ee:ff --dnat-target CONTINUE;=;OK
+-i someport -j dnat --to-dst de:ad:0:be:ee:ff;-i someport -j dnat --to-dst de:ad:00:be:ee:ff --dnat-target ACCEPT;OK
+-j dnat --to-dst de:ad:00:be:ee:ff --dnat-target ACCEPT;=;OK
+-j dnat --to-dst de:ad:00:be:ee:ff --dnat-target CONTINUE;=;OK
diff --git a/extensions/libebt_pkttype.t b/extensions/libebt_pkttype.t
index 921cf3ac..f5f76aaa 100644
--- a/extensions/libebt_pkttype.t
+++ b/extensions/libebt_pkttype.t
@@ -1,8 +1,4 @@
:INPUT,FORWARD,OUTPUT
--s 0:0:0:0:0:0;=;OK
--d 00:00:0:00:00:00;-d 0:0:0:0:0:0;OK
--s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:0:0 -j RETURN;OK
--d de:ad:be:ef:0:0;=;OK
! --pkttype-type host;--pkttype-type ! host -j CONTINUE;OK
--pkttype-type host;=;OK
--pkttype-type broadcast;=;OK
diff --git a/extensions/libebt_snat.c b/extensions/libebt_snat.c
index 95b32f9c..c1124bf3 100644
--- a/extensions/libebt_snat.c
+++ b/extensions/libebt_snat.c
@@ -85,17 +85,12 @@ static void brsnat_final_check(unsigned int flags)
"You must specify proper arguments");
}
-static void ebt_print_mac(const unsigned char *mac)
-{
- printf("%s", ether_ntoa((struct ether_addr *) mac));
-}
-
static void brsnat_print(const void *ip, const struct xt_entry_target *target, int numeric)
{
struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
printf("--to-src ");
- ebt_print_mac(natinfo->mac);
+ xtables_print_mac(natinfo->mac);
if (!(natinfo->target&NAT_ARP_BIT))
printf(" --snat-arp");
printf(" --snat-target %s", ebt_target_name((natinfo->target|~EBT_VERDICT_BITS)));
diff --git a/extensions/libebt_snat.t b/extensions/libebt_snat.t
index bb42e758..639b13f3 100644
--- a/extensions/libebt_snat.t
+++ b/extensions/libebt_snat.t
@@ -1,4 +1,4 @@
:POSTROUTING
*nat
--o someport -j snat --to-source a:b:c:d:e:f;-o someport -j snat --to-src a:b:c:d:e:f --snat-target ACCEPT;OK
--o someport+ -j snat --to-src de:ad:0:be:ee:ff --snat-target CONTINUE;=;OK
+-o someport -j snat --to-source a:b:c:d:e:f;-o someport -j snat --to-src 0a:0b:0c:0d:0e:0f --snat-target ACCEPT;OK
+-o someport+ -j snat --to-src de:ad:00:be:ee:ff --snat-target CONTINUE;=;OK
diff --git a/extensions/libebt_standard.t b/extensions/libebt_standard.t
index 04991e1f..c0b87e12 100644
--- a/extensions/libebt_standard.t
+++ b/extensions/libebt_standard.t
@@ -1,7 +1,7 @@
:INPUT,FORWARD,OUTPUT
--s 0:0:0:0:0:0;=;OK
--d 00:00:0:00:00:00;-d 0:0:0:0:0:0;OK
--s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:0:0 -j RETURN;OK
+-d de:ad:be:ef:00:00;=;OK
+-s 0:0:0:0:0:0;-s 00:00:00:00:00:00;OK
+-d 00:00:00:00:00:00;=;OK
+-s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:00:00 -j RETURN;OK
-d de:ad:be:ef:00:00 -j CONTINUE;=;OK
--d de:ad:be:ef:0:0;=;OK
--d de:ad:be:ef:00:00/ff:ff:ff:ff:00:00 -j DROP;-d de:ad:be:ef:0:0/ff:ff:ff:ff:0:0 -j DROP;OK
+-d de:ad:be:ef:0:00/ff:ff:ff:ff:0:0 -j DROP;-d de:ad:be:ef:00:00/ff:ff:ff:ff:00:00 -j DROP;OK
diff --git a/extensions/libebt_stp.c b/extensions/libebt_stp.c
index 25f2735f..06cf93b8 100644
--- a/extensions/libebt_stp.c
+++ b/extensions/libebt_stp.c
@@ -297,31 +297,6 @@ brstp_parse(int c, char **argv, int invert, unsigned int *flags,
return 1;
}
-static void ebt_print_mac(const unsigned char *mac)
-{
- int j;
- for (j = 0; j < ETH_ALEN; j++)
- printf("%02x%s", mac[j],
- (j==ETH_ALEN-1) ? "" : ":");
-}
-
-static bool mac_all_ones(const unsigned char *mac)
-{
- static const char hlpmsk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-
- return memcmp(mac, hlpmsk, sizeof(hlpmsk)) == 0;
-}
-
-static void ebt_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask)
-{
-
- ebt_print_mac(mac);
- if (!mac_all_ones(mask)) {
- printf("/");
- ebt_print_mac(mask);
- }
-}
-
static void brstp_print(const void *ip, const struct xt_entry_match *match,
int numeric)
{
@@ -351,14 +326,14 @@ static void brstp_print(const void *ip, const struct xt_entry_match *match,
} else if (EBT_STP_ROOTPRIO == (1 << i))
print_range(c->root_priol, c->root_priou);
else if (EBT_STP_ROOTADDR == (1 << i))
- ebt_print_mac_and_mask((unsigned char *)c->root_addr,
+ xtables_print_mac_and_mask((unsigned char *)c->root_addr,
(unsigned char*)c->root_addrmsk);
else if (EBT_STP_ROOTCOST == (1 << i))
print_range(c->root_costl, c->root_costu);
else if (EBT_STP_SENDERPRIO == (1 << i))
print_range(c->sender_priol, c->sender_priou);
else if (EBT_STP_SENDERADDR == (1 << i))
- ebt_print_mac_and_mask((unsigned char *)c->sender_addr,
+ xtables_print_mac_and_mask((unsigned char *)c->sender_addr,
(unsigned char *)c->sender_addrmsk);
else if (EBT_STP_PORT == (1 << i))
print_range(c->portl, c->portu);
diff --git a/include/xtables.h b/include/xtables.h
index 8fb8843a..2bc190cd 100644
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -556,6 +556,9 @@ extern void xtables_save_string(const char *value);
#define FMT(tab,notab) ((format) & FMT_NOTABLE ? (notab) : (tab))
extern void xtables_print_num(uint64_t number, unsigned int format);
+extern void xtables_print_mac(const unsigned char *macaddress);
+extern void xtables_print_mac_and_mask(const unsigned char *mac,
+ const unsigned char *mask);
extern void xtables_parse_val_mask(struct xt_option_call *cb,
unsigned int *val, unsigned int *mask,
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index a616f845..92e3f3b6 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -45,21 +45,12 @@ void ebt_cs_clean(struct iptables_command_state *cs)
}
}
-/* 0: default, print only 2 digits if necessary
- * 2: always print 2 digits, a printed mac address
- * then always has the same length
- */
-int ebt_printstyle_mac;
-
static void ebt_print_mac(const unsigned char *mac)
{
- if (ebt_printstyle_mac == 2) {
- int j;
- for (j = 0; j < ETH_ALEN; j++)
- printf("%02x%s", mac[j],
- (j==ETH_ALEN-1) ? "" : ":");
- } else
- printf("%s", ether_ntoa((struct ether_addr *) mac));
+ int j;
+
+ for (j = 0; j < ETH_ALEN; j++)
+ printf("%02x%s", mac[j], (j==ETH_ALEN-1) ? "" : ":");
}
static bool mac_all_ones(const unsigned char *mac)
diff --git a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0
index eeb7d835..b23c1ee1 100755
--- a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0
+++ b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0
@@ -75,8 +75,8 @@ DUMP='*filter
-A foo -p ARP --arp-op Request -j ACCEPT
-A foo -p ARP --arp-ip-src 10.0.0.1 -j ACCEPT
-A foo -p ARP --arp-ip-dst 10.0.0.0/8 -j ACCEPT
--A foo -p ARP --arp-mac-src fe:ed:ba:be:0:1 -j ACCEPT
--A foo -p ARP --arp-mac-dst fe:ed:ba:0:0:0/ff:ff:ff:0:0:0 -j ACCEPT
+-A foo -p ARP --arp-mac-src fe:ed:ba:be:00:01 -j ACCEPT
+-A foo -p ARP --arp-mac-dst fe:ed:ba:00:00:00/ff:ff:ff:00:00:00 -j ACCEPT
-A foo -p IPv4 --ip-src 10.0.0.1 -j ACCEPT
-A foo -p IPv4 --ip-dst 10.0.0.0/8 -j ACCEPT
-A foo -p IPv4 --ip-tos 0x10 -j ACCEPT
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 34a084f4..11231fc4 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -2077,6 +2077,28 @@ void xtables_print_num(uint64_t number, unsigned int format)
printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
}
+void xtables_print_mac(const unsigned char *macaddress)
+{
+ unsigned int i;
+
+ printf("%02x", macaddress[0]);
+ for (i = 1; i < 6; ++i)
+ printf(":%02x", macaddress[i]);
+}
+
+void xtables_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask)
+{
+ static const char hlpmsk[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+
+ xtables_print_mac(mac);
+
+ if (memcmp(mask, hlpmsk, 6) == 0)
+ return;
+
+ printf("/");
+ xtables_print_mac(mask);
+}
+
void xtables_parse_val_mask(struct xt_option_call *cb,
unsigned int *val, unsigned int *mask,
const struct xtables_lmap *lmap)