| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Just some random values in hope this starts failing if masks support
changes or breaks.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Arptables accepts numeric --proto-type values and masks in any numeral
system identified by (absence of) prefix. Yet it prints the mask value
in hex without '0x'-prefix, breaking save and restore the same way
numeric --h-type output did.
In theory, this could be fixed either by adding the missing prefix or
printing the mask in decimal (like most other builtin matches do), but
since the value is printed in hex with prefix already, align mask output
with that.
Also a day 1 bug and consistent with legacy, so no Fixes: tag here as
well.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Arptables expects numeric arguments to --h-type option in hexadecimal
form, even if no '0x'-prefix is present. In contrast, it prints such
values in decimal. This is not just inconsistent, but makes it
impossible to save and later restore a ruleset without fixing up the
values in between.
Assuming that the parser side can't be changed for compatibility
reasons, fix the output side instead.
This is a day 1 bug and present in legacy arptables as well, so treat
this as a "feature" of arptables-nft and omit a Fixes: tag.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When merging commandline parsers, a decision between 'argv[optind - 1]'
and 'optarg' had to be made in some spots. While the implementation of
check_inverse() required the former, use of the latter allows for the
common syntax of '--opt=arg' or even '-oarg' as 'optarg' will point at
the suffix while 'argv[optind - 1]' will just point at the following
option.
Fix the mess by making check_inverse() update optarg pointer if needed
so calling code may refer to and always correct 'optarg'.
Fixes: 0af80a91b0a98 ("nft: Merge xtables-arp-standalone.c into xtables-standalone.c")
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1677
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
| |
|
|
|
|
|
|
|
|
|
| |
With changes to arptables-nft output, many of these tests fail because
rules are not printed as expected anymore. Since most of the tests with
explicitly defined output did so just because of added --h-length and
--h-type options, adjust input a little more (typically reordering of
arguments) to make output match input.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
since commit d9c6a5d0977a6d8bbe772dbc31a2c4f58eec1708
("xtables: merge {ip,arp}tables_command_state structs") arptables
uses the shared representation.
With only minor changes (e.g., use generic counters in command_state),
in print/save functions we can use the shared nftnl expression parser
too.
arptables-legacy prints (-L) the jump target first, i.e.:
-j MARK -d 0.0.0.0/8 --h-length 6 ...
... so keep that here too.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
Unicast being shown as '00:00:00:00:00:00/01:00:00:00:00:00' looks like
broken output, however, arptables classic did not pretty-print either.
Also add test cases for all targets supported by the original
arptables tool:
-j CLASSIFY
-j MARK
-j mangle
[ yes, mangle target is lower-case 8-( ]
Signed-off-by: Florian Westphal <fw@strlen.de>
|
