From 7bd9febf65e98eb1f4b4d51afa2479c442066235 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Sat, 3 Nov 2018 23:43:49 +0100
Subject: libxtables: add and use mac print helpers

This changes ebtables-nft to consistently print mac
address with two characters, i.e.
00:01:02:03:04:0a, not 0:1:2:3:4:a.

Will require another bump of vcurrent/vage.

Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 extensions/libebt_arp.c                            | 13 ++--------
 extensions/libebt_arp.t                            |  4 +--
 extensions/libebt_arpreply.c                       |  7 +-----
 extensions/libebt_arpreply.t                       |  4 +--
 extensions/libebt_dnat.c                           |  7 +-----
 extensions/libebt_dnat.t                           |  6 ++---
 extensions/libebt_pkttype.t                        |  4 ---
 extensions/libebt_snat.c                           |  7 +-----
 extensions/libebt_snat.t                           |  4 +--
 extensions/libebt_standard.t                       | 10 ++++----
 extensions/libebt_stp.c                            | 29 ++--------------------
 include/xtables.h                                  |  3 +++
 iptables/nft-bridge.c                              | 17 +++----------
 .../ebtables/0002-ebtables-save-restore_0          |  4 +--
 libxtables/xtables.c                               | 22 ++++++++++++++++
 15 files changed, 52 insertions(+), 89 deletions(-)

diff --git a/extensions/libebt_arp.c b/extensions/libebt_arp.c
index 522c57c0..a062b7e7 100644
--- a/extensions/libebt_arp.c
+++ b/extensions/libebt_arp.c
@@ -332,15 +332,6 @@ brarp_parse(int c, char **argv, int invert, unsigned int *flags,
 	return 1;
 }
 
-static void brarp_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask)
-{
-	char hlpmsk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-
-	printf("%s", ether_ntoa((struct ether_addr *) mac));
-	if (memcmp(mask, hlpmsk, 6))
-	        printf("/%s", ether_ntoa((struct ether_addr *) mask));
-}
-
 static void brarp_print(const void *ip, const struct xt_entry_match *match, int numeric)
 {
 	const struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data;
@@ -385,14 +376,14 @@ static void brarp_print(const void *ip, const struct xt_entry_match *match, int
 		printf("--arp-mac-src ");
 		if (arpinfo->invflags & EBT_ARP_SRC_MAC)
 			printf("! ");
-		brarp_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
+		xtables_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
 		printf(" ");
 	}
 	if (arpinfo->bitmask & EBT_ARP_DST_MAC) {
 		printf("--arp-mac-dst ");
 		if (arpinfo->invflags & EBT_ARP_DST_MAC)
 			printf("! ");
-		brarp_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
+		xtables_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
 		printf(" ");
 	}
 	if (arpinfo->bitmask & EBT_ARP_GRAT) {
diff --git a/extensions/libebt_arp.t b/extensions/libebt_arp.t
index 64b4362f..2b064c4b 100644
--- a/extensions/libebt_arp.t
+++ b/extensions/libebt_arp.t
@@ -6,6 +6,6 @@
 -p ARP ! --arp-ip-dst 1.2.3.4;-p ARP --arp-ip-dst ! 1.2.3.4 -j CONTINUE;OK
 -p ARP --arp-ip-src ! 0.0.0.0;=;OK
 -p ARP --arp-ip-dst ! 0.0.0.0/8;=;OK
--p ARP --arp-mac-src 0:de:ad:be:ef:0;=;OK
--p ARP --arp-mac-dst de:ad:be:ef:0:0/ff:ff:ff:ff:0:0;=;OK
+-p ARP --arp-mac-src 00:de:ad:be:ef:00;=;OK
+-p ARP --arp-mac-dst de:ad:be:ef:00:00/ff:ff:ff:ff:00:00;=;OK
 -p ARP --arp-gratuitous;=;OK
diff --git a/extensions/libebt_arpreply.c b/extensions/libebt_arpreply.c
index 998dece3..80ba2159 100644
--- a/extensions/libebt_arpreply.c
+++ b/extensions/libebt_arpreply.c
@@ -71,17 +71,12 @@ brarpreply_parse(int c, char **argv, int invert, unsigned int *flags,
 	return 1;
 }
 
-static void ebt_print_mac(const unsigned char *mac)
-{
-	printf("%s", ether_ntoa((struct ether_addr *) mac));
-}
-
 static void brarpreply_print(const void *ip, const struct xt_entry_target *t, int numeric)
 {
 	struct ebt_arpreply_info *replyinfo = (void *)t->data;
 
 	printf("--arpreply-mac ");
-	ebt_print_mac(replyinfo->mac);
+	xtables_print_mac(replyinfo->mac);
 	if (replyinfo->target == EBT_DROP)
 		return;
 	printf(" --arpreply-target %s", ebt_target_name(replyinfo->target));
diff --git a/extensions/libebt_arpreply.t b/extensions/libebt_arpreply.t
index f7bc85f9..6734501a 100644
--- a/extensions/libebt_arpreply.t
+++ b/extensions/libebt_arpreply.t
@@ -1,4 +1,4 @@
 :PREROUTING
 *nat
--p ARP -i foo -j arpreply --arpreply-mac de:ad:0:be:ee:ff --arpreply-target ACCEPT;=;OK
--p ARP -i foo -j arpreply --arpreply-mac de:ad:0:be:ee:ff;=;OK
+-p ARP -i foo -j arpreply --arpreply-mac de:ad:00:be:ee:ff --arpreply-target ACCEPT;=;OK
+-p ARP -i foo -j arpreply --arpreply-mac de:ad:00:be:ee:ff;=;OK
diff --git a/extensions/libebt_dnat.c b/extensions/libebt_dnat.c
index c179d8c1..9f5f721e 100644
--- a/extensions/libebt_dnat.c
+++ b/extensions/libebt_dnat.c
@@ -74,17 +74,12 @@ static void brdnat_final_check(unsigned int flags)
 			      "You must specify proper arguments");
 }
 
-static void ebt_print_mac(const unsigned char *mac)
-{
-	printf("%s", ether_ntoa((struct ether_addr *) mac));
-}
-
 static void brdnat_print(const void *ip, const struct xt_entry_target *target, int numeric)
 {
 	struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
 
 	printf("--to-dst ");
-	ebt_print_mac(natinfo->mac);
+	xtables_print_mac(natinfo->mac);
 	printf(" --dnat-target %s", ebt_target_name(natinfo->target));
 }
 
diff --git a/extensions/libebt_dnat.t b/extensions/libebt_dnat.t
index 42f9bff2..9428d237 100644
--- a/extensions/libebt_dnat.t
+++ b/extensions/libebt_dnat.t
@@ -1,5 +1,5 @@
 :PREROUTING
 *nat
--i someport -j dnat --to-dst de:ad:0:be:ee:ff;-i someport -j dnat --to-dst de:ad:0:be:ee:ff --dnat-target ACCEPT;OK
--j dnat --to-dst de:ad:0:be:ee:ff --dnat-target ACCEPT;=;OK
--j dnat --to-dst de:ad:0:be:ee:ff --dnat-target CONTINUE;=;OK
+-i someport -j dnat --to-dst de:ad:0:be:ee:ff;-i someport -j dnat --to-dst de:ad:00:be:ee:ff --dnat-target ACCEPT;OK
+-j dnat --to-dst de:ad:00:be:ee:ff --dnat-target ACCEPT;=;OK
+-j dnat --to-dst de:ad:00:be:ee:ff --dnat-target CONTINUE;=;OK
diff --git a/extensions/libebt_pkttype.t b/extensions/libebt_pkttype.t
index 921cf3ac..f5f76aaa 100644
--- a/extensions/libebt_pkttype.t
+++ b/extensions/libebt_pkttype.t
@@ -1,8 +1,4 @@
 :INPUT,FORWARD,OUTPUT
--s 0:0:0:0:0:0;=;OK
--d 00:00:0:00:00:00;-d 0:0:0:0:0:0;OK
--s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:0:0 -j RETURN;OK
--d de:ad:be:ef:0:0;=;OK
 ! --pkttype-type host;--pkttype-type ! host -j CONTINUE;OK
 --pkttype-type host;=;OK
 --pkttype-type broadcast;=;OK
diff --git a/extensions/libebt_snat.c b/extensions/libebt_snat.c
index 95b32f9c..c1124bf3 100644
--- a/extensions/libebt_snat.c
+++ b/extensions/libebt_snat.c
@@ -85,17 +85,12 @@ static void brsnat_final_check(unsigned int flags)
 			      "You must specify proper arguments");
 }
 
-static void ebt_print_mac(const unsigned char *mac)
-{
-	printf("%s", ether_ntoa((struct ether_addr *) mac));
-}
-
 static void brsnat_print(const void *ip, const struct xt_entry_target *target, int numeric)
 {
 	struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
 
 	printf("--to-src ");
-	ebt_print_mac(natinfo->mac);
+	xtables_print_mac(natinfo->mac);
 	if (!(natinfo->target&NAT_ARP_BIT))
 		printf(" --snat-arp");
 	printf(" --snat-target %s", ebt_target_name((natinfo->target|~EBT_VERDICT_BITS)));
diff --git a/extensions/libebt_snat.t b/extensions/libebt_snat.t
index bb42e758..639b13f3 100644
--- a/extensions/libebt_snat.t
+++ b/extensions/libebt_snat.t
@@ -1,4 +1,4 @@
 :POSTROUTING
 *nat
--o someport -j snat --to-source a:b:c:d:e:f;-o someport -j snat --to-src a:b:c:d:e:f --snat-target ACCEPT;OK
--o someport+ -j snat --to-src de:ad:0:be:ee:ff --snat-target CONTINUE;=;OK
+-o someport -j snat --to-source a:b:c:d:e:f;-o someport -j snat --to-src 0a:0b:0c:0d:0e:0f --snat-target ACCEPT;OK
+-o someport+ -j snat --to-src de:ad:00:be:ee:ff --snat-target CONTINUE;=;OK
diff --git a/extensions/libebt_standard.t b/extensions/libebt_standard.t
index 04991e1f..c0b87e12 100644
--- a/extensions/libebt_standard.t
+++ b/extensions/libebt_standard.t
@@ -1,7 +1,7 @@
 :INPUT,FORWARD,OUTPUT
--s 0:0:0:0:0:0;=;OK
--d 00:00:0:00:00:00;-d 0:0:0:0:0:0;OK
--s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:0:0 -j RETURN;OK
+-d de:ad:be:ef:00:00;=;OK
+-s 0:0:0:0:0:0;-s 00:00:00:00:00:00;OK
+-d 00:00:00:00:00:00;=;OK
+-s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:00:00 -j RETURN;OK
 -d de:ad:be:ef:00:00 -j CONTINUE;=;OK
--d de:ad:be:ef:0:0;=;OK
--d de:ad:be:ef:00:00/ff:ff:ff:ff:00:00 -j DROP;-d de:ad:be:ef:0:0/ff:ff:ff:ff:0:0 -j DROP;OK
+-d de:ad:be:ef:0:00/ff:ff:ff:ff:0:0 -j DROP;-d de:ad:be:ef:00:00/ff:ff:ff:ff:00:00 -j DROP;OK
diff --git a/extensions/libebt_stp.c b/extensions/libebt_stp.c
index 25f2735f..06cf93b8 100644
--- a/extensions/libebt_stp.c
+++ b/extensions/libebt_stp.c
@@ -297,31 +297,6 @@ brstp_parse(int c, char **argv, int invert, unsigned int *flags,
 	return 1;
 }
 
-static void ebt_print_mac(const unsigned char *mac)
-{
-	int j;
-	for (j = 0; j < ETH_ALEN; j++)
-		printf("%02x%s", mac[j],
-			(j==ETH_ALEN-1) ? "" : ":");
-}
-
-static bool mac_all_ones(const unsigned char *mac)
-{
-	static const char hlpmsk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-
-	return memcmp(mac, hlpmsk, sizeof(hlpmsk)) == 0;
-}
-
-static void ebt_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask)
-{
-
-	ebt_print_mac(mac);
-	if (!mac_all_ones(mask)) {
-		printf("/");
-		ebt_print_mac(mask);
-	}
-}
-
 static void brstp_print(const void *ip, const struct xt_entry_match *match,
 			 int numeric)
 {
@@ -351,14 +326,14 @@ static void brstp_print(const void *ip, const struct xt_entry_match *match,
 		} else if (EBT_STP_ROOTPRIO == (1 << i))
 			print_range(c->root_priol, c->root_priou);
 		else if (EBT_STP_ROOTADDR == (1 << i))
-			ebt_print_mac_and_mask((unsigned char *)c->root_addr,
+			xtables_print_mac_and_mask((unsigned char *)c->root_addr,
 			   (unsigned char*)c->root_addrmsk);
 		else if (EBT_STP_ROOTCOST == (1 << i))
 			print_range(c->root_costl, c->root_costu);
 		else if (EBT_STP_SENDERPRIO == (1 << i))
 			print_range(c->sender_priol, c->sender_priou);
 		else if (EBT_STP_SENDERADDR == (1 << i))
-			ebt_print_mac_and_mask((unsigned char *)c->sender_addr,
+			xtables_print_mac_and_mask((unsigned char *)c->sender_addr,
 			   (unsigned char *)c->sender_addrmsk);
 		else if (EBT_STP_PORT == (1 << i))
 			print_range(c->portl, c->portu);
diff --git a/include/xtables.h b/include/xtables.h
index 8fb8843a..2bc190cd 100644
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -556,6 +556,9 @@ extern void xtables_save_string(const char *value);
 #define FMT(tab,notab) ((format) & FMT_NOTABLE ? (notab) : (tab))
 
 extern void xtables_print_num(uint64_t number, unsigned int format);
+extern void xtables_print_mac(const unsigned char *macaddress);
+extern void xtables_print_mac_and_mask(const unsigned char *mac,
+				       const unsigned char *mask);
 
 extern void xtables_parse_val_mask(struct xt_option_call *cb,
 				   unsigned int *val, unsigned int *mask,
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index a616f845..92e3f3b6 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -45,21 +45,12 @@ void ebt_cs_clean(struct iptables_command_state *cs)
 	}
 }
 
-/* 0: default, print only 2 digits if necessary
- * 2: always print 2 digits, a printed mac address
- * then always has the same length
- */
-int ebt_printstyle_mac;
-
 static void ebt_print_mac(const unsigned char *mac)
 {
-	if (ebt_printstyle_mac == 2) {
-		int j;
-		for (j = 0; j < ETH_ALEN; j++)
-			printf("%02x%s", mac[j],
-				(j==ETH_ALEN-1) ? "" : ":");
-	} else
-		printf("%s", ether_ntoa((struct ether_addr *) mac));
+	int j;
+
+	for (j = 0; j < ETH_ALEN; j++)
+		printf("%02x%s", mac[j], (j==ETH_ALEN-1) ? "" : ":");
 }
 
 static bool mac_all_ones(const unsigned char *mac)
diff --git a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0
index eeb7d835..b23c1ee1 100755
--- a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0
+++ b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0
@@ -75,8 +75,8 @@ DUMP='*filter
 -A foo -p ARP --arp-op Request -j ACCEPT
 -A foo -p ARP --arp-ip-src 10.0.0.1 -j ACCEPT
 -A foo -p ARP --arp-ip-dst 10.0.0.0/8 -j ACCEPT
--A foo -p ARP --arp-mac-src fe:ed:ba:be:0:1 -j ACCEPT
--A foo -p ARP --arp-mac-dst fe:ed:ba:0:0:0/ff:ff:ff:0:0:0 -j ACCEPT
+-A foo -p ARP --arp-mac-src fe:ed:ba:be:00:01 -j ACCEPT
+-A foo -p ARP --arp-mac-dst fe:ed:ba:00:00:00/ff:ff:ff:00:00:00 -j ACCEPT
 -A foo -p IPv4 --ip-src 10.0.0.1 -j ACCEPT
 -A foo -p IPv4 --ip-dst 10.0.0.0/8 -j ACCEPT
 -A foo -p IPv4 --ip-tos 0x10 -j ACCEPT
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 34a084f4..11231fc4 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -2077,6 +2077,28 @@ void xtables_print_num(uint64_t number, unsigned int format)
 	printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
 }
 
+void xtables_print_mac(const unsigned char *macaddress)
+{
+	unsigned int i;
+
+	printf("%02x", macaddress[0]);
+	for (i = 1; i < 6; ++i)
+		printf(":%02x", macaddress[i]);
+}
+
+void xtables_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask)
+{
+	static const char hlpmsk[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+
+	xtables_print_mac(mac);
+
+	if (memcmp(mask, hlpmsk, 6) == 0)
+		return;
+
+	printf("/");
+	xtables_print_mac(mask);
+}
+
 void xtables_parse_val_mask(struct xt_option_call *cb,
 			    unsigned int *val, unsigned int *mask,
 			    const struct xtables_lmap *lmap)
-- 
cgit v1.2.3