From d960a991350ca429e029a76fbccfff8f9ac37be3 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 25 Oct 2019 17:21:13 +0200 Subject: xtables-arp: Integrate OPT_* defines into xshared.h These defines are internal use only, so their actual value doesn't matter as long as they're unique and inverse_for_options array items match: When negating a given option, the corresponding OPT_* value's bit is used as an index into inverse_for_options to retrieve the corresponding invflag. If zero, either negating or the option itself is not supported. (In practice, a lookup for unsupported option won't happen as those are caught by getopt_long()). Since xtables-arp's OPT_* values change, adjust the local inverse_for_options array accordingly. Signed-off-by: Phil Sutter Acked-by: Pablo Neira Ayuso --- iptables/xshared.h | 7 +++++++ iptables/xtables-arp.c | 43 ++++++++++++++----------------------------- 2 files changed, 21 insertions(+), 29 deletions(-) diff --git a/iptables/xshared.h b/iptables/xshared.h index b0738b04..490b19ad 100644 --- a/iptables/xshared.h +++ b/iptables/xshared.h @@ -29,6 +29,13 @@ enum { OPT_VIANAMEOUT = 1 << 8, OPT_LINENUMBERS = 1 << 9, OPT_COUNTERS = 1 << 10, + /* below are for arptables only */ + OPT_S_MAC = 1 << 11, + OPT_D_MAC = 1 << 12, + OPT_H_LENGTH = 1 << 13, + OPT_OPCODE = 1 << 14, + OPT_H_TYPE = 1 << 15, + OPT_P_TYPE = 1 << 16, }; enum { diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c index 4949ddd3..8339b2cb 100644 --- a/iptables/xtables-arp.c +++ b/iptables/xtables-arp.c @@ -57,23 +57,6 @@ typedef char arpt_chainlabel[32]; #define OPTION_OFFSET 256 -#define OPT_NONE 0x00000U -#define OPT_NUMERIC 0x00001U -#define OPT_S_IP 0x00002U -#define OPT_D_IP 0x00004U -#define OPT_S_MAC 0x00008U -#define OPT_D_MAC 0x00010U -#define OPT_H_LENGTH 0x00020U -#define OPT_P_LENGTH 0x00040U -#define OPT_OPCODE 0x00080U -#define OPT_H_TYPE 0x00100U -#define OPT_P_TYPE 0x00200U -#define OPT_JUMP 0x00400U -#define OPT_VERBOSE 0x00800U -#define OPT_VIANAMEIN 0x01000U -#define OPT_VIANAMEOUT 0x02000U -#define OPT_LINENUMBERS 0x04000U -#define OPT_COUNTERS 0x08000U #define NUMBER_OF_OPT 16 static const char optflags[NUMBER_OF_OPT] = { 'n', 's', 'd', 2, 3, 7, 8, 4, 5, 6, 'j', 'v', 'i', 'o', '0', 'c'}; @@ -132,24 +115,26 @@ struct xtables_globals arptables_globals = { .compat_rev = nft_compatible_revision, }; -static int inverse_for_options[NUMBER_OF_OPT] = +/* index relates to bit of each OPT_* value */ +static int inverse_for_options[] = { /* -n */ 0, /* -s */ ARPT_INV_SRCIP, /* -d */ ARPT_INV_TGTIP, -/* 2 */ ARPT_INV_SRCDEVADDR, -/* 3 */ ARPT_INV_TGTDEVADDR, -/* -l */ ARPT_INV_ARPHLN, -/* 8 */ 0, -/* 4 */ ARPT_INV_ARPOP, -/* 5 */ ARPT_INV_ARPHRD, -/* 6 */ ARPT_INV_ARPPRO, +/* -p */ 0, /* -j */ 0, /* -v */ 0, +/* -x */ 0, /* -i */ ARPT_INV_VIA_IN, /* -o */ ARPT_INV_VIA_OUT, /*--line*/ 0, /* -c */ 0, +/* 2 */ ARPT_INV_SRCDEVADDR, +/* 3 */ ARPT_INV_TGTDEVADDR, +/* -l */ ARPT_INV_ARPHLN, +/* 4 */ ARPT_INV_ARPOP, +/* 5 */ ARPT_INV_ARPHRD, +/* 6 */ ARPT_INV_ARPPRO, }; /* Primitive headers... */ @@ -747,14 +732,14 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, break; case 's': check_inverse(optarg, &invert, &optind, argc); - set_option(&options, OPT_S_IP, &cs.arp.arp.invflags, + set_option(&options, OPT_SOURCE, &cs.arp.arp.invflags, invert); shostnetworkmask = argv[optind-1]; break; case 'd': check_inverse(optarg, &invert, &optind, argc); - set_option(&options, OPT_D_IP, &cs.arp.arp.invflags, + set_option(&options, OPT_DESTINATION, &cs.arp.arp.invflags, invert); dhostnetworkmask = argv[optind-1]; break; @@ -965,9 +950,9 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, "nothing appropriate following !"); if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND)) { - if (!(options & OPT_D_IP)) + if (!(options & OPT_DESTINATION)) dhostnetworkmask = "0.0.0.0/0"; - if (!(options & OPT_S_IP)) + if (!(options & OPT_SOURCE)) shostnetworkmask = "0.0.0.0/0"; } -- cgit v1.2.3