From 7bd9febf65e98eb1f4b4d51afa2479c442066235 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Sat, 3 Nov 2018 23:43:49 +0100 Subject: libxtables: add and use mac print helpers This changes ebtables-nft to consistently print mac address with two characters, i.e. 00:01:02:03:04:0a, not 0:1:2:3:4:a. Will require another bump of vcurrent/vage. Suggested-by: Pablo Neira Ayuso Signed-off-by: Florian Westphal --- extensions/libebt_arp.c | 13 ++----------- extensions/libebt_arp.t | 4 ++-- extensions/libebt_arpreply.c | 7 +------ extensions/libebt_arpreply.t | 4 ++-- extensions/libebt_dnat.c | 7 +------ extensions/libebt_dnat.t | 6 +++--- extensions/libebt_pkttype.t | 4 ---- extensions/libebt_snat.c | 7 +------ extensions/libebt_snat.t | 4 ++-- extensions/libebt_standard.t | 10 +++++----- extensions/libebt_stp.c | 29 ++--------------------------- 11 files changed, 21 insertions(+), 74 deletions(-) (limited to 'extensions') diff --git a/extensions/libebt_arp.c b/extensions/libebt_arp.c index 522c57c0..a062b7e7 100644 --- a/extensions/libebt_arp.c +++ b/extensions/libebt_arp.c @@ -332,15 +332,6 @@ brarp_parse(int c, char **argv, int invert, unsigned int *flags, return 1; } -static void brarp_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask) -{ - char hlpmsk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; - - printf("%s", ether_ntoa((struct ether_addr *) mac)); - if (memcmp(mask, hlpmsk, 6)) - printf("/%s", ether_ntoa((struct ether_addr *) mask)); -} - static void brarp_print(const void *ip, const struct xt_entry_match *match, int numeric) { const struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data; @@ -385,14 +376,14 @@ static void brarp_print(const void *ip, const struct xt_entry_match *match, int printf("--arp-mac-src "); if (arpinfo->invflags & EBT_ARP_SRC_MAC) printf("! "); - brarp_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk); + xtables_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk); printf(" "); } if (arpinfo->bitmask & EBT_ARP_DST_MAC) { printf("--arp-mac-dst "); if (arpinfo->invflags & EBT_ARP_DST_MAC) printf("! "); - brarp_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk); + xtables_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk); printf(" "); } if (arpinfo->bitmask & EBT_ARP_GRAT) { diff --git a/extensions/libebt_arp.t b/extensions/libebt_arp.t index 64b4362f..2b064c4b 100644 --- a/extensions/libebt_arp.t +++ b/extensions/libebt_arp.t @@ -6,6 +6,6 @@ -p ARP ! --arp-ip-dst 1.2.3.4;-p ARP --arp-ip-dst ! 1.2.3.4 -j CONTINUE;OK -p ARP --arp-ip-src ! 0.0.0.0;=;OK -p ARP --arp-ip-dst ! 0.0.0.0/8;=;OK --p ARP --arp-mac-src 0:de:ad:be:ef:0;=;OK --p ARP --arp-mac-dst de:ad:be:ef:0:0/ff:ff:ff:ff:0:0;=;OK +-p ARP --arp-mac-src 00:de:ad:be:ef:00;=;OK +-p ARP --arp-mac-dst de:ad:be:ef:00:00/ff:ff:ff:ff:00:00;=;OK -p ARP --arp-gratuitous;=;OK diff --git a/extensions/libebt_arpreply.c b/extensions/libebt_arpreply.c index 998dece3..80ba2159 100644 --- a/extensions/libebt_arpreply.c +++ b/extensions/libebt_arpreply.c @@ -71,17 +71,12 @@ brarpreply_parse(int c, char **argv, int invert, unsigned int *flags, return 1; } -static void ebt_print_mac(const unsigned char *mac) -{ - printf("%s", ether_ntoa((struct ether_addr *) mac)); -} - static void brarpreply_print(const void *ip, const struct xt_entry_target *t, int numeric) { struct ebt_arpreply_info *replyinfo = (void *)t->data; printf("--arpreply-mac "); - ebt_print_mac(replyinfo->mac); + xtables_print_mac(replyinfo->mac); if (replyinfo->target == EBT_DROP) return; printf(" --arpreply-target %s", ebt_target_name(replyinfo->target)); diff --git a/extensions/libebt_arpreply.t b/extensions/libebt_arpreply.t index f7bc85f9..6734501a 100644 --- a/extensions/libebt_arpreply.t +++ b/extensions/libebt_arpreply.t @@ -1,4 +1,4 @@ :PREROUTING *nat --p ARP -i foo -j arpreply --arpreply-mac de:ad:0:be:ee:ff --arpreply-target ACCEPT;=;OK --p ARP -i foo -j arpreply --arpreply-mac de:ad:0:be:ee:ff;=;OK +-p ARP -i foo -j arpreply --arpreply-mac de:ad:00:be:ee:ff --arpreply-target ACCEPT;=;OK +-p ARP -i foo -j arpreply --arpreply-mac de:ad:00:be:ee:ff;=;OK diff --git a/extensions/libebt_dnat.c b/extensions/libebt_dnat.c index c179d8c1..9f5f721e 100644 --- a/extensions/libebt_dnat.c +++ b/extensions/libebt_dnat.c @@ -74,17 +74,12 @@ static void brdnat_final_check(unsigned int flags) "You must specify proper arguments"); } -static void ebt_print_mac(const unsigned char *mac) -{ - printf("%s", ether_ntoa((struct ether_addr *) mac)); -} - static void brdnat_print(const void *ip, const struct xt_entry_target *target, int numeric) { struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; printf("--to-dst "); - ebt_print_mac(natinfo->mac); + xtables_print_mac(natinfo->mac); printf(" --dnat-target %s", ebt_target_name(natinfo->target)); } diff --git a/extensions/libebt_dnat.t b/extensions/libebt_dnat.t index 42f9bff2..9428d237 100644 --- a/extensions/libebt_dnat.t +++ b/extensions/libebt_dnat.t @@ -1,5 +1,5 @@ :PREROUTING *nat --i someport -j dnat --to-dst de:ad:0:be:ee:ff;-i someport -j dnat --to-dst de:ad:0:be:ee:ff --dnat-target ACCEPT;OK --j dnat --to-dst de:ad:0:be:ee:ff --dnat-target ACCEPT;=;OK --j dnat --to-dst de:ad:0:be:ee:ff --dnat-target CONTINUE;=;OK +-i someport -j dnat --to-dst de:ad:0:be:ee:ff;-i someport -j dnat --to-dst de:ad:00:be:ee:ff --dnat-target ACCEPT;OK +-j dnat --to-dst de:ad:00:be:ee:ff --dnat-target ACCEPT;=;OK +-j dnat --to-dst de:ad:00:be:ee:ff --dnat-target CONTINUE;=;OK diff --git a/extensions/libebt_pkttype.t b/extensions/libebt_pkttype.t index 921cf3ac..f5f76aaa 100644 --- a/extensions/libebt_pkttype.t +++ b/extensions/libebt_pkttype.t @@ -1,8 +1,4 @@ :INPUT,FORWARD,OUTPUT --s 0:0:0:0:0:0;=;OK --d 00:00:0:00:00:00;-d 0:0:0:0:0:0;OK --s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:0:0 -j RETURN;OK --d de:ad:be:ef:0:0;=;OK ! --pkttype-type host;--pkttype-type ! host -j CONTINUE;OK --pkttype-type host;=;OK --pkttype-type broadcast;=;OK diff --git a/extensions/libebt_snat.c b/extensions/libebt_snat.c index 95b32f9c..c1124bf3 100644 --- a/extensions/libebt_snat.c +++ b/extensions/libebt_snat.c @@ -85,17 +85,12 @@ static void brsnat_final_check(unsigned int flags) "You must specify proper arguments"); } -static void ebt_print_mac(const unsigned char *mac) -{ - printf("%s", ether_ntoa((struct ether_addr *) mac)); -} - static void brsnat_print(const void *ip, const struct xt_entry_target *target, int numeric) { struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data; printf("--to-src "); - ebt_print_mac(natinfo->mac); + xtables_print_mac(natinfo->mac); if (!(natinfo->target&NAT_ARP_BIT)) printf(" --snat-arp"); printf(" --snat-target %s", ebt_target_name((natinfo->target|~EBT_VERDICT_BITS))); diff --git a/extensions/libebt_snat.t b/extensions/libebt_snat.t index bb42e758..639b13f3 100644 --- a/extensions/libebt_snat.t +++ b/extensions/libebt_snat.t @@ -1,4 +1,4 @@ :POSTROUTING *nat --o someport -j snat --to-source a:b:c:d:e:f;-o someport -j snat --to-src a:b:c:d:e:f --snat-target ACCEPT;OK --o someport+ -j snat --to-src de:ad:0:be:ee:ff --snat-target CONTINUE;=;OK +-o someport -j snat --to-source a:b:c:d:e:f;-o someport -j snat --to-src 0a:0b:0c:0d:0e:0f --snat-target ACCEPT;OK +-o someport+ -j snat --to-src de:ad:00:be:ee:ff --snat-target CONTINUE;=;OK diff --git a/extensions/libebt_standard.t b/extensions/libebt_standard.t index 04991e1f..c0b87e12 100644 --- a/extensions/libebt_standard.t +++ b/extensions/libebt_standard.t @@ -1,7 +1,7 @@ :INPUT,FORWARD,OUTPUT --s 0:0:0:0:0:0;=;OK --d 00:00:0:00:00:00;-d 0:0:0:0:0:0;OK --s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:0:0 -j RETURN;OK +-d de:ad:be:ef:00:00;=;OK +-s 0:0:0:0:0:0;-s 00:00:00:00:00:00;OK +-d 00:00:00:00:00:00;=;OK +-s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:00:00 -j RETURN;OK -d de:ad:be:ef:00:00 -j CONTINUE;=;OK --d de:ad:be:ef:0:0;=;OK --d de:ad:be:ef:00:00/ff:ff:ff:ff:00:00 -j DROP;-d de:ad:be:ef:0:0/ff:ff:ff:ff:0:0 -j DROP;OK +-d de:ad:be:ef:0:00/ff:ff:ff:ff:0:0 -j DROP;-d de:ad:be:ef:00:00/ff:ff:ff:ff:00:00 -j DROP;OK diff --git a/extensions/libebt_stp.c b/extensions/libebt_stp.c index 25f2735f..06cf93b8 100644 --- a/extensions/libebt_stp.c +++ b/extensions/libebt_stp.c @@ -297,31 +297,6 @@ brstp_parse(int c, char **argv, int invert, unsigned int *flags, return 1; } -static void ebt_print_mac(const unsigned char *mac) -{ - int j; - for (j = 0; j < ETH_ALEN; j++) - printf("%02x%s", mac[j], - (j==ETH_ALEN-1) ? "" : ":"); -} - -static bool mac_all_ones(const unsigned char *mac) -{ - static const char hlpmsk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; - - return memcmp(mac, hlpmsk, sizeof(hlpmsk)) == 0; -} - -static void ebt_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask) -{ - - ebt_print_mac(mac); - if (!mac_all_ones(mask)) { - printf("/"); - ebt_print_mac(mask); - } -} - static void brstp_print(const void *ip, const struct xt_entry_match *match, int numeric) { @@ -351,14 +326,14 @@ static void brstp_print(const void *ip, const struct xt_entry_match *match, } else if (EBT_STP_ROOTPRIO == (1 << i)) print_range(c->root_priol, c->root_priou); else if (EBT_STP_ROOTADDR == (1 << i)) - ebt_print_mac_and_mask((unsigned char *)c->root_addr, + xtables_print_mac_and_mask((unsigned char *)c->root_addr, (unsigned char*)c->root_addrmsk); else if (EBT_STP_ROOTCOST == (1 << i)) print_range(c->root_costl, c->root_costu); else if (EBT_STP_SENDERPRIO == (1 << i)) print_range(c->sender_priol, c->sender_priou); else if (EBT_STP_SENDERADDR == (1 << i)) - ebt_print_mac_and_mask((unsigned char *)c->sender_addr, + xtables_print_mac_and_mask((unsigned char *)c->sender_addr, (unsigned char *)c->sender_addrmsk); else if (EBT_STP_PORT == (1 << i)) print_range(c->portl, c->portu); -- cgit v1.2.3