libxtables: add and use mac print helpers

This changes ebtables-nft to consistently print mac
address with two characters, i.e.
00:01:02:03:04:0a, not 0:1:2:3:4:a.

Will require another bump of vcurrent/vage.

Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/extensions/libebt_arp.c b/extensions/libebt_arp.c
index 522c57c0156d998af7b366fbc94af125edf87bdd..a062b7e7e586440fce9b995b5f9e84a4ed1598fc 100644 (file)
--- a/extensions/libebt_arp.c
+++ b/extensions/libebt_arp.c
@@ -332,15 +332,6 @@ brarp_parse(int c, char **argv, int invert, unsigned int *flags,
        return 1;
 }
 
-static void brarp_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask)
-{
-       char hlpmsk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-
-       printf("%s", ether_ntoa((struct ether_addr *) mac));
-       if (memcmp(mask, hlpmsk, 6))
-               printf("/%s", ether_ntoa((struct ether_addr *) mask));
-}
-
 static void brarp_print(const void *ip, const struct xt_entry_match *match, int numeric)
 {
        const struct ebt_arp_info *arpinfo = (struct ebt_arp_info *)match->data;
@@ -385,14 +376,14 @@ static void brarp_print(const void *ip, const struct xt_entry_match *match, int
                printf("--arp-mac-src ");
                if (arpinfo->invflags & EBT_ARP_SRC_MAC)
                        printf("! ");
-               brarp_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
+               xtables_print_mac_and_mask(arpinfo->smaddr, arpinfo->smmsk);
                printf(" ");
        }
        if (arpinfo->bitmask & EBT_ARP_DST_MAC) {
                printf("--arp-mac-dst ");
                if (arpinfo->invflags & EBT_ARP_DST_MAC)
                        printf("! ");
-               brarp_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
+               xtables_print_mac_and_mask(arpinfo->dmaddr, arpinfo->dmmsk);
                printf(" ");
        }
        if (arpinfo->bitmask & EBT_ARP_GRAT) {

diff --git a/extensions/libebt_arp.t b/extensions/libebt_arp.t
index 64b4362f9cdbf5ab0b1441bd7d690af1493e30b0..2b064c4bd2066044e1a09c8c03d6f5e27bbd3432 100644 (file)
--- a/extensions/libebt_arp.t
+++ b/extensions/libebt_arp.t
@@ -6,6 +6,6 @@
 -p ARP ! --arp-ip-dst 1.2.3.4;-p ARP --arp-ip-dst ! 1.2.3.4 -j CONTINUE;OK
 -p ARP --arp-ip-src ! 0.0.0.0;=;OK
 -p ARP --arp-ip-dst ! 0.0.0.0/8;=;OK
--p ARP --arp-mac-src 0:de:ad:be:ef:0;=;OK
--p ARP --arp-mac-dst de:ad:be:ef:0:0/ff:ff:ff:ff:0:0;=;OK
+-p ARP --arp-mac-src 00:de:ad:be:ef:00;=;OK
+-p ARP --arp-mac-dst de:ad:be:ef:00:00/ff:ff:ff:ff:00:00;=;OK
 -p ARP --arp-gratuitous;=;OK

diff --git a/extensions/libebt_arpreply.c b/extensions/libebt_arpreply.c
index 998dece339212d805e23a13e134cb919d80a0ba6..80ba2159ff946bfeb7efb4e21f95ede136babc74 100644 (file)
--- a/extensions/libebt_arpreply.c
+++ b/extensions/libebt_arpreply.c
@@ -71,17 +71,12 @@ brarpreply_parse(int c, char **argv, int invert, unsigned int *flags,
        return 1;
 }
 
-static void ebt_print_mac(const unsigned char *mac)
-{
-       printf("%s", ether_ntoa((struct ether_addr *) mac));
-}
-
 static void brarpreply_print(const void *ip, const struct xt_entry_target *t, int numeric)
 {
        struct ebt_arpreply_info *replyinfo = (void *)t->data;
 
        printf("--arpreply-mac ");
-       ebt_print_mac(replyinfo->mac);
+       xtables_print_mac(replyinfo->mac);
        if (replyinfo->target == EBT_DROP)
                return;
        printf(" --arpreply-target %s", ebt_target_name(replyinfo->target));

diff --git a/extensions/libebt_arpreply.t b/extensions/libebt_arpreply.t
index f7bc85f9cd342193de92ad2d7e174c08aae5ff91..6734501a106b58ce16f04013eeec244a375ac4bd 100644 (file)
--- a/extensions/libebt_arpreply.t
+++ b/extensions/libebt_arpreply.t
@@ -1,4 +1,4 @@
 :PREROUTING
 *nat
--p ARP -i foo -j arpreply --arpreply-mac de:ad:0:be:ee:ff --arpreply-target ACCEPT;=;OK
--p ARP -i foo -j arpreply --arpreply-mac de:ad:0:be:ee:ff;=;OK
+-p ARP -i foo -j arpreply --arpreply-mac de:ad:00:be:ee:ff --arpreply-target ACCEPT;=;OK
+-p ARP -i foo -j arpreply --arpreply-mac de:ad:00:be:ee:ff;=;OK

diff --git a/extensions/libebt_dnat.c b/extensions/libebt_dnat.c
index c179d8c19bc157c512d2e5a997633a2d5a00f263..9f5f721ea79d2ad6eec3276055f751112abc018b 100644 (file)
--- a/extensions/libebt_dnat.c
+++ b/extensions/libebt_dnat.c
@@ -74,17 +74,12 @@ static void brdnat_final_check(unsigned int flags)
                              "You must specify proper arguments");
 }
 
-static void ebt_print_mac(const unsigned char *mac)
-{
-       printf("%s", ether_ntoa((struct ether_addr *) mac));
-}
-
 static void brdnat_print(const void *ip, const struct xt_entry_target *target, int numeric)
 {
        struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
 
        printf("--to-dst ");
-       ebt_print_mac(natinfo->mac);
+       xtables_print_mac(natinfo->mac);
        printf(" --dnat-target %s", ebt_target_name(natinfo->target));
 }
 

diff --git a/extensions/libebt_dnat.t b/extensions/libebt_dnat.t
index 42f9bff27b8d422eba2850d343a744d499658b07..9428d237850fb356e60908f0cf7ec5b511ec932a 100644 (file)
--- a/extensions/libebt_dnat.t
+++ b/extensions/libebt_dnat.t
@@ -1,5 +1,5 @@
 :PREROUTING
 *nat
--i someport -j dnat --to-dst de:ad:0:be:ee:ff;-i someport -j dnat --to-dst de:ad:0:be:ee:ff --dnat-target ACCEPT;OK
--j dnat --to-dst de:ad:0:be:ee:ff --dnat-target ACCEPT;=;OK
--j dnat --to-dst de:ad:0:be:ee:ff --dnat-target CONTINUE;=;OK
+-i someport -j dnat --to-dst de:ad:0:be:ee:ff;-i someport -j dnat --to-dst de:ad:00:be:ee:ff --dnat-target ACCEPT;OK
+-j dnat --to-dst de:ad:00:be:ee:ff --dnat-target ACCEPT;=;OK
+-j dnat --to-dst de:ad:00:be:ee:ff --dnat-target CONTINUE;=;OK

diff --git a/extensions/libebt_pkttype.t b/extensions/libebt_pkttype.t
index 921cf3acbbda06ddd8a7fff4fce8b4474f4834ba..f5f76aaaebfdc54f4acd1f757366d2a61633163e 100644 (file)
--- a/extensions/libebt_pkttype.t
+++ b/extensions/libebt_pkttype.t
@@ -1,8 +1,4 @@
 :INPUT,FORWARD,OUTPUT
--s 0:0:0:0:0:0;=;OK
--d 00:00:0:00:00:00;-d 0:0:0:0:0:0;OK
--s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:0:0 -j RETURN;OK
--d de:ad:be:ef:0:0;=;OK
 ! --pkttype-type host;--pkttype-type ! host -j CONTINUE;OK
 --pkttype-type host;=;OK
 --pkttype-type broadcast;=;OK

diff --git a/extensions/libebt_snat.c b/extensions/libebt_snat.c
index 95b32f9cd2046306c9f7b31ddc4fda861251c8f9..c1124bf32d1e5323c407d3201eb04c7cee8f9535 100644 (file)
--- a/extensions/libebt_snat.c
+++ b/extensions/libebt_snat.c
@@ -85,17 +85,12 @@ static void brsnat_final_check(unsigned int flags)
                              "You must specify proper arguments");
 }
 
-static void ebt_print_mac(const unsigned char *mac)
-{
-       printf("%s", ether_ntoa((struct ether_addr *) mac));
-}
-
 static void brsnat_print(const void *ip, const struct xt_entry_target *target, int numeric)
 {
        struct ebt_nat_info *natinfo = (struct ebt_nat_info *)target->data;
 
        printf("--to-src ");
-       ebt_print_mac(natinfo->mac);
+       xtables_print_mac(natinfo->mac);
        if (!(natinfo->target&NAT_ARP_BIT))
                printf(" --snat-arp");
        printf(" --snat-target %s", ebt_target_name((natinfo->target|~EBT_VERDICT_BITS)));

diff --git a/extensions/libebt_snat.t b/extensions/libebt_snat.t
index bb42e758631f40eaac3eef0d4327cb0d9ec42c6f..639b13f300c9dcddce68da26e1b6bcabe1cb2917 100644 (file)
--- a/extensions/libebt_snat.t
+++ b/extensions/libebt_snat.t
@@ -1,4 +1,4 @@
 :POSTROUTING
 *nat
--o someport -j snat --to-source a:b:c:d:e:f;-o someport -j snat --to-src a:b:c:d:e:f --snat-target ACCEPT;OK
--o someport+ -j snat --to-src de:ad:0:be:ee:ff --snat-target CONTINUE;=;OK
+-o someport -j snat --to-source a:b:c:d:e:f;-o someport -j snat --to-src 0a:0b:0c:0d:0e:0f --snat-target ACCEPT;OK
+-o someport+ -j snat --to-src de:ad:00:be:ee:ff --snat-target CONTINUE;=;OK

diff --git a/extensions/libebt_standard.t b/extensions/libebt_standard.t
index 04991e1f3290fe7f26b24642864acf9c9bf85d1f..c0b87e128d5186081e38aa8a5ce8cf111fb5486c 100644 (file)
--- a/extensions/libebt_standard.t
+++ b/extensions/libebt_standard.t
@@ -1,7 +1,7 @@
 :INPUT,FORWARD,OUTPUT
--s 0:0:0:0:0:0;=;OK
--d 00:00:0:00:00:00;-d 0:0:0:0:0:0;OK
--s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:0:0 -j RETURN;OK
+-d de:ad:be:ef:00:00;=;OK
+-s 0:0:0:0:0:0;-s 00:00:00:00:00:00;OK
+-d 00:00:00:00:00:00;=;OK
+-s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:00:00 -j RETURN;OK
 -d de:ad:be:ef:00:00 -j CONTINUE;=;OK
--d de:ad:be:ef:0:0;=;OK
--d de:ad:be:ef:00:00/ff:ff:ff:ff:00:00 -j DROP;-d de:ad:be:ef:0:0/ff:ff:ff:ff:0:0 -j DROP;OK
+-d de:ad:be:ef:0:00/ff:ff:ff:ff:0:0 -j DROP;-d de:ad:be:ef:00:00/ff:ff:ff:ff:00:00 -j DROP;OK

diff --git a/extensions/libebt_stp.c b/extensions/libebt_stp.c
index 25f2735f46803620a2e53584073182e912d781ba..06cf93b8d84498de77fc3549145e0f9d2fce3bb3 100644 (file)
--- a/extensions/libebt_stp.c
+++ b/extensions/libebt_stp.c
@@ -297,31 +297,6 @@ brstp_parse(int c, char **argv, int invert, unsigned int *flags,
        return 1;
 }
 
-static void ebt_print_mac(const unsigned char *mac)
-{
-       int j;
-       for (j = 0; j < ETH_ALEN; j++)
-               printf("%02x%s", mac[j],
-                       (j==ETH_ALEN-1) ? "" : ":");
-}
-
-static bool mac_all_ones(const unsigned char *mac)
-{
-       static const char hlpmsk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-
-       return memcmp(mac, hlpmsk, sizeof(hlpmsk)) == 0;
-}
-
-static void ebt_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask)
-{
-
-       ebt_print_mac(mac);
-       if (!mac_all_ones(mask)) {
-               printf("/");
-               ebt_print_mac(mask);
-       }
-}
-
 static void brstp_print(const void *ip, const struct xt_entry_match *match,
                         int numeric)
 {
@@ -351,14 +326,14 @@ static void brstp_print(const void *ip, const struct xt_entry_match *match,
                } else if (EBT_STP_ROOTPRIO == (1 << i))
                        print_range(c->root_priol, c->root_priou);
                else if (EBT_STP_ROOTADDR == (1 << i))
-                       ebt_print_mac_and_mask((unsigned char *)c->root_addr,
+                       xtables_print_mac_and_mask((unsigned char *)c->root_addr,
                           (unsigned char*)c->root_addrmsk);
                else if (EBT_STP_ROOTCOST == (1 << i))
                        print_range(c->root_costl, c->root_costu);
                else if (EBT_STP_SENDERPRIO == (1 << i))
                        print_range(c->sender_priol, c->sender_priou);
                else if (EBT_STP_SENDERADDR == (1 << i))
-                       ebt_print_mac_and_mask((unsigned char *)c->sender_addr,
+                       xtables_print_mac_and_mask((unsigned char *)c->sender_addr,
                           (unsigned char *)c->sender_addrmsk);
                else if (EBT_STP_PORT == (1 << i))
                        print_range(c->portl, c->portu);

diff --git a/include/xtables.h b/include/xtables.h
index 8fb8843ac4f4fc1a74b4c73557a776de3453c678..2bc190cd5d40e8a98ac7dfce2d7e2168fd82e648 100644 (file)
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -556,6 +556,9 @@ extern void xtables_save_string(const char *value);
 #define FMT(tab,notab) ((format) & FMT_NOTABLE ? (notab) : (tab))
 
 extern void xtables_print_num(uint64_t number, unsigned int format);
+extern void xtables_print_mac(const unsigned char *macaddress);
+extern void xtables_print_mac_and_mask(const unsigned char *mac,
+                                      const unsigned char *mask);
 
 extern void xtables_parse_val_mask(struct xt_option_call *cb,
                                   unsigned int *val, unsigned int *mask,

diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index a616f8458a7422be54b99f5d7303321a5e073e6e..92e3f3b6f97f5e04059969e80dd0c894614f5be0 100644 (file)
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -45,21 +45,12 @@ void ebt_cs_clean(struct iptables_command_state *cs)
        }
 }
 
-/* 0: default, print only 2 digits if necessary
- * 2: always print 2 digits, a printed mac address
- * then always has the same length
- */
-int ebt_printstyle_mac;
-
 static void ebt_print_mac(const unsigned char *mac)
 {
-       if (ebt_printstyle_mac == 2) {
-               int j;
-               for (j = 0; j < ETH_ALEN; j++)
-                       printf("%02x%s", mac[j],
-                               (j==ETH_ALEN-1) ? "" : ":");
-       } else
-               printf("%s", ether_ntoa((struct ether_addr *) mac));
+       int j;
+
+       for (j = 0; j < ETH_ALEN; j++)
+               printf("%02x%s", mac[j], (j==ETH_ALEN-1) ? "" : ":");
 }
 
 static bool mac_all_ones(const unsigned char *mac)

diff --git a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0
index eeb7d83574e9dc4ef49d48a0dcf6d5263cd2f1dd..b23c1ee18c8ae1111ee9048dc32e079563c57ef8 100755 (executable)
--- a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0
+++ b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0
@@ -75,8 +75,8 @@ DUMP='*filter
 -A foo -p ARP --arp-op Request -j ACCEPT
 -A foo -p ARP --arp-ip-src 10.0.0.1 -j ACCEPT
 -A foo -p ARP --arp-ip-dst 10.0.0.0/8 -j ACCEPT
--A foo -p ARP --arp-mac-src fe:ed:ba:be:0:1 -j ACCEPT
--A foo -p ARP --arp-mac-dst fe:ed:ba:0:0:0/ff:ff:ff:0:0:0 -j ACCEPT
+-A foo -p ARP --arp-mac-src fe:ed:ba:be:00:01 -j ACCEPT
+-A foo -p ARP --arp-mac-dst fe:ed:ba:00:00:00/ff:ff:ff:00:00:00 -j ACCEPT
 -A foo -p IPv4 --ip-src 10.0.0.1 -j ACCEPT
 -A foo -p IPv4 --ip-dst 10.0.0.0/8 -j ACCEPT
 -A foo -p IPv4 --ip-tos 0x10 -j ACCEPT

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 34a084f47c29041dcc5a6408d1562fc9f6dc91cc..11231fc473d5191a485fcf4663e92dada48c74fe 100644 (file)
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -2077,6 +2077,28 @@ void xtables_print_num(uint64_t number, unsigned int format)
        printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
 }
 
+void xtables_print_mac(const unsigned char *macaddress)
+{
+       unsigned int i;
+
+       printf("%02x", macaddress[0]);
+       for (i = 1; i < 6; ++i)
+               printf(":%02x", macaddress[i]);
+}
+
+void xtables_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask)
+{
+       static const char hlpmsk[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+
+       xtables_print_mac(mac);
+
+       if (memcmp(mask, hlpmsk, 6) == 0)
+               return;
+
+       printf("/");
+       xtables_print_mac(mask);
+}
+
 void xtables_parse_val_mask(struct xt_option_call *cb,
                            unsigned int *val, unsigned int *mask,
                            const struct xtables_lmap *lmap)