extensions: prefer plain 'set' over 'set mark and'

adding a test case for MARK --set-mark 0 fails with
exp: nft add rule ip mangle OUTPUT counter meta mark set 0x0
res: nft add rule ip mangle OUTPUT counter meta mark set mark and 0x0

This translation isn't wrong, but unneccessarily complex, so
change order to first check if mask bits are all ones.

In that case we can simply use an immediate value without
need for logical operators.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index f60be58346a5ea44b7feac447a386b411001b377..c7933464101bf24b58517dd56865eb2185b22cd3 100644 (file)
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -356,7 +356,9 @@ static int connmark_tg_xlate(struct xt_xlate *xl,
        switch (info->mode) {
        case XT_CONNMARK_SET:
                xt_xlate_add(xl, "ct mark set ");
-               if (info->ctmark == 0)
+               if (info->ctmask == 0xFFFFFFFFU)
+                       xt_xlate_add(xl, "0x%x ", info->ctmark);
+               else if (info->ctmark == 0)
                        xt_xlate_add(xl, "ct mark and 0x%x", ~info->ctmask);
                else if (info->ctmark == info->ctmask)
                        xt_xlate_add(xl, "ct mark or 0x%x",
@@ -364,8 +366,6 @@ static int connmark_tg_xlate(struct xt_xlate *xl,
                else if (info->ctmask == 0)
                        xt_xlate_add(xl, "ct mark xor 0x%x",
                                     info->ctmark);
-               else if (info->ctmask == 0xFFFFFFFFU)
-                       xt_xlate_add(xl, "0x%x ", info->ctmark);
                else
                        xt_xlate_add(xl, "ct mark xor 0x%x and 0x%x",
                                     info->ctmark, ~info->ctmask);

diff --git a/extensions/libxt_CONNMARK.txlate b/extensions/libxt_CONNMARK.txlate
index 62321be1055270f21edc913b584fec2e6a060c0e..a47cbb2b00db7e342ebf1cb6fc313a7c22828ee3 100644 (file)
--- a/extensions/libxt_CONNMARK.txlate
+++ b/extensions/libxt_CONNMARK.txlate
@@ -1,3 +1,6 @@
+iptables-translate -t mangle -A PREROUTING -j CONNMARK --set-mark 0
+nft add rule ip mangle PREROUTING counter ct mark set 0x0
+
 iptables-translate -t mangle -A PREROUTING -j CONNMARK --set-mark 0x16
 nft add rule ip mangle PREROUTING counter ct mark set 0x16
 

diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
index 12b1695eeac245f305fcaa291a235ca0628ce1c2..5c6186fe03407772161523fbde4b84b940c5be9e 100644 (file)
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -252,14 +252,14 @@ static int mark_tg_xlate(struct xt_xlate *xl,
 
        xt_xlate_add(xl, "meta mark set ");
 
-       if (info->mark == 0)
+       if (info->mask == 0xffffffffU)
+               xt_xlate_add(xl, "0x%x ", info->mark);
+       else if (info->mark == 0)
                xt_xlate_add(xl, "mark and 0x%x ", ~info->mask);
        else if (info->mark == info->mask)
                xt_xlate_add(xl, "mark or 0x%x ", info->mark);
        else if (info->mask == 0)
                xt_xlate_add(xl, "mark xor 0x%x ", info->mark);
-       else if (info->mask == 0xffffffffU)
-               xt_xlate_add(xl, "0x%x ", info->mark);
        else
                xt_xlate_add(xl, "mark and 0x%x xor 0x%x ", ~info->mask,
                             info->mark);

diff --git a/extensions/libxt_MARK.txlate b/extensions/libxt_MARK.txlate
index ab5977e9c6abdbf0adf3cce8fa568cb3ddde4dd1..d3250ab6c2e1894d81c20685b90c1017b2cf81cc 100644 (file)
--- a/extensions/libxt_MARK.txlate
+++ b/extensions/libxt_MARK.txlate
@@ -1,3 +1,6 @@
+iptables-translate -t mangle -A OUTPUT -j MARK --set-mark 0
+nft add rule ip mangle OUTPUT counter meta mark set 0x0
+
 iptables-translate -t mangle -A OUTPUT -j MARK --set-mark 64
 nft add rule ip mangle OUTPUT counter meta mark set 0x40