nft: ruleparse: Introduce nft_parse_rule_expr()

author Phil Sutter <phil@nwl.cc>

Wed, 31 Jul 2024 00:07:28 +0000 (02:07 +0200)

committer Phil Sutter <phil@nwl.cc>

Thu, 10 Apr 2025 16:45:43 +0000 (18:45 +0200)
author Phil Sutter <phil@nwl.cc>
Wed, 31 Jul 2024 00:07:28 +0000 (02:07 +0200)
committer Phil Sutter <phil@nwl.cc>
Thu, 10 Apr 2025 16:45:43 +0000 (18:45 +0200)
diff --git a/iptables/nft-ruleparse.c b/iptables/nft-ruleparse.c

index 1ee7a94db59de21c4dd41b488df86652add0fe65..757d3c29fc8166f2f14e320f80ae9445f4c07a24 100644 (file)
--- a/iptables/nft-ruleparse.c
+++ b/iptables/nft-ruleparse.c
@@ -887,6 +887,45 @@ static void nft_parse_range(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
         }
  }
  
+bool nft_parse_rule_expr(struct nft_handle *h,
+                        struct nftnl_expr *expr,
+                        struct nft_xt_ctx *ctx)
+{
+       const char *name = nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
+
+       if (strcmp(name, "counter") == 0)
+               nft_parse_counter(expr, &ctx->cs->counters);
+       else if (strcmp(name, "payload") == 0)
+               nft_parse_payload(ctx, expr);
+       else if (strcmp(name, "meta") == 0)
+               nft_parse_meta(ctx, expr);
+       else if (strcmp(name, "bitwise") == 0)
+               nft_parse_bitwise(ctx, expr);
+       else if (strcmp(name, "cmp") == 0)
+               nft_parse_cmp(ctx, expr);
+       else if (strcmp(name, "immediate") == 0)
+               nft_parse_immediate(ctx, expr);
+       else if (strcmp(name, "match") == 0)
+               nft_parse_match(ctx, expr);
+       else if (strcmp(name, "target") == 0)
+               nft_parse_target(ctx, expr);
+       else if (strcmp(name, "limit") == 0)
+               nft_parse_limit(ctx, expr);
+       else if (strcmp(name, "lookup") == 0)
+               nft_parse_lookup(ctx, h, expr);
+       else if (strcmp(name, "log") == 0)
+               nft_parse_log(ctx, expr);
+       else if (strcmp(name, "range") == 0)
+               nft_parse_range(ctx, expr);
+
+       if (ctx->errmsg) {
+               fprintf(stderr, "Error: %s\n", ctx->errmsg);
+               ctx->errmsg = NULL;
+               return false;
+       }
+       return true;
+}
+
  bool nft_rule_to_iptables_command_state(struct nft_handle *h,
                                         const struct nftnl_rule *r,
                                         struct iptables_command_state *cs)
@@ -905,40 +944,8 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h,
  
         expr = nftnl_expr_iter_next(ctx.iter);
         while (expr != NULL) {
-               const char *name =
-                       nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
-
-               if (strcmp(name, "counter") == 0)
-                       nft_parse_counter(expr, &ctx.cs->counters);
-               else if (strcmp(name, "payload") == 0)
-                       nft_parse_payload(&ctx, expr);
-               else if (strcmp(name, "meta") == 0)
-                       nft_parse_meta(&ctx, expr);
-               else if (strcmp(name, "bitwise") == 0)
-                       nft_parse_bitwise(&ctx, expr);
-               else if (strcmp(name, "cmp") == 0)
-                       nft_parse_cmp(&ctx, expr);
-               else if (strcmp(name, "immediate") == 0)
-                       nft_parse_immediate(&ctx, expr);
-               else if (strcmp(name, "match") == 0)
-                       nft_parse_match(&ctx, expr);
-               else if (strcmp(name, "target") == 0)
-                       nft_parse_target(&ctx, expr);
-               else if (strcmp(name, "limit") == 0)
-                       nft_parse_limit(&ctx, expr);
-               else if (strcmp(name, "lookup") == 0)
-                       nft_parse_lookup(&ctx, h, expr);
-               else if (strcmp(name, "log") == 0)
-                       nft_parse_log(&ctx, expr);
-               else if (strcmp(name, "range") == 0)
-                       nft_parse_range(&ctx, expr);
-
-               if (ctx.errmsg) {
-                       fprintf(stderr, "Error: %s\n", ctx.errmsg);
-                       ctx.errmsg = NULL;
+               if (!nft_parse_rule_expr(h, expr, &ctx))
                         ret = false;
-               }
-
                 expr = nftnl_expr_iter_next(ctx.iter);
         }
  
diff --git a/iptables/nft-ruleparse.h b/iptables/nft-ruleparse.h

index 62c9160d7771151d8fb6525fd29253b797ba8ca2..0377e4ae17a6e96bb005fcef911102eea690e66a 100644 (file)
--- a/iptables/nft-ruleparse.h
+++ b/iptables/nft-ruleparse.h
@@ -133,4 +133,8 @@ int parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e, uint8_t key,
  int nft_parse_hl(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
                  struct iptables_command_state *cs);
  
+bool nft_parse_rule_expr(struct nft_handle *h,
+                        struct nftnl_expr *expr,
+                        struct nft_xt_ctx *ctx);
+
  #endif /* _NFT_RULEPARSE_H_ */
author	Phil Sutter <phil@nwl.cc>
	Wed, 31 Jul 2024 00:07:28 +0000 (02:07 +0200)
committer	Phil Sutter <phil@nwl.cc>
	Thu, 10 Apr 2025 16:45:43 +0000 (18:45 +0200)
iptables/nft-ruleparse.c		patch \| blob \| blame \| history
iptables/nft-ruleparse.h		patch \| blob \| blame \| history