xtables-arp: Integrate OPT_* defines into xshared.h

These defines are internal use only, so their actual value doesn't
matter as long as they're unique and inverse_for_options array items
match:

When negating a given option, the corresponding OPT_* value's bit is
used as an index into inverse_for_options to retrieve the corresponding
invflag. If zero, either negating or the option itself is not supported.
(In practice, a lookup for unsupported option won't happen as those are
caught by getopt_long()).

Since xtables-arp's OPT_* values change, adjust the local
inverse_for_options array accordingly.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/xshared.h b/iptables/xshared.h
index b0738b042e95aaf99b3700b8efc2135145fd149f..490b19ade510679b185957f281912a7f616b48ca 100644 (file)
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -29,6 +29,13 @@ enum {
        OPT_VIANAMEOUT  = 1 << 8,
        OPT_LINENUMBERS = 1 << 9,
        OPT_COUNTERS    = 1 << 10,
+       /* below are for arptables only */
+       OPT_S_MAC       = 1 << 11,
+       OPT_D_MAC       = 1 << 12,
+       OPT_H_LENGTH    = 1 << 13,
+       OPT_OPCODE      = 1 << 14,
+       OPT_H_TYPE      = 1 << 15,
+       OPT_P_TYPE      = 1 << 16,
 };
 
 enum {

diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 4949ddd3d486cb2eb1fdd01fe241cbcfdfcc89cb..8339b2cb6f38c1a29f4e6e229c0a76a4e821edd1 100644 (file)
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -57,23 +57,6 @@ typedef char arpt_chainlabel[32];
 
 #define OPTION_OFFSET 256
 
-#define OPT_NONE       0x00000U
-#define OPT_NUMERIC    0x00001U
-#define OPT_S_IP       0x00002U
-#define OPT_D_IP       0x00004U
-#define OPT_S_MAC      0x00008U
-#define OPT_D_MAC      0x00010U
-#define OPT_H_LENGTH   0x00020U
-#define OPT_P_LENGTH   0x00040U
-#define OPT_OPCODE     0x00080U
-#define OPT_H_TYPE     0x00100U
-#define OPT_P_TYPE     0x00200U
-#define OPT_JUMP       0x00400U
-#define OPT_VERBOSE    0x00800U
-#define OPT_VIANAMEIN  0x01000U
-#define OPT_VIANAMEOUT 0x02000U
-#define OPT_LINENUMBERS 0x04000U
-#define OPT_COUNTERS   0x08000U
 #define NUMBER_OF_OPT  16
 static const char optflags[NUMBER_OF_OPT]
 = { 'n', 's', 'd', 2, 3, 7, 8, 4, 5, 6, 'j', 'v', 'i', 'o', '0', 'c'};
@@ -132,24 +115,26 @@ struct xtables_globals arptables_globals = {
        .compat_rev             = nft_compatible_revision,
 };
 
-static int inverse_for_options[NUMBER_OF_OPT] =
+/* index relates to bit of each OPT_* value */
+static int inverse_for_options[] =
 {
 /* -n */ 0,
 /* -s */ ARPT_INV_SRCIP,
 /* -d */ ARPT_INV_TGTIP,
-/* 2 */ ARPT_INV_SRCDEVADDR,
-/* 3 */ ARPT_INV_TGTDEVADDR,
-/* -l */ ARPT_INV_ARPHLN,
-/* 8 */ 0,
-/* 4 */ ARPT_INV_ARPOP,
-/* 5 */ ARPT_INV_ARPHRD,
-/* 6 */ ARPT_INV_ARPPRO,
+/* -p */ 0,
 /* -j */ 0,
 /* -v */ 0,
+/* -x */ 0,
 /* -i */ ARPT_INV_VIA_IN,
 /* -o */ ARPT_INV_VIA_OUT,
 /*--line*/ 0,
 /* -c */ 0,
+/* 2 */ ARPT_INV_SRCDEVADDR,
+/* 3 */ ARPT_INV_TGTDEVADDR,
+/* -l */ ARPT_INV_ARPHLN,
+/* 4 */ ARPT_INV_ARPOP,
+/* 5 */ ARPT_INV_ARPHRD,
+/* 6 */ ARPT_INV_ARPPRO,
 };
 
 /* Primitive headers... */
@@ -747,14 +732,14 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
                        break;
                case 's':
                        check_inverse(optarg, &invert, &optind, argc);
-                       set_option(&options, OPT_S_IP, &cs.arp.arp.invflags,
+                       set_option(&options, OPT_SOURCE, &cs.arp.arp.invflags,
                                   invert);
                        shostnetworkmask = argv[optind-1];
                        break;
 
                case 'd':
                        check_inverse(optarg, &invert, &optind, argc);
-                       set_option(&options, OPT_D_IP, &cs.arp.arp.invflags,
+                       set_option(&options, OPT_DESTINATION, &cs.arp.arp.invflags,
                                   invert);
                        dhostnetworkmask = argv[optind-1];
                        break;
@@ -965,9 +950,9 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
                              "nothing appropriate following !");
 
        if (command & (CMD_REPLACE | CMD_INSERT | CMD_DELETE | CMD_APPEND)) {
-               if (!(options & OPT_D_IP))
+               if (!(options & OPT_DESTINATION))
                        dhostnetworkmask = "0.0.0.0/0";
-               if (!(options & OPT_S_IP))
+               if (!(options & OPT_SOURCE))
                        shostnetworkmask = "0.0.0.0/0";
        }