]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
xtables: merge {ip,arp}tables_command_state structs
authorPhil Sutter <phil@nwl.cc>
Thu, 19 Jul 2018 16:31:55 +0000 (18:31 +0200)
committerFlorian Westphal <fw@strlen.de>
Thu, 19 Jul 2018 20:16:15 +0000 (22:16 +0200)
Differences between both structs are marginal (apart from
arptables_command_state being much smaller), so merge them into one.
Struct iptables_command_state is already shared between iptables,
ip6tables and ebtables.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
iptables/nft-arp.c
iptables/nft-arp.h
iptables/nft-shared.c
iptables/nft-shared.h
iptables/xshared.h
iptables/xtables-arp.c
iptables/xtables-monitor.c

index 4eacc61bf4fc7eda14120d858a14b599b8944650..7b70ef22db8ae69df597b66f909d4507e1bf9fac 100644 (file)
@@ -139,8 +139,8 @@ static void print_mac_and_mask(const unsigned char *mac, const unsigned char *ma
 
 static int nft_arp_add(struct nftnl_rule *r, void *data)
 {
-       struct arptables_command_state *cs = data;
-       struct arpt_entry *fw = &cs->fw;
+       struct iptables_command_state *cs = data;
+       struct arpt_entry *fw = &cs->arp;
        uint32_t op;
        int ret = 0;
 
@@ -260,8 +260,8 @@ static uint16_t ipt_to_arpt_flags(uint8_t invflags)
 static void nft_arp_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
                               void *data)
 {
-       struct arptables_command_state *cs = data;
-       struct arpt_entry *fw = &cs->fw;
+       struct iptables_command_state *cs = data;
+       struct arpt_entry *fw = &cs->arp;
        uint8_t flags = 0;
 
        parse_meta(e, ctx->meta.key, fw->arp.iniface, fw->arp.iniface_mask,
@@ -273,7 +273,7 @@ static void nft_arp_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
 
 static void nft_arp_parse_target(struct xtables_target *target, void *data)
 {
-       struct arptables_command_state *cs = data;
+       struct iptables_command_state *cs = data;
 
        cs->target = target;
 }
@@ -281,7 +281,7 @@ static void nft_arp_parse_target(struct xtables_target *target, void *data)
 static void nft_arp_parse_immediate(const char *jumpto, bool nft_goto,
                                    void *data)
 {
-       struct arptables_command_state *cs = data;
+       struct iptables_command_state *cs = data;
 
        cs->jumpto = jumpto;
 }
@@ -294,8 +294,8 @@ static void parse_mask_ipv4(struct nft_xt_ctx *ctx, struct in_addr *mask)
 static void nft_arp_parse_payload(struct nft_xt_ctx *ctx,
                                  struct nftnl_expr *e, void *data)
 {
-       struct arptables_command_state *cs = data;
-       struct arpt_entry *fw = &cs->fw;
+       struct iptables_command_state *cs = data;
+       struct arpt_entry *fw = &cs->arp;
        struct in_addr addr;
        unsigned short int ar_hrd, ar_pro, ar_op, ar_hln;
        bool inv;
@@ -365,14 +365,14 @@ static void nft_arp_parse_payload(struct nft_xt_ctx *ctx,
        }
 }
 
-void nft_rule_to_arptables_command_state(struct nftnl_rule *r,
-                                        struct arptables_command_state *cs)
+void nft_rule_to_arptables_command_state(const struct nftnl_rule *r,
+                                        struct iptables_command_state *cs)
 {
        struct nftnl_expr_iter *iter;
        struct nftnl_expr *expr;
        int family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
        struct nft_xt_ctx ctx = {
-               .state.cs_arp = cs,
+               .state.cs = cs,
                .family = family,
        };
 
@@ -387,7 +387,7 @@ void nft_rule_to_arptables_command_state(struct nftnl_rule *r,
                        nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
 
                if (strcmp(name, "counter") == 0)
-                       nft_parse_counter(expr, &ctx.state.cs_arp->fw.counters);
+                       nft_parse_counter(expr, &ctx.state.cs->arp.counters);
                else if (strcmp(name, "payload") == 0)
                        nft_parse_payload(&ctx, expr);
                else if (strcmp(name, "meta") == 0)
@@ -581,27 +581,27 @@ static void
 nft_arp_print_firewall(struct nftnl_rule *r, unsigned int num,
                       unsigned int format)
 {
-       struct arptables_command_state cs = {};
+       struct iptables_command_state cs = {};
 
        nft_rule_to_arptables_command_state(r, &cs);
 
        if (format & FMT_LINENUMBERS)
                printf("%u ", num);
 
-       print_fw_details(&cs.fw, format);
+       print_fw_details(&cs.arp, format);
 
        if (cs.jumpto != NULL && strcmp(cs.jumpto, "") != 0) {
                printf("-j %s", cs.jumpto);
        } else if (cs.target) {
                printf("-j %s", cs.target->name);
-               cs.target->print(&cs.fw, cs.target->t, format & FMT_NUMERIC);
+               cs.target->print(&cs.arp, cs.target->t, format & FMT_NUMERIC);
        }
 
        if (!(format & FMT_NOCOUNTS)) {
                printf(", pcnt=");
-               xtables_print_num(cs.fw.counters.pcnt, format);
+               xtables_print_num(cs.arp.counters.pcnt, format);
                printf("-- bcnt=");
-               xtables_print_num(cs.fw.counters.bcnt, format);
+               xtables_print_num(cs.arp.counters.bcnt, format);
        }
 
        if (!(format & FMT_NONEWLINE))
@@ -637,13 +637,13 @@ static bool nft_arp_is_same(const void *data_a,
 static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nftnl_rule *r,
                              void *data)
 {
-       const struct arptables_command_state *cs = data;
-       struct arptables_command_state this = {};
+       const struct iptables_command_state *cs = data;
+       struct iptables_command_state this = {};
 
        /* Delete by matching rule case */
        nft_rule_to_arptables_command_state(r, &this);
 
-       if (!nft_arp_is_same(cs, &this))
+       if (!nft_arp_is_same(&cs->arp, &this.arp))
                return false;
 
        if (!compare_targets(cs->target, this.target))
index 05889b4941a2c21759bfc245fec753af3e684d0e..e33bb748035621fcab3bec2a30138f1bfef40cdc 100644 (file)
@@ -4,13 +4,7 @@
 extern char *opcodes[];
 #define NUMOPCODES 9
 
-struct arptables_command_state {
-       struct arpt_entry fw;
-       struct xtables_target *target;
-       const char *jumpto;
-};
-
-void nft_rule_to_arptables_command_state(struct nftnl_rule *r,
-                                        struct arptables_command_state *cs);
+void nft_rule_to_arptables_command_state(const struct nftnl_rule *r,
+                                        struct iptables_command_state *cs);
 
 #endif
index eb2af851dc11888eb18a04a140e1b3e05e7ee2de..0ff07bf3ef1e6f8277e49bbd81b6a06b38ddd220 100644 (file)
@@ -294,21 +294,6 @@ int parse_meta(struct nftnl_expr *e, uint8_t key, char *iniface,
        return 0;
 }
 
-static void *nft_get_data(struct nft_xt_ctx *ctx)
-{
-       switch(ctx->family) {
-       case NFPROTO_IPV4:
-       case NFPROTO_IPV6:
-       case NFPROTO_BRIDGE:
-               return ctx->state.cs;
-       case NFPROTO_ARP:
-               return ctx->state.cs_arp;
-       default:
-               /* Should not happen */
-               return NULL;
-       }
-}
-
 void nft_parse_target(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 {
        uint32_t tg_len;
@@ -318,7 +303,7 @@ void nft_parse_target(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
        struct xt_entry_target *t;
        size_t size;
        struct nft_family_ops *ops;
-       void *data = nft_get_data(ctx);
+       void *data = ctx->state.cs;
 
        target = xtables_find_target(targname, XTF_TRY_LOAD);
        if (target == NULL)
@@ -383,7 +368,7 @@ void nft_parse_match(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 
        ops = nft_family_ops_lookup(ctx->family);
        if (ops->parse_match != NULL)
-               ops->parse_match(match, nft_get_data(ctx));
+               ops->parse_match(match, ctx->state.cs);
 }
 
 void print_proto(uint16_t proto, int invert)
@@ -446,7 +431,7 @@ static void nft_meta_set_to_target(struct nft_xt_ctx *ctx)
        target->t = t;
 
        ops = nft_family_ops_lookup(ctx->family);
-       ops->parse_target(target, nft_get_data(ctx));
+       ops->parse_target(target, ctx->state.cs);
 }
 
 void nft_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
@@ -491,7 +476,7 @@ void nft_parse_bitwise(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 void nft_parse_cmp(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
 {
        struct nft_family_ops *ops = nft_family_ops_lookup(ctx->family);
-       void *data = nft_get_data(ctx);
+       void *data = ctx->state.cs;
        uint32_t reg;
 
        reg = nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_SREG);
@@ -521,7 +506,7 @@ void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
        struct nft_family_ops *ops;
        const char *jumpto = NULL;
        bool nft_goto = false;
-       void *data = nft_get_data(ctx);
+       void *data = ctx->state.cs;
        int verdict;
 
        if (nftnl_expr_is_set(e, NFTNL_EXPR_IMM_DATA)) {
@@ -563,7 +548,7 @@ void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
        ops->parse_immediate(jumpto, nft_goto, data);
 }
 
-void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
+void nft_rule_to_iptables_command_state(const struct nftnl_rule *r,
                                        struct iptables_command_state *cs)
 {
        struct nftnl_expr_iter *iter;
index d74eeb0063a74d09f2c8cef977a1bcdad9902a2e..18927a2981977ed959eb404b53fba7c794927892 100644 (file)
@@ -49,7 +49,6 @@ enum {
 struct nft_xt_ctx {
        union {
                struct iptables_command_state *cs;
-               struct arptables_command_state *cs_arp;
        } state;
        struct nftnl_expr_iter *iter;
        int family;
@@ -145,7 +144,7 @@ void nft_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
 void nft_parse_payload(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
 void nft_parse_counter(struct nftnl_expr *e, struct xt_counters *counters);
 void nft_parse_immediate(struct nft_xt_ctx *ctx, struct nftnl_expr *e);
-void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
+void nft_rule_to_iptables_command_state(const struct nftnl_rule *r,
                                        struct iptables_command_state *cs);
 void print_header(unsigned int format, const char *chain, const char *pol,
                  const struct xt_counters *counters, bool basechain,
index 01c0eb12abb569b37ccb5c91d76f9cfd3610a27c..533c52686bc292ac2f77f4a3fe67343fdf7515dc 100644 (file)
@@ -6,6 +6,7 @@
 #include <stdint.h>
 #include <netinet/in.h>
 #include <net/if.h>
+#include <linux/netfilter_arp/arp_tables.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
 
@@ -83,6 +84,7 @@ struct iptables_command_state {
                struct ebt_entry eb;
                struct ipt_entry fw;
                struct ip6t_entry fw6;
+               struct arpt_entry arp;
        };
        int invert;
        int c;
index ffe477868c8890847fdcab97a97bc31154ab4884..ce9e618b7049bc764cce06594e27d18396c9f1bf 100644 (file)
@@ -862,7 +862,7 @@ static int
 append_entry(struct nft_handle *h,
             const char *chain,
             const char *table,
-            struct arptables_command_state *cs,
+            struct iptables_command_state *cs,
             int rulenum,
             unsigned int nsaddrs,
             const struct in_addr saddrs[],
@@ -874,9 +874,9 @@ append_entry(struct nft_handle *h,
        int ret = 1;
 
        for (i = 0; i < nsaddrs; i++) {
-               cs->fw.arp.src.s_addr = saddrs[i].s_addr;
+               cs->arp.arp.src.s_addr = saddrs[i].s_addr;
                for (j = 0; j < ndaddrs; j++) {
-                       cs->fw.arp.tgt.s_addr = daddrs[j].s_addr;
+                       cs->arp.arp.tgt.s_addr = daddrs[j].s_addr;
                        if (append) {
                                ret = nft_rule_append(h, chain, table, cs, 0,
                                                      verbose);
@@ -893,14 +893,14 @@ append_entry(struct nft_handle *h,
 static int
 replace_entry(const char *chain,
              const char *table,
-             struct arptables_command_state *cs,
+             struct iptables_command_state *cs,
              unsigned int rulenum,
              const struct in_addr *saddr,
              const struct in_addr *daddr,
              bool verbose, struct nft_handle *h)
 {
-       cs->fw.arp.src.s_addr = saddr->s_addr;
-       cs->fw.arp.tgt.s_addr = daddr->s_addr;
+       cs->arp.arp.src.s_addr = saddr->s_addr;
+       cs->arp.arp.tgt.s_addr = daddr->s_addr;
 
        return nft_rule_replace(h, chain, table, cs, rulenum, verbose);
 }
@@ -908,7 +908,7 @@ replace_entry(const char *chain,
 static int
 delete_entry(const char *chain,
             const char *table,
-            struct arptables_command_state *cs,
+            struct iptables_command_state *cs,
             unsigned int nsaddrs,
             const struct in_addr saddrs[],
             unsigned int ndaddrs,
@@ -919,9 +919,9 @@ delete_entry(const char *chain,
        int ret = 1;
 
        for (i = 0; i < nsaddrs; i++) {
-               cs->fw.arp.src.s_addr = saddrs[i].s_addr;
+               cs->arp.arp.src.s_addr = saddrs[i].s_addr;
                for (j = 0; j < ndaddrs; j++) {
-                       cs->fw.arp.tgt.s_addr = daddrs[j].s_addr;
+                       cs->arp.arp.tgt.s_addr = daddrs[j].s_addr;
                        ret = nft_rule_delete(h, chain, table, cs, verbose);
                }
        }
@@ -931,7 +931,7 @@ delete_entry(const char *chain,
 
 int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 {
-       struct arptables_command_state cs = {
+       struct iptables_command_state cs = {
                .jumpto = "",
        };
        int invert = 0;
@@ -1088,47 +1088,47 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
                        break;
                case 's':
                        check_inverse(optarg, &invert, &optind, argc);
-                       set_option(&options, OPT_S_IP, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_S_IP, &cs.arp.arp.invflags,
                                   invert);
                        shostnetworkmask = argv[optind-1];
                        break;
 
                case 'd':
                        check_inverse(optarg, &invert, &optind, argc);
-                       set_option(&options, OPT_D_IP, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_D_IP, &cs.arp.arp.invflags,
                                   invert);
                        dhostnetworkmask = argv[optind-1];
                        break;
 
                case 2:/* src-mac */
                        check_inverse(optarg, &invert, &optind, argc);
-                       set_option(&options, OPT_S_MAC, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_S_MAC, &cs.arp.arp.invflags,
                                   invert);
                        if (getmac_and_mask(argv[optind - 1],
-                           cs.fw.arp.src_devaddr.addr, cs.fw.arp.src_devaddr.mask))
+                           cs.arp.arp.src_devaddr.addr, cs.arp.arp.src_devaddr.mask))
                                xtables_error(PARAMETER_PROBLEM, "Problem with specified "
                                                "source mac");
                        break;
 
                case 3:/* dst-mac */
                        check_inverse(optarg, &invert, &optind, argc);
-                       set_option(&options, OPT_D_MAC, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_D_MAC, &cs.arp.arp.invflags,
                                   invert);
 
                        if (getmac_and_mask(argv[optind - 1],
-                           cs.fw.arp.tgt_devaddr.addr, cs.fw.arp.tgt_devaddr.mask))
+                           cs.arp.arp.tgt_devaddr.addr, cs.arp.arp.tgt_devaddr.mask))
                                xtables_error(PARAMETER_PROBLEM, "Problem with specified "
                                                "destination mac");
                        break;
 
                case 'l':/* hardware length */
                        check_inverse(optarg, &invert, &optind, argc);
-                       set_option(&options, OPT_H_LENGTH, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_H_LENGTH, &cs.arp.arp.invflags,
                                   invert);
-                       getlength_and_mask(argv[optind - 1], &cs.fw.arp.arhln,
-                                          &cs.fw.arp.arhln_mask);
+                       getlength_and_mask(argv[optind - 1], &cs.arp.arp.arhln,
+                                          &cs.arp.arp.arhln_mask);
 
-                       if (cs.fw.arp.arhln != 6) {
+                       if (cs.arp.arp.arhln != 6) {
                                xtables_error(PARAMETER_PROBLEM,
                                              "Only harware address length of"
                                              " 6 is supported currently.");
@@ -1140,20 +1140,20 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
                        xtables_error(PARAMETER_PROBLEM, "not supported");
 /*
                        check_inverse(optarg, &invert, &optind, argc);
-                       set_option(&options, OPT_P_LENGTH, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_P_LENGTH, &cs.arp.arp.invflags,
                                   invert);
 
-                       getlength_and_mask(argv[optind - 1], &cs.fw.arp.arpln,
-                                          &cs.fw.arp.arpln_mask);
+                       getlength_and_mask(argv[optind - 1], &cs.arp.arp.arpln,
+                                          &cs.arp.arp.arpln_mask);
                        break;
 */
 
                case 4:/* opcode */
                        check_inverse(optarg, &invert, &optind, argc);
-                       set_option(&options, OPT_OPCODE, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_OPCODE, &cs.arp.arp.invflags,
                                   invert);
-                       if (get16_and_mask(argv[optind - 1], &cs.fw.arp.arpop,
-                                          &cs.fw.arp.arpop_mask, 10)) {
+                       if (get16_and_mask(argv[optind - 1], &cs.arp.arp.arpop,
+                                          &cs.arp.arp.arpop_mask, 10)) {
                                int i;
 
                                for (i = 0; i < NUMOPCODES; i++)
@@ -1161,65 +1161,65 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
                                                break;
                                if (i == NUMOPCODES)
                                        xtables_error(PARAMETER_PROBLEM, "Problem with specified opcode");
-                               cs.fw.arp.arpop = htons(i+1);
+                               cs.arp.arp.arpop = htons(i+1);
                        }
                        break;
 
                case 5:/* h-type */
                        check_inverse(optarg, &invert, &optind, argc);
-                       set_option(&options, OPT_H_TYPE, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_H_TYPE, &cs.arp.arp.invflags,
                                   invert);
-                       if (get16_and_mask(argv[optind - 1], &cs.fw.arp.arhrd,
-                                          &cs.fw.arp.arhrd_mask, 16)) {
+                       if (get16_and_mask(argv[optind - 1], &cs.arp.arp.arhrd,
+                                          &cs.arp.arp.arhrd_mask, 16)) {
                                if (strcasecmp(argv[optind-1], "Ethernet"))
                                        xtables_error(PARAMETER_PROBLEM, "Problem with specified hardware type");
-                               cs.fw.arp.arhrd = htons(1);
+                               cs.arp.arp.arhrd = htons(1);
                        }
                        break;
 
                case 6:/* proto-type */
                        check_inverse(optarg, &invert, &optind, argc);
-                       set_option(&options, OPT_P_TYPE, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_P_TYPE, &cs.arp.arp.invflags,
                                   invert);
-                       if (get16_and_mask(argv[optind - 1], &cs.fw.arp.arpro,
-                                          &cs.fw.arp.arpro_mask, 0)) {
+                       if (get16_and_mask(argv[optind - 1], &cs.arp.arp.arpro,
+                                          &cs.arp.arp.arpro_mask, 0)) {
                                if (strcasecmp(argv[optind-1], "ipv4"))
                                        xtables_error(PARAMETER_PROBLEM, "Problem with specified protocol type");
-                               cs.fw.arp.arpro = htons(0x800);
+                               cs.arp.arp.arpro = htons(0x800);
                        }
                        break;
 
                case 'j':
-                       set_option(&options, OPT_JUMP, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_JUMP, &cs.arp.arp.invflags,
                                   invert);
                        cs.jumpto = parse_target(optarg);
-                       cs.target = command_jump(&cs.fw, cs.jumpto);
+                       cs.target = command_jump(&cs.arp, cs.jumpto);
                        break;
 
                case 'i':
                        check_inverse(optarg, &invert, &optind, argc);
-                       set_option(&options, OPT_VIANAMEIN, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_VIANAMEIN, &cs.arp.arp.invflags,
                                   invert);
                        parse_interface(argv[optind-1],
-                                       cs.fw.arp.iniface,
-                                       cs.fw.arp.iniface_mask);
-/*                     cs.fw.nfcache |= NFC_IP_IF_IN; */
+                                       cs.arp.arp.iniface,
+                                       cs.arp.arp.iniface_mask);
+/*                     cs.arp.nfcache |= NFC_IP_IF_IN; */
                        break;
 
                case 'o':
                        check_inverse(optarg, &invert, &optind, argc);
-                       set_option(&options, OPT_VIANAMEOUT, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_VIANAMEOUT, &cs.arp.arp.invflags,
                                   invert);
                        parse_interface(argv[optind-1],
-                                       cs.fw.arp.outiface,
-                                       cs.fw.arp.outiface_mask);
-                       /* cs.fw.nfcache |= NFC_IP_IF_OUT; */
+                                       cs.arp.arp.outiface,
+                                       cs.arp.arp.outiface_mask);
+                       /* cs.arp.nfcache |= NFC_IP_IF_OUT; */
                        break;
 
                case 'v':
                        if (!verbose)
                                set_option(&options, OPT_VERBOSE,
-                                          &cs.fw.arp.invflags, invert);
+                                          &cs.arp.arp.invflags, invert);
                        verbose++;
                        break;
 
@@ -1242,7 +1242,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
                break;
 
                case 'n':
-                       set_option(&options, OPT_NUMERIC, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_NUMERIC, &cs.arp.arp.invflags,
                                   invert);
                        break;
 
@@ -1262,7 +1262,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
                        exit(0);
 
                case '0':
-                       set_option(&options, OPT_LINENUMBERS, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_LINENUMBERS, &cs.arp.arp.invflags,
                                   invert);
                        break;
 
@@ -1272,7 +1272,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 
                case 'c':
 
-                       set_option(&options, OPT_COUNTERS, &cs.fw.arp.invflags,
+                       set_option(&options, OPT_COUNTERS, &cs.arp.arp.invflags,
                                   invert);
                        pcnt = optarg;
                        if (xs_has_arg(argc, argv))
@@ -1282,12 +1282,12 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
                                              "-%c requires packet and byte counter",
                                              opt2char(OPT_COUNTERS));
 
-                       if (sscanf(pcnt, "%llu", &cs.fw.counters.pcnt) != 1)
+                       if (sscanf(pcnt, "%llu", &cs.arp.counters.pcnt) != 1)
                        xtables_error(PARAMETER_PROBLEM,
                                "-%c packet counter not numeric",
                                opt2char(OPT_COUNTERS));
 
-                       if (sscanf(bcnt, "%llu", &cs.fw.counters.bcnt) != 1)
+                       if (sscanf(bcnt, "%llu", &cs.arp.counters.bcnt) != 1)
                                xtables_error(PARAMETER_PROBLEM,
                                              "-%c byte counter not numeric",
                                              opt2char(OPT_COUNTERS));
@@ -1311,7 +1311,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
                default:
                        if (cs.target) {
                                xtables_option_tpcall(c, argv,
-                                                     invert, cs.target, &cs.fw);
+                                                     invert, cs.target, &cs.arp);
                        }
                        break;
                }
@@ -1339,14 +1339,14 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 
        if (shostnetworkmask)
                parse_hostnetworkmask(shostnetworkmask, &saddrs,
-                                     &(cs.fw.arp.smsk), &nsaddrs);
+                                     &(cs.arp.arp.smsk), &nsaddrs);
 
        if (dhostnetworkmask)
                parse_hostnetworkmask(dhostnetworkmask, &daddrs,
-                                     &(cs.fw.arp.tmsk), &ndaddrs);
+                                     &(cs.arp.arp.tmsk), &ndaddrs);
 
        if ((nsaddrs > 1 || ndaddrs > 1) &&
-           (cs.fw.arp.invflags & (ARPT_INV_SRCIP | ARPT_INV_TGTIP)))
+           (cs.arp.arp.invflags & (ARPT_INV_SRCIP | ARPT_INV_TGTIP)))
                xtables_error(PARAMETER_PROBLEM, "! not allowed with multiple"
                                " source or destination IP addresses");
 
index dd3803000053350875f961024651085fbc3c45be..e491b4db82bd7a2af9f0be3deca9a7034eaf7c1d 100644 (file)
@@ -73,12 +73,10 @@ static bool events;
 
 static int rule_cb(const struct nlmsghdr *nlh, void *data)
 {
-       struct arptables_command_state cs_arp = {};
        struct iptables_command_state cs = {};
        uint32_t type = nlh->nlmsg_type & 0xFF;
        const struct cb_arg *arg = data;
        struct nftnl_rule *r;
-       void *fw = NULL;
        uint8_t family;
 
        r = nftnl_rule_alloc();
@@ -99,19 +97,17 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data)
        case AF_INET6:
                printf("-%c ", family == AF_INET ? '4' : '6');
                nft_rule_to_iptables_command_state(r, &cs);
-               fw = &cs;
                break;
        case NFPROTO_ARP:
                printf("-0 ");
-               nft_rule_to_arptables_command_state(r, &cs_arp);
-               fw = &cs_arp;
+               nft_rule_to_arptables_command_state(r, &cs);
                break;
        default:
                goto err_free;
        }
 
        printf("-t %s ", nftnl_rule_get_str(r, NFTNL_RULE_TABLE));
-       nft_rule_print_save(fw, r,
+       nft_rule_print_save(&cs, r,
                            type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND :
                                                           NFT_RULE_DEL,
                            counters ? 0 : FMT_NOCOUNTS);