@@ -887,6 +887,45 @@ static void nft_parse_range(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
}
}
+bool nft_parse_rule_expr(struct nft_handle *h,
+ struct nftnl_expr *expr,
+ struct nft_xt_ctx *ctx)
+{
+ const char *name = nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
+
+ if (strcmp(name, "counter") == 0)
+ nft_parse_counter(expr, &ctx->cs->counters);
+ else if (strcmp(name, "payload") == 0)
+ nft_parse_payload(ctx, expr);
+ else if (strcmp(name, "meta") == 0)
+ nft_parse_meta(ctx, expr);
+ else if (strcmp(name, "bitwise") == 0)
+ nft_parse_bitwise(ctx, expr);
+ else if (strcmp(name, "cmp") == 0)
+ nft_parse_cmp(ctx, expr);
+ else if (strcmp(name, "immediate") == 0)
+ nft_parse_immediate(ctx, expr);
+ else if (strcmp(name, "match") == 0)
+ nft_parse_match(ctx, expr);
+ else if (strcmp(name, "target") == 0)
+ nft_parse_target(ctx, expr);
+ else if (strcmp(name, "limit") == 0)
+ nft_parse_limit(ctx, expr);
+ else if (strcmp(name, "lookup") == 0)
+ nft_parse_lookup(ctx, h, expr);
+ else if (strcmp(name, "log") == 0)
+ nft_parse_log(ctx, expr);
+ else if (strcmp(name, "range") == 0)
+ nft_parse_range(ctx, expr);
+
+ if (ctx->errmsg) {
+ fprintf(stderr, "Error: %s\n", ctx->errmsg);
+ ctx->errmsg = NULL;
+ return false;
+ }
+ return true;
+}
+
bool nft_rule_to_iptables_command_state(struct nft_handle *h,
const struct nftnl_rule *r,
struct iptables_command_state *cs)
@@ -905,40 +944,8 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h,
expr = nftnl_expr_iter_next(ctx.iter);
while (expr != NULL) {
- const char *name =
- nftnl_expr_get_str(expr, NFTNL_EXPR_NAME);
-
- if (strcmp(name, "counter") == 0)
- nft_parse_counter(expr, &ctx.cs->counters);
- else if (strcmp(name, "payload") == 0)
- nft_parse_payload(&ctx, expr);
- else if (strcmp(name, "meta") == 0)
- nft_parse_meta(&ctx, expr);
- else if (strcmp(name, "bitwise") == 0)
- nft_parse_bitwise(&ctx, expr);
- else if (strcmp(name, "cmp") == 0)
- nft_parse_cmp(&ctx, expr);
- else if (strcmp(name, "immediate") == 0)
- nft_parse_immediate(&ctx, expr);
- else if (strcmp(name, "match") == 0)
- nft_parse_match(&ctx, expr);
- else if (strcmp(name, "target") == 0)
- nft_parse_target(&ctx, expr);
- else if (strcmp(name, "limit") == 0)
- nft_parse_limit(&ctx, expr);
- else if (strcmp(name, "lookup") == 0)
- nft_parse_lookup(&ctx, h, expr);
- else if (strcmp(name, "log") == 0)
- nft_parse_log(&ctx, expr);
- else if (strcmp(name, "range") == 0)
- nft_parse_range(&ctx, expr);
-
- if (ctx.errmsg) {
- fprintf(stderr, "Error: %s\n", ctx.errmsg);
- ctx.errmsg = NULL;
+ if (!nft_parse_rule_expr(h, expr, &ctx))
ret = false;
- }
-
expr = nftnl_expr_iter_next(ctx.iter);
}
@@ -133,4 +133,8 @@ int parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e, uint8_t key,
int nft_parse_hl(struct nft_xt_ctx *ctx, struct nftnl_expr *e,
struct iptables_command_state *cs);
+bool nft_parse_rule_expr(struct nft_handle *h,
+ struct nftnl_expr *expr,
+ struct nft_xt_ctx *ctx);
+
#endif /* _NFT_RULEPARSE_H_ */
Extract the parsing of one expression into a separate function and export it, preparing for following code changes. Signed-off-by: Phil Sutter <phil@nwl.cc> --- iptables/nft-ruleparse.c | 73 ++++++++++++++++++++++------------------ iptables/nft-ruleparse.h | 4 +++ 2 files changed, 44 insertions(+), 33 deletions(-)