All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH iptables] fix wrong headername in ipv6header for protocols
@ 2015-07-16 13:54 Andreas Herz
  2015-07-20  7:21 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: Andreas Herz @ 2015-07-16 13:54 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Andreas Herz

In the --help output and manpage for ipv6header the name for upper layer
protocol headers was "proto", while in the code itself it's "prot" for
the short form. Fixed by changing manpage and help output.

Signed-off-by: Andreas Herz <andi@geekosphere.org>
---
 extensions/libip6t_ipv6header.c   | 2 +-
 extensions/libip6t_ipv6header.man | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
index 00d5d5b..6f03087 100644
--- a/extensions/libip6t_ipv6header.c
+++ b/extensions/libip6t_ipv6header.c
@@ -127,7 +127,7 @@ static void ipv6header_help(void)
 	printf(
 "ipv6header match options:\n"
 "[!] --header headers     Type of header to match, by name\n"
-"                         names: hop,dst,route,frag,auth,esp,none,proto\n"
+"                         names: hop,dst,route,frag,auth,esp,none,prot\n"
 "                    long names: hop-by-hop,ipv6-opts,ipv6-route,\n"
 "                                ipv6-frag,ah,esp,ipv6-nonxt,protocol\n"
 "                       numbers: 0,60,43,44,51,50,59\n"
diff --git a/extensions/libip6t_ipv6header.man b/extensions/libip6t_ipv6header.man
index a998861..807d9ab 100644
--- a/extensions/libip6t_ipv6header.man
+++ b/extensions/libip6t_ipv6header.man
@@ -31,7 +31,7 @@ Encapsulating Security Payload header
 No Next header which matches 59 in the 'Next Header field' of IPv6 header or
 any IPv6 extension headers
 .TP
-\fBproto\fP
+\fBprot\fP
 which matches any upper layer protocol header. A protocol name from
 /etc/protocols and numeric value also allowed. The number 255 is equivalent to
-\fBproto\fP.
+\fBprot\fP.
-- 
2.3.6


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH iptables] fix wrong headername in ipv6header for protocols
  2015-07-16 13:54 [PATCH iptables] fix wrong headername in ipv6header for protocols Andreas Herz
@ 2015-07-20  7:21 ` Pablo Neira Ayuso
  2015-07-20 14:29   ` Andreas Herz
  0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2015-07-20  7:21 UTC (permalink / raw)
  To: Andreas Herz; +Cc: netfilter-devel

On Thu, Jul 16, 2015 at 03:54:19PM +0200, Andreas Herz wrote:
> In the --help output and manpage for ipv6header the name for upper layer
> protocol headers was "proto", while in the code itself it's "prot" for
> the short form. Fixed by changing manpage and help output.
> 
> Signed-off-by: Andreas Herz <andi@geekosphere.org>
> ---
>  extensions/libip6t_ipv6header.c   | 2 +-
>  extensions/libip6t_ipv6header.man | 4 ++--
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
> index 00d5d5b..6f03087 100644
> --- a/extensions/libip6t_ipv6header.c
> +++ b/extensions/libip6t_ipv6header.c
> @@ -127,7 +127,7 @@ static void ipv6header_help(void)
>  	printf(
>  "ipv6header match options:\n"
>  "[!] --header headers     Type of header to match, by name\n"
> -"                         names: hop,dst,route,frag,auth,esp,none,proto\n"
> +"                         names: hop,dst,route,frag,auth,esp,none,prot\n"
>  "                    long names: hop-by-hop,ipv6-opts,ipv6-route,\n"
>  "                                ipv6-frag,ah,esp,ipv6-nonxt,protocol\n"
>  "                       numbers: 0,60,43,44,51,50,59\n"

I can read this from the code:

static const struct pprot chain_protos[] = {
        { "protocol", IPPROTO_RAW },
...
        { "prot", IPPROTO_RAW },

Could you clarify what you're seeing there? Thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH iptables] fix wrong headername in ipv6header for protocols
  2015-07-20  7:21 ` Pablo Neira Ayuso
@ 2015-07-20 14:29   ` Andreas Herz
  2015-07-20 15:42     ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: Andreas Herz @ 2015-07-20 14:29 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel

On 20/07/15 at 09:21, Pablo Neira Ayuso wrote:
> On Thu, Jul 16, 2015 at 03:54:19PM +0200, Andreas Herz wrote:
> > In the --help output and manpage for ipv6header the name for upper layer
> > protocol headers was "proto", while in the code itself it's "prot" for
> > the short form. Fixed by changing manpage and help output.
> > 
> > Signed-off-by: Andreas Herz <andi@geekosphere.org>
> > ---
> >  extensions/libip6t_ipv6header.c   | 2 +-
> >  extensions/libip6t_ipv6header.man | 4 ++--
> >  2 files changed, 3 insertions(+), 3 deletions(-)
> > 
> > diff --git a/extensions/libip6t_ipv6header.c b/extensions/libip6t_ipv6header.c
> > index 00d5d5b..6f03087 100644
> > --- a/extensions/libip6t_ipv6header.c
> > +++ b/extensions/libip6t_ipv6header.c
> > @@ -127,7 +127,7 @@ static void ipv6header_help(void)
> >  	printf(
> >  "ipv6header match options:\n"
> >  "[!] --header headers     Type of header to match, by name\n"
> > -"                         names: hop,dst,route,frag,auth,esp,none,proto\n"
> > +"                         names: hop,dst,route,frag,auth,esp,none,prot\n"
> >  "                    long names: hop-by-hop,ipv6-opts,ipv6-route,\n"
> >  "                                ipv6-frag,ah,esp,ipv6-nonxt,protocol\n"
> >  "                       numbers: 0,60,43,44,51,50,59\n"
> 
> I can read this from the code:
> 
> static const struct pprot chain_protos[] = {
>         { "protocol", IPPROTO_RAW },
> ...
>         { "prot", IPPROTO_RAW },
> 
> Could you clarify what you're seeing there? Thanks.

It's exactly the issue :) as you can see "protocol" and "prot" (without
_o_ at the end) but the manpage and the help from iptables say
"protocol" and "proto" (with _o_ at the end).

I recognized the issue while playing around with this extension:

 ip6tables -m ipv6header --help
 [snip]
 [!] --header headers     Type of header to match, by name
                          names: hop,dst,route,frag,auth,esp,none,proto

As you can see the output of names with "proto" is not correct.
Same with the manpage. They don't work:

 ip6tables -I INPUT -m ipv6header ! --header proto -j DROP

results in:

 ip6tables v1.4.21: unknown header `proto' specified

It's just "prot" as you found yourself in the code.
Thus i thougt to patch the wrong part in the manpage and help section.

-- 
Andreas Herz

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH iptables] fix wrong headername in ipv6header for protocols
  2015-07-20 14:29   ` Andreas Herz
@ 2015-07-20 15:42     ` Pablo Neira Ayuso
  0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2015-07-20 15:42 UTC (permalink / raw)
  To: Andreas Herz; +Cc: netfilter-devel

On Mon, Jul 20, 2015 at 04:29:34PM +0200, Andreas Herz wrote:
> On 20/07/15 at 09:21, Pablo Neira Ayuso wrote:
[...]
> > I can read this from the code:
> > 
> > static const struct pprot chain_protos[] = {
> >         { "protocol", IPPROTO_RAW },
> > ...
> >         { "prot", IPPROTO_RAW },
> > 
> > Could you clarify what you're seeing there? Thanks.
> 
> It's exactly the issue :) as you can see "protocol" and "prot" (without
> _o_ at the end) but the manpage and the help from iptables say
> "protocol" and "proto" (with _o_ at the end).

I see, thanks for explaining. Applied.


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-07-20 15:36 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-16 13:54 [PATCH iptables] fix wrong headername in ipv6header for protocols Andreas Herz
2015-07-20  7:21 ` Pablo Neira Ayuso
2015-07-20 14:29   ` Andreas Herz
2015-07-20 15:42     ` Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.