* [PATCH iptables 1/3] tests: xlate: generalize owner
@ 2017-06-05 22:08 Pablo M. Bermudo Garay
2017-06-05 22:08 ` [PATCH iptables 2/3] libip6t_icmp6: xlate: remove leftover space Pablo M. Bermudo Garay
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Pablo M. Bermudo Garay @ 2017-06-05 22:08 UTC (permalink / raw)
To: netfilter-devel; +Cc: Pablo M. Bermudo Garay
The owner name was hard-coded in the owner extension translation test.
The translation process requires the user to exist in the system, so
this commit replaces it with the usual UID_MIN value (1000).
Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
---
extensions/libxt_owner.txlate | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/extensions/libxt_owner.txlate b/extensions/libxt_owner.txlate
index eeca168b..86fb0585 100644
--- a/extensions/libxt_owner.txlate
+++ b/extensions/libxt_owner.txlate
@@ -4,5 +4,5 @@ nft add rule ip nat OUTPUT tcp dport 80 skuid 0 counter accept
iptables-translate -t nat -A OUTPUT -p tcp --dport 80 -m owner --gid-owner 0-10 -j ACCEPT
nft add rule ip nat OUTPUT tcp dport 80 skgid 0-10 counter accept
-iptables-translate -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner pablo -j ACCEPT
+iptables-translate -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner 1000 -j ACCEPT
nft add rule ip nat OUTPUT tcp dport 80 skuid != 1000 counter accept
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH iptables 2/3] libip6t_icmp6: xlate: remove leftover space 2017-06-05 22:08 [PATCH iptables 1/3] tests: xlate: generalize owner Pablo M. Bermudo Garay @ 2017-06-05 22:08 ` Pablo M. Bermudo Garay 2017-06-06 15:43 ` Pablo Neira Ayuso 2017-06-05 22:08 ` [PATCH iptables 3/3] xtables-translate: fix double space before comment Pablo M. Bermudo Garay 2017-06-06 15:43 ` [PATCH iptables 1/3] tests: xlate: generalize owner Pablo Neira Ayuso 2 siblings, 1 reply; 6+ messages in thread From: Pablo M. Bermudo Garay @ 2017-06-05 22:08 UTC (permalink / raw) To: netfilter-devel; +Cc: Pablo M. Bermudo Garay This change should have been included in commit f035be35c749 ("xtables-translate: fix multiple spaces issue"), but was forgotten. Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> --- extensions/libip6t_icmp6.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c index b49a241d..37c2bcb8 100644 --- a/extensions/libip6t_icmp6.c +++ b/extensions/libip6t_icmp6.c @@ -282,8 +282,6 @@ static int icmp6_xlate(struct xt_xlate *xl, if (!type_xlate_print(xl, info->type, info->code[0], info->code[1])) return 0; - xt_xlate_add(xl, " "); - return 1; } -- 2.11.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH iptables 2/3] libip6t_icmp6: xlate: remove leftover space 2017-06-05 22:08 ` [PATCH iptables 2/3] libip6t_icmp6: xlate: remove leftover space Pablo M. Bermudo Garay @ 2017-06-06 15:43 ` Pablo Neira Ayuso 0 siblings, 0 replies; 6+ messages in thread From: Pablo Neira Ayuso @ 2017-06-06 15:43 UTC (permalink / raw) To: Pablo M. Bermudo Garay; +Cc: netfilter-devel On Tue, Jun 06, 2017 at 12:08:27AM +0200, Pablo M. Bermudo Garay wrote: > This change should have been included in commit f035be35c749 > ("xtables-translate: fix multiple spaces issue"), but was forgotten. Also applied, thanks. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH iptables 3/3] xtables-translate: fix double space before comment 2017-06-05 22:08 [PATCH iptables 1/3] tests: xlate: generalize owner Pablo M. Bermudo Garay 2017-06-05 22:08 ` [PATCH iptables 2/3] libip6t_icmp6: xlate: remove leftover space Pablo M. Bermudo Garay @ 2017-06-05 22:08 ` Pablo M. Bermudo Garay 2017-06-06 15:43 ` Pablo Neira Ayuso 2017-06-06 15:43 ` [PATCH iptables 1/3] tests: xlate: generalize owner Pablo Neira Ayuso 2 siblings, 1 reply; 6+ messages in thread From: Pablo M. Bermudo Garay @ 2017-06-05 22:08 UTC (permalink / raw) To: netfilter-devel; +Cc: Pablo M. Bermudo Garay When a comment translation immediately follows a counter statement, two spaces are printed between "counter" and "comment" keywords. The counter statement is almost always followed by a target, so we need to move the space following "counter" to the beginning of the target translation. Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> --- iptables/nft-ipv4.c | 2 +- iptables/nft-ipv6.c | 2 +- iptables/xtables-translate.c | 11 ++++++----- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index e5947a7c..cf311513 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -488,7 +488,7 @@ static int nft_ipv4_xlate(const void *data, struct xt_xlate *xl) return ret; /* Always add counters per rule, as in iptables */ - xt_xlate_add(xl, "counter "); + xt_xlate_add(xl, "counter"); ret = xlate_action(cs, !!(cs->fw.ip.flags & IPT_F_GOTO), xl); comment = xt_xlate_get_comment(xl); diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 9cf4058f..53526369 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -437,7 +437,7 @@ static int nft_ipv6_xlate(const void *data, struct xt_xlate *xl) return ret; /* Always add counters per rule, as in iptables */ - xt_xlate_add(xl, "counter "); + xt_xlate_add(xl, "counter"); ret = xlate_action(cs, !!(cs->fw6.ipv6.flags & IP6T_F_GOTO), xl); comment = xt_xlate_get_comment(xl); diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index e049f24e..3e6c7051 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -60,12 +60,13 @@ int xlate_action(const struct iptables_command_state *cs, bool goto_set, if (cs->target != NULL) { /* Standard target? */ if (strcmp(cs->jumpto, XTC_LABEL_ACCEPT) == 0) - xt_xlate_add(xl, "accept"); + xt_xlate_add(xl, " accept"); else if (strcmp(cs->jumpto, XTC_LABEL_DROP) == 0) - xt_xlate_add(xl, "drop"); + xt_xlate_add(xl, " drop"); else if (strcmp(cs->jumpto, XTC_LABEL_RETURN) == 0) - xt_xlate_add(xl, "return"); + xt_xlate_add(xl, " return"); else if (cs->target->xlate) { + xt_xlate_add(xl, " "); struct xt_xlate_tg_params params = { .ip = (const void *)&cs->fw, .target = cs->target->t, @@ -79,9 +80,9 @@ int xlate_action(const struct iptables_command_state *cs, bool goto_set, } else if (strlen(cs->jumpto) > 0) { /* Not standard, then it's a go / jump to chain */ if (goto_set) - xt_xlate_add(xl, "goto %s", cs->jumpto); + xt_xlate_add(xl, " goto %s", cs->jumpto); else - xt_xlate_add(xl, "jump %s", cs->jumpto); + xt_xlate_add(xl, " jump %s", cs->jumpto); } return ret; -- 2.11.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH iptables 3/3] xtables-translate: fix double space before comment 2017-06-05 22:08 ` [PATCH iptables 3/3] xtables-translate: fix double space before comment Pablo M. Bermudo Garay @ 2017-06-06 15:43 ` Pablo Neira Ayuso 0 siblings, 0 replies; 6+ messages in thread From: Pablo Neira Ayuso @ 2017-06-06 15:43 UTC (permalink / raw) To: Pablo M. Bermudo Garay; +Cc: netfilter-devel On Tue, Jun 06, 2017 at 12:08:28AM +0200, Pablo M. Bermudo Garay wrote: > When a comment translation immediately follows a counter statement, two > spaces are printed between "counter" and "comment" keywords. > > The counter statement is almost always followed by a target, so we need > to move the space following "counter" to the beginning of the target > translation. Neat, applied, thanks. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH iptables 1/3] tests: xlate: generalize owner 2017-06-05 22:08 [PATCH iptables 1/3] tests: xlate: generalize owner Pablo M. Bermudo Garay 2017-06-05 22:08 ` [PATCH iptables 2/3] libip6t_icmp6: xlate: remove leftover space Pablo M. Bermudo Garay 2017-06-05 22:08 ` [PATCH iptables 3/3] xtables-translate: fix double space before comment Pablo M. Bermudo Garay @ 2017-06-06 15:43 ` Pablo Neira Ayuso 2 siblings, 0 replies; 6+ messages in thread From: Pablo Neira Ayuso @ 2017-06-06 15:43 UTC (permalink / raw) To: Pablo M. Bermudo Garay; +Cc: netfilter-devel On Tue, Jun 06, 2017 at 12:08:26AM +0200, Pablo M. Bermudo Garay wrote: > The owner name was hard-coded in the owner extension translation test. > The translation process requires the user to exist in the system, so > this commit replaces it with the usual UID_MIN value (1000). Applied, thanks. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-06-06 15:43 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-06-05 22:08 [PATCH iptables 1/3] tests: xlate: generalize owner Pablo M. Bermudo Garay 2017-06-05 22:08 ` [PATCH iptables 2/3] libip6t_icmp6: xlate: remove leftover space Pablo M. Bermudo Garay 2017-06-06 15:43 ` Pablo Neira Ayuso 2017-06-05 22:08 ` [PATCH iptables 3/3] xtables-translate: fix double space before comment Pablo M. Bermudo Garay 2017-06-06 15:43 ` Pablo Neira Ayuso 2017-06-06 15:43 ` [PATCH iptables 1/3] tests: xlate: generalize owner Pablo Neira Ayuso
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.