All of lore.kernel.org
 help / color / mirror / Atom feed
* [iptables PATCH 1/3] extensions: Fix ipvs vproto parsing
@ 2019-02-21 19:09 Phil Sutter
  2019-02-21 19:09 ` [iptables PATCH 2/3] extensions: Fix ipvs vproto option printing Phil Sutter
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Phil Sutter @ 2019-02-21 19:09 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel

This was broken by integration into guided option parser:

* Make 'vproto' option XTTYPE_PROTOCOL, otherwise its arguments are
  parsed as garbage only.

* Drop O_VPROTO case from ipvs_mt_parse(), due to XTOPT_POINTER() and
  above change there is nothing to do for it in there.

Fixes: 372203af4c70f ("libxt_ipvs: use guided option parser")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 extensions/libxt_ipvs.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/extensions/libxt_ipvs.c b/extensions/libxt_ipvs.c
index a6c57a030d2c6..fe98fef951686 100644
--- a/extensions/libxt_ipvs.c
+++ b/extensions/libxt_ipvs.c
@@ -27,7 +27,7 @@ enum {
 static const struct xt_option_entry ipvs_mt_opts[] = {
 	{.name = "ipvs", .id = O_IPVS, .type = XTTYPE_NONE,
 	 .flags = XTOPT_INVERT},
-	{.name = "vproto", .id = O_VPROTO, .type = XTTYPE_STRING,
+	{.name = "vproto", .id = O_VPROTO, .type = XTTYPE_PROTOCOL,
 	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, l4proto)},
 	{.name = "vaddr", .id = O_VADDR, .type = XTTYPE_HOSTMASK,
 	 .flags = XTOPT_INVERT},
@@ -69,9 +69,6 @@ static void ipvs_mt_parse(struct xt_option_call *cb)
 
 	xtables_option_parse(cb);
 	switch (cb->entry->id) {
-	case O_VPROTO:
-		data->l4proto = cb->val.protocol;
-		break;
 	case O_VADDR:
 		memcpy(&data->vaddr, &cb->val.haddr, sizeof(cb->val.haddr));
 		memcpy(&data->vmask, &cb->val.hmask, sizeof(cb->val.hmask));
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [iptables PATCH 2/3] extensions: Fix ipvs vproto option printing
  2019-02-21 19:09 [iptables PATCH 1/3] extensions: Fix ipvs vproto parsing Phil Sutter
@ 2019-02-21 19:09 ` Phil Sutter
  2019-02-21 19:09 ` [iptables PATCH 3/3] extensions: Add testcase for libxt_ipvs Phil Sutter
  2019-02-24 14:37 ` [iptables PATCH 1/3] extensions: Fix ipvs vproto parsing Julian Anastasov
  2 siblings, 0 replies; 4+ messages in thread
From: Phil Sutter @ 2019-02-21 19:09 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel

This was broken since day 1: vproto option was printed as 'proto' which
in turn iptables wouldn't accept anymore.

Fixes: c36d05e424069 ("libxt_ipvs: user-space lib for netfilter matcher xt_ipvs")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 extensions/libxt_ipvs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/libxt_ipvs.c b/extensions/libxt_ipvs.c
index fe98fef951686..51952be4245b3 100644
--- a/extensions/libxt_ipvs.c
+++ b/extensions/libxt_ipvs.c
@@ -165,7 +165,7 @@ static void ipvs_mt_dump(const void *ip, const struct xt_ipvs_mtinfo *data,
 	if (data->bitmask & XT_IPVS_PROTO) {
 		if (data->invert & XT_IPVS_PROTO)
 			printf(" !");
-		printf(" %sproto %u", prefix, data->l4proto);
+		printf(" %svproto %u", prefix, data->l4proto);
 	}
 
 	if (data->bitmask & XT_IPVS_VADDR) {
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [iptables PATCH 3/3] extensions: Add testcase for libxt_ipvs
  2019-02-21 19:09 [iptables PATCH 1/3] extensions: Fix ipvs vproto parsing Phil Sutter
  2019-02-21 19:09 ` [iptables PATCH 2/3] extensions: Fix ipvs vproto option printing Phil Sutter
@ 2019-02-21 19:09 ` Phil Sutter
  2019-02-24 14:37 ` [iptables PATCH 1/3] extensions: Fix ipvs vproto parsing Julian Anastasov
  2 siblings, 0 replies; 4+ messages in thread
From: Phil Sutter @ 2019-02-21 19:09 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel

Given that it is fixed now, make it stay.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 extensions/libxt_ipvs.t | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 extensions/libxt_ipvs.t

diff --git a/extensions/libxt_ipvs.t b/extensions/libxt_ipvs.t
new file mode 100644
index 0000000000000..c2acc6668d1b2
--- /dev/null
+++ b/extensions/libxt_ipvs.t
@@ -0,0 +1,20 @@
+:INPUT,FORWARD,OUTPUT
+-m ipvs --ipvs;=;OK
+-m ipvs ! --ipvs;=;OK
+-m ipvs --vproto tcp;-m ipvs --vproto 6;OK
+-m ipvs ! --vproto TCP;-m ipvs ! --vproto 6;OK
+-m ipvs --vproto 23;=;OK
+-m ipvs --vaddr 1.2.3.4;=;OK
+-m ipvs ! --vaddr 1.2.3.4/255.255.255.0;-m ipvs ! --vaddr 1.2.3.4/24;OK
+-m ipvs --vport http;-m ipvs --vport 80;OK
+-m ipvs ! --vport ssh;-m ipvs ! --vport 22;OK
+-m ipvs --vport 22;=;OK
+-m ipvs ! --vport 443;=;OK
+-m ipvs --vdir ORIGINAL;=;OK
+-m ipvs --vdir REPLY;=;OK
+-m ipvs --vmethod GATE;=;OK
+-m ipvs ! --vmethod IPIP;=;OK
+-m ipvs --vmethod MASQ;=;OK
+-m ipvs --vportctl 21;=;OK
+-m ipvs ! --vportctl 21;=;OK
+-m ipvs --vproto 6 --vaddr 1.2.3.4/16 --vport 22 --vdir ORIGINAL --vmethod GATE;=;OK
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [iptables PATCH 1/3] extensions: Fix ipvs vproto parsing
  2019-02-21 19:09 [iptables PATCH 1/3] extensions: Fix ipvs vproto parsing Phil Sutter
  2019-02-21 19:09 ` [iptables PATCH 2/3] extensions: Fix ipvs vproto option printing Phil Sutter
  2019-02-21 19:09 ` [iptables PATCH 3/3] extensions: Add testcase for libxt_ipvs Phil Sutter
@ 2019-02-24 14:37 ` Julian Anastasov
  2 siblings, 0 replies; 4+ messages in thread
From: Julian Anastasov @ 2019-02-24 14:37 UTC (permalink / raw)
  To: Phil Sutter; +Cc: Pablo Neira Ayuso, netfilter-devel


	Hello,

On Thu, 21 Feb 2019, Phil Sutter wrote:

> This was broken by integration into guided option parser:
> 
> * Make 'vproto' option XTTYPE_PROTOCOL, otherwise its arguments are
>   parsed as garbage only.
> 
> * Drop O_VPROTO case from ipvs_mt_parse(), due to XTOPT_POINTER() and
>   above change there is nothing to do for it in there.
> 
> Fixes: 372203af4c70f ("libxt_ipvs: use guided option parser")
> Signed-off-by: Phil Sutter <phil@nwl.cc>

	The 3 patches look good to me, thanks!

Reviewed-by: Julian Anastasov <ja@ssi.bg>

> ---
>  extensions/libxt_ipvs.c | 5 +----
>  1 file changed, 1 insertion(+), 4 deletions(-)
> 
> diff --git a/extensions/libxt_ipvs.c b/extensions/libxt_ipvs.c
> index a6c57a030d2c6..fe98fef951686 100644
> --- a/extensions/libxt_ipvs.c
> +++ b/extensions/libxt_ipvs.c
> @@ -27,7 +27,7 @@ enum {
>  static const struct xt_option_entry ipvs_mt_opts[] = {
>  	{.name = "ipvs", .id = O_IPVS, .type = XTTYPE_NONE,
>  	 .flags = XTOPT_INVERT},
> -	{.name = "vproto", .id = O_VPROTO, .type = XTTYPE_STRING,
> +	{.name = "vproto", .id = O_VPROTO, .type = XTTYPE_PROTOCOL,
>  	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, l4proto)},
>  	{.name = "vaddr", .id = O_VADDR, .type = XTTYPE_HOSTMASK,
>  	 .flags = XTOPT_INVERT},
> @@ -69,9 +69,6 @@ static void ipvs_mt_parse(struct xt_option_call *cb)
>  
>  	xtables_option_parse(cb);
>  	switch (cb->entry->id) {
> -	case O_VPROTO:
> -		data->l4proto = cb->val.protocol;
> -		break;
>  	case O_VADDR:
>  		memcpy(&data->vaddr, &cb->val.haddr, sizeof(cb->val.haddr));
>  		memcpy(&data->vmask, &cb->val.hmask, sizeof(cb->val.hmask));
> -- 
> 2.20.1

Regards

--
Julian Anastasov <ja@ssi.bg>

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-02-24 14:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-21 19:09 [iptables PATCH 1/3] extensions: Fix ipvs vproto parsing Phil Sutter
2019-02-21 19:09 ` [iptables PATCH 2/3] extensions: Fix ipvs vproto option printing Phil Sutter
2019-02-21 19:09 ` [iptables PATCH 3/3] extensions: Add testcase for libxt_ipvs Phil Sutter
2019-02-24 14:37 ` [iptables PATCH 1/3] extensions: Fix ipvs vproto parsing Julian Anastasov

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.