* [PATCH] xt_sctp: support a couple of new chunk types
@ 2022-06-29 20:05 Yuxuan Luo
2022-06-29 20:11 ` Xin Long
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Yuxuan Luo @ 2022-06-29 20:05 UTC (permalink / raw)
To: netfilter-devel; +Cc: fw, marcelo.leitner, lucien.xin, Yuxuan Luo, Yuxuan Luo
There are new chunks added in Linux SCTP not being traced by iptables.
This patch introduces the following chunks for tracing:
I_DATA, I_FORWARD_TSN (RFC8260), RE_CONFIG(RFC6525) and PAD(RFC4820)
Signed-off-by: Yuxuan Luo <luoyuxuan.carl@gmail.com>
---
extensions/libxt_sctp.c | 4 ++++
extensions/libxt_sctp.man | 4 +++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
index a4c5415f..3fb6cf1a 100644
--- a/extensions/libxt_sctp.c
+++ b/extensions/libxt_sctp.c
@@ -112,9 +112,13 @@ static const struct sctp_chunk_names sctp_chunk_names[]
{ .name = "ECN_ECNE", .chunk_type = 12, .valid_flags = "--------", .nftname = "ecne" },
{ .name = "ECN_CWR", .chunk_type = 13, .valid_flags = "--------", .nftname = "cwr" },
{ .name = "SHUTDOWN_COMPLETE", .chunk_type = 14, .valid_flags = "-------T", .nftname = "shutdown-complete" },
+ { .name = "I_DATA", .chunk_type = 64, .valid_flags = "----IUBE", .nftname = "i-data"},
+ { .name = "RE_CONFIG", .chunk_type = 130, .valid_flags = "--------", .nftname = "re-config"},
+ { .name = "PAD", .chunk_type = 132, .valid_flags = "--------", .nftname = "pad"},
{ .name = "ASCONF", .chunk_type = 193, .valid_flags = "--------", .nftname = "asconf" },
{ .name = "ASCONF_ACK", .chunk_type = 128, .valid_flags = "--------", .nftname = "asconf-ack" },
{ .name = "FORWARD_TSN", .chunk_type = 192, .valid_flags = "--------", .nftname = "forward-tsn" },
+ { .name = "I_FORWARD_TSN", .chunk_type = 194, .valid_flags = "--------", .nftname = "i-forward-tsn" },
};
static void
diff --git a/extensions/libxt_sctp.man b/extensions/libxt_sctp.man
index 3e5ffa09..06da04f8 100644
--- a/extensions/libxt_sctp.man
+++ b/extensions/libxt_sctp.man
@@ -19,12 +19,14 @@ Match if any of the given chunk types is present with given flags.
only
Match if only the given chunk types are present with given flags and none are missing.
-Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE ASCONF ASCONF_ACK FORWARD_TSN
+Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE I_DATA RE_CONFIG PAD ASCONF ASCONF_ACK FORWARD_TSN I_FORWARD_TSN
chunk type available flags
.br
DATA I U B E i u b e
.br
+I_DATA I U B E i u b e
+.br
ABORT T t
.br
SHUTDOWN_COMPLETE T t
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] xt_sctp: support a couple of new chunk types
2022-06-29 20:05 [PATCH] xt_sctp: support a couple of new chunk types Yuxuan Luo
@ 2022-06-29 20:11 ` Xin Long
2022-06-30 1:13 ` Marcelo Ricardo Leitner
2022-07-11 10:21 ` Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Xin Long @ 2022-06-29 20:11 UTC (permalink / raw)
To: Yuxuan Luo
Cc: netfilter-devel, Florian Westphal, Marcelo Ricardo Leitner, Yuxuan Luo
On Wed, Jun 29, 2022 at 4:07 PM Yuxuan Luo <luoyuxuan.carl@gmail.com> wrote:
>
> There are new chunks added in Linux SCTP not being traced by iptables.
>
> This patch introduces the following chunks for tracing:
> I_DATA, I_FORWARD_TSN (RFC8260), RE_CONFIG(RFC6525) and PAD(RFC4820)
>
> Signed-off-by: Yuxuan Luo <luoyuxuan.carl@gmail.com>
> ---
> extensions/libxt_sctp.c | 4 ++++
> extensions/libxt_sctp.man | 4 +++-
> 2 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
> index a4c5415f..3fb6cf1a 100644
> --- a/extensions/libxt_sctp.c
> +++ b/extensions/libxt_sctp.c
> @@ -112,9 +112,13 @@ static const struct sctp_chunk_names sctp_chunk_names[]
> { .name = "ECN_ECNE", .chunk_type = 12, .valid_flags = "--------", .nftname = "ecne" },
> { .name = "ECN_CWR", .chunk_type = 13, .valid_flags = "--------", .nftname = "cwr" },
> { .name = "SHUTDOWN_COMPLETE", .chunk_type = 14, .valid_flags = "-------T", .nftname = "shutdown-complete" },
> + { .name = "I_DATA", .chunk_type = 64, .valid_flags = "----IUBE", .nftname = "i-data"},
> + { .name = "RE_CONFIG", .chunk_type = 130, .valid_flags = "--------", .nftname = "re-config"},
> + { .name = "PAD", .chunk_type = 132, .valid_flags = "--------", .nftname = "pad"},
> { .name = "ASCONF", .chunk_type = 193, .valid_flags = "--------", .nftname = "asconf" },
> { .name = "ASCONF_ACK", .chunk_type = 128, .valid_flags = "--------", .nftname = "asconf-ack" },
> { .name = "FORWARD_TSN", .chunk_type = 192, .valid_flags = "--------", .nftname = "forward-tsn" },
> + { .name = "I_FORWARD_TSN", .chunk_type = 194, .valid_flags = "--------", .nftname = "i-forward-tsn" },
> };
>
> static void
> diff --git a/extensions/libxt_sctp.man b/extensions/libxt_sctp.man
> index 3e5ffa09..06da04f8 100644
> --- a/extensions/libxt_sctp.man
> +++ b/extensions/libxt_sctp.man
> @@ -19,12 +19,14 @@ Match if any of the given chunk types is present with given flags.
> only
> Match if only the given chunk types are present with given flags and none are missing.
>
> -Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE ASCONF ASCONF_ACK FORWARD_TSN
> +Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE I_DATA RE_CONFIG PAD ASCONF ASCONF_ACK FORWARD_TSN I_FORWARD_TSN
>
> chunk type available flags
> .br
> DATA I U B E i u b e
> .br
> +I_DATA I U B E i u b e
> +.br
> ABORT T t
> .br
> SHUTDOWN_COMPLETE T t
> --
> 2.31.1
>
Reviewed-by: Xin Long <lucien.xin@gmail.com>
(This is a patch for iptables.)
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] xt_sctp: support a couple of new chunk types
2022-06-29 20:05 [PATCH] xt_sctp: support a couple of new chunk types Yuxuan Luo
2022-06-29 20:11 ` Xin Long
@ 2022-06-30 1:13 ` Marcelo Ricardo Leitner
2022-07-11 10:21 ` Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Marcelo Ricardo Leitner @ 2022-06-30 1:13 UTC (permalink / raw)
To: Yuxuan Luo; +Cc: netfilter-devel, fw, lucien.xin, Yuxuan Luo
On Wed, Jun 29, 2022 at 04:05:45PM -0400, Yuxuan Luo wrote:
> There are new chunks added in Linux SCTP not being traced by iptables.
>
> This patch introduces the following chunks for tracing:
> I_DATA, I_FORWARD_TSN (RFC8260), RE_CONFIG(RFC6525) and PAD(RFC4820)
>
> Signed-off-by: Yuxuan Luo <luoyuxuan.carl@gmail.com>
These changes make sense to me, but I don't know much the iptables
project and I'm not sure if they are enough. I'll go with Xin's review
on that.
Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] xt_sctp: support a couple of new chunk types
2022-06-29 20:05 [PATCH] xt_sctp: support a couple of new chunk types Yuxuan Luo
2022-06-29 20:11 ` Xin Long
2022-06-30 1:13 ` Marcelo Ricardo Leitner
@ 2022-07-11 10:21 ` Pablo Neira Ayuso
2 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2022-07-11 10:21 UTC (permalink / raw)
To: Yuxuan Luo; +Cc: netfilter-devel, fw, marcelo.leitner, lucien.xin, Yuxuan Luo
On Wed, Jun 29, 2022 at 04:05:45PM -0400, Yuxuan Luo wrote:
> There are new chunks added in Linux SCTP not being traced by iptables.
>
> This patch introduces the following chunks for tracing:
> I_DATA, I_FORWARD_TSN (RFC8260), RE_CONFIG(RFC6525) and PAD(RFC4820)
>
> Signed-off-by: Yuxuan Luo <luoyuxuan.carl@gmail.com>
> ---
> extensions/libxt_sctp.c | 4 ++++
> extensions/libxt_sctp.man | 4 +++-
> 2 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c
> index a4c5415f..3fb6cf1a 100644
> --- a/extensions/libxt_sctp.c
> +++ b/extensions/libxt_sctp.c
> @@ -112,9 +112,13 @@ static const struct sctp_chunk_names sctp_chunk_names[]
> { .name = "ECN_ECNE", .chunk_type = 12, .valid_flags = "--------", .nftname = "ecne" },
> { .name = "ECN_CWR", .chunk_type = 13, .valid_flags = "--------", .nftname = "cwr" },
> { .name = "SHUTDOWN_COMPLETE", .chunk_type = 14, .valid_flags = "-------T", .nftname = "shutdown-complete" },
> + { .name = "I_DATA", .chunk_type = 64, .valid_flags = "----IUBE", .nftname = "i-data"},
> + { .name = "RE_CONFIG", .chunk_type = 130, .valid_flags = "--------", .nftname = "re-config"},
> + { .name = "PAD", .chunk_type = 132, .valid_flags = "--------", .nftname = "pad"},
> { .name = "ASCONF", .chunk_type = 193, .valid_flags = "--------", .nftname = "asconf" },
> { .name = "ASCONF_ACK", .chunk_type = 128, .valid_flags = "--------", .nftname = "asconf-ack" },
> { .name = "FORWARD_TSN", .chunk_type = 192, .valid_flags = "--------", .nftname = "forward-tsn" },
> + { .name = "I_FORWARD_TSN", .chunk_type = 194, .valid_flags = "--------", .nftname = "i-forward-tsn" },
> };
Could you also update extensions/libxt_sctp.t including this new
options?
Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-07-11 11:12 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-29 20:05 [PATCH] xt_sctp: support a couple of new chunk types Yuxuan Luo
2022-06-29 20:11 ` Xin Long
2022-06-30 1:13 ` Marcelo Ricardo Leitner
2022-07-11 10:21 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.