From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Giuseppe Longo <giuseppelng@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 3/3] xtables-events: prints arp rules
Date: Fri, 7 Feb 2014 19:28:30 +0100 [thread overview]
Message-ID: <20140207182830.GB4853@localhost> (raw)
In-Reply-To: <1391693471-7591-4-git-send-email-giuseppelng@gmail.com>
On Thu, Feb 06, 2014 at 02:31:11PM +0100, Giuseppe Longo wrote:
> This patch permits to print arp rules,
> avoiding the segfault that you got currently.
>
> Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
> ---
> iptables/xtables-events.c | 20 +++++++++++++-------
> 1 file changed, 13 insertions(+), 7 deletions(-)
>
> diff --git a/iptables/xtables-events.c b/iptables/xtables-events.c
> index 408e091..7ce1d4f 100644
> --- a/iptables/xtables-events.c
> +++ b/iptables/xtables-events.c
> @@ -59,7 +59,11 @@ static bool counters;
> static int rule_cb(const struct nlmsghdr *nlh, int type)
> {
> struct iptables_command_state cs = {};
> + struct arpt_entry fw_arp = {};
> + struct xtables_ebt_entry fw_eb = {};
There is no ebt compat yet, please, remove this line above.
> struct nft_rule *r;
> + void *fw = NULL;
> + uint8_t family;
>
> r = nft_rule_alloc();
> if (r == NULL) {
> @@ -72,21 +76,23 @@ static int rule_cb(const struct nlmsghdr *nlh, int type)
> goto err_free;
> }
>
> - nft_rule_to_iptables_command_state(r, &cs);
> -
> - switch(nft_rule_attr_get_u8(r, NFT_RULE_ATTR_FAMILY)) {
> + family = nft_rule_attr_get_u8(r, NFT_RULE_ATTR_FAMILY);
> + switch(family) {
> case AF_INET:
> - printf("-4 ");
> - break;
> case AF_INET6:
> - printf("-6 ");
> + printf("-%c ", family == AF_INET ? '4' : '6');
> + nft_rule_to_iptables_command_state(r, &cs);
> + fw = &cs;
> break;
> + case NFPROTO_ARP:
> + nft_rule_to_arpt_entry(r, &fw_arp);
> + fw = &fw_arp;
> default:
> break;
> }
>
>
> - nft_rule_print_save(&cs, r,
> + nft_rule_print_save(fw, r,
> type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND :
> NFT_RULE_DEL,
> counters ? 0 : FMT_NOCOUNTS);
> --
> 1.8.1.5
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2014-02-07 18:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-06 13:31 [PATCH 0/3] xtables-events segfault Giuseppe Longo
2014-02-06 13:31 ` [PATCH 1/3] nft-shared: adds save_matches_and_target Giuseppe Longo
2014-02-06 13:31 ` [PATCH 2/3] nft-arp: adds nft_arp_save_firewall Giuseppe Longo
2014-02-07 18:27 ` Pablo Neira Ayuso
2014-02-06 13:31 ` [PATCH 3/3] xtables-events: prints arp rules Giuseppe Longo
2014-02-07 18:28 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140207182830.GB4853@localhost \
--to=pablo@netfilter.org \
--cc=giuseppelng@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.