From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Giuseppe Longo <giuseppelng@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH v2] xtables-events: prints arp rules
Date: Tue, 11 Feb 2014 13:05:16 +0100 [thread overview]
Message-ID: <20140211120516.GA12606@localhost> (raw)
In-Reply-To: <1392047374-30511-2-git-send-email-giuseppelng@gmail.com>
On Mon, Feb 10, 2014 at 04:49:34PM +0100, Giuseppe Longo wrote:
> This patch permits to print arp rules,
> avoiding the segfault that you got currently.
There is no .save_firewall hook for nft-arp, so this does not print
anything. Did you forget to include it in your patch?
More comments below.
> Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
> ---
> iptables/xtables-events.c | 19 ++++++++++++-------
> 1 file changed, 12 insertions(+), 7 deletions(-)
>
> diff --git a/iptables/xtables-events.c b/iptables/xtables-events.c
> index 408e091..75459c1 100644
> --- a/iptables/xtables-events.c
> +++ b/iptables/xtables-events.c
> @@ -59,7 +59,10 @@ static bool counters;
> static int rule_cb(const struct nlmsghdr *nlh, int type)
> {
> struct iptables_command_state cs = {};
> + struct arpt_entry fw_arp = {};
> struct nft_rule *r;
> + void *fw = NULL;
> + uint8_t family;
>
> r = nft_rule_alloc();
> if (r == NULL) {
> @@ -72,21 +75,23 @@ static int rule_cb(const struct nlmsghdr *nlh, int type)
> goto err_free;
> }
>
> - nft_rule_to_iptables_command_state(r, &cs);
> -
> - switch(nft_rule_attr_get_u8(r, NFT_RULE_ATTR_FAMILY)) {
> + family = nft_rule_attr_get_u8(r, NFT_RULE_ATTR_FAMILY);
> + switch(family) {
> case AF_INET:
> - printf("-4 ");
> - break;
> case AF_INET6:
> - printf("-6 ");
> + printf("-%c ", family == AF_INET ? '4' : '6');
> + nft_rule_to_iptables_command_state(r, &cs);
> + fw = &cs;
> break;
> + case NFPROTO_ARP:
> + nft_rule_to_arpt_entry(r, &fw_arp);
> + fw = &fw_arp;
missing break; here.
> default:
> break;
Instead of this break;, please use:
goto err_free;
so it just skips nft_rule_print_save for unknown families.
> }
>
>
> - nft_rule_print_save(&cs, r,
> + nft_rule_print_save(fw, r,
> type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND :
> NFT_RULE_DEL,
> counters ? 0 : FMT_NOCOUNTS);
> --
> 1.8.1.5
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2014-02-11 12:06 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-10 15:49 [PATCH v2] nft-shared: adds save_matches_and_target Giuseppe Longo
2014-02-10 15:49 ` [PATCH v2] xtables-events: prints arp rules Giuseppe Longo
2014-02-11 12:05 ` Pablo Neira Ayuso [this message]
2014-02-11 12:49 ` [PATCH v2] nft-shared: adds save_matches_and_target Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140211120516.GA12606@localhost \
--to=pablo@netfilter.org \
--cc=giuseppelng@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.