From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Thomas Woerner <twoerner@redhat.com>,
netdev@vger.kernel.org,
Netfilter Developer Mailing List
<netfilter-devel@vger.kernel.org>
Subject: Re: netfilter/iptables and network interface names
Date: Fri, 05 Feb 2010 11:32:57 +0100 [thread overview]
Message-ID: <4B6BF3D9.8090404@trash.net> (raw)
In-Reply-To: <alpine.LSU.2.01.1002041542150.13435@obet.zrqbmnf.qr>
Jan Engelhardt wrote:
> On Thursday 2010-02-04 15:31, Patrick McHardy wrote:
>> I don't think there is a reason for this limitation in iptables,
>> so why not simply remove it?
>
> Like this?
>
> parent 350661a6eb089f3e54e67e022db9e16ea280499f (v1.4.6-7-g350661a)
> commit 02020c8fb965bbedae9eb43d9a9b964c46388cc3
> Author: Jan Engelhardt <jengelh@medozas.de>
> Date: Thu Feb 4 15:46:03 2010 +0100
>
> Lift restrictions on interface names
>
> The kernel has few restrictions.
>
> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
OK this looks fine. But I guess we still need to properly escape
names in iptables-save as Thomas has pointed out.
> ---
> xtables.c | 11 +++++------
> 1 files changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/xtables.c b/xtables.c
> index 63c5db7..f3baf84 100644
> --- a/xtables.c
> +++ b/xtables.c
> @@ -450,7 +450,7 @@ u_int16_t xtables_parse_port(const char *port, const char *proto)
> void xtables_parse_interface(const char *arg, char *vianame,
> unsigned char *mask)
> {
> - int vialen = strlen(arg);
> + unsigned int vialen = strlen(arg);
> unsigned int i;
>
> memset(mask, 0, IFNAMSIZ);
> @@ -462,7 +462,7 @@ void xtables_parse_interface(const char *arg, char *vianame,
> " (%i)", arg, IFNAMSIZ-1);
>
> strcpy(vianame, arg);
> - if ((vialen == 0) || (vialen == 1 && vianame[0] == '+'))
> + if (vialen == 0)
> memset(mask, 0, IFNAMSIZ);
> else if (vianame[vialen - 1] == '+') {
> memset(mask, 0xFF, vialen - 1);
> @@ -473,12 +473,11 @@ void xtables_parse_interface(const char *arg, char *vianame,
> memset(mask, 0xFF, vialen + 1);
> memset(mask + vialen + 1, 0, IFNAMSIZ - vialen - 1);
> for (i = 0; vianame[i]; i++) {
> - if (vianame[i] == ':' ||
> - vianame[i] == '!' ||
> - vianame[i] == '*') {
> + if (vianame[i] == '/' ||
> + vianame[i] == ' ') {
> fprintf(stderr,
> "Warning: weird character in interface"
> - " `%s' (No aliases, :, ! or *).\n",
> + " `%s' ('/' and ' ' are not allowed by the kernel).\n",
> vianame);
> break;
> }
next prev parent reply other threads:[~2010-02-05 10:32 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-04 12:58 netfilter/iptables and network interface names Thomas Woerner
2010-02-04 14:29 ` Jan Engelhardt
2010-02-04 14:31 ` Patrick McHardy
2010-02-04 14:46 ` Jan Engelhardt
2010-02-04 14:55 ` Patrick McHardy
2010-02-04 16:48 ` Jan Engelhardt
2010-02-04 16:49 ` Patrick McHardy
2010-02-04 18:44 ` Jan Engelhardt
2010-02-05 10:27 ` Patrick McHardy
2010-02-09 11:44 ` Jan Engelhardt
2010-02-05 10:32 ` Patrick McHardy [this message]
2010-02-09 15:00 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B6BF3D9.8090404@trash.net \
--to=kaber@trash.net \
--cc=jengelh@medozas.de \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=twoerner@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.