From: Phil Sutter <phil@nwl.cc>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH xtables-nft v2] extensions: xt_socket: add txlate support for socket match
Date: Wed, 6 Mar 2024 15:52:26 +0100 [thread overview]
Message-ID: <ZeiDKkam7FXpCbiU@orbyte.nwl.cc> (raw)
In-Reply-To: <20240306101132.55075-1-fw@strlen.de>
On Wed, Mar 06, 2024 at 11:11:25AM +0100, Florian Westphal wrote:
> v2: document the match semantics of -m socket.
>
> Ignore --nowildcard if used with other options when translating
> and add "wildcard 0" if the option is missing.
>
> "-m socket" will ignore sockets bound to 0.0.0.0/:: by default,
> unless --nowildcard is given.
>
> So, xlate must always append "wildcard 0", can elide "wildcard"
> if other options are present along with --nowildcard.
>
> To emulate "-m socket --nowildcard", check for "wildcard <= 1" to
> get a "socket exists" type matching.
>
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
> extensions/libxt_socket.c | 39 ++++++++++++++++++++++++++++++++++
> extensions/libxt_socket.txlate | 17 +++++++++++++++
> 2 files changed, 56 insertions(+)
> create mode 100644 extensions/libxt_socket.txlate
>
> diff --git a/extensions/libxt_socket.c b/extensions/libxt_socket.c
> index a99135cdfa0a..016ea3435339 100644
> --- a/extensions/libxt_socket.c
> +++ b/extensions/libxt_socket.c
> @@ -159,6 +159,42 @@ socket_mt_print_v3(const void *ip, const struct xt_entry_match *match,
> socket_mt_save_v3(ip, match);
> }
>
> +static int socket_mt_xlate(struct xt_xlate *xl, const struct xt_xlate_mt_params *params)
> +{
> + const struct xt_socket_mtinfo3 *info = (const void *)params->match->data;
> + const char *space = "";
The whole "leading space or not" handling is not necessary, I made
xt_xlate_add() insert leading space automatically if the first
character is alpha-numeric or a brace.
Thanks, Phil
next prev parent reply other threads:[~2024-03-06 14:52 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-06 10:11 [PATCH xtables-nft v2] extensions: xt_socket: add txlate support for socket match Florian Westphal
2024-03-06 14:52 ` Phil Sutter [this message]
2024-03-06 15:42 ` Florian Westphal
2024-03-06 16:12 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZeiDKkam7FXpCbiU@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.