From: Phil Sutter <phil@nwl.cc>
To: HACKE-RC <rc@rexion.ai>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
Florian Westphal <fw@strlen.de>,
"David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH net-next v2 1/3] netfilter: conntrack: add shared port parser for helpers
Date: Fri, 1 May 2026 12:25:01 +0200 [thread overview]
Message-ID: <afR_ffe8vDhjTBCf@orbyte.nwl.cc> (raw)
In-Reply-To: <20260501063156.2520780-2-rc@rexion.ai>
Hi,
On Fri, May 01, 2026 at 12:01:54PM +0530, HACKE-RC wrote:
> Add nf_ct_helper_parse_port() to the conntrack helper core. This
> provides a port parser that does not rely on nul-terminated strings,
> taking an explicit length parameter and validating the result fits
> in the 1-65535 range.
>
> Modeled after the approach in 8cf6809cddcb ("netfilter:
> nf_conntrack_sip: don't use simple_strtoul") but as a shared
> function so IRC, Amanda, and other helpers can use it instead of
> open-coding simple_strtoul calls with ad-hoc range checks.
>
> Signed-off-by: HACKE-RC <rc@rexion.ai>
> ---
> include/net/netfilter/nf_conntrack_helper.h | 3 +++
> net/netfilter/nf_conntrack_helper.c | 28 +++++++++++++++++++++
> 2 files changed, 31 insertions(+)
>
> diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h
> index de2f956ab..db19fe25f 100644
> --- a/include/net/netfilter/nf_conntrack_helper.h
> +++ b/include/net/netfilter/nf_conntrack_helper.h
> @@ -160,6 +160,9 @@ nf_ct_helper_expectfn_find_by_name(const char *name);
> struct nf_ct_helper_expectfn *
> nf_ct_helper_expectfn_find_by_symbol(const void *symbol);
>
> +int nf_ct_helper_parse_port(const char *cp, unsigned int len,
> + u16 *port, char **endp);
> +
> extern struct hlist_head *nf_ct_helper_hash;
> extern unsigned int nf_ct_helper_hsize;
>
> diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
> index a715304a5..12f51670d 100644
> --- a/net/netfilter/nf_conntrack_helper.c
> +++ b/net/netfilter/nf_conntrack_helper.c
> @@ -499,6 +499,34 @@ void nf_nat_helper_unregister(struct nf_conntrack_nat_helper *nat)
> }
> EXPORT_SYMBOL_GPL(nf_nat_helper_unregister);
>
> +int nf_ct_helper_parse_port(const char *cp, unsigned int len,
> + u16 *port, char **endp)
> +{
> + unsigned long result = 0;
> + const char *start = cp;
> +
> + while (len > 0 && *cp >= '0' && *cp <= '9') {
> + result = result * 10 + (*cp - '0');
> + if (result > 65535)
> + return -1;
> + cp++;
> + len--;
> + }
> +
> + if (cp == start)
> + return -1;
This check is redundant wrt. the following one: If the loop didn't
increment 'cp', result must be zero. So you may just drop it entirely.
Cheers, Phil
> +
> + if (result == 0)
> + return -1;
> +
> + *port = result;
> + if (endp)
> + *endp = (char *)cp;
> +
> + return 0;
> +}
> +EXPORT_SYMBOL_GPL(nf_ct_helper_parse_port);
> +
> int nf_conntrack_helper_init(void)
> {
> nf_ct_helper_hsize = 1; /* gets rounded up to use one page */
> --
> 2.54.0
>
>
next prev parent reply other threads:[~2026-05-01 10:25 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-01 6:31 [PATCH net-next v2 0/3] netfilter: conntrack: add shared port parser and use it in IRC and Amanda helpers HACKE-RC
2026-05-01 6:31 ` [PATCH net-next v2 1/3] netfilter: conntrack: add shared port parser for helpers HACKE-RC
2026-05-01 10:25 ` Phil Sutter [this message]
2026-05-01 6:31 ` [PATCH net-next v2 2/3] netfilter: nf_conntrack_irc: use nf_ct_helper_parse_port() HACKE-RC
2026-05-01 6:31 ` [PATCH net-next v2 3/3] netfilter: nf_conntrack_amanda: " HACKE-RC
2026-05-01 10:34 ` [PATCH net-next v2 0/3] netfilter: conntrack: add shared port parser and use it in IRC and Amanda helpers Phil Sutter
2026-05-03 8:32 ` [PATCH net-next v3 0/4] netfilter: conntrack: shared port parser for helpers HACKE-RC
2026-05-03 8:32 ` [PATCH net-next v3 1/4] netfilter: conntrack: add shared port and uint parsers " HACKE-RC
2026-05-05 22:33 ` Pablo Neira Ayuso
2026-05-03 8:32 ` [PATCH net-next v3 2/4] netfilter: nf_conntrack_irc: use nf_ct_helper_parse_port() HACKE-RC
2026-05-03 8:32 ` [PATCH net-next v3 3/4] netfilter: nf_conntrack_amanda: " HACKE-RC
2026-05-03 8:32 ` [PATCH net-next v3 4/4] netfilter: nf_conntrack_sip: " HACKE-RC
-- strict thread matches above, loose matches on Subject: below --
2026-04-30 18:25 [PATCH net-next v2 0/3] netfilter: conntrack: add shared port parser and use it in IRC and Amanda helpers HACKE-RC
2026-04-30 18:25 ` [PATCH net-next v2 1/3] netfilter: conntrack: add shared port parser for helpers HACKE-RC
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=afR_ffe8vDhjTBCf@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=rc@rexion.ai \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.