From: Phil Sutter <phil@nwl.cc>
To: HACKE-RC <rc@rexion.ai>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
Florian Westphal <fw@strlen.de>,
"David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH net-next v2 0/3] netfilter: conntrack: add shared port parser and use it in IRC and Amanda helpers
Date: Fri, 1 May 2026 12:34:52 +0200 [thread overview]
Message-ID: <afSBzDE-caw3Dsr1@orbyte.nwl.cc> (raw)
In-Reply-To: <20260501063156.2520780-1-rc@rexion.ai>
On Fri, May 01, 2026 at 12:01:53PM +0530, HACKE-RC wrote:
> Both nf_conntrack_irc and nf_conntrack_amanda parse port numbers
> from application-layer protocol data using simple_strtoul(), which
> relies on nul-terminated strings and returns unsigned long without
> range checking. Port values above 65535 silently truncate when
> stored in u16.
>
> This v2 adds a shared nf_ct_helper_parse_port() function to the
> conntrack helper core, modeled after the approach in 8cf6809cddcb
> ("netfilter: nf_conntrack_sip: don't use simple_strtoul"), then
> converts both helpers to use it.
Looking at Florian's patch, how about going the extra mile of
implementing a shared nf_ct_helper_parse_uint() which is called by the
new nf_ct_helper_parse_port(), then drop sip_strtouint() for the former
and have sip_parse_port() call the latter (wrapped by the colon and min
port value checks) in a fourth patch?
Cheers, Phil
>
> Changes since v1:
> - Added shared nf_ct_helper_parse_port() in the helper core
> instead of open-coding range checks in each helper (Pablo)
> - Parser does not rely on nul-terminated strings
> - Dropped simple_strtoul usage entirely for port parsing
>
> HACKE-RC (3):
> netfilter: conntrack: add shared port parser for helpers
> netfilter: nf_conntrack_irc: use nf_ct_helper_parse_port()
> netfilter: nf_conntrack_amanda: use nf_ct_helper_parse_port()
>
> include/net/netfilter/nf_conntrack_helper.h | 3 +++
> net/netfilter/nf_conntrack_amanda.c | 11 ++++----
> net/netfilter/nf_conntrack_helper.c | 28 +++++++++++++++++++++
> net/netfilter/nf_conntrack_irc.c | 4 ++-
> 4 files changed, 40 insertions(+), 6 deletions(-)
>
> --
> 2.54.0
>
>
next prev parent reply other threads:[~2026-05-01 10:34 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-01 6:31 [PATCH net-next v2 0/3] netfilter: conntrack: add shared port parser and use it in IRC and Amanda helpers HACKE-RC
2026-05-01 6:31 ` [PATCH net-next v2 1/3] netfilter: conntrack: add shared port parser for helpers HACKE-RC
2026-05-01 10:25 ` Phil Sutter
2026-05-01 6:31 ` [PATCH net-next v2 2/3] netfilter: nf_conntrack_irc: use nf_ct_helper_parse_port() HACKE-RC
2026-05-01 6:31 ` [PATCH net-next v2 3/3] netfilter: nf_conntrack_amanda: " HACKE-RC
2026-05-01 10:34 ` Phil Sutter [this message]
2026-05-03 8:32 ` [PATCH net-next v3 0/4] netfilter: conntrack: shared port parser for helpers HACKE-RC
2026-05-03 8:32 ` [PATCH net-next v3 1/4] netfilter: conntrack: add shared port and uint parsers " HACKE-RC
2026-05-05 22:33 ` Pablo Neira Ayuso
2026-05-03 8:32 ` [PATCH net-next v3 2/4] netfilter: nf_conntrack_irc: use nf_ct_helper_parse_port() HACKE-RC
2026-05-03 8:32 ` [PATCH net-next v3 3/4] netfilter: nf_conntrack_amanda: " HACKE-RC
2026-05-03 8:32 ` [PATCH net-next v3 4/4] netfilter: nf_conntrack_sip: " HACKE-RC
-- strict thread matches above, loose matches on Subject: below --
2026-04-30 18:25 [PATCH net-next v2 0/3] netfilter: conntrack: add shared port parser and use it in IRC and Amanda helpers HACKE-RC
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=afSBzDE-caw3Dsr1@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=rc@rexion.ai \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.