[stable-3.7 13/14] netfilter: x_tables: print correct hook names for ARP

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: pablo@netfilter.org
To: stable@vger.kernel.org
Cc: davem@davemloft.net, netfilter-devel@vger.kernel.org
Subject: [stable-3.7 13/14] netfilter: x_tables: print correct hook names for ARP
Date: Mon, 28 Jan 2013 20:31:32 +0100	[thread overview]
Message-ID: <1359401493-6196-14-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1359401493-6196-1-git-send-email-pablo@netfilter.org>

From: Jan Engelhardt <jengelh@inai.de>

arptables 0.0.4 (released on 10th Jan 2013) supports calling the
CLASSIFY target, but on adding a rule to the wrong chain, the
diagnostic is as follows:

	# arptables -A INPUT -j CLASSIFY --set-class 0:0
	arptables: Invalid argument
	# dmesg | tail -n1
	x_tables: arp_tables: CLASSIFY target: used from hooks
	PREROUTING, but only usable from INPUT/FORWARD

This is incorrect, since xt_CLASSIFY.c does specify
(1 << NF_ARP_OUT) | (1 << NF_ARP_FORWARD).

This patch corrects the x_tables diagnostic message to print the
proper hook names for the NFPROTO_ARP case.

Affects all kernels down to and including v2.6.31.

Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/x_tables.c |   28 ++++++++++++++++++++--------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 8d987c3..7b3a9e5 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -345,19 +345,27 @@ int xt_find_revision(u8 af, const char *name, u8 revision, int target,
 }
 EXPORT_SYMBOL_GPL(xt_find_revision);
 
-static char *textify_hooks(char *buf, size_t size, unsigned int mask)
+static char *
+textify_hooks(char *buf, size_t size, unsigned int mask, uint8_t nfproto)
 {
-	static const char *const names[] = {
+	static const char *const inetbr_names[] = {
 		"PREROUTING", "INPUT", "FORWARD",
 		"OUTPUT", "POSTROUTING", "BROUTING",
 	};
-	unsigned int i;
+	static const char *const arp_names[] = {
+		"INPUT", "FORWARD", "OUTPUT",
+	};
+	const char *const *names;
+	unsigned int i, max;
 	char *p = buf;
 	bool np = false;
 	int res;
 
+	names = (nfproto == NFPROTO_ARP) ? arp_names : inetbr_names;
+	max   = (nfproto == NFPROTO_ARP) ? ARRAY_SIZE(arp_names) :
+	                                   ARRAY_SIZE(inetbr_names);
 	*p = '\0';
-	for (i = 0; i < ARRAY_SIZE(names); ++i) {
+	for (i = 0; i < max; ++i) {
 		if (!(mask & (1 << i)))
 			continue;
 		res = snprintf(p, size, "%s%s", np ? "/" : "", names[i]);
@@ -402,8 +410,10 @@ int xt_check_match(struct xt_mtchk_param *par,
 		pr_err("%s_tables: %s match: used from hooks %s, but only "
 		       "valid from %s\n",
 		       xt_prefix[par->family], par->match->name,
-		       textify_hooks(used, sizeof(used), par->hook_mask),
-		       textify_hooks(allow, sizeof(allow), par->match->hooks));
+		       textify_hooks(used, sizeof(used), par->hook_mask,
+		                     par->family),
+		       textify_hooks(allow, sizeof(allow), par->match->hooks,
+		                     par->family));
 		return -EINVAL;
 	}
 	if (par->match->proto && (par->match->proto != proto || inv_proto)) {
@@ -575,8 +585,10 @@ int xt_check_target(struct xt_tgchk_param *par,
 		pr_err("%s_tables: %s target: used from hooks %s, but only "
 		       "usable from %s\n",
 		       xt_prefix[par->family], par->target->name,
-		       textify_hooks(used, sizeof(used), par->hook_mask),
-		       textify_hooks(allow, sizeof(allow), par->target->hooks));
+		       textify_hooks(used, sizeof(used), par->hook_mask,
+		                     par->family),
+		       textify_hooks(allow, sizeof(allow), par->target->hooks,
+		                     par->family));
 		return -EINVAL;
 	}
 	if (par->target->proto && (par->target->proto != proto || inv_proto)) {
-- 
1.7.10.4

next prev parent reply	other threads:[~2013-01-28 19:32 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-01-28 19:31 [stable-3.7 00/14] netfilter stable fixes for 3.7 pablo
2013-01-28 19:31 ` [stable-3.7 01/14] netfilter: ip[6]t_REJECT: fix wrong transport header pointer in TCP reset pablo
2013-01-28 19:31 ` [stable-3.7 02/14] netfilter: nf_ct_reasm: fix conntrack reassembly expire code pablo
2013-01-28 19:31 ` [stable-3.7 03/14] netfilter: nfnetlink_log: fix mac address for 6in4 tunnels pablo
2013-01-28 19:31 ` [stable-3.7 04/14] netfilter: nfnetlink_log: fix possible compilation issue due to missing include pablo
2013-01-28 19:31 ` [stable-3.7 05/14] netfilter: xt_CT: recover NOTRACK target support pablo
2013-01-28 19:31 ` [stable-3.7 06/14] netfilter: fix missing dependencies for the NOTRACK target pablo
2013-01-28 19:31 ` [stable-3.7 07/14] netfilter: xt_recent: fix namespace destroy path pablo
2013-01-28 19:31 ` [stable-3.7 08/14] netfilter: xt_recent: avoid high order page allocations pablo
2013-01-28 19:31 ` [stable-3.7 09/14] netfilter: xt_hashlimit: fix namespace destroy path pablo
2013-01-28 19:31 ` [stable-3.7 10/14] netfilter: xt_hashlimit: fix race that results in duplicated entries pablo
2013-01-28 19:31 ` [stable-3.7 11/14] netfilter: xt_CT: fix unset return value if conntrack zone are disabled pablo
2013-01-28 19:31 ` [stable-3.7 12/14] netfilter: nf_conntrack: fix BUG_ON while removing nf_conntrack with netns pablo
2013-01-28 19:31 ` pablo [this message]
2013-01-28 19:31 ` [stable-3.7 14/14] netfilter: ctnetlink: fix leak in error path of ctnetlink_create_expect pablo
2013-01-28 20:52 ` [stable-3.7 00/14] netfilter stable fixes for 3.7 David Miller
2013-02-01 12:34 ` Greg KH
2013-02-01 16:25   ` Pablo Neira Ayuso
2013-02-01 16:39     ` Greg KH

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8d987c3 dfblob:7b3a9e5 )
 OR (
bs:"[stable-3.7 13/14] netfilter: x_tables: print correct hook names for ARP" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1359401493-6196-14-git-send-email-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).