[iptables PATCH 1/2] ebtables-compat: add a bridge-specific exit

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [iptables PATCH 1/2] ebtables-compat: add a bridge-specific exit_error function
@ 2015-03-11 17:54 Arturo Borrero Gonzalez
  2015-03-11 17:55 ` [iptables PATCH 2/2] ebtables-compat: fix rule deleting with -D in rules with no target Arturo Borrero Gonzalez
  2015-03-13 11:15 ` [iptables PATCH 1/2] ebtables-compat: add a bridge-specific exit_error function Pablo Neira Ayuso
  0 siblings, 2 replies; 4+ messages in thread
From: Arturo Borrero Gonzalez @ 2015-03-11 17:54 UTC (permalink / raw)
  To: netfilter-devel; +Cc: pablo

Previous to this patch, error reporting in ebtables-compat was like:

% ebtables-compat xxx
(null) v1.4.21: Bad argument : 'xxx'
Try `(null) -h' or '(null) --help' for more information.

While the original ebtables was:

% ebtables xxx
Bad argument : 'xxx'.

With this patch, we switch to:

% ebtables-compat xxx
Bad argument : 'xxx'.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 iptables/xtables-eb.c |   15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index efbb3cd..355d027 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -27,6 +27,7 @@
 #include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <stdarg.h>
 #include <inttypes.h>
 #include <signal.h>
 #include <net/if.h>
@@ -291,13 +292,23 @@ static struct option ebt_original_options[] =
 	{ 0 }
 };
 
-void xtables_exit_error(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
+static void
+ebt_print_error(enum xtables_exittype status, const char *format, ...)
+{
+	va_list l;
+
+	va_start(l, format);
+	vfprintf(stderr, format, l);
+	fprintf(stderr, ".\n");
+	va_end(l);
+	exit(-1);
+} __attribute__((noreturn, format(printf,2,3)));
 
 struct xtables_globals ebtables_globals = {
 	.option_offset 		= 0,
 	.program_version	= IPTABLES_VERSION,
 	.orig_opts		= ebt_original_options,
-	.exit_err		= xtables_exit_error,
+	.exit_err		= ebt_print_error,
 	.compat_rev		= nft_compatible_revision,
 };
 


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [iptables PATCH 2/2] ebtables-compat: fix rule deleting with -D in rules with no target
  2015-03-11 17:54 [iptables PATCH 1/2] ebtables-compat: add a bridge-specific exit_error function Arturo Borrero Gonzalez
@ 2015-03-11 17:55 ` Arturo Borrero Gonzalez
  2015-03-13 11:16   ` Pablo Neira Ayuso
  2015-03-13 11:15 ` [iptables PATCH 1/2] ebtables-compat: add a bridge-specific exit_error function Pablo Neira Ayuso
  1 sibling, 1 reply; 4+ messages in thread
From: Arturo Borrero Gonzalez @ 2015-03-11 17:55 UTC (permalink / raw)
  To: netfilter-devel; +Cc: pablo

Before this patch, rule deleting with -D produces segfault in rules
with no target.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
 iptables/nft-bridge.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index e3ab667..084dd58 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -619,7 +619,7 @@ static bool nft_bridge_rule_find(struct nft_family_ops *ops, struct nft_rule *r,
 		return false;
 	}
 
-	if (strcmp(cs->jumpto, this.jumpto) != 0) {
+	if (cs->jumpto != NULL && strcmp(cs->jumpto, this.jumpto) != 0) {
 		DEBUGP("Different verdict\n");
 		return false;
 	}


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [iptables PATCH 2/2] ebtables-compat: fix rule deleting with -D in rules with no target
  2015-03-11 17:55 ` [iptables PATCH 2/2] ebtables-compat: fix rule deleting with -D in rules with no target Arturo Borrero Gonzalez
@ 2015-03-13 11:16   ` Pablo Neira Ayuso
  0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2015-03-13 11:16 UTC (permalink / raw)
  To: Arturo Borrero Gonzalez; +Cc: netfilter-devel

On Wed, Mar 11, 2015 at 06:55:03PM +0100, Arturo Borrero Gonzalez wrote:
> Before this patch, rule deleting with -D produces segfault in rules
> with no target.

Applied, thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [iptables PATCH 1/2] ebtables-compat: add a bridge-specific exit_error function
  2015-03-11 17:54 [iptables PATCH 1/2] ebtables-compat: add a bridge-specific exit_error function Arturo Borrero Gonzalez
  2015-03-11 17:55 ` [iptables PATCH 2/2] ebtables-compat: fix rule deleting with -D in rules with no target Arturo Borrero Gonzalez
@ 2015-03-13 11:15 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2015-03-13 11:15 UTC (permalink / raw)
  To: Arturo Borrero Gonzalez; +Cc: netfilter-devel

On Wed, Mar 11, 2015 at 06:54:57PM +0100, Arturo Borrero Gonzalez wrote:
> Previous to this patch, error reporting in ebtables-compat was like:
> 
> % ebtables-compat xxx
> (null) v1.4.21: Bad argument : 'xxx'
> Try `(null) -h' or '(null) --help' for more information.
> 
> While the original ebtables was:
> 
> % ebtables xxx
> Bad argument : 'xxx'.
> 
> With this patch, we switch to:
> 
> % ebtables-compat xxx
> Bad argument : 'xxx'.

Also applied, thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-03-13 11:12 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-03-11 17:54 [iptables PATCH 1/2] ebtables-compat: add a bridge-specific exit_error function Arturo Borrero Gonzalez
2015-03-11 17:55 ` [iptables PATCH 2/2] ebtables-compat: fix rule deleting with -D in rules with no target Arturo Borrero Gonzalez
2015-03-13 11:16   ` Pablo Neira Ayuso
2015-03-13 11:15 ` [iptables PATCH 1/2] ebtables-compat: add a bridge-specific exit_error function Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).