[PATCH iptables] libxtables: fix wrong naddr when using localhost

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH iptables] libxtables: fix wrong naddr when using localhost
@ 2017-03-07 23:28 Alexander Alemayhu
  2017-03-08  9:55 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 3+ messages in thread
From: Alexander Alemayhu @ 2017-03-07 23:28 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Alexander Alemayhu

$ iptables-translate -A INPUT -p tcp -s localhost --dport 8000 -j ACCEPT

gives

 nft add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 8000 counter accept
 add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 8000 counter accept

with this patch we get

 nft add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 8000 counter accept

Signed-off-by: Alexander Alemayhu <alexander@alemayhu.com>
---
 libxtables/xtables.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index d43f97066ea9..defc57414de3 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -1376,7 +1376,7 @@ static struct in_addr *host_to_ipaddr(const char *name, unsigned int *naddr)
 		return NULL;
 	} else {
 		for (p = res; p != NULL; p = p->ai_next)
-			++*naddr;
+			*naddr++;
 		addr = xtables_calloc(*naddr, sizeof(struct in_addr));
 		for (i = 0, p = res; p != NULL; p = p->ai_next)
 			memcpy(&addr[i++],
-- 
2.9.3


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH iptables] libxtables: fix wrong naddr when using localhost
  2017-03-07 23:28 [PATCH iptables] libxtables: fix wrong naddr when using localhost Alexander Alemayhu
@ 2017-03-08  9:55 ` Pablo Neira Ayuso
  2017-03-08 11:10   ` Alexander Alemayhu
  0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2017-03-08  9:55 UTC (permalink / raw)
  To: Alexander Alemayhu; +Cc: netfilter-devel

On Wed, Mar 08, 2017 at 12:28:13AM +0100, Alexander Alemayhu wrote:
> $ iptables-translate -A INPUT -p tcp -s localhost --dport 8000 -j ACCEPT
> 
> gives
> 
>  nft add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 8000 counter accept
>  add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 8000 counter accept
> 
> with this patch we get
> 
>  nft add rule ip filter INPUT ip saddr 127.0.0.1 tcp dport 8000 counter accept

This is actually a generic problem:

# iptables -I INPUT -p tcp -s localhost

results in:

# iptables-save 
# Generated by iptables-save v1.6.1 on Wed Mar  8 10:53:07 2017
*filter
:INPUT ACCEPT [13:1628]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:317]
-A INPUT -s 127.0.0.1/32 -p tcp
-A INPUT -s 127.0.0.1/32 -p tcp
COMMIT
# Completed on Wed Mar  8 10:53:07 2017

Original problem was introduce at:

commit 2d2b5e046aa56a518160716a9ddf9df53fc79c1f
Author: Arpan Kapoor <rpnkpr@gmail.com>
Date:   Thu Mar 17 18:27:19 2016 +0530

    libxtables: Replace gethostbyname() with getaddrinfo()

Did you also run iptables tests? See iptables-test.py, although I
guess our test infrastructure is not catching up this case.

Thanks!

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH iptables] libxtables: fix wrong naddr when using localhost
  2017-03-08  9:55 ` Pablo Neira Ayuso
@ 2017-03-08 11:10   ` Alexander Alemayhu
  0 siblings, 0 replies; 3+ messages in thread
From: Alexander Alemayhu @ 2017-03-08 11:10 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel

On Wed, Mar 08, 2017 at 10:55:32AM +0100, Pablo Neira Ayuso wrote:
> 
> This is actually a generic problem:
> 
> # iptables -I INPUT -p tcp -s localhost
> 
> results in:
> 
> # iptables-save 
> # Generated by iptables-save v1.6.1 on Wed Mar  8 10:53:07 2017
> *filter
> :INPUT ACCEPT [13:1628]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [4:317]
> -A INPUT -s 127.0.0.1/32 -p tcp
> -A INPUT -s 127.0.0.1/32 -p tcp
> COMMIT
> # Completed on Wed Mar  8 10:53:07 2017
>

What's the right way to fix this? I want to use iptables-translate in a web
application[0] so I can copy and use the translations.  Adding the extra line
forces me to manually edit the output.

> Original problem was introduce at:
> 
> commit 2d2b5e046aa56a518160716a9ddf9df53fc79c1f
> Author: Arpan Kapoor <rpnkpr@gmail.com>
> Date:   Thu Mar 17 18:27:19 2016 +0530
> 
>     libxtables: Replace gethostbyname() with getaddrinfo()
> 
> Did you also run iptables tests? See iptables-test.py, although I
> guess our test infrastructure is not catching up this case.
>
Before and after patch I get:
102 test files, 706 unit tests, 687 passed

Thanks.

[0]: https://2nft.alemayhu.com/
-- 
Mit freundlichen Grüßen

Alexander Alemayhu

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2017-03-08 11:12 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-07 23:28 [PATCH iptables] libxtables: fix wrong naddr when using localhost Alexander Alemayhu
2017-03-08  9:55 ` Pablo Neira Ayuso
2017-03-08 11:10   ` Alexander Alemayhu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).