From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH 2/9] Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified"
Date: Wed, 30 Mar 2022 17:58:44 +0200 [thread overview]
Message-ID: <20220330155851.13249-3-phil@nwl.cc> (raw)
In-Reply-To: <20220330155851.13249-1-phil@nwl.cc>
This reverts commit f25b2355e889290879c8cecad3dd24ec0c384fb8.
The workaround is not needed anymore since commit 30b178b9bf11e
("extensions: *NAT: Kill multiple IPv4 range support").
While being at it, drop the same hidden flag logic from
libip6t_[SD]NAT extensions as well and just don't set XTOPT_MULTI so
guided option parser will reject multiple parameters automatically.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
extensions/libip6t_DNAT.c | 9 +--------
extensions/libip6t_SNAT.c | 9 +--------
extensions/libipt_DNAT.c | 8 ++------
extensions/libipt_SNAT.c | 3 ---
4 files changed, 4 insertions(+), 25 deletions(-)
diff --git a/extensions/libip6t_DNAT.c b/extensions/libip6t_DNAT.c
index f1ad81436316b..d51994c09e7f2 100644
--- a/extensions/libip6t_DNAT.c
+++ b/extensions/libip6t_DNAT.c
@@ -19,10 +19,8 @@ enum {
O_TO_DEST = 0,
O_RANDOM,
O_PERSISTENT,
- O_X_TO_DEST,
F_TO_DEST = 1 << O_TO_DEST,
F_RANDOM = 1 << O_RANDOM,
- F_X_TO_DEST = 1 << O_X_TO_DEST,
};
static void DNAT_help(void)
@@ -45,7 +43,7 @@ static void DNAT_help_v2(void)
static const struct xt_option_entry DNAT_opts[] = {
{.name = "to-destination", .id = O_TO_DEST, .type = XTTYPE_STRING,
- .flags = XTOPT_MAND | XTOPT_MULTI},
+ .flags = XTOPT_MAND},
{.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
{.name = "persistent", .id = O_PERSISTENT, .type = XTTYPE_NONE},
XTOPT_TABLEEND,
@@ -183,12 +181,7 @@ static void _DNAT_parse(struct xt_option_call *cb,
xtables_option_parse(cb);
switch (cb->entry->id) {
case O_TO_DEST:
- if (cb->xflags & F_X_TO_DEST) {
- xtables_error(PARAMETER_PROBLEM,
- "DNAT: Multiple --to-destination not supported");
- }
parse_to(cb->arg, portok, range, rev);
- cb->xflags |= F_X_TO_DEST;
break;
case O_PERSISTENT:
range->flags |= NF_NAT_RANGE_PERSISTENT;
diff --git a/extensions/libip6t_SNAT.c b/extensions/libip6t_SNAT.c
index 6d19614c7c708..4fe272b262a3d 100644
--- a/extensions/libip6t_SNAT.c
+++ b/extensions/libip6t_SNAT.c
@@ -20,11 +20,9 @@ enum {
O_RANDOM,
O_RANDOM_FULLY,
O_PERSISTENT,
- O_X_TO_SRC,
F_TO_SRC = 1 << O_TO_SRC,
F_RANDOM = 1 << O_RANDOM,
F_RANDOM_FULLY = 1 << O_RANDOM_FULLY,
- F_X_TO_SRC = 1 << O_X_TO_SRC,
};
static void SNAT_help(void)
@@ -38,7 +36,7 @@ static void SNAT_help(void)
static const struct xt_option_entry SNAT_opts[] = {
{.name = "to-source", .id = O_TO_SRC, .type = XTTYPE_STRING,
- .flags = XTOPT_MAND | XTOPT_MULTI},
+ .flags = XTOPT_MAND},
{.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
{.name = "random-fully", .id = O_RANDOM_FULLY, .type = XTTYPE_NONE},
{.name = "persistent", .id = O_PERSISTENT, .type = XTTYPE_NONE},
@@ -163,12 +161,7 @@ static void SNAT_parse(struct xt_option_call *cb)
xtables_option_parse(cb);
switch (cb->entry->id) {
case O_TO_SRC:
- if (cb->xflags & F_X_TO_SRC) {
- xtables_error(PARAMETER_PROBLEM,
- "SNAT: Multiple --to-source not supported");
- }
parse_to(cb->arg, portok, range);
- cb->xflags |= F_X_TO_SRC;
break;
case O_PERSISTENT:
range->flags |= NF_NAT_RANGE_PERSISTENT;
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index eefa95eb73630..e93ab6958969b 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -12,10 +12,8 @@ enum {
O_TO_DEST = 0,
O_RANDOM,
O_PERSISTENT,
- O_X_TO_DEST, /* hidden flag */
- F_TO_DEST = 1 << O_TO_DEST,
- F_RANDOM = 1 << O_RANDOM,
- F_X_TO_DEST = 1 << O_X_TO_DEST,
+ F_TO_DEST = 1 << O_TO_DEST,
+ F_RANDOM = 1 << O_RANDOM,
};
static void DNAT_help(void)
@@ -145,7 +143,6 @@ static void DNAT_parse(struct xt_option_call *cb)
switch (cb->entry->id) {
case O_TO_DEST:
parse_to(cb->arg, portok, mr->range);
- cb->xflags |= F_X_TO_DEST;
break;
case O_PERSISTENT:
mr->range->flags |= NF_NAT_RANGE_PERSISTENT;
@@ -367,7 +364,6 @@ static void DNAT_parse_v2(struct xt_option_call *cb)
switch (cb->entry->id) {
case O_TO_DEST:
parse_to_v2(cb->arg, portok, range);
- cb->xflags |= F_X_TO_DEST;
break;
case O_PERSISTENT:
range->flags |= NF_NAT_RANGE_PERSISTENT;
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index bd36830ae91ce..211a20bc45bfe 100644
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -13,11 +13,9 @@ enum {
O_RANDOM,
O_RANDOM_FULLY,
O_PERSISTENT,
- O_X_TO_SRC,
F_TO_SRC = 1 << O_TO_SRC,
F_RANDOM = 1 << O_RANDOM,
F_RANDOM_FULLY = 1 << O_RANDOM_FULLY,
- F_X_TO_SRC = 1 << O_X_TO_SRC,
};
static void SNAT_help(void)
@@ -139,7 +137,6 @@ static void SNAT_parse(struct xt_option_call *cb)
switch (cb->entry->id) {
case O_TO_SRC:
parse_to(cb->arg, portok, mr->range);
- cb->xflags |= F_X_TO_SRC;
break;
case O_PERSISTENT:
mr->range->flags |= NF_NAT_RANGE_PERSISTENT;
--
2.34.1
next prev parent reply other threads:[~2022-03-30 15:59 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-30 15:58 [iptables PATCH 0/9] extensions: Merge *_DNAT and *_REDIRECT Phil Sutter
2022-03-30 15:58 ` [iptables PATCH 1/9] man: DNAT: Describe shifted port range feature Phil Sutter
2022-03-30 15:58 ` Phil Sutter [this message]
2022-03-30 15:58 ` [iptables PATCH 3/9] extensions: ipt_DNAT: Merge v1 and v2 parsers Phil Sutter
2022-03-30 15:58 ` [iptables PATCH 4/9] extensions: ipt_DNAT: Merge v1/v2 print/save code Phil Sutter
2022-03-30 15:58 ` [iptables PATCH 5/9] extensions: ipt_DNAT: Combine xlate functions also Phil Sutter
2022-03-30 15:58 ` [iptables PATCH 6/9] extensions: DNAT: Rename from libipt to libxt Phil Sutter
2022-03-30 15:58 ` [iptables PATCH 7/9] extensions: Merge IPv4 and IPv6 DNAT targets Phil Sutter
2022-03-30 15:58 ` [iptables PATCH 8/9] extensions: Merge REDIRECT into DNAT Phil Sutter
2022-03-30 15:58 ` [iptables PATCH 9/9] extensions: DNAT: Support service names in all spots Phil Sutter
2022-03-30 18:38 ` Jan Engelhardt
2022-03-30 20:57 ` Phil Sutter
2022-03-31 0:19 ` Jan Engelhardt
2022-03-31 10:04 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220330155851.13249-3-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).