From: Phil Sutter <phil@nwl.cc>
To: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH 0/7] Small ebtables-translate review + extras
Date: Thu, 26 Jan 2023 13:23:59 +0100 [thread overview]
Message-ID: <20230126122406.23288-1-phil@nwl.cc> (raw)
The initial goal was to fix the apparent problem of ebtables-translate
printing 'counter' statement in wrong position, namely after the
verdict. Turns out this happened when targets were used "implicitly",
i.e. without requesting them via '-j'. Since ebtables-nft loaded all
extensions (including targets) upfront, a syntax like:
| # ebtables-nft -A FORWARD --mark-set 1
was accepted and valid. The 'mark' target in this case was added to
iptables_command_state's 'match_list' as if it was a watcher.
Legacy ebtables does not allow this syntax, also it becomes hard for
users to realize why two targets can't be used in the same rule. So
reject this (in patch 2) and implicitly fix the case of 'counter'
statement in wrong position.
Fixing the above caused some fallout: Patch 1 fixes error reporting of
unknown arguments (or missing mandatory parameters) in all tools, patch
7 extends xlate-test.py to conveniently run for all libebt_*.txlate
files (for instance).
The remaining patches 3 to 6 contain cleanups of xtables-eb-translate.c
in comparison to xtables-eb.c, also kind of preparing for a merge of the
two largely identical parsers (at least).
Phil Sutter (7):
Proper fix for "unknown argument" error message
ebtables: Refuse unselected targets' options
ebtables-translate: Drop exec_style
ebtables-translate: Use OPT_* from xshared.h
ebtables-translate: Ignore '-j CONTINUE'
ebtables-translate: Print flush command after parsing is finished
tests: xlate: Support testing multiple individual files
extensions/libebt_dnat.txlate | 12 ++--
extensions/libebt_log.c | 1 +
extensions/libebt_mark.txlate | 16 ++---
extensions/libebt_nflog.c | 1 +
extensions/libebt_snat.txlate | 8 +--
include/xtables.h | 1 +
.../ebtables/0002-ebtables-save-restore_0 | 4 +-
.../testcases/iptables/0009-unknown-arg_0 | 31 ++++++++++
iptables/xshared.c | 9 ++-
iptables/xtables-eb-translate.c | 61 +++++++------------
iptables/xtables-eb.c | 46 +++++++-------
xlate-test.py | 21 ++++---
12 files changed, 115 insertions(+), 96 deletions(-)
create mode 100755 iptables/tests/shell/testcases/iptables/0009-unknown-arg_0
--
2.38.0
next reply other threads:[~2023-01-26 12:24 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-26 12:23 Phil Sutter [this message]
2023-01-26 12:24 ` [iptables PATCH 1/7] Proper fix for "unknown argument" error message Phil Sutter
2023-01-26 12:24 ` [iptables PATCH 2/7] ebtables: Refuse unselected targets' options Phil Sutter
2023-01-26 12:24 ` [iptables PATCH 3/7] ebtables-translate: Drop exec_style Phil Sutter
2023-01-26 12:24 ` [iptables PATCH 4/7] ebtables-translate: Use OPT_* from xshared.h Phil Sutter
2023-01-26 12:24 ` [iptables PATCH 5/7] ebtables-translate: Ignore '-j CONTINUE' Phil Sutter
2023-01-26 12:24 ` [iptables PATCH 6/7] ebtables-translate: Print flush command after parsing is finished Phil Sutter
2023-01-26 12:24 ` [iptables PATCH 7/7] tests: xlate: Support testing multiple individual files Phil Sutter
2023-01-31 15:30 ` [iptables PATCH 0/7] Small ebtables-translate review + extras Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230126122406.23288-1-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).