[PATCH iptables] libxt_length: update to revision 1

[PATCH iptables] libxt_length: update to revision 1

[Changli Gao]

update libxt_length to revision 1 to support ipv6 jumbo frames.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
----
 extensions/libxt_length.c           |    1 +
 include/linux/netfilter/xt_length.h |    2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c
index 96e8b6c..5d0f5e9 100644
--- a/extensions/libxt_length.c
+++ b/extensions/libxt_length.c
@@ -125,6 +125,7 @@ static struct xtables_match length_match = {
 	.print		= length_print,
 	.save		= length_save,
 	.extra_opts	= length_opts,
+	.revision	= 1,
 };
 
 void _init(void)
diff --git a/include/linux/netfilter/xt_length.h b/include/linux/netfilter/xt_length.h
index b82ed7c..a12785c 100644
--- a/include/linux/netfilter/xt_length.h
+++ b/include/linux/netfilter/xt_length.h
@@ -4,7 +4,7 @@
 #include <linux/types.h>
 
 struct xt_length_info {
-    __u16	min, max;
+    __u32	min, max;
     __u8	invert;
 };
 

Re: [PATCH iptables] libxt_length: update to revision 1

[Eric Dumazet]

Le samedi 24 juillet 2010 à 12:29 +0800, Changli Gao a écrit :
> update libxt_length to revision 1 to support ipv6 jumbo frames.
> 
> Signed-off-by: Changli Gao <xiaosuo@gmail.com>
> ----
>  extensions/libxt_length.c           |    1 +
>  include/linux/netfilter/xt_length.h |    2 +-
>  2 files changed, 2 insertions(+), 1 deletion(-)
> diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c
> index 96e8b6c..5d0f5e9 100644
> --- a/extensions/libxt_length.c
> +++ b/extensions/libxt_length.c
> @@ -125,6 +125,7 @@ static struct xtables_match length_match = {
>  	.print		= length_print,
>  	.save		= length_save,
>  	.extra_opts	= length_opts,
> +	.revision	= 1,
>  };
>  
>  void _init(void)

Hmm... I think you missed at line 50 :


        info->max = cp[0] ? parse_length(cp) : 0xFFFF;

Or document the thing...



--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH iptables] libxt_length: update to revision 1

[Changli Gao]

On Sat, Jul 24, 2010 at 1:28 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> Le samedi 24 juillet 2010 à 12:29 +0800, Changli Gao a écrit :
>> update libxt_length to revision 1 to support ipv6 jumbo frames.
>>
>> Signed-off-by: Changli Gao <xiaosuo@gmail.com>
>> ----
>>  extensions/libxt_length.c           |    1 +
>>  include/linux/netfilter/xt_length.h |    2 +-
>>  2 files changed, 2 insertions(+), 1 deletion(-)
>> diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c
>> index 96e8b6c..5d0f5e9 100644
>> --- a/extensions/libxt_length.c
>> +++ b/extensions/libxt_length.c
>> @@ -125,6 +125,7 @@ static struct xtables_match length_match = {
>>       .print          = length_print,
>>       .save           = length_save,
>>       .extra_opts     = length_opts,
>> +     .revision       = 1,
>>  };
>>
>>  void _init(void)
>
> Hmm... I think you missed at line 50 :
>
>
>        info->max = cp[0] ? parse_length(cp) : 0xFFFF;
>
> Or document the thing...
>

Oh, thanks. I think we can change 0xFFFF to 0xFFFFFFFF, and I also
need to update the return value of parse_length() to u_int32_t.

-- 
Regards,
Changli Gao(xiaosuo@gmail.com)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH iptables] libxt_length: update to revision 1

[Jan Engelhardt]

On Saturday 2010-07-24 06:29, Changli Gao wrote:

>update libxt_length to revision 1 to support ipv6 jumbo frames.

You can't just go and change these things, would break xt_length v0.


>Signed-off-by: Changli Gao <xiaosuo@gmail.com>
>----
> extensions/libxt_length.c           |    1 +
> include/linux/netfilter/xt_length.h |    2 +-
> 2 files changed, 2 insertions(+), 1 deletion(-)
>diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c
>index 96e8b6c..5d0f5e9 100644
>--- a/extensions/libxt_length.c
>+++ b/extensions/libxt_length.c
>@@ -125,6 +125,7 @@ static struct xtables_match length_match = {
> 	.print		= length_print,
> 	.save		= length_save,
> 	.extra_opts	= length_opts,
>+	.revision	= 1,
> };
> 
> void _init(void)
>diff --git a/include/linux/netfilter/xt_length.h b/include/linux/netfilter/xt_length.h
>index b82ed7c..a12785c 100644
>--- a/include/linux/netfilter/xt_length.h
>+++ b/include/linux/netfilter/xt_length.h
>@@ -4,7 +4,7 @@
> #include <linux/types.h>
> 
> struct xt_length_info {
>-    __u16	min, max;
>+    __u32	min, max;
>     __u8	invert;
> };
> 
>--
>To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: [PATCH iptables] libxt_length: update to revision 1

[Changli Gao]

[-- Attachment #1: Type: text/plain, Size: 452 bytes --]

On Sat, Jul 24, 2010 at 4:55 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
> On Saturday 2010-07-24 06:29, Changli Gao wrote:
>
>>update libxt_length to revision 1 to support ipv6 jumbo frames.
>
> You can't just go and change these things, would break xt_length v0.
>

Hmm. I have updated the patch(attached), but the v0 handlers are not
called. Is there anything I missed? Or Is there a bug in iptables?

-- 
Regards,
Changli Gao(xiaosuo@gmail.com)

[-- Attachment #2: xt_len.diff --]
[-- Type: application/octet-stream, Size: 6116 bytes --]

diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c
index 96e8b6c..774a80e 100644
--- a/extensions/libxt_length.c
+++ b/extensions/libxt_length.c
@@ -8,6 +8,11 @@
 #include <xtables.h>
 #include <linux/netfilter/xt_length.h>
 
+struct xt_length_info_v0 {
+    __u32	min, max;
+    __u8	invert;
+};
+
 static void length_help(void)
 {
 	printf(
@@ -21,8 +26,7 @@ static const struct option length_opts[] = {
 	{ .name = NULL }
 };
 
-static u_int16_t
-parse_length(const char *s)
+static u_int32_t parse_length(const char *s)
 {
 	unsigned int len;
 	
@@ -33,8 +37,7 @@ parse_length(const char *s)
 }
 
 /* If a single value is provided, min and max are both set to the value */
-static void
-parse_lengths(const char *s, struct xt_length_info *info)
+static void parse_lengths(const char *s, struct xt_length_info *info)
 {
 	char *buffer;
 	char *cp;
@@ -47,7 +50,7 @@ parse_lengths(const char *s, struct xt_length_info *info)
 		cp++;
 
 		info->min = buffer[0] ? parse_length(buffer) : 0;
-		info->max = cp[0] ? parse_length(cp) : 0xFFFF;
+		info->max = cp[0] ? parse_length(cp) : 0xFFFFFFFF;
 	}
 	free(buffer);
 	
@@ -58,12 +61,9 @@ parse_lengths(const char *s, struct xt_length_info *info)
 	
 }
 
-static int
-length_parse(int c, char **argv, int invert, unsigned int *flags,
-             const void *entry, struct xt_entry_match **match)
+static int __length_parse(int c, char **argv, int invert, unsigned int *flags,
+			  const void *entry, struct xt_length_info *info)
 {
-	struct xt_length_info *info = (struct xt_length_info *)(*match)->data;
-
 	switch (c) {
 		case '1':
 			if (*flags)
@@ -83,6 +83,31 @@ length_parse(int c, char **argv, int invert, unsigned int *flags,
 	return 1;
 }
 
+static int length_parse(int c, char **argv, int invert, unsigned int *flags,
+			const void *entry, struct xt_entry_match **match)
+{
+	return __length_parse(c, argv, invert, flags, entry,
+			      (struct xt_length_info *)(*match)->data);
+}
+
+static int length_parse_v0(int c, char **argv, int invert, unsigned int *flags,
+			   const void *entry, struct xt_entry_match **match)
+{
+	struct xt_length_info info;
+
+	if (__length_parse(c, argv, invert, flags, entry, &info)) {
+		struct xt_length_info_v0 *info_v0;
+
+		info_v0 = (void *)(*match)->data;
+		info_v0->min = info.min;
+		info_v0->max = info.max;
+		info_v0->invert = info.invert;
+		return 1;
+	}
+
+	return 0;
+}
+
 static void length_check(unsigned int flags)
 {
 	if (!flags)
@@ -90,11 +115,8 @@ static void length_check(unsigned int flags)
 			   "length: You must specify `--length'");
 }
 
-static void
-length_print(const void *ip, const struct xt_entry_match *match, int numeric)
+static void __length_print(const struct xt_length_info *info)
 {
-	const struct xt_length_info *info = (void *)match->data;
-
 	printf("length %s", info->invert ? "!" : "");
 	if (info->min == info->max)
 		printf("%u ", info->min);
@@ -102,10 +124,26 @@ length_print(const void *ip, const struct xt_entry_match *match, int numeric)
 		printf("%u:%u ", info->min, info->max);
 }
 
-static void length_save(const void *ip, const struct xt_entry_match *match)
+static void length_print(const void *ip, const struct xt_entry_match *match,
+			 int numeric)
 {
-	const struct xt_length_info *info = (void *)match->data;
+	__length_print((void *)match->data);
+}
+
+static void length_print_v0(const void *ip, const struct xt_entry_match *match,
+			    int numeric)
+{
+	const struct xt_length_info_v0 *info_v0 = (void *)match->data;
+	struct xt_length_info info;
 
+	info.min = info_v0->min;
+	info.max = info_v0->max;
+	info.invert = info_v0->invert;
+	__length_print(&info);
+}
+
+static void __length_save(const struct xt_length_info *info)
+{
 	printf("%s--length ", info->invert ? "! " : "");
 	if (info->min == info->max)
 		printf("%u ", info->min);
@@ -113,21 +151,54 @@ static void length_save(const void *ip, const struct xt_entry_match *match)
 		printf("%u:%u ", info->min, info->max);
 }
 
-static struct xtables_match length_match = {
-	.family		= NFPROTO_UNSPEC,
-	.name		= "length",
-	.version	= XTABLES_VERSION,
-	.size		= XT_ALIGN(sizeof(struct xt_length_info)),
-	.userspacesize	= XT_ALIGN(sizeof(struct xt_length_info)),
-	.help		= length_help,
-	.parse		= length_parse,
-	.final_check	= length_check,
-	.print		= length_print,
-	.save		= length_save,
-	.extra_opts	= length_opts,
+static void length_save(const void *ip, const struct xt_entry_match *match)
+{
+	__length_save((void *)match->data);
+}
+
+static void length_save_v0(const void *ip, const struct xt_entry_match *match)
+{
+	const struct xt_length_info_v0 *info_v0 = (void *)match->data;
+	struct xt_length_info info;
+
+	info.min = info_v0->min;
+	info.max = info_v0->max;
+	info.invert = info_v0->invert;
+	__length_save(&info);
+}
+
+static struct xtables_match length_mt_reg[] = {
+	{
+		.family		= NFPROTO_UNSPEC,
+		.name		= "length",
+		.version	= XTABLES_VERSION,
+		.size		= XT_ALIGN(sizeof(struct xt_length_info_v0)),
+		.userspacesize	= XT_ALIGN(sizeof(struct xt_length_info_v0)),
+		.help		= length_help,
+		.parse		= length_parse_v0,
+		.final_check	= length_check,
+		.print		= length_print_v0,
+		.save		= length_save_v0,
+		.extra_opts	= length_opts,
+		.revision	= 0,
+	},
+	{
+		.family		= NFPROTO_UNSPEC,
+		.name		= "length",
+		.version	= XTABLES_VERSION,
+		.size		= XT_ALIGN(sizeof(struct xt_length_info)),
+		.userspacesize	= XT_ALIGN(sizeof(struct xt_length_info)),
+		.help		= length_help,
+		.parse		= length_parse,
+		.final_check	= length_check,
+		.print		= length_print,
+		.save		= length_save,
+		.extra_opts	= length_opts,
+		.revision	= 1,
+	},
 };
 
 void _init(void)
 {
-	xtables_register_match(&length_match);
+	xtables_register_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg));
 }
diff --git a/include/linux/netfilter/xt_length.h b/include/linux/netfilter/xt_length.h
index b82ed7c..a12785c 100644
--- a/include/linux/netfilter/xt_length.h
+++ b/include/linux/netfilter/xt_length.h
@@ -4,7 +4,7 @@
 #include <linux/types.h>
 
 struct xt_length_info {
-    __u16	min, max;
+    __u32	min, max;
     __u8	invert;
 };
 

Re: [PATCH iptables] libxt_length: update to revision 1

[Jan Engelhardt]

On Saturday 2010-07-24 13:47, Changli Gao wrote:

>On Sat, Jul 24, 2010 at 4:55 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
>> On Saturday 2010-07-24 06:29, Changli Gao wrote:
>>
>>>update libxt_length to revision 1 to support ipv6 jumbo frames.
>>
>> You can't just go and change these things, would break xt_length v0.
>>
>
>Hmm. I have updated the patch(attached), but the v0 handlers are not
>called. Is there anything I missed? Or Is there a bug in iptables?

Probably because you are still breaking the compatibility by editing 
struct xt_length_info. I'd say let's concentrate on rev 2 that I 
submitted.

Re: [PATCH iptables] libxt_length: update to revision 1

[Changli Gao]

On Mon, Jul 26, 2010 at 12:28 AM, Jan Engelhardt <jengelh@medozas.de> wrote:
> On Saturday 2010-07-24 13:47, Changli Gao wrote:
>
>>On Sat, Jul 24, 2010 at 4:55 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
>>> On Saturday 2010-07-24 06:29, Changli Gao wrote:
>>>
>>>>update libxt_length to revision 1 to support ipv6 jumbo frames.
>>>
>>> You can't just go and change these things, would break xt_length v0.
>>>
>>
>>Hmm. I have updated the patch(attached), but the v0 handlers are not
>>called. Is there anything I missed? Or Is there a bug in iptables?
>
> Probably because you are still breaking the compatibility by editing
> struct xt_length_info.

I am sure it isn't the problem. The kernel module can work with the
old iptables binary. However after I committed the rules with the
revision 1, I can't get the correct output with the command
'iptables-save' or 'iptables -nvL'. I checked the code of iptables,
and found it doesn't check the revision when founding matches and
targets, and even the kernel seems doesn't transfer the revision info
to user space.

> I'd say let's concentrate on rev 2 that I
> submitted.
>

I have seen it. Thanks.

-- 
Regards,
Changli Gao(xiaosuo@gmail.com)

Re: [PATCH iptables] libxt_length: update to revision 1

[Changli Gao]

On Mon, Jul 26, 2010 at 8:07 AM, Changli Gao <xiaosuo@gmail.com> wrote:
> On Mon, Jul 26, 2010 at 12:28 AM, Jan Engelhardt <jengelh@medozas.de> wrote:
>> On Saturday 2010-07-24 13:47, Changli Gao wrote:
>>
>>>On Sat, Jul 24, 2010 at 4:55 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
>>>> On Saturday 2010-07-24 06:29, Changli Gao wrote:
>>>>
>>>>>update libxt_length to revision 1 to support ipv6 jumbo frames.
>>>>
>>>> You can't just go and change these things, would break xt_length v0.
>>>>
>>>
>>>Hmm. I have updated the patch(attached), but the v0 handlers are not
>>>called. Is there anything I missed? Or Is there a bug in iptables?
>>
>> Probably because you are still breaking the compatibility by editing
>> struct xt_length_info.
>
> I am sure it isn't the problem. The kernel module can work with the
> old iptables binary. However after I committed the rules with the
> revision 1, I can't get the correct output with the command
> 'iptables-save' or 'iptables -nvL'.

Sorry. I made a mistake. I committed the rules(revision 0) with the
old iptables, but I could not get the correct output with the new
iptables or iptables-save.

> I checked the code of iptables,
> and found it doesn't check the revision when founding matches and
> targets, and even the kernel seems doesn't transfer the revision info
> to user space.
>
>> I'd say let's concentrate on rev 2 that I
>> submitted.
>>
>
> I have seen it. Thanks.
>
> --
> Regards,
> Changli Gao(xiaosuo@gmail.com)
>



-- 
Regards,
Changli Gao(xiaosuo@gmail.com)