* [PATCH iptables] libxt_length: update to revision 1 @ 2010-07-24 4:29 Changli Gao 2010-07-24 5:28 ` Eric Dumazet 2010-07-24 8:55 ` Jan Engelhardt 0 siblings, 2 replies; 8+ messages in thread From: Changli Gao @ 2010-07-24 4:29 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel, Changli Gao update libxt_length to revision 1 to support ipv6 jumbo frames. Signed-off-by: Changli Gao <xiaosuo@gmail.com> ---- extensions/libxt_length.c | 1 + include/linux/netfilter/xt_length.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c index 96e8b6c..5d0f5e9 100644 --- a/extensions/libxt_length.c +++ b/extensions/libxt_length.c @@ -125,6 +125,7 @@ static struct xtables_match length_match = { .print = length_print, .save = length_save, .extra_opts = length_opts, + .revision = 1, }; void _init(void) diff --git a/include/linux/netfilter/xt_length.h b/include/linux/netfilter/xt_length.h index b82ed7c..a12785c 100644 --- a/include/linux/netfilter/xt_length.h +++ b/include/linux/netfilter/xt_length.h @@ -4,7 +4,7 @@ #include <linux/types.h> struct xt_length_info { - __u16 min, max; + __u32 min, max; __u8 invert; }; ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH iptables] libxt_length: update to revision 1 2010-07-24 4:29 [PATCH iptables] libxt_length: update to revision 1 Changli Gao @ 2010-07-24 5:28 ` Eric Dumazet 2010-07-24 5:43 ` Changli Gao 2010-07-24 8:55 ` Jan Engelhardt 1 sibling, 1 reply; 8+ messages in thread From: Eric Dumazet @ 2010-07-24 5:28 UTC (permalink / raw) To: Changli Gao; +Cc: Patrick McHardy, netfilter-devel Le samedi 24 juillet 2010 à 12:29 +0800, Changli Gao a écrit : > update libxt_length to revision 1 to support ipv6 jumbo frames. > > Signed-off-by: Changli Gao <xiaosuo@gmail.com> > ---- > extensions/libxt_length.c | 1 + > include/linux/netfilter/xt_length.h | 2 +- > 2 files changed, 2 insertions(+), 1 deletion(-) > diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c > index 96e8b6c..5d0f5e9 100644 > --- a/extensions/libxt_length.c > +++ b/extensions/libxt_length.c > @@ -125,6 +125,7 @@ static struct xtables_match length_match = { > .print = length_print, > .save = length_save, > .extra_opts = length_opts, > + .revision = 1, > }; > > void _init(void) Hmm... I think you missed at line 50 : info->max = cp[0] ? parse_length(cp) : 0xFFFF; Or document the thing... -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH iptables] libxt_length: update to revision 1 2010-07-24 5:28 ` Eric Dumazet @ 2010-07-24 5:43 ` Changli Gao 0 siblings, 0 replies; 8+ messages in thread From: Changli Gao @ 2010-07-24 5:43 UTC (permalink / raw) To: Eric Dumazet; +Cc: Patrick McHardy, netfilter-devel On Sat, Jul 24, 2010 at 1:28 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote: > Le samedi 24 juillet 2010 à 12:29 +0800, Changli Gao a écrit : >> update libxt_length to revision 1 to support ipv6 jumbo frames. >> >> Signed-off-by: Changli Gao <xiaosuo@gmail.com> >> ---- >> extensions/libxt_length.c | 1 + >> include/linux/netfilter/xt_length.h | 2 +- >> 2 files changed, 2 insertions(+), 1 deletion(-) >> diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c >> index 96e8b6c..5d0f5e9 100644 >> --- a/extensions/libxt_length.c >> +++ b/extensions/libxt_length.c >> @@ -125,6 +125,7 @@ static struct xtables_match length_match = { >> .print = length_print, >> .save = length_save, >> .extra_opts = length_opts, >> + .revision = 1, >> }; >> >> void _init(void) > > Hmm... I think you missed at line 50 : > > > info->max = cp[0] ? parse_length(cp) : 0xFFFF; > > Or document the thing... > Oh, thanks. I think we can change 0xFFFF to 0xFFFFFFFF, and I also need to update the return value of parse_length() to u_int32_t. -- Regards, Changli Gao(xiaosuo@gmail.com) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH iptables] libxt_length: update to revision 1 2010-07-24 4:29 [PATCH iptables] libxt_length: update to revision 1 Changli Gao 2010-07-24 5:28 ` Eric Dumazet @ 2010-07-24 8:55 ` Jan Engelhardt 2010-07-24 11:47 ` Changli Gao 1 sibling, 1 reply; 8+ messages in thread From: Jan Engelhardt @ 2010-07-24 8:55 UTC (permalink / raw) To: Changli Gao; +Cc: Patrick McHardy, netfilter-devel On Saturday 2010-07-24 06:29, Changli Gao wrote: >update libxt_length to revision 1 to support ipv6 jumbo frames. You can't just go and change these things, would break xt_length v0. >Signed-off-by: Changli Gao <xiaosuo@gmail.com> >---- > extensions/libxt_length.c | 1 + > include/linux/netfilter/xt_length.h | 2 +- > 2 files changed, 2 insertions(+), 1 deletion(-) >diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c >index 96e8b6c..5d0f5e9 100644 >--- a/extensions/libxt_length.c >+++ b/extensions/libxt_length.c >@@ -125,6 +125,7 @@ static struct xtables_match length_match = { > .print = length_print, > .save = length_save, > .extra_opts = length_opts, >+ .revision = 1, > }; > > void _init(void) >diff --git a/include/linux/netfilter/xt_length.h b/include/linux/netfilter/xt_length.h >index b82ed7c..a12785c 100644 >--- a/include/linux/netfilter/xt_length.h >+++ b/include/linux/netfilter/xt_length.h >@@ -4,7 +4,7 @@ > #include <linux/types.h> > > struct xt_length_info { >- __u16 min, max; >+ __u32 min, max; > __u8 invert; > }; > >-- >To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in >the body of a message to majordomo@vger.kernel.org >More majordomo info at http://vger.kernel.org/majordomo-info.html > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH iptables] libxt_length: update to revision 1 2010-07-24 8:55 ` Jan Engelhardt @ 2010-07-24 11:47 ` Changli Gao 2010-07-25 16:28 ` Jan Engelhardt 0 siblings, 1 reply; 8+ messages in thread From: Changli Gao @ 2010-07-24 11:47 UTC (permalink / raw) To: Jan Engelhardt; +Cc: Patrick McHardy, netfilter-devel [-- Attachment #1: Type: text/plain, Size: 452 bytes --] On Sat, Jul 24, 2010 at 4:55 PM, Jan Engelhardt <jengelh@medozas.de> wrote: > On Saturday 2010-07-24 06:29, Changli Gao wrote: > >>update libxt_length to revision 1 to support ipv6 jumbo frames. > > You can't just go and change these things, would break xt_length v0. > Hmm. I have updated the patch(attached), but the v0 handlers are not called. Is there anything I missed? Or Is there a bug in iptables? -- Regards, Changli Gao(xiaosuo@gmail.com) [-- Attachment #2: xt_len.diff --] [-- Type: application/octet-stream, Size: 6116 bytes --] diff --git a/extensions/libxt_length.c b/extensions/libxt_length.c index 96e8b6c..774a80e 100644 --- a/extensions/libxt_length.c +++ b/extensions/libxt_length.c @@ -8,6 +8,11 @@ #include <xtables.h> #include <linux/netfilter/xt_length.h> +struct xt_length_info_v0 { + __u32 min, max; + __u8 invert; +}; + static void length_help(void) { printf( @@ -21,8 +26,7 @@ static const struct option length_opts[] = { { .name = NULL } }; -static u_int16_t -parse_length(const char *s) +static u_int32_t parse_length(const char *s) { unsigned int len; @@ -33,8 +37,7 @@ parse_length(const char *s) } /* If a single value is provided, min and max are both set to the value */ -static void -parse_lengths(const char *s, struct xt_length_info *info) +static void parse_lengths(const char *s, struct xt_length_info *info) { char *buffer; char *cp; @@ -47,7 +50,7 @@ parse_lengths(const char *s, struct xt_length_info *info) cp++; info->min = buffer[0] ? parse_length(buffer) : 0; - info->max = cp[0] ? parse_length(cp) : 0xFFFF; + info->max = cp[0] ? parse_length(cp) : 0xFFFFFFFF; } free(buffer); @@ -58,12 +61,9 @@ parse_lengths(const char *s, struct xt_length_info *info) } -static int -length_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static int __length_parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, struct xt_length_info *info) { - struct xt_length_info *info = (struct xt_length_info *)(*match)->data; - switch (c) { case '1': if (*flags) @@ -83,6 +83,31 @@ length_parse(int c, char **argv, int invert, unsigned int *flags, return 1; } +static int length_parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, struct xt_entry_match **match) +{ + return __length_parse(c, argv, invert, flags, entry, + (struct xt_length_info *)(*match)->data); +} + +static int length_parse_v0(int c, char **argv, int invert, unsigned int *flags, + const void *entry, struct xt_entry_match **match) +{ + struct xt_length_info info; + + if (__length_parse(c, argv, invert, flags, entry, &info)) { + struct xt_length_info_v0 *info_v0; + + info_v0 = (void *)(*match)->data; + info_v0->min = info.min; + info_v0->max = info.max; + info_v0->invert = info.invert; + return 1; + } + + return 0; +} + static void length_check(unsigned int flags) { if (!flags) @@ -90,11 +115,8 @@ static void length_check(unsigned int flags) "length: You must specify `--length'"); } -static void -length_print(const void *ip, const struct xt_entry_match *match, int numeric) +static void __length_print(const struct xt_length_info *info) { - const struct xt_length_info *info = (void *)match->data; - printf("length %s", info->invert ? "!" : ""); if (info->min == info->max) printf("%u ", info->min); @@ -102,10 +124,26 @@ length_print(const void *ip, const struct xt_entry_match *match, int numeric) printf("%u:%u ", info->min, info->max); } -static void length_save(const void *ip, const struct xt_entry_match *match) +static void length_print(const void *ip, const struct xt_entry_match *match, + int numeric) { - const struct xt_length_info *info = (void *)match->data; + __length_print((void *)match->data); +} + +static void length_print_v0(const void *ip, const struct xt_entry_match *match, + int numeric) +{ + const struct xt_length_info_v0 *info_v0 = (void *)match->data; + struct xt_length_info info; + info.min = info_v0->min; + info.max = info_v0->max; + info.invert = info_v0->invert; + __length_print(&info); +} + +static void __length_save(const struct xt_length_info *info) +{ printf("%s--length ", info->invert ? "! " : ""); if (info->min == info->max) printf("%u ", info->min); @@ -113,21 +151,54 @@ static void length_save(const void *ip, const struct xt_entry_match *match) printf("%u:%u ", info->min, info->max); } -static struct xtables_match length_match = { - .family = NFPROTO_UNSPEC, - .name = "length", - .version = XTABLES_VERSION, - .size = XT_ALIGN(sizeof(struct xt_length_info)), - .userspacesize = XT_ALIGN(sizeof(struct xt_length_info)), - .help = length_help, - .parse = length_parse, - .final_check = length_check, - .print = length_print, - .save = length_save, - .extra_opts = length_opts, +static void length_save(const void *ip, const struct xt_entry_match *match) +{ + __length_save((void *)match->data); +} + +static void length_save_v0(const void *ip, const struct xt_entry_match *match) +{ + const struct xt_length_info_v0 *info_v0 = (void *)match->data; + struct xt_length_info info; + + info.min = info_v0->min; + info.max = info_v0->max; + info.invert = info_v0->invert; + __length_save(&info); +} + +static struct xtables_match length_mt_reg[] = { + { + .family = NFPROTO_UNSPEC, + .name = "length", + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_length_info_v0)), + .userspacesize = XT_ALIGN(sizeof(struct xt_length_info_v0)), + .help = length_help, + .parse = length_parse_v0, + .final_check = length_check, + .print = length_print_v0, + .save = length_save_v0, + .extra_opts = length_opts, + .revision = 0, + }, + { + .family = NFPROTO_UNSPEC, + .name = "length", + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_length_info)), + .userspacesize = XT_ALIGN(sizeof(struct xt_length_info)), + .help = length_help, + .parse = length_parse, + .final_check = length_check, + .print = length_print, + .save = length_save, + .extra_opts = length_opts, + .revision = 1, + }, }; void _init(void) { - xtables_register_match(&length_match); + xtables_register_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg)); } diff --git a/include/linux/netfilter/xt_length.h b/include/linux/netfilter/xt_length.h index b82ed7c..a12785c 100644 --- a/include/linux/netfilter/xt_length.h +++ b/include/linux/netfilter/xt_length.h @@ -4,7 +4,7 @@ #include <linux/types.h> struct xt_length_info { - __u16 min, max; + __u32 min, max; __u8 invert; }; ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH iptables] libxt_length: update to revision 1 2010-07-24 11:47 ` Changli Gao @ 2010-07-25 16:28 ` Jan Engelhardt 2010-07-26 0:07 ` Changli Gao 0 siblings, 1 reply; 8+ messages in thread From: Jan Engelhardt @ 2010-07-25 16:28 UTC (permalink / raw) To: Changli Gao; +Cc: Patrick McHardy, netfilter-devel On Saturday 2010-07-24 13:47, Changli Gao wrote: >On Sat, Jul 24, 2010 at 4:55 PM, Jan Engelhardt <jengelh@medozas.de> wrote: >> On Saturday 2010-07-24 06:29, Changli Gao wrote: >> >>>update libxt_length to revision 1 to support ipv6 jumbo frames. >> >> You can't just go and change these things, would break xt_length v0. >> > >Hmm. I have updated the patch(attached), but the v0 handlers are not >called. Is there anything I missed? Or Is there a bug in iptables? Probably because you are still breaking the compatibility by editing struct xt_length_info. I'd say let's concentrate on rev 2 that I submitted. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH iptables] libxt_length: update to revision 1 2010-07-25 16:28 ` Jan Engelhardt @ 2010-07-26 0:07 ` Changli Gao 2010-07-26 0:21 ` Changli Gao 0 siblings, 1 reply; 8+ messages in thread From: Changli Gao @ 2010-07-26 0:07 UTC (permalink / raw) To: Jan Engelhardt; +Cc: Patrick McHardy, netfilter-devel On Mon, Jul 26, 2010 at 12:28 AM, Jan Engelhardt <jengelh@medozas.de> wrote: > On Saturday 2010-07-24 13:47, Changli Gao wrote: > >>On Sat, Jul 24, 2010 at 4:55 PM, Jan Engelhardt <jengelh@medozas.de> wrote: >>> On Saturday 2010-07-24 06:29, Changli Gao wrote: >>> >>>>update libxt_length to revision 1 to support ipv6 jumbo frames. >>> >>> You can't just go and change these things, would break xt_length v0. >>> >> >>Hmm. I have updated the patch(attached), but the v0 handlers are not >>called. Is there anything I missed? Or Is there a bug in iptables? > > Probably because you are still breaking the compatibility by editing > struct xt_length_info. I am sure it isn't the problem. The kernel module can work with the old iptables binary. However after I committed the rules with the revision 1, I can't get the correct output with the command 'iptables-save' or 'iptables -nvL'. I checked the code of iptables, and found it doesn't check the revision when founding matches and targets, and even the kernel seems doesn't transfer the revision info to user space. > I'd say let's concentrate on rev 2 that I > submitted. > I have seen it. Thanks. -- Regards, Changli Gao(xiaosuo@gmail.com) ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH iptables] libxt_length: update to revision 1 2010-07-26 0:07 ` Changli Gao @ 2010-07-26 0:21 ` Changli Gao 0 siblings, 0 replies; 8+ messages in thread From: Changli Gao @ 2010-07-26 0:21 UTC (permalink / raw) To: Jan Engelhardt; +Cc: Patrick McHardy, netfilter-devel On Mon, Jul 26, 2010 at 8:07 AM, Changli Gao <xiaosuo@gmail.com> wrote: > On Mon, Jul 26, 2010 at 12:28 AM, Jan Engelhardt <jengelh@medozas.de> wrote: >> On Saturday 2010-07-24 13:47, Changli Gao wrote: >> >>>On Sat, Jul 24, 2010 at 4:55 PM, Jan Engelhardt <jengelh@medozas.de> wrote: >>>> On Saturday 2010-07-24 06:29, Changli Gao wrote: >>>> >>>>>update libxt_length to revision 1 to support ipv6 jumbo frames. >>>> >>>> You can't just go and change these things, would break xt_length v0. >>>> >>> >>>Hmm. I have updated the patch(attached), but the v0 handlers are not >>>called. Is there anything I missed? Or Is there a bug in iptables? >> >> Probably because you are still breaking the compatibility by editing >> struct xt_length_info. > > I am sure it isn't the problem. The kernel module can work with the > old iptables binary. However after I committed the rules with the > revision 1, I can't get the correct output with the command > 'iptables-save' or 'iptables -nvL'. Sorry. I made a mistake. I committed the rules(revision 0) with the old iptables, but I could not get the correct output with the new iptables or iptables-save. > I checked the code of iptables, > and found it doesn't check the revision when founding matches and > targets, and even the kernel seems doesn't transfer the revision info > to user space. > >> I'd say let's concentrate on rev 2 that I >> submitted. >> > > I have seen it. Thanks. > > -- > Regards, > Changli Gao(xiaosuo@gmail.com) > -- Regards, Changli Gao(xiaosuo@gmail.com) ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2010-07-26 0:21 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-07-24 4:29 [PATCH iptables] libxt_length: update to revision 1 Changli Gao 2010-07-24 5:28 ` Eric Dumazet 2010-07-24 5:43 ` Changli Gao 2010-07-24 8:55 ` Jan Engelhardt 2010-07-24 11:47 ` Changli Gao 2010-07-25 16:28 ` Jan Engelhardt 2010-07-26 0:07 ` Changli Gao 2010-07-26 0:21 ` Changli Gao
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).