* [iptables PATCH 0/5] Fixes for static builds
@ 2022-03-15 13:26 Phil Sutter
2022-03-15 13:26 ` [iptables PATCH 1/5] libxtables: Fix for warning in xtables_ipmask_to_numeric Phil Sutter
` (4 more replies)
0 siblings, 5 replies; 8+ messages in thread
From: Phil Sutter @ 2022-03-15 13:26 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, Etienne
This series formally submits a slightly modified version of the patch
attached to nfbz#1593 in patch 3. In addition to that:
Patch 1 is pure collateral and unrelated to the remaining series.
Patch 2 simplifies the compile-time conditional init-calls a bit. Done
before the actual fix to avoid adding #ifdefs only to remove them again
in the same series.
Patch 3 Fixes static builds of arp- and ebtables-nft, kindly provided by
Ettiene and slightly adjusted by me.
Patch 4 holds a mini-review of the resulting init_extensions*() call
sites.
Patch 5 fixes shell testsuite for use with static builds.
Etienne (1):
xtables: Call init_extensions{,a,b}() for static builds
Phil Sutter (4):
libxtables: Fix for warning in xtables_ipmask_to_numeric
Simplify static build extension loading
nft: Review static extension loading
tests: shell: Fix 0004-return-codes_0 for static builds
include/xtables.h | 9 +++++++++
iptables/ip6tables-standalone.c | 3 ---
iptables/iptables-restore.c | 4 ----
iptables/iptables-save.c | 4 ----
iptables/iptables-standalone.c | 2 --
.../shell/testcases/iptables/0004-return-codes_0 | 2 +-
iptables/xtables-arp.c | 4 +---
iptables/xtables-eb.c | 4 +---
iptables/xtables-monitor.c | 4 ++--
iptables/xtables-restore.c | 10 ++++++----
iptables/xtables-save.c | 10 ++++++----
iptables/xtables-standalone.c | 10 ++++++----
iptables/xtables-translate.c | 14 ++++++++------
libxtables/xtables.c | 2 +-
14 files changed, 41 insertions(+), 41 deletions(-)
--
2.34.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [iptables PATCH 1/5] libxtables: Fix for warning in xtables_ipmask_to_numeric
2022-03-15 13:26 [iptables PATCH 0/5] Fixes for static builds Phil Sutter
@ 2022-03-15 13:26 ` Phil Sutter
2022-03-15 13:26 ` [iptables PATCH 2/5] Simplify static build extension loading Phil Sutter
` (3 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: Phil Sutter @ 2022-03-15 13:26 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, Etienne
Gcc complains:
| xtables.c: In function 'xtables_ipmask_to_numeric':
| xtables.c:1491:34: warning: '__builtin___sprintf_chk' may write a terminating nul past the end of the destination [-Wformat-overflow=]
| 1491 | sprintf(buf, "/%s", xtables_ipaddr_to_numeric(mask));
| | ^
Indeed, xtables_ipaddr_to_numeric() returns a pointer to a 20 byte
buffer and xtables_ipmask_to_numeric() writes its content into a buffer
of same size at offset 1. Yet length of returned string is deterministic
as it is an IPv4 address. So shrink it to the minimum of 16 bytes which
eliminates the warning as well.
Fixes: a96166c24eaac ("libxtables: add xtables_ip[6]mask_to_cidr")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
libxtables/xtables.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 094cbd87ec1ed..5f47f627df440 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -1418,7 +1418,7 @@ void xtables_param_act(unsigned int status, const char *p1, ...)
const char *xtables_ipaddr_to_numeric(const struct in_addr *addrp)
{
- static char buf[20];
+ static char buf[16];
const unsigned char *bytep = (const void *)&addrp->s_addr;
sprintf(buf, "%u.%u.%u.%u", bytep[0], bytep[1], bytep[2], bytep[3]);
--
2.34.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [iptables PATCH 2/5] Simplify static build extension loading
2022-03-15 13:26 [iptables PATCH 0/5] Fixes for static builds Phil Sutter
2022-03-15 13:26 ` [iptables PATCH 1/5] libxtables: Fix for warning in xtables_ipmask_to_numeric Phil Sutter
@ 2022-03-15 13:26 ` Phil Sutter
2022-03-15 13:26 ` [iptables PATCH 3/5] xtables: Call init_extensions{,a,b}() for static builds Phil Sutter
` (2 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: Phil Sutter @ 2022-03-15 13:26 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, Etienne
Instead of guarding all calls to init_extensions*(), define stubs if not
used.
While at it, also add the missing prototypes for arp- and ebtables
extension initializers.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
include/xtables.h | 9 +++++++++
iptables/ip6tables-standalone.c | 3 ---
iptables/iptables-restore.c | 4 ----
iptables/iptables-save.c | 4 ----
iptables/iptables-standalone.c | 2 --
iptables/xtables-arp.c | 3 ---
iptables/xtables-eb.c | 3 ---
iptables/xtables-monitor.c | 2 --
iptables/xtables-restore.c | 2 --
iptables/xtables-save.c | 2 --
iptables/xtables-standalone.c | 2 --
iptables/xtables-translate.c | 2 --
12 files changed, 9 insertions(+), 29 deletions(-)
diff --git a/include/xtables.h b/include/xtables.h
index ca674c2663eb4..044f191f313cc 100644
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -595,8 +595,17 @@ static inline void xtables_print_mark_mask(unsigned int mark,
extern void init_extensions(void);
extern void init_extensions4(void);
extern void init_extensions6(void);
+ extern void init_extensionsa(void);
+ extern void init_extensionsb(void);
#else
# define _init __attribute__((constructor)) _INIT
+# define EMPTY_FUNC_DEF(x) static inline void x(void) {}
+ EMPTY_FUNC_DEF(init_extensions)
+ EMPTY_FUNC_DEF(init_extensions4)
+ EMPTY_FUNC_DEF(init_extensions6)
+ EMPTY_FUNC_DEF(init_extensionsa)
+ EMPTY_FUNC_DEF(init_extensionsb)
+# undef EMPTY_FUNC_DEF
#endif
extern const struct xtables_pprot xtables_chain_protos[];
diff --git a/iptables/ip6tables-standalone.c b/iptables/ip6tables-standalone.c
index 105b83ba54010..7c8bb0c2748a9 100644
--- a/iptables/ip6tables-standalone.c
+++ b/iptables/ip6tables-standalone.c
@@ -52,11 +52,8 @@ ip6tables_main(int argc, char *argv[])
ip6tables_globals.program_version);
exit(1);
}
-
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions6();
-#endif
ret = do_command6(argc, argv, &table, &handle, false);
if (ret) {
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index 1917fb2315665..d8f65ce1335ea 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -383,10 +383,8 @@ iptables_restore_main(int argc, char *argv[])
iptables_globals.program_version);
exit(1);
}
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
-#endif
ret = ip46tables_restore_main(&ipt_restore_cb, argc, argv);
@@ -417,10 +415,8 @@ ip6tables_restore_main(int argc, char *argv[])
ip6tables_globals.program_version);
exit(1);
}
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions6();
-#endif
ret = ip46tables_restore_main(&ip6t_restore_cb, argc, argv);
diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c
index a114e98bb62dc..a8dded639cbad 100644
--- a/iptables/iptables-save.c
+++ b/iptables/iptables-save.c
@@ -227,10 +227,8 @@ iptables_save_main(int argc, char *argv[])
iptables_globals.program_version);
exit(1);
}
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
-#endif
ret = do_iptables_save(&ipt_save_cb, argc, argv);
@@ -273,10 +271,8 @@ ip6tables_save_main(int argc, char *argv[])
ip6tables_globals.program_version);
exit(1);
}
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions6();
-#endif
ret = do_iptables_save(&ip6t_save_cb, argc, argv);
diff --git a/iptables/iptables-standalone.c b/iptables/iptables-standalone.c
index 8c67ea4d9a2fb..0f263f6fd45e4 100644
--- a/iptables/iptables-standalone.c
+++ b/iptables/iptables-standalone.c
@@ -53,10 +53,8 @@ iptables_main(int argc, char *argv[])
iptables_globals.program_version);
exit(1);
}
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
-#endif
ret = do_command4(argc, argv, &table, &handle, false);
if (ret) {
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 805fb19a5f937..9c44cfc2e46f7 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -205,10 +205,7 @@ int nft_init_arp(struct nft_handle *h, const char *pname)
arptables_globals.program_version);
exit(1);
}
-
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensionsa();
-#endif
if (nft_init(h, NFPROTO_ARP) < 0)
xtables_error(OTHER_PROBLEM,
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 1e5b50ba5b0ab..dcb707f6a66e2 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -668,10 +668,7 @@ int nft_init_eb(struct nft_handle *h, const char *pname)
ebtables_globals.program_version);
exit(1);
}
-
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensionsb();
-#endif
if (nft_init(h, NFPROTO_BRIDGE) < 0)
xtables_error(OTHER_PROBLEM,
diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
index 73dc80c24d722..72d5e04bf40bf 100644
--- a/iptables/xtables-monitor.c
+++ b/iptables/xtables-monitor.c
@@ -625,11 +625,9 @@ int xtables_monitor_main(int argc, char *argv[])
xtables_globals.program_version);
exit(1);
}
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
init_extensions6();
-#endif
if (nft_init(&h, AF_INET)) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 81b25a43c9a04..c6a5ffedc5cb0 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -363,11 +363,9 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
switch (family) {
case NFPROTO_IPV4:
case NFPROTO_IPV6: /* fallthough, same table */
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
init_extensions6();
-#endif
break;
case NFPROTO_ARP:
case NFPROTO_BRIDGE:
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 03d2b980d5371..9bbe8511e7114 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -202,11 +202,9 @@ xtables_save_main(int family, int argc, char *argv[],
switch (family) {
case NFPROTO_IPV4:
case NFPROTO_IPV6: /* fallthough, same table */
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
init_extensions6();
-#endif
d.commit = true;
break;
case NFPROTO_ARP:
diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
index 5482a85689d79..06fedf261d68b 100644
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -67,7 +67,6 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
exit(1);
}
xt_params->program_name = progname;
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
switch (family) {
case NFPROTO_IPV4:
case NFPROTO_IPV6:
@@ -79,7 +78,6 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
init_extensionsa();
break;
}
-#endif
if (nft_init(&h, family) < 0) {
fprintf(stderr, "%s: Failed to initialize nft: %s\n",
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index 6a1cdac14a7da..c518433463dea 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -488,11 +488,9 @@ static int xtables_xlate_main_common(struct nft_handle *h,
switch (family) {
case NFPROTO_IPV4:
case NFPROTO_IPV6: /* fallthrough: same table */
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
init_extensions6();
-#endif
break;
case NFPROTO_ARP:
case NFPROTO_BRIDGE:
--
2.34.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [iptables PATCH 3/5] xtables: Call init_extensions{,a,b}() for static builds
2022-03-15 13:26 [iptables PATCH 0/5] Fixes for static builds Phil Sutter
2022-03-15 13:26 ` [iptables PATCH 1/5] libxtables: Fix for warning in xtables_ipmask_to_numeric Phil Sutter
2022-03-15 13:26 ` [iptables PATCH 2/5] Simplify static build extension loading Phil Sutter
@ 2022-03-15 13:26 ` Phil Sutter
2022-03-15 13:50 ` Etienne Champetier
2022-03-15 13:26 ` [iptables PATCH 4/5] nft: Review static extension loading Phil Sutter
2022-03-15 13:26 ` [iptables PATCH 5/5] tests: shell: Fix 0004-return-codes_0 for static builds Phil Sutter
4 siblings, 1 reply; 8+ messages in thread
From: Phil Sutter @ 2022-03-15 13:26 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, Etienne
From: Etienne <champetier.etienne@gmail.com>
Add calls to arp- and ebtables-specific extension loaders where missing.
Also consistently call init_extensions() for them, as some extensions
(ebtables 'limit' and arptables 'CLASSIFY' and 'MARK') live in libxt_*
files.
Signed-off-by: Etienne <champetier.etienne@gmail.com>
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
Changes since nfbz:
- rebased onto previous commit
- avoid mixing declaration and code in xtables_save_main()
- add a more descriptive commit message
---
iptables/xtables-arp.c | 1 +
iptables/xtables-eb.c | 1 +
iptables/xtables-monitor.c | 2 ++
iptables/xtables-restore.c | 5 +++++
iptables/xtables-save.c | 4 ++++
iptables/xtables-standalone.c | 5 +++++
iptables/xtables-translate.c | 11 ++++++++---
7 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 9c44cfc2e46f7..68514297f381f 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -205,6 +205,7 @@ int nft_init_arp(struct nft_handle *h, const char *pname)
arptables_globals.program_version);
exit(1);
}
+ init_extensions();
init_extensionsa();
if (nft_init(h, NFPROTO_ARP) < 0)
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index dcb707f6a66e2..a7bfb9c5c60b8 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -668,6 +668,7 @@ int nft_init_eb(struct nft_handle *h, const char *pname)
ebtables_globals.program_version);
exit(1);
}
+ init_extensions();
init_extensionsb();
if (nft_init(h, NFPROTO_BRIDGE) < 0)
diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
index 72d5e04bf40bf..8a04f4d1490c1 100644
--- a/iptables/xtables-monitor.c
+++ b/iptables/xtables-monitor.c
@@ -628,6 +628,8 @@ int xtables_monitor_main(int argc, char *argv[])
init_extensions();
init_extensions4();
init_extensions6();
+ init_extensionsa();
+ init_extensionsb();
if (nft_init(&h, AF_INET)) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index c6a5ffedc5cb0..0250ed7dd8d66 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -368,7 +368,12 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
init_extensions6();
break;
case NFPROTO_ARP:
+ init_extensions();
+ init_extensionsa();
+ break;
case NFPROTO_BRIDGE:
+ init_extensions();
+ init_extensionsb();
break;
default:
fprintf(stderr, "Unknown family %d\n", family);
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 9bbe8511e7114..3b6b7e25063fe 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -208,6 +208,8 @@ xtables_save_main(int family, int argc, char *argv[],
d.commit = true;
break;
case NFPROTO_ARP:
+ init_extensions();
+ init_extensionsa();
break;
case NFPROTO_BRIDGE: {
const char *ctr = getenv("EBTABLES_SAVE_COUNTER");
@@ -218,6 +220,8 @@ xtables_save_main(int family, int argc, char *argv[],
d.format &= ~FMT_NOCOUNTS;
d.format |= FMT_C_COUNTS | FMT_EBT_SAVE;
}
+ init_extensions();
+ init_extensionsb();
break;
}
default:
diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
index 06fedf261d68b..3faae02d408cc 100644
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -75,8 +75,13 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
init_extensions6();
break;
case NFPROTO_ARP:
+ init_extensions();
init_extensionsa();
break;
+ case NFPROTO_BRIDGE:
+ init_extensions();
+ init_extensionsb();
+ break;
}
if (nft_init(&h, family) < 0) {
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index c518433463dea..07a9c1bec0bc5 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -488,12 +488,17 @@ static int xtables_xlate_main_common(struct nft_handle *h,
switch (family) {
case NFPROTO_IPV4:
case NFPROTO_IPV6: /* fallthrough: same table */
- init_extensions();
- init_extensions4();
- init_extensions6();
+ init_extensions();
+ init_extensions4();
+ init_extensions6();
break;
case NFPROTO_ARP:
+ init_extensions();
+ init_extensionsa();
+ break;
case NFPROTO_BRIDGE:
+ init_extensions();
+ init_extensionsb();
break;
default:
fprintf(stderr, "Unknown family %d\n", family);
--
2.34.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [iptables PATCH 4/5] nft: Review static extension loading
2022-03-15 13:26 [iptables PATCH 0/5] Fixes for static builds Phil Sutter
` (2 preceding siblings ...)
2022-03-15 13:26 ` [iptables PATCH 3/5] xtables: Call init_extensions{,a,b}() for static builds Phil Sutter
@ 2022-03-15 13:26 ` Phil Sutter
2022-03-15 13:26 ` [iptables PATCH 5/5] tests: shell: Fix 0004-return-codes_0 for static builds Phil Sutter
4 siblings, 0 replies; 8+ messages in thread
From: Phil Sutter @ 2022-03-15 13:26 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, Etienne
Combine the init_extensions() call common to all families, do not load
IPv6 extensions for iptables and vice versa, drop the outdated comment
about "same table".
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/xtables-restore.c | 7 +++----
iptables/xtables-save.c | 8 ++++----
iptables/xtables-standalone.c | 7 +++----
iptables/xtables-translate.c | 7 +++----
4 files changed, 13 insertions(+), 16 deletions(-)
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 0250ed7dd8d66..b3cf401794198 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -360,19 +360,18 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
p.in = stdin;
}
+ init_extensions();
switch (family) {
case NFPROTO_IPV4:
- case NFPROTO_IPV6: /* fallthough, same table */
- init_extensions();
init_extensions4();
+ break;
+ case NFPROTO_IPV6:
init_extensions6();
break;
case NFPROTO_ARP:
- init_extensions();
init_extensionsa();
break;
case NFPROTO_BRIDGE:
- init_extensions();
init_extensionsb();
break;
default:
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 3b6b7e25063fe..5a82cac5dd7c0 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -199,16 +199,17 @@ xtables_save_main(int family, int argc, char *argv[],
exit(1);
}
+ init_extensions();
switch (family) {
case NFPROTO_IPV4:
- case NFPROTO_IPV6: /* fallthough, same table */
- init_extensions();
init_extensions4();
+ d.commit = true;
+ break;
+ case NFPROTO_IPV6:
init_extensions6();
d.commit = true;
break;
case NFPROTO_ARP:
- init_extensions();
init_extensionsa();
break;
case NFPROTO_BRIDGE: {
@@ -220,7 +221,6 @@ xtables_save_main(int family, int argc, char *argv[],
d.format &= ~FMT_NOCOUNTS;
d.format |= FMT_C_COUNTS | FMT_EBT_SAVE;
}
- init_extensions();
init_extensionsb();
break;
}
diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
index 3faae02d408cc..117b0c69dd14f 100644
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -67,19 +67,18 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
exit(1);
}
xt_params->program_name = progname;
+ init_extensions();
switch (family) {
case NFPROTO_IPV4:
- case NFPROTO_IPV6:
- init_extensions();
init_extensions4();
+ break;
+ case NFPROTO_IPV6:
init_extensions6();
break;
case NFPROTO_ARP:
- init_extensions();
init_extensionsa();
break;
case NFPROTO_BRIDGE:
- init_extensions();
init_extensionsb();
break;
}
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index 07a9c1bec0bc5..d1e87f167df74 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -485,19 +485,18 @@ static int xtables_xlate_main_common(struct nft_handle *h,
xtables_globals.program_version);
return 1;
}
+ init_extensions();
switch (family) {
case NFPROTO_IPV4:
- case NFPROTO_IPV6: /* fallthrough: same table */
- init_extensions();
init_extensions4();
+ break;
+ case NFPROTO_IPV6:
init_extensions6();
break;
case NFPROTO_ARP:
- init_extensions();
init_extensionsa();
break;
case NFPROTO_BRIDGE:
- init_extensions();
init_extensionsb();
break;
default:
--
2.34.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [iptables PATCH 5/5] tests: shell: Fix 0004-return-codes_0 for static builds
2022-03-15 13:26 [iptables PATCH 0/5] Fixes for static builds Phil Sutter
` (3 preceding siblings ...)
2022-03-15 13:26 ` [iptables PATCH 4/5] nft: Review static extension loading Phil Sutter
@ 2022-03-15 13:26 ` Phil Sutter
4 siblings, 0 replies; 8+ messages in thread
From: Phil Sutter @ 2022-03-15 13:26 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, Etienne
In static builds, xtables_find_match() returns a slightly different
error message if not found - make grep accept both.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/tests/shell/testcases/iptables/0004-return-codes_0 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iptables/tests/shell/testcases/iptables/0004-return-codes_0 b/iptables/tests/shell/testcases/iptables/0004-return-codes_0
index dcd9dfd3c0806..33c5f1f35d17f 100755
--- a/iptables/tests/shell/testcases/iptables/0004-return-codes_0
+++ b/iptables/tests/shell/testcases/iptables/0004-return-codes_0
@@ -39,7 +39,7 @@ E2BIG_D=": Index of deletion too big."
E2BIG_R=": Index of replacement too big."
EBADRULE=": Bad rule (does a matching rule exist in that chain?)."
#ENOTGT=" v[0-9\.]* [^ ]*: Couldn't load target \`foobar':No such file or directory"
-ENOMTH=" v[0-9\.]* [^ ]*: Couldn't load match \`foobar':No such file or directory"
+ENOMTH=" v[0-9\.]* [^ ]*: Couldn't \(load\|find\) match \`foobar'\(:No such file or directory\|\)"
ENOTBL=": can't initialize iptables table \`foobar': Table does not exist"
# test chain creation
--
2.34.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [iptables PATCH 3/5] xtables: Call init_extensions{,a,b}() for static builds
2022-03-15 13:26 ` [iptables PATCH 3/5] xtables: Call init_extensions{,a,b}() for static builds Phil Sutter
@ 2022-03-15 13:50 ` Etienne Champetier
2022-03-15 13:54 ` Phil Sutter
0 siblings, 1 reply; 8+ messages in thread
From: Etienne Champetier @ 2022-03-15 13:50 UTC (permalink / raw)
To: Phil Sutter; +Cc: Pablo Neira Ayuso, netfilter-devel
Hello Phil,
Le mar. 15 mars 2022 à 09:26, Phil Sutter <phil@nwl.cc> a écrit :
>
> From: Etienne <champetier.etienne@gmail.com>
I messed up the git config on the system I generated my patch,
Signed-off-by and From should "Etienne Champetier"
> Add calls to arp- and ebtables-specific extension loaders where missing.
> Also consistently call init_extensions() for them, as some extensions
> (ebtables 'limit' and arptables 'CLASSIFY' and 'MARK') live in libxt_*
> files.
>
> Signed-off-by: Etienne <champetier.etienne@gmail.com>
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> Changes since nfbz:
> - rebased onto previous commit
> - avoid mixing declaration and code in xtables_save_main()
> - add a more descriptive commit message
> ---
> iptables/xtables-arp.c | 1 +
> iptables/xtables-eb.c | 1 +
> iptables/xtables-monitor.c | 2 ++
> iptables/xtables-restore.c | 5 +++++
> iptables/xtables-save.c | 4 ++++
> iptables/xtables-standalone.c | 5 +++++
> iptables/xtables-translate.c | 11 ++++++++---
> 7 files changed, 26 insertions(+), 3 deletions(-)
>
> ...
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [iptables PATCH 3/5] xtables: Call init_extensions{,a,b}() for static builds
2022-03-15 13:50 ` Etienne Champetier
@ 2022-03-15 13:54 ` Phil Sutter
0 siblings, 0 replies; 8+ messages in thread
From: Phil Sutter @ 2022-03-15 13:54 UTC (permalink / raw)
To: Etienne Champetier; +Cc: Pablo Neira Ayuso, netfilter-devel
Hi,
On Tue, Mar 15, 2022 at 09:50:23AM -0400, Etienne Champetier wrote:
> Le mar. 15 mars 2022 à 09:26, Phil Sutter <phil@nwl.cc> a écrit :
> >
> > From: Etienne <champetier.etienne@gmail.com>
>
> I messed up the git config on the system I generated my patch,
> Signed-off-by and From should "Etienne Champetier"
No problem, I'll fix it before pushing the commits.
Thanks, Phil
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-03-15 13:54 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-15 13:26 [iptables PATCH 0/5] Fixes for static builds Phil Sutter
2022-03-15 13:26 ` [iptables PATCH 1/5] libxtables: Fix for warning in xtables_ipmask_to_numeric Phil Sutter
2022-03-15 13:26 ` [iptables PATCH 2/5] Simplify static build extension loading Phil Sutter
2022-03-15 13:26 ` [iptables PATCH 3/5] xtables: Call init_extensions{,a,b}() for static builds Phil Sutter
2022-03-15 13:50 ` Etienne Champetier
2022-03-15 13:54 ` Phil Sutter
2022-03-15 13:26 ` [iptables PATCH 4/5] nft: Review static extension loading Phil Sutter
2022-03-15 13:26 ` [iptables PATCH 5/5] tests: shell: Fix 0004-return-codes_0 for static builds Phil Sutter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).