|
 |
8cce6c |
From c30599e8d9465da351cf2bc96b67574a6b1ae72b Mon Sep 17 00:00:00 2001
|
|
|
8cce6c |
From: Phil Sutter <phil@nwl.cc>
|
|
|
8cce6c |
Date: Thu, 31 Jan 2019 16:12:51 +0100
|
|
|
8cce6c |
Subject: [PATCH] arptables-nft: Fix MARK target parsing and printing
|
|
|
8cce6c |
|
|
|
8cce6c |
Legacy arptables parses mark values in hex no matter if prefixed with
|
|
|
8cce6c |
'0x' or not. Sadly, this is not easily achievable with guided option
|
|
|
8cce6c |
parser. Hence fall back to the old 'parse' callback. The introduced
|
|
|
8cce6c |
target definition is valid only for revision 2, but that's consistent
|
|
|
8cce6c |
with legacy arptables.
|
|
|
8cce6c |
|
|
|
8cce6c |
When printing, use --set-mark option instead of --set-xmark.
|
|
|
8cce6c |
|
|
|
8cce6c |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
8cce6c |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
8cce6c |
(cherry picked from commit f7fa88020f3bc4ec646ce2a48731a1f5fa2aa0a9)
|
|
|
8cce6c |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
8cce6c |
---
|
|
|
8cce6c |
extensions/libxt_MARK.c | 95 +++++++++++++++++++
|
|
|
8cce6c |
.../arptables/0001-arptables-save-restore_0 | 2 +-
|
|
|
8cce6c |
2 files changed, 96 insertions(+), 1 deletion(-)
|
|
|
8cce6c |
|
|
|
8cce6c |
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
|
|
|
8cce6c |
index 43aa977924b12..b765af6c35304 100644
|
|
|
8cce6c |
--- a/extensions/libxt_MARK.c
|
|
|
8cce6c |
+++ b/extensions/libxt_MARK.c
|
|
|
8cce6c |
@@ -1,3 +1,4 @@
|
|
|
8cce6c |
+#include <getopt.h>
|
|
|
8cce6c |
#include <stdbool.h>
|
|
|
8cce6c |
#include <stdio.h>
|
|
|
8cce6c |
#include <xtables.h>
|
|
|
8cce6c |
@@ -245,6 +246,87 @@ static void mark_tg_save(const void *ip, const struct xt_entry_target *target)
|
|
|
8cce6c |
printf(" --set-xmark 0x%x/0x%x", info->mark, info->mask);
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
+static void mark_tg_arp_save(const void *ip, const struct xt_entry_target *target)
|
|
|
8cce6c |
+{
|
|
|
8cce6c |
+ const struct xt_mark_tginfo2 *info = (const void *)target->data;
|
|
|
8cce6c |
+
|
|
|
8cce6c |
+ if (info->mark == 0)
|
|
|
8cce6c |
+ printf(" --and-mark %x", (unsigned int)(uint32_t)~info->mask);
|
|
|
8cce6c |
+ else if (info->mark == info->mask)
|
|
|
8cce6c |
+ printf(" --or-mark %x", info->mark);
|
|
|
8cce6c |
+ else
|
|
|
8cce6c |
+ printf(" --set-mark %x", info->mark);
|
|
|
8cce6c |
+}
|
|
|
8cce6c |
+
|
|
|
8cce6c |
+static void mark_tg_arp_print(const void *ip,
|
|
|
8cce6c |
+ const struct xt_entry_target *target, int numeric)
|
|
|
8cce6c |
+{
|
|
|
8cce6c |
+ mark_tg_arp_save(ip, target);
|
|
|
8cce6c |
+}
|
|
|
8cce6c |
+
|
|
|
8cce6c |
+#define MARK_OPT 1
|
|
|
8cce6c |
+#define AND_MARK_OPT 2
|
|
|
8cce6c |
+#define OR_MARK_OPT 3
|
|
|
8cce6c |
+
|
|
|
8cce6c |
+static struct option mark_tg_arp_opts[] = {
|
|
|
8cce6c |
+ { .name = "set-mark", .has_arg = required_argument, .flag = 0, .val = MARK_OPT },
|
|
|
8cce6c |
+ { .name = "and-mark", .has_arg = required_argument, .flag = 0, .val = AND_MARK_OPT },
|
|
|
8cce6c |
+ { .name = "or-mark", .has_arg = required_argument, .flag = 0, .val = OR_MARK_OPT },
|
|
|
8cce6c |
+ { .name = NULL}
|
|
|
8cce6c |
+};
|
|
|
8cce6c |
+
|
|
|
8cce6c |
+static int
|
|
|
8cce6c |
+mark_tg_arp_parse(int c, char **argv, int invert, unsigned int *flags,
|
|
|
8cce6c |
+ const void *entry, struct xt_entry_target **target)
|
|
|
8cce6c |
+{
|
|
|
8cce6c |
+ struct xt_mark_tginfo2 *info =
|
|
|
8cce6c |
+ (struct xt_mark_tginfo2 *)(*target)->data;
|
|
|
8cce6c |
+ int i;
|
|
|
8cce6c |
+
|
|
|
8cce6c |
+ switch (c) {
|
|
|
8cce6c |
+ case MARK_OPT:
|
|
|
8cce6c |
+ if (sscanf(argv[optind-1], "%x", &i) != 1) {
|
|
|
8cce6c |
+ xtables_error(PARAMETER_PROBLEM,
|
|
|
8cce6c |
+ "Bad mark value `%s'", optarg);
|
|
|
8cce6c |
+ return 0;
|
|
|
8cce6c |
+ }
|
|
|
8cce6c |
+ info->mark = i;
|
|
|
8cce6c |
+ if (*flags)
|
|
|
8cce6c |
+ xtables_error(PARAMETER_PROBLEM,
|
|
|
8cce6c |
+ "MARK: Can't specify --set-mark twice");
|
|
|
8cce6c |
+ *flags = 1;
|
|
|
8cce6c |
+ break;
|
|
|
8cce6c |
+ case AND_MARK_OPT:
|
|
|
8cce6c |
+ if (sscanf(argv[optind-1], "%x", &i) != 1) {
|
|
|
8cce6c |
+ xtables_error(PARAMETER_PROBLEM,
|
|
|
8cce6c |
+ "Bad mark value `%s'", optarg);
|
|
|
8cce6c |
+ return 0;
|
|
|
8cce6c |
+ }
|
|
|
8cce6c |
+ info->mark = 0;
|
|
|
8cce6c |
+ info->mask = ~i;
|
|
|
8cce6c |
+ if (*flags)
|
|
|
8cce6c |
+ xtables_error(PARAMETER_PROBLEM,
|
|
|
8cce6c |
+ "MARK: Can't specify --and-mark twice");
|
|
|
8cce6c |
+ *flags = 1;
|
|
|
8cce6c |
+ break;
|
|
|
8cce6c |
+ case OR_MARK_OPT:
|
|
|
8cce6c |
+ if (sscanf(argv[optind-1], "%x", &i) != 1) {
|
|
|
8cce6c |
+ xtables_error(PARAMETER_PROBLEM,
|
|
|
8cce6c |
+ "Bad mark value `%s'", optarg);
|
|
|
8cce6c |
+ return 0;
|
|
|
8cce6c |
+ }
|
|
|
8cce6c |
+ info->mark = info->mask = i;
|
|
|
8cce6c |
+ if (*flags)
|
|
|
8cce6c |
+ xtables_error(PARAMETER_PROBLEM,
|
|
|
8cce6c |
+ "MARK: Can't specify --or-mark twice");
|
|
|
8cce6c |
+ *flags = 1;
|
|
|
8cce6c |
+ break;
|
|
|
8cce6c |
+ default:
|
|
|
8cce6c |
+ return 0;
|
|
|
8cce6c |
+ }
|
|
|
8cce6c |
+ return 1;
|
|
|
8cce6c |
+}
|
|
|
8cce6c |
+
|
|
|
8cce6c |
static int mark_tg_xlate(struct xt_xlate *xl,
|
|
|
8cce6c |
const struct xt_xlate_tg_params *params)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
@@ -335,6 +417,19 @@ static struct xtables_target mark_tg_reg[] = {
|
|
|
8cce6c |
.x6_options = mark_tg_opts,
|
|
|
8cce6c |
.xlate = mark_tg_xlate,
|
|
|
8cce6c |
},
|
|
|
8cce6c |
+ {
|
|
|
8cce6c |
+ .version = XTABLES_VERSION,
|
|
|
8cce6c |
+ .name = "MARK",
|
|
|
8cce6c |
+ .revision = 2,
|
|
|
8cce6c |
+ .family = NFPROTO_ARP,
|
|
|
8cce6c |
+ .size = XT_ALIGN(sizeof(struct xt_mark_tginfo2)),
|
|
|
8cce6c |
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_tginfo2)),
|
|
|
8cce6c |
+ .help = mark_tg_help,
|
|
|
8cce6c |
+ .print = mark_tg_arp_print,
|
|
|
8cce6c |
+ .save = mark_tg_arp_save,
|
|
|
8cce6c |
+ .parse = mark_tg_arp_parse,
|
|
|
8cce6c |
+ .extra_opts = mark_tg_arp_opts,
|
|
|
8cce6c |
+ },
|
|
|
8cce6c |
};
|
|
|
8cce6c |
|
|
|
8cce6c |
void _init(void)
|
|
|
8cce6c |
diff --git a/iptables/tests/shell/testcases/arptables/0001-arptables-save-restore_0 b/iptables/tests/shell/testcases/arptables/0001-arptables-save-restore_0
|
|
|
8cce6c |
index 73b3b0cf88e18..f8629551b0ba9 100755
|
|
|
8cce6c |
--- a/iptables/tests/shell/testcases/arptables/0001-arptables-save-restore_0
|
|
|
8cce6c |
+++ b/iptables/tests/shell/testcases/arptables/0001-arptables-save-restore_0
|
|
|
8cce6c |
@@ -47,7 +47,7 @@ DUMP='*filter
|
|
|
8cce6c |
-A OUTPUT -o eth432 --h-length 6 --opcode 1 --h-type 1 -j CLASSIFY --set-class feed:babe
|
|
|
8cce6c |
-A foo -i lo --h-length 6 --h-type 1 -j ACCEPT
|
|
|
8cce6c |
-A foo --h-length 6 --h-type 1 -j ACCEPT
|
|
|
8cce6c |
--A foo --h-length 6 --h-type 1 -j MARK --set-xmark 0x3039/0xffffffff
|
|
|
8cce6c |
+-A foo --h-length 6 --h-type 1 -j MARK --set-mark 12345
|
|
|
8cce6c |
-A foo --h-length 6 --opcode 1 --h-type 1 -j ACCEPT
|
|
|
8cce6c |
-A foo --h-length 6 --h-type 1 --proto-type 0x800 -j ACCEPT
|
|
|
8cce6c |
-A foo -i lo --h-length 6 --opcode 1 --h-type 1 --proto-type 0x800 -j ACCEPT
|
|
|
8cce6c |
--
|
|
|
8cce6c |
2.20.1
|
|
|
8cce6c |
|