connman Digest, Vol 27, Issue 21

[connman-request]

Send connman mailing list submissions to
        connman@lists.01.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
        connman-requ...@lists.01.org

You can reach the person managing the list at
        connman-ow...@lists.01.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."


Today's Topics:

   1. [PATCH] iptables: Add duplicate chain check to
      iptables_add_chain(). (Jussi Laakkonen)
   2. [PATCH] iptables: Fix iptables protocol usage with -p switch.
      (Jussi Laakkonen)
   3. [PATCH] iptables: allow netmask 32 in parse_ip_and_mask()
      (Jussi Laakkonen)


----------------------------------------------------------------------

Message: 1
Date: Fri, 26 Jan 2018 18:20:58 +0200
From: Jussi Laakkonen <jussi.laakko...@jolla.com>
To: connman@lists.01.org
Subject: [PATCH] iptables: Add duplicate chain check to
        iptables_add_chain().
Message-ID:
        <1516983658-21769-1-git-send-email-jussi.laakko...@jolla.com>

This commit adds a check to iptables_add_chain() before new chain is added. If
a chain with same name is found -EEXIST will be returned.

Without this, e.g., chain INPUT can be duplicated to iptables filter table and
it cannot be removed with iptables_remove_chain() or iptables -X. After boot
the duplicate builtin chain is removed.

---
 src/iptables.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/iptables.c b/src/iptables.c
index 5ef757a..fd692e9 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -598,6 +598,10 @@ static int iptables_add_chain(struct connman_iptables 
*table,
 
        DBG("table %s chain %s", table->name, name);
 
+       /* Do not allow to add duplicate chains */
+       if (find_chain_head(table, name))
+               return -EEXIST;
+
        last = g_list_last(table->entries);
 
        /*
-- 
2.7.4



------------------------------

Message: 2
Date: Fri, 26 Jan 2018 18:21:14 +0200
From: Jussi Laakkonen <jussi.laakko...@jolla.com>
To: connman@lists.01.org
Subject: [PATCH] iptables: Fix iptables protocol usage with -p switch.
Message-ID:
        <1516983674-21823-1-git-send-email-jussi.laakko...@jolla.com>

This commit fixes protocol use with iptables management. Protocol type is
changed to uint16_t, which is the type xtables_parse_protocol() returns.

Without this fix iptables rules with switch -p cannot be added to iptables and
setsockopt() in iptables_replace() will return error: Invalid argument.

---
 src/iptables.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/iptables.c b/src/iptables.c
index fd692e9..1101e5c 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -1563,6 +1563,7 @@ static struct option iptables_opts[] = {
        {.name = "out-interface", .has_arg = 1, .val = 'o'},
        {.name = "source",        .has_arg = 1, .val = 's'},
        {.name = "table",         .has_arg = 1, .val = 't'},
+       {.name = "protocol",      .has_arg = 1, .val = 'p'},
        {NULL},
 };
 
@@ -1772,7 +1773,7 @@ struct parse_context {
        struct xtables_target *xt_t;
        GList *xt_m;
        struct xtables_rule_match *xt_rm;
-       int proto;
+       uint16_t proto;
 };
 
 static int prepare_getopt_args(const char *str, struct parse_context *ctx)
@@ -1962,7 +1963,7 @@ static int parse_rule_spec(struct connman_iptables *table,
        optind = 0;
 
        while ((c = getopt_long(ctx->argc, ctx->argv,
-                                       "-:d:i:o:s:m:j:",
+                                       "-:d:i:o:s:m:j:p:",
                                        iptables_globals.opts, NULL)) != -1) {
                switch (c) {
                case 's':
@@ -2026,6 +2027,12 @@ static int parse_rule_spec(struct connman_iptables 
*table,
                        break;
                case 'p':
                        ctx->proto = xtables_parse_protocol(optarg);
+
+                       /* If protocol was set add it to ipt_ip.
+                        * xtables_parse_protocol() returns 0 or UINT16_MAX 
(-1) on error
+                        * */
+                       if (ctx->proto > 0 && ctx->proto < UINT16_MAX)
+                               ctx->ip->proto = ctx->proto;
                        break;
                case 'j':
                        /* Target */
-- 
2.7.4



------------------------------

Message: 3
Date: Fri, 26 Jan 2018 18:21:26 +0200
From: Jussi Laakkonen <jussi.laakko...@jolla.com>
To: connman@lists.01.org
Subject: [PATCH] iptables: allow netmask 32 in parse_ip_and_mask()
Message-ID:
        <1516983686-21875-1-git-send-email-jussi.laakko...@jolla.com>

Netmask 32 should not be treated as invalid value.
---
 src/iptables.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/iptables.c b/src/iptables.c
index 1101e5c..23ef889 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -1726,7 +1726,7 @@ static int parse_ip_and_mask(const char *str, struct 
in_addr *ip,
 
        if (tokens[1]) {
                prefixlength = strtol(tokens[1], NULL, 10);
-               if (prefixlength > 31) {
+               if (prefixlength > 32) {
                        err = -1;
                        goto out;
                }
-- 
2.7.4



------------------------------

Subject: Digest Footer

_______________________________________________
connman mailing list
connman@lists.01.org
https://lists.01.org/mailman/listinfo/connman


------------------------------

End of connman Digest, Vol 27, Issue 21
***************************************