Send connman mailing list submissions to connman@lists.01.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.01.org/mailman/listinfo/connman or, via email, send a message with subject or body 'help' to connman-requ...@lists.01.org
You can reach the person managing the list at connman-ow...@lists.01.org When replying, please edit your Subject line so it is more specific than "Re: Contents of connman digest..." Today's Topics: 1. [PATCH] iptables: Add duplicate chain check to iptables_add_chain(). (Jussi Laakkonen) 2. [PATCH] iptables: Fix iptables protocol usage with -p switch. (Jussi Laakkonen) 3. [PATCH] iptables: allow netmask 32 in parse_ip_and_mask() (Jussi Laakkonen) ---------------------------------------------------------------------- Message: 1 Date: Fri, 26 Jan 2018 18:20:58 +0200 From: Jussi Laakkonen <jussi.laakko...@jolla.com> To: connman@lists.01.org Subject: [PATCH] iptables: Add duplicate chain check to iptables_add_chain(). Message-ID: <1516983658-21769-1-git-send-email-jussi.laakko...@jolla.com> This commit adds a check to iptables_add_chain() before new chain is added. If a chain with same name is found -EEXIST will be returned. Without this, e.g., chain INPUT can be duplicated to iptables filter table and it cannot be removed with iptables_remove_chain() or iptables -X. After boot the duplicate builtin chain is removed. --- src/iptables.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/iptables.c b/src/iptables.c index 5ef757a..fd692e9 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -598,6 +598,10 @@ static int iptables_add_chain(struct connman_iptables *table, DBG("table %s chain %s", table->name, name); + /* Do not allow to add duplicate chains */ + if (find_chain_head(table, name)) + return -EEXIST; + last = g_list_last(table->entries); /* -- 2.7.4 ------------------------------ Message: 2 Date: Fri, 26 Jan 2018 18:21:14 +0200 From: Jussi Laakkonen <jussi.laakko...@jolla.com> To: connman@lists.01.org Subject: [PATCH] iptables: Fix iptables protocol usage with -p switch. Message-ID: <1516983674-21823-1-git-send-email-jussi.laakko...@jolla.com> This commit fixes protocol use with iptables management. Protocol type is changed to uint16_t, which is the type xtables_parse_protocol() returns. Without this fix iptables rules with switch -p cannot be added to iptables and setsockopt() in iptables_replace() will return error: Invalid argument. --- src/iptables.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/iptables.c b/src/iptables.c index fd692e9..1101e5c 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -1563,6 +1563,7 @@ static struct option iptables_opts[] = { {.name = "out-interface", .has_arg = 1, .val = 'o'}, {.name = "source", .has_arg = 1, .val = 's'}, {.name = "table", .has_arg = 1, .val = 't'}, + {.name = "protocol", .has_arg = 1, .val = 'p'}, {NULL}, }; @@ -1772,7 +1773,7 @@ struct parse_context { struct xtables_target *xt_t; GList *xt_m; struct xtables_rule_match *xt_rm; - int proto; + uint16_t proto; }; static int prepare_getopt_args(const char *str, struct parse_context *ctx) @@ -1962,7 +1963,7 @@ static int parse_rule_spec(struct connman_iptables *table, optind = 0; while ((c = getopt_long(ctx->argc, ctx->argv, - "-:d:i:o:s:m:j:", + "-:d:i:o:s:m:j:p:", iptables_globals.opts, NULL)) != -1) { switch (c) { case 's': @@ -2026,6 +2027,12 @@ static int parse_rule_spec(struct connman_iptables *table, break; case 'p': ctx->proto = xtables_parse_protocol(optarg); + + /* If protocol was set add it to ipt_ip. + * xtables_parse_protocol() returns 0 or UINT16_MAX (-1) on error + * */ + if (ctx->proto > 0 && ctx->proto < UINT16_MAX) + ctx->ip->proto = ctx->proto; break; case 'j': /* Target */ -- 2.7.4 ------------------------------ Message: 3 Date: Fri, 26 Jan 2018 18:21:26 +0200 From: Jussi Laakkonen <jussi.laakko...@jolla.com> To: connman@lists.01.org Subject: [PATCH] iptables: allow netmask 32 in parse_ip_and_mask() Message-ID: <1516983686-21875-1-git-send-email-jussi.laakko...@jolla.com> Netmask 32 should not be treated as invalid value. --- src/iptables.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/iptables.c b/src/iptables.c index 1101e5c..23ef889 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -1726,7 +1726,7 @@ static int parse_ip_and_mask(const char *str, struct in_addr *ip, if (tokens[1]) { prefixlength = strtol(tokens[1], NULL, 10); - if (prefixlength > 31) { + if (prefixlength > 32) { err = -1; goto out; } -- 2.7.4 ------------------------------ Subject: Digest Footer _______________________________________________ connman mailing list connman@lists.01.org https://lists.01.org/mailman/listinfo/connman ------------------------------ End of connman Digest, Vol 27, Issue 21 ***************************************