[{"id":3685098,"web_url":"http://patchwork.ozlabs.org/comment/3685098/","msgid":"<afSBzDE-caw3Dsr1@orbyte.nwl.cc>","list_archive_url":null,"date":"2026-05-01T10:34:52","subject":"Re: [PATCH net-next v2 0/3] netfilter: conntrack: add shared port\n parser and use it in IRC and Amanda helpers","submitter":{"id":4285,"url":"http://patchwork.ozlabs.org/api/people/4285/","name":"Phil Sutter","email":"phil@nwl.cc"},"content":"On Fri, May 01, 2026 at 12:01:53PM +0530, HACKE-RC wrote:\n> Both nf_conntrack_irc and nf_conntrack_amanda parse port numbers\n> from application-layer protocol data using simple_strtoul(), which\n> relies on nul-terminated strings and returns unsigned long without\n> range checking. Port values above 65535 silently truncate when\n> stored in u16.\n> \n> This v2 adds a shared nf_ct_helper_parse_port() function to the\n> conntrack helper core, modeled after the approach in 8cf6809cddcb\n> (\"netfilter: nf_conntrack_sip: don't use simple_strtoul\"), then\n> converts both helpers to use it.\n\nLooking at Florian's patch, how about going the extra mile of\nimplementing a shared nf_ct_helper_parse_uint() which is called by the\nnew nf_ct_helper_parse_port(), then drop sip_strtouint() for the former\nand have sip_parse_port() call the latter (wrapped by the colon and min\nport value checks) in a fourth patch?\n\nCheers, Phil\n> \n> Changes since v1:\n>   - Added shared nf_ct_helper_parse_port() in the helper core\n>     instead of open-coding range checks in each helper (Pablo)\n>   - Parser does not rely on nul-terminated strings\n>   - Dropped simple_strtoul usage entirely for port parsing\n> \n> HACKE-RC (3):\n>   netfilter: conntrack: add shared port parser for helpers\n>   netfilter: nf_conntrack_irc: use nf_ct_helper_parse_port()\n>   netfilter: nf_conntrack_amanda: use nf_ct_helper_parse_port()\n> \n>  include/net/netfilter/nf_conntrack_helper.h |  3 +++\n>  net/netfilter/nf_conntrack_amanda.c         | 11 ++++----\n>  net/netfilter/nf_conntrack_helper.c         | 28 +++++++++++++++++++++\n>  net/netfilter/nf_conntrack_irc.c            |  4 ++-\n>  4 files changed, 40 insertions(+), 6 deletions(-)\n> \n> -- \n> 2.54.0\n> \n>","headers":{"Return-Path":"\n <netfilter-devel+bounces-12369-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=nwl.cc header.i=@nwl.cc header.a=rsa-sha256\n header.s=mail2022 header.b=VyOoazpr;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12369-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key)\n header.d=nwl.cc header.i=@nwl.cc header.b=\"VyOoazpr\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=151.80.46.58","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=nwl.cc","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=nwl.cc"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g6S9C5cv7z1yHZ\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 01 May 2026 20:35:11 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 65C7A300FEE2\n\tfor <incoming@patchwork.ozlabs.org>; Fri,  1 May 2026 10:34:59 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 51ED938759A;\n\tFri,  1 May 2026 10:34:58 +0000 (UTC)","from orbyte.nwl.cc (orbyte.nwl.cc [151.80.46.58])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 42B8F2C0323;\n\tFri,  1 May 2026 10:34:56 +0000 (UTC)","from n0-1 by orbyte.nwl.cc with local (Exim 4.98.2)\n\t(envelope-from <phil@nwl.cc>)\n\tid 1wIlCu-000000003rE-1z6L;\n\tFri, 01 May 2026 12:34:52 +0200"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777631697; cv=none;\n b=iqIkmsmBK4Rws56jK4Z6SGnPYQAHEYiLYUBZNqz9AWj53VXcl7VY2ID9qCZacpH9u4zvwdx69UyFb1fbOGlzk9nARdOQkNqURjWF8iwJKDQmeU4LVQyfZiVWA7AtKCs9H5ni3GuP5+M6C9jyjmnpyGmezcBQj7uELQljusucAJo=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777631697; c=relaxed/simple;\n\tbh=4R2d+PO1s4GRghqVVGeZVJvO4QKPS8Dl1O6igHjjIss=;\n\th=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:\n\t Content-Type:Content-Disposition:In-Reply-To;\n b=i1f48XK4ydoPhKa2ZdWU7/kFviUJoANO8KH39vW1BgN9nWyiCPJti1ntj/KxAjnygjwwOB+2t4yDpQ0aF5Ps15TVX7xg1G8jeWC3ZA3NRDx0JtqVYZTdpgyRVbY/YGIHZE86s8Ob8YTuqYBbRrkf7WNnv14ByL2ltRqAApD9fy4=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=nwl.cc;\n spf=pass smtp.mailfrom=nwl.cc;\n dkim=pass (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b=VyOoazpr;\n arc=none smtp.client-ip=151.80.46.58","DKIM-Signature":"v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nwl.cc;\n\ts=mail2022; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:\n\tSubject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:\n\tContent-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc\n\t:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:\n\tList-Post:List-Owner:List-Archive;\n\tbh=aDBEEjkiSXpgJH2USnaJxMirYPdb5GCRweTME9xpuQk=; b=VyOoazprwdamsKeHm3ElEUyUKM\n\tlgJtzRlrG8FX36Vca7VJsqU7ZUlR4RInB7aXS5gwxds1nQl6ASUA9SbGOcxGwlsVx5wgXHY67zxF+\n\tOadDY3QKm5nT0q7zCoIvVw2mexSdRXRo9hNmbejhonTg8kOeW/PbOulHThs/0IjdOteQLYX0lMtXi\n\tgHfYpTdfKSA/k6iC4BA0dFs7C5ySgjpxRrnk1/4rGoLNcAUzI0prbQ+takIzWjOItpdDSCAkKdlNC\n\tuzxniUeWSytM5u8aAN82/GdpETe5rLUWeKffKzb8thjFggU5trzd8MfKhkK/VwmKRQpmrCi4XfEGV\n\tEafjqIgg==;","Date":"Fri, 1 May 2026 12:34:52 +0200","From":"Phil Sutter <phil@nwl.cc>","To":"HACKE-RC <rc@rexion.ai>","Cc":"Pablo Neira Ayuso <pablo@netfilter.org>,\n\tFlorian Westphal <fw@strlen.de>,\n\t\"David S . Miller\" <davem@davemloft.net>,\n\tEric Dumazet <edumazet@google.com>,\n\tJakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,\n\tSimon Horman <horms@kernel.org>, netfilter-devel@vger.kernel.org,\n\tcoreteam@netfilter.org, netdev@vger.kernel.org,\n\tlinux-kernel@vger.kernel.org","Subject":"Re: [PATCH net-next v2 0/3] netfilter: conntrack: add shared port\n parser and use it in IRC and Amanda helpers","Message-ID":"<afSBzDE-caw3Dsr1@orbyte.nwl.cc>","References":"<20260501063156.2520780-1-rc@rexion.ai>","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<20260501063156.2520780-1-rc@rexion.ai>"}}]