[{"id":3685095,"web_url":"http://patchwork.ozlabs.org/comment/3685095/","msgid":"","list_archive_url":null,"date":"2026-05-01T10:25:01","subject":"Re: [PATCH net-next v2 1/3] netfilter: conntrack: add shared port\n parser for helpers","submitter":{"id":4285,"url":"http://patchwork.ozlabs.org/api/people/4285/","name":"Phil Sutter","email":"phil@nwl.cc"},"content":"Hi,\n\nOn Fri, May 01, 2026 at 12:01:54PM +0530, HACKE-RC wrote:\n> Add nf_ct_helper_parse_port() to the conntrack helper core. This\n> provides a port parser that does not rely on nul-terminated strings,\n> taking an explicit length parameter and validating the result fits\n> in the 1-65535 range.\n> \n> Modeled after the approach in 8cf6809cddcb (\"netfilter:\n> nf_conntrack_sip: don't use simple_strtoul\") but as a shared\n> function so IRC, Amanda, and other helpers can use it instead of\n> open-coding simple_strtoul calls with ad-hoc range checks.\n> \n> Signed-off-by: HACKE-RC \n> ---\n> include/net/netfilter/nf_conntrack_helper.h | 3 +++\n> net/netfilter/nf_conntrack_helper.c | 28 +++++++++++++++++++++\n> 2 files changed, 31 insertions(+)\n> \n> diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h\n> index de2f956ab..db19fe25f 100644\n> --- a/include/net/netfilter/nf_conntrack_helper.h\n> +++ b/include/net/netfilter/nf_conntrack_helper.h\n> @@ -160,6 +160,9 @@ nf_ct_helper_expectfn_find_by_name(const char *name);\n> struct nf_ct_helper_expectfn *\n> nf_ct_helper_expectfn_find_by_symbol(const void *symbol);\n> \n> +int nf_ct_helper_parse_port(const char *cp, unsigned int len,\n> +\t\t\t u16 *port, char **endp);\n> +\n> extern struct hlist_head *nf_ct_helper_hash;\n> extern unsigned int nf_ct_helper_hsize;\n> \n> diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c\n> index a715304a5..12f51670d 100644\n> --- a/net/netfilter/nf_conntrack_helper.c\n> +++ b/net/netfilter/nf_conntrack_helper.c\n> @@ -499,6 +499,34 @@ void nf_nat_helper_unregister(struct nf_conntrack_nat_helper *nat)\n> }\n> EXPORT_SYMBOL_GPL(nf_nat_helper_unregister);\n> \n> +int nf_ct_helper_parse_port(const char *cp, unsigned int len,\n> +\t\t\t u16 *port, char **endp)\n> +{\n> +\tunsigned long result = 0;\n> +\tconst char *start = cp;\n> +\n> +\twhile (len > 0 && *cp >= '0' && *cp <= '9') {\n> +\t\tresult = result * 10 + (*cp - '0');\n> +\t\tif (result > 65535)\n> +\t\t\treturn -1;\n> +\t\tcp++;\n> +\t\tlen--;\n> +\t}\n> +\n> +\tif (cp == start)\n> +\t\treturn -1;\n\nThis check is redundant wrt. the following one: If the loop didn't\nincrement 'cp', result must be zero. So you may just drop it entirely.\n\nCheers, Phil\n\n> +\n> +\tif (result == 0)\n> +\t\treturn -1;\n> +\n> +\t*port = result;\n> +\tif (endp)\n> +\t\t*endp = (char *)cp;\n> +\n> +\treturn 0;\n> +}\n> +EXPORT_SYMBOL_GPL(nf_ct_helper_parse_port);\n> +\n> int nf_conntrack_helper_init(void)\n> {\n> \tnf_ct_helper_hsize = 1; /* gets rounded up to use one page */\n> -- \n> 2.54.0\n> \n>","headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=nwl.cc header.i=@nwl.cc header.a=rsa-sha256\n header.s=mail2022 header.b=jCqzezT2;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.105.105.114; helo=tor.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12368-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key)\n header.d=nwl.cc header.i=@nwl.cc header.b=\"jCqzezT2\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=151.80.46.58","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=nwl.cc","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=nwl.cc"],"Received":["from tor.lore.kernel.org (tor.lore.kernel.org [172.105.105.114])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g6Rxx6Y6zz1y04\n\tfor ; Fri, 01 May 2026 20:25:25 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 364FF3019FE5\n\tfor ; Fri, 1 May 2026 10:25:21 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 1BB9A387377;\n\tFri, 1 May 2026 10:25:20 +0000 (UTC)","from orbyte.nwl.cc (orbyte.nwl.cc [151.80.46.58])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 2DD443859CF;\n\tFri, 1 May 2026 10:25:16 +0000 (UTC)","from n0-1 by orbyte.nwl.cc with local (Exim 4.98.2)\n\t(envelope-from )\n\tid 1wIl3N-000000003i1-07CK;\n\tFri, 01 May 2026 12:25:01 +0200"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777631119; cv=none;\n b=lMZA8+51S8aOsW04o1VAZY6mJiqvEZes6RxOwOJdkXumHEIQHBjXmhvVnnKBiT9Gx69WTuMgVrUMhY980DLR5kZHQ4/LRE9fvLpnxMs21/n8SkRHvCpxQf7+aGRZSHKfGaBw/VGJKtaxnDsuKKhVLWfQxfmi8HBagEh2W6DJz4M=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777631119; c=relaxed/simple;\n\tbh=fpf3RJLKQLGsAmAufvVuk9ke9/CoP9XIfxlgiYVwQ8s=;\n\th=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:\n\t Content-Type:Content-Disposition:In-Reply-To;\n b=YXII6GcS74LyYRgOIzKsRQWQILuZMBKauBOTaFqAUDrqb3Ig1xmPdjPuwdGLiXQSPU2uujDo1g8JSyGktHAw4SzA+NocY+ecI4oG21Jaw5EO43YjanuZKEz9OGFhfs5u4vcxRXcWGnPnoYzaSln4Ub4U08Wt3e2hAVtOXcnBkTI=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=nwl.cc;\n spf=pass smtp.mailfrom=nwl.cc;\n dkim=pass (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b=jCqzezT2;\n arc=none smtp.client-ip=151.80.46.58","DKIM-Signature":"v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nwl.cc;\n\ts=mail2022; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:\n\tSubject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:\n\tContent-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc\n\t:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:\n\tList-Post:List-Owner:List-Archive;\n\tbh=XHcJ5oRczR09F1mUmwDtjNTaKrqpI4nyva/XOmPfKp0=; b=jCqzezT2A0hzJGv4N14+Jv13q0\n\tf3TA+44q2j5ni/uEJz4BGO2xf7XLDvQqgMcyxHhc/aPlj6PP+i1ELiWL96NFBwg/3cG9DMJJ8Bj3I\n\tY0NPaDFI1bnsoaFjTL03EaoAdBHaZs4LM+XJIX8vYThE8RtcAlqafF0nKanLUVN+3LTNi6LPD7EM8\n\tTmEve/aZZdyDhZy1qcoxrqdJuPRBaW5r3SwLkheQ/xpCF4+OCz3ZtpZfafRm/CAGt1j5xhmaDP0C2\n\te5FX98dGoIgtI9ynWZkPFrCuuVV+MIRWm8PuSjdz3DHxxfCP6rLKVwYWjjA5MGJayd7+u319OVaSs\n\tLP5RmxtA==;","Date":"Fri, 1 May 2026 12:25:01 +0200","From":"Phil Sutter ","To":"HACKE-RC ","Cc":"Pablo Neira Ayuso ,\n\tFlorian Westphal ,\n\t\"David S . Miller\" ,\n\tEric Dumazet ,\n\tJakub Kicinski , Paolo Abeni ,\n\tSimon Horman , netfilter-devel@vger.kernel.org,\n\tcoreteam@netfilter.org, netdev@vger.kernel.org,\n\tlinux-kernel@vger.kernel.org","Subject":"Re: [PATCH net-next v2 1/3] netfilter: conntrack: add shared port\n parser for helpers","Message-ID":"","References":"<20260501063156.2520780-1-rc@rexion.ai>\n <20260501063156.2520780-2-rc@rexion.ai>","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<20260501063156.2520780-2-rc@rexion.ai>"}}]