[{"id":1765988,"web_url":"http://patchwork.ozlabs.org/comment/1765988/","msgid":"<603ee036-ea61-e797-7828-a7b0bd3a9bd9@gmail.com>","list_archive_url":null,"date":"2017-09-10T18:35:23","subject":"Re: [PATCH] xtables-compat-restore: fix translation of mangle's\n\tOUTPUT","submitter":{"id":72337,"url":"http://patchwork.ozlabs.org/api/people/72337/","name":"Louis Sautier","email":"sautier.louis@gmail.com"},"content":"On 10/09/17 02:39, Louis Sautier wrote:\n> Hello,\n> I noticed that the iptables-restore-translate tool does not properly\n> translate the OUTPUT chain from the mangle table. It creates a filter\n> chain when it should be creating a route chain.\n> Here is a rather simple patch that should fix the issue.\n>\n> Please CC me, I'm not subscribed.\n>\n> Kind regards,\n>\n> Louis\n\nI made a typo in the commit message, it is related to xtables-translate,\nnot xtables-compat-restore. Here is the fixed patch.\nFrom d9f0f601e0a8be841650541382787cf80bd28e5f Mon Sep 17 00:00:00 2001\nFrom: Louis Sautier <sautier.louis@gmail.com>\nDate: Sun, 10 Sep 2017 02:13:18 +0200\nSubject: [PATCH] xtables-translate: fix translation of mangle's OUTPUT chain\n\nThis chain should be translated as a route chain, not as a filter chain.\n---\n iptables/xtables-translate.c | 2 ++\n 1 file changed, 2 insertions(+)\n\ndiff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c\nindex 3e6c7051..4f6a9caf 100644\n--- a/iptables/xtables-translate.c\n+++ b/iptables/xtables-translate.c\n@@ -357,6 +357,8 @@ static int xlate_chain_set(struct nft_handle *h, const char *table,\n \n \tif (strcmp(table, \"nat\") == 0)\n \t\ttype = \"nat\";\n+\telse if (strcmp(table, \"mangle\") == 0 && strcmp(chain, \"OUTPUT\") == 0)\n+\t\ttype = \"route\";\n \n \tprintf(\"add chain %s %s %s { type %s \",\n \t       family2str[h->family], table, chain, type);","headers":{"Return-Path":"<netfilter-devel-owner@vger.kernel.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"Bp9IoMeG\"; dkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xr09P1KtKz9t2Q\n\tfor <incoming@patchwork.ozlabs.org>;\n\tMon, 11 Sep 2017 04:35:21 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751601AbdIJSfU (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tSun, 10 Sep 2017 14:35:20 -0400","from mail-wm0-f48.google.com ([74.125.82.48]:43681 \"EHLO\n\tmail-wm0-f48.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751587AbdIJSfT (ORCPT\n\t<rfc822;netfilter-devel@vger.kernel.org>);\n\tSun, 10 Sep 2017 14:35:19 -0400","by mail-wm0-f48.google.com with SMTP id a137so3417850wma.0\n\tfor <netfilter-devel@vger.kernel.org>;\n\tSun, 10 Sep 2017 11:35:18 -0700 (PDT)","from ?IPv6:2a01:e34:ec13:b0:3602:86ff:fef0:2ee0?\n\t([2a01:e34:ec13:b0:3602:86ff:fef0:2ee0])\n\tby smtp.gmail.com with ESMTPSA id\n\tb184sm3551028wmf.13.2017.09.10.11.35.16\n\tfor <netfilter-devel@vger.kernel.org>\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tSun, 10 Sep 2017 11:35:16 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=gmail.com; s=20161025;\n\th=subject:from:to:references:message-id:date:user-agent:mime-version\n\t:in-reply-to;\n\tbh=zrYCVcyZGe6lHUfoZI9alOglO9ogB7HHUa2NQgZq1S0=;\n\tb=Bp9IoMeGuOF/tty5G9manrj0tVqPIrnmAkrqxjPOLWyKfrRrY350j65sMyZILrqfC7\n\txetuDzbSji2WyJbFSlix+1TPkIFXjGpEHmkZnX/AzVgBxh0Lns4nqoOu29edjGBNT5Zg\n\tLJn+N6lu/513NLYbojt1XnLtNRDvz8l7O9eaPWrbQooaLdAWiiZnQuM75or5cOBcEmy3\n\t2PCqDFNQxVW6M7P8LSdbq4Pl1u2RxeoCjPYzA9vBTddukRXixVcU3lYHJ+g9YROicPEZ\n\t7R+pBzMpgh64v9mQMRZV6psy+z5FQVJ2HdIbUpBejycJzIXvaVlYBKv9sIlDi30UiqwL\n\tD1Ag==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:subject:from:to:references:message-id:date\n\t:user-agent:mime-version:in-reply-to;\n\tbh=zrYCVcyZGe6lHUfoZI9alOglO9ogB7HHUa2NQgZq1S0=;\n\tb=Wbz9V/zRJpN3hRuPfJEVmDiO3X+cyrG1yvShQjtkVzFytoEJJ9ijZHh1JzIKjV7COE\n\trIi4hWAG05QRgocOACsqWOgwjxZ9oKKL/XiwvJqCl/xp2bbFDxCmoFcH80FD3EJob3wz\n\tu+y3iRlqjQA0a6NzGTQI7m5HoZM/EMY+azEq7ew2niWQ3PYO+M8RH35eLCqBDewg4WmC\n\tJ5FCcQHhILc6sXef/1v11DHRBA6YefVl1wI9NCHv2C77sheV7ExMisjg7070DggIrkew\n\tNitm2idqn4uBP3ev4FqzLGKkEo+qp7ueFxJn0bGcMTfFuxkx4aiiQkcdxT7MkxEAejhd\n\t9wRQ==","X-Gm-Message-State":"AHPjjUirlzHtbDLjgv7a+dXnfL89mFLBfJ3mqARm0CSmgdefa/B0JGbD\n\tjNXYjkOkh8nHUM5/CBo2V8hI78N2","X-Google-Smtp-Source":"AOwi7QA15LSUYevxjTkV0r/YVCdWrXMdpj41XTO94YqU9s6NJgnzZ4SYCWtZaPiYVIZcJnayiUpf5Q==","X-Received":"by 10.28.238.140 with SMTP id j12mr5678685wmi.103.1505068517482; \n\tSun, 10 Sep 2017 11:35:17 -0700 (PDT)","Subject":"Re: [PATCH] xtables-compat-restore: fix translation of mangle's\n\tOUTPUT","From":"Louis Sautier <sautier.louis@gmail.com>","To":"netfilter-devel@vger.kernel.org","References":"<90185d38-8713-2a2a-6d47-c3db17f83dcb@gmail.com>","Message-ID":"<603ee036-ea61-e797-7828-a7b0bd3a9bd9@gmail.com>","Date":"Sun, 10 Sep 2017 20:35:23 +0200","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.3.0","MIME-Version":"1.0","In-Reply-To":"<90185d38-8713-2a2a-6d47-c3db17f83dcb@gmail.com>","Content-Type":"multipart/signed; micalg=pgp-sha256;\n\tprotocol=\"application/pgp-signature\";\n\tboundary=\"xgX3S7DUtcDSSwPsiDdM9dlG2Kf6i5O4G\"","Sender":"netfilter-devel-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netfilter-devel.vger.kernel.org>","X-Mailing-List":"netfilter-devel@vger.kernel.org"}},{"id":1766006,"web_url":"http://patchwork.ozlabs.org/comment/1766006/","msgid":"<20170910200532.GA30715@salvia>","list_archive_url":null,"date":"2017-09-10T20:05:32","subject":"Re: [PATCH] xtables-compat-restore: fix translation of mangle's\n\tOUTPUT","submitter":{"id":1315,"url":"http://patchwork.ozlabs.org/api/people/1315/","name":"Pablo Neira Ayuso","email":"pablo@netfilter.org"},"content":"On Sun, Sep 10, 2017 at 08:35:23PM +0200, Louis Sautier wrote:\n> On 10/09/17 02:39, Louis Sautier wrote:\n> > Hello,\n> > I noticed that the iptables-restore-translate tool does not properly\n> > translate the OUTPUT chain from the mangle table. It creates a filter\n> > chain when it should be creating a route chain.\n> > Here is a rather simple patch that should fix the issue.\n> >\n> > Please CC me, I'm not subscribed.\n\nApplied, thanks.\n--\nTo unsubscribe from this list: send the line \"unsubscribe netfilter-devel\" in\nthe body of a message to majordomo@vger.kernel.org\nMore majordomo info at  http://vger.kernel.org/majordomo-info.html","headers":{"Return-Path":"<netfilter-devel-owner@vger.kernel.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xr2B60KTBz9t38\n\tfor <incoming@patchwork.ozlabs.org>;\n\tMon, 11 Sep 2017 06:06:06 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751816AbdIJUF7 (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tSun, 10 Sep 2017 16:05:59 -0400","from ganesha.gnumonks.org ([213.95.27.120]:53612 \"EHLO\n\tganesha.gnumonks.org\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1750935AbdIJUF5 (ORCPT\n\t<rfc822;netfilter-devel@vger.kernel.org>);\n\tSun, 10 Sep 2017 16:05:57 -0400","from [31.4.196.245] (helo=gnumonks.org)\n\tby ganesha.gnumonks.org with esmtpsa\n\t(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2)\n\t(envelope-from <pablo@gnumonks.org>)\n\tid 1dr8U2-0004Di-7J; Sun, 10 Sep 2017 22:05:36 +0200"],"Date":"Sun, 10 Sep 2017 22:05:32 +0200","From":"Pablo Neira Ayuso <pablo@netfilter.org>","To":"Louis Sautier <sautier.louis@gmail.com>","Cc":"netfilter-devel@vger.kernel.org","Subject":"Re: [PATCH] xtables-compat-restore: fix translation of mangle's\n\tOUTPUT","Message-ID":"<20170910200532.GA30715@salvia>","References":"<90185d38-8713-2a2a-6d47-c3db17f83dcb@gmail.com>\n\t<603ee036-ea61-e797-7828-a7b0bd3a9bd9@gmail.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<603ee036-ea61-e797-7828-a7b0bd3a9bd9@gmail.com>","User-Agent":"Mutt/1.5.23 (2014-03-12)","X-Spam-Score":"-2.9 (--)","Sender":"netfilter-devel-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netfilter-devel.vger.kernel.org>","X-Mailing-List":"netfilter-devel@vger.kernel.org"}}]