From patchwork Thu Mar 1 20:07:57 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jonh Wendell X-Patchwork-Id: 144108 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 2DA321007DD for ; Fri, 2 Mar 2012 07:08:06 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757001Ab2CAUIA (ORCPT ); Thu, 1 Mar 2012 15:08:00 -0500 Received: from mail-bk0-f46.google.com ([209.85.214.46]:47930 "EHLO mail-bk0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753856Ab2CAUH7 (ORCPT ); Thu, 1 Mar 2012 15:07:59 -0500 Received: by bkcik5 with SMTP id ik5so903998bkc.19 for ; Thu, 01 Mar 2012 12:07:57 -0800 (PST) Received-SPF: pass (google.com: domain of jonh.wendell@vexcorp.com designates 10.112.47.225 as permitted sender) client-ip=10.112.47.225; Authentication-Results: mr.google.com; spf=pass (google.com: domain of jonh.wendell@vexcorp.com designates 10.112.47.225 as permitted sender) smtp.mail=jonh.wendell@vexcorp.com Received: from mr.google.com ([10.112.47.225]) by 10.112.47.225 with SMTP id g1mr3024280lbn.52.1330632477845 (num_hops = 1); Thu, 01 Mar 2012 12:07:57 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.47.225 with SMTP id g1mr2485804lbn.52.1330632477745; Thu, 01 Mar 2012 12:07:57 -0800 (PST) Received: by 10.112.10.225 with HTTP; Thu, 1 Mar 2012 12:07:57 -0800 (PST) In-Reply-To: <20120229232739.GB3817@1984> References: <20120229125052.GA1115@1984> <20120229232739.GB3817@1984> Date: Thu, 1 Mar 2012 17:07:57 -0300 Message-ID: Subject: Re: patch in bugzilla From: Jonh Wendell To: netfilter-devel@vger.kernel.org X-Gm-Message-State: ALoCoQmBZaFwDo1FkVI9eKaPhWK/f9TpSDDF55aNdfzMjC4W784HSweNDozRzt2xbu47Xd0Khe2j Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Sorry, guys. In fact, I had tested only libiptc itself, not the iptables binary. Here is the complete patch, modifying all callers of iptc_append_entry(). I tried it here and it worked fine. Thanks! 2012/2/29 Pablo Neira Ayuso : > On Wed, Feb 29, 2012 at 01:50:52PM +0100, Pablo Neira Ayuso wrote: >> On Tue, Feb 28, 2012 at 04:20:10PM +0100, Jan Engelhardt wrote: >> > On Tuesday 2012-02-28 13:48, Jonh Wendell wrote: >> > >> > >hi, folks. a while ago I filled a bug with a simple patch attached: >> > >http://bugzilla.netfilter.org/show_bug.cgi?id=768 >> > > >> > >what's the right place to post things like that? here in this mailing >> > >list or the bugzilla? >> > >> > [Someone still has not pointed the bugzilla automatic notification to >> > post to the netfilter-devel mailing list :) ] >> > >> > Certainly the choice of mailing list makes it more visible. No >> > objections to the patch. >> >> Applied, thanks. > > I'm going to revert this patch, it's breaking my iptables script: > > # iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > iptables: Incompatible with this kernel. > > Please, test patches before posting them. From a5cfd3bd4000fa7152c52ab2ea791efce7d21700 Mon Sep 17 00:00:00 2001 From: Jonh Wendell Date: Thu, 1 Mar 2012 17:04:22 -0300 Subject: [PATCH] libiptc: Returns the position the entry was inserted --- include/libiptc/libiptc.h | 3 ++- iptables/ip6tables.c | 3 ++- iptables/iptables.c | 3 ++- libiptc/libiptc.c | 5 +++-- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h index 24cdbdb..b9a42c9 100644 --- a/include/libiptc/libiptc.h +++ b/include/libiptc/libiptc.h @@ -74,7 +74,8 @@ int iptc_replace_entry(const xt_chainlabel chain, struct xtc_handle *handle); /* Append entry `e' to chain `chain'. Equivalent to insert with - rulenum = length of chain. */ + rulenum = length of chain. Returns the position the entry was + inserted or 0 if an error occurs */ int iptc_append_entry(const xt_chainlabel chain, const struct ipt_entry *e, struct xtc_handle *handle); diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c index b191d5d..8df06d6 100644 --- a/iptables/ip6tables.c +++ b/iptables/ip6tables.c @@ -698,7 +698,8 @@ append_entry(const xt_chainlabel chain, fw->ipv6.dmsk = dmasks[j]; if (verbose) print_firewall_line(fw, handle); - ret &= ip6tc_append_entry(chain, fw, handle); + if (!ip6tc_append_entry(chain, fw, handle)) + ret = 0; } } diff --git a/iptables/iptables.c b/iptables/iptables.c index 03ac63b..10f30d3 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -700,7 +700,8 @@ append_entry(const xt_chainlabel chain, fw->ip.dmsk.s_addr = dmasks[j].s_addr; if (verbose) print_firewall_line(fw, handle); - ret &= iptc_append_entry(chain, fw, handle); + if (!iptc_append_entry(chain, fw, handle)) + ret = 0; } } diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index 63fcfc2..ddaee12 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -1836,7 +1836,8 @@ TC_REPLACE_ENTRY(const IPT_CHAINLABEL chain, } /* Append entry `fw' to chain `chain'. Equivalent to insert with - rulenum = length of chain. */ + rulenum = length of chain. Returns the position the entry was + inserted or 0 if an error occurs */ int TC_APPEND_ENTRY(const IPT_CHAINLABEL chain, const STRUCT_ENTRY *e, @@ -1872,7 +1873,7 @@ TC_APPEND_ENTRY(const IPT_CHAINLABEL chain, set_changed(handle); - return 1; + return c->num_rules; } static inline int -- 1.7.5.4