Patchwork nft: arp: add parse_target to nft_family_ops_arp

login
register
mail settings
Submitter Giuseppe Longo
Date Oct. 6, 2013, 12:36 p.m.
Message ID <1381063007-6184-1-git-send-email-giuseppelng@gmail.com>
Download mbox | patch
Permalink /patch/280854/
State Accepted
Headers show

Comments

Giuseppe Longo - Oct. 6, 2013, 12:36 p.m.
This patch adds parse_target for arp family, fixing segfaults
for xtables-arp -L after rules like:

- xtables-arp -A OUTPUT -o eth0 -j CLASSIFY --set-class 0:7
- xtables-arp -A OUTPUT -o eth1 --h-length 6 -j mangle --mangle-mac-s 01:00:5e:00:01:01

Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
---
 iptables/nft-arp.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
Tomasz Bursztyka - Oct. 7, 2013, 5:43 a.m.
Good catch!

I probably read that file dozens of time and did not spot this...

Thanks,

Tomasz

> This patch adds parse_target for arp family, fixing segfaults
> for xtables-arp -L after rules like:
>
> - xtables-arp -A OUTPUT -o eth0 -j CLASSIFY --set-class 0:7
> - xtables-arp -A OUTPUT -o eth1 --h-length 6 -j mangle --mangle-mac-s 01:00:5e:00:01:01
>
> Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
> ---
>   iptables/nft-arp.c |    1 +
>   1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
> index 570962d..08f8814 100644
> --- a/iptables/nft-arp.c
> +++ b/iptables/nft-arp.c
> @@ -643,4 +643,5 @@ struct nft_family_ops nft_family_ops_arp = {
>   	.print_firewall		= nft_arp_print_firewall,
>   	.post_parse		= NULL,
>   	.rule_find		= nft_arp_rule_find,
> +	.parse_target		= nft_arp_parse_target,
>   };

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira - Oct. 8, 2013, 7:39 p.m.
On Sun, Oct 06, 2013 at 02:36:47PM +0200, Giuseppe Longo wrote:
> This patch adds parse_target for arp family, fixing segfaults
> for xtables-arp -L after rules like:
> 
> - xtables-arp -A OUTPUT -o eth0 -j CLASSIFY --set-class 0:7
> - xtables-arp -A OUTPUT -o eth1 --h-length 6 -j mangle --mangle-mac-s 01:00:5e:00:01:01

Applied, thanks Giuseppe.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 570962d..08f8814 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -643,4 +643,5 @@  struct nft_family_ops nft_family_ops_arp = {
 	.print_firewall		= nft_arp_print_firewall,
 	.post_parse		= NULL,
 	.rule_find		= nft_arp_rule_find,
+	.parse_target		= nft_arp_parse_target,
 };