From patchwork Fri Oct 11 06:04:04 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anand Raj Manickam X-Patchwork-Id: 282529 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 0C6632C00A3 for ; Fri, 11 Oct 2013 17:04:09 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752086Ab3JKGEG (ORCPT ); Fri, 11 Oct 2013 02:04:06 -0400 Received: from mail-qc0-f174.google.com ([209.85.216.174]:60298 "EHLO mail-qc0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751947Ab3JKGEG (ORCPT ); Fri, 11 Oct 2013 02:04:06 -0400 Received: by mail-qc0-f174.google.com with SMTP id v1so253707qcw.33 for ; Thu, 10 Oct 2013 23:04:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=XpZmWiajTFIzB5aihR8WiOk0vpIh4tK3I7hTr6LfGLQ=; b=ei4oSvEyBZpkGxQ8pAdXzSJOi0ibxCRY3q8zLpOcDs7DurhCk+Dj5eGzq40T/8Aqhu 9vAjqu52j4/J7ibRR0oz6EBvGrn43Q/HaU0Y1xr9yMA35RwW3tos1xqxu8DHLencB5LI ccc3pG9B4m+Gs2sYLUb0xS3WJ+rYi0gK2le8nSMjhZk528bwauTJnVoGG+z41dAgZAY2 YJ1WoHYus83fMogpBLo165eFj1gmQj6KU7W+LZFZLqf18gCMhaGCX8AoPeNLI8rzpiVw SKgIUGTmdBkMRvptzstyIWVYbBDmEzKIHkMZ4mAOmsVaM4nkt9rXbrhj72IzFM1DS3p9 iyOA== MIME-Version: 1.0 X-Received: by 10.49.12.14 with SMTP id u14mr5755764qeb.74.1381471444412; Thu, 10 Oct 2013 23:04:04 -0700 (PDT) Received: by 10.140.25.98 with HTTP; Thu, 10 Oct 2013 23:04:04 -0700 (PDT) Date: Fri, 11 Oct 2013 11:34:04 +0530 Message-ID: Subject: [PATCH] iptables-nftables nft: Removes if_nametoindex , NFT_META_OIF for outiface From: Anand Raj Manickam To: Pablo Neira Ayuso , netfilter-devel@vger.kernel.org Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This patch fixes the issue where , the Rules are added for non existent interface and unable to delete. eg xtables -t nat -I POSTROUTING -o eth10.10 -j MASQUERADE , allows you to add the rule , where eth10.10 interface is not created. But will not allow to delete as the label maps to * by if_nametoindex(). void add_addr(struct nft_rule *r, int offset, @@ -267,15 +263,15 @@ void parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface, *invflags |= IPT_INV_VIA_OUT; memcpy(outiface, ifname, len); - outiface[len] = '\0'; - /* If zero, then this is an interface mask */ - if (if_nametoindex(outiface) == 0) { - outiface[len] = '+'; - outiface[len+1] = '\0'; - } + if (outiface[len -1] == '+') { + outiface[len] = '\0'; + memset(outiface_mask, 0xff, (len - 1)); + } else { + outiface[len + 1 ] = '\0'; + memset(outiface_mask, 0xff, (len + 1)); + } - memset(outiface_mask, 0xff, len); break; default: DEBUGP("unknown meta key %d\n", key); --- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 25cb177..407f650 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -145,13 +145,9 @@ void add_outiface(struct nft_rule *r, char *iface, int invflags) else op = NFT_CMP_EQ; - if (iface[iface_len - 1] == '+') { - add_meta(r, NFT_META_OIFNAME); - add_cmp_ptr(r, op, iface, iface_len - 1); - } else { - add_meta(r, NFT_META_OIF); - add_cmp_u32(r, if_nametoindex(iface), op); - } + /*Removed NFT_META_OIF , will stick to NFT_META_OIFNAME as in iptables */ + add_meta(r, NFT_META_OIFNAME); + add_cmp_ptr(r, op, iface, iface_len); }