Message ID | 1392197240-9389-1-git-send-email-fw@strlen.de |
---|---|
State | Accepted |
Delegated to: | Jozsef Kadlecsik |
Headers | show |
Hi Florian, On Wed, 12 Feb 2014, Florian Westphal wrote: > hash:net,iface supports matching on the bridge port as well, > but userspace currently doesn't handle it correctly as it passes > in 'physdev:eth0' instead of 'eth0'+IPSET_OPT_PHYSDEV. I think the userspace does handle the case: looking at your patch, it's exactly the same as the original one. It is nicer, so I'm happy to apply it, but the description - as far as I see - doesn't fit. Maybe your kernel is not compiled with BRIDGE_NETFILTER enabled? That's required for the functionality at the kernel side. > Signed-off-by: Florian Westphal <fw@strlen.de> > --- > lib/parse.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/lib/parse.c b/lib/parse.c > index f1c1f0e..4db872e 100644 > --- a/lib/parse.c > +++ b/lib/parse.c > @@ -1753,14 +1753,15 @@ ipset_parse_iface(struct ipset_session *session, > { > struct ipset_data *data; > int offset = 0, err = 0; > + static const char pdev_prefix[]="physdev:"; > > assert(session); > assert(opt == IPSET_OPT_IFACE); > assert(str); > > data = ipset_session_data(session); > - if (STREQ(str, "physdev:")) { > - offset = 8; > + if (STRNEQ(str, pdev_prefix, strlen(pdev_prefix))) { > + offset = strlen(pdev_prefix); > err = ipset_data_set(data, IPSET_OPT_PHYSDEV, str); > if (err < 0) > return err; > -- > 1.8.1.5 Best regards, Jozsef - E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> wrote: > Hi Florian, > > On Wed, 12 Feb 2014, Florian Westphal wrote: > > > hash:net,iface supports matching on the bridge port as well, > > but userspace currently doesn't handle it correctly as it passes > > in 'physdev:eth0' instead of 'eth0'+IPSET_OPT_PHYSDEV. > > I think the userspace does handle the case: looking at your patch, it's > exactly the same as the original one. It is nicer, so I'm happy to apply > it, but the description - as far as I see - doesn't fit. It will expand to if (strcmp("physdev:eth0", "physdev:") == 0) which is not true. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, 13 Feb 2014, Florian Westphal wrote: > Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> wrote: > > > > On Wed, 12 Feb 2014, Florian Westphal wrote: > > > > > hash:net,iface supports matching on the bridge port as well, > > > but userspace currently doesn't handle it correctly as it passes > > > in 'physdev:eth0' instead of 'eth0'+IPSET_OPT_PHYSDEV. > > > > I think the userspace does handle the case: looking at your patch, it's > > exactly the same as the original one. It is nicer, so I'm happy to apply > > it, but the description - as far as I see - doesn't fit. > > It will expand to > > if (strcmp("physdev:eth0", "physdev:") == 0) > > which is not true. Ohh, right. And then the whole string is passed to the kernel and therefore the "physdev:" part is kept at listing. Patch is applied, thanks! Best regards, Jozsef - E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/lib/parse.c b/lib/parse.c index f1c1f0e..4db872e 100644 --- a/lib/parse.c +++ b/lib/parse.c @@ -1753,14 +1753,15 @@ ipset_parse_iface(struct ipset_session *session, { struct ipset_data *data; int offset = 0, err = 0; + static const char pdev_prefix[]="physdev:"; assert(session); assert(opt == IPSET_OPT_IFACE); assert(str); data = ipset_session_data(session); - if (STREQ(str, "physdev:")) { - offset = 8; + if (STRNEQ(str, pdev_prefix, strlen(pdev_prefix))) { + offset = strlen(pdev_prefix); err = ipset_data_set(data, IPSET_OPT_PHYSDEV, str); if (err < 0) return err;
hash:net,iface supports matching on the bridge port as well, but userspace currently doesn't handle it correctly as it passes in 'physdev:eth0' instead of 'eth0'+IPSET_OPT_PHYSDEV. Signed-off-by: Florian Westphal <fw@strlen.de> --- lib/parse.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)