| Message ID | 1392047374-30511-2-git-send-email-giuseppelng@gmail.com |
|---|---|
| State | Changes Requested |
| Headers | show |
On Mon, Feb 10, 2014 at 04:49:34PM +0100, Giuseppe Longo wrote: > This patch permits to print arp rules, > avoiding the segfault that you got currently. There is no .save_firewall hook for nft-arp, so this does not print anything. Did you forget to include it in your patch? More comments below. > Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> > --- > iptables/xtables-events.c | 19 ++++++++++++------- > 1 file changed, 12 insertions(+), 7 deletions(-) > > diff --git a/iptables/xtables-events.c b/iptables/xtables-events.c > index 408e091..75459c1 100644 > --- a/iptables/xtables-events.c > +++ b/iptables/xtables-events.c > @@ -59,7 +59,10 @@ static bool counters; > static int rule_cb(const struct nlmsghdr *nlh, int type) > { > struct iptables_command_state cs = {}; > + struct arpt_entry fw_arp = {}; > struct nft_rule *r; > + void *fw = NULL; > + uint8_t family; > > r = nft_rule_alloc(); > if (r == NULL) { > @@ -72,21 +75,23 @@ static int rule_cb(const struct nlmsghdr *nlh, int type) > goto err_free; > } > > - nft_rule_to_iptables_command_state(r, &cs); > - > - switch(nft_rule_attr_get_u8(r, NFT_RULE_ATTR_FAMILY)) { > + family = nft_rule_attr_get_u8(r, NFT_RULE_ATTR_FAMILY); > + switch(family) { > case AF_INET: > - printf("-4 "); > - break; > case AF_INET6: > - printf("-6 "); > + printf("-%c ", family == AF_INET ? '4' : '6'); > + nft_rule_to_iptables_command_state(r, &cs); > + fw = &cs; > break; > + case NFPROTO_ARP: > + nft_rule_to_arpt_entry(r, &fw_arp); > + fw = &fw_arp; missing break; here. > default: > break; Instead of this break;, please use: goto err_free; so it just skips nft_rule_print_save for unknown families. > } > > > - nft_rule_print_save(&cs, r, > + nft_rule_print_save(fw, r, > type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND : > NFT_RULE_DEL, > counters ? 0 : FMT_NOCOUNTS); > -- > 1.8.1.5 > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/iptables/xtables-events.c b/iptables/xtables-events.c index 408e091..75459c1 100644 --- a/iptables/xtables-events.c +++ b/iptables/xtables-events.c @@ -59,7 +59,10 @@ static bool counters; static int rule_cb(const struct nlmsghdr *nlh, int type) { struct iptables_command_state cs = {}; + struct arpt_entry fw_arp = {}; struct nft_rule *r; + void *fw = NULL; + uint8_t family; r = nft_rule_alloc(); if (r == NULL) { @@ -72,21 +75,23 @@ static int rule_cb(const struct nlmsghdr *nlh, int type) goto err_free; } - nft_rule_to_iptables_command_state(r, &cs); - - switch(nft_rule_attr_get_u8(r, NFT_RULE_ATTR_FAMILY)) { + family = nft_rule_attr_get_u8(r, NFT_RULE_ATTR_FAMILY); + switch(family) { case AF_INET: - printf("-4 "); - break; case AF_INET6: - printf("-6 "); + printf("-%c ", family == AF_INET ? '4' : '6'); + nft_rule_to_iptables_command_state(r, &cs); + fw = &cs; break; + case NFPROTO_ARP: + nft_rule_to_arpt_entry(r, &fw_arp); + fw = &fw_arp; default: break; } - nft_rule_print_save(&cs, r, + nft_rule_print_save(fw, r, type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND : NFT_RULE_DEL, counters ? 0 : FMT_NOCOUNTS);
This patch permits to print arp rules, avoiding the segfault that you got currently. Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> --- iptables/xtables-events.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-)