Add NFPROTO_ARP for mark

Message ID	20150408174911.GA4683@salvia
State	RFC
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> spamassassin: 3.4.0. Clear:RC:1(127.0.0.1):SA:0(-103.2/7.5):. Processed in 4.465137 secs); 08 Apr 2015 17:45:03 -0000 Date: Wed, 8 Apr 2015 19:49:11 +0200 From: Pablo Neira Ayuso <pablo@netfilter.org> To: Zhang Chunyu <zhangcy@cn.fujitsu.com> Cc: netfilter-devel@vger.kernel.org Subject: Re: [PATCH] Add NFPROTO_ARP for mark Message-ID: <20150408174911.GA4683@salvia> References: <1428374716-15108-1-git-send-email-zhangcy@cn.fujitsu.com> <1428374716-15108-2-git-send-email-zhangcy@cn.fujitsu.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1428374716-15108-2-git-send-email-zhangcy@cn.fujitsu.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk

Message ID

20150408174911.GA4683@salvia

State

RFC

Delegated to:

Pablo Neira

Headers

Date: Wed, 8 Apr 2015 19:49:11 +0200
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Zhang Chunyu <zhangcy@cn.fujitsu.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] Add NFPROTO_ARP for mark
Message-ID: <20150408174911.GA4683@salvia>
References: <1428374716-15108-1-git-send-email-zhangcy@cn.fujitsu.com>
	<1428374716-15108-2-git-send-email-zhangcy@cn.fujitsu.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1428374716-15108-2-git-send-email-zhangcy@cn.fujitsu.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Commit Message

Pablo Neira Ayuso April 8, 2015, 5:49 p.m. UTC

On Mon, Apr 06, 2015 at 10:45:16PM -0400, Zhang Chunyu wrote:
> need add NFPROTO_ARP and MODULE_ALIAS for arptables -mark
> 
> Signed-off-by: Zhang Chunyu <zhangcy@cn.fujitsu.com>
> ---
>  net/netfilter/xt_mark.c | 31 +++++++++++++++++++++----------
>  1 file changed, 21 insertions(+), 10 deletions(-)
> 
> diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c
> index 2334523..5778062 100644
> --- a/net/netfilter/xt_mark.c
> +++ b/net/netfilter/xt_mark.c
> @@ -23,6 +23,7 @@ MODULE_ALIAS("ipt_mark");
>  MODULE_ALIAS("ip6t_mark");
>  MODULE_ALIAS("ipt_MARK");
>  MODULE_ALIAS("ip6t_MARK");
> +MODULE_ALIAS("arpt_MARK");

This little change above is fine.

>  static unsigned int
>  mark_tg(struct sk_buff *skb, const struct xt_action_param *par)
> @@ -41,13 +42,23 @@ mark_mt(const struct sk_buff *skb, struct xt_action_param *par)
>  	return ((skb->mark & info->mask) == info->mark) ^ info->invert;
>  }
>  
> -static struct xt_target mark_tg_reg __read_mostly = {
> -	.name           = "MARK",
> -	.revision       = 2,
> -	.family         = NFPROTO_UNSPEC,
> -	.target         = mark_tg,
> -	.targetsize     = sizeof(struct xt_mark_tginfo2),
> -	.me             = THIS_MODULE,
> +static struct xt_target mark_tg_reg[] __read_mostly = {
> +	{
> +		.name           = "MARK",
> +		.revision       = 2,
> +		.family         = NFPROTO_UNSPEC,
> +		.target         = mark_tg,
> +		.targetsize     = sizeof(struct xt_mark_tginfo2),
> +		.me             = THIS_MODULE,
> +	},
> +	{
> +		.name           = "MARK",
> +		.revision       = 2,
> +		.family         = NFPROTO_ARP,
> +		.target         = mark_tg,
> +		.targetsize     = sizeof(struct xt_mark_tginfo2),
> +		.me             = THIS_MODULE,
> +	}
>  };

You don't need this.

The problem is here that your patch:

http://patchwork.ozlabs.org/patch/455966/

is missing this chunk:

Otherwise, the revision number is zeroed.

And you don't need: http://patchwork.ozlabs.org/patch/455965/.

Please, rebase your userspace patches on top of current arptables git
and resubmit. Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Zhang Chunyu April 9, 2015, 3:54 a.m. UTC | #1

>From: Pablo Neira Ayuso

>Date: 2015-04-09

>To: Zhang, Chunyu/章 春宇

>Subject: Re: [PATCH] Add NFPROTO_ARP for mark

>

>On Mon, Apr 06, 2015 at 10:45:16PM -0400, Zhang Chunyu wrote:

>> need add NFPROTO_ARP and MODULE_ALIAS for arptables -mark

>>

>> Signed-off-by: Zhang Chunyu <zhangcy@cn.fujitsu.com>

>> ---

>>  net/netfilter/xt_mark.c | 31 +++++++++++++++++++++----------

>>  1 file changed, 21 insertions(+), 10 deletions(-)

>>

>> diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c

>> index 2334523..5778062 100644

>> --- a/net/netfilter/xt_mark.c

>> +++ b/net/netfilter/xt_mark.c

>> @@ -23,6 +23,7 @@ MODULE_ALIAS("ipt_mark");

>>  MODULE_ALIAS("ip6t_mark");

>>  MODULE_ALIAS("ipt_MARK");

>>  MODULE_ALIAS("ip6t_MARK");

>> +MODULE_ALIAS("arpt_MARK");

>

>This little change above is fine.

>

>>  static unsigned int

>>  mark_tg(struct sk_buff *skb, const struct xt_action_param *par)

>> @@ -41,13 +42,23 @@ mark_mt(const struct sk_buff *skb, struct xt_action_param *par)

>>       return ((skb->mark & info->mask) == info->mark) ^ info->invert;

>>  }

>> 

>> -static struct xt_target mark_tg_reg __read_mostly = {

>> -     .name           = "MARK",

>> -     .revision       = 2,

>> -     .family         = NFPROTO_UNSPEC,

>> -     .target         = mark_tg,

>> -     .targetsize     = sizeof(struct xt_mark_tginfo2),

>> -     .me             = THIS_MODULE,

>> +static struct xt_target mark_tg_reg[] __read_mostly = {

>> +     {

>> +             .name           = "MARK",

>> +             .revision       = 2,

>> +             .family         = NFPROTO_UNSPEC,

>> +             .target         = mark_tg,

>> +             .targetsize     = sizeof(struct xt_mark_tginfo2),

>> +             .me             = THIS_MODULE,

>> +     },

>> +     {

>> +             .name           = "MARK",

>> +             .revision       = 2,

>> +             .family         = NFPROTO_ARP,

>> +             .target         = mark_tg,

>> +             .targetsize     = sizeof(struct xt_mark_tginfo2),

>> +             .me             = THIS_MODULE,

>> +     }

>>  };

>

>You don't need this.

>

>The problem is here that your patch:

>

>http://patchwork.ozlabs.org/patch/455966/

>

>is missing this chunk:

>

>diff --git a/libarptc/libarptc_incl.c b/libarptc/libarptc_incl.c

>index a034930..87404ce 100644

>--- a/libarptc/libarptc_incl.c

>+++ b/libarptc/libarptc_incl.c

>@@ -872,7 +872,7 @@ map_target(const TC_HANDLE_T handle,

>        /* memset to all 0 for your memcmp convenience. */

>        memset(t->u.user.name + strlen(t->u.user.name),

>               0,

>-              FUNCTION_MAXNAMELEN - strlen(t->u.user.name));

>+              FUNCTION_MAXNAMELEN - 1 - strlen(t->u.user.name));

>        return 1;

> }

>

>Otherwise, the revision number is zeroed.

>

>And you don't need: http://patchwork.ozlabs.org/patch/455965/.

>

>Please, rebase your userspace patches on top of current arptables git

>and resubmit. Thanks.

get it 。will do。
why arptables --set-mark can work , when add  NFPROTO_ARP to xt_mark ?

Pablo Neira Ayuso April 9, 2015, 10:41 a.m. UTC | #2

On Thu, Apr 09, 2015 at 03:54:33AM +0000, Zhang, Chunyu wrote:
> >From: Pablo Neira Ayuso
> >Date: 2015-04-09
> >To: Zhang, Chunyu/章 春宇
> >Subject: Re: [PATCH] Add NFPROTO_ARP for mark
[...]
> >> @@ -41,13 +42,23 @@ mark_mt(const struct sk_buff *skb, struct xt_action_param *par)
> >>       return ((skb->mark & info->mask) == info->mark) ^ info->invert;
> >>  }
> >> 
> >> -static struct xt_target mark_tg_reg __read_mostly = {
> >> -     .name           = "MARK",
> >> -     .revision       = 2,
> >> -     .family         = NFPROTO_UNSPEC,
> >> -     .target         = mark_tg,
> >> -     .targetsize     = sizeof(struct xt_mark_tginfo2),
> >> -     .me             = THIS_MODULE,
> >> +static struct xt_target mark_tg_reg[] __read_mostly = {
> >> +     {
> >> +             .name           = "MARK",
> >> +             .revision       = 2,
> >> +             .family         = NFPROTO_UNSPEC,
> >> +             .target         = mark_tg,
> >> +             .targetsize     = sizeof(struct xt_mark_tginfo2),
> >> +             .me             = THIS_MODULE,
> >> +     },
> >> +     {
> >> +             .name           = "MARK",
> >> +             .revision       = 2,
> >> +             .family         = NFPROTO_ARP,
> >> +             .target         = mark_tg,
> >> +             .targetsize     = sizeof(struct xt_mark_tginfo2),
> >> +             .me             = THIS_MODULE,
> >> +     }
> >>  };
> >
> >You don't need this.
> >
> >The problem is here that your patch:
> >
> >http://patchwork.ozlabs.org/patch/455966/
> >
> >is missing this chunk:
> >
> >diff --git a/libarptc/libarptc_incl.c b/libarptc/libarptc_incl.c
> >index a034930..87404ce 100644
> >--- a/libarptc/libarptc_incl.c
> >+++ b/libarptc/libarptc_incl.c
> >@@ -872,7 +872,7 @@ map_target(const TC_HANDLE_T handle,
> >        /* memset to all 0 for your memcmp convenience. */
> >        memset(t->u.user.name + strlen(t->u.user.name),
> >               0,
> >-              FUNCTION_MAXNAMELEN - strlen(t->u.user.name));
> >+              FUNCTION_MAXNAMELEN - 1 - strlen(t->u.user.name));
> >        return 1;
> > }
> >
> >Otherwise, the revision number is zeroed.
> >
> >And you don't need: http://patchwork.ozlabs.org/patch/455965/.
> >
> >Please, rebase your userspace patches on top of current arptables git
> >and resubmit. Thanks.
>
> get it 。will do。
> why arptables --set-mark can work , when add  NFPROTO_ARP to xt_mark ?

I guess you're still using the userspace patches you sent.

If you rebase on top of current arptables HEAD, that will not work.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Pablo Neira Ayuso April 16, 2015, 11:06 a.m. UTC | #3

On Thu, Apr 16, 2015 at 05:39:31AM +0000, Zhang, Chunyu wrote:
> 
> hi pablo
> 
> >From: Pablo Neira Ayuso
> >Date: 2015-04-09
> >To: Zhang, Chunyu/章 春宇
> >Subject: Re: Re: [PATCH] Add NFPROTO_ARP for mark
> >
> >On Thu, Apr 09, 2015 at 03:54:33AM +0000, Zhang, Chunyu wrote:
> >> >From: Pablo Neira Ayuso
> >> >Date: 2015-04-09
> >> >To: Zhang, Chunyu/章 春宇
> >> >Subject: Re: [PATCH] Add NFPROTO_ARP for mark
> >[...]
> >> >> @@ -41,13 +42,23 @@ mark_mt(const struct sk_buff *skb, struct xt_action_param *par)
> >> >>       return ((skb->mark & info->mask) == info->mark) ^ info->invert;
> >> >>  }
> >> >>
> >> >> -static struct xt_target mark_tg_reg __read_mostly = {
> >> >> -     .name           = "MARK",
> >> >> -     .revision       = 2,
> >> >> -     .family         = NFPROTO_UNSPEC,
> >> >> -     .target         = mark_tg,
> >> >> -     .targetsize     = sizeof(struct xt_mark_tginfo2),
> >> >> -     .me             = THIS_MODULE,
> >> >> +static struct xt_target mark_tg_reg[] __read_mostly = {
> >> >> +     {
> >> >> +             .name           = "MARK",
> >> >> +             .revision       = 2,
> >> >> +             .family         = NFPROTO_UNSPEC,
> >> >> +             .target         = mark_tg,
> >> >> +             .targetsize     = sizeof(struct xt_mark_tginfo2),
> >> >> +             .me             = THIS_MODULE,
> >> >> +     },
> >> >> +     {
> >> >> +             .name           = "MARK",
> >> >> +             .revision       = 2,
> >> >> +             .family         = NFPROTO_ARP,
> >> >> +             .target         = mark_tg,
> >> >> +             .targetsize     = sizeof(struct xt_mark_tginfo2),
> >> >> +             .me             = THIS_MODULE,
> >> >> +     }
> >> >>  };
> >> >
> >> >You don't need this.
> >> >
> >> >The problem is here that your patch:
> >> >
> >> >http://patchwork.ozlabs.org/patch/455966/
> >> >
> >> >is missing this chunk:
> >> >
> >> >diff --git a/libarptc/libarptc_incl.c b/libarptc/libarptc_incl.c
> >> >index a034930..87404ce 100644
> >> >--- a/libarptc/libarptc_incl.c
> >> >+++ b/libarptc/libarptc_incl.c
> >> >@@ -872,7 +872,7 @@ map_target(const TC_HANDLE_T handle,
> >> >        /* memset to all 0 for your memcmp convenience. */
> >> >        memset(t->u.user.name + strlen(t->u.user.name),
> >> >               0,
> >> >-              FUNCTION_MAXNAMELEN - strlen(t->u.user.name));
> >> >+              FUNCTION_MAXNAMELEN - 1 - strlen(t->u.user.name));
> >> >        return 1;
> >> > }
> 
> 1. 
> maybe should change like this？
> 
> diff --git a/libarptc/libarptc_incl.c b/libarptc/libarptc_incl.c
> index a034930..4049cbd 100644
> --- a/libarptc/libarptc_incl.c
> +++ b/libarptc/libarptc_incl.c
> @@ -872,7 +872,7 @@ map_target(const TC_HANDLE_T handle,
>         /* memset to all 0 for your memcmp convenience. */
>         memset(t->u.user.name + strlen(t->u.user.name),
>                0,
> -              FUNCTION_MAXNAMELEN - strlen(t->u.user.name));
> +              XT_EXTENSION_MAXNAMELEN - strlen(t->u.user.name));

No, you can't do this.

After getting arptables userspace in sync with kernel headers, you can
see that:

#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN

and:

libarptc/libarptc.c:#define FUNCTION_MAXNAMELEN ARPT_FUNCTION_MAXNAMELEN

You have to do it the way I suggested.

Another motivation to make it the way I indicated is that this will be
in sync with iptables/ip6tables.

Anyway, I have just pushed this branch:

http://git.netfilter.org/arptables/log/?h=next

to try to close this discussion.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/libarptc/libarptc_incl.c b/libarptc/libarptc_incl.c
index a034930..87404ce 100644
--- a/libarptc/libarptc_incl.c
+++ b/libarptc/libarptc_incl.c
@@ -872,7 +872,7 @@  map_target(const TC_HANDLE_T handle,
        /* memset to all 0 for your memcmp convenience. */
        memset(t->u.user.name + strlen(t->u.user.name),
               0,
-              FUNCTION_MAXNAMELEN - strlen(t->u.user.name));
+              FUNCTION_MAXNAMELEN - 1 - strlen(t->u.user.name));
        return 1;
 }

Add NFPROTO_ARP for mark

Commit Message

Comments

Patch