[iptables,1/5] xtables: Make invflags 16bit wide

Message ID	20210428173656.16851-2-phil@nwl.cc
State	Accepted
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Phil Sutter <phil@nwl.cc> To: Pablo Neira Ayuso <pablo@netfilter.org> Cc: netfilter-devel@vger.kernel.org Subject: [iptables PATCH 1/5] xtables: Make invflags 16bit wide Date: Wed, 28 Apr 2021 19:36:52 +0200 Message-Id: <20210428173656.16851-2-phil@nwl.cc> In-Reply-To: <20210428173656.16851-1-phil@nwl.cc> References: <20210428173656.16851-1-phil@nwl.cc> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Merge some common code \| expand [iptables,0/5] Merge some common code [iptables,1/5] xtables: Make invflags 16bit wide [iptables,2/5] xshared: Eliminate iptables_command_state->invert [iptables,3/5] xshared: Merge invflags handling code [iptables,4/5] ebtables-translate: Use shared ebt_get_current_chain() function [iptables,5/5] Use proto_to_name() from xshared in more places

Message ID

20210428173656.16851-2-phil@nwl.cc

State

Accepted

Delegated to:

Pablo Neira

Headers

From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH 1/5] xtables: Make invflags 16bit wide
Date: Wed, 28 Apr 2021 19:36:52 +0200
Message-Id: <20210428173656.16851-2-phil@nwl.cc>
In-Reply-To: <20210428173656.16851-1-phil@nwl.cc>
References: <20210428173656.16851-1-phil@nwl.cc>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Merge some common code | expand

Commit Message

Phil Sutter April 28, 2021, 5:36 p.m. UTC

This is needed to merge with xtables-arp which has more builtin
options and hence needs more bits in invflags.

The only adjustment needed is the set_option() call for option '-j'
which passed a pointer to cs->fw.ip.invflags. That field can't be
changed, it belongs to uAPI. Though using args->invflags instead works
fine, aside from that '-j' doesn't support inverting so this is merely a
sanity check and no real invflag value assignment will happen.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft-shared.h | 2 +-
 iptables/xtables.c    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index da4ba9d2ba8de..cc8f3a79b369e 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -190,7 +190,7 @@  struct xtables_args {
 	int		family;
 	uint16_t	proto;
 	uint8_t		flags;
-	uint8_t		invflags;
+	uint16_t	invflags;
 	char		iniface[IFNAMSIZ], outiface[IFNAMSIZ];
 	unsigned char	iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
 	bool		goto_set;
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 9779bd83d53b3..c3d82014778b2 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -239,7 +239,7 @@  xtables_exit_error(enum xtables_exittype status, const char *msg, ...)
 /* Christophe Burki wants `-p 6' to imply `-m tcp'.  */
 
 static void
-set_option(unsigned int *options, unsigned int option, uint8_t *invflg,
+set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
 	   int invert)
 {
 	if (*options & option)
@@ -692,7 +692,7 @@  void do_parse(struct nft_handle *h, int argc, char *argv[],
 #endif
 
 		case 'j':
-			set_option(&cs->options, OPT_JUMP, &cs->fw.ip.invflags,
+			set_option(&cs->options, OPT_JUMP, &args->invflags,
 				   cs->invert);
 			command_jump(cs, optarg);
 			break;

[iptables,1/5] xtables: Make invflags 16bit wide

Commit Message

Patch