{"id":814641,"url":"http://patchwork.ozlabs.org/api/patches/814641/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20170917112031.8644-2-shmulik@nsof.io/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170917112031.8644-2-shmulik@nsof.io>","list_archive_url":null,"date":"2017-09-17T11:20:30","name":"[v2,1/2] iptables: support match info fixup after tc_init","commit_ref":null,"pull_url":null,"state":"changes-requested","archived":false,"hash":"659f8c5a623b402eedad90b4d940d1820170b368","submitter":{"id":72382,"url":"http://patchwork.ozlabs.org/api/people/72382/?format=json","name":"Shmulik Ladkani","email":"shmulik@nsof.io"},"delegate":{"id":6139,"url":"http://patchwork.ozlabs.org/api/users/6139/?format=json","username":"pablo","first_name":"Pablo","last_name":"Neira","email":"pablo@netfilter.org"},"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20170917112031.8644-2-shmulik@nsof.io/mbox/","series":[{"id":3508,"url":"http://patchwork.ozlabs.org/api/series/3508/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=3508","date":"2017-09-17T11:20:29","name":"xt_bpf: fix handling of pinned objects","version":2,"mbox":"http://patchwork.ozlabs.org/series/3508/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/814641/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/814641/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netfilter-devel-owner@vger.kernel.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n\tunprotected) header.d=nsof.io header.i=@nsof.io header.b=\"KoUmxTaH\";\n\tdkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xw6Br1CmGz9s7h\n\tfor <incoming@patchwork.ozlabs.org>;\n\tSun, 17 Sep 2017 21:20:52 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1750862AbdIQLUv (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tSun, 17 Sep 2017 07:20:51 -0400","from mail-wm0-f48.google.com ([74.125.82.48]:51081 \"EHLO\n\tmail-wm0-f48.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1750803AbdIQLUv (ORCPT\n\t<rfc822;netfilter-devel@vger.kernel.org>);\n\tSun, 17 Sep 2017 07:20:51 -0400","by mail-wm0-f48.google.com with SMTP id v142so16286040wmv.5\n\tfor <netfilter-devel@vger.kernel.org>;\n\tSun, 17 Sep 2017 04:20:50 -0700 (PDT)","from localhost.localdomain (bzq-82-81-225-244.cablep.bezeqint.net.\n\t[82.81.225.244]) by smtp.gmail.com with ESMTPSA id\n\tu1sm4400684wrd.95.2017.09.17.04.20.48\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);\n\tSun, 17 Sep 2017 04:20:49 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=nsof.io; s=google;\n\th=from:to:cc:subject:date:message-id:in-reply-to:references;\n\tbh=qxDAn6aBYnZYVUVs/adcLW7pptMV7VS5p01qlgKLVZk=;\n\tb=KoUmxTaHYHGpIAGbn48uRfQzyy2fBtTvWMTLzauqnxkqXF7jPBQ8pjlU3FTA9p/KR9\n\tb+IBpbvDXyENOU9Uo7jNaCt4NSmw1nR1alGiPSMS/QP6yJ8MZUJg4y4AcMu2qGDZ+725\n\tZMX7um2f/cdcaEQYd+vgeCm7Qgq/4DtojAo4E=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n\t:references;\n\tbh=qxDAn6aBYnZYVUVs/adcLW7pptMV7VS5p01qlgKLVZk=;\n\tb=DsZjHlF+Poq6tHRoaR0vM84lzW4Nc98ornJkJ4lyq27xZPjj/L2BH76TLvDmiwCeJ/\n\tU4xpxVqr+rRr6eT8rj+TJvcR7EKTGLzfFp+DSTiNJhxYC2oJylnYSYRrQe1gZcW7d0v6\n\t+Hkw9yKkSXBIfknkLKwbpDHqZHaHNMllk1dyyrFL8euGdb9UNdA0PnVgtH9Y0ghW1xa/\n\tJldnawAMdd5Pi7clNUy20d1TRJUkKJJJ5V2EUwT97LjdX0reZPWHbXVgQ9CDtGkHxTF2\n\teLVaBko7AZbxZ+Uv66YrjfClYiTdDkhLWu75VuVv/zI+VByryZkZcik78FfGs2KG7fvM\n\tbNLA==","X-Gm-Message-State":"AHPjjUhwzztyVMLnnOA8inhG1nncSWpkUMojxkq6oa9/yYIENXtG104J\n\tHXSofMJkngyVMU566AdClYXPSw0U4+4=","X-Google-Smtp-Source":"AOwi7QCRdWhR3DnGjkHKhx9OzrrfCWA+Rs2WbgnP4GR0zGtzSe4zbDHNyRLxnA+pu8AE+mmpI9la4Q==","X-Received":"by 10.28.99.69 with SMTP id x66mr6989981wmb.30.1505647249674;\n\tSun, 17 Sep 2017 04:20:49 -0700 (PDT)","From":"Shmulik Ladkani <shmulik@nsof.io>","To":"netfilter-devel@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>","Cc":"Willem de Bruijn <willemb@google.com>, rbk@nsof.io,\n\tshmulik@nsof.io, Rafael Buchbinder <rafi@rbk.ms>","Subject":"[PATCH v2 1/2] iptables: support match info fixup after tc_init","Date":"Sun, 17 Sep 2017 14:20:30 +0300","Message-Id":"<20170917112031.8644-2-shmulik@nsof.io>","X-Mailer":"git-send-email 2.14.1","In-Reply-To":"<20170917112031.8644-1-shmulik@nsof.io>","References":"<20170917112031.8644-1-shmulik@nsof.io>","Sender":"netfilter-devel-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netfilter-devel.vger.kernel.org>","X-Mailing-List":"netfilter-devel@vger.kernel.org"},"content":"From: Rafael Buchbinder <rafi@rbk.ms>\n\nFrom: Rafael Buchbinder <rafi@rbk.ms>\n\nThis commit introduces a framework to fixup match info,\nwhich may be required by an extension.\n\nSigned-off-by: Rafael Buchbinder <rafi@rbk.ms>\nSigned-off-by: Shmulik Ladkani <shmulik@nsof.io>\n---\n include/xtables.h    |  3 +++\n iptables/ip6tables.c | 35 +++++++++++++++++++++++++++++++++++\n iptables/iptables.c  | 34 ++++++++++++++++++++++++++++++++++\n 3 files changed, 72 insertions(+)","diff":"diff --git a/include/xtables.h b/include/xtables.h\nindex e9bc3b7d..687cfe9f 100644\n--- a/include/xtables.h\n+++ b/include/xtables.h\n@@ -273,6 +273,9 @@ struct xtables_match {\n \t/* ip is struct ipt_ip * for example */\n \tvoid (*save)(const void *ip, const struct xt_entry_match *match);\n \n+\t/* Fixes the match info after init. */\n+\tvoid (*tc_init_fixup)(struct xt_entry_match *match);\n+\n \t/* Print match name or alias */\n \tconst char *(*alias)(const struct xt_entry_match *match);\n \ndiff --git a/iptables/ip6tables.c b/iptables/ip6tables.c\nindex 49bd006f..0a6afa77 100644\n--- a/iptables/ip6tables.c\n+++ b/iptables/ip6tables.c\n@@ -925,6 +925,39 @@ delete_chain6(const xt_chainlabel chain, int verbose,\n \treturn ip6tc_delete_chain(chain, handle);\n }\n \n+\n+static int\n+tc_init_fixup_match(struct xt_entry_match *m)\n+{\n+\tconst struct xtables_match *match =\n+\t\txtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL);\n+\n+\tif (match) {\n+\t\tif (match->tc_init_fixup && m->u.user.revision == match->revision)\n+\t\t\tmatch->tc_init_fixup(m);\n+\t}\n+\n+\t/* Don't stop iterating. */\n+\treturn 0;\n+}\n+\n+static void\n+tc_init_fixup(struct xtc_handle *handle)\n+{\n+\tconst char *chain;\n+\n+\tfor (chain = ip6tc_first_chain(handle);\n+\t     chain;\n+\t     chain = ip6tc_next_chain(handle)) {\n+\t\tconst struct ip6t_entry *entry = ip6tc_first_rule(chain, handle);\n+\n+\t\twhile (entry) {\n+\t\t\tIP6T_MATCH_ITERATE(entry, tc_init_fixup_match);\n+\t\t\tentry = ip6tc_next_rule(entry, handle);\n+\t\t}\n+\t}\n+}\n+\n static int\n list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,\n \t     int expanded, int linenumbers, struct xtc_handle *handle)\n@@ -1795,6 +1828,8 @@ int do_command6(int argc, char *argv[], char **table,\n \t\t\t\"can't initialize ip6tables table `%s': %s\",\n \t\t\t*table, ip6tc_strerror(errno));\n \n+\ttc_init_fixup(*handle);\n+\n \tif (command == CMD_APPEND\n \t    || command == CMD_DELETE\n \t    || command == CMD_CHECK\ndiff --git a/iptables/iptables.c b/iptables/iptables.c\nindex 69d19fec..f220a8e4 100644\n--- a/iptables/iptables.c\n+++ b/iptables/iptables.c\n@@ -909,6 +909,38 @@ delete_chain4(const xt_chainlabel chain, int verbose,\n \treturn iptc_delete_chain(chain, handle);\n }\n \n+static int\n+tc_init_fixup_match(struct xt_entry_match *m)\n+{\n+\tconst struct xtables_match *match =\n+\t\txtables_find_match(m->u.user.name, XTF_TRY_LOAD, NULL);\n+\n+\tif (match) {\n+\t\tif (match->tc_init_fixup && m->u.user.revision == match->revision)\n+\t\t\tmatch->tc_init_fixup(m);\n+\t}\n+\n+\t/* Don't stop iterating. */\n+\treturn 0;\n+}\n+\n+static void\n+tc_init_fixup(struct xtc_handle *handle)\n+{\n+\tconst char *chain;\n+\n+\tfor (chain = iptc_first_chain(handle);\n+\t     chain;\n+\t     chain = iptc_next_chain(handle)) {\n+\t\tconst struct ipt_entry *entry = iptc_first_rule(chain, handle);\n+\n+\t\twhile (entry) {\n+\t\t\tIPT_MATCH_ITERATE(entry, tc_init_fixup_match);\n+\t\t\tentry = iptc_next_rule(entry, handle);\n+\t\t}\n+\t}\n+}\n+\n static int\n list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,\n \t     int expanded, int linenumbers, struct xtc_handle *handle)\n@@ -1781,6 +1813,8 @@ int do_command4(int argc, char *argv[], char **table,\n \t\t\t   \"can't initialize iptables table `%s': %s\",\n \t\t\t   *table, iptc_strerror(errno));\n \n+\ttc_init_fixup(*handle);\n+\n \tif (command == CMD_APPEND\n \t    || command == CMD_DELETE\n \t    || command == CMD_CHECK\n","prefixes":["v2","1/2"]}