From patchwork Sat Jan 18 18:44:47 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Rui Salvaterra <rsalvaterra@gmail.com>
X-Patchwork-Id: 1225195
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=lists.openwrt.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.a=rsa-sha256
	header.s=bombadil.20170209 header.b=k7eMNqrV;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.a=rsa-sha256 header.s=20161025 header.b=V4qb1Ga+;
	dkim-atps=neutral
Received: from bombadil.infradead.org (unknown [IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (4096 bits)
	server-digest SHA256) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 480Rjj3xYLz9sPK
	for <incoming@patchwork.ozlabs.org>;
	Sun, 19 Jan 2020 05:46:43 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:Message-Id:Date:To
	:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=ZGgATZA9ZSKRVa4NspIgUYpMYgJgehzp62LnaU29OcI=;
	b=k7eMNqrVJiZlYw
	Y5OhWxF0okId4im8FXi07O1IF42oms5WOOVZfQp3gIAzGEYEALPZq/L0Do2jKBH3DEJ2Z15eJ/ygG
	Z3+eL8imnyYE6kj8uTZH06Fep3tOPiuWYYWkJI8fk6jBZgBofs8jWPrMZQ9or264lLXJjqMyOcGdx
	E6Md+ScRH4Vk3rM55plgmCaKUWzXruxhqBAv3mPE+MHQmtsItwwaovQMc/LOvyGoXRL++SMPgg2FF
	/vuGYHjenRO8wC3IVQ2T7bXNlnmX7WbI/h20lH5QOp9WwL+1uwHA7MWIL4B5F8917JAJTJnMmo9mQ
	1XAcOyXXud7zEtPcy/RA==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1ist6m-0000s4-7q; Sat, 18 Jan 2020 18:46:08 +0000
Received: from mail-wm1-x342.google.com ([2a00:1450:4864:20::342])
	by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat
	Linux)) id 1ist6i-0000rg-HQ
	for openwrt-devel@lists.openwrt.org; Sat, 18 Jan 2020 18:46:06 +0000
Received: by mail-wm1-x342.google.com with SMTP id a5so10527133wmb.0
	for <openwrt-devel@lists.openwrt.org>;
	Sat, 18 Jan 2020 10:46:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=oNqrtm+tIk2/jzyamY7L+/cCfTmFfEAJcxu7eBh094A=;
	b=V4qb1Ga+lVKyrCEpFbI8kVGq2w1ruDoBzc1UAVMOd9C4t/1bKpA3pNCtunaxhUPRvc
	F0i/xztV/HzzuuN1rDnx72GGcZph6wlg8znd8r9nWOLF1UuBMTJelvj3TNzC+b505Svi
	RFqCDg7rwy/hv99Hr2rxIijEyrTqt+8JP+4H0PezukLbKzFLnEBHqmihEDE9rO7HcY6v
	x1QEi/KyT3b6wiJqDvkwuUfG1P1ZE0th3bSY9Q94FtC4ZBvzdYgXk4x6Cgk4Kr0xMV5P
	EipsLI4Qf7G7/NdzySH1n7pzWVZvY28ZRh7S53q2ika9xCpbJ3MCHcPqWxz8gPrD97qg
	d/GQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=oNqrtm+tIk2/jzyamY7L+/cCfTmFfEAJcxu7eBh094A=;
	b=InsG01G0Db5JVkKoXhINFvCAHXMmDtc79acMiW4z6Ijz2ylTzz2BtySe2KnK3xk+Nv
	AZBhHLYpfSGXfiQ1cRcdrcheHRJyA5xDeyp5ZQjBQFdUh5ua62FQXfylIlmV+izhWi1v
	yy5OJZ+uH6+ItDNuyX09XIoGnIHtQ4/tuLNW+x/2QPT8PX0Ghld5/YgYmv9tnk20vwft
	uZfvOejdWJVY2hoJ+b1ticNtJS1Mq1q5IHeyN05+Y0Mv7ZNopNuDAjUjWAnwwdxBYJCs
	qGtAwOJ8bPSR8vZvsoGUjI52mqubeWKV2DHgCxw2n18kM8N0zcWS6jXGJ8JoCbYGJ+4x
	UzpA==
X-Gm-Message-State: APjAAAWjrkphBjZ11iMlBjzsCHRBnWxZwKUV6QqTP/1F+r4lES6VbfvY
	g4nF7Y/DnOYaW3revLGVL1hEQz10Yw==
X-Google-Smtp-Source: 
 APXvYqykOxo1gh9ZMU9WCgU0VsAV8dXVJfuPErvM7sDMl5ALYFJGh8Qsjcd8hPQkKzsNyqZj6I0wZA==
X-Received: by 2002:a1c:964f:: with SMTP id
	y76mr10572372wmd.62.1579373158939;
	Sat, 18 Jan 2020 10:45:58 -0800 (PST)
Received: from localhost.localdomain (a109-49-10-77.cpe.netcabo.pt.
	[109.49.10.77]) by smtp.gmail.com with ESMTPSA id
	z124sm16866260wmc.20.2020.01.18.10.45.56
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Sat, 18 Jan 2020 10:45:57 -0800 (PST)
From: Rui Salvaterra <rsalvaterra@gmail.com>
To: openwrt-devel@lists.openwrt.org
Date: Sat, 18 Jan 2020 18:44:47 +0000
Message-Id: <20200118184447.22048-1-rsalvaterra@gmail.com>
X-Mailer: git-send-email 2.25.0
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200118_104604_601988_9F2AA83A 
X-CRM114-Status: GOOD (  11.83  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
	Content analysis details:   (-0.2 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
	no trust [2a00:1450:4864:20:0:0:0:342 listed in]
	[list.dnswl.org]
	0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
	provider (rsalvaterra[at]gmail.com)
	-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	envelope-from domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
Subject: [OpenWrt-Devel] [PATCH v2] fw3: robustify flow table detection.
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Cc: ynezz@true.cz, jo@mein.io, Rui Salvaterra <rsalvaterra@gmail.com>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

v2: addressed Petr Štetiar's concerns and also changed the generic helper
to check for the availability of IPv4 or IPv6 targets, as needed.

The flowtable detection fails if the respective target module is built-in,
since it's looking for the module itself. Create a generic helper and
instead check for existence of the FLOWOFFLOAD target in
/proc/net/ip_tables_targets.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
---
 defaults.c | 25 +++++++------------------
 utils.c    | 27 +++++++++++++++++++++++++++
 utils.h    |  6 ++++++
 3 files changed, 40 insertions(+), 18 deletions(-)

diff --git a/defaults.c b/defaults.c
index f03765c..c78ab51 100644
--- a/defaults.c
+++ b/defaults.c
@@ -85,26 +85,14 @@ check_policy(struct uci_element *e, enum fw3_flag *pol, const char *name)
 }
 
 static void
-check_kmod(struct uci_element *e, bool *module, const char *name)
+check_target(struct uci_element *e, bool *available, const char *target, const bool ipv6)
 {
-	FILE *f;
-	char buf[128];
-
-	if (!*module)
-		return;
-
-	snprintf(buf, sizeof(buf), "/sys/module/%s/refcnt", name);
-
-	f = fopen(buf, "r");
-
-	if (f)
+	const bool b = fw3_has_target(ipv6, target);
+	if (!b)
 	{
-		fclose(f);
-		return;
+		warn_elem(e, "requires unavailable target extension %s, disabling", target);
 	}
-
-	warn_elem(e, "requires not available kernel module %s, disabling", name);
-	*module = false;
+	*available = b;
 }
 
 static void
@@ -171,7 +159,8 @@ fw3_load_defaults(struct fw3_state *state, struct uci_package *p)
 
 		check_any_reject_code(e, &defs->any_reject_code);
 
-		check_kmod(e, &defs->flow_offloading, "xt_FLOWOFFLOAD");
+		/* exists in both ipv4 and ipv6, if at all, so only check ipv4 */
+		check_target(e, &defs->flow_offloading, "FLOWOFFLOAD", false);
 	}
 }
 
diff --git a/utils.c b/utils.c
index 441dbd2..f68a60a 100644
--- a/utils.c
+++ b/utils.c
@@ -344,6 +344,33 @@ fw3_has_table(bool ipv6, const char *table)
 	return seen;
 }
 
+bool
+fw3_has_target(const bool ipv6, const char *target)
+{
+	FILE *f;
+
+	char line[12];
+	bool seen = false;
+
+	const char *path = ipv6
+		? "/proc/net/ip6_tables_targets" : "/proc/net/ip_tables_targets";
+
+	if (!(f = fopen(path, "r")))
+		return false;
+
+	while (fgets(line, sizeof(line), f))
+	{
+		if (!strncmp(line, target, MIN(sizeof(line), strlen(target))))
+		{
+			seen = true;
+			break;
+		}
+	}
+
+	fclose(f);
+
+	return seen;
+}
 
 bool
 fw3_lock_path(int *fd, const char *path)
diff --git a/utils.h b/utils.h
index c8cf69a..558bb4f 100644
--- a/utils.h
+++ b/utils.h
@@ -89,6 +89,10 @@ void info(const char *format, ...)
     (!(flags & ((1<<FW3_TABLE_FILTER)|(1<<FW3_TABLE_NAT)|                  \
                 (1<<FW3_TABLE_MANGLE)|(1<<FW3_TABLE_RAW))))
 
+#define MIN(a,b)				\
+	({ __typeof__ (a) _a = (a);		\
+		__typeof__ (b) _b = (b);	\
+		_a < _b ? _a : _b; })
 
 void * fw3_alloc(size_t size);
 char * fw3_strdup(const char *s);
@@ -105,6 +109,8 @@ void fw3_pr(const char *fmt, ...)
 
 bool fw3_has_table(bool ipv6, const char *table);
 
+bool fw3_has_target(const bool ipv6, const char *target);
+
 bool fw3_lock(void);
 void fw3_unlock(void);
 bool fw3_lock_path(int *fw3_lock_fd, const char *path);