| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Feb 2018 14:35:36 -0700
From: David Ahern <dsahern@...il.com>
To: Donald Sharp <sharpd@...ulusnetworks.com>, netdev@...r.kernel.org
Subject: Re: [PATCH v3 iproute2-next 2/3] ip: Display ip rule protocol used
On 2/23/18 12:32 PM, Donald Sharp wrote:
> @@ -391,6 +404,10 @@ static int flush_rule(const struct sockaddr_nl *who, struct nlmsghdr *n,
>
> parse_rtattr(tb, FRA_MAX, RTM_RTA(frh), len);
>
> + if (tb[FRA_PROTOCOL] &&
> + (filter.protocol^rta_getattr_u8(tb[FRA_PROTOCOL]))&filter.protocolmask)
> + return 0;
> +
Please use an intermediate variable for rta conversion and put
whitespace around '^' and '&'; existing code that does the above is a
poor example to follow. ;-)
> if (tb[FRA_PRIORITY]) {
> n->nlmsg_type = RTM_DELRULE;
> n->nlmsg_flags = NLM_F_REQUEST;
> @@ -415,12 +432,6 @@ static int iprule_list_flush_or_save(int argc, char **argv, int action)
> if (af == AF_UNSPEC)
> af = AF_INET;
>
> - if (action != IPRULE_LIST && argc > 0) {
> - fprintf(stderr, "\"ip rule %s\" does not take any arguments.\n",
> - action == IPRULE_SAVE ? "save" : "flush");
You need to keep this for IPRULE_SAVE; only IPRULE_FLUSH is allowing
arguments with this patch.
> - return -1;
> - }
> -
> switch (action) {
> case IPRULE_SAVE:
> if (save_rule_prep())
> @@ -508,7 +519,18 @@ static int iprule_list_flush_or_save(int argc, char **argv, int action)
> NEXT_ARG();
> if (get_prefix(&filter.src, *argv, af))
> invarg("from value is invalid\n", *argv);
> - } else {
> + } else if (matches(*argv, "protocol") == 0) {
> + __u32 prot;
> + NEXT_ARG();
> + filter.protocolmask = -1;
> + if (rtnl_rtprot_a2n(&prot, *argv)) {
> + if (strcmp(*argv, "all") != 0)
> + invarg("invalid \"protocol\"\n", *argv);
> + prot = 0;
> + filter.protocolmask = 0;
> + }
> + filter.protocol = prot;
> + } else{
> if (matches(*argv, "dst") == 0 ||
> matches(*argv, "to") == 0) {
> NEXT_ARG();
> diff --git a/man/man8/ip-rule.8 b/man/man8/ip-rule.8
> index a5c47981..f4070542 100644
> --- a/man/man8/ip-rule.8
> +++ b/man/man8/ip-rule.8
> @@ -50,6 +50,8 @@ ip-rule \- routing policy database management
> .IR ACTION " := [ "
> .B table
> .IR TABLE_ID " ] [ "
> +.B protocol
> +.IR PROTO " ] [ "
> .B nat
> .IR ADDRESS " ] [ "
> .B realms
> @@ -240,6 +242,10 @@ The options preference and order are synonyms with priority.
> the routing table identifier to lookup if the rule selector matches.
> It is also possible to use lookup instead of table.
>
> +.TP
> +.BI protocol " PROTO"
> +the protocol who installed the rule in question.
"protocol" is getting a bit vague. Make it clearer by using something
like 'routing protocol' as the description and given an example (e.g.,
zebra for RTPROT_ZEBRA)
> +
> .TP
> .BI suppress_prefixlength " NUMBER"
> reject routing decisions that have a prefix length of NUMBER or less.
> @@ -275,7 +281,11 @@ updates, it flushes the routing cache with
> .RE
> .TP
> .B ip rule flush - also dumps all the deleted rules.
> -This command has no arguments.
> +.RS
> +.TP
> +.BI protocol " PROTO"
> +Select the originating protocol.
> +.RE
> .TP
> .B ip rule show - list rules
> This command has no arguments.
> @@ -283,6 +293,12 @@ The options list or lst are synonyms with show.
>
> .TP
> .B ip rule save
> +.RS
> +.TP
> +.BI protocl " PROTO"
missing an 'o' between 'c' and 'l'
> +Select the originating protocol.
> +.RE
> +.TP
> save rules table information to stdout
> .RS
> This command behaves like
>
Powered by blists - more mailing lists