netdev - Re: [PATCH iproute2 net-next] iprule: support for ip

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite for Android: free password hash cracker in your pocket

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date:   Mon, 5 Mar 2018 10:31:03 -0700
From:   David Ahern <dsahern@...il.com>
To:     Roopa Prabhu <roopa@...ulusnetworks.com>
Cc:     netdev@...r.kernel.org
Subject: Re: [PATCH iproute2 net-next] iprule: support for ip_proto, sport and
 dport match options

On 3/5/18 9:36 AM, Roopa Prabhu wrote:
> diff --git a/ip/iprule.c b/ip/iprule.c
> index 6fdc9b5..973f8cb 100644
> --- a/ip/iprule.c
> +++ b/ip/iprule.c
> @@ -45,7 +45,10 @@ static void usage(void)
>  		"       ip rule [ list [ SELECTOR ]]\n"
>  		"SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]\n"
>  		"            [ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ l3mdev ]\n"
> -		"            [ uidrange NUMBER-NUMBER ]\n"
> +		"            [ uidrange NUMBER-NUMBER ]"
> +		"            [ ip_proto [tcp | udp | sctp] ]"
> +		"            [ sport [ NUMBER | NUMBER-NUMBER ]"
> +		"            [ dport [ NUMBER | NUMBER-NUMBER ] ]\n"
>  		"ACTION := [ table TABLE_ID ]\n"
>  		"          [ protocol PROTO ]\n"
>  		"          [ nat ADDRESS ]\n"
> @@ -284,6 +287,31 @@ int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
>  		fprintf(fp, "uidrange %u-%u ", r->start, r->end);
>  	}
>  
> +	if (tb[FRA_IP_PROTO]) {
> +		print_uint(PRINT_ANY,
> +			   "ip_proto",
> +			   "ip_proto %u ",
> +			   rta_getattr_u8(tb[FRA_IP_PROTO]));

pretty print the name with inet_proto_n2a.


> +	}
> +
> +	if (tb[FRA_SPORT_RANGE]) {
> +		struct fib_rule_port_range *r = RTA_DATA(tb[FRA_SPORT_RANGE]);
> +
> +		if (r->start == r->end)
> +			fprintf(fp, "sport %hu ", r->start);
> +		else
> +			fprintf(fp, "sport %hu-%hu ", r->start, r->end);
> +	}
> +
> +	if (tb[FRA_DPORT_RANGE]) {
> +		struct fib_rule_port_range *r = RTA_DATA(tb[FRA_DPORT_RANGE]);
> +
> +		if (r->start == r->end)
> +			fprintf(fp, "dport %hu ", r->start);
> +		else
> +			fprintf(fp, "dport %hu-%hu ", r->start, r->end);
> +	}
> +
>  	table = frh_get_table(frh, tb);
>  	if (table) {
>  		fprintf(fp, "lookup %s ",
> @@ -608,6 +636,20 @@ static int iprule_restore(void)
>  	exit(rtnl_from_file(stdin, &restore_handler, NULL));
>  }
>  
> +static int parse_ip_proto(__u8 *ip_proto, char *str)
> +{
> +	if (matches(str, "tcp") == 0)
> +		*ip_proto = IPPROTO_TCP;
> +	else if (matches(str, "udp") == 0)
> +		*ip_proto = IPPROTO_UDP;
> +	else if (matches(str, "sctp") == 0)
> +		*ip_proto = IPPROTO_SCTP;
> +	else
> +		return -1;
> +
> +	return 0;
> +}

Use inet_proto_a2n instead.